Examples of com.esri.gpt.framework.security.principal.RoleSet

• com.esri.gpt.framework.security.principal.RoleSet
  Maintains a set of role keys.

  The intent is to use this set for quick evaluation of authorization constraints.

  Each value in the collection is a String. Null values are ignored. Values are trimmed, zero-length Strings are ignored. The set is unique and is not case sensitive.

 * @return Boolean.TRUE if the active user has the specified role
 */
@Override
public Boolean get(Object role) {
  AuthenticationStatus authStatus = _activeUser.getAuthenticationStatus();
  RoleSet authRoles = _activeUser.getAuthenticationStatus().getAuthenticatedRoles();
  if ((role != null) && (role instanceof String)) {
    String sRole = Val.chkStr((String)role);
    boolean bAnonymous = !authStatus.getWasAuthenticated();
    if (sRole.equalsIgnoreCase("anonymous")) {
      return new Boolean(bAnonymous);
    } else if (!bAnonymous) {
      if (sRole.equalsIgnoreCase("openid")) {
        return Val.chkStr(_activeUser.getKey()).startsWith("urn:openid:");
      } else {
        RoleSet rs = new RoleSet();
        rs.addDelimited(sRole);
        return new Boolean(authRoles.hasRole(rs));
      }
    }
  }
  return Boolean.FALSE;

    user.getAuthenticationStatus().setWasAuthenticated(true);

    // set role/group properties
    try {
      readUserGroups(user);
      RoleSet authRoles = user.getAuthenticationStatus().getAuthenticatedRoles();
      Roles cfgRoles = getApplicationConfiguration().getIdentityConfiguration().getConfiguredRoles();
      for (Role role: cfgRoles.values()) {
        authRoles.addAll(role.getFullRoleSet());
      }
    } catch (NamingException e) {
      // will never be thrown
    }

    // populate the authentication status and profile information
    user.setDistinguishedName(sAuthenticatedDN);
    populateUser(requestContext,user,sTargetedGroupDN);

    RoleSet roles = user.getAuthenticationStatus().getAuthenticatedRoles();
    if (roles.hasRole("gptForbiddenAccess")) {
      User activeUser = requestContext.getUser();
      if(activeUser.getAuthenticationStatus().getWasAuthenticated()){
        String activeUserDn = requestContext.getUser().getDistinguishedName();
        String managedUserDn = user.getDistinguishedName();
        if(activeUserDn.equals(managedUserDn)){

  // read groups, set authenticated roles
  getQueryFunctions().readUserGroups(dirContext,user);
  Groups userGroups = user.getGroups();
  Roles configuredRoles = getConfiguration().getIdentityConfiguration().getConfiguredRoles();
  RoleSet authenticatedRoles = user.getAuthenticationStatus().getAuthenticatedRoles();
  for (Role role: configuredRoles.values()) {
    if (userGroups.containsKey(role.getDistinguishedName())) {
      authenticatedRoles.addAll(role.getFullRoleSet());
    }
  }
  user.getAuthenticationStatus().setWasAuthenticated(true);

  // ensure membership if a targeted metadata management group was specified

/**
 * Asserts the administrator role.
 * @throws NotAuthorizedException if the administrator role has not been granted
 */
private void assertAdministratorRole(User user) throws NotAuthorizedException {
  RoleSet roles = user.getAuthenticationStatus().getAuthenticatedRoles();
  roles.assertRole("gptAdministrator");
}

    defaultParameters = parseParameters(defaultQuery);
  }

  @Override
  protected void execute(HttpServletRequest request, HttpServletResponse response, RequestContext context) throws Exception {
    RoleSet roleSet = new RoleSet();
    roleSet.add("gptAdministrator");
    context.getUser().getAuthenticationStatus().authorizeAction(roleSet);
    super.execute(request, response, context);
  }

    SelectablePublishers selectablePublishers = new SelectablePublishers();
    selectablePublishers.build(context, isAdministrator(context));
    Publisher user = selectablePublishers.selectedAsPublisher(context, isAdministrator(context));

    RoleSet roleSet = new RoleSet();
    roleSet.add("gptAdministrator");
    roleSet.add("gptPublisher");
    user.getAuthenticationStatus().authorizeAction(roleSet);

    boolean hostUrlChanged = true;
    boolean titleChanged = true;
    boolean findableChanged = true;

    }

    // check administrator privilege
    if (userWasAuthenticated) {
      if (principals.contains(AsnConstants.PRINCIPAL_ADMINISTRATOR)) {
        RoleSet roles = user.getAuthenticationStatus().getAuthenticatedRoles();
        if (roles.hasRole("gptAdministrator")) {
          return;
        }
      }
    }

    }

    // check administrator privilege
    if (userWasAuthenticated) {
      if (principals.contains(AsnConstants.PRINCIPAL_ADMINISTRATOR)) {
        RoleSet roles = user.getAuthenticationStatus().getAuthenticatedRoles();
        if (roles.hasRole("gptAdministrator")) {
          return true;
        }
      }
    }

/**
 * Asserts the administrator role.
 * @throws NotAuthorizedException if the administrator role has not been granted
 */
private void assertAdministratorRole(User user) throws NotAuthorizedException {
  RoleSet roles = user.getAuthenticationStatus().getAuthenticatedRoles();
  roles.assertRole("gptAdministrator");
}