1 package net.sourceforge.sannotations.security;
2
3 import java.util.Set;
4
5 import net.sourceforge.sannotations.annotation.Bean;
6 import net.sourceforge.sannotations.security.RoleValidator;
7
8 import org.springframework.beans.BeansException;
9 import org.springframework.context.ApplicationContext;
10 import org.springframework.context.ApplicationContextAware;
11
12 /***
13 * {@link net.sourceforge.sannotations.security.RoleValidator} instance that looks for user roles in a string collection named "currentUserRoles", for this to work, this collection must be in the web session scope
14 * @author urubatan
15 *
16 */
17 @Bean
18 public class CurrentUserRolesValidator implements RoleValidator, ApplicationContextAware
19 {
20 private ApplicationContext applicationContext;
21
22 private ThreadLocal<Set<String>> rolesHolder = new ThreadLocal<Set<String>>()
23 {
24
25 @SuppressWarnings("unchecked")
26 @Override
27 protected Set<String> initialValue()
28 {
29 return (Set<String>) applicationContext.getBean("currentUserRoles");
30 }
31
32 };
33
34 public boolean isUserInRole(String role)
35 {
36 try {
37 return rolesHolder.get().contains(role);
38 } catch (Throwable t) {
39 return false;
40 }
41 }
42
43 public void setApplicationContext(ApplicationContext applicationContext) throws BeansException
44 {
45 this.applicationContext = applicationContext;
46 }
47
48 }