1 package net.sourceforge.sannotations.security; 2 3 import java.util.Set; 4 5 import net.sourceforge.sannotations.annotation.Bean; 6 import net.sourceforge.sannotations.security.RoleValidator; 7 8 import org.springframework.beans.BeansException; 9 import org.springframework.context.ApplicationContext; 10 import org.springframework.context.ApplicationContextAware; 11 12 /*** 13 * {@link net.sourceforge.sannotations.security.RoleValidator} instance that looks for user roles in a string collection named "currentUserRoles", for this to work, this collection must be in the web session scope 14 * @author urubatan 15 * 16 */ 17 @Bean 18 public class CurrentUserRolesValidator implements RoleValidator, ApplicationContextAware 19 { 20 private ApplicationContext applicationContext; 21 22 private ThreadLocal<Set<String>> rolesHolder = new ThreadLocal<Set<String>>() 23 { 24 25 @SuppressWarnings("unchecked") 26 @Override 27 protected Set<String> initialValue() 28 { 29 return (Set<String>) applicationContext.getBean("currentUserRoles"); 30 } 31 32 }; 33 34 public boolean isUserInRole(String role) 35 { 36 try { 37 return rolesHolder.get().contains(role); 38 } catch (Throwable t) { 39 return false; 40 } 41 } 42 43 public void setApplicationContext(ApplicationContext applicationContext) throws BeansException 44 { 45 this.applicationContext = applicationContext; 46 } 47 48 }