List of usage examples for org.springframework.security.core GrantedAuthority getAuthority
String getAuthority();
GrantedAuthority can be represented as a String and that String is sufficient in precision to be relied upon for an access control decision by an AccessDecisionManager (or delegate), this method should return such a String. From source file:org.itracker.web.util.LoginUtilities.java
/** * Returns true if the user has the required permission for the given project. * * @param project project to which permission is checked for * @param permissionNeeded the permission to check for *///from w w w .j a v a2 s . c o m public static boolean hasPermission(Project project, PermissionType permissionNeeded) { UserDetails user = getPrincipal(); if (null == user) { return false; } if (permissionNeeded != PermissionType.USER_ADMIN && hasPermission(PermissionType.USER_ADMIN)) { return true; } else if (null != project && permissionNeeded != PermissionType.PRODUCT_ADMIN && hasPermission(project, PermissionType.PRODUCT_ADMIN)) { return true; } Collection<? extends GrantedAuthority> authorities = user.getAuthorities(); String permissionName = permissionNeeded.name(project); for (GrantedAuthority authority : authorities) { if (authority.getAuthority().equals(permissionName)) { return true; } } return false; }
From source file:org.opendatakit.persistence.table.UserGrantedAuthority.java
/** * Only infrequently used for group membership management. * //from ww w .j a va 2 s .c o m * @param auth * @param ds * @param user * @return * @throws ODKDatastoreException */ public static final Set<String> getUriUsers(GrantedAuthority auth, Datastore ds, User user) throws ODKDatastoreException { Set<String> users = new HashSet<String>(); if (auth != null) { Query q = ds.createQuery(assertRelation(ds, user), "UserGrantedAuthority.getUriUsers", user); q.addFilter(GRANTED_AUTHORITY, FilterOperation.EQUAL, auth.getAuthority()); List<?> values = q.executeDistinctValueForDataField(USER); for (Object value : values) { users.add((String) value); } } return users; }
From source file:gr.abiss.calipso.userDetails.model.UserDetails.java
public static ICalipsoUserDetails fromUser(LocalUser user) { UserDetails details = null;/*from w ww . ja v a2 s . com*/ if (user != null) { details = new UserDetails(); BeanUtils.copyProperties(user, details); if (user.getId() != null) { details.setId(user.getId().toString()); } details.setUsername(user.getUsername()); details.setPassword(user.getPassword()); details.setEmail(user.getEmail()); details.setFirstName(user.getFirstName()); details.setLastName(user.getLastName()); details.setActive(user.getActive()); details.setAuthorities(user.getRoles()); // init metadata if (!CollectionUtils.isEmpty(user.getMetadata())) { for (Metadatum metadatum : user.getMetadata().values()) { details.addMetadatum(metadatum.getPredicate(), metadatum.getObject()); } } // init global roles if (!CollectionUtils.isEmpty(user.getRoles())) { for (GrantedAuthority authority : user.getRoles()) { if (authority.getAuthority().equals("ROLE_ADMIN")) { details.isAdmin = true; } else if (authority.getAuthority().equals("ROLE_SITEADMIN")) { details.isSiteAdmin = true; } } } // add user details.setUser(user); } return details; }
From source file:org.opendatakit.persistence.table.GrantedAuthorityHierarchyTable.java
public static final Set<GrantedAuthority> getSubordinateGrantedAuthorities(GrantedAuthority dominantGrant, CallingContext cc) throws ODKDatastoreException { Datastore ds = cc.getDatastore();//ww w .j av a2 s. com User user = cc.getCurrentUser(); GrantedAuthorityHierarchyTable relation; List<? extends CommonFieldsBase> groupsList; relation = GrantedAuthorityHierarchyTable.assertRelation(ds, user); Query query = ds.createQuery(relation, "GrantedAuthorityHierarchyTable.getSubordinateGrantedAuthorities", user); query.addFilter(GrantedAuthorityHierarchyTable.DOMINATING_GRANTED_AUTHORITY, FilterOperation.EQUAL, dominantGrant.getAuthority()); groupsList = query.executeQuery(); // construct the set of groups that this group directly inherits from Set<GrantedAuthority> groups = new HashSet<GrantedAuthority>(); for (CommonFieldsBase b : groupsList) { GrantedAuthorityHierarchyTable t = (GrantedAuthorityHierarchyTable) b; groups.add(t.getSubordinateGrantedAuthority()); } return groups; }
From source file:org.opendatakit.security.server.SecurityServiceUtil.java
static GrantedAuthorityName mapName(GrantedAuthority auth, Set<GrantedAuthority> badGrants) { GrantedAuthorityName name = null;//from ww w . j a v a2s.c o m try { name = GrantedAuthorityName.valueOf(auth.getAuthority()); } catch (Exception e) { badGrants.add(auth); } return name; }
From source file:grails.plugin.springsecurity.SpringSecurityUtils.java
/** * Check if the current user is switched to another user. * @return <code>true</code> if logged in and switched */// w w w.j a v a2 s. co m public static boolean isSwitched() { Collection<? extends GrantedAuthority> inferred = findInferredAuthorities(getPrincipalAuthorities()); for (GrantedAuthority authority : inferred) { if (authority instanceof SwitchUserGrantedAuthority) { return true; } if (SwitchUserFilter.ROLE_PREVIOUS_ADMINISTRATOR.equals(authority.getAuthority())) { return true; } } return false; }
From source file:org.opendatakit.security.server.SecurityServiceUtil.java
public static void setAuthenticationLists(UserSecurityInfo userInfo, String uriUser, CallingContext cc) throws ODKDatastoreException { Datastore ds = cc.getDatastore();// w w w . ja v a2 s . co m User user = cc.getCurrentUser(); RoleHierarchy hierarchy = (RoleHierarchy) cc.getHierarchicalRoleRelationships(); Set<GrantedAuthority> grants = UserGrantedAuthority.getGrantedAuthorities(uriUser, ds, user); Set<GrantedAuthority> badGrants = new TreeSet<GrantedAuthority>(); TreeSet<GrantedAuthorityName> groups = new TreeSet<GrantedAuthorityName>(); TreeSet<GrantedAuthorityName> authorities = new TreeSet<GrantedAuthorityName>(); for (GrantedAuthority grant : grants) { GrantedAuthorityName name = mapName(grant, badGrants); if (name != null) { if (GrantedAuthorityName.permissionsCanBeAssigned(grant.getAuthority())) { groups.add(name); } else { authorities.add(name); } } } Collection<? extends GrantedAuthority> auths = hierarchy.getReachableGrantedAuthorities(grants); for (GrantedAuthority auth : auths) { GrantedAuthorityName name = mapName(auth, badGrants); if (name != null && !GrantedAuthorityName.permissionsCanBeAssigned(auth.getAuthority())) { authorities.add(name); } } userInfo.setAssignedUserGroups(groups); userInfo.setGrantedAuthorities(authorities); removeBadGrantedAuthorities(badGrants, cc); }
From source file:org.opendatakit.security.server.SecurityServiceUtil.java
/** * Get the complete set of granted authorities (ROLE and RUN_AS grants) this user possesses. * //from ww w. ja va 2 s . c o m * @param cc * @return * @throws ODKDatastoreException */ public static TreeSet<GrantedAuthorityName> getCurrentUserSecurityInfo(CallingContext cc) throws ODKDatastoreException { User user = cc.getCurrentUser(); TreeSet<GrantedAuthorityName> authorities = new TreeSet<GrantedAuthorityName>(); if (user.isAnonymous()) { RoleHierarchy hierarchy = cc.getHierarchicalRoleRelationships(); Set<GrantedAuthority> badGrants = new TreeSet<GrantedAuthority>(); // The assigned groups are the specialGroup that this user defines // (i.e., anonymous or daemon) plus all directly-assigned assignable // permissions. GrantedAuthority specialAuth = new SimpleGrantedAuthority( GrantedAuthorityName.USER_IS_ANONYMOUS.name()); Collection<? extends GrantedAuthority> auths = hierarchy .getReachableGrantedAuthorities(Collections.singletonList(specialAuth)); for (GrantedAuthority auth : auths) { GrantedAuthorityName name = mapName(auth, badGrants); if (name != null && !GrantedAuthorityName.permissionsCanBeAssigned(auth.getAuthority())) { authorities.add(name); } } removeBadGrantedAuthorities(badGrants, cc); } else { RegisteredUsersTable t; t = RegisteredUsersTable.getUserByUri(user.getUriUser(), cc.getDatastore(), user); Datastore ds = cc.getDatastore(); RoleHierarchy hierarchy = (RoleHierarchy) cc.getHierarchicalRoleRelationships(); Set<GrantedAuthority> grants = UserGrantedAuthority.getGrantedAuthorities(user.getUriUser(), ds, user); Set<GrantedAuthority> badGrants = new TreeSet<GrantedAuthority>(); TreeSet<GrantedAuthorityName> groups = new TreeSet<GrantedAuthorityName>(); for (GrantedAuthority grant : grants) { GrantedAuthorityName name = mapName(grant, badGrants); if (name != null) { if (GrantedAuthorityName.permissionsCanBeAssigned(grant.getAuthority())) { groups.add(name); } else { authorities.add(name); } } } Collection<? extends GrantedAuthority> auths = hierarchy.getReachableGrantedAuthorities(grants); for (GrantedAuthority auth : auths) { GrantedAuthorityName name = mapName(auth, badGrants); if (name != null && !GrantedAuthorityName.permissionsCanBeAssigned(auth.getAuthority())) { authorities.add(name); } } removeBadGrantedAuthorities(badGrants, cc); } return authorities; }
From source file:org.opendatakit.persistence.table.UserGrantedAuthority.java
/** * Asserts that the given group has exactly the list of desired members and no additional members. * //from ww w . j a va 2 s. c om * @param group * @param desiredMembers * @param cc * @throws ODKDatastoreException */ public static final void assertGrantedAuthorityMembers(GrantedAuthority group, Collection<String> desiredMembers, CallingContext cc) throws ODKDatastoreException { Datastore ds = cc.getDatastore(); User user = cc.getCurrentUser(); boolean hasNotChanged = true; try { UserGrantedAuthority relation = UserGrantedAuthority.assertRelation(ds, user); // get the members as currently defined for this group List<? extends CommonFieldsBase> membersList; Query query = ds.createQuery(relation, "UserGrantedAuthority.assertGrantedAuthorityMembers", user); query.addFilter(UserGrantedAuthority.GRANTED_AUTHORITY, FilterOperation.EQUAL, group.getAuthority()); membersList = query.executeQuery(); // OK we have the desired and actual members lists for this groupname. // find the set of members to remove... List<EntityKey> deleted = new ArrayList<EntityKey>(); for (CommonFieldsBase b : membersList) { UserGrantedAuthority t = (UserGrantedAuthority) b; String uriUser = t.getUser(); if (desiredMembers.contains(uriUser)) { desiredMembers.remove(uriUser); } else { deleted.add(t.getEntityKey()); } } // we now have the list of desiredMembers to insert, and the list of // existing records to delete... List<UserGrantedAuthority> added = new ArrayList<UserGrantedAuthority>(); for (String uriUser : desiredMembers) { UserGrantedAuthority t = ds.createEntityUsingRelation(relation, user); t.setUser(uriUser); t.setGrantedAuthority(group); added.add(t); } // we have no changes if there are no adds and no deletes hasNotChanged = added.isEmpty() && deleted.isEmpty(); // we now have the list of EntityKeys to delete, and the list of records to add -- do it. ds.putEntities(added, user); ds.deleteEntities(deleted, user); } finally { if (!hasNotChanged) { // we've changed -- reload the permissions tree... cc.getUserService().reloadPermissions(); } } }
From source file:com.olegchir.wicket_spring_security_example.init.UserAuthenticatedWebSession.java
@Override public Roles getRoles() { Roles roles = new Roles(); Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); for (GrantedAuthority authority : authentication.getAuthorities()) { roles.add(authority.getAuthority()); }//from w ww . jav a 2 s . co m return roles; }