All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.acegisecurity.wrapper.SecurityContextHolderAwareRequestWrapper Maven / Gradle / Ivy

There is a newer version: 1.0.7
Show newest version
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.acegisecurity.wrapper;

import org.acegisecurity.Authentication;
import org.acegisecurity.AuthenticationTrustResolver;
import org.acegisecurity.AuthenticationTrustResolverImpl;

import org.acegisecurity.context.SecurityContextHolder;

import org.acegisecurity.userdetails.UserDetails;

import java.security.Principal;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;


/**
 * An Acegi Security-aware HttpServletRequestWrapper, which uses the
 * SecurityContext-defined Authentication object for {@link
 * SecurityContextHolderAwareRequestWrapper#isUserInRole(java.lang.String)} and {@link
 * javax.servlet.http.HttpServletRequestWrapper#getRemoteUser()} responses.
 *
 * @author Orlando Garcia Carmona
 * @author Ben Alex
 * @version $Id: SecurityContextHolderAwareRequestWrapper.java 1519 2006-05-29 15:06:32Z benalex $
 */
public class SecurityContextHolderAwareRequestWrapper extends HttpServletRequestWrapper {
    //~ Instance fields ================================================================================================

    private AuthenticationTrustResolver authenticationTrustResolver = new AuthenticationTrustResolverImpl();

    //~ Constructors ===================================================================================================

    public SecurityContextHolderAwareRequestWrapper(HttpServletRequest request) {
        super(request);
    }

    //~ Methods ========================================================================================================

    /**
     * Obtain the current active Authentication
     *
     * @return the authentication object or null
     */
    private Authentication getAuthentication() {
        Authentication auth = SecurityContextHolder.getContext().getAuthentication();

        if (!authenticationTrustResolver.isAnonymous(auth)) {
            return auth;
        }

        return null;
    }

    /**
     * Returns the principal's name, as obtained from the SecurityContextHolder. Properly handles
     * both String-based and UserDetails-based principals.
     *
     * @return the username or null if unavailable
     */
    public String getRemoteUser() {
        Authentication auth = getAuthentication();

        if ((auth == null) || (auth.getPrincipal() == null)) {
            return null;
        }

        if (auth.getPrincipal() instanceof UserDetails) {
            return ((UserDetails) auth.getPrincipal()).getUsername();
        }

        return auth.getPrincipal().toString();
    }

    /**
     * Returns the Authentication (which is a subclass of Principal), or
     * null if unavailable.
     *
     * @return the Authentication, or null
     */
    public Principal getUserPrincipal() {
        Authentication auth = getAuthentication();

        if ((auth == null) || (auth.getPrincipal() == null)) {
            return null;
        }

        return auth;
    }

    private boolean isGranted(String role) {
        Authentication auth = getAuthentication();

        if ((auth == null) || (auth.getPrincipal() == null) || (auth.getAuthorities() == null)) {
            return false;
        }

        for (int i = 0; i < auth.getAuthorities().length; i++) {
            if (role.equals(auth.getAuthorities()[i].getAuthority())) {
                return true;
            }
        }

        return false;
    }

    /**
     * Simple searches for an exactly matching {@link org.acegisecurity.GrantedAuthority#getAuthority()}.

Will * always return false if the SecurityContextHolder contains an * Authentication with nullprincipal and/or GrantedAuthority[] * objects.

* * @param role the GrantedAuthorityString representation to check for * * @return true if an exact (case sensitive) matching granted authority is located, * false otherwise */ public boolean isUserInRole(String role) { return isGranted(role); } }




© 2015 - 2024 Weber Informatics LLC | Privacy Policy