/** * Perform access control based on the <code>HttpServletRequest</code>. * Return <code>true</code> if this constraint is satisfied and processing * should continue, or <code>false</code> otherwise. * @return true is the resource is granted, false if denied */ public boolean hasResourcePermission(HttpServletRequest httpsr){ SecurityContext sc = getSecurityContext(httpsr.getUserPrincipal()); WebResourcePermission perm = createWebResourcePermission(httpsr); setSecurityInfo(httpsr); boolean isGranted = checkPermission(perm,sc.getPrincipalSet()); SecurityContext.setCurrent(sc); if(logger.isLoggable(Level.FINE)){ logger.log(Level.FINE, "[Web-Security] hasResource isGranted: {0}", isGranted); logger.log(Level.FINE, "[Web-Security] hasResource perm: {0}", perm); } recordWebInvocation(httpsr, RESOURCE, isGranted); return isGranted; }
/** * Perform access control based on the <code>HttpServletRequest</code>. * Return <code>true</code> if this constraint is satisfied and processing * should continue, or <code>false</code> otherwise. * @return true is the resource is granted, false if denied */ public boolean hasResourcePermission(HttpServletRequest httpsr){ SecurityContext sc = getSecurityContext(httpsr.getUserPrincipal()); WebResourcePermission perm = createWebResourcePermission(httpsr); setSecurityInfo(httpsr); boolean isGranted = checkPermission(perm,sc.getPrincipalSet()); SecurityContext.setCurrent(sc); if(logger.isLoggable(Level.FINE)){ logger.log(Level.FINE, "[Web-Security] hasResource isGranted: {0}", isGranted); logger.log(Level.FINE, "[Web-Security] hasResource perm: {0}", perm); } AuditManager auditManager = SecurityServicesUtil.getInstance().getAuditManager(); if(auditManager !=null && auditManager.isAuditOn()){ Principal prin = httpsr.getUserPrincipal(); String user = (prin != null) ? prin.getName(): null; auditManager.webInvocation(user, httpsr, RESOURCE, isGranted); } return isGranted; }
setSecurityInfo(httpsr); WebUserDataPermission perm; boolean requestIsSecure = httpsr.isSecure();
setSecurityInfo(httpsr); WebUserDataPermission perm; boolean requestIsSecure = httpsr.isSecure();