• Home
• org.ikasan
• ikasan-dashboard
• 3.3.5
• source code
• SecurityUtils.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.ikasan.dashboard.security.SecurityUtils Maven / Gradle / Ivy

package org.ikasan.dashboard.security;


import com.vaadin.flow.server.ServletHelper.RequestType;
import com.vaadin.flow.shared.ApplicationConstants;
import org.ikasan.dashboard.ui.util.SecurityConstants;
import org.ikasan.security.model.User;
import org.ikasan.security.service.authentication.IkasanAuthentication;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;

import javax.servlet.http.HttpServletRequest;
import java.util.HashSet;
import java.util.Set;
import java.util.stream.Stream;

/**
 * SecurityUtils takes care of all such static operations that have to do with
 * security and querying rights from different beans of the UI.
 *
 */
public final class SecurityUtils {

    private SecurityUtils() {
        // Util methods only
    }

    /**
     * Tests if the request is an internal framework request. The test consists of
     * checking if the request parameter is present and if its value is consistent
     * with any of the request types know.
     *
     * @param request
     *            {@link HttpServletRequest}
     * @return true if is an internal framework request. False otherwise.
     */
    static boolean isFrameworkInternalRequest(HttpServletRequest request) {
        final String parameterValue = request.getParameter(ApplicationConstants.REQUEST_TYPE_PARAMETER);
        return parameterValue != null
            && Stream.of(RequestType.values()).anyMatch(r -> r.getIdentifier().equals(parameterValue));
    }

    /**
     * Tests if some user is authenticated. As Spring Security always will create an {@link AnonymousAuthenticationToken}
     * we have to ignore those tokens explicitly.
     */
    static boolean isUserLoggedIn() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        return authentication != null
            && !(authentication instanceof AnonymousAuthenticationToken)
            && authentication.isAuthenticated();
    }

    /**
     * Get modules available for a given user.
     *
     * @param authentication
     * @return
     */
    public static Set getAccessibleModules(IkasanAuthentication authentication)
    {
        Set results = new HashSet<>();

        if(authentication == null) {
            return results;
        }

        User user = (User)authentication.getPrincipal();

        if(authentication.hasGrantedAuthority(SecurityConstants.ALL_AUTHORITY) ||
            authentication.hasGrantedAuthority(SecurityConstants.WIRETAP_ALL_MODULES_READ) ||
            authentication.hasGrantedAuthority(SecurityConstants.WIRETAP_ALL_MODULES_WRITE) ||
            authentication.hasGrantedAuthority(SecurityConstants.WIRETAP_ALL_MODULES_ADMIN) ||
            authentication.hasGrantedAuthority(SecurityConstants.EXCLUSION_ALL_MODULES_READ) ||
            authentication.hasGrantedAuthority(SecurityConstants.EXCLUSION_ALL_MODULES_WRITE) ||
            authentication.hasGrantedAuthority(SecurityConstants.EXCLUSION_ALL_MODULES_ADMIN) ||
            authentication.hasGrantedAuthority(SecurityConstants.ERROR_ALL_MODULES_READ) ||
            authentication.hasGrantedAuthority(SecurityConstants.ERROR_ALL_MODULES_WRITE) ||
            authentication.hasGrantedAuthority(SecurityConstants.ERROR_ALL_MODULES_ADMIN) ||
            authentication.hasGrantedAuthority(SecurityConstants.REPLAY_ALL_MODULES_READ) ||
            authentication.hasGrantedAuthority(SecurityConstants.REPLAY_ALL_MODULES_WRITE) ||
            authentication.hasGrantedAuthority(SecurityConstants.REPLAY_ALL_MODULES_ADMIN)){
            return results;
        }

        user.getPrincipals()
            .forEach(principal -> principal.getRoles()
                .forEach(role -> role.getRoleModules()
                    .forEach(roleModule -> results.add(roleModule.getModuleName()))));

        return results;
    }

    /**
     * Get modules available for a given user.
     *
     * @param authentication
     * @return
     */
    public static Set getAccessibleJobPlans(IkasanAuthentication authentication)
    {
        Set results = new HashSet<>();

        if(authentication == null) {
            return results;
        }

        User user = (User)authentication.getPrincipal();

        if(authentication.hasGrantedAuthority(SecurityConstants.ALL_AUTHORITY) ||
            authentication.hasGrantedAuthority(SecurityConstants.SCHEDULER_ALL_ADMIN) ||
            authentication.hasGrantedAuthority(SecurityConstants.SCHEDULER_ALL_WRITE) ||
            authentication.hasGrantedAuthority(SecurityConstants.SCHEDULER_ALL_READ)){
            return results;
        }

        user.getPrincipals()
            .forEach(principal -> principal.getRoles()
                .forEach(role -> role.getRoleJobPlans()
                    .forEach(roleJobPlan -> results.add(roleJobPlan.getJobPlanName()))));

        return results;
    }

    public static boolean canAccessAllJobPlans(IkasanAuthentication authentication) {
        return authentication.hasGrantedAuthority(SecurityConstants.ALL_AUTHORITY) ||
            authentication.hasGrantedAuthority(SecurityConstants.SCHEDULER_ALL_ADMIN) ||
            authentication.hasGrantedAuthority(SecurityConstants.SCHEDULER_ALL_READ) ||
            authentication.hasGrantedAuthority(SecurityConstants.SCHEDULER_ALL_WRITE);

    }
}