CustomMethodSecurityExpressionRoot.java example

Explorer
cloudify-master
/*******************************************************************************
 * Copyright (c) 2012 GigaSpaces Technologies Ltd. All rights reserved
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *       http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *******************************************************************************/
package org.cloudifysource.security;

import java.io.Serializable;

import org.springframework.security.access.PermissionEvaluator;
import org.springframework.security.access.expression.SecurityExpressionRoot;
import org.springframework.security.access.expression.method.MethodSecurityExpressionOperations;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;

/**
 * Extended expression root object which contains extra method-specific
 * functionality.
 * 
 * @author Noak
 * @since 2.3.1
 */
class CustomMethodSecurityExpressionRoot extends SecurityExpressionRoot implements MethodSecurityExpressionOperations {
	
	private PermissionEvaluator permissionEvaluator;
	private Object filterObject;
	private Object returnObject;
	private Object target;
	
	CustomMethodSecurityExpressionRoot(final Authentication a) {
		super(a);
	}

	public boolean hasPermission(final Object target, final Object permission) {
		Object effectiveTarget = target;
		if (effectiveTarget == null) {
			StringBuilder authGroups = new StringBuilder();
			if (authentication instanceof CustomAuthenticationToken) {
				for (String authGroup : ((CustomAuthenticationToken) authentication).getAuthGroups()) {
					if (authGroups.length() > 0) {
						authGroups.append(", ");
					}
					authGroups.append(authGroup);
				}
			} else {
				for (GrantedAuthority authority : (authentication).getAuthorities()) {
					if (authGroups.length() > 0) {
						authGroups.append(", ");
					}
					authGroups.append(authority.getAuthority());
				}
			}

			effectiveTarget = authGroups.toString();
		}
		return permissionEvaluator.hasPermission(authentication, effectiveTarget, permission);
	}

	public boolean hasPermission(final Object targetId, final String targetType, final Object permission) {
		return permissionEvaluator.hasPermission(authentication, (Serializable) targetId, targetType, permission);
	}

	public void setFilterObject(final Object filterObject) {
		this.filterObject = filterObject;
	}

	public Object getFilterObject() {
		return filterObject;
	}

	public void setReturnObject(final Object returnObject) {
		this.returnObject = returnObject;
	}

	public Object getReturnObject() {
		return returnObject;
	}

	public void setPermissionEvaluator(final PermissionEvaluator permissionEvaluator) {
		this.permissionEvaluator = permissionEvaluator;
	}
	
    /**
     * Sets the "this" property for use in expressions. Typically this will be the "this" property of
     * the {@code JoinPoint} representing the method invocation which is being protected.
     *
     * @param target the target object on which the method in is being invoked.
     */
    void setThis(Object target) {
        this.target = target;
    }

    public Object getThis() {
        return target;
    }
}