View Javadoc

1   package net.sourceforge.sannotations.security;
2   
3   import java.util.Set;
4   
5   import net.sourceforge.sannotations.annotation.Bean;
6   import net.sourceforge.sannotations.security.RoleValidator;
7   
8   import org.springframework.beans.BeansException;
9   import org.springframework.context.ApplicationContext;
10  import org.springframework.context.ApplicationContextAware;
11  
12  /***
13   * {@link net.sourceforge.sannotations.security.RoleValidator} instance that looks for user roles in a string collection named "currentUserRoles", for this to work, this collection must be in the web session scope
14   * @author urubatan
15   *
16   */
17  @Bean
18  public class CurrentUserRolesValidator implements RoleValidator, ApplicationContextAware
19  {
20  	private ApplicationContext applicationContext;
21  
22  	private ThreadLocal<Set<String>> rolesHolder = new ThreadLocal<Set<String>>()
23  	{
24  
25  		@SuppressWarnings("unchecked")
26  		@Override
27  		protected Set<String> initialValue()
28  		{
29  			return (Set<String>) applicationContext.getBean("currentUserRoles");
30  		}
31  
32  	};
33  
34  	public boolean isUserInRole(String role)
35  	{
36  		try {
37  			return rolesHolder.get().contains(role);
38  		} catch (Throwable t) {
39  			return false;
40  		}
41  	}
42  
43  	public void setApplicationContext(ApplicationContext applicationContext) throws BeansException
44  	{
45  		this.applicationContext = applicationContext;
46  	}
47  
48  }