Package org.trustdeck.service
Class AuthorizationService
java.lang.Object
org.trustdeck.service.AuthorizationService
This class encapsulates utility functionalities to check roles and relationships within a given OIDC token.
- Author:
- Eric Wündisch and Armin Müller
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionbooleancurrentRequestHasRole(String role) Checks if the request has the role given from within the security context object.booleancurrentRequestHasRoles(String... roles) Method that checks if a token contains the given role names.Retrieves the list of group paths assigned to the current user from the cache.Returns the roles assigned to the OIDC token as a set of strings when no authentication object is provided by the user.getRolesFromAuthentication(org.springframework.security.core.Authentication authentication) Returns the roles assigned to the OIDC token as a set of strings.booleanhasDomainRoleRelationship(String domain, String role) Method that checks whether the user has the specified domain and role as a role in the OIDC token and a relationship between them when no method-level security control context object is given by the user.booleanhasDomainRoleRelationship(org.springframework.security.access.expression.method.MethodSecurityExpressionOperations root, String domain, String role) Method that checks whether the user has the specified domain and role as a role in the OIDC token and a relationship between them.booleanhasProjectRoleRelationship(String projectAbbreviation, String role) Method that checks whether the user has the specified project and role as a role in the OIDC token and a relationship between them when no method-level security control context object is given by the user.booleanhasProjectRoleRelationship(org.springframework.security.access.expression.method.MethodSecurityExpressionOperations root, String projectAbbreviation, String role) Method that checks whether the user has the specified project and role as a role in the OIDC token and a relationship between them.
-
Constructor Details
-
AuthorizationService
public AuthorizationService()
-
-
Method Details
-
getRolesFromAuthentication
Returns the roles assigned to the OIDC token as a set of strings when no authentication object is provided by the user.- Returns:
- the roles as a set of strings
-
getRolesFromAuthentication
public static Set<String> getRolesFromAuthentication(org.springframework.security.core.Authentication authentication) Returns the roles assigned to the OIDC token as a set of strings.- Parameters:
authentication- the Authentication object- Returns:
- the roles as a set of strings
-
getCachedGroupPaths
Retrieves the list of group paths assigned to the current user from the cache.- Returns:
- a list of group paths associated with the current user, or an empty list if the authentication is not available or the user is not authenticated.
-
currentRequestHasRoles
Method that checks if a token contains the given role names. Note: Currently unused. Nonetheless, do not remove.- Parameters:
roles- the role names that should be searched for- Returns:
trueonly if all given roles are contained in the token,falseif at least one role is missing
-
currentRequestHasRole
Checks if the request has the role given from within the security context object.- Parameters:
role- the role as a string- Returns:
trueif the role is present,falseif not
-
hasDomainRoleRelationship
public boolean hasDomainRoleRelationship(org.springframework.security.access.expression.method.MethodSecurityExpressionOperations root, String domain, String role) Method that checks whether the user has the specified domain and role as a role in the OIDC token and a relationship between them. For security reasons, this method is only used for new requests and always contains the token of the new request.- Parameters:
root- method-level security control context object that includes information about the authenticated userdomain- the domain name as a stringrole- the role as a string- Returns:
trueonly if the given role and domain have a relationship,falseif not
-
hasDomainRoleRelationship
Method that checks whether the user has the specified domain and role as a role in the OIDC token and a relationship between them when no method-level security control context object is given by the user.- Parameters:
domain- the domain name as a stringrole- the role as a string- Returns:
trueonly if given role and domain have a relationship,falseif not
-
hasProjectRoleRelationship
public boolean hasProjectRoleRelationship(org.springframework.security.access.expression.method.MethodSecurityExpressionOperations root, String projectAbbreviation, String role) Method that checks whether the user has the specified project and role as a role in the OIDC token and a relationship between them. For security reasons, this method is only used for new requests and always contains the token of the new request.- Parameters:
root- method-level security control context object that includes information about the authenticated userprojectAbbreviation- the project abbreviation as a stringrole- the role as a string- Returns:
trueonly if the given role and project have a relationship,falseif not
-
hasProjectRoleRelationship
Method that checks whether the user has the specified project and role as a role in the OIDC token and a relationship between them when no method-level security control context object is given by the user.- Parameters:
projectAbbreviation- the project abbreviation as a stringrole- the role as a string- Returns:
trueonly if given role and project have a relationship,falseif not
-