programmaticly check is principial role against RoleHierarchyVoter voter

**denov** · May 22nd, 2009, 12:56 PM

i'm using RoleHierarchyVoter and would like to programmaticly check if an user role has rights to any give role after they log in.

i'm working on some user managerment stuff and would like to prevent a user setting his or somebody else's role greater than their own.

**denov** · May 22nd, 2009, 08:19 PM

here's the method i came up with;

Code:

    
public void changeUserRole(User user, UserRole role) throws UserManagerException {
        boolean hasAuth = false;
        GrantedAuthority[] grantedAuthorities = _roleHierrarchy.getReachableGrantedAuthorities(CurrentUserManagerImpl.getUserFromSecurityContext().getAuthorities());
        for(GrantedAuthority ga : grantedAuthorities) {
            if(ga.toString().equalsIgnoreCase(role.toString())) hasAuth = true;
        }

        try {
            if(hasAuth) {
                _userDao.setRole(user, role);
            } else {
                String adminUser = CurrentUserManagerImpl.getUserFromSecurityContext().getUsername();
                LOG.error(adminUser + " doesn't have rights to set: " + user.getUsername() + " to role: " + role.toString());
                throw new UserManagerException(adminUser + " doesn't have rights to set: " + user.getUsername() + " to role: " + role.toString());
            }
        } catch (UserDaoExpection userDaoExpection) {
            throw new UserManagerException(userDaoExpection.getMessage());
        }
    }

i'm injecting the roleHierrarchy bean from my security context config.

Thread: programmaticly check is principial role against RoleHierarchyVoter voter

Thread Tools

Display

programmaticly check is principial role against RoleHierarchyVoter voter

my solution

Posting Permissions