SecurityExpressionRoot.java

package com.revolsys.spring.security;

import java.io.Serializable;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

import org.springframework.security.access.PermissionEvaluator;
import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;

public class SecurityExpressionRoot
  extends org.springframework.security.access.expression.SecurityExpressionRoot {
  private PermissionEvaluator permissionEvaluator;

  private RoleHierarchy roleHierarchy;

  private Set<String> roles;

  public SecurityExpressionRoot(final Authentication a) {
    super(a);
  }

  public Set<String> getAuthoritySet() {
    if (this.roles == null) {
      this.roles = new HashSet<>();
      Collection<? extends GrantedAuthority> userAuthorities = this.authentication.getAuthorities();

      if (this.roleHierarchy != null) {
        userAuthorities = this.roleHierarchy.getReachableGrantedAuthorities(userAuthorities);
      }

      this.roles = AuthorityUtils.authorityListToSet(userAuthorities);
    }

    return this.roles;
  }

  @Override
  public boolean hasPermission(final Object target, final Object permission) {
    return this.permissionEvaluator.hasPermission(this.authentication, target, permission);
  }

  @Override
  public boolean hasPermission(final Object targetId, final String targetType,
    final Object permission) {
    return this.permissionEvaluator.hasPermission(this.authentication, (Serializable)targetId,
      targetType, permission);
  }

  public boolean hasRoleRegex(final String regex) {
    final Pattern pattern = Pattern.compile(regex);
    for (final String role : getAuthoritySet()) {
      final Matcher matcher = pattern.matcher(role);
      final boolean matches = matcher.matches();
      if (matches) {
        return true;
      }
    }
    return false;
  }

  @Override
  public void setPermissionEvaluator(final PermissionEvaluator permissionEvaluator) {
    this.permissionEvaluator = permissionEvaluator;
  }

  @Override
  public void setRoleHierarchy(final RoleHierarchy roleHierarchy) {
    super.setRoleHierarchy(roleHierarchy);
    this.roleHierarchy = roleHierarchy;
  }

}