org.springframework.security.core.GrantedAuthority

public clreplaced Authorization {

    public static final String ROLE_USER = "ROLE_USER";

    public static final String ROLE_OWNER = "ROLE_OWNER";

    public static final GrantedAuthority USER = new SimpleGrantedAuthority(ROLE_USER);

    public static final GrantedAuthority OWNER = new SimpleGrantedAuthority(ROLE_OWNER);

    private Authorization() {
    }
}

public String toString() {
    StringBuilder sb = new StringBuilder();
    sb.append(super.toString()).append(": ");
    sb.append("Username: ").append(this.username).append("; ");
    sb.append("Email: [PROTECTED]; ");
    sb.append("Enabled: ").append(this.enabled).append("; ");
    sb.append("AccountNonExpired: ").append(this.accountNonExpired).append("; ");
    sb.append("credentialsNonExpired: ").append(this.credentialsNonExpired).append("; ");
    sb.append("AccountNonLocked: ").append(this.accountNonLocked).append("; ");
    if (!this.authorities.isEmpty()) {
        sb.append("Granted Authorities: ");
        boolean first = true;
        for (GrantedAuthority auth : this.authorities) {
            if (!first) {
                sb.append(",");
            }
            first = false;
            sb.append(auth);
        }
    } else {
        sb.append("Not granted any authorities");
    }
    return sb.toString();
}

@Override
public Collection<GrantedAuthority> loadUserAuthorities(Long userId) {
    List<UacAction> ownAuthList = uacActionService.getOwnActionListByUserId(userId);
    List<GrantedAuthority> authList = Lists.newArrayList();
    for (UacAction action : ownAuthList) {
        GrantedAuthority grantedAuthority = new SimpleGrantedAuthority(action.getUrl());
        authList.add(grantedAuthority);
    }
    return authList;
}

public clreplaced TestAuthentication implements Authentication {

    private String username = "clemens";

    private String credentials;

    private GrantedAuthority[] authorities;

    private boolean authenticated;

    public TestAuthentication() {
    }

    public TestAuthentication(String username, String credentials, GrantedAuthority[] authorities) {
        this.username = username;
        this.credentials = credentials;
        this.authorities = authorities;
    }

    @Override
    public String getName() {
        return username;
    }

    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
        if (authorities != null) {
            return List.of(authorities);
        } else {
            List<GrantedAuthority> auths = new ArrayList<>();
            auths.add(new TestAuthority());
            return auths;
        }
    }

    @Override
    public Object getCredentials() {
        return credentials;
    }

    @Override
    public Object getDetails() {
        return null;
    }

    @Override
    public Object getPrincipal() {
        SOAPPrincipal principal = new SOAPPrincipal();
        principal.setName(username);
        if (authorities != null) {
            return new CrowdUserDetails(principal, authorities);
        } else {
            return new CrowdUserDetails(principal, getAuthorities().toArray(new GrantedAuthority[] {}));
        }
    }

    @Override
    public boolean isAuthenticated() {
        return authenticated;
    }

    @Override
    public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException {
        this.authenticated = isAuthenticated;
    }

    public clreplaced TestAuthority implements GrantedAuthority {

        @Override
        public String getAuthority() {
            return "testgroup";
        }
    }
}

@Override
public List<Resource> getGrantedResources(GrantedAuthority role) {
    return Optional.ofNullable(role).map(r -> getGrantedResources(Arrays.asList(r))).orElse(Collections.emptyList());
}

@Override
public List<Resource> getGrantedResources(GrantedAuthority role, ResourceMatcher filter) {
    return getGrantedResources(Arrays.asList(role), filter);
}

@Override
public Permission getPermission(String resourceCode, GrantedAuthority authority) {
    return getPermission(resourceCode, Arrays.asList(authority));
}

public void setGrantedAuthorities(Collection<? extends GrantedAuthority> grantedAuthorities) {
    this.authorities = Lists.newArrayList();
    for (GrantedAuthority grantedAuthority : grantedAuthorities) {
        this.authorities.add(new SimpleGrantedAuthority(grantedAuthority.getAuthority()));
    }
}

public clreplaced CoreAuthorityConstants {

    public static final String ROLE_ANONYMOUS = "ROLE_ANONYMOUS";

    public static final String ROLE_AUTHENTICATED = "ROLE_AUTHENTICATED";

    public static final String ROLE_ADMIN = "ROLE_ADMIN";

    /**
     * used for internal calls
     */
    public static final String ROLE_SYSTEM = "ROLE_SYSTEM";

    public static final String RUN_AS_SYSTEM = "RUN_AS_SYSTEM";

    public static final GrantedAuthority AUTHORITY_SYSTEM = new SimpleGrantedAuthority(ROLE_SYSTEM);

    public static final GrantedAuthority AUTHORITY_ADMIN = new SimpleGrantedAuthority(ROLE_ADMIN);

    protected CoreAuthorityConstants() {
    }
}

/**
 * 检测是否存在权限或系统管理员角色
 *
 * @param authorities
 * @param authority
 * @return
 */
public static boolean isExistsAuthority(Collection<GrantedAuthority> authorities, String authority) {
    for (GrantedAuthority grantedAuthority : authorities) {
        if (grantedAuthority.getAuthority().equals(authority) || grantedAuthority.getAuthority().equals(ROLE_PREFIX + SYSTEM_ADMIN)) {
            return true;
        }
    }
    return false;
}

protected OAuth2UserAuthority getOAuth2UserAuthority(Collection<? extends GrantedAuthority> authorities) {
    for (GrantedAuthority authority : authorities) {
        if (authority instanceof OAuth2UserAuthority) {
            return (OAuth2UserAuthority) authority;
        }
    }
    return null;
}

// Converts EUSurvey User to
// org.springframework.security.core.userdetails.User
private org.springframework.security.core.userdetails.User buildUserForAuthentication(User user, List<GrantedAuthority> authorities) {
    logger.debug("in CustomCasAuthenticationManager buildUserForAuthentication");
    for (GrantedAuthority authority : authorities) {
        logger.debug("in MyUserDetailsService buildUserForAuthentication AUTH SHOW " + authority.getAuthority());
    }
    org.springframework.security.core.userdetails.User value;
    try {
        logger.debug("in MyUserDetailsService buildUserForAuthentication try to create the Spring User");
        value = new org.springframework.security.core.userdetails.User(user.getLogin(), null, true, true, true, true, authorities);
    } catch (Exception e) {
        throw new UsernameNotFoundException("Error when trying to convert EUSuevry user to spring user");
    }
    return value;
}

public clreplaced JwtUserSecurityDetailsContext implements UserSecurityDetailsContext {

    private static final GrantedAuthority ROLE_ADMIN = new SimpleGrantedAuthority("admin");

    @Override
    public boolean isAuthorized(Permission operation, AbstractAnnotation annotation) {
        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
        UserSecurityDetails details = (UserSecurityDetails) auth.getPrincipal();
        Collection<? extends GrantedAuthority> roles = auth.getAuthorities();
        if (roles.contains(ROLE_ADMIN) || details.getUser().getPk() == annotation.getOwnerId()) {
            return true;
        }
        return operation == Permission.READ && details.hasAnyGroup(annotation.getGroups());
    }

    @Override
    public boolean isAuthorized(Permission operation, SecurityGroup group) {
        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
        Collection<? extends GrantedAuthority> roles = auth.getAuthorities();
        UserSecurityDetails details = (UserSecurityDetails) auth.getPrincipal();
        if (roles.contains(ROLE_ADMIN) || group.getOwnerId() == details.getUser().getPk()) {
            return true;
        }
        return operation == Permission.READ && details.hasGroup(group.getPk());
    }

    @Override
    public Integer getAuthenticationId() {
        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
        if (auth == null) {
            throw new IllegalStateException("No authentication present in SecurityContext");
        }
        UserSecurityDetails details = (UserSecurityDetails) auth.getPrincipal();
        return details.getUser().getPk();
    }
}

public String toString() {
    StringBuilder sb = new StringBuilder();
    sb.append(super.toString()).append(": ");
    sb.append("Username: ").append(this.username).append("; ");
    sb.append("Preplacedword: [PROTECTED]; ");
    sb.append("UserAccount: ").append(this.userAccount).append("; ");
    // sb.append("UserDept: ").append(this.userDept).append("; ");
    sb.append("UserDuty: ").append(this.userDuty).append("; ");
    sb.append("UserDesc: ").append(this.userDesc).append("; ");
    // sb.append("UserSubSystem: ").append(this.subSystem).append("; ");
    // sb.append("UserIsSys: ").append(this.issys).append("; ");
    sb.append("Enabled: ").append(this.enabled).append("; ");
    sb.append("AccountNonExpired: ").append(this.accountNonExpired).append("; ");
    sb.append("credentialsNonExpired: ").append(this.credentialsNonExpired).append("; ");
    sb.append("AccountNonLocked: ").append(this.accountNonLocked).append("; ");
    if (null != authorities && !authorities.isEmpty()) {
        sb.append("Granted Authorities: ");
        boolean first = true;
        for (GrantedAuthority auth : authorities) {
            if (!first) {
                sb.append(",");
            }
            first = false;
            sb.append(auth);
        }
    } else {
        sb.append("Not granted any authorities");
    }
    return sb.toString();
}

public static TenantGrantedAuthoritySid from(GrantedAuthority ga) {
    return new TenantGrantedAuthoritySid(ga.getAuthority(), MulreplacedenancySupport.getTenant(ga));
}

/**
 * create instance with data from specified authority
 * @param authority
 * @return
 */
public static GrantedAuthorityImpl from(GrantedAuthority authority) {
    return new GrantedAuthorityImpl(authority.getAuthority(), MulreplacedenancySupport.getTenant(authority));
}

public static GrantedAuthority convert(GrantedAuthority authority) {
    if (authority instanceof GrantedAuthorityImpl) {
        return authority;
    }
    return from(authority);
}

/**
 * Check if all of the "ALL" roles match.
 *
 * @param userRolesAll
 *            list of "ALL" roles
 * @param grantedAuthorities
 *            list of granted authorities for the user
 * @param targetObjectProperties
 *            target object properties (retrieved from Solr)
 * @return true if all of the roles are replacedigned to the user, false if any of the roles is missing
 */
private boolean checkRolesAll(List<String> userRolesAll, Collection<? extends GrantedAuthority> grantedAuthorities, Map<String, Object> targetObjectProperties) {
    if (userRolesAll == null || userRolesAll.isEmpty()) {
        // no user roles requested
        return true;
    }
    // all roles must match
    for (String userRole : userRolesAll) {
        // replace placeholders, if any
        userRole = evaluateRole(userRole, targetObjectProperties);
        boolean found = false;
        for (GrantedAuthority authority : grantedAuthorities) {
            if (evaluateAuthorityWildcardRole(userRole, authority.getAuthority())) {
                found = true;
                // if any of the granted roles does match, continue with the next role
                log.debug("Found \"ALL\" matching user role [{}]", userRole);
                break;
            }
        }
        if (!found) {
            // some of the "ALL" roles missing, fail this check
            log.warn("One of the \"ALL\" user roles [{}] is not replacedigned to user", userRole);
            return false;
        }
    }
    return true;
}

/**
 * Check if any of the "ANY" roles match.
 *
 * @param userRolesAny
 *            list of "ANY" roles
 * @param grantedAuthorities
 *            list of granted authorities for the user
 * @param targetObjectProperties
 *            target object properties (retrieved from Solr)
 * @return true if any of the roles are replacedigned to the user, false if none of the roles are replacedigned
 */
private boolean checkRolesAny(List<String> userRolesAny, Collection<? extends GrantedAuthority> grantedAuthorities, Map<String, Object> targetObjectProperties) {
    if (userRolesAny == null || userRolesAny.isEmpty()) {
        // no user roles requested
        return true;
    }
    // any role can match
    for (String userRole : userRolesAny) {
        // replace placeholders, if any
        userRole = evaluateRole(userRole, targetObjectProperties);
        for (GrantedAuthority authority : grantedAuthorities) {
            if (evaluateAuthorityWildcardRole(userRole, authority.getAuthority())) {
                // if any of the granted roles does match, break immediately and return true
                log.debug("Found \"ANY\" matching user role [{}]", userRole);
                return true;
            }
        }
    }
    // none of the "ANY" roles are replacedigned to the user
    log.warn("None of the \"ANY\" user roles are replacedigned to user");
    return false;
}

@Override
public String toString() {
    StringBuilder sb = new StringBuilder();
    sb.append(super.toString()).append(": ");
    sb.append("Username: ").append(this.username).append("; ");
    sb.append("Preplacedword: [PROTECTED]; ");
    sb.append("Enabled: ").append(this.enabled).append("; ");
    sb.append("AccountNonExpired: ").append(this.accountNonExpired).append("; ");
    sb.append("credentialsNonExpired: ").append(this.credentialsNonExpired).append("; ");
    sb.append("AccountNonLocked: ").append(this.accountNonLocked).append("; ");
    sb.append("authUser: ").append(this.authUser.toString()).append("; ");
    sb.append("encodeState: ").append(this.encodeState).append("; ");
    if (!authorities.isEmpty()) {
        sb.append("Granted Authorities: ");
        boolean first = true;
        for (GrantedAuthority auth : authorities) {
            if (!first) {
                sb.append(",");
            }
            first = false;
            sb.append(auth);
        }
    } else {
        sb.append("Not granted any authorities");
    }
    return sb.toString();
}

private static String getOptionalRoleKey(Collection<GrantedAuthority> authorities) {
    if (CollectionUtils.isNotEmpty(authorities)) {
        GrantedAuthority authority = authorities.iterator().next();
        return authority != null ? authority.getAuthority() : null;
    }
    return null;
}

private List authoritiesToArray(Collection<? extends GrantedAuthority> authorities) {
    List<String> list = new ArrayList<>();
    for (GrantedAuthority ga : authorities) {
        list.add(ga.getAuthority());
    }
    return list;
}

protected String formatAuthorities(Collection<? extends GrantedAuthority> authorities) {
    StringBuilder sb = new StringBuilder();
    sb.append("[");
    boolean isFirst = true;
    for (GrantedAuthority a : authorities) {
        if (!isFirst) {
            sb.append(",").append(a.getAuthority());
        } else {
            sb.append(a.getAuthority());
            isFirst = false;
        }
    }
    sb.append("]");
    return sb.toString();
}

/**
 * 获取角色权限
 * @param authorities
 * @return
 */
public List<String> getAuthorities(Collection<? extends GrantedAuthority> authorities) {
    List<String> list = new ArrayList<>();
    for (GrantedAuthority ga : authorities) {
        list.add(ga.getAuthority());
    }
    return list;
}

private boolean hasRoles(Collection<GrantedAuthority> grantedAuthorities) {
    if (this.authorizedRoles == null || this.authorizedRoles.isEmpty())
        return true;
    if (grantedAuthorities == null || grantedAuthorities.isEmpty())
        return false;
    for (String role : authorizedRoles) {
        for (GrantedAuthority grantedAuthority : grantedAuthorities) {
            if (role.equalsIgnoreCase(grantedAuthority.getAuthority()))
                return true;
        }
    }
    return false;
}

public boolean hasRole(String roleName) {
    for (GrantedAuthority grantedAuthority : authorities) {
        if (grantedAuthority.getAuthority().equals(roleName)) {
            return true;
        }
    }
    return false;
}

/**
 * ReportPortal permission evaluator
 *
 * @author Andrei Varabyeu
 */
// TODO add custom exception handling
clreplaced ReportPortalPermissionEvaluator implements PermissionEvaluator {

    private static final GrantedAuthority ADMIN_AUTHORITY = new SimpleGrantedAuthority(UserRole.ADMINISTRATOR.getAuthority());

    /**
     * Mapping between permission names and permissions
     */
    private Map<String, Permission> permissionNameToPermissionMap;

    private boolean allowAllToAdmin;

    public ReportPortalPermissionEvaluator(Map<String, Permission> permissionNameToPermissionMap) {
        this(permissionNameToPermissionMap, true);
    }

    public ReportPortalPermissionEvaluator(Map<String, Permission> permissionNameToPermissionMap, boolean allowAllToAdmin) {
        this.permissionNameToPermissionMap = Preconditions.checkNotNull(permissionNameToPermissionMap);
        this.allowAllToAdmin = allowAllToAdmin;
    }

    @Override
    public boolean hasPermission(Authentication authentication, Object targetDomainObject, Object permission) {
        boolean hasPermission = false;
        if (canHandle(authentication, targetDomainObject, permission)) {
            hasPermission = checkPermission(authentication, targetDomainObject, (String) permission);
        }
        return hasPermission;
    }

    private boolean canHandle(Authentication authentication, Object targetDomainObject, Object permission) {
        return targetDomainObject != null && authentication != null && String.clreplaced.equals(permission.getClreplaced());
    }

    private boolean checkPermission(Authentication authentication, Object targetDomainObject, String permissionKey) {
        verifyPermissionIsDefined(permissionKey);
        if (allowAllToAdmin && authentication.isAuthenticated() && authentication.getAuthorities().contains(ADMIN_AUTHORITY)) {
            return true;
        }
        Permission permission = permissionNameToPermissionMap.get(permissionKey);
        return permission.isAllowed(authentication, targetDomainObject);
    }

    private void verifyPermissionIsDefined(String permissionKey) {
        if (!permissionNameToPermissionMap.containsKey(permissionKey)) {
            throw new PermissionNotDefinedException("No permission with key " + permissionKey + " is defined in " + this.getClreplaced().toString());
        }
    }

    @Override
    public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType, Object permission) {
        throw new PermissionNotDefinedException("Id and Clreplaced permissions are not supperted by " + this.getClreplaced().toString());
    }
}

/**
 * This method will check if current logged in user has given role
 * @param roleName
 * @return true or false - if user has given role
 */
private boolean checkIfUserHasRole(String roleName) {
    for (GrantedAuthority grantedAuthority : SecurityContextHolder.getContext().getAuthentication().getAuthorities()) {
        logger.info("=====>" + grantedAuthority.getAuthority());
    }
    boolean hasUserRole = SecurityContextHolder.getContext().getAuthentication().getAuthorities().stream().anyMatch(r -> r.getAuthority().equals(roleName));
    return hasUserRole;
}

public void addAuthority(GrantedAuthority authority) {
    authorities.add(authority);
}

@Override
public String toString() {
    StringBuilder sb = new StringBuilder();
    sb.append(super.toString()).append(": ");
    sb.append("Username: ").append(this.username).append("; ");
    sb.append("Enabled: ").append(this.enabled).append("; ");
    sb.append("AccountNonExpired: ").append(this.accountNonExpired).append("; ");
    sb.append("credentialsNonExpired: ").append(this.credentialsNonExpired).append("; ");
    sb.append("AccountNonLocked: ").append(this.accountNonLocked).append("; ");
    if (!authorities.isEmpty()) {
        sb.append("Granted Authorities: ");
        boolean first = true;
        for (GrantedAuthority auth : authorities) {
            if (!first) {
                sb.append(",");
            }
            first = false;
            sb.append(auth);
        }
    } else {
        sb.append("Not granted any authorities");
    }
    return sb.toString();
}

/**
 * <pre>
 * Collection 객체  GrantedAuthority를 정렬한다.
 * </pre>
 * @param authorities
 * @return
 */
private static SortedSet<GrantedAuthority> sortAuthorities(Collection<? extends GrantedAuthority> authorities) {
    replacedert.notNull(authorities, "Cannot preplaced a null GrantedAuthority collection");
    // Ensure array iteration order is predictable (as per UserDetails.getAuthorities() contract and SEC-717)
    SortedSet<GrantedAuthority> sortedAuthorities = new TreeSet<>(new AuthorityComparator());
    for (GrantedAuthority grantedAuthority : authorities) {
        replacedert.notNull(grantedAuthority, "GrantedAuthority list cannot contain any null elements");
        sortedAuthorities.add(grantedAuthority);
    }
    return sortedAuthorities;
}

@Override
public String toString() {
    StringBuilder sb = new StringBuilder();
    sb.append(super.toString()).append(": ");
    sb.append("Username: ").append(this.username).append("; ");
    sb.append("Preplacedword: [PROTECTED]; ");
    sb.append("Enabled: ").append(this.enabled).append("; ");
    sb.append("AccountNonExpired: ").append(this.accountNonExpired).append("; ");
    sb.append("credentialsNonExpired: ").append(this.credentialsNonExpired).append("; ");
    sb.append("AccountNonLocked: ").append(this.accountNonLocked).append("; ");
    if (!authorities.isEmpty()) {
        sb.append("Granted Authorities: ");
        boolean first = true;
        for (GrantedAuthority auth : authorities) {
            if (!first) {
                sb.append(",");
            }
            first = false;
            sb.append(auth);
        }
    } else {
        sb.append("Not granted any authorities");
    }
    return sb.toString();
}

private static SortedSet<GrantedAuthority> sortAuthorities(Collection<? extends GrantedAuthority> authorities) {
    replacedert.notNull(authorities, "Cannot preplaced a null GrantedAuthority collection");
    // Ensure array iteration order is predictable (as per UserDetails.getAuthorities() contract and SEC-717)
    SortedSet<GrantedAuthority> sortedAuthorities = new TreeSet<GrantedAuthority>(new AuthorityComparator());
    for (GrantedAuthority grantedAuthority : authorities) {
        replacedert.notNull(grantedAuthority, "GrantedAuthority list cannot contain any null elements");
        sortedAuthorities.add(grantedAuthority);
    }
    return sortedAuthorities;
}

private static SortedSet<GrantedAuthority> sortAuthorities(Collection<? extends GrantedAuthority> authorities) {
    replacedert.notNull(authorities, "Cannot preplaced a null GrantedAuthority collection");
    // Ensure array iteration order is predictable (as per
    // UserDetails.getAuthorities() contract and SEC-717)
    SortedSet<GrantedAuthority> sortedAuthorities = new TreeSet<>();
    for (GrantedAuthority grantedAuthority : authorities) {
        replacedert.notNull(grantedAuthority, "GrantedAuthority list cannot contain any null elements");
        sortedAuthorities.add(grantedAuthority);
    }
    return sortedAuthorities;
}

public static String buildRoleCode(GrantedAuthority role) {
    String result = role.getAuthority();
    if (role instanceof SysRole) {
        result = RoleType.SYS_ROLE.name() + ":" + result;
    } else {
        result = RoleType.APP_ROLE.name() + ":" + result;
    }
    return result;
}

@Override
public List<ResourceRoleRelationship> listGrantedResources(GrantedAuthority role) {
    String roleCode = RbacUtils.buildRoleCode(role);
    return listGrantedResources(roleCode);
}

public ArrayList<GrantedAuthority> queryAuthorizedApps(ArrayList<GrantedAuthority> grantedAuthoritys) {
    String grantedAuthorityString = "'ROLE_ALL_USER'";
    for (GrantedAuthority grantedAuthority : grantedAuthoritys) {
        grantedAuthorityString += ",'" + grantedAuthority.getAuthority() + "'";
    }
    ArrayList<GrantedAuthority> listAuthorizedApps = (ArrayList<GrantedAuthority>) jdbcTemplate.query(String.format(DEFAULT_MYAPPS_SELECT_STATEMENT, grantedAuthorityString), new RowMapper<GrantedAuthority>() {

        public GrantedAuthority mapRow(ResultSet rs, int rowNum) throws SQLException {
            return new SimpleGrantedAuthority(rs.getString("ID"));
        }
    });
    _logger.debug("list Authorized Apps  " + listAuthorizedApps);
    return listAuthorizedApps;
}

private boolean hasAuthority(final UserDetails user, final String name) {
    for (final GrantedAuthority authority : user.getAuthorities()) {
        if (authority.getAuthority().equals(name)) {
            return true;
        }
    }
    return false;
}

@Override
public String toString() {
    StringBuilder sb = new StringBuilder();
    sb.append(super.toString()).append(": ");
    sb.append("Id: ").append(this.id).append("; ");
    sb.append("Username: ").append(this.username).append("; ");
    sb.append("Preplacedword: [PROTECTED]; ");
    sb.append("Enabled: ").append(this.enabled).append("; ");
    sb.append("AccountNonExpired: ").append(this.accountNonExpired).append("; ");
    sb.append("credentialsNonExpired: ").append(this.credentialsNonExpired).append("; ");
    sb.append("AccountNonLocked: ").append(this.accountNonLocked).append("; ");
    if (!authorities.isEmpty()) {
        sb.append("Granted Authorities: ");
        boolean first = true;
        for (GrantedAuthority auth : authorities) {
            if (!first) {
                sb.append(",");
            }
            first = false;
            sb.append(auth);
        }
    } else {
        sb.append("Not granted any authorities");
    }
    return sb.toString();
}

private static SortedSet<GrantedAuthority> sortAuthorities(Collection<? extends GrantedAuthority> authorities) {
    replacedert.notNull(authorities, "Cannot preplaced a null GrantedAuthority collection");
    // Ensure array iteration order is predictable (as per
    // UserDetails.getAuthorities() contract and SEC-717)
    SortedSet<GrantedAuthority> sortedAuthorities = new TreeSet<>(new SimpleUser.AuthorityComparator());
    for (GrantedAuthority grantedAuthority : authorities) {
        replacedert.notNull(grantedAuthority, "GrantedAuthority list cannot contain any null elements");
        sortedAuthorities.add(grantedAuthority);
    }
    return sortedAuthorities;
}

private static SortedSet<GrantedAuthority> sortAuthorities(Collection<? extends GrantedAuthority> authorities) {
    replacedert.notNull(authorities, "Cannot preplaced a null GrantedAuthority collection");
    // Ensure array iteration order is predictable (as per
    // UserDetails.getAuthorities() contract and SEC-717)
    SortedSet<GrantedAuthority> sortedAuthorities = new TreeSet<GrantedAuthority>(new CustomUserDetails.AuthorityComparator());
    for (GrantedAuthority grantedAuthority : authorities) {
        replacedert.notNull(grantedAuthority, "GrantedAuthority list cannot contain any null elements");
        sortedAuthorities.add(grantedAuthority);
    }
    return sortedAuthorities;
}

public static boolean currentUserHasCapability(String capability) {
    ActivitiAppUser user = getCurrentActivitiAppUser();
    for (GrantedAuthority grantedAuthority : user.getAuthorities()) {
        if (capability.equals(grantedAuthority.getAuthority())) {
            return true;
        }
    }
    return false;
}

public static MirrorgateAuthenticationToken createHeaderBasedToken(final String headerValue) {
    GrantedAuthority authority;
    // We keep empty header for back compatibility
    if (StringUtils.isEmpty(headerValue) || headerValue.contains("COLLECTOR")) {
        authority = new SimpleGrantedAuthority(SecurityAuthoritiesEnum.COLLECTOR.toString());
    } else {
        if (headerValue.contains("ANONYMOUS")) {
            authority = new SimpleGrantedAuthority(SecurityAuthoritiesEnum.SCREEN.toString());
        } else {
            authority = new SimpleGrantedAuthority(SecurityAuthoritiesEnum.REGULAR.toString());
        }
    }
    LOG.info("Role replacedigned: " + authority.getAuthority());
    return new MirrorgateAuthenticationToken(headerValue, Collections.singletonList(authority));
}

public Collection getGrantedAuthoritiesMockList() {
    GrantedAuthority grantedAuthority1 = new SimpleGrantedAuthority("ROLE_ADMINISTRATOR");
    GrantedAuthority grantedAuthority2 = new SimpleGrantedAuthority("ROLE_replacedYST");
    GrantedAuthority grantedAuthority3 = new SimpleGrantedAuthority("ROLE_TECHNICIAN");
    GrantedAuthority grantedAuthority4 = new SimpleGrantedAuthority("ACM_ADMINISTRATOR");
    return Arrays.asList(grantedAuthority1, grantedAuthority2, grantedAuthority3, grantedAuthority4);
}

public clreplaced PreplacedwordTokenGranter extends AbstractTokenGranter {

    private static final String GRANT_TYPE = "preplacedword";

    private static final GrantedAuthority PRE_AUTH = new SimpleGrantedAuthority("PRE_AUTH");

    private final AuthenticationManager authenticationManager;

    private final MfaService mfaService;

    public PreplacedwordTokenGranter(AuthorizationServerEndpointsConfigurer endpointsConfigurer, AuthenticationManager authenticationManager, MfaService mfaService) {
        super(endpointsConfigurer.getTokenServices(), endpointsConfigurer.getClientDetailsService(), endpointsConfigurer.getOAuth2RequestFactory(), GRANT_TYPE);
        this.authenticationManager = authenticationManager;
        this.mfaService = mfaService;
    }

    @Override
    protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) {
        Map<String, String> parameters = new LinkedHashMap<>(tokenRequest.getRequestParameters());
        String username = parameters.get("username");
        String preplacedword = parameters.get("preplacedword");
        parameters.remove("preplacedword");
        Authentication userAuth = new UsernamePreplacedwordAuthenticationToken(username, preplacedword);
        ((AbstractAuthenticationToken) userAuth).setDetails(parameters);
        try {
            userAuth = this.authenticationManager.authenticate(userAuth);
        } catch (AccountStatusException | BadCredentialsException e) {
            throw new InvalidGrantException(e.getMessage());
        }
        if (userAuth != null && userAuth.isAuthenticated()) {
            OAuth2Request storedOAuth2Request = this.getRequestFactory().createOAuth2Request(client, tokenRequest);
            if (mfaService.isEnabled(username)) {
                userAuth = new UsernamePreplacedwordAuthenticationToken(username, preplacedword, Collections.singleton(PRE_AUTH));
                OAuth2AccessToken accessToken = getTokenServices().createAccessToken(new OAuth2Authentication(storedOAuth2Request, userAuth));
                throw new MfaRequiredException(accessToken.getValue());
            }
            return new OAuth2Authentication(storedOAuth2Request, userAuth);
        } else {
            throw new InvalidGrantException("Could not authenticate user: " + username);
        }
    }
}

public static final boolean isAuthorityGranted(final GrantedAuthority authority) {
    final Collection<? extends GrantedAuthority> allAuthorities = ((UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getAuthorities();
    return allAuthorities.contains(authority);
}

private boolean isAdmin(Collection<? extends GrantedAuthority> authorities) {
    for (GrantedAuthority grantedAuthority : authorities) {
        if ("ROLE_ADMIN".equals(grantedAuthority.getAuthority())) {
            return true;
        }
    }
    return false;
}

private UsernamePreplacedwordAuthenticationToken getAuthentication(HttpServletRequest request) {
    String token = request.getHeader(HEADER_STRING);
    if (token != null) {
        // parse the token.
        Claims claims = Jwts.parser().setSigningKey(SECRET.getBytes()).parseClaimsJws(token.replace(TOKEN_PREFIX, "")).getBody();
        // Extract the UserName
        String user = claims.getSubject();
        // Extract the Roles
        @SuppressWarnings("unchecked")
        ArrayList<String> roles = (ArrayList<String>) claims.get("roles");
        // Then convert Roles to GrantedAuthority Object for injecting
        ArrayList<GrantedAuthority> list = new ArrayList<>();
        if (roles != null) {
            for (String a : roles) {
                GrantedAuthority g = new SimpleGrantedAuthority(a);
                list.add(g);
            }
        }
        if (user != null) {
            return new UsernamePreplacedwordAuthenticationToken(user, null, list);
        }
    }
    return null;
}

@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
    ArrayList<GrantedAuthority> grantedAuthorities = new ArrayList<>();
    if (ToolUtil.isNotEmpty(this.roleNames)) {
        for (String roleName : this.roleNames) {
            GrantedAuthority grantedAuthority = (GrantedAuthority) () -> roleName;
            grantedAuthorities.add(grantedAuthority);
        }
    }
    return grantedAuthorities;
}

/**
 * Determine if the authentication has the requested role.
 * @param role The role to look for.
 * @return Boolean, true if so, false if not.
 */
protected boolean hasRole(final String role) {
    final String realRole = "ROLE_" + role;
    final Collection<? extends GrantedAuthority> authorities = getLoggedInUser().getAuthorities();
    // Find
    for (final GrantedAuthority authority : authorities) {
        if (authority.getAuthority().equals(realRole)) {
            return true;
        }
    }
    return false;
}

See More Examples