List of usage examples for org.springframework.security.core GrantedAuthority getAuthority
String getAuthority();
GrantedAuthority can be represented as a String and that String is sufficient in precision to be relied upon for an access control decision by an AccessDecisionManager (or delegate), this method should return such a String. From source file:org.opendatakit.common.security.server.SecurityServiceUtil.java
static void setAuthenticationLists(UserSecurityInfo userInfo, String uriUser, CallingContext cc) throws ODKDatastoreException { Datastore ds = cc.getDatastore();/* w w w . j a v a 2 s .c om*/ User user = cc.getCurrentUser(); RoleHierarchy hierarchy = (RoleHierarchy) cc.getBean("hierarchicalRoleRelationships"); Set<GrantedAuthority> grants = UserGrantedAuthority.getGrantedAuthorities(uriUser, ds, user); Set<GrantedAuthority> badGrants = new TreeSet<GrantedAuthority>(); TreeSet<GrantedAuthorityName> groups = new TreeSet<GrantedAuthorityName>(); TreeSet<GrantedAuthorityName> authorities = new TreeSet<GrantedAuthorityName>(); for (GrantedAuthority grant : grants) { GrantedAuthorityName name = mapName(grant, badGrants); if (name != null) { if (GrantedAuthorityName.permissionsCanBeAssigned(grant.getAuthority())) { groups.add(name); } else { authorities.add(name); } } } Collection<? extends GrantedAuthority> auths = hierarchy.getReachableGrantedAuthorities(grants); for (GrantedAuthority auth : auths) { GrantedAuthorityName name = mapName(auth, badGrants); if (name != null && !GrantedAuthorityName.permissionsCanBeAssigned(auth.getAuthority())) { authorities.add(name); } } userInfo.setAssignedUserGroups(groups); userInfo.setGrantedAuthorities(authorities); removeBadGrantedAuthorities(badGrants, cc); }
From source file:org.opendatakit.common.security.server.SecurityServiceUtil.java
static void setAuthenticationListsForSpecialUser(UserSecurityInfo userInfo, GrantedAuthorityName specialGroup, CallingContext cc) throws DatastoreFailureException { RoleHierarchy hierarchy = (RoleHierarchy) cc.getBean("hierarchicalRoleRelationships"); Set<GrantedAuthority> badGrants = new TreeSet<GrantedAuthority>(); // The assigned groups are the specialGroup that this user defines // (i.e., anonymous or daemon) plus all directly-assigned assignable // permissions. TreeSet<GrantedAuthorityName> groups = new TreeSet<GrantedAuthorityName>(); TreeSet<GrantedAuthorityName> authorities = new TreeSet<GrantedAuthorityName>(); groups.add(specialGroup);/*from w ww . j a v a2 s.co m*/ GrantedAuthority specialAuth = new SimpleGrantedAuthority(specialGroup.name()); try { Set<GrantedAuthority> auths = GrantedAuthorityHierarchyTable .getSubordinateGrantedAuthorities(specialAuth, cc); for (GrantedAuthority auth : auths) { GrantedAuthorityName name = mapName(auth, badGrants); if (name != null) { groups.add(name); } } } catch (ODKDatastoreException e) { e.printStackTrace(); throw new DatastoreFailureException("Unable to retrieve granted authorities of " + specialGroup.name()); } Collection<? extends GrantedAuthority> auths = hierarchy .getReachableGrantedAuthorities(Collections.singletonList(specialAuth)); for (GrantedAuthority auth : auths) { GrantedAuthorityName name = mapName(auth, badGrants); if (name != null && !GrantedAuthorityName.permissionsCanBeAssigned(auth.getAuthority())) { authorities.add(name); } } userInfo.setAssignedUserGroups(groups); userInfo.setGrantedAuthorities(authorities); try { removeBadGrantedAuthorities(badGrants, cc); } catch (ODKDatastoreException e) { e.printStackTrace(); } }
From source file:org.opendatakit.common.security.server.SecurityServiceUtil.java
/** * Get the complete set of granted authorities (ROLE and RUN_AS grants) this user possesses. * // www . ja va 2s .co m * @param cc * @return * @throws ODKDatastoreException */ public static TreeSet<GrantedAuthorityName> getCurrentUserSecurityInfo(CallingContext cc) throws ODKDatastoreException { User user = cc.getCurrentUser(); TreeSet<GrantedAuthorityName> authorities = new TreeSet<GrantedAuthorityName>(); if (user.isAnonymous()) { RoleHierarchy hierarchy = (RoleHierarchy) cc.getBean("hierarchicalRoleRelationships"); Set<GrantedAuthority> badGrants = new TreeSet<GrantedAuthority>(); // The assigned groups are the specialGroup that this user defines // (i.e., anonymous or daemon) plus all directly-assigned assignable // permissions. GrantedAuthority specialAuth = new SimpleGrantedAuthority( GrantedAuthorityName.USER_IS_ANONYMOUS.name()); Collection<? extends GrantedAuthority> auths = hierarchy .getReachableGrantedAuthorities(Collections.singletonList(specialAuth)); for (GrantedAuthority auth : auths) { GrantedAuthorityName name = mapName(auth, badGrants); if (name != null && !GrantedAuthorityName.permissionsCanBeAssigned(auth.getAuthority())) { authorities.add(name); } } removeBadGrantedAuthorities(badGrants, cc); } else { RegisteredUsersTable t; t = RegisteredUsersTable.getUserByUri(user.getUriUser(), cc.getDatastore(), user); Datastore ds = cc.getDatastore(); RoleHierarchy hierarchy = (RoleHierarchy) cc.getBean("hierarchicalRoleRelationships"); Set<GrantedAuthority> grants = UserGrantedAuthority.getGrantedAuthorities(user.getUriUser(), ds, user); Set<GrantedAuthority> badGrants = new TreeSet<GrantedAuthority>(); TreeSet<GrantedAuthorityName> groups = new TreeSet<GrantedAuthorityName>(); for (GrantedAuthority grant : grants) { GrantedAuthorityName name = mapName(grant, badGrants); if (name != null) { if (GrantedAuthorityName.permissionsCanBeAssigned(grant.getAuthority())) { groups.add(name); } else { authorities.add(name); } } } Collection<? extends GrantedAuthority> auths = hierarchy.getReachableGrantedAuthorities(grants); for (GrantedAuthority auth : auths) { GrantedAuthorityName name = mapName(auth, badGrants); if (name != null && !GrantedAuthorityName.permissionsCanBeAssigned(auth.getAuthority())) { authorities.add(name); } } removeBadGrantedAuthorities(badGrants, cc); } return authorities; }
From source file:org.opennms.web.springframework.security.SpringSecurityUserDaoImplIT.java
private void assertContainsAuthority(final String role, final Collection<? extends GrantedAuthority> authorities) { for (final GrantedAuthority authority : authorities) { if (role.equals(authority.getAuthority())) { return; }//from w w w.j a v a 2 s . c o m } throw new AssertionError("role " + role + " was not found in " + authorities); }
From source file:org.opentestsystem.shared.security.domain.SbacUser.java
public boolean hasPermission(final String inPermission) { boolean ret = false; if (!StringUtils.isBlank(inPermission) && getAuthorities() != null) { for (GrantedAuthority permission : getAuthorities()) { ret = inPermission.equals(permission.getAuthority()); if (ret) { break; }/*from w w w . java2s . co m*/ } } return ret; }
From source file:org.opentestsystem.shared.security.domain.SbacUser.java
public boolean hasPermissionForTenant(final String inPermission, final String tenantId) { boolean ret = false; if (!StringUtils.isBlank(inPermission) && !StringUtils.isBlank(tenantId) && authoritesByTenantId.get(tenantId) != null) { for (GrantedAuthority permission : authoritesByTenantId.get(tenantId)) { ret = inPermission.equals(permission.getAuthority()); if (ret) { break; }/* www . java 2s. c om*/ } } return ret; }
From source file:org.orcid.core.security.DefaultPermissionChecker.java
private boolean authoritiesHasRole(Collection<? extends GrantedAuthority> authorities, String role) { for (GrantedAuthority authority : authorities) { if (authority.getAuthority().equalsIgnoreCase(role)) { return true; }/*from www . j av a 2 s. c o m*/ } return false; }
From source file:org.patientview.service.impl.SecurityUserManagerImpl.java
@Override public boolean isRolePresent(String... roles) { SecurityUser securityUser = getSecurityUser(); // special case for all users if (securityUser != null && roles != null && roles.length == 1 && roles[0].equals("any_user")) { return true; }/*from w w w. j a va2 s. co m*/ if (securityUser != null && securityUser.getSpecialty() != null) { Collection<GrantedAuthority> authorities = securityUser.getAuthorities(); // users can have one role per Specialty for (GrantedAuthority grantedAuthority : authorities) { String userRole = grantedAuthority.getAuthority(); if (roles != null) { for (String role : roles) { // convert to spring security convention role = ("ROLE_" + securityUser.getSpecialty().getContext() + "_" + role).toUpperCase(); if (role.equals(userRole)) { return true; } } } } } return false; }
From source file:org.saiku.web.connection.SecurityAwareConnectionManager.java
private List<String> getSpringRoles() { List<String> roles = new ArrayList<String>(); if (SecurityContextHolder.getContext() != null && SecurityContextHolder.getContext().getAuthentication() != null) { Collection<? extends GrantedAuthority> auths = SecurityContextHolder.getContext().getAuthentication() .getAuthorities();/* w w w .j a v a 2 s .co m*/ for (GrantedAuthority a : auths) { roles.add(a.getAuthority()); } } return roles; }
From source file:org.saiku.web.core.SecurityAwareConnectionManager.java
private List<String> getSpringRoles() { List<String> roles = new ArrayList<>(); if (SecurityContextHolder.getContext() != null && SecurityContextHolder.getContext().getAuthentication() != null) { Collection<? extends GrantedAuthority> auths = SecurityContextHolder.getContext().getAuthentication() .getAuthorities();//w w w . j a v a 2s .c om for (GrantedAuthority a : auths) { roles.add(a.getAuthority()); } } return roles; }