List of usage examples for org.springframework.security.core GrantedAuthority getAuthority
String getAuthority();
GrantedAuthority
can be represented as a String
and that String
is sufficient in precision to be relied upon for an access control decision by an AccessDecisionManager (or delegate), this method should return such a String
. From source file:com.github.javarch.jsf.tags.security.SpringSecurityELLibrary.java
/** * Method that checks if <b>none</b> of the given roles is hold by the user. * Returns <code>true</code> if no roles are given, or none of the given roles match the users roles. * Returns <code>false</code> on the first matching role. * * @param notGrantedRoles a comma seperated list of roles * @return true if none of the given roles is granted to the current user, false otherwise *///from w w w . j av a 2 s .c om public static boolean ifNotGranted(final String notGrantedRoles) { Set<String> parsedAuthorities = parseAuthorities(notGrantedRoles); if (parsedAuthorities.isEmpty()) return true; GrantedAuthority[] authorities = getUserAuthorities(); for (GrantedAuthority authority : authorities) { if (parsedAuthorities.contains(authority.getAuthority())) return false; } return true; }
From source file:com.github.javarch.jsf.tags.security.SpringSecurityELLibrary.java
/** * Method that checks if the user holds <b>all</b> of the given roles. * Returns <code>true</code>, iff the user holds all roles, <code>false</code> if no roles are given or * the first non-matching role is found//from w ww. j a v a 2 s . c o m * * @param requiredRoles a comma seperated list of roles * @return true if all of the given roles are granted to the current user, false otherwise or if no * roles are specified at all. */ public static boolean ifAllGranted(final String requiredRoles) { // parse required roles into list Set<String> requiredAuthorities = parseAuthorities(requiredRoles); if (requiredAuthorities.isEmpty()) return false; // get granted roles GrantedAuthority[] authoritiesArray = getUserAuthorities(); Set<String> grantedAuthorities = new TreeSet<String>(); for (GrantedAuthority authority : authoritiesArray) { grantedAuthorities.add(authority.getAuthority()); } // iterate over required roles, for (String requiredAuthority : requiredAuthorities) { // check if required role is inside granted roles // if not, return false if (!grantedAuthorities.contains(requiredAuthority)) { return false; } } return true; }
From source file:at.ac.univie.isc.asio.security.Role.java
public static Role fromAuthority(@Nullable final GrantedAuthority authority) { if (authority == null) { return Role.NONE; }/*from w ww . jav a 2 s. c o m*/ return fromString(authority.getAuthority()); }
From source file:com.minlia.cloud.framework.common.security.SpringSecurityUtil.java
/** * Check if current user has specified role. * * @param privilege/*from ww w. j a v a 2s .com*/ * the role to check if user has. * @return true if user has specified role, otherwise false. */ public static boolean hasPrivilege(final String privilege) { final UserDetails userDetails = SpringSecurityUtil.getCurrentUserDetails(); if (userDetails != null) { for (final GrantedAuthority each : userDetails.getAuthorities()) { if (each.getAuthority().equals(privilege)) { return true; } } } return false; }
From source file:net.maritimecloud.identityregistry.utils.AccessControlUtil.java
public static boolean hasPermission(String permission) { Authentication auth = SecurityContextHolder.getContext().getAuthentication(); if (auth instanceof KeycloakAuthenticationToken) { log.debug("OIDC permission lookup"); // Keycloak authentication KeycloakAuthenticationToken kat = (KeycloakAuthenticationToken) auth; KeycloakSecurityContext ksc = (KeycloakSecurityContext) kat.getCredentials(); Map<String, Object> otherClaims = ksc.getToken().getOtherClaims(); if (otherClaims.containsKey(AccessControlUtil.PERMISSIONS_PROPERTY_NAME)) { String usersPermissions = (String) otherClaims.get(AccessControlUtil.PERMISSIONS_PROPERTY_NAME); String[] permissionList = usersPermissions.split(","); for (String per : permissionList) { if (per.equalsIgnoreCase(permission)) { return true; }// w w w . j a v a2 s . c o m } } } else if (auth instanceof PreAuthenticatedAuthenticationToken) { log.debug("Certificate permission lookup"); // Certificate authentication PreAuthenticatedAuthenticationToken token = (PreAuthenticatedAuthenticationToken) auth; // Check that the permission is granted to this user InetOrgPerson person = ((InetOrgPerson) token.getPrincipal()); Collection<GrantedAuthority> authorities = person.getAuthorities(); for (GrantedAuthority authority : authorities) { String usersPermissions = authority.getAuthority(); String[] permissionList = usersPermissions.split(","); for (String per : permissionList) { if (per.equalsIgnoreCase(permission)) { return true; } } } } else { if (auth != null) { log.debug("Unknown authentication method: " + auth.getClass()); } } return false; }
From source file:net.maritimecloud.identityregistry.utils.AccessControlUtil.java
public static boolean hasAccessToOrg(String orgMrn) { if (orgMrn == null || orgMrn.trim().isEmpty()) { log.debug("The orgMrn was empty!"); return false; }//from w w w. j a v a 2 s .co m Authentication auth = SecurityContextHolder.getContext().getAuthentication(); // First check if the user is a SITE_ADMIN, in which case he gets access. for (GrantedAuthority authority : auth.getAuthorities()) { String role = authority.getAuthority(); log.debug("User has role: " + role); if ("ROLE_SITE_ADMIN".equals(role)) { return true; } } log.debug("User not a SITE_ADMIN"); // Check if the user is part of the organization if (auth instanceof KeycloakAuthenticationToken) { log.debug("OIDC authentication in process"); // Keycloak authentication KeycloakAuthenticationToken kat = (KeycloakAuthenticationToken) auth; KeycloakSecurityContext ksc = (KeycloakSecurityContext) kat.getCredentials(); Map<String, Object> otherClaims = ksc.getToken().getOtherClaims(); if (otherClaims.containsKey(AccessControlUtil.ORG_PROPERTY_NAME) && ((String) otherClaims.get(AccessControlUtil.ORG_PROPERTY_NAME)).toLowerCase() .equals(orgMrn.toLowerCase())) { log.debug("Entity from org: " + otherClaims.get(AccessControlUtil.ORG_PROPERTY_NAME) + " is in " + orgMrn); return true; } log.debug("Entity from org: " + otherClaims.get(AccessControlUtil.ORG_PROPERTY_NAME) + " is not in " + orgMrn); } else if (auth instanceof PreAuthenticatedAuthenticationToken) { log.debug("Certificate authentication in process"); // Certificate authentication PreAuthenticatedAuthenticationToken token = (PreAuthenticatedAuthenticationToken) auth; // Check that the Organization name of the accessed organization and the organization in the certificate is equal InetOrgPerson person = ((InetOrgPerson) token.getPrincipal()); // The O(rganization) value in the certificate is an MRN String certOrgMrn = person.getO(); if (orgMrn.equals(certOrgMrn)) { log.debug("Entity with O=" + certOrgMrn + " is in " + orgMrn); return true; } log.debug("Entity with O=" + certOrgMrn + " is not in " + orgMrn); } else { log.debug("Unknown authentication method: " + auth.getClass()); } return false; }
From source file:br.com.suricattus.surispring.spring.security.util.SecurityUtil.java
/** * List user authorities./*from www . j ava 2s . c o m*/ * * @return user authorities */ @SuppressWarnings("unchecked") public static Set<String> getUserAuthorities() { if (SecurityContextHolder.getContext() == null) return Collections.EMPTY_SET; Authentication currentUser = SecurityContextHolder.getContext().getAuthentication(); if (currentUser == null) return Collections.EMPTY_SET; Collection<? extends GrantedAuthority> grantedAauthorities = currentUser.getAuthorities(); if (grantedAauthorities == null || grantedAauthorities.isEmpty()) return Collections.EMPTY_SET; Set<String> authorities = new TreeSet<String>(); for (GrantedAuthority ga : grantedAauthorities) authorities.add(ga.getAuthority()); return authorities; }
From source file:com.minlia.cloud.framework.common.security.SpringSecurityUtil.java
/** * Check if current user has any role of specified. * * @param privileges//from www . ja va 2 s . co m * the array of roles. * @return true if has any role, otherwise false. */ public static boolean hasAnyPrivilege(final String... privileges) { final UserDetails userDetails = SpringSecurityUtil.getCurrentUserDetails(); if (userDetails != null) { final Set<String> rolesSet = ImmutableSet.copyOf(privileges); for (final GrantedAuthority each : userDetails.getAuthorities()) { if (rolesSet.contains(each.getAuthority())) { return true; } } } return false; }
From source file:com.task.springsec.SecurityUtil.java
/** * /*from ww w . j a v a2 s . c o m*/ * @param grantedRoles * @param granted * @return */ private static Set<GrantedAuthority> toAuthorities(Set<String> grantedRoles, Collection<? extends GrantedAuthority> granted) { Set<GrantedAuthority> target = new HashSet<GrantedAuthority>(); for (String role : grantedRoles) { for (GrantedAuthority authority : granted) { if (authority.getAuthority().equals(role)) { target.add(authority); break; } } } return target; }
From source file:com.task.springsec.SecurityUtil.java
/** * //from ww w . j a v a 2 s. c o m * @param authorities * @return */ private static Set<String> toRoles(Collection<? extends GrantedAuthority> authorities) { final Set<String> target = new HashSet<String>(); for (GrantedAuthority au : authorities) { if (null == au.getAuthority()) { throw new IllegalArgumentException( "Cannot process GrantedAuthority objects which return null from getAuthority() - attempting to process " + au.toString()); } target.add(au.getAuthority()); } return target; }