com.formkiq.server.service.SpringSecurityService Maven / Gradle / Ivy
/*
* Copyright (C) 2016 FormKiQ Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.formkiq.server.service;
import java.util.Arrays;
import java.util.List;
import java.util.stream.Collectors;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.stereotype.Service;
import org.springframework.util.StringUtils;
import com.formkiq.server.domain.FolderAccess;
import com.formkiq.server.domain.type.FolderPermission;
import com.formkiq.server.domain.type.UserRole;
import com.formkiq.server.util.Strings;
/**
* Spring Security Services.
*
*/
@Service
public class SpringSecurityService {
/** OAuthService. */
@Autowired
private OAuthService oauthservice;
/** UserService. */
@Autowired
private UserService userservice;
/**
* Check Request for Basic Authorization.
* @param authorization {@link String}
*/
public void checkBasicAuthorization(final String authorization) {
String value = authorization;
if (!StringUtils.isEmpty(value)) {
value = value.replaceAll("Basic ", "");
String[] args = Strings.decode(value, ":");
String clientid = args[0];
String clientSecret = args[1];
if (this.oauthservice.isValidClient(clientid, clientSecret)) {
return;
}
}
throw new BadCredentialsException(
"User does not have access to Client");
}
/**
* @return {@link String}
*/
public String getClientId() {
Authentication auth = SecurityContextHolder.getContext()
.getAuthentication();
String clientid = null;
if (auth instanceof OAuth2Authentication) {
OAuth2Authentication a = (OAuth2Authentication) auth;
clientid = a.getOAuth2Request().getClientId();
}
return clientid;
}
/**
* @return UserDetails
*/
public UserDetails getUserDetails() {
Authentication auth = SecurityContextHolder.getContext()
.getAuthentication();
if (auth instanceof OAuth2Authentication) {
OAuth2Authentication oauth = (OAuth2Authentication) auth;
return (UserDetails) oauth.getUserAuthentication().getPrincipal();
}
if (auth instanceof UsernamePasswordAuthenticationToken) {
return (UserDetails) ((UsernamePasswordAuthenticationToken) auth)
.getPrincipal();
}
return null;
}
/**
* Returns user by email only if admin, otherwise
* current user.
* @param email {@link String}
* @return {@link UserDetails}
*/
public UserDetails getUserDetailsByEmail(final String email) {
UserDetails user = getUserDetails();
if (isAdmin() && !StringUtils.isEmpty(email)) {
user = this.userservice.findUserByEmail(email);
}
return user;
}
/**
* Get logged in username.
* @return {@link String}
*/
public String getUsername() {
Authentication auth = SecurityContextHolder.getContext()
.getAuthentication();
return auth != null ? auth.getName() : null;
}
/**
* Returns whether has permission.
* @param accessForm {@link FolderAccess}
* @param perm {@link FolderPermission}
* @return boolean
*/
public boolean hasPermission(final FolderAccess accessForm,
final FolderPermission perm) {
if (accessForm != null) {
List perms = toPermissions(
accessForm.getPermissions());
for (FolderPermission up : perms) {
if (FolderPermission.PERM_FORM_ADMIN.equals(up)
|| perm.equals(up)) {
return true;
}
}
}
return false;
}
/**
* Whether User is admin.
* @return boolean
*/
public boolean isAdmin() {
Authentication auth = SecurityContextHolder.getContext()
.getAuthentication();
if (auth != null) {
for (GrantedAuthority grantedAuthority : auth.getAuthorities()) {
if (UserRole.ROLE_ADMIN.name()
.equals(grantedAuthority.getAuthority())) {
return true;
}
}
}
return false;
}
/**
* Check logged in user.
* @param email {@link String}
* @return boolean
*/
public boolean isUser(final String email) {
Authentication auth = SecurityContextHolder.getContext()
.getAuthentication();
return auth != null && email.equals(auth.getName());
}
/**
* Convert string permissions to real permissions.
* @param permissions {@link String}
* @return {@link List}
*/
public List toPermissions(final String permissions) {
return toPermissions(permissions.split(","));
}
/**
* Converts permissions to UserPermissions.
* @param permissions {@link String}
* @return {@link List}
*/
public List toPermissions(final String[] permissions) {
List perms = Arrays.asList(permissions).stream()
.map(s -> FolderPermission.valueOf(s.toUpperCase()))
.collect(Collectors.toList());
return perms;
}
/**
* Verify user has access to Client.
* @param clientid {@link String}
*/
public void verifyUserHasAccessToClient(final String clientid) {
if (clientid.equals(getClientId())) {
return;
}
throw new BadCredentialsException(
"User does not have access to Client");
}
}