From 146a0fb8b0e90f9196e569152f649baf60d6cc8f Mon Sep 17 00:00:00 2001
From: Joaquín Reñé <jrene@curisit.net>
Date: Tue, 07 Oct 2025 14:52:57 +0000
Subject: [PATCH] #4410 - Comments on classes
---
securis/src/main/java/net/curisit/securis/security/BasicSecurityContext.java | 257 +++++++++++++++++++++++++++++++++++----------------
1 files changed, 175 insertions(+), 82 deletions(-)
diff --git a/securis/src/main/java/net/curisit/securis/security/BasicSecurityContext.java b/securis/src/main/java/net/curisit/securis/security/BasicSecurityContext.java
index 1c831b5..9d5fa0e 100644
--- a/securis/src/main/java/net/curisit/securis/security/BasicSecurityContext.java
+++ b/securis/src/main/java/net/curisit/securis/security/BasicSecurityContext.java
@@ -1,3 +1,6 @@
+/*
+* Copyright @ 2013 CurisTEC, S.A.S. All Rights Reserved.
+*/
package net.curisit.securis.security;
import java.security.Principal;
@@ -9,103 +12,193 @@
import net.curisit.integrity.commons.Utils;
import net.curisit.securis.db.User;
+/**
+* BasicSecurityContext
+* <p>
+* Lightweight implementation of JAX-RS {@link SecurityContext} based on:
+* - A {@link Principal} holding the username.
+* - An integer bitmask of roles (see {@link User.Rol}).
+* - Optional scope restrictions (organization/application IDs).
+*
+* Role checks:
+* - {@link #isUserInRole(String)} maps string names to bit constants via {@link #ROLES}.
+*
+* Scope helpers:
+* - {@link #isOrgAccesible(Integer)} and {@link #isAppAccesible(Integer)}.
+*
+* @author JRA
+* Last reviewed by JRA on Oct 5, 2025.
+*/
public class BasicSecurityContext implements SecurityContext {
- final public static String ROL_ADVANCE = "advance";
- final public static String ROL_ADMIN = "admin";
- final public static String ROL_BASIC = "basic";
+ /** String role names mapped to bit flags. */
+ public static final String ROL_ADVANCE = "advance";
+ public static final String ROL_ADMIN = "admin";
+ public static final String ROL_BASIC = "basic";
- final static Map<String, Integer> ROLES = Utils.<String, Integer> createMap(ROL_BASIC, User.Rol.BASIC, ROL_ADVANCE, User.Rol.ADVANCE, ROL_ADMIN, User.Rol.ADMIN);
+ /** Mapping from role name to bit flag. */
+ static final Map<String, Integer> ROLES =
+ Utils.<String, Integer>createMap(ROL_BASIC, User.Rol.BASIC,
+ ROL_ADVANCE, User.Rol.ADVANCE,
+ ROL_ADMIN, User.Rol.ADMIN);
- Principal user = null;
- int roles = 0;
- boolean secure = false;
- Set<Integer> organizationsIds = null;
- Set<Integer> applicationsIds = null;
- double ran = 0;
+ Principal user = null;
+ int roles = 0;
+ boolean secure = false;
+ Set<Integer> organizationsIds = null;
+ Set<Integer> applicationsIds = null;
+ double ran = 0; // small unique marker for debugging instances
- public BasicSecurityContext(String username, int roles, boolean secure) {
- user = new UserPrincipal(username);
- this.roles = roles;
- this.secure = secure;
- ran = Math.random();
- }
+ /**
+ * BasicSecurityContext<p>
+ * Construct a context for given user, roles and transport security flag.
+ *
+ * @param username principal name
+ * @param roles bitmask of roles
+ * @param secure whether the request is HTTPS
+ */
+ public BasicSecurityContext(String username, int roles, boolean secure) {
+ user = new UserPrincipal(username);
+ this.roles = roles;
+ this.secure = secure;
+ ran = Math.random();
+ }
- @Override
- public Principal getUserPrincipal() {
- return user;
- }
+ /**
+ * getUserPrincipal<p>
+ * Return the user principal.
+ *
+ * @return mainUser
+ */
+ @Override
+ public Principal getUserPrincipal() { return user; }
- @Override
- public boolean isUserInRole(String role) {
- Integer introle = ROLES.get(role);
- return introle != null && (introle & roles) != 0;
- }
+ /**
+ * isUserInRole<p>
+ * Check role membership by name (mapped to bitmask).
+ *
+ * @param role
+ * @return isUserInRole
+ */
+ @Override
+ public boolean isUserInRole(String role) {
+ Integer introle = ROLES.get(role);
+ return introle != null && (introle & roles) != 0;
+ }
- @Override
- public boolean isSecure() {
- return secure;
- }
+ /**
+ * isSecure<p>
+ * Return whether transport is secure (HTTPS).
+ *
+ * @return isSecure
+ */
+ @Override
+ public boolean isSecure() { return secure; }
- @Override
- public String getAuthenticationScheme() {
- return null;
- }
+ /**
+ * getAuthenticationScheme<p>
+ * Not used; returns null.
+ *
+ * @return authenticationsScheme
+ */
+ @Override
+ public String getAuthenticationScheme() { return null; }
- @Override
- public String toString() {
+ /**
+ * toString<p>
+ * Get the string describing the current object
+ *
+ * @return object string
+ */
+ @Override
+ public String toString() { return String.format("SecurityContextWrapper(%f) %s", ran, user); }
- return String.format("SecurityContextWrapper(%f) %s", ran, user);
- }
+ /**
+ * setOrganizationsIds<p>
+ * Set org scope (IDs allowed).
+ *
+ * @param organizationsIds
+ */
+ public void setOrganizationsIds(Set<Integer> orgs) { this.organizationsIds = orgs; }
- public void setOrganizationsIds(Set<Integer> orgs) {
- this.organizationsIds = orgs;
- }
+ /**
+ * getOrganizationsIds<p>
+ * Return org scope.
+ *
+ * @return organizationsIds
+ */
+ public Set<Integer> getOrganizationsIds() { return this.organizationsIds; }
- public Set<Integer> getOrganizationsIds() {
- return this.organizationsIds;
- }
+ /**
+ * getApplicationsIds<p>
+ * Return app scope.
+ *
+ * @return applicationIds
+ */
+ public Set<Integer> getApplicationsIds() { return applicationsIds; }
- public Set<Integer> getApplicationsIds() {
- return applicationsIds;
- }
+ /**
+ * setApplicationsIds<p>
+ * Set app scope.
+ *
+ * @param applicationIds
+ */
+ public void setApplicationsIds(Set<Integer> applicationsIds) { this.applicationsIds = applicationsIds; }
- public void setApplicationsIds(Set<Integer> applicationsIds) {
- this.applicationsIds = applicationsIds;
- }
+ /**
+ * UserPrincipal<p>
+ * Inner Principal holding only the username.
+ */
+ private class UserPrincipal implements Principal {
+ final String name;
+
+ /**
+ * UserPrincipal<p>
+ * Main user
+ *
+ * @param username
+ */
+ public UserPrincipal(String name) { this.name = name; }
+
+ /**
+ * getName<p>
+ * Get the username
+ *
+ * @return userName
+ */
+ @Override public String getName() { return this.name; }
+
+ /**
+ * toString<p>
+ * Get the string describing the current object
+ *
+ * @return object string
+ */
+ @Override public String toString() { return String.format("[%s]", name); }
+ }
- private class UserPrincipal implements Principal {
+ /**
+ * isOrgAccesible<p>
+ * Check if org id is within scope.
+ *
+ * @param orgId
+ * @return isOrgAccesible
+ */
+ public boolean isOrgAccesible(Integer orgid) {
+ if (organizationsIds == null || orgid == null) return false;
+ return organizationsIds.contains(orgid);
+ }
- final String name;
-
- public UserPrincipal(String name) {
- this.name = name;
- }
-
- @Override
- public String getName() {
- return this.name;
- }
-
- @Override
- public String toString() {
- return String.format("[%s]", name);
- }
-
- }
-
- public boolean isOrgAccesible(Integer orgid) {
- if (organizationsIds == null || orgid == null) {
- return false;
- }
- return organizationsIds.contains(orgid);
- }
-
- public boolean isAppAccesible(Integer appid) {
- if (applicationsIds == null || appid == null) {
- return false;
- }
- return applicationsIds.contains(appid);
- }
-
+ /**
+ * isAppAccesible<p>
+ * Check if app id is within scope.
+ *
+ * @param appId
+ * @return isAppAccesible
+ */
+ public boolean isAppAccesible(Integer appid) {
+ if (applicationsIds == null || appid == null) return false;
+ return applicationsIds.contains(appid);
+ }
}
+
--
Gitblit v1.3.2