@groovy.transform.CompileStatic @groovy.util.logging.Slf4j final class SpringSecurityUtils extends java.lang.Object
Helper methods.
| Modifiers | Name | Description |
|---|---|---|
static java.lang.String |
AJAX_HEADER |
Default value for the name of the Ajax header. |
static java.lang.String |
DEFAULT_TARGET_PARAMETER |
|
static java.lang.String |
FILTERS_NONE |
|
static java.lang.String |
NO_ROLE |
Used to ensure that all authenticated users have at least one granted authority to work around Spring Security code that assumes at least one. |
static java.lang.String |
SAVED_REQUEST |
|
static java.lang.String |
SPRING_SECURITY_LAST_USERNAME_KEY |
|
static java.lang.String |
XML_HTTP_REQUEST |
| Type | Name and description |
|---|---|
static java.util.List<java.lang.String> |
afterInvocationManagerProviderNamesAfterInvocationProvider names. |
static java.util.SortedMap<java.lang.Integer, jakarta.servlet.Filter> |
configuredOrderedFiltersSet by SpringSecurityCoreGrailsPlugin contains the actual filter beans in order. |
static java.util.List<java.lang.String> |
logoutHandlerNamesLogout handler names. |
static java.util.Map<java.lang.Integer, java.lang.String> |
orderedFiltersOrdered filter names. |
static java.util.List<java.lang.String> |
providerNamesAuthentication provider names. |
groovy.util.ConfigObject |
securityConfig |
static java.util.List<java.lang.String> |
voterNamesVoter names. |
| Type Params | Return Type | Name and description |
|---|---|---|
|
static java.util.Set<java.lang.String> |
authoritiesToRoles(java.lang.Object authorities)Extract the role names from authorities. |
|
static void |
buildFilterChains(java.util.SortedMap<java.lang.Integer, java.lang.String> filterNames, java.util.List<java.util.Map<java.lang.String, ?>> chainMap, java.util.List<GrailsSecurityFilterChain> filterChains, org.springframework.context.ApplicationContext applicationContext) |
|
static void |
clientRegisterFilter(java.lang.String beanName, SecurityFilterPosition position)Register a filter in a specified position in the chain. |
|
static void |
clientRegisterFilter(java.lang.String beanName, int order)Register a filter in a specified position in the chain. |
|
static java.lang.Object |
doWithAuth(groovy.lang.Closure<?> closure)Execute a closure with the current authentication. |
|
static java.lang.Object |
doWithAuth(java.lang.String username, groovy.lang.Closure<?> closure)Authenticate as the specified user and execute the closure with that authentication. |
|
static java.util.SortedMap<java.lang.Integer, java.lang.String> |
findFilterChainNames(java.lang.Object filterChainFilterNames, boolean useSecureChannel, boolean useIpRestrictions, boolean useX509, boolean useDigestAuth, boolean useBasicAuth, boolean useSwitchUserFilter) |
|
static java.lang.Throwable |
getLastException(jakarta.servlet.http.HttpSession session)Get the last auth exception. |
|
static java.lang.String |
getLastUsername(jakarta.servlet.http.HttpSession session)Get the last attempted username. |
|
static java.util.Collection<org.springframework.security.core.GrantedAuthority> |
getPrincipalAuthorities()Get the current user's authorities. |
|
static org.springframework.security.web.savedrequest.SavedRequest |
getSavedRequest(jakarta.servlet.http.HttpSession session)Get the saved request from the session. |
|
static groovy.util.ConfigObject |
getSecurityConfig()Parse and load the security configuration. |
|
static java.lang.String |
getSecurityConfigType()Lookup the security type as a String to avoid dev mode reload issues. |
|
static org.springframework.security.core.context.SecurityContext |
getSecurityContext(jakarta.servlet.http.HttpSession session) |
|
static java.lang.String |
getSwitchedUserOriginalUsername()Get the username of the original user before switching to another. |
|
static boolean |
ifAllGranted(java.lang.String roles)Check if the current user has all of the specified roles. |
|
static boolean |
ifAllGranted(java.util.Collection<? extends org.springframework.security.core.GrantedAuthority> roles) |
|
static boolean |
ifAnyGranted(java.lang.String roles)Check if the current user has any of the specified roles. |
|
static boolean |
ifAnyGranted(java.util.Collection<? extends org.springframework.security.core.GrantedAuthority> roles) |
|
static boolean |
ifNotGranted(java.lang.String roles)Check if the current user has none of the specified roles. |
|
static boolean |
ifNotGranted(java.util.Collection<? extends org.springframework.security.core.GrantedAuthority> roles) |
|
static boolean |
isAjax(jakarta.servlet.http.HttpServletRequest request)Check if the request was triggered by an Ajax call. |
|
static boolean |
isSwitched()Check if the current user is switched to another user. |
|
static void |
loadSecondaryConfig(java.lang.String className)Allow a secondary plugin to add config attributes. |
|
static boolean |
noFilterIsApplied(java.util.List<java.util.Map<java.lang.String, ?>> chainMap, java.lang.String pattern) |
|
static java.util.List<org.springframework.security.core.GrantedAuthority> |
parseAuthoritiesString(java.lang.String roleNames)Split the role names and create org.springframework.security.core.GrantedAuthoritys for each. |
|
static void |
reauthenticate(java.lang.String username, java.lang.String password)Rebuild an Authentication for the given username and register it in the security context. |
|
static void |
registerAfterInvocationProvider(java.lang.String beanName)Register an AfterInvocationProvider bean name. |
|
static void |
registerFilter(java.lang.String beanName, SecurityFilterPosition position)Register a filter bean name in a specified position in the chain. |
|
static void |
registerFilter(java.lang.String beanName, int order)Register a filter bean name in a specified position in the chain. |
|
static void |
registerLogoutHandler(java.lang.String beanName)Register a logout handler bean name. |
|
static void |
registerProvider(java.lang.String beanName)Register a provider bean name. |
|
static void |
registerVoter(java.lang.String beanName)Register a voter bean name. |
|
static void |
reloadSecurityConfig()Force a reload of the security configuration. |
|
static void |
resetSecurityConfig()Reset the config for testing or after a dev mode Config.groovy change. |
|
static java.util.Set<java.lang.String> |
retainAll(java.lang.Object granted, java.lang.Object required)Find authorities in granted that are also in required. |
|
static void |
setApplication(grails.core.GrailsApplication app)Set at startup by plugin. |
|
static void |
setSecurityConfig(groovy.util.ConfigObject config)For testing only. |
| Methods inherited from class | Name |
|---|---|
class java.lang.Object |
java.lang.Object#wait(long, int), java.lang.Object#wait(), java.lang.Object#wait(long), java.lang.Object#equals(java.lang.Object), java.lang.Object#toString(), java.lang.Object#hashCode(), java.lang.Object#getClass(), java.lang.Object#notify(), java.lang.Object#notifyAll() |
Default value for the name of the Ajax header.
Used to ensure that all authenticated users have at least one granted authority to work around Spring Security code that assumes at least one. By granting this non-authority, the user can't do anything but gets past the somewhat arbitrary restrictions.
AfterInvocationProvider names. Plugins add or remove them, and can be overridden by config.
Set by SpringSecurityCoreGrailsPlugin contains the actual filter beans in order.
Logout handler names. Plugins add or remove them, and can be overridden by config.
Ordered filter names. Plugins add or remove them, and can be overridden by config.
Authentication provider names. Plugins add or remove them, and can be overridden by config.
Voter names. Plugins add or remove them and can be overridden by config.
Extract the role names from authorities.
authorities - the authorities (a collection or array of org.springframework.security.core.GrantedAuthority).Register a filter in a specified position in the chain. Note - this is for use in application code after the plugin has initialized, e.g. in BootStrap where you want to register a custom filter in the correct order without dealing with the existing configured filters.
beanName - the Spring bean name of the filterposition - the positionRegister a filter in a specified position in the chain. Note - this is for use in application code after the plugin has initialized, e.g. in BootStrap where you want to register a custom filter in the correct order without dealing with the existing configured filters.
beanName - the Spring bean name of the filterorder - the position (see SecurityFilterPosition)Execute a closure with the current authentication. Assumes that there's an authentication in the http session and that the closure is running in a separate thread from the web request, so the context and authentication aren't available to the standard ThreadLocal.
closure - the code to runAuthenticate as the specified user and execute the closure with that authentication. Restores the authentication to the one that was active if it exists, or clears the context otherwise. This is similar to run-as and switch-user but is only local to a Closure.
username - the username to authenticate asclosure - the code to runGet the last auth exception.
session - the sessionGet the last attempted username.
session - the sessionGet the current user's authorities.
Get the saved request from the session.
session - the sessionParse and load the security configuration.
Lookup the security type as a String to avoid dev mode reload issues.
SecurityConfigTypeGet the username of the original user before switching to another.
Check if the current user has all of the specified roles.
roles - a comma-delimited list of role namestrue if the user is authenticated and has all the rolesCheck if the current user has any of the specified roles.
roles - a comma-delimited list of role namestrue if the user is authenticated and has any the rolesCheck if the current user has none of the specified roles.
roles - a comma-delimited list of role namestrue if the user is authenticated and has none the rolesCheck if the request was triggered by an Ajax call.
request - the requesttrue if AjaxCheck if the current user is switched to another user.
true if logged in and switchedAllow a secondary plugin to add config attributes.
className - the name of the config class.Split the role names and create org.springframework.security.core.GrantedAuthoritys for each.
roleNames - comma-delimited role namesRebuild an Authentication for the given username and register it in the security context. Typically used after updating a user's authorities or other auth-cached info. Also removes the user from the user cache to force a refresh at next login.
username - the user's login namepassword - optionalRegister an AfterInvocationProvider bean name. Note - only for use by plugins during bean building.
beanName - the Spring bean name of the provider Register a filter bean name in a specified position in the chain.
Note - only for use by plugins during bean building - to register at runtime
(preferably in BootStrap) use clientRegisterFilter.
beanName - the Spring bean name of the filterposition - the position Register a filter bean name in a specified position in the chain.
Note - only for use by plugins during bean building - to register at runtime
(preferably in BootStrap) use clientRegisterFilter.
beanName - the Spring bean name of the filterorder - the position (see SecurityFilterPosition)Register a logout handler bean name. Note - only for use by plugins during bean building.
beanName - the Spring bean name of the handlerRegister a provider bean name. Note - only for use by plugins during bean building.
beanName - the Spring bean name of the providerRegister a voter bean name. Note - only for use by plugins during bean building.
beanName - the Spring bean name of the voterForce a reload of the security configuration.
Reset the config for testing or after a dev mode Config.groovy change.
Find authorities in granted that are also in required.
granted - the granted authorities (a collection or array of org.springframework.security.core.GrantedAuthority).required - the required authorities (a collection or array of org.springframework.security.core.GrantedAuthority).Set at startup by plugin.
app - the applicationFor testing only.
config - the config