org.finra.dm.app.security.SecurityHelper.java Source code

Java tutorial

  1. HOME
  2. Java
  3. org.finra.dm.app.security.SecurityHelper.java

Introduction

Here is the source code for org.finra.dm.app.security.SecurityHelper.java

Source

/*
* Copyright 2015 herd contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
*     http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.finra.dm.app.security;

import java.util.Collection;
import java.util.HashSet;
import java.util.Set;

import javax.servlet.http.HttpServletRequest;

import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.expression.EvaluationContext;
import org.springframework.expression.Expression;
import org.springframework.expression.ExpressionParser;
import org.springframework.expression.spel.standard.SpelExpressionParser;
import org.springframework.expression.spel.support.StandardEvaluationContext;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.stereotype.Component;

import org.finra.dm.core.ApplicationContextHolder;
import org.finra.dm.core.helper.ConfigurationHelper;
import org.finra.dm.dao.DmDao;
import org.finra.dm.model.dto.ConfigurationValue;

/**
 * A helper class for Security code.
 */
@Component
public class SecurityHelper {
    private static ExpressionParser expressionParser = new SpelExpressionParser();

    @Autowired
    private ConfigurationHelper configurationHelper;

    /**
     * Checks whether the user was generated by.
     *
     * @param authentication the Authentication containing the user object.
     * @param generatedByClass the class to check that the user was generated by.
     *
     * @return boolean
     */
    public boolean isUserGeneratedByClass(Authentication authentication, Class<?> generatedByClass) {
        boolean isGeneratedBy = false;

        if (authentication != null) {
            SecurityUserWrapper securityUserWrapper = (SecurityUserWrapper) authentication.getPrincipal();
            if (securityUserWrapper != null
                    && securityUserWrapper.getApplicationUser().getGeneratedByClass().equals(generatedByClass)) {
                isGeneratedBy = true;
            }
        }
        return isGeneratedBy;
    }

    /**
     * Maps the given collection of roles to functional points.
     *
     * @param roles - the collection of roles to map to functions.
     *
     * @return set of {@link GrantedAuthority} representing functional points.
     */
    public Set<GrantedAuthority> mapRolesToFunctions(Collection<String> roles) {
        // TODO Getting DmDao from applicationContext statically because if we try to wire DmDao here it does not get constructed with proxy class that is
        // needed for @Cacheable methods to work.
        DmDao dmDao = ApplicationContextHolder.getApplicationContext().getBean(DmDao.class);

        Set<GrantedAuthority> authorities = new HashSet<>();
        for (String role : roles) {
            if (role.equalsIgnoreCase(TrustedApplicationUserBuilder.TRUSTED_USER_ROLE)) {
                // Add all functional points.
                for (String function : dmDao.getSecurityFunctions()) {
                    authorities.add(new SimpleGrantedAuthority(function));
                }
            } else {
                for (String function : dmDao.getSecurityFunctionsForRole(role)) {
                    authorities.add(new SimpleGrantedAuthority(function));
                }
            }
        }
        return authorities;
    }

    /**
     * Checks whether security is enabled based on SpEL expression defined in environment.
     * 
     * @param request {@link HttpServletRequest} to determine whether security is enabled.
     * @return true if security is enabled, false if disabled.
     */
    public boolean isSecurityEnabled(HttpServletRequest request) {
        Boolean isSecurityEnabled = true;

        String enableSecuritySpelExpression = configurationHelper
                .getProperty(ConfigurationValue.SECURITY_ENABLED_SPEL_EXPRESSION);

        if (StringUtils.isNotBlank(enableSecuritySpelExpression)) {
            EvaluationContext evaluationContext = new StandardEvaluationContext();
            evaluationContext.setVariable("request", request);

            Expression expression = expressionParser.parseExpression(enableSecuritySpelExpression);

            isSecurityEnabled = expression.getValue(evaluationContext, Boolean.class);
        }

        return isSecurityEnabled;
    }
}