common/securis.git

..	..	@@ -1,3 +1,6 @@
	1	+/*
	2	+* Copyright @ 2013 CurisTEC, S.A.S. All Rights Reserved.
	3	+*/
1	4	package net.curisit.securis.security;
2	5
3	6	import java.security.Principal;
..	..	@@ -9,103 +12,193 @@
9	12	import net.curisit.integrity.commons.Utils;
10	13	import net.curisit.securis.db.User;
11	14
	15	+/**
	16	+* BasicSecurityContext
	17	+* <p>
	18	+* Lightweight implementation of JAX-RS {@link SecurityContext} based on:
	19	+* - A {@link Principal} holding the username.
	20	+* - An integer bitmask of roles (see {@link User.Rol}).
	21	+* - Optional scope restrictions (organization/application IDs).
	22	+*
	23	+* Role checks:
	24	+* - {@link #isUserInRole(String)} maps string names to bit constants via {@link #ROLES}.
	25	+*
	26	+* Scope helpers:
	27	+* - {@link #isOrgAccesible(Integer)} and {@link #isAppAccesible(Integer)}.
	28	+*
	29	+* @author JRA
	30	+* Last reviewed by JRA on Oct 5, 2025.
	31	+*/
12	32	public class BasicSecurityContext implements SecurityContext {
13	33
14		- final public static String ROL_ADVANCE = "advance";
15		- final public static String ROL_ADMIN = "admin";
16		- final public static String ROL_BASIC = "basic";
	34	+ /** String role names mapped to bit flags. */
	35	+ public static final String ROL_ADVANCE = "advance";
	36	+ public static final String ROL_ADMIN = "admin";
	37	+ public static final String ROL_BASIC = "basic";
17	38
18		- final static Map<String, Integer> ROLES = Utils.<String, Integer> createMap(ROL_BASIC, User.Rol.BASIC, ROL_ADVANCE, User.Rol.ADVANCE, ROL_ADMIN, User.Rol.ADMIN);
	39	+ /** Mapping from role name to bit flag. */
	40	+ static final Map<String, Integer> ROLES =
	41	+ Utils.<String, Integer>createMap(ROL_BASIC, User.Rol.BASIC,
	42	+ ROL_ADVANCE, User.Rol.ADVANCE,
	43	+ ROL_ADMIN, User.Rol.ADMIN);
19	44
20		- Principal user = null;
21		- int roles = 0;
22		- boolean secure = false;
23		- Set<Integer> organizationsIds = null;
24		- Set<Integer> applicationsIds = null;
25		- double ran = 0;
	45	+ Principal user = null;
	46	+ int roles = 0;
	47	+ boolean secure = false;
	48	+ Set<Integer> organizationsIds = null;
	49	+ Set<Integer> applicationsIds = null;
	50	+ double ran = 0; // small unique marker for debugging instances
26	51
27		- public BasicSecurityContext(String username, int roles, boolean secure) {
28		- user = new UserPrincipal(username);
29		- this.roles = roles;
30		- this.secure = secure;
31		- ran = Math.random();
32		- }
	52	+ /**
	53	+ * BasicSecurityContext<p>
	54	+ * Construct a context for given user, roles and transport security flag.
	55	+ *
	56	+ * @param username principal name
	57	+ * @param roles bitmask of roles
	58	+ * @param secure whether the request is HTTPS
	59	+ */
	60	+ public BasicSecurityContext(String username, int roles, boolean secure) {
	61	+ user = new UserPrincipal(username);
	62	+ this.roles = roles;
	63	+ this.secure = secure;
	64	+ ran = Math.random();
	65	+ }
33	66
34		- @Override
35		- public Principal getUserPrincipal() {
36		- return user;
37		- }
	67	+ /**
	68	+ * getUserPrincipal<p>
	69	+ * Return the user principal.
	70	+ *
	71	+ * @return mainUser
	72	+ */
	73	+ @Override
	74	+ public Principal getUserPrincipal() { return user; }
38	75
39		- @Override
40		- public boolean isUserInRole(String role) {
41		- Integer introle = ROLES.get(role);
42		- return introle != null && (introle & roles) != 0;
43		- }
	76	+ /**
	77	+ * isUserInRole<p>
	78	+ * Check role membership by name (mapped to bitmask).
	79	+ *
	80	+ * @param role
	81	+ * @return isUserInRole
	82	+ */
	83	+ @Override
	84	+ public boolean isUserInRole(String role) {
	85	+ Integer introle = ROLES.get(role);
	86	+ return introle != null && (introle & roles) != 0;
	87	+ }
44	88
45		- @Override
46		- public boolean isSecure() {
47		- return secure;
48		- }
	89	+ /**
	90	+ * isSecure<p>
	91	+ * Return whether transport is secure (HTTPS).
	92	+ *
	93	+ * @return isSecure
	94	+ */
	95	+ @Override
	96	+ public boolean isSecure() { return secure; }
49	97
50		- @Override
51		- public String getAuthenticationScheme() {
52		- return null;
53		- }
	98	+ /**
	99	+ * getAuthenticationScheme<p>
	100	+ * Not used; returns null.
	101	+ *
	102	+ * @return authenticationsScheme
	103	+ */
	104	+ @Override
	105	+ public String getAuthenticationScheme() { return null; }
54	106
55		- @Override
56		- public String toString() {
	107	+ /**
	108	+ * toString<p>
	109	+ * Get the string describing the current object
	110	+ *
	111	+ * @return object string
	112	+ */
	113	+ @Override
	114	+ public String toString() { return String.format("SecurityContextWrapper(%f) %s", ran, user); }
57	115
58		- return String.format("SecurityContextWrapper(%f) %s", ran, user);
59		- }
	116	+ /**
	117	+ * setOrganizationsIds<p>
	118	+ * Set org scope (IDs allowed).
	119	+ *
	120	+ * @param organizationsIds
	121	+ */
	122	+ public void setOrganizationsIds(Set<Integer> orgs) { this.organizationsIds = orgs; }
60	123
61		- public void setOrganizationsIds(Set<Integer> orgs) {
62		- this.organizationsIds = orgs;
63		- }
	124	+ /**
	125	+ * getOrganizationsIds<p>
	126	+ * Return org scope.
	127	+ *
	128	+ * @return organizationsIds
	129	+ */
	130	+ public Set<Integer> getOrganizationsIds() { return this.organizationsIds; }
64	131
65		- public Set<Integer> getOrganizationsIds() {
66		- return this.organizationsIds;
67		- }
	132	+ /**
	133	+ * getApplicationsIds<p>
	134	+ * Return app scope.
	135	+ *
	136	+ * @return applicationIds
	137	+ */
	138	+ public Set<Integer> getApplicationsIds() { return applicationsIds; }
68	139
69		- public Set<Integer> getApplicationsIds() {
70		- return applicationsIds;
71		- }
	140	+ /**
	141	+ * setApplicationsIds<p>
	142	+ * Set app scope.
	143	+ *
	144	+ * @param applicationIds
	145	+ */
	146	+ public void setApplicationsIds(Set<Integer> applicationsIds) { this.applicationsIds = applicationsIds; }
72	147
73		- public void setApplicationsIds(Set<Integer> applicationsIds) {
74		- this.applicationsIds = applicationsIds;
75		- }
	148	+ /**
	149	+ * UserPrincipal<p>
	150	+ * Inner Principal holding only the username.
	151	+ */
	152	+ private class UserPrincipal implements Principal {
	153	+ final String name;
	154	+
	155	+ /**
	156	+ * UserPrincipal<p>
	157	+ * Main user
	158	+ *
	159	+ * @param username
	160	+ */
	161	+ public UserPrincipal(String name) { this.name = name; }
	162	+
	163	+ /**
	164	+ * getName<p>
	165	+ * Get the username
	166	+ *
	167	+ * @return userName
	168	+ */
	169	+ @Override public String getName() { return this.name; }
	170	+
	171	+ /**
	172	+ * toString<p>
	173	+ * Get the string describing the current object
	174	+ *
	175	+ * @return object string
	176	+ */
	177	+ @Override public String toString() { return String.format("[%s]", name); }
	178	+ }
76	179
77		- private class UserPrincipal implements Principal {
	180	+ /**
	181	+ * isOrgAccesible<p>
	182	+ * Check if org id is within scope.
	183	+ *
	184	+ * @param orgId
	185	+ * @return isOrgAccesible
	186	+ */
	187	+ public boolean isOrgAccesible(Integer orgid) {
	188	+ if (organizationsIds == null \|\| orgid == null) return false;
	189	+ return organizationsIds.contains(orgid);
	190	+ }
78	191
79		- final String name;
80		-
81		- public UserPrincipal(String name) {
82		- this.name = name;
83		- }
84		-
85		- @Override
86		- public String getName() {
87		- return this.name;
88		- }
89		-
90		- @Override
91		- public String toString() {
92		- return String.format("[%s]", name);
93		- }
94		-
95		- }
96		-
97		- public boolean isOrgAccesible(Integer orgid) {
98		- if (organizationsIds == null \|\| orgid == null) {
99		- return false;
100		- }
101		- return organizationsIds.contains(orgid);
102		- }
103		-
104		- public boolean isAppAccesible(Integer appid) {
105		- if (applicationsIds == null \|\| appid == null) {
106		- return false;
107		- }
108		- return applicationsIds.contains(appid);
109		- }
110		-
	192	+ /**
	193	+ * isAppAccesible<p>
	194	+ * Check if app id is within scope.
	195	+ *
	196	+ * @param appId
	197	+ * @return isAppAccesible
	198	+ */
	199	+ public boolean isAppAccesible(Integer appid) {
	200	+ if (applicationsIds == null \|\| appid == null) return false;
	201	+ return applicationsIds.contains(appid);
	202	+ }
111	203	}
	204	+