Example 21 with Role
use of com.agiletec.aps.system.services.role.Role in project entando-core by entando.
the class TestAuthorityManager method testSetRemoveUserAuthorizations_2.
public void testSetRemoveUserAuthorizations_2() throws Throwable {
String username = "pageManagerCustomers";
String notExistentGroupName = "testgroupname";
String existentGroupName = "management";
String roleName = "pageManager";
Role roleForTest = this.getRole(roleName);
assertNotNull(roleForTest);
// existent group
Group existentGroup = this.getGroup(existentGroupName);
assertNotNull(existentGroup);
// nonexistent group
Group nonExistentGroup = this.createGroupForTest(notExistentGroupName);
List<String> usersByGroup = this._authorizationManager.getUsersByAuthority(existentGroup, false);
assertNotNull(usersByGroup);
assertEquals(0, usersByGroup.size());
usersByGroup = this._authorizationManager.getUsersByGroup(nonExistentGroup, false);
assertNull(usersByGroup);
try {
Authorization auth1 = new Authorization(existentGroup, roleForTest);
Authorization auth2 = new Authorization(nonExistentGroup, roleForTest);
List<Authorization> authorizations = new ArrayList<Authorization>();
authorizations.add(auth1);
authorizations.add(auth2);
this._authorizationManager.addUserAuthorizations(username, authorizations);
usersByGroup = this._authorizationManager.getUsersByAuthority(existentGroup, false);
assertNotNull(usersByGroup);
assertEquals(1, usersByGroup.size());
usersByGroup = this._authorizationManager.getUsersByGroup(nonExistentGroup, false);
assertNull(usersByGroup);
} catch (Throwable t) {
this._authorizationManager.deleteUserAuthorization(username, notExistentGroupName, roleName);
throw t;
} finally {
this._authorizationManager.deleteUserAuthorization(username, existentGroupName, roleName);
usersByGroup = this._authorizationManager.getUsersByAuthority(existentGroup, false);
assertNotNull(usersByGroup);
assertEquals(0, usersByGroup.size());
}
}Example 22 with Role
use of com.agiletec.aps.system.services.role.Role in project entando-core by entando.
the class TestAuthorityManager method testGetUsersByAuthority_1.
public void testGetUsersByAuthority_1() throws Throwable {
Role role = this.getRole("pageManager");
List<String> usersByRole = this._authorizationManager.getUsersByAuthority(role, false);
assertNotNull(usersByRole);
assertTrue(usersByRole.size() >= 2);
usersByRole = this._authorizationManager.getUsersByRole(role, false);
assertNotNull(usersByRole);
assertTrue(usersByRole.size() >= 2);
List<String> usersByInvalidGroup = this._authorizationManager.getUsersByGroup(role, false);
assertNull(usersByInvalidGroup);
Group group = this.getGroup("coach");
List<String> usersByGroup = this._authorizationManager.getUsersByAuthority(group, false);
assertNotNull(usersByGroup);
assertTrue(usersByGroup.size() >= 3);
List<String> usersByNullGroup = this._authorizationManager.getUsersByAuthority(null, false);
assertNull(usersByNullGroup);
Group noExistingGroup = new Group();
noExistingGroup.setName("test");
noExistingGroup.setDescription("test");
List<String> usersByInvaliGroup = this._authorizationManager.getUsersByGroup(noExistingGroup, false);
assertNull(usersByInvaliGroup);
}Example 23 with Role
use of com.agiletec.aps.system.services.role.Role in project entando-core by entando.
the class ApiRestServer method extractOAuthParameters.
protected void extractOAuthParameters(HttpServletRequest request, String permission) throws ApiException {
try {
_logger.info("Permission required: {}", permission);
OAuthAccessResourceRequest requestMessage = new OAuthAccessResourceRequest(request, ParameterStyle.HEADER);
// Get the access token
String accessToken = requestMessage.getAccessToken();
IApiOAuth2TokenManager tokenManager = (IApiOAuth2TokenManager) ApsWebApplicationUtils.getBean(IApiOAuth2TokenManager.BEAN_NAME, request);
final OAuth2Token token = tokenManager.getApiOAuth2Token(accessToken);
if (token != null) {
// Validate the access token
if (!token.getAccessToken().equals(accessToken)) {
throw new ApiException(IApiErrorCodes.API_AUTHENTICATION_REQUIRED, "Token does not match", Response.Status.UNAUTHORIZED);
} else // check if access token is expired
if (token.getExpiresIn().getTime() < System.currentTimeMillis()) {
throw new ApiException(IApiErrorCodes.API_AUTHENTICATION_REQUIRED, "Token expired", Response.Status.UNAUTHORIZED);
}
String username = token.getClientId();
IUserManager userManager = (IUserManager) ApsWebApplicationUtils.getBean(SystemConstants.USER_MANAGER, request);
UserDetails user = userManager.getUser(username);
if (user != null) {
_logger.info("User {} requesting resource that requires {} permission ", username, permission);
request.getSession().setAttribute(SystemConstants.SESSIONPARAM_CURRENT_USER, user);
if (permission != null) {
IAuthorizationManager authManager = (IAuthorizationManager) ApsWebApplicationUtils.getBean(SystemConstants.AUTHORIZATION_SERVICE, request);
user.addAuthorizations(authManager.getUserAuthorizations(username));
if (!authManager.isAuthOnPermission(user, permission)) {
List<Role> roles = authManager.getUserRoles(user);
for (Role role : roles) {
_logger.info("User {} requesting resource has {} permission ", username, role.getPermissions().toArray()[0]);
}
_logger.info("User {} requesting resource has {} permission ", username, "none");
throw new ApiException(IApiErrorCodes.API_AUTHENTICATION_REQUIRED, "Authentication Required", Response.Status.UNAUTHORIZED);
}
}
}
} else {
if (accessToken != null) {
throw new ApiException(IApiErrorCodes.API_AUTHENTICATION_REQUIRED, "Token not found, request new one", Response.Status.UNAUTHORIZED);
}
throw new ApiException(IApiErrorCodes.API_AUTHENTICATION_REQUIRED, "Authentication Required", Response.Status.UNAUTHORIZED);
}
} catch (OAuthSystemException | ApsSystemException | OAuthProblemException ex) {
_logger.error("System exception {}", ex);
throw new ApiException(IApiErrorCodes.SERVER_ERROR, ex.getMessage(), Response.Status.INTERNAL_SERVER_ERROR);
}
}
Also used :
OAuthAccessResourceRequest(org.apache.oltu.oauth2.rs.request.OAuthAccessResourceRequest)
IUserManager(com.agiletec.aps.system.services.user.IUserManager)
OAuthSystemException(org.apache.oltu.oauth2.common.exception.OAuthSystemException)
OAuth2Token(org.entando.entando.aps.system.services.oauth2.model.OAuth2Token)
ApsSystemException(com.agiletec.aps.system.exception.ApsSystemException)
IAuthorizationManager(com.agiletec.aps.system.services.authorization.IAuthorizationManager)
Role(com.agiletec.aps.system.services.role.Role)
OAuthProblemException(org.apache.oltu.oauth2.common.exception.OAuthProblemException)
UserDetails(com.agiletec.aps.system.services.user.UserDetails)
IApiOAuth2TokenManager(org.entando.entando.aps.system.services.oauth2.IApiOAuth2TokenManager)
Example 24 with Role
use of com.agiletec.aps.system.services.role.Role in project entando-core by entando.
the class RoleService method getRoleReferences.
@SuppressWarnings({ "unchecked", "rawtypes" })
@Override
public PagedMetadata<UserDto> getRoleReferences(String roleCode, RestListRequest restRequest) {
Role role = this.getRoleManager().getRole(roleCode);
if (null == role) {
logger.warn("no role found with code {}", roleCode);
throw new RestRourceNotFoundException(RoleValidator.ERRCODE_ROLE_NOT_FOUND, "role", roleCode);
}
List<UserDto> dtoList = this.getAuthorizationService().getRoleUtilizer(roleCode);
List<UserDto> subList = restRequest.getSublist(dtoList);
SearcherDaoPaginatedResult<UserDto> pagedResult = new SearcherDaoPaginatedResult(dtoList.size(), subList);
PagedMetadata<UserDto> pagedMetadata = new PagedMetadata<>(restRequest, pagedResult);
pagedMetadata.setBody(subList);
return pagedMetadata;
}
Also used :
Role(com.agiletec.aps.system.services.role.Role)
RestRourceNotFoundException(org.entando.entando.aps.system.exception.RestRourceNotFoundException)
PagedMetadata(org.entando.entando.web.common.model.PagedMetadata)
UserDto(org.entando.entando.aps.system.services.user.model.UserDto)
SearcherDaoPaginatedResult(com.agiletec.aps.system.common.model.dao.SearcherDaoPaginatedResult)
Example 25 with Role
use of com.agiletec.aps.system.services.role.Role in project entando-core by entando.
the class RoleService method getRole.
@Override
public RoleDto getRole(String roleCode) {
Role role = this.getRoleManager().getRole(roleCode);
if (null == role) {
logger.warn("no role found with code {}", roleCode);
throw new RestRourceNotFoundException(RoleValidator.ERRCODE_ROLE_NOT_FOUND, "role", roleCode);
}
RoleDto dto = this.getDtoBuilder().toDto(role, this.getRoleManager().getPermissionsCodes());
return dto;
}
Also used :
Role(com.agiletec.aps.system.services.role.Role)
RestRourceNotFoundException(org.entando.entando.aps.system.exception.RestRourceNotFoundException)
RoleDto(org.entando.entando.aps.system.services.role.model.RoleDto)
Aggregations
Role (com.agiletec.aps.system.services.role.Role)40
Group (com.agiletec.aps.system.services.group.Group)13
ApsSystemException (com.agiletec.aps.system.exception.ApsSystemException)9
ArrayList (java.util.ArrayList)5
RoleDto (org.entando.entando.aps.system.services.role.model.RoleDto)5
SearcherDaoPaginatedResult (com.agiletec.aps.system.common.model.dao.SearcherDaoPaginatedResult)4
IRoleManager (com.agiletec.aps.system.services.role.IRoleManager)4
List (java.util.List)4
RestRourceNotFoundException (org.entando.entando.aps.system.exception.RestRourceNotFoundException)4
RestServerError (org.entando.entando.aps.system.exception.RestServerError)4
ValidationConflictException (org.entando.entando.web.common.exceptions.ValidationConflictException)4
PagedMetadata (org.entando.entando.web.common.model.PagedMetadata)4
FieldSearchFilter (com.agiletec.aps.system.common.FieldSearchFilter)3
UserDetails (com.agiletec.aps.system.services.user.UserDetails)3
UserDto (org.entando.entando.aps.system.services.user.model.UserDto)3
Filter (org.entando.entando.web.common.model.Filter)3
RoleRequest (org.entando.entando.web.role.model.RoleRequest)3
BeanPropertyBindingResult (org.springframework.validation.BeanPropertyBindingResult)3
Authorization (com.agiletec.aps.system.services.authorization.Authorization)2
IAuthorizationService (com.agiletec.aps.system.services.authorization.IAuthorizationService)2
