Examples with Role com.bluenimble.platform.apis.mgm.Role used on opensource projects

Search in sources :

Example 1 with Role

use of com.bluenimble.platform.apis.mgm.Role in project serverless by bluenimble.

the class GetKeysSpi method execute.

@Override
public ApiOutput execute(Api api, final ApiConsumer consumer, ApiRequest request, ApiResponse response) throws ApiServiceExecutionException {
    String accessKey = (String) request.get(ApiConsumer.Fields.AccessKey);
    String paraphrase = (String) request.get(Spec.Paraphrase);
    if (!MgmUtils.isSecure(request.getService())) {
        return getNotSecure(api, request, accessKey, paraphrase);
    }
    Role cRole = Role.valueOf((String) consumer.get(CommonSpec.Role));
    String cAccessKey = (String) consumer.get(ApiConsumer.Fields.AccessKey);
    ApiSpace keysSpace = null;
    KeyPair kp;
    // if consumer is super
    try {
        if (Role.SUPER.equals(cRole)) {
            // If super is calling this service, accessKey should be prefixed by space namespace
            int indexOfDot = accessKey.indexOf(Lang.DOT);
            if (indexOfDot <= 0) {
                throw new ApiServiceExecutionException("invalid accessKey. Using super privileges, you should prefix the accessKey by the space.").status(ApiResponse.BAD_REQUEST);
            }
            String space = accessKey.substring(0, indexOfDot);
            accessKey = accessKey.substring(indexOfDot + 1);
            keysSpace = api.space().space(space);
        } else {
            keysSpace = MgmUtils.space(consumer, api);
        }
    } catch (Exception e) {
        throw new ApiServiceExecutionException("access denied. " + e.getMessage(), e).status(ApiResponse.FORBIDDEN);
    }
    try {
        kp = keysSpace.keystore().get(accessKey, true);
    } catch (Exception e) {
        throw new ApiServiceExecutionException("can't access space keystore").status(ApiResponse.FORBIDDEN);
    }
    if (kp == null) {
        throw new ApiServiceExecutionException("accessKey " + accessKey + " not found").status(ApiResponse.NOT_FOUND);
    }
    if (cAccessKey.equals(keysSpace.getNamespace() + Lang.DOT + accessKey)) {
        try {
            return toOutput(kp, paraphrase, keysSpace, api, request);
        } catch (Exception e) {
            throw new ApiServiceExecutionException(e.getMessage(), e);
        }
    }
    Role keysRole = Role.valueOf((String) kp.property(CommonSpec.Role));
    if (Role.DEVELOPER.equals(cRole)) {
        throw new ApiServiceExecutionException("access denied").status(ApiResponse.FORBIDDEN);
    }
    if (Role.ADMIN.equals(cRole) && Role.ADMIN.equals(keysRole)) {
        throw new ApiServiceExecutionException("access denied. only super keys can read ADMIN keys").status(ApiResponse.FORBIDDEN);
    }
    try {
        return toOutput(kp, paraphrase, keysSpace, api, request);
    } catch (Exception e) {
        throw new ApiServiceExecutionException(e.getMessage(), e);
    }
}
Also used : Role(com.bluenimble.platform.apis.mgm.Role) KeyPair(com.bluenimble.platform.security.KeyPair) ApiSpace(com.bluenimble.platform.api.ApiSpace) ApiServiceExecutionException(com.bluenimble.platform.api.ApiServiceExecutionException) ApiServiceExecutionException(com.bluenimble.platform.api.ApiServiceExecutionException) ApiAccessDeniedException(com.bluenimble.platform.api.ApiAccessDeniedException) EncryptionProviderException(com.bluenimble.platform.security.EncryptionProviderException)

Example 2 with Role

use of com.bluenimble.platform.apis.mgm.Role in project serverless by bluenimble.

the class CreateKeysSpi method execute.

@Override
public ApiOutput execute(Api api, ApiConsumer consumer, ApiRequest request, ApiResponse response) throws ApiServiceExecutionException {
    JsonObject payload = (JsonObject) request.get(ApiRequest.Payload);
    Role cRole = Role.valueOf((String) consumer.get(CommonSpec.Role));
    Role role = Role.SUPER.equals(cRole) ? Role.ADMIN : Role.DEVELOPER;
    String sRole = Json.getString(payload, CommonSpec.Role);
    if (!Lang.isNullOrEmpty(sRole)) {
        try {
            role = Role.valueOf(sRole.trim().toUpperCase());
        } catch (Exception ex) {
        // undefined role
        }
    }
    if (Role.SUPER.equals(cRole) && role.equals(Role.DEVELOPER)) {
        throw new ApiServiceExecutionException("super users can't create developer keys").status(ApiResponse.FORBIDDEN);
    }
    if (Role.ADMIN.equals(cRole) && role.equals(Role.ADMIN)) {
        throw new ApiServiceExecutionException("admin users can't create admin keys").status(ApiResponse.FORBIDDEN);
    }
    ApiSpace space;
    if (Role.SUPER.equals(cRole)) {
        String spaceNs = Json.getString(payload, Spec.Space);
        if (Lang.isNullOrEmpty(spaceNs)) {
            throw new ApiServiceExecutionException("no space found in payload").status(ApiResponse.BAD_REQUEST);
        }
        try {
            space = api.space().space(spaceNs);
        } catch (ApiAccessDeniedException e) {
            throw new ApiServiceExecutionException(e.getMessage(), e).status(ApiResponse.FORBIDDEN);
        }
    } else {
        try {
            space = MgmUtils.space(consumer, api);
        } catch (ApiAccessDeniedException e) {
            throw new ApiServiceExecutionException(e.getMessage(), e).status(ApiResponse.FORBIDDEN);
        }
    }
    if (space == null) {
        throw new ApiServiceExecutionException("target space where to create the keys isn't found").status(ApiResponse.BAD_REQUEST);
    }
    Map<String, Object> properties = new HashMap<String, Object>();
    properties.put(CommonSpec.Role, role.name());
    Date expiryDate = null;
    if (!Json.isNullOrEmpty(payload)) {
        expiryDate = (Date) payload.get(KeyPair.Fields.ExpiryDate);
        Iterator<String> props = payload.keys();
        while (props.hasNext()) {
            String p = props.next();
            if (Exclude.contains(p)) {
                continue;
            }
            properties.put(p, payload.get(p));
        }
    }
    List<KeyPair> list = null;
    try {
        list = space.keystore().create(1, expiryDate, properties);
    } catch (SpaceKeyStoreException e) {
        throw new ApiServiceExecutionException(e.getMessage(), e).status(ApiResponse.BAD_REQUEST);
    }
    if (list == null) {
        return new JsonApiOutput(null);
    }
    return new JsonApiOutput(list.get(0).toJson());
}
Also used : KeyPair(com.bluenimble.platform.security.KeyPair) HashMap(java.util.HashMap) JsonObject(com.bluenimble.platform.json.JsonObject) ApiServiceExecutionException(com.bluenimble.platform.api.ApiServiceExecutionException) ApiAccessDeniedException(com.bluenimble.platform.api.ApiAccessDeniedException) SpaceKeyStoreException(com.bluenimble.platform.security.SpaceKeyStoreException) Date(java.util.Date) Role(com.bluenimble.platform.apis.mgm.Role) ApiAccessDeniedException(com.bluenimble.platform.api.ApiAccessDeniedException) ApiSpace(com.bluenimble.platform.api.ApiSpace) SpaceKeyStoreException(com.bluenimble.platform.security.SpaceKeyStoreException) ApiServiceExecutionException(com.bluenimble.platform.api.ApiServiceExecutionException) JsonObject(com.bluenimble.platform.json.JsonObject) JsonApiOutput(com.bluenimble.platform.api.impls.JsonApiOutput)

Example 3 with Role

use of com.bluenimble.platform.apis.mgm.Role in project serverless by bluenimble.

the class ListKeysSpi method execute.

@Override
public ApiOutput execute(Api api, ApiConsumer consumer, ApiRequest request, ApiResponse response) throws ApiServiceExecutionException {
    Role cRole = Role.valueOf((String) consumer.get(CommonSpec.Role));
    int offset = (Integer) request.get(Spec.Offset);
    int length = (Integer) request.get(Spec.Length);
    String sFilters = (String) request.get(Spec.Filters);
    SpaceKeyStore.ListFilter[] filters = null;
    if (!Lang.isNullOrEmpty(sFilters)) {
        String[] aFilters = Lang.split(sFilters, Lang.COMMA, true);
        filters = new SpaceKeyStore.ListFilter[aFilters.length + 1];
        for (int i = 0; i < aFilters.length; i++) {
            String f = aFilters[i];
            int idexOfStartUnderscore = f.indexOf(Token);
            if (idexOfStartUnderscore < -1) {
                continue;
            }
            int idexOfEndUnderscore = f.indexOf(Token, idexOfStartUnderscore + 2);
            if (idexOfEndUnderscore < -1) {
                continue;
            }
            filters[i] = new SpaceKeyStore.ListFilter() {

                @Override
                public String name() {
                    return f.substring(0, idexOfStartUnderscore);
                }

                @Override
                public Object value() {
                    String value = f.substring(idexOfEndUnderscore + 2);
                    if (Lang.isNullOrEmpty(value)) {
                        return null;
                    }
                    return value;
                }

                @Override
                public Operator operator() {
                    try {
                        return Operator.valueOf(f.substring(idexOfStartUnderscore + 2, idexOfEndUnderscore));
                    } catch (Exception ex) {
                        return Operator.eq;
                    }
                }
            };
        }
    } else {
        filters = new SpaceKeyStore.ListFilter[1];
    }
    JsonObject result = new JsonObject();
    JsonArray aKeys = new JsonArray();
    result.set(Output.Keys, aKeys);
    if (Role.SUPER.equals(cRole)) {
        filters[filters.length - 1] = new SpaceKeyStore.ListFilter() {

            @Override
            public String name() {
                return CommonSpec.Role;
            }

            @Override
            public Object value() {
                return Role.ADMIN.name();
            }

            @Override
            public Operator operator() {
                return Operator.eq;
            }
        };
        try {
            Collection<ApiSpace> spaces = api.space().spaces();
            for (ApiSpace space : spaces) {
                addSpaceKeys(space, offset, length, filters, aKeys);
            }
        } catch (ApiAccessDeniedException e) {
            throw new ApiServiceExecutionException(e.getMessage(), e).status(ApiResponse.NOT_FOUND);
        }
    } else {
        filters[filters.length - 1] = new SpaceKeyStore.ListFilter() {

            @Override
            public String name() {
                return CommonSpec.Role;
            }

            @Override
            public Object value() {
                return Role.DEVELOPER.name();
            }

            @Override
            public Operator operator() {
                return Operator.eq;
            }
        };
        ApiSpace consumerSpace;
        try {
            consumerSpace = MgmUtils.space(consumer, api);
        } catch (ApiAccessDeniedException e) {
            throw new ApiServiceExecutionException(e.getMessage(), e).status(ApiResponse.NOT_FOUND);
        }
        addSpaceKeys(consumerSpace, offset, length, filters, aKeys);
    }
    return new JsonApiOutput(result);
}
Also used : JsonObject(com.bluenimble.platform.json.JsonObject) ApiServiceExecutionException(com.bluenimble.platform.api.ApiServiceExecutionException) ApiAccessDeniedException(com.bluenimble.platform.api.ApiAccessDeniedException) Role(com.bluenimble.platform.apis.mgm.Role) JsonArray(com.bluenimble.platform.json.JsonArray) ApiAccessDeniedException(com.bluenimble.platform.api.ApiAccessDeniedException) ApiSpace(com.bluenimble.platform.api.ApiSpace) ApiServiceExecutionException(com.bluenimble.platform.api.ApiServiceExecutionException) SpaceKeyStore(com.bluenimble.platform.security.SpaceKeyStore) JsonObject(com.bluenimble.platform.json.JsonObject) JsonApiOutput(com.bluenimble.platform.api.impls.JsonApiOutput)

Aggregations

ApiAccessDeniedException (com.bluenimble.platform.api.ApiAccessDeniedException)3 ApiServiceExecutionException (com.bluenimble.platform.api.ApiServiceExecutionException)3 ApiSpace (com.bluenimble.platform.api.ApiSpace)3 Role (com.bluenimble.platform.apis.mgm.Role)3 JsonApiOutput (com.bluenimble.platform.api.impls.JsonApiOutput)2 JsonObject (com.bluenimble.platform.json.JsonObject)2 KeyPair (com.bluenimble.platform.security.KeyPair)2 JsonArray (com.bluenimble.platform.json.JsonArray)1 EncryptionProviderException (com.bluenimble.platform.security.EncryptionProviderException)1 SpaceKeyStore (com.bluenimble.platform.security.SpaceKeyStore)1 SpaceKeyStoreException (com.bluenimble.platform.security.SpaceKeyStoreException)1 Date (java.util.Date)1 HashMap (java.util.HashMap)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial