• Home
• net.sf.esfinge
• RBAC
• 1.2.3
• source code
• AllowRolesAuthorizer.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.esfinge.guardian.rbac.authorizer.AllowRolesAuthorizer Maven / Gradle / Ivy

package org.esfinge.guardian.rbac.authorizer;

import java.util.HashSet;
import java.util.Set;

import org.esfinge.guardian.authorizer.Authorizer;
import org.esfinge.guardian.context.AuthorizationContext;
import org.esfinge.guardian.rbac.annotation.authorization.AllowRoles;
import org.esfinge.guardian.rbac.entity.Role;
import org.esfinge.guardian.rbac.exception.RbacMisuseException;
import org.esfinge.guardian.rbac.utils.RbacConfig;

public class AllowRolesAuthorizer implements Authorizer {
	
	@Override
	public Boolean authorize(AuthorizationContext context, AllowRoles allowRoles) {
		
		RbacConfig rbacConfig = new RbacConfig();
		Set subjectRoles = context.getSubject().get(rbacConfig.getRolesKey(), new HashSet());
		Set annotatedRoles = new HashSet();
		
		String[] annotatedRolesNames = allowRoles.value();
		for (String roleName : annotatedRolesNames) {
			annotatedRoles.add(new Role(roleName));
		}
		
		if (annotatedRoles.isEmpty() && !subjectRoles.isEmpty()) {
			throw new RbacMisuseException("A role must be defined to access the method: " + context.getGuardedMethod().getName());
		}
		
		boolean authorized = false;
		for (Role annotatedRole : annotatedRoles) {
			for (Role subjectRole : subjectRoles) {
				authorized = authorized || annotatedRole.isSubjectInRole(subjectRole);
			}
		}
		
		return authorized;
	}
}