@Transactional
// @Secured("ROLE_USER")
public void createTransaction(BankingTx tx) {
// add due to no insert trigger in sql server
if (SobaConfig.getDatabaseVendor().equalsIgnoreCase("SQLServer")) {
// System.out.println ("database vendor is SQL Server");
double balance = accountManager.updateAccountBalance(tx.getAmount(), tx.getAccountId());
tx.setBalance(balance);
}
aclBankingTxDao.insert(tx);
addPermission(tx, new PrincipalSid(getCustomerUsername(tx)), BasePermission.READ);
addPermission(tx, new GrantedAuthoritySid("ROLE_REP"), BasePermission.ADMINISTRATION);
addPermission(tx, new GrantedAuthoritySid("ROLE_REP"), BasePermission.DELETE);
}
private String getCustomerUsername(BankingTx tx) {
String username = "";
String authority =
SecurityContextHolder.getContext().getAuthentication().getAuthorities().toString();
if (authority.contains("ROLE_CUST")) {
Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
if (principal instanceof UserDetails) {
username = ((UserDetails) principal).getUsername();
} else {
username = principal.toString();
}
} else {
String accountId = tx.getAccountId();
String customerId = accountDao.getCustomerId(accountId);
username = loginUserDao.getUsernameByCustomerId(customerId);
}
return username;
}