use of com.agiletec.aps.system.services.role.Role in project entando-core by entando.
the class TestAuthorityManager method testSetRemoveUserAuthorizations_2.
public void testSetRemoveUserAuthorizations_2() throws Throwable {
String username = "pageManagerCustomers";
String notExistentGroupName = "testgroupname";
String existentGroupName = "management";
String roleName = "pageManager";
Role roleForTest = this.getRole(roleName);
assertNotNull(roleForTest);
// existent group
Group existentGroup = this.getGroup(existentGroupName);
assertNotNull(existentGroup);
// nonexistent group
Group nonExistentGroup = this.createGroupForTest(notExistentGroupName);
List<String> usersByGroup = this._authorizationManager.getUsersByAuthority(existentGroup, false);
assertNotNull(usersByGroup);
assertEquals(0, usersByGroup.size());
usersByGroup = this._authorizationManager.getUsersByGroup(nonExistentGroup, false);
assertNull(usersByGroup);
try {
Authorization auth1 = new Authorization(existentGroup, roleForTest);
Authorization auth2 = new Authorization(nonExistentGroup, roleForTest);
List<Authorization> authorizations = new ArrayList<Authorization>();
authorizations.add(auth1);
authorizations.add(auth2);
this._authorizationManager.addUserAuthorizations(username, authorizations);
usersByGroup = this._authorizationManager.getUsersByAuthority(existentGroup, false);
assertNotNull(usersByGroup);
assertEquals(1, usersByGroup.size());
usersByGroup = this._authorizationManager.getUsersByGroup(nonExistentGroup, false);
assertNull(usersByGroup);
} catch (Throwable t) {
this._authorizationManager.deleteUserAuthorization(username, notExistentGroupName, roleName);
throw t;
} finally {
this._authorizationManager.deleteUserAuthorization(username, existentGroupName, roleName);
usersByGroup = this._authorizationManager.getUsersByAuthority(existentGroup, false);
assertNotNull(usersByGroup);
assertEquals(0, usersByGroup.size());
}
}
use of com.agiletec.aps.system.services.role.Role in project entando-core by entando.
the class TestAuthorityManager method testGetUsersByAuthority_1.
public void testGetUsersByAuthority_1() throws Throwable {
Role role = this.getRole("pageManager");
List<String> usersByRole = this._authorizationManager.getUsersByAuthority(role, false);
assertNotNull(usersByRole);
assertTrue(usersByRole.size() >= 2);
usersByRole = this._authorizationManager.getUsersByRole(role, false);
assertNotNull(usersByRole);
assertTrue(usersByRole.size() >= 2);
List<String> usersByInvalidGroup = this._authorizationManager.getUsersByGroup(role, false);
assertNull(usersByInvalidGroup);
Group group = this.getGroup("coach");
List<String> usersByGroup = this._authorizationManager.getUsersByAuthority(group, false);
assertNotNull(usersByGroup);
assertTrue(usersByGroup.size() >= 3);
List<String> usersByNullGroup = this._authorizationManager.getUsersByAuthority(null, false);
assertNull(usersByNullGroup);
Group noExistingGroup = new Group();
noExistingGroup.setName("test");
noExistingGroup.setDescription("test");
List<String> usersByInvaliGroup = this._authorizationManager.getUsersByGroup(noExistingGroup, false);
assertNull(usersByInvaliGroup);
}
use of com.agiletec.aps.system.services.role.Role in project entando-core by entando.
the class ApiRestServer method extractOAuthParameters.
protected void extractOAuthParameters(HttpServletRequest request, String permission) throws ApiException {
try {
_logger.info("Permission required: {}", permission);
OAuthAccessResourceRequest requestMessage = new OAuthAccessResourceRequest(request, ParameterStyle.HEADER);
// Get the access token
String accessToken = requestMessage.getAccessToken();
IApiOAuth2TokenManager tokenManager = (IApiOAuth2TokenManager) ApsWebApplicationUtils.getBean(IApiOAuth2TokenManager.BEAN_NAME, request);
final OAuth2Token token = tokenManager.getApiOAuth2Token(accessToken);
if (token != null) {
// Validate the access token
if (!token.getAccessToken().equals(accessToken)) {
throw new ApiException(IApiErrorCodes.API_AUTHENTICATION_REQUIRED, "Token does not match", Response.Status.UNAUTHORIZED);
} else // check if access token is expired
if (token.getExpiresIn().getTime() < System.currentTimeMillis()) {
throw new ApiException(IApiErrorCodes.API_AUTHENTICATION_REQUIRED, "Token expired", Response.Status.UNAUTHORIZED);
}
String username = token.getClientId();
IUserManager userManager = (IUserManager) ApsWebApplicationUtils.getBean(SystemConstants.USER_MANAGER, request);
UserDetails user = userManager.getUser(username);
if (user != null) {
_logger.info("User {} requesting resource that requires {} permission ", username, permission);
request.getSession().setAttribute(SystemConstants.SESSIONPARAM_CURRENT_USER, user);
if (permission != null) {
IAuthorizationManager authManager = (IAuthorizationManager) ApsWebApplicationUtils.getBean(SystemConstants.AUTHORIZATION_SERVICE, request);
user.addAuthorizations(authManager.getUserAuthorizations(username));
if (!authManager.isAuthOnPermission(user, permission)) {
List<Role> roles = authManager.getUserRoles(user);
for (Role role : roles) {
_logger.info("User {} requesting resource has {} permission ", username, role.getPermissions().toArray()[0]);
}
_logger.info("User {} requesting resource has {} permission ", username, "none");
throw new ApiException(IApiErrorCodes.API_AUTHENTICATION_REQUIRED, "Authentication Required", Response.Status.UNAUTHORIZED);
}
}
}
} else {
if (accessToken != null) {
throw new ApiException(IApiErrorCodes.API_AUTHENTICATION_REQUIRED, "Token not found, request new one", Response.Status.UNAUTHORIZED);
}
throw new ApiException(IApiErrorCodes.API_AUTHENTICATION_REQUIRED, "Authentication Required", Response.Status.UNAUTHORIZED);
}
} catch (OAuthSystemException | ApsSystemException | OAuthProblemException ex) {
_logger.error("System exception {}", ex);
throw new ApiException(IApiErrorCodes.SERVER_ERROR, ex.getMessage(), Response.Status.INTERNAL_SERVER_ERROR);
}
}
use of com.agiletec.aps.system.services.role.Role in project entando-core by entando.
the class RoleService method getRoleReferences.
@SuppressWarnings({ "unchecked", "rawtypes" })
@Override
public PagedMetadata<UserDto> getRoleReferences(String roleCode, RestListRequest restRequest) {
Role role = this.getRoleManager().getRole(roleCode);
if (null == role) {
logger.warn("no role found with code {}", roleCode);
throw new RestRourceNotFoundException(RoleValidator.ERRCODE_ROLE_NOT_FOUND, "role", roleCode);
}
List<UserDto> dtoList = this.getAuthorizationService().getRoleUtilizer(roleCode);
List<UserDto> subList = restRequest.getSublist(dtoList);
SearcherDaoPaginatedResult<UserDto> pagedResult = new SearcherDaoPaginatedResult(dtoList.size(), subList);
PagedMetadata<UserDto> pagedMetadata = new PagedMetadata<>(restRequest, pagedResult);
pagedMetadata.setBody(subList);
return pagedMetadata;
}
use of com.agiletec.aps.system.services.role.Role in project entando-core by entando.
the class RoleService method getRole.
@Override
public RoleDto getRole(String roleCode) {
Role role = this.getRoleManager().getRole(roleCode);
if (null == role) {
logger.warn("no role found with code {}", roleCode);
throw new RestRourceNotFoundException(RoleValidator.ERRCODE_ROLE_NOT_FOUND, "role", roleCode);
}
RoleDto dto = this.getDtoBuilder().toDto(role, this.getRoleManager().getPermissionsCodes());
return dto;
}
Aggregations