SEC-545: Added utility methods for checking if user has a particular role to existing AuthorityUtils class. Class may be renamed at some point as more functionality is added.

core/src/main/java/org/springframework/security/util/AuthorityUtils.java

@@ -1,14 +1,55 @@
 package org.springframework.security.util;
 
+import org.springframework.security.Authentication;
 import org.springframework.security.GrantedAuthority;
 import org.springframework.security.GrantedAuthorityImpl;
+import org.springframework.security.context.SecurityContextHolder;
 import org.springframework.util.StringUtils;
 
+import java.util.HashSet;
+import java.util.Set;
+
 /**
- * @author luke
+ * @author Luke Taylor
  * @version $Id$
  */
 public abstract class AuthorityUtils {
+    public static final GrantedAuthority[] NO_AUTHORITIES = new GrantedAuthority[0];
+
+    /**
+     * Returns true if the current user has the specified authority.
+     *
+     * @param authority the authority to test for (e.g. "ROLE_A").
+     * @return true if a GrantedAuthority object with the same string representation as the supplied authority
+     * name exists in the current user's list of authorities. False otherwise, or if the user in not authenticated.
+     */
+    public static boolean userHasAuthority(String authority) {
+        GrantedAuthority[] authorities = getUserAuthorities();
+
+        for (int i = 0; i < authorities.length; i++) {
+            if (authority.equals(authorities[i].getAuthority())) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    /**
+     * Returns the authorities of the current user.
+     *
+     * @return an array containing the current user's authorities (or an empty array if not authenticated), never null.
+     */
+    private static GrantedAuthority[] getUserAuthorities() {
+        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
+
+        if (auth == null || auth.getAuthorities() == null) {
+            return NO_AUTHORITIES;
+        }
+
+        return auth.getAuthorities();
+    }
+
 
     /**
      * Creates a array of GrantedAuthority objects from a comma-separated string
@@ -28,5 +69,27 @@ public abstract class AuthorityUtils {
         return authorities;
     }
 
+    /**
+     * Converts an array of GrantedAuthority objects to a Set.
+     * @return a Set of the Strings obtained from each call to GrantedAuthority.getAuthority()
+     */
+    public static Set authorityArrayToSet(GrantedAuthority[] authorities) {
+        Set set = new HashSet(authorities.length);
+
+        for (int i = 0; i < authorities.length; i++) {
+            set.add(authorities[i].getAuthority());
+        }
+
+        return set;
+    }
+
+    public static GrantedAuthority[] stringArrayToAuthorityArray(String[] roles) {
+        GrantedAuthority[] authorities = new GrantedAuthority[roles.length];
 
+        for (int i=0; i < roles.length; i++) {
+            authorities[i] = new GrantedAuthorityImpl(roles[i]);
+        }
+
+        return authorities;
+    }
 }

core/src/test/java/org/springframework/security/util/AuthorityUtilsTests.java

@@ -0,0 +1,63 @@
+package org.springframework.security.util;
+
+import org.springframework.security.GrantedAuthority;
+import org.springframework.security.context.SecurityContextHolder;
+import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
+
+import org.junit.After;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.util.Set;
+
+/**
+ * @author Luke Taylor
+ * @version $Id$
+ */
+public class AuthorityUtilsTests {
+
+    @Before
+    @After
+    public void clearContext() {
+        SecurityContextHolder.clearContext();
+    }
+
+    @Test
+    public void userHasAuthorityReturnsFalseForUnauthenticatedUser() {
+        assertFalse(AuthorityUtils.userHasAuthority("SOME_AUTHORITY"));
+    }
+
+    @Test
+    public void userHasAuthorityReturnsFalseWhenUserHasNoAuthorities() {
+        SecurityContextHolder.getContext().setAuthentication(
+                new UsernamePasswordAuthenticationToken("user", "password"));
+        assertFalse(AuthorityUtils.userHasAuthority("SOME_AUTHORITY"));
+    }
+
+    @Test
+    public void userHasAuthorityReturnsTrueWhenUserHasCorrectAuthority() {
+        SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("user", "password",
+                AuthorityUtils.stringArrayToAuthorityArray(new String[] {"A", "B"})));
+        assertTrue(AuthorityUtils.userHasAuthority("A"));
+        assertTrue(AuthorityUtils.userHasAuthority("B"));
+        assertFalse(AuthorityUtils.userHasAuthority("C"));
+    }
+
+    @Test
+    public void commaSeparatedStringIsParsedCorrectly() {
+        GrantedAuthority[] authorityArray =
+                AuthorityUtils.commaSeparatedStringToAuthorityArray(" ROLE_A, B, C, ROLE_D, E ");
+
+        Set authorities = AuthorityUtils.authorityArrayToSet(authorityArray);
+
+        assertTrue(authorities.contains("B"));
+        assertTrue(authorities.contains("C"));
+        assertTrue(authorities.contains("E"));
+        assertTrue(authorities.contains("ROLE_A"));
+        assertTrue(authorities.contains("ROLE_D"));
+    }
+
+
+}