1
|
package eu.etaxonomy.cdm.persistence.permission;
|
2
|
|
3
|
import java.util.UUID;
|
4
|
|
5
|
import org.springframework.security.access.vote.RoleVoter;
|
6
|
import org.springframework.security.core.GrantedAuthority;
|
7
|
import org.springframework.util.Assert;
|
8
|
|
9
|
import eu.etaxonomy.cdm.model.permission.GrantedAuthorityImpl;
|
10
|
import eu.etaxonomy.cdm.persistence.dao.permission.IGrantedAuthorityDao;
|
11
|
|
12
|
/**
|
13
|
* The role prefix 'ROLE_' is defined in the spring security
|
14
|
* <code>RoleVoter</code>
|
15
|
*
|
16
|
* @author a.kohlbecker
|
17
|
* @since Oct 5, 2012
|
18
|
*/
|
19
|
public class Role implements GrantedAuthority, IGrantedAuthorityConverter {
|
20
|
|
21
|
private static final long serialVersionUID = -2244354513663448504L;
|
22
|
|
23
|
/**
|
24
|
* The role prefix 'ROLE_' is defined in the spring security
|
25
|
* {@link RoleVoter}
|
26
|
*/
|
27
|
private static final String ROLE_PREFIX = "ROLE_";
|
28
|
|
29
|
private static final UUID uuidAdmin = UUID.fromString("56eac992-67ba-40be-896c-4e992ca2afc0");
|
30
|
private static final UUID uuidProjectManager = UUID.fromString("6d0c72a5-0d8a-4f2e-a8e0-31d7e0338f00");
|
31
|
private static final UUID uuidUserManager = UUID.fromString("74d340a9-b472-4b97-b52a-c140e27a5c76");
|
32
|
private static final UUID uuidPublish = UUID.fromString("9ffa7879-cc67-4592-a14a-b251cccde1a7");
|
33
|
private static final UUID uuidRemoting = UUID.fromString("be004bf6-0498-48e3-9f06-ff93fc9cdc9a");
|
34
|
|
35
|
public final static Role ROLE_ADMIN = new Role(uuidAdmin, "ROLE_ADMIN");
|
36
|
public final static Role ROLE_PROJECT_MANAGER = new Role(uuidProjectManager, "ROLE_PROJECT_MANAGER");
|
37
|
public final static Role ROLE_USER_MANAGER = new Role(uuidUserManager, "ROLE_USER_MANAGER");
|
38
|
public final static Role ROLE_PUBLISH = new Role(uuidPublish, "ROLE_PUBLISH");
|
39
|
public final static Role ROLE_REMOTING = new Role(uuidRemoting, "ROLE_REMOTING");
|
40
|
|
41
|
private final UUID uuid;
|
42
|
private final String authority;
|
43
|
|
44
|
public Role(UUID uuid, String authority) {
|
45
|
this.uuid = uuid;
|
46
|
this.authority = authority;
|
47
|
}
|
48
|
|
49
|
/**
|
50
|
* <b>WARNING:</b> This method must only be used when there is nothing in
|
51
|
* hibernate to be flushed to the database. Otherwise you risk of getting
|
52
|
* into an endless loop. Alternatively you can use
|
53
|
* {@link #asNewGrantedAuthority()}
|
54
|
*
|
55
|
*
|
56
|
* @return either an instance which already is persited to the database or a
|
57
|
* fresh not persisted instance of {@link GrantedAuthorityImpl} for
|
58
|
* the Role.
|
59
|
*/
|
60
|
public GrantedAuthorityImpl asGrantedAuthority(IGrantedAuthorityDao grantedAuthorityDao) {
|
61
|
GrantedAuthorityImpl grantedAuthority = grantedAuthorityDao.findByUuid(uuid);
|
62
|
if (grantedAuthority == null) {
|
63
|
grantedAuthority = asNewGrantedAuthority();
|
64
|
} else {
|
65
|
Assert.isTrue(authority.equals(grantedAuthority.getAuthority()), "the persisted Authority with uuid " + uuid + " is not '" + authority + "'" );
|
66
|
}
|
67
|
return grantedAuthority;
|
68
|
}
|
69
|
|
70
|
/**
|
71
|
* @return a fresh <b>not persisted instance</b> of {@link GrantedAuthorityImpl}
|
72
|
* for the Role.
|
73
|
*/
|
74
|
@Override
|
75
|
public GrantedAuthorityImpl asNewGrantedAuthority() {
|
76
|
GrantedAuthorityImpl grantedAuthority;
|
77
|
grantedAuthority = GrantedAuthorityImpl.NewInstance(null);
|
78
|
grantedAuthority.setUuid(uuid);
|
79
|
grantedAuthority.setAuthority(authority);
|
80
|
return grantedAuthority;
|
81
|
}
|
82
|
|
83
|
public static Role fromGrantedAuthority(GrantedAuthorityImpl grantedAuthority){
|
84
|
String authorityString = grantedAuthority.getAuthority();
|
85
|
Assert.isTrue(authorityString.matches("^" + ROLE_PREFIX +"\\w*$"), "invalid role prefix of authority " + authorityString + "[" + grantedAuthority.getUuid() + "]");
|
86
|
return new Role(grantedAuthority.getUuid(), authorityString);
|
87
|
}
|
88
|
|
89
|
public static Role fromString(String authorityString){
|
90
|
Assert.isTrue(authorityString.matches("^" + ROLE_PREFIX +"\\w*$"), "invalid role prefix of authority " + authorityString);
|
91
|
Role role = null;
|
92
|
if(authorityString.equals(ROLE_ADMIN.authority)){
|
93
|
return ROLE_ADMIN;
|
94
|
} else
|
95
|
if(authorityString.equals(ROLE_PROJECT_MANAGER.authority)){
|
96
|
return ROLE_PROJECT_MANAGER;
|
97
|
} else
|
98
|
if(authorityString.equals(ROLE_PUBLISH.authority)){
|
99
|
return ROLE_PUBLISH;
|
100
|
} else
|
101
|
if(authorityString.equals(ROLE_USER_MANAGER.authority)){
|
102
|
return ROLE_USER_MANAGER;
|
103
|
}
|
104
|
Assert.notNull(role, "The given auhtority #" + authorityString + "' does not match any known role");
|
105
|
return role;
|
106
|
}
|
107
|
|
108
|
public UUID getUuid() {
|
109
|
return uuid;
|
110
|
}
|
111
|
|
112
|
@Override
|
113
|
public String getAuthority() {
|
114
|
return authority;
|
115
|
}
|
116
|
|
117
|
@Override
|
118
|
public String toString(){
|
119
|
return getAuthority();
|
120
|
}
|
121
|
}
|