001/* 002 * Licensed to the Apache Software Foundation (ASF) under one or more contributor license 003 * agreements. See the NOTICE file distributed with this work for additional information regarding 004 * copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 005 * (the "License"); you may not use this file except in compliance with the License. You may obtain 006 * a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software distributed under the License 011 * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express 012 * or implied. See the License for the specific language governing permissions and limitations 013 * under the License. 014 */ 015package org.tynamo.security.services.impl; 016 017import java.util.concurrent.Callable; 018 019import org.apache.shiro.SecurityUtils; 020import org.apache.shiro.subject.Subject; 021import org.apache.shiro.util.ThreadContext; 022import org.tynamo.security.services.SecurityService; 023 024 025/** 026 * DOCUMENT ME! 027 * 028 * @see SecurityService 029 */ 030public class SecurityServiceImpl implements SecurityService 031{ 032 /** 033 * Delimeter that separates role names in tag attribute 034 */ 035 @SuppressWarnings("unused") 036 private static final String ROLE_NAMES_DELIMETER = ","; 037 038 /** 039 * Delimiter used for permissions, i.e. a | 040 */ 041 private static final String PERMISSIONS_DELIMETER = "\\|"; 042 043 /** 044 * Delimited used for roles that allows , or | 045 */ 046 private static final String PERMISSIONS_OR_ROLES_DELIMETER = "(,|\\|)"; 047 048// public SecurityServiceImpl(@Autobuild TapestryRealmSecurityManager securityManager) { 049// this.securityManager = securityManager; 050// } 051 052 053 @Override 054 public Subject getSubject() 055 { 056 return SecurityUtils.getSubject(); 057 } 058 059 @Override 060 public boolean isAuthenticated() 061 { 062 Subject subject = getSubject(); 063 064 return (subject != null) && subject.isAuthenticated(); 065 } 066 067 @Override 068 public boolean isNotAuthenticated() 069 { 070 Subject subject = getSubject(); 071 072 return (subject == null) || !subject.isAuthenticated(); 073 } 074 075 @Override 076 public boolean isUser() 077 { 078 Subject subject = getSubject(); 079 080 return (subject != null) && (subject.getPrincipal() != null); 081 } 082 083 @Override 084 public boolean isGuest() 085 { 086 Subject subject = getSubject(); 087 088 return (subject == null) || (subject.getPrincipal() == null); 089 } 090 091 @Override 092 public boolean hasAnyRoles(String roles) 093 { 094 boolean hasAnyRole = false; 095 096 Subject subject = getSubject(); 097 098 if (subject != null) 099 { 100 101 // Iterate through roles and check to see if the user has one of the roles 102 for (String role : roles.split(PERMISSIONS_OR_ROLES_DELIMETER)) 103 { 104 105 if (subject.hasRole(role.trim())) 106 { 107 hasAnyRole = true; 108 109 break; 110 } 111 } 112 } 113 114 return hasAnyRole; 115 } 116 117 @Override 118 public boolean hasAllRoles(String roles) 119 { 120 boolean hasAllRole = false; // no subject is false 121 122 Subject subject = getSubject(); 123 124 if (subject != null) 125 { 126 127 hasAllRole = true; // but no roles is true 128 129 // Iterate through roles and check to see if the user has one of the roles 130 for (String role : roles.split(PERMISSIONS_OR_ROLES_DELIMETER)) 131 { 132 133 if (!subject.hasRole(role.trim())) 134 { 135 hasAllRole = false; 136 137 break; 138 } 139 } 140 } 141 142 return hasAllRole; 143 } 144 145 @Override 146 public boolean hasAllPermissions(String permissions) 147 { 148 boolean hasAllPermissions = false; // no subject is false 149 150 Subject subject = getSubject(); 151 152 if (subject != null) 153 { 154 155 return subject.isPermittedAll(permissions.split(PERMISSIONS_DELIMETER)); 156 } 157 158 return hasAllPermissions; 159 } 160 161 @Override 162 public boolean hasAnyPermissions(String permissions) 163 { 164 boolean hasAnyPermissions = false; 165 166 Subject subject = getSubject(); 167 168 if (subject != null) 169 { 170 171 // Iterate through roles and check to see if the user has one of the roles 172 for (String role : permissions.split(PERMISSIONS_DELIMETER)) 173 { 174 175 if (subject.isPermitted(role.trim())) 176 { 177 hasAnyPermissions = true; 178 179 break; 180 } 181 } 182 } 183 184 return hasAnyPermissions; 185 } 186 187 188 @Override 189 public boolean hasPermission(String permission) 190 { 191 Subject subject = getSubject(); 192 193 return (subject != null) && subject.isPermitted(permission); 194 } 195 196 @Override 197 public boolean hasRole(String role) 198 { 199 Subject subject = getSubject(); 200 201 return (subject != null) && subject.hasRole(role); 202 } 203 204 @Override 205 public boolean isLacksPermission(String permission) 206 { 207 return !hasPermission(permission); 208 } 209 210 @Override 211 public boolean isLacksRole(String role) 212 { 213 return !hasRole(role); 214 } 215 216 @Override 217 public <T> T invokeWithSecurityDisabled(Callable<T> callable) throws Exception { 218 org.apache.shiro.mgt.SecurityManager securityManager = ThreadContext.getSecurityManager(); 219 ThreadContext.unbindSecurityManager(); 220 try { 221 return callable.call(); 222 } 223 finally { 224 if (securityManager == null) ThreadContext.bind(securityManager); 225 } 226 } 227}