SecurityHelper.java example

Explorer

HERD-master
- herd-build
  - herd-swaggergen-maven-plugin
    - src
      - main
        java
        org
        finra
        herd
        swaggergen
        DefinitionGenerator.java
        ExampleXmlGenerator.java
        FieldUtils.java
        ModelClassFinder.java
        ResourceUtils.java
        RestControllerProcessor.java
        SwaggerGenMojo.java
        SwaggerNamingStrategy.java
        XsdNamespaceContext.java
        XsdParser.java
      - test
        java
        org
        finra
        herd
        swaggergen
        AbstractTest.java
        DefinitionGeneratorTest.java
        ExampleXmlGeneratorTest.java
        ModelClassFinderTest.java
        RestControllerProcessorTest.java
        SwaggerGenMojoTest.java
        XsdNamespaceContextTest.java
        XsdParserTest.java
        test
        EmptyEnum.java
        MultiTypedList.java
        NonXmlType.java
        TestEnum.java
        definitionGenerator
        BasicCase.java
        MultiTypedListCase.java
        NonParametrizedListCase.java
        TrivialCase.java
        WildcardParameterizedListCase.java
        XsdMappingCase.java
        exampleXmlGenerator
        BasicCase.java
        DatetimeCase.java
        EdgeCase.java
        MultiTypedListCase.java
        NonParametrizedListCase.java
        WildcardParameterizedListCase.java
        XmlTypeInterfaceCase.java
        modelClassFinder
        Bar.java
        Foo.java
        restControllerProcessor
        case1
        Test1RestController.java
        case2
        HiddenRestController.java
        NonRestController.java
        Test2RestController.java
        case3
        Test3RestController.java
        swaggerGenMojo
        model
        ErrorResponse.java
        Person.java
        rest
        PersonRestController.java
        resources
        org
        finra
        herd
        swaggergen
        test
        restControllerProcessor
        case1
        Test1RestController.java
        case2
        HiddenRestController.java
        NonRestController.java
        Test2RestController.java
        case3
        Test3RestController.java
        swaggerGenMojo
        model
        ErrorResponse.java
        Person.java
        rest
        PersonRestController.java
- herd-code

/*
* Copyright 2015 herd contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
*     http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.finra.herd.app.security;

import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;

import javax.servlet.http.HttpServletRequest;

import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.stereotype.Component;

import org.finra.herd.core.ApplicationContextHolder;
import org.finra.herd.core.helper.ConfigurationHelper;
import org.finra.herd.core.helper.SpelExpressionHelper;
import org.finra.herd.dao.SecurityFunctionDao;
import org.finra.herd.model.dto.ConfigurationValue;
import org.finra.herd.model.dto.SecurityUserWrapper;

/**
 * A helper class for Security code.
 */
@Component
public class SecurityHelper
{
    @Autowired
    private ConfigurationHelper configurationHelper;

    @Autowired
    private SpelExpressionHelper spelExpressionHelper;

    /**
     * Retrieves functional points that have no roles mapped to them.
     *
     * @return set of {@link GrantedAuthority} representing functional points
     */
    public Set<GrantedAuthority> getUnrestrictedFunctions()
    {
        // TODO Getting HerdDao from applicationContext statically because if we try to wire HerdDao here it does not get constructed with proxy class that is
        // needed for @Cacheable methods to work.
        SecurityFunctionDao securityFunctionDao = ApplicationContextHolder.getApplicationContext().getBean(SecurityFunctionDao.class);

        Set<GrantedAuthority> authorities = new HashSet<>();

        // Add all unrestricted functional points.
        for (String function : securityFunctionDao.getUnrestrictedSecurityFunctions())
        {
            authorities.add(new SimpleGrantedAuthority(function));
        }

        return authorities;
    }

    /**
     * Checks whether security is enabled based on SpEL expression defined in environment.
     *
     * @param request {@link HttpServletRequest} to determine whether security is enabled.
     *
     * @return true if security is enabled, false if disabled.
     */
    public boolean isSecurityEnabled(HttpServletRequest request)
    {
        Boolean isSecurityEnabled = true;

        String enableSecuritySpelExpression = configurationHelper.getProperty(ConfigurationValue.SECURITY_ENABLED_SPEL_EXPRESSION);

        if (StringUtils.isNotBlank(enableSecuritySpelExpression))
        {
            Map<String, Object> variables = new HashMap<>();
            variables.put("request", request);

            isSecurityEnabled = spelExpressionHelper.evaluate(enableSecuritySpelExpression, Boolean.class, variables);
        }

        return isSecurityEnabled;
    }

    /**
     * Checks whether the user was generated by.
     *
     * @param authentication the Authentication containing the user object.
     * @param generatedByClass the class to check that the user was generated by.
     *
     * @return boolean
     */
    public boolean isUserGeneratedByClass(Authentication authentication, Class<?> generatedByClass)
    {
        boolean isGeneratedBy = false;

        if (authentication != null)
        {
            SecurityUserWrapper securityUserWrapper = (SecurityUserWrapper) authentication.getPrincipal();
            if (securityUserWrapper != null && securityUserWrapper.getApplicationUser().getGeneratedByClass().equals(generatedByClass))
            {
                isGeneratedBy = true;
            }
        }
        return isGeneratedBy;
    }

    /**
     * Maps the given collection of roles to functional points.
     *
     * @param roles - the collection of roles to map to functions.
     *
     * @return set of {@link GrantedAuthority} representing functional points.
     */
    public Set<GrantedAuthority> mapRolesToFunctions(Collection<String> roles)
    {
        // TODO Getting HerdDao from applicationContext statically because if we try to wire HerdDao here it does not get constructed with proxy class that is
        // needed for @Cacheable methods to work.
        SecurityFunctionDao securityFunctionDao = ApplicationContextHolder.getApplicationContext().getBean(SecurityFunctionDao.class);

        Set<GrantedAuthority> authorities = new HashSet<>();
        for (String role : roles)
        {
            if (role.equalsIgnoreCase(TrustedApplicationUserBuilder.TRUSTED_USER_ROLE))
            {
                // Add all functional points.
                for (String function : securityFunctionDao.getSecurityFunctions())
                {
                    authorities.add(new SimpleGrantedAuthority(function));
                }
            }
            else
            {
                for (String function : securityFunctionDao.getSecurityFunctionsForRole(role))
                {
                    authorities.add(new SimpleGrantedAuthority(function));
                }
            }
        }
        return authorities;
    }
}