@Override @Transactional public List<Entitlement> getEntitlementsByRole(String role) { List<Entitlement> list = (List<Entitlement>) genericDAO.listByStringColumnSearch("Entitlement", "role", role); return list; }
@Override @Transactional public boolean isUserEntitled(String userEmail, String url, String httpMethod) { boolean userEntitledForURLAndMethod = false; APPUser user = userService.getUserByUserEmail(userEmail); List<Entitlement> entitlements = new ArrayList<Entitlement>(); for (String role : user.getRoles()) { entitlements.addAll(getEntitlementsByRole(role)); } for (Entitlement entitlement : entitlements) { List<URLPatternMethodAndEntitlement> urlEntitlements = (List<URLPatternMethodAndEntitlement>) genericDAO.listByStringColumnSearch( "URLPatternMethodAndEntitlement", "entitlement", entitlement.getEntitlement()); for (URLPatternMethodAndEntitlement urlEntitlement : urlEntitlements) { /* * DB retrieves for "\\" contain "\\\\" * e.g. \\w retrieved as \\\\w */ String regularExpression = urlEntitlement.getUrlPattern().replace("\\\\", "\\"); // Create a Pattern object Pattern pattern = Pattern.compile(regularExpression); // Now create matcher object. Matcher matcher = pattern.matcher(url); if (matcher.matches() && httpMethod.toUpperCase().equals(urlEntitlement.getMethod())) { userEntitledForURLAndMethod = true; return userEntitledForURLAndMethod; } } } return userEntitledForURLAndMethod; }