AssertAuthority.java

package org.flasby.security;

import java.util.Collection;
import java.util.HashSet;
import java.util.Set;

import org.flasby.entity.Authority;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;

import lombok.extern.log4j.Log4j2;

@Log4j2
public final class AssertAuthority {

    public static class AccessDeniedException extends RuntimeException {

        public AccessDeniedException(String message) {
            super(message);
        }
        public AccessDeniedException(String message, Throwable cause) {
            super(message, cause);
        }
    }
    public static final void in( Authority... auths ) {
        Set<GrantedAuthority> roles = new HashSet<>();
        for (Authority r : auths) {
            roles.add(new SimpleGrantedAuthority( r.getAuthority()));
        }
        if ( SecurityContextHolder.getContext().getAuthentication() == null ) {
            throw new Auth401Exception();
        }
        Collection<? extends GrantedAuthority> granted = SecurityContextHolder.getContext().getAuthentication().getAuthorities();
        if ( roles.stream().anyMatch(granted::contains) ) {
            return;
        }
        log.warn( "Checking granted roles: "+granted+ " for principal "+SecurityContextHolder.getContext().getAuthentication().getPrincipal()+" against required roles "+roles+" results in no match. AccessDenied" );
        
        throw new Auth403Exception();
    }    
}
Created with JaCoCo 0.8.4.201905082037