use of org.springframework.security.access.SecurityMetadataSource in project dhis2-core by dhis2.
the class SpringSecurityActionAccessResolver method hasAccess.
// -------------------------------------------------------------------------
// ActionAccessResolver implementation
// -------------------------------------------------------------------------
@Override
public boolean hasAccess(String module, String name) {
// ---------------------------------------------------------------------
// Get ObjectDefinitionSource
// ---------------------------------------------------------------------
Configuration config = Dispatcher.getInstance().getConfigurationManager().getConfiguration();
PackageConfig packageConfig = config.getPackageConfig(module);
if (packageConfig == null) {
throw new IllegalArgumentException("Module doesn't exist: '" + module + "'");
}
ActionConfig actionConfig = packageConfig.getActionConfigs().get(name);
if (actionConfig == null) {
throw new IllegalArgumentException("Module " + module + " doesn't have an action named: '" + name + "'");
}
SecurityMetadataSource securityMetadataSource = requiredAuthoritiesProvider.createSecurityMetadataSource(actionConfig);
// ---------------------------------------------------------------------
// Test access
// ---------------------------------------------------------------------
SecurityContext securityContext = SecurityContextHolder.getContext();
Authentication authentication = securityContext.getAuthentication();
try {
if (securityMetadataSource.getAttributes(actionConfig) != null) {
if (authentication == null || !authentication.isAuthenticated()) {
return false;
}
accessDecisionManager.decide(authentication, actionConfig, securityMetadataSource.getAttributes(actionConfig));
}
log.debug("Access to [" + module + ", " + name + "]: TRUE");
return true;
} catch (AccessDeniedException e) {
log.debug("Access to [" + module + ", " + name + "]: FALSE (access denied)");
return false;
} catch (InsufficientAuthenticationException e) {
log.debug("Access to [" + module + ", " + name + "]: FALSE (insufficient authentication)");
return false;
}
}
use of org.springframework.security.access.SecurityMetadataSource in project engine by craftercms.
the class ConfigAwareSecurityMetadataSource method getAttributes.
@Override
@SuppressWarnings("unchecked")
public Collection<ConfigAttribute> getAttributes(final Object object) throws IllegalArgumentException {
Callback<SecurityMetadataSource> callback = () -> {
HierarchicalConfiguration siteConfig = ConfigUtils.getCurrentConfig();
if (siteConfig != null) {
List<HierarchicalConfiguration> restrictionsConfig = siteConfig.configurationsAt(URL_RESTRICTION_KEY);
if (CollectionUtils.isNotEmpty(restrictionsConfig)) {
LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> map = new LinkedHashMap<>();
for (HierarchicalConfiguration restrictionConfig : restrictionsConfig) {
String url = restrictionConfig.getString(URL_RESTRICTION_URL_KEY);
String expression = restrictionConfig.getString(URL_RESTRICTION_EXPRESSION_KEY);
if (StringUtils.isNotEmpty(url) && StringUtils.isNotEmpty(expression)) {
AntPathRequestMatcher matcher = new AntPathRequestMatcher(url);
map.put(matcher, singleton(new SecurityConfig(expression)));
}
}
return new ExpressionBasedFilterInvocationSecurityMetadataSource(map, new DefaultWebSecurityExpressionHandler());
}
}
return new DefaultFilterInvocationSecurityMetadataSource(new LinkedHashMap<>());
};
SiteContext siteContext = SiteContext.getCurrent();
if (siteContext != null) {
SecurityMetadataSource metadataSource = cacheTemplate.getObject(siteContext.getContext(), callback, URL_RESTRICTIONS_CACHE_KEY);
return metadataSource.getAttributes(object);
}
return null;
}
Aggregations