Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
Creative commons Attribution-NonCommercial license. http://creativecommons.org/licenses/by-nc/2.5/au/deed.en_GB NO WARRANTY IS GIVEN OR IMPLIED, USE AT YOUR OWN RISK.
  
  package base.security;
  
 import java.util.List;
 import java.util.Set;
 import java.util.UUID;
 
 import base.json.Json;

Small set of information about an authenticated user. Contains the minimum amount of information required for the user interface to render menus and pages correctly.
 
 public class User implements QueryResult {
 
 	private UUID personUuid;
 	private String firstName;
 	private String lastName;
 	private String token;
 	private String ip;

Roles assigned to this user directly or via their groups
 
 	private Set<Stringroles;

Roles assigned to this user via the "All users" and "Authenticated users" groups.
 
 	private Set<StringsystemRoles;

Instantiate an instance of an unauthenticated user.
 
 	public User(Set<StringsystemRolesString ip) {
 		this. = ;
 		this. = systemRoles;
 		this. = ip;
 	}

Instantiate an instance of an authenticated user.

Parameters:
personUuid
roles Directly assigned roles
systemRoles Roles assigned via special groups.
token
 
 	public User(UUID personUuidString firstNameString lastNameSet<StringrolesSet<StringsystemRolesString tokenString ip) {
 		this. = firstName;
 		this. = lastName;
 		this. = personUuid;
 		this. = roles;
 		this. = systemRoles;
 		this. = token;
 		this. = ip;
 	}
 
 	public UUID getPersonUuid() {
 		return ;
 	}
 
 	public boolean isAuthenticated() {
 		return  != null;
 	}
 
 	public String getFirstName() {
 		return ;
 	}
 
 	public String getLastName() {
 		return ;
 	}
 
 	public boolean hasRole(String role) {
 		if( == null &&  == null) {
 			return false;
 		}
 
 		if( == null) {
 			return .contains(role);
 		}
 
 		if( == null) {
 			return .contains(role);
 		}
 
 		return .contains(role) || .contains(role);
 	}
 
 	public boolean hasRole(String roleString resourceString uid) {
 		return hasRole(role + ":" + resource + ":" + uid) || .contains(role + ":" + resource + ":" + uid);
 	}
 
	public boolean hasRole(String roleString resourceUUID uuid) {
		return hasRole(roleresourceuuid.toString());
	}
	public boolean hasRole(String roleString resourcelong uid) {
		return hasRole(roleresource, String.valueOf(uid));
	}
	public String[] getRoles() {
		return .toArray(new String[]{});
	}
	public ResourceUid[] getRoleResources(String role) {
		List<ResourceUidresources = new LinkedList<>();
		for(String r : ) {
			if(r.startsWith(role + ":")) {
				String[] rs = r.split(":");
				resources.add(new ResourceUid(rs[1], rs[2]));
			}
		}
		return resources.toArray(new ResourceUid[]{});
	}

Web forms that are vulnerable to cross-site request forgery should
  • Inlcude a hidden field with this form auth token.
  • Verify that user form posts contain this exact form auth token.
Because the auth token is a subset of characters from the users session token/cookie, this token is unique on a per session basis, not a per page load basis. While it would be possible to generate tokens on a per form basis, this comes at a performance and storage cost that does not outweigh the benefits for this web framework.

Returns:
Unique user session based form authentication token.
		if( == null || .length() == 0) {
			return "";
		}
		// Note that the 18 characters of the user token may be exposed
		// in the back end web interface (audit log, etc). This exposes
		// another 4 characters via string templates. Leaving 14 remaining
		// characters that should only be available in the database, and
		// in the end users web browser.
		return .substring(12, 22);
	}
	public String getDisplayName() {
		if ( == null &&  == null) {
			return "";
		}
		if ( == null &&  != null) {
			return ;
		}
		if ( != null &&  == null) {
			return ;
		}
		return ( + " " + ).trim();
	}
	public String getIp() {
		return ;
	}
	public String toString() {
		return toJson();
	}
	public String toJson() {
		// Only output half of the token, to prevent extraction of token in string templates
		String tkn = null;
		if( != null) {
			tkn = .substring(0, .length()/2) + "...";
		}
		return "{" +
				( != null?"\"person\":\"" +  + "\",":"\"person\":null,") +
				( != null?"\"first_name\":\"" + Json.escape() + "\",":"") +
				( != null?"\"last_name\":\"" + Json.escape() + "\",":"") +
				( != null?"\"token\":\"" + tkn + "\",":"") +
				( != null && .size() > 0?"\"system_roles\":" + Json.toJson(.toArray()) + ",":"") +
				"\"roles\":" + ( == null?"null":Json.toJson(.toArray())) + "" +
				"}";
	}
	public static User userWithUuidAndIp(UUID uuidString ip) {
		User user = new User(uuid""""nullnullnullip);
		return user;
	}
	public static User userWithIp(String ip) {
		User user = new User(nullip);
		return user;
	}
	public static Set<StringroleSet(String roleString) {
		Set<Stringroles = new HashSet<>();
		if(roleString == null) {
			return roles;
		}
		for(String r : roleString.split("\\|")) {
			if(r.length() > 0) {
					roles.add(r);
				}
			}
		return roles;
	}
	private static final Set<StringEMPTY_ROLE_SET = new HashSet<>();
New to GrepCode? Check out our FAQ X