Class SecurityHelper
java.lang.Object
de.businesscode.bcdui.subjectsettings.SecurityHelper
helper to evaluate shiro security on
Security settings-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionstatic voidcheckSecurity(Security security, String forOperationName) checks current security context of the user for given operation.static voidcheckSecurity(Security security, String forOperationName, boolean operationNameMandatory) checks current security context of the user for given operation.static Security.OperationfindOperation(Security security, String operationName) getPermissions(org.apache.shiro.subject.Subject subject, String permissionType) retrieve list of permissions for given type on the subject.protected static ObjectgetPrincipal(org.apache.shiro.subject.Subject subject) Helper to extract an object of our type PrimaryPrincipal from the Subject It may not exist, of there is no session or the principle is just a string for example, because BCD-UI login methods for bcd_sec_user and oAuth are not usedgetRoles(org.apache.shiro.subject.Subject subject) retrieve list of roles on the subject.static org.apache.shiro.session.Sessionstatic StringgetUserEmail(org.apache.shiro.subject.Subject subject) User email if given, null otherwise JdbcRealm will deliver null, OAuthRealm may read it from oAuthstatic StringgetUserId(org.apache.shiro.authc.AuthenticationInfo authInfo) Returns a primary principal by sense of shiro's primary principle.static StringgetUserId(org.apache.shiro.subject.Subject subject) Our internal user id JdbcRealm uses bcd_sec_user.user_id, OAuthRealm will also use that or can fall back to the login name Always available if we have a valid session, falls back is the login namestatic StringgetUserLogin(org.apache.shiro.subject.Subject subject) User login name Always available if we have a valid session JdbcRealm will deliver bcd_user_sec.user_login, oAuth will use it's login namestatic StringgetUserName(org.apache.shiro.subject.Subject subject) User full name if given, null otherwise JdbcRealm uses bcd_sec_user.name, OAuthRealm may also use that or read it from oAuthstatic booleanhasOperation(Security security, String operationName)
-
Constructor Details
-
SecurityHelper
public SecurityHelper()
-
-
Method Details
-
checkSecurity
public static void checkSecurity(Security security, String forOperationName) throws SecurityException checks current security context of the user for given operation. Security is retrieved via SecurityUtils provided by shiro. Please read specification in subjectsettings.xsd- Parameters:
security- to check againstforOperationName- for operation name (which must be defined in security)- Throws:
SecurityExceptionNoPermissionException
-
checkSecurity
public static void checkSecurity(Security security, String forOperationName, boolean operationNameMandatory) throws SecurityException checks current security context of the user for given operation. Security is retrieved via SecurityUtils provided by shiro. Please read specification in subjectsettings.xsd- Parameters:
security- to check againstforOperationName- for operation nameoperationNameMandatory- if true, and operation name is not found in security, a SecurityException is thrown, otherwise execution passes- Throws:
SecurityExceptionNoPermissionException
-
getSession
public static org.apache.shiro.session.Session getSession()- Returns:
- shiro's
Sessionor null if no exits, does not create a session if there is none
-
hasOperation
- Parameters:
security-operationName-- Returns:
- TRUE if operation definition for operationName is found in security
-
findOperation
- Parameters:
security-operationName-- Returns:
- Operation object for given operationName from Security or NULL if none found
-
getPrincipal
protected static Object getPrincipal(org.apache.shiro.subject.Subject subject) throws SecurityException Helper to extract an object of our type PrimaryPrincipal from the Subject It may not exist, of there is no session or the principle is just a string for example, because BCD-UI login methods for bcd_sec_user and oAuth are not used- Parameters:
subject-- Returns:
- null if no PrimaryPrincipal was found
- Throws:
SecurityException
-
getUserId
Our internal user id JdbcRealm uses bcd_sec_user.user_id, OAuthRealm will also use that or can fall back to the login name Always available if we have a valid session, falls back is the login name- Parameters:
subject-- Returns:
-
getUserLogin
User login name Always available if we have a valid session JdbcRealm will deliver bcd_user_sec.user_login, oAuth will use it's login name- Parameters:
subject-- Returns:
-
getUserName
User full name if given, null otherwise JdbcRealm uses bcd_sec_user.name, OAuthRealm may also use that or read it from oAuth- Parameters:
subject-- Returns:
-
getUserEmail
User email if given, null otherwise JdbcRealm will deliver null, OAuthRealm may read it from oAuth- Parameters:
subject-- Returns:
-
getUserId
Returns a primary principal by sense of shiro's primary principle. When usingJdbcRealmthis is the technical user id. If you use any other realm the value returned by this method would equal togetUserLogin(Subject)- Parameters:
authInfo-- Returns:
- user identifier or null if either no authInfo provided or no principals found or no primary principal found
-
getPermissions
public static Set<String> getPermissions(org.apache.shiro.subject.Subject subject, String permissionType) retrieve list of permissions for given type on the subject.- Parameters:
subject- the subject must be authenticatedpermissionType- to retrieve permissions for or NULL in order to retrieve full permission set, in such a case the permissions are returned as they are (with full permission domain)- Returns:
- empty/non-empty set of permissions
- Throws:
SecurityException- in case the subject is not authenticated
-
getRoles
retrieve list of roles on the subject.- Parameters:
subject- the subject must be authenticated- Returns:
- empty/non-empty set of permissions
- Throws:
SecurityException- in case the subject is not authenticated
-