package de.test.cas;
import java.io.Serializable;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
import javax.persistence.EntityManager;
import org.apache.log4j.Logger;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
/*
*
* Assign all authenticated users ROLE_AUTHENTICATED
*
*/
public class MyUserDetails implements Serializable, UserDetails {
private static final long serialVersionUID = 1L;
private final String username;
private final Set<Long> permissionsForUsers;
static final Logger logger = Logger.getLogger(MyUserDetails.class);
private final Collection<GrantedAuthority> authorities;
public MyUserDetails(Collection<GrantedAuthority> authorities, String username, Set<Long> permissionsForUsers) {
this.username=username;
this.authorities = authorities;
this.permissionsForUsers = permissionsForUsers;
}
@Override
public String toString() {
return this.username;
}
public Set<Long> getPermissionsForUsers() {
return permissionsForUsers;
}
@Override
public Collection<GrantedAuthority> getAuthorities() {
return authorities;
}
@Override
public String getPassword() {
return null;
}
@Override
public String getUsername() {
return username;
}
@Override
public boolean isAccountNonExpired() {
return true;
}
@Override
public boolean isAccountNonLocked() {
return true;
}
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return true;
}
}
Beispiel Klasse: /src/java/cas/MyUserService.java
package de.test.cas;
import java.math.BigDecimal;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.persistence.EntityManager;
import javax.persistence.NoResultException;
import javax.persistence.PersistenceContext;
import javax.persistence.Query;
import javax.persistence.criteria.CriteriaBuilder;
import javax.persistence.criteria.CriteriaQuery;
import javax.persistence.criteria.Root;
import org.apache.log4j.Logger;
import org.springframework.dao.DataAccessException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import de.test.db.domain.Assistant;
import de.test.db.domain.Transformable;
import de.test.db.domain.User;
public class MyUserService implements UserDetailsService {
private List<String> predefinedAdminAccounts = null;
static final Logger logger = Logger.getLogger(UserDetailsService.class);
private EntityManager entityManager = null;
public EntityManager getEntityManager() {
return entityManager;
}
@PersistenceContext
public void setEntityManager(EntityManager entityManager) {
this.entityManager = entityManager;
}
public List<String> getPredefinedAdminAccounts() {
return predefinedAdminAccounts;
}
public void setPredefinedAdminAccounts(List<String> predefinedAdminAccounts) {
this.predefinedAdminAccounts = predefinedAdminAccounts;
}
@Override
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException, DataAccessException, NoResultException {
logger.info("!!! loadUserByUsername !!!");
Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
Set<Long> permissionsForUsers = new HashSet<Long>();
if(predefinedAdminAccounts.contains(username)) {
authorities.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
} else {
CriteriaBuilder cb = entityManager.getCriteriaBuilder();
CriteriaQuery<User> uq = cb.createQuery(User.class);
Root<User> ur = uq.from(User.class);
uq.select(ur).where(cb.equal(ur.get("accountName"), username));
List<User> uresult = entityManager.createQuery(uq).getResultList();
User user = null;
if(!uresult.isEmpty()) {
user = uresult.get(0);
}
if(user != null) {
permissionsForUsers.add(user.getId());
logger.info(user.getAccountName() + " " + user.getId());
authorities.add(new SimpleGrantedAuthority("ROLE_USER"));
}
CriteriaQuery<Assistant> aq = cb.createQuery(Assistant.class);
Root<Assistant> ar = aq.from(Assistant.class);
aq.select(ar).where(cb.equal(ar.get("accountName"), username));
List<Assistant> aresult = entityManager.createQuery(aq).getResultList();
Assistant assistant = null;
if(!aresult.isEmpty()) {
assistant = aresult.get(0);
}
if(assistant != null) {
authorities.add(new SimpleGrantedAuthority("ROLE_ASSISTANT"));
Query queryForPrincipals = getEntityManager().createNativeQuery("select userId from USERS_ASSISTANTS where assistantId=:assistantId");
queryForPrincipals.setParameter("assistantId", assistant.getId());
List<BigDecimal> ids = queryForPrincipals.getResultList();
for(BigDecimal b : ids)
permissionsForUsers.add(b.longValue());
}
}
return new MyUserDetails(authorities, username, permissionsForUsers);
}
private <T extends Transformable<Long>> T getPrincipal(Class<T> c, String username) {
CriteriaBuilder cb = entityManager.getCriteriaBuilder();
CriteriaQuery<T> cq = cb.createQuery(c);
Root<T> r = cq.from(c);
cq.select(r).where(cb.equal(r.get("accountName"), username));
List<T> result = entityManager.createQuery(cq).getResultList();
if(!result.isEmpty()) {
return result.get(0);
}
else
return null;
}
}
Keine Kommentare:
Kommentar veröffentlichen