package com.globant.katari.core.security;
import java.util.Map;
import org.acegisecurity.AccessDeniedException;
import org.apache.commons.lang.Validate;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.PathMatcher;
/**
* This class implements <code>UrlToRoleMapper</code>, it is the default
* implementation of this interface.
*
* It has a map, which can be injected by spring containing all roles which its
* respective urls.
* @author maximiliano.roman
*/
public class StaticUrlToRoleMapper implements UrlToRoleMapper {
/**
* The map containing the url as a key and the roles as a value.
* It cannot be null.
*/
private Map<String, String[]> urlPathRolesMap;
/**
* The path matcher, to match different urls.
* It cannot be null.
*/
private PathMatcher pathMatcher;
/** Constructor.
*
* @param theUrlPathRolesMap a map of url expressions to the list of roles
* that can access that url. It cannot be null.
*/
public StaticUrlToRoleMapper(final Map<String, String[]> theUrlPathRolesMap) {
Validate.notNull(theUrlPathRolesMap, "The UrlPathRolesMap"
+ " cannot be null");
urlPathRolesMap = theUrlPathRolesMap;
pathMatcher = new AntPathMatcher();
}
/** Finds the roles that are allowed to access an url.
*
* This method only considers the url excluding the GET parameters (whatever
* goes after the ?). If the url does not match any expression defined for the
* module, this method throws AccessDeniedException.
*
* @param theUrl the url to get the roles for. It cannot be null.
*
* @return A String[] with the roles. It never returns null.
*/
public String[] getRolesForUrl(final String theUrl) {
Validate.notNull(theUrl, "The url given cannot be null");
String url = theUrl.toLowerCase();
int firstQuestionMarkIndex = url.indexOf('?');
if (firstQuestionMarkIndex != -1) {
url = url.substring(0, firstQuestionMarkIndex);
}
for (String urlPattern : urlPathRolesMap.keySet()) {
boolean matched = pathMatcher.match(urlPattern.toLowerCase(), url);
if (matched) {
return urlPathRolesMap.get(urlPattern);
}
}
throw new AccessDeniedException("The url: '" + url
+ "' does not match any roles configuration");
}
/**
* It sets the pathMatcher. It allows to define the path matcher used for
* matching the url patterns with the given URLs. By default this class use
* an AntPathMatcher.
* @param thePathMatcher the pathMatcher. It cannot be null.
*/
public void setPathMatcher(final PathMatcher thePathMatcher) {
Validate.notNull(thePathMatcher, "The pathMatcher cannot be null");
pathMatcher = thePathMatcher;
}
}