NPSecurityContext.java example

Explorer
nextprot-api-master
package org.nextprot.api.security.service.impl;

import com.auth0.spring.security.auth0.Auth0UserDetails;
import org.nextprot.api.commons.exception.NotAuthorizedException;
import org.nextprot.api.commons.resource.UserResource;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;

import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;

/**
 * Utility methods related to the current logged in user
 * @author Daniel Teixeira
 *
 */
public class NPSecurityContext {

	/**
	 * Check authorization for all resources
	 * @param userResources
	 */
	public static void checkUserAuthorization(Collection<? extends UserResource> userResources) {
		for(UserResource resource : userResources){
			checkUserAuthorization(resource);
		}

	}

	public static void checkUserAuthorization(UserResource userResource) {

		String securityUserName;

		Authentication a = SecurityContextHolder.getContext().getAuthentication();

		if (a.getPrincipal() instanceof UserDetails) {
			UserDetails currentUserDetails = (UserDetails) a.getPrincipal();
			securityUserName = currentUserDetails.getUsername();
		} else {
			securityUserName = a.getPrincipal().toString();
		}
		
		if(securityUserName == null){
			throw new NotAuthorizedException("Security user name not set!!!");
		}

		if (!securityUserName.equals(userResource.getOwnerName())) {
			throw new NotAuthorizedException(securityUserName + " is not authorized to access this resource");
		}

	}

	public static Set<String> getCurrentUserRoles() {

		Authentication a = SecurityContextHolder.getContext().getAuthentication();
		if (a == null) {
			return new HashSet<String>(Arrays.asList("anonymous"));
		}

		Set<String> roles = new HashSet<String>();
		Collection<? extends GrantedAuthority> authorities = a.getAuthorities();
		for(GrantedAuthority auth : authorities){
			roles.add(auth.toString());
		}
		
		return roles;
	}

	public static String getCurrentUser() {

		Authentication a = SecurityContextHolder.getContext().getAuthentication();
		if (a.getPrincipal() instanceof UserDetails) {
			UserDetails currentUserDetails = (UserDetails) a.getPrincipal();
			return currentUserDetails.getUsername();
		}else {
			return null;
		}
	}
}