Java tutorial
// // Copyright 2009 Robin Komiwes, Bruno Verachten, Christophe Cordenier // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. // package com.wooki.services.security; import org.apache.tapestry5.ioc.annotations.Inject; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.acls.AclPermissionEvaluator; import org.springframework.security.acls.domain.BasePermission; import org.springframework.security.acls.model.Permission; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.UserDetails; import com.wooki.domain.dao.UserDAO; import com.wooki.domain.model.User; import com.wooki.domain.model.WookiEntity; /** * Implement wooki security context in a web context. * * @author ccordenier */ public class WookiSecurityContextImpl implements WookiSecurityContext { @Inject @Autowired private UserDAO userDao; @Autowired private AclPermissionEvaluator aclPermissionEvaluator; public void log(User user) { if (user == null) { throw new IllegalArgumentException("User cannot be null"); } UsernamePasswordAuthenticationToken logged = new UsernamePasswordAuthenticationToken( new org.springframework.security.core.userdetails.User(user.getUsername(), user.getPassword(), true, true, true, true, user.getAuthorities()), user.getPassword(), user.getAuthorities()); SecurityContextHolder.getContext().setAuthentication(logged); } public void logout() { SecurityContextHolder.getContext().setAuthentication(null); } public User getUser() { String username = this.getUsername(); if (username != null) { return userDao.findByUsername(username); } return null; } public boolean isLoggedIn() { if (SecurityContextHolder.getContext() != null && SecurityContextHolder.getContext().getAuthentication() != null && SecurityContextHolder.getContext().getAuthentication().getPrincipal() != null) { return SecurityContextHolder.getContext().getAuthentication().isAuthenticated(); } return false; } public String getUsername() { if (SecurityContextHolder.getContext() != null && SecurityContextHolder.getContext().getAuthentication() != null && SecurityContextHolder.getContext().getAuthentication().getPrincipal() != null) { if (SecurityContextHolder.getContext().getAuthentication().getPrincipal() instanceof UserDetails) { return ((UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal()) .getUsername(); } else { return null; } } return null; } public boolean canWrite(WookiEntity object) { Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); if (authentication == null) { return false; } return this.aclPermissionEvaluator.hasPermission(authentication, object, new Permission[] { BasePermission.WRITE, BasePermission.ADMINISTRATION }); } public boolean canDelete(WookiEntity object) { Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); if (authentication == null) { return false; } return this.aclPermissionEvaluator.hasPermission(authentication, object, new Permission[] { BasePermission.DELETE, BasePermission.ADMINISTRATION }); } public boolean isOwner(WookiEntity object) { Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); if (authentication == null) { return false; } return this.aclPermissionEvaluator.hasPermission(authentication, object, new Permission[] { BasePermission.ADMINISTRATION }); } public boolean hasAuthority(GrantedAuthority authority) { if (SecurityContextHolder.getContext() != null && SecurityContextHolder.getContext().getAuthentication() != null && SecurityContextHolder.getContext().getAuthentication().getAuthorities() != null) { for (GrantedAuthority auth : SecurityContextHolder.getContext().getAuthentication().getAuthorities()) { if (auth.getAuthority().equals(authority.getAuthority())) { return true; } } } return false; } }