All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.acegisecurity.wrapper.SecurityContextHolderAwareRequestWrapper Maven / Gradle / Ivy

There is a newer version: 1.0.7
Show newest version
/* Copyright 2004, 2005 Acegi Technology Pty Limited
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.acegisecurity.wrapper;

import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationTrustResolver;
import org.acegisecurity.AuthenticationTrustResolverImpl;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.userdetails.UserDetails;

import java.security.Principal;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;


/**
 * An Acegi Security-aware HttpServletRequestWrapper, which uses
 * the SecurityContext-defined Authentication object
 * for {@link SecurityContextHolderAwareRequestWrapper#isUserInRole(java.lang.String)}
 * and {@link javax.servlet.http.HttpServletRequestWrapper#getRemoteUser()}
 * responses.
 *
 * @author Orlando Garcia Carmona
 * @author Ben Alex
 * @version $Id: SecurityContextHolderAwareRequestWrapper.java,v 1.3 2005/11/29 13:10:11 benalex Exp $
 */
public class SecurityContextHolderAwareRequestWrapper extends HttpServletRequestWrapper {
    //~ Instance fields ========================================================

    private AuthenticationTrustResolver authenticationTrustResolver = new AuthenticationTrustResolverImpl();

    //~ Constructors ===========================================================

    public SecurityContextHolderAwareRequestWrapper(HttpServletRequest request) {
        super(request);
    }

    //~ Methods ================================================================

    /**
     * Returns the principal's name, as obtained from the
     * SecurityContextHolder. Properly handles both
     * String-based and UserDetails-based
     * principals.
     *
     * @return the username or null if unavailable
     */
    public String getRemoteUser() {
        Authentication auth = getAuthentication();

        if ((auth == null) || (auth.getPrincipal() == null)) {
            return null;
        }

        if (auth.getPrincipal() instanceof UserDetails) {
            return ((UserDetails) auth.getPrincipal()).getUsername();
        }

        return auth.getPrincipal().toString();
    }

    /**
     * Simple searches for an exactly matching {@link
     * GrantedAuthority#getAuthority()}.
     * 
     * 

* Will always return false if the SecurityContextHolder * contains an Authentication with * nullprincipal and/or * GrantedAuthority[] objects. *

* * @param role the GrantedAuthorityString * representation to check for * * @return true if an exact (case sensitive) matching * granted authority is located, false otherwise */ public boolean isUserInRole(String role) { return isGranted(role); } /** * Returns the Authentication (which is a subclass of * Principal), or null if unavailable. * * @return the Authentication, or null */ public Principal getUserPrincipal() { Authentication auth = getAuthentication(); if ((auth == null) || (auth.getPrincipal() == null)) { return null; } return auth; } /** * Obtain the current active Authentication * * @return the authentication object or null */ private Authentication getAuthentication() { Authentication auth = SecurityContextHolder.getContext() .getAuthentication(); if (!authenticationTrustResolver.isAnonymous(auth)) { return auth; } return null; } private boolean isGranted(String role) { Authentication auth = getAuthentication(); if ((auth == null) || (auth.getPrincipal() == null) || (auth.getAuthorities() == null)) { return false; } for (int i = 0; i < auth.getAuthorities().length; i++) { if (role.equals(auth.getAuthorities()[i].getAuthority())) { return true; } } return false; } }




© 2015 - 2025 Weber Informatics LLC | Privacy Policy