User:Nikidodhi

package org.appfuse.security;

import java.util.ArrayList; import java.util.Arrays; import java.util.HashMap; import java.util.HashSet; import java.util.Iterator; import java.util.LinkedHashMap; import java.util.List; import java.util.Map; import java.util.Set; import java.util.Map.Entry;

import org.appfuse.dao.URLPatternDao; import org.appfuse.model.Role; import org.appfuse.model.URLPattern; import org.hibernate.Session; import org.hibernate.SessionFactory; import org.springframework.security.ConfigAttribute; import org.springframework.security.ConfigAttributeDefinition; import org.springframework.security.SecurityConfig; import org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource; import org.springframework.security.util.AntUrlPathMatcher; import org.springframework.security.util.UrlMatcher;

//This class is responsible for the Authenticate the user to access the urls as per their role..

public class UrlPatternRolesDefinitionSource extends DefaultFilterInvocationDefinitionSource {

private SessionFactory sessionFactory; URLPatternDao urlpatterndao; private boolean convertUrlToLowercaseBeforeComparison = false; public static LinkedHashMap requestMap = new LinkedHashMap;// Stores the url and the role.. private boolean stripQueryStringFromUrls; public static UrlMatcher urlMatcher = new AntUrlPathMatcher; private Map httpMethodMap = new HashMap;

public UrlPatternRolesDefinitionSource { super(urlMatcher, requestMap); logger.debug("UrlPatternRolesDefinitionSource crated **************"); }	/**This method is called at the server starup.. Fetches the URLs and their mapped roles from the database and add them into cofigAttribute definition.*/ public void init { logger.debug("UrlPatternRolesDefinitionSource.init start **************"); Session session = null; try { session = sessionFactory.openSession; List urlPatternsList = urlpatterndao.getAll; List configList = null; for (URLPattern pattern : urlPatternsList) { configList = new ArrayList; for (Role role : pattern.getRoles) { if(role == null){ throw new NullPointerException("Role Has a null value"); }						ConfigAttribute config = new SecurityConfig(role.getAuthority); configList.add(config); }					ConfigAttributeDefinition configDefinition = new ConfigAttributeDefinition(configList); addSecureUrl(pattern.getPattern,null,configDefinition); }			} catch (Exception e) { logger.error("Error in init method : ", e); e.printStackTrace; } finally { session.close; }			logger.debug("UrlPatternRolesDefinitionSource.init end **************"); }

public boolean isConvertUrlToLowercaseBeforeComparison { return convertUrlToLowercaseBeforeComparison; }

public void setConvertUrlToLowercaseBeforeComparison(boolean convertUrlToLowercaseBeforeComparison) { this.convertUrlToLowercaseBeforeComparison = convertUrlToLowercaseBeforeComparison; }	//This method add the configAttribute and URL pattern into the map. public void addSecureUrl(String pattern, String method,ConfigAttributeDefinition attr) { Map mapToUse = getRequestMapForHttpMethod(method); mapToUse.put(urlMatcher.compile(pattern), attr); if (logger.isDebugEnabled) logger.debug("Added URL pattern: "					+ pattern					+ "; attributes: "					+ attr					+ (method != null ? " for HTTP method '" + method + "'" : ""));	}

private static final Set HTTP_METHODS = new HashSet(Arrays.asList(new String[] { "DELETE", "GET", "HEAD", "OPTIONS", "POST","PUT", "TRACE" }));

private Map getRequestMapForHttpMethod(String method) { if (method == null) return requestMap; if (!HTTP_METHODS.contains(method)) throw new IllegalArgumentException("Unrecognised HTTP method: '"					+ method + "'"); Map methodRequestmap = httpMethodMap.get(method); if (methodRequestmap == null) { methodRequestmap = new LinkedHashMap; httpMethodMap.put(method, methodRequestmap); }		return methodRequestmap; }

public SessionFactory getSessionFactory { return sessionFactory; }

public void setSessionFactory(SessionFactory sessionFactory) { this.sessionFactory = sessionFactory; }

public URLPatternDao getUrlpatterndao { return urlpatterndao; }

public void setUrlpatterndao(URLPatternDao urlpatterndao) { this.urlpatterndao = urlpatterndao; }

/** This method is called when the user requests for the URL ,It returns the Configattributedefinition*/ public ConfigAttributeDefinition lookupAttributes(String url, String method) { logger.debug("UrlPatternRolesDefinitionSource.lookupAttributes called **************"); if (stripQueryStringFromUrls) { int firstQuestionMarkIndex = url.indexOf("?"); if (firstQuestionMarkIndex != -1) url = url.substring(0, firstQuestionMarkIndex); }		if (urlMatcher.requiresLowerCaseUrl) { url = url.toLowerCase; if (logger.isDebugEnabled) logger.debug("Converted URL to lowercase, from: '" + url						+ "'; to: '" + url + "'"); }		ConfigAttributeDefinition attributes = null; Map methodSpecificMap = httpMethodMap.get(method); if (methodSpecificMap != null) attributes = lookupUrlInMap(methodSpecificMap, url); if (attributes == null) attributes = lookupUrlInMap(requestMap, url); return attributes; }

private ConfigAttributeDefinition lookupUrlInMap(Map requestMap, String url) { for (Iterator entries = requestMap.entrySet.iterator; entries.hasNext;) { Entry entry = (Entry) entries.next; Object p = entry.getKey; boolean matched = urlMatcher.pathMatchesUrl(p, url); if (logger.isDebugEnabled) logger.debug("Candidate is: '" + url + "'; pattern is " + p						+ "; matched=" + matched); if (matched) return (ConfigAttributeDefinition) entry.getValue; }		return null; } }