/**
* Check if the current user is allowed to access the requested resource.
*
* @param httpRequest
* @throws AccessDeniedException If the request is not allowed considering the resource
* permissions.
*/
public boolean isAllowed(HttpServletRequest httpRequest) throws AccessDeniedException {
final String requestURI = httpRequest.getRequestURI();
Set<Entry<String, String[]>> entrySet = this.roleProtectedResources.entrySet();
for (Entry<String, String[]> entry : entrySet) {
if (matches(entry.getKey(), requestURI)) {
Identity identity = getIdentity();
if (!identity.isLoggedIn()) {
return false;
} else {
String[] roles = entry.getValue();
for (String roleName : roles) {
IdentityManager identityManager = getIdentityManager();
Role role = BasicModel.getRole(identityManager, roleName.trim());
if (role == null) {
throw new IllegalStateException(
"The specified role does not exists [" + role + "]. Check your configuration.");
}
if (!BasicModel.hasRole(getRelationshipManager(), identity.getAccount(), role)) {
return false;
}
}
}
}
}
return true;
}
public boolean isAdmin() {
if (isUserLoggedIn()) {
IdentityManager identityManager = getIdentityManager();
RelationshipManager relationshipManager = getRelationshipManager();
return BasicModel.hasRole(
relationshipManager,
identity.getAccount(),
BasicModel.getRole(identityManager, "Administrator"));
}
return false;
}
protected void performAuthentication() {
DefaultLoginCredentials credentials = this.credentials;
credentials.setPassword(USER_PASSWORD);
credentials.setUserId(USER_NAME);
Identity identity = this.identity;
Identity.AuthenticationResult status = identity.login();
assertEquals(Identity.AuthenticationResult.SUCCESS, status);
assertTrue(identity.isLoggedIn());
assertEquals(this.identity.getAccount(), identity.getAccount());
}
@Test
public void testUnsuccessfulPasswordBasedAuthentication() throws Exception {
DefaultLoginCredentials credentials = getCredentials();
credentials.setUserId(USER_NAME);
credentials.setPassword("badpasswd");
Identity identity = getIdentity();
AuthenticationResult status = identity.login();
assertEquals(AuthenticationResult.FAILED, status);
assertFalse(identity.isLoggedIn());
assertNull(identity.getAccount());
}
@Test
public void testSuccessfulPasswordBasedAuthentication() throws Exception {
DefaultLoginCredentials credentials = getCredentials();
credentials.setPassword(USER_PASSWORD);
credentials.setUserId(USER_NAME);
Identity identity = getIdentity();
AuthenticationResult status = identity.login();
assertEquals(AuthenticationResult.SUCCESS, status);
assertTrue(identity.isLoggedIn());
assertEquals(getAccount(), identity.getAccount());
}
