Package org.craftercms.engine.util

Class SecurityUtils

java.lang.Object

org.craftercms.engine.util.SecurityUtils

public class SecurityUtils
extends Object

Utility class for security related operations.

Field Summary

Fields

Modifier and Type	Field	Description
static final String	ANONYMOUS_PSEUDO_ROLE
static final List<String>	ANONYMOUS_PSEUDO_ROLES_SEARCH_VALUES
static final String	AUTHENTICATED_PSEUDO_ROLE
static final List<String>	AUTHENTICATED_PSEUDO_ROLES_SEARCH_VALUES
static final String	KEYWORD_SUFFIX
static final String	ROLE_PREFIX

Method Summary

Modifier and Type	Method	Description
static void	checkAccess(Collection<String> authorizedRoles, String url)	Validates that the user has access to a content protected by the specified roles.
protected static boolean	containsRole(String role, Collection<String> roles)
static List<String>	getAuthorizedRolesMatchValue(Collection<? extends org.springframework.security.core.GrantedAuthority> authorities)	Returns a list of values to be used for authorized roles matching.
static String	getRoleFieldNameWithKeyword(String roleFieldName)	Returns the role field name ensuring it ends with ".keyword"
protected static boolean	hasAnyRole(org.springframework.security.core.Authentication auth, Collection<String> roles)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

ANONYMOUS_PSEUDO_ROLE

public static final String ANONYMOUS_PSEUDO_ROLE

See Also:

• Constant Field Values

ROLE_PREFIX

public static final String ROLE_PREFIX

See Also:

• Constant Field Values

AUTHENTICATED_PSEUDO_ROLE

public static final String AUTHENTICATED_PSEUDO_ROLE

See Also:

• Constant Field Values

AUTHENTICATED_PSEUDO_ROLES_SEARCH_VALUES

public static final List<String> AUTHENTICATED_PSEUDO_ROLES_SEARCH_VALUES

ANONYMOUS_PSEUDO_ROLES_SEARCH_VALUES

public static final List<String> ANONYMOUS_PSEUDO_ROLES_SEARCH_VALUES

KEYWORD_SUFFIX

public static final String KEYWORD_SUFFIX

See Also:

• Constant Field Values

Method Details

getAuthorizedRolesMatchValue

public static List<String> getAuthorizedRolesMatchValue(@NonNull
 Collection<? extends org.springframework.security.core.GrantedAuthority> authorities)

Returns a list of values to be used for authorized roles matching.
For each role, this method will include the role itself and the role with the ROLE_ prefix.

Parameters:

authorities - the user authorities/roles

Returns:

a list of authorized roles for matching

getRoleFieldNameWithKeyword

public static String getRoleFieldNameWithKeyword(String roleFieldName)

Returns the role field name ensuring it ends with ".keyword"

Returns:

the role field name with ".keyword" suffix for search exact matching

checkAccess

public static void checkAccess(Collection<String> authorizedRoles,
 String url)
                        throws org.springframework.security.access.AccessDeniedException,
org.springframework.security.core.AuthenticationException

Validates that the user has access to a content protected by the specified roles. This method will throw an AccessDeniedException if the user doesn't have access. Access is granted if:

• authorizedRoles is empty
• authorizedRoles contains 'anonymous' pseudo-role
• authorizedRoles contains 'authenticated' pseudo-role and authentication is not anonymous
• authorizedRoles contains any of the user roles/authorities

Throws:

org.springframework.security.access.AccessDeniedException

org.springframework.security.core.AuthenticationException

containsRole

protected static boolean containsRole(String role,
 Collection<String> roles)

hasAnyRole

protected static boolean hasAnyRole(org.springframework.security.core.Authentication auth,
 Collection<String> roles)