SEC-545: Added utility methods for checking if user has a particular role to existing AuthorityUtils class. Class may be renamed at some point as more functionality is added.
This commit is contained in:
Luke Taylor
parent
315d4a247f
commit
b681952933
|
|
@ -1,14 +1,55 @@
|
|||
package org.springframework.security.util;
|
||||
|
||||
import org.springframework.security.Authentication;
|
||||
import org.springframework.security.GrantedAuthority;
|
||||
import org.springframework.security.GrantedAuthorityImpl;
|
||||
import org.springframework.security.context.SecurityContextHolder;
|
||||
import org.springframework.util.StringUtils;
|
||||
|
||||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
|
||||
/**
|
||||
* @author luke
|
||||
* @author Luke Taylor
|
||||
* @version $Id$
|
||||
*/
|
||||
public abstract class AuthorityUtils {
|
||||
public static final GrantedAuthority[] NO_AUTHORITIES = new GrantedAuthority[0];
|
||||
|
||||
/**
|
||||
* Returns true if the current user has the specified authority.
|
||||
*
|
||||
* @param authority the authority to test for (e.g. "ROLE_A").
|
||||
* @return true if a GrantedAuthority object with the same string representation as the supplied authority
|
||||
* name exists in the current user's list of authorities. False otherwise, or if the user in not authenticated.
|
||||
*/
|
||||
public static boolean userHasAuthority(String authority) {
|
||||
GrantedAuthority[] authorities = getUserAuthorities();
|
||||
|
||||
for (int i = 0; i < authorities.length; i++) {
|
||||
if (authority.equals(authorities[i].getAuthority())) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the authorities of the current user.
|
||||
*
|
||||
* @return an array containing the current user's authorities (or an empty array if not authenticated), never null.
|
||||
*/
|
||||
private static GrantedAuthority[] getUserAuthorities() {
|
||||
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
|
||||
|
||||
if (auth == null || auth.getAuthorities() == null) {
|
||||
return NO_AUTHORITIES;
|
||||
}
|
||||
|
||||
return auth.getAuthorities();
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Creates a array of GrantedAuthority objects from a comma-separated string
|
||||
|
|
@ -28,5 +69,27 @@ public abstract class AuthorityUtils {
|
|||
return authorities;
|
||||
}
|
||||
|
||||
/**
|
||||
* Converts an array of GrantedAuthority objects to a Set.
|
||||
* @return a Set of the Strings obtained from each call to GrantedAuthority.getAuthority()
|
||||
*/
|
||||
public static Set authorityArrayToSet(GrantedAuthority[] authorities) {
|
||||
Set set = new HashSet(authorities.length);
|
||||
|
||||
for (int i = 0; i < authorities.length; i++) {
|
||||
set.add(authorities[i].getAuthority());
|
||||
}
|
||||
|
||||
return set;
|
||||
}
|
||||
|
||||
public static GrantedAuthority[] stringArrayToAuthorityArray(String[] roles) {
|
||||
GrantedAuthority[] authorities = new GrantedAuthority[roles.length];
|
||||
|
||||
for (int i=0; i < roles.length; i++) {
|
||||
authorities[i] = new GrantedAuthorityImpl(roles[i]);
|
||||
}
|
||||
|
||||
return authorities;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,63 @@
|
|||
package org.springframework.security.util;
|
||||
|
||||
import org.springframework.security.GrantedAuthority;
|
||||
import org.springframework.security.context.SecurityContextHolder;
|
||||
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
||||
|
||||
import org.junit.After;
|
||||
import static org.junit.Assert.assertFalse;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
|
||||
import java.util.Set;
|
||||
|
||||
/**
|
||||
* @author Luke Taylor
|
||||
* @version $Id$
|
||||
*/
|
||||
public class AuthorityUtilsTests {
|
||||
|
||||
@Before
|
||||
@After
|
||||
public void clearContext() {
|
||||
SecurityContextHolder.clearContext();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void userHasAuthorityReturnsFalseForUnauthenticatedUser() {
|
||||
assertFalse(AuthorityUtils.userHasAuthority("SOME_AUTHORITY"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void userHasAuthorityReturnsFalseWhenUserHasNoAuthorities() {
|
||||
SecurityContextHolder.getContext().setAuthentication(
|
||||
new UsernamePasswordAuthenticationToken("user", "password"));
|
||||
assertFalse(AuthorityUtils.userHasAuthority("SOME_AUTHORITY"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void userHasAuthorityReturnsTrueWhenUserHasCorrectAuthority() {
|
||||
SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("user", "password",
|
||||
AuthorityUtils.stringArrayToAuthorityArray(new String[] {"A", "B"})));
|
||||
assertTrue(AuthorityUtils.userHasAuthority("A"));
|
||||
assertTrue(AuthorityUtils.userHasAuthority("B"));
|
||||
assertFalse(AuthorityUtils.userHasAuthority("C"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void commaSeparatedStringIsParsedCorrectly() {
|
||||
GrantedAuthority[] authorityArray =
|
||||
AuthorityUtils.commaSeparatedStringToAuthorityArray(" ROLE_A, B, C, ROLE_D, E ");
|
||||
|
||||
Set authorities = AuthorityUtils.authorityArrayToSet(authorityArray);
|
||||
|
||||
assertTrue(authorities.contains("B"));
|
||||
assertTrue(authorities.contains("C"));
|
||||
assertTrue(authorities.contains("E"));
|
||||
assertTrue(authorities.contains("ROLE_A"));
|
||||
assertTrue(authorities.contains("ROLE_D"));
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
Loading…
Reference in New Issue