Java tutorial
/* * Copyright 2015 herd contributors * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.finra.dm.app.security; import java.util.Collection; import java.util.HashSet; import java.util.Set; import javax.servlet.http.HttpServletRequest; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.expression.EvaluationContext; import org.springframework.expression.Expression; import org.springframework.expression.ExpressionParser; import org.springframework.expression.spel.standard.SpelExpressionParser; import org.springframework.expression.spel.support.StandardEvaluationContext; import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.stereotype.Component; import org.finra.dm.core.ApplicationContextHolder; import org.finra.dm.core.helper.ConfigurationHelper; import org.finra.dm.dao.DmDao; import org.finra.dm.model.dto.ConfigurationValue; /** * A helper class for Security code. */ @Component public class SecurityHelper { private static ExpressionParser expressionParser = new SpelExpressionParser(); @Autowired private ConfigurationHelper configurationHelper; /** * Checks whether the user was generated by. * * @param authentication the Authentication containing the user object. * @param generatedByClass the class to check that the user was generated by. * * @return boolean */ public boolean isUserGeneratedByClass(Authentication authentication, Class<?> generatedByClass) { boolean isGeneratedBy = false; if (authentication != null) { SecurityUserWrapper securityUserWrapper = (SecurityUserWrapper) authentication.getPrincipal(); if (securityUserWrapper != null && securityUserWrapper.getApplicationUser().getGeneratedByClass().equals(generatedByClass)) { isGeneratedBy = true; } } return isGeneratedBy; } /** * Maps the given collection of roles to functional points. * * @param roles - the collection of roles to map to functions. * * @return set of {@link GrantedAuthority} representing functional points. */ public Set<GrantedAuthority> mapRolesToFunctions(Collection<String> roles) { // TODO Getting DmDao from applicationContext statically because if we try to wire DmDao here it does not get constructed with proxy class that is // needed for @Cacheable methods to work. DmDao dmDao = ApplicationContextHolder.getApplicationContext().getBean(DmDao.class); Set<GrantedAuthority> authorities = new HashSet<>(); for (String role : roles) { if (role.equalsIgnoreCase(TrustedApplicationUserBuilder.TRUSTED_USER_ROLE)) { // Add all functional points. for (String function : dmDao.getSecurityFunctions()) { authorities.add(new SimpleGrantedAuthority(function)); } } else { for (String function : dmDao.getSecurityFunctionsForRole(role)) { authorities.add(new SimpleGrantedAuthority(function)); } } } return authorities; } /** * Checks whether security is enabled based on SpEL expression defined in environment. * * @param request {@link HttpServletRequest} to determine whether security is enabled. * @return true if security is enabled, false if disabled. */ public boolean isSecurityEnabled(HttpServletRequest request) { Boolean isSecurityEnabled = true; String enableSecuritySpelExpression = configurationHelper .getProperty(ConfigurationValue.SECURITY_ENABLED_SPEL_EXPRESSION); if (StringUtils.isNotBlank(enableSecuritySpelExpression)) { EvaluationContext evaluationContext = new StandardEvaluationContext(); evaluationContext.setVariable("request", request); Expression expression = expressionParser.parseExpression(enableSecuritySpelExpression); isSecurityEnabled = expression.getValue(evaluationContext, Boolean.class); } return isSecurityEnabled; } }