1 | |
|
2 | |
|
3 | |
|
4 | |
|
5 | |
|
6 | |
|
7 | |
|
8 | |
|
9 | |
|
10 | |
|
11 | |
|
12 | |
|
13 | |
|
14 | |
|
15 | |
|
16 | |
|
17 | |
|
18 | |
|
19 | |
|
20 | |
|
21 | |
|
22 | |
|
23 | |
|
24 | |
|
25 | |
|
26 | |
|
27 | |
|
28 | |
|
29 | |
|
30 | |
|
31 | |
|
32 | |
package net.sourceforge.pebble.util; |
33 | |
|
34 | |
import net.sourceforge.pebble.Constants; |
35 | |
import net.sourceforge.pebble.PebbleContext; |
36 | |
import net.sourceforge.pebble.domain.Blog; |
37 | |
import net.sourceforge.pebble.security.PebbleUserDetails; |
38 | |
import net.sourceforge.pebble.security.SecurityRealm; |
39 | |
import net.sourceforge.pebble.security.SecurityRealmException; |
40 | |
import org.apache.commons.logging.Log; |
41 | |
import org.apache.commons.logging.LogFactory; |
42 | |
import org.springframework.security.authentication.TestingAuthenticationToken; |
43 | |
import org.springframework.security.authentication.encoding.Md5PasswordEncoder; |
44 | |
import org.springframework.security.authentication.encoding.PasswordEncoder; |
45 | |
import org.springframework.security.authentication.encoding.PlaintextPasswordEncoder; |
46 | |
import org.springframework.security.authentication.encoding.ShaPasswordEncoder; |
47 | |
import org.springframework.security.core.Authentication; |
48 | |
import org.springframework.security.core.GrantedAuthority; |
49 | |
import org.springframework.security.core.authority.GrantedAuthorityImpl; |
50 | |
import org.springframework.security.core.context.SecurityContext; |
51 | |
import org.springframework.security.core.context.SecurityContextHolder; |
52 | |
|
53 | |
import java.util.Collection; |
54 | |
|
55 | |
|
56 | |
|
57 | |
|
58 | |
|
59 | |
|
60 | 0 | public final class SecurityUtils { |
61 | |
|
62 | 4 | private static final Log log = LogFactory.getLog(SecurityUtils.class); |
63 | |
|
64 | |
public static String getUsername() { |
65 | 2072 | SecurityContext ctx = SecurityContextHolder.getContext(); |
66 | 2072 | Authentication auth = ctx.getAuthentication(); |
67 | 2072 | return getUsername(auth); |
68 | |
} |
69 | |
|
70 | |
public static String getUsername(Authentication auth) { |
71 | 2072 | if (auth != null) { |
72 | 492 | return auth.getName(); |
73 | |
} else { |
74 | 1580 | return null; |
75 | |
} |
76 | |
} |
77 | |
|
78 | |
public static PebbleUserDetails getUserDetails() { |
79 | |
try { |
80 | 20 | SecurityRealm realm = PebbleContext.getInstance().getConfiguration().getSecurityRealm(); |
81 | 20 | return realm.getUser(getUsername()); |
82 | 0 | } catch (SecurityRealmException e) { |
83 | 0 | log.error("Exception encountered", e); |
84 | 0 | return null; |
85 | |
} |
86 | |
} |
87 | |
|
88 | |
public static boolean isUserInRole(String role) { |
89 | 948 | SecurityContext ctx = SecurityContextHolder.getContext(); |
90 | 948 | Authentication auth = ctx.getAuthentication(); |
91 | 948 | return isUserInRole(auth, role); |
92 | |
} |
93 | |
|
94 | |
public static boolean isUserInRole(Authentication auth, String role) { |
95 | 948 | if (auth != null) { |
96 | 404 | Collection<GrantedAuthority> authorities = auth.getAuthorities(); |
97 | 404 | if (authorities != null) { |
98 | 404 | for (GrantedAuthority authority : authorities) { |
99 | 372 | if (authority.getAuthority().equals(role)) { |
100 | 288 | return true; |
101 | |
} |
102 | |
} |
103 | |
} |
104 | |
} |
105 | 660 | return false; |
106 | |
} |
107 | |
|
108 | |
|
109 | |
|
110 | |
|
111 | |
|
112 | |
|
113 | |
public static boolean isBlogAdmin() { |
114 | 0 | return isUserInRole(Constants.BLOG_ADMIN_ROLE); |
115 | |
} |
116 | |
|
117 | |
|
118 | |
|
119 | |
|
120 | |
|
121 | |
|
122 | |
public static boolean isBlogOwner() { |
123 | 220 | return isUserInRole(Constants.BLOG_OWNER_ROLE); |
124 | |
} |
125 | |
|
126 | |
|
127 | |
|
128 | |
|
129 | |
|
130 | |
|
131 | |
public static boolean isBlogPublisher() { |
132 | 240 | return isUserInRole(Constants.BLOG_PUBLISHER_ROLE); |
133 | |
} |
134 | |
|
135 | |
|
136 | |
|
137 | |
|
138 | |
|
139 | |
|
140 | |
public static boolean isBlogContributor() { |
141 | 488 | return isUserInRole(Constants.BLOG_CONTRIBUTOR_ROLE); |
142 | |
} |
143 | |
|
144 | |
|
145 | |
|
146 | |
|
147 | |
|
148 | |
|
149 | |
public static boolean isBlogAdmin(Authentication auth) { |
150 | 0 | return isUserInRole(auth, Constants.BLOG_ADMIN_ROLE); |
151 | |
} |
152 | |
|
153 | |
|
154 | |
|
155 | |
|
156 | |
|
157 | |
|
158 | |
public static boolean isBlogOwner(Authentication auth) { |
159 | 0 | return isUserInRole(auth, Constants.BLOG_OWNER_ROLE); |
160 | |
} |
161 | |
|
162 | |
|
163 | |
|
164 | |
|
165 | |
|
166 | |
|
167 | |
public static boolean isBlogPublisher(Authentication auth) { |
168 | 0 | return isUserInRole(auth, Constants.BLOG_PUBLISHER_ROLE); |
169 | |
} |
170 | |
|
171 | |
|
172 | |
|
173 | |
|
174 | |
|
175 | |
|
176 | |
public static boolean isBlogContributor(Authentication auth) { |
177 | 0 | return isUserInRole(auth, Constants.BLOG_CONTRIBUTOR_ROLE); |
178 | |
} |
179 | |
|
180 | |
public static void runAsBlogOwner() { |
181 | 4 | Authentication auth = new TestingAuthenticationToken("username", "password", new GrantedAuthority[] {new GrantedAuthorityImpl(Constants.BLOG_OWNER_ROLE)}); |
182 | 4 | SecurityContextHolder.getContext().setAuthentication(auth); |
183 | 4 | } |
184 | |
|
185 | |
public static void runAsBlogPublisher() { |
186 | 4 | Authentication auth = new TestingAuthenticationToken("username", "password", new GrantedAuthority[] {new GrantedAuthorityImpl(Constants.BLOG_PUBLISHER_ROLE)}); |
187 | 4 | SecurityContextHolder.getContext().setAuthentication(auth); |
188 | 4 | } |
189 | |
|
190 | |
public static void runAsBlogContributor() { |
191 | 60 | Authentication auth = new TestingAuthenticationToken("username", "password", new GrantedAuthority[] {new GrantedAuthorityImpl(Constants.BLOG_CONTRIBUTOR_ROLE)}); |
192 | 60 | SecurityContextHolder.getContext().setAuthentication(auth); |
193 | 60 | } |
194 | |
|
195 | |
public static void runAsAnonymous() { |
196 | 16 | Authentication auth = new TestingAuthenticationToken("username", "password", new GrantedAuthority[] {}); |
197 | 16 | SecurityContextHolder.getContext().setAuthentication(auth); |
198 | 16 | } |
199 | |
|
200 | |
public static void runAsUnauthenticated() { |
201 | 4 | SecurityContextHolder.getContext().setAuthentication(null); |
202 | 4 | } |
203 | |
|
204 | |
public static boolean isUserAuthorisedForBlogAsBlogOwner(Blog blog) { |
205 | 212 | String currentUser = SecurityUtils.getUsername(); |
206 | 212 | return isBlogOwner() && blog.isUserInRole(Constants.BLOG_OWNER_ROLE, currentUser); |
207 | |
} |
208 | |
|
209 | |
public static boolean isUserAuthorisedForBlogAsBlogPublisher(Blog blog) { |
210 | 212 | String currentUser = SecurityUtils.getUsername(); |
211 | 212 | return isBlogPublisher() && blog.isUserInRole(Constants.BLOG_PUBLISHER_ROLE, currentUser); |
212 | |
} |
213 | |
|
214 | |
public static boolean isUserAuthorisedForBlogAsBlogContributor(Blog blog) { |
215 | 488 | String currentUser = SecurityUtils.getUsername(); |
216 | 488 | return isBlogContributor() && blog.isUserInRole(Constants.BLOG_CONTRIBUTOR_ROLE, currentUser); |
217 | |
} |
218 | |
|
219 | |
public static boolean isUserAuthorisedForBlogAsBlogOwner(Authentication auth, Blog blog) { |
220 | 0 | String currentUser = SecurityUtils.getUsername(auth); |
221 | 0 | return isBlogOwner(auth) && blog.isUserInRole(Constants.BLOG_OWNER_ROLE, currentUser); |
222 | |
} |
223 | |
|
224 | |
public static boolean isUserAuthorisedForBlogAsBlogPublisher(Authentication auth, Blog blog) { |
225 | 0 | String currentUser = SecurityUtils.getUsername(auth); |
226 | 0 | return isBlogPublisher(auth) && blog.isUserInRole(Constants.BLOG_PUBLISHER_ROLE, currentUser); |
227 | |
} |
228 | |
|
229 | |
public static boolean isUserAuthorisedForBlogAsBlogContributor(Authentication auth, Blog blog) { |
230 | 0 | String currentUser = SecurityUtils.getUsername(auth); |
231 | 0 | return isBlogContributor(auth) && blog.isUserInRole(Constants.BLOG_CONTRIBUTOR_ROLE, currentUser); |
232 | |
} |
233 | |
|
234 | |
public static boolean isUserAuthorisedForBlogAsBlogReader(Authentication auth, Blog blog) { |
235 | 0 | String currentUser = SecurityUtils.getUsername(auth); |
236 | 0 | return blog.isUserInRole(Constants.BLOG_READER_ROLE, currentUser); |
237 | |
} |
238 | |
|
239 | |
public static boolean isUserAuthorisedForBlog(Blog blog) { |
240 | 212 | return isUserAuthorisedForBlogAsBlogOwner(blog) || |
241 | |
isUserAuthorisedForBlogAsBlogPublisher(blog) || |
242 | |
isUserAuthorisedForBlogAsBlogContributor(blog); |
243 | |
} |
244 | |
|
245 | |
public static boolean isUserAuthorisedForBlog(Authentication auth, Blog blog) { |
246 | 0 | return isUserAuthorisedForBlogAsBlogOwner(auth, blog) || |
247 | |
isUserAuthorisedForBlogAsBlogPublisher(auth, blog) || |
248 | |
isUserAuthorisedForBlogAsBlogContributor(auth, blog); |
249 | |
} |
250 | |
|
251 | |
public static boolean isUserAuthenticated() { |
252 | 24 | SecurityContext ctx = SecurityContextHolder.getContext(); |
253 | 24 | return ctx.getAuthentication() != null; |
254 | |
} |
255 | |
|
256 | |
public static void main(String[] args) { |
257 | 0 | if (args.length != 3) { |
258 | 0 | System.out.println("Usage : [md5|sha|plaintext] username password"); |
259 | 0 | } else if (args[0].equals("md5")) { |
260 | 0 | PasswordEncoder encoder = new Md5PasswordEncoder(); |
261 | 0 | System.out.println(encoder.encodePassword(args[2], args[1])); |
262 | 0 | } else if (args[0].equals("sha")) { |
263 | 0 | PasswordEncoder encoder = new ShaPasswordEncoder(); |
264 | 0 | System.out.println(encoder.encodePassword(args[2], args[1])); |
265 | 0 | } else if (args[0].equals("plaintext")) { |
266 | 0 | PasswordEncoder encoder = new PlaintextPasswordEncoder(); |
267 | 0 | System.out.println(encoder.encodePassword(args[2], args[1])); |
268 | 0 | } else { |
269 | 0 | System.out.println("Algorithm must be md5, sha or plaintext"); |
270 | |
} |
271 | 0 | } |
272 | |
|
273 | |
} |