Examples with IUserManager com.helger.photon.security.user.IUserManager used on opensource projects

Example 6 with IUserManager

use of com.helger.photon.security.user.IUserManager in project peppol-practical by phax.

the class AppSecurity method init.

public static void init() {
    final IUserManager aUserMgr = PhotonSecurityManager.getUserMgr();
    final IUserGroupManager aUserGroupMgr = PhotonSecurityManager.getUserGroupMgr();
    final IRoleManager aRoleMgr = PhotonSecurityManager.getRoleMgr();
    // Standard users
    if (!aUserMgr.containsWithID(CPPApp.USER_ADMINISTRATOR_ID)) {
        final boolean bDisabled = false;
        aUserMgr.createPredefinedUser(CPPApp.USER_ADMINISTRATOR_ID, CPPApp.USER_ADMINISTRATOR_LOGINNAME, CPPApp.USER_ADMINISTRATOR_EMAIL, CPPApp.USER_ADMINISTRATOR_PASSWORD, CPPApp.USER_ADMINISTRATOR_FIRSTNAME, CPPApp.USER_ADMINISTRATOR_LASTNAME, CPPApp.USER_ADMINISTRATOR_DESCRIPTION, CPPApp.USER_ADMINISTRATOR_LOCALE, CPPApp.USER_ADMINISTRATOR_CUSTOMATTRS, bDisabled);
    }
    // Create all roles
    if (!aRoleMgr.containsWithID(CPPApp.ROLE_CONFIG_ID))
        aRoleMgr.createPredefinedRole(CPPApp.ROLE_CONFIG_ID, CPPApp.ROLE_CONFIG_NAME, CPPApp.ROLE_CONFIG_DESCRIPTION, CPPApp.ROLE_CONFIG_CUSTOMATTRS);
    if (!aRoleMgr.containsWithID(CPPApp.ROLE_VIEW_ID))
        aRoleMgr.createPredefinedRole(CPPApp.ROLE_VIEW_ID, CPPApp.ROLE_VIEW_NAME, CPPApp.ROLE_VIEW_DESCRIPTION, CPPApp.ROLE_VIEW_CUSTOMATTRS);
    if (!aRoleMgr.containsWithID(CPPApp.ROLE_COMMENT_MODERATOR_ID))
        aRoleMgr.createPredefinedRole(CPPApp.ROLE_COMMENT_MODERATOR_ID, CPPApp.ROLE_COMMENT_MODERATOR_NAME, CPPApp.ROLE_COMMENT_MODERATOR_DESCRIPTION, CPPApp.ROLE_COMMENT_MODERATOR_CUSTOMATTRS);
    if (!aRoleMgr.containsWithID(CPPApp.ROLE_PEPPOL_SENDERS_ID))
        aRoleMgr.createPredefinedRole(CPPApp.ROLE_PEPPOL_SENDERS_ID, CPPApp.ROLE_PEPPOL_SENDERS_NAME, CPPApp.ROLE_PEPPOL_SENDERS_DESCRIPTION, CPPApp.ROLE_PEPPOL_SENDERS_CUSTOMATTRS);
    // User group Administrators
    if (!aUserGroupMgr.containsWithID(CPPApp.USERGROUP_ADMINISTRATORS_ID)) {
        aUserGroupMgr.createPredefinedUserGroup(CPPApp.USERGROUP_ADMINISTRATORS_ID, CPPApp.USERGROUP_ADMINISTRATORS_NAME, CPPApp.USERGROUP_ADMINISTRATORS_DESCRIPTION, CPPApp.USERGROUP_ADMINISTRATORS_CUSTOMATTRS);
        // Assign administrator user to administrators user group
        aUserGroupMgr.assignUserToUserGroup(CPPApp.USERGROUP_ADMINISTRATORS_ID, CPPApp.USER_ADMINISTRATOR_ID);
    }
    aUserGroupMgr.assignRoleToUserGroup(CPPApp.USERGROUP_ADMINISTRATORS_ID, CPPApp.ROLE_CONFIG_ID);
    aUserGroupMgr.assignRoleToUserGroup(CPPApp.USERGROUP_ADMINISTRATORS_ID, CPPApp.ROLE_VIEW_ID);
    aUserGroupMgr.assignRoleToUserGroup(CPPApp.USERGROUP_ADMINISTRATORS_ID, CPPApp.ROLE_COMMENT_MODERATOR_ID);
    aUserGroupMgr.assignRoleToUserGroup(CPPApp.USERGROUP_ADMINISTRATORS_ID, CPPApp.ROLE_PEPPOL_SENDERS_ID);
    // User group for Config users
    if (!aUserGroupMgr.containsWithID(CPPApp.USERGROUP_CONFIG_ID))
        aUserGroupMgr.createPredefinedUserGroup(CPPApp.USERGROUP_CONFIG_ID, CPPApp.USERGROUP_CONFIG_NAME, CPPApp.USERGROUP_CONFIG_DESCRIPTION, CPPApp.USERGROUP_CONFIG_CUSTOMATTRS);
    aUserGroupMgr.assignRoleToUserGroup(CPPApp.USERGROUP_CONFIG_ID, CPPApp.ROLE_CONFIG_ID);
    // User group for View users
    if (!aUserGroupMgr.containsWithID(CPPApp.USERGROUP_VIEW_ID))
        aUserGroupMgr.createPredefinedUserGroup(CPPApp.USERGROUP_VIEW_ID, CPPApp.USERGROUP_VIEW_NAME, CPPApp.USERGROUP_VIEW_DESCRIPTION, CPPApp.USERGROUP_VIEW_CUSTOMATTRS);
    aUserGroupMgr.assignRoleToUserGroup(CPPApp.USERGROUP_VIEW_ID, CPPApp.ROLE_VIEW_ID);
}

Example 7 with IUserManager

use of com.helger.photon.security.user.IUserManager in project phoss-directory by phax.

the class AppSecurity method init.

public static void init() {
    final IUserManager aUserMgr = PhotonSecurityManager.getUserMgr();
    final IUserGroupManager aUserGroupMgr = PhotonSecurityManager.getUserGroupMgr();
    final IRoleManager aRoleMgr = PhotonSecurityManager.getRoleMgr();
    // Standard users
    if (!aUserMgr.containsWithID(USER_ADMINISTRATOR_ID)) {
        final boolean bDisabled = false;
        aUserMgr.createPredefinedUser(USER_ADMINISTRATOR_ID, USER_ADMINISTRATOR_LOGINNAME, USER_ADMINISTRATOR_EMAIL, USER_ADMINISTRATOR_PASSWORD, USER_ADMINISTRATOR_FIRSTNAME, USER_ADMINISTRATOR_LASTNAME, USER_ADMINISTRATOR_DESCRIPTION, USER_ADMINISTRATOR_LOCALE, USER_ADMINISTRATOR_CUSTOMATTRS, bDisabled);
    }
    // Create all roles
    if (!aRoleMgr.containsWithID(ROLE_CONFIG_ID))
        aRoleMgr.createPredefinedRole(ROLE_CONFIG_ID, ROLE_CONFIG_NAME, ROLE_CONFIG_DESCRIPTION, ROLE_CONFIG_CUSTOMATTRS);
    if (!aRoleMgr.containsWithID(ROLE_VIEW_ID))
        aRoleMgr.createPredefinedRole(ROLE_VIEW_ID, ROLE_VIEW_NAME, ROLE_VIEW_DESCRIPTION, ROLE_VIEW_CUSTOMATTRS);
    if (!aRoleMgr.containsWithID(ROLE_SG_OWNER_ID))
        aRoleMgr.createPredefinedRole(ROLE_SG_OWNER_ID, ROLE_SG_OWNER_NAME, ROLE_SG_OWNER_DESCRIPTION, ROLE_SG_OWNER_CUSTOMATTRS);
    // User group Administrators
    if (!aUserGroupMgr.containsWithID(USERGROUP_ADMINISTRATORS_ID)) {
        aUserGroupMgr.createPredefinedUserGroup(USERGROUP_ADMINISTRATORS_ID, USERGROUP_ADMINISTRATORS_NAME, USERGROUP_ADMINISTRATORS_DESCRIPTION, USERGROUP_ADMINISTRATORS_CUSTOMATTRS);
        // Assign administrator user to administrators user group
        aUserGroupMgr.assignUserToUserGroup(USERGROUP_ADMINISTRATORS_ID, USER_ADMINISTRATOR_ID);
    }
    aUserGroupMgr.assignRoleToUserGroup(USERGROUP_ADMINISTRATORS_ID, ROLE_CONFIG_ID);
    aUserGroupMgr.assignRoleToUserGroup(USERGROUP_ADMINISTRATORS_ID, ROLE_VIEW_ID);
    aUserGroupMgr.assignRoleToUserGroup(USERGROUP_ADMINISTRATORS_ID, ROLE_SG_OWNER_ID);
    // User group for Config users
    if (!aUserGroupMgr.containsWithID(USERGROUP_CONFIG_ID))
        aUserGroupMgr.createPredefinedUserGroup(USERGROUP_CONFIG_ID, USERGROUP_CONFIG_NAME, USERGROUP_CONFIG_DESCRIPTION, USERGROUP_CONFIG_CUSTOMATTRS);
    aUserGroupMgr.assignRoleToUserGroup(USERGROUP_CONFIG_ID, ROLE_CONFIG_ID);
    // User group for View users
    if (!aUserGroupMgr.containsWithID(USERGROUP_VIEW_ID))
        aUserGroupMgr.createPredefinedUserGroup(USERGROUP_VIEW_ID, USERGROUP_VIEW_NAME, USERGROUP_VIEW_DESCRIPTION, USERGROUP_VIEW_CUSTOMATTRS);
    aUserGroupMgr.assignRoleToUserGroup(USERGROUP_VIEW_ID, ROLE_VIEW_ID);
    // Allow to kick old sessions
    LoggedInUserManager.getInstance().setLogoutAlreadyLoggedInUser(true);
}

Example 8 with IUserManager

use of com.helger.photon.security.user.IUserManager in project phoss-smp by phax.

the class SMPUserManagerPhoton method validateUserCredentials.

/**
 * Check if the provided credentials are valid. This checks if the user
 * exists, if it is not deleted, if the password matches and if the user is
 * not disabled. If valid, the resolved user is returned.
 *
 * @param aCredentials
 *        The credentials to check. May not be <code>null</code>.
 * @return <code>null</code> if something does wrong, the user on success
 *         only.
 * @throws SMPUnknownUserException
 *         if the user does not exist or if the user is marked as deleted.
 * @throws SMPUnauthorizedException
 *         If the password is invalid or if the user is marked as disabled
 */
@Nonnull
public static IUser validateUserCredentials(@Nonnull final BasicAuthClientCredentials aCredentials) throws SMPUnknownUserException, SMPUnauthorizedException {
    final IUserManager aUserMgr = PhotonSecurityManager.getUserMgr();
    final IUser aUser = aUserMgr.getUserOfLoginName(aCredentials.getUserName());
    if (aUser == null || aUser.isDeleted()) {
        // Deleted users are handled like non-existing users
        LOGGER.warn("Invalid login name provided: '" + aCredentials.getUserName() + "'");
        throw new SMPUnknownUserException(aCredentials.getUserName());
    }
    if (!aUserMgr.areUserIDAndPasswordValid(aUser.getID(), aCredentials.getPassword())) {
        LOGGER.warn("Invalid password provided for '" + aCredentials.getUserName() + "'");
        throw new SMPUnauthorizedException("Username and/or password are invalid!");
    }
    if (aUser.isDisabled()) {
        LOGGER.warn("User '" + aCredentials.getUserName() + "' is disabled");
        throw new SMPUnauthorizedException("User is disabled!");
    }
    return aUser;
}

Example 9 with IUserManager

use of com.helger.photon.security.user.IUserManager in project phoss-smp by phax.

the class APIExecutorImportXMLVer1 method invokeAPI.

public void invokeAPI(@Nonnull final IAPIDescriptor aAPIDescriptor, @Nonnull @Nonempty final String sPath, @Nonnull final Map<String, String> aPathVariables, @Nonnull final IRequestWebScopeWithoutResponse aRequestScope, @Nonnull final UnifiedResponse aUnifiedResponse) throws Exception {
    final ISMPServerAPIDataProvider aDataProvider = new SMPRestDataProvider(aRequestScope, null);
    // Is the writable API disabled?
    if (SMPMetaManager.getSettings().isRESTWritableAPIDisabled()) {
        throw new SMPPreconditionFailedException("The writable REST API is disabled. importServiceGroups will not be executed", aDataProvider.getCurrentURI());
    }
    final String sLogPrefix = "[REST API Import-XML-V1] ";
    final String sPathUserLoginName = aPathVariables.get(SMPRestFilter.PARAM_USER_ID);
    LOGGER.info(sLogPrefix + "Starting Import");
    // Only authenticated user may do so
    final BasicAuthClientCredentials aBasicAuth = getMandatoryAuth(aRequestScope.headers());
    SMPUserManagerPhoton.validateUserCredentials(aBasicAuth);
    // Start action after authentication
    final ISMPServiceGroupManager aServiceGroupMgr = SMPMetaManager.getServiceGroupMgr();
    final ISMPBusinessCardManager aBusinessCardMgr = SMPMetaManager.getBusinessCardMgr();
    final IUserManager aUserMgr = PhotonSecurityManager.getUserMgr();
    final ICommonsSet<String> aAllServiceGroupIDs = aServiceGroupMgr.getAllSMPServiceGroupIDs();
    final ICommonsSet<String> aAllBusinessCardIDs = aBusinessCardMgr.getAllSMPBusinessCardIDs();
    // Try to use ID or login name
    IUser aDefaultOwner = aUserMgr.getUserOfID(sPathUserLoginName);
    if (aDefaultOwner == null)
        aDefaultOwner = aUserMgr.getUserOfLoginName(sPathUserLoginName);
    if (aDefaultOwner == null || aDefaultOwner.isDeleted()) {
        // Setting the owner to a disabled user might make sense
        throw new SMPBadRequestException(sLogPrefix + "The user ID or login name '" + sPathUserLoginName + "' does not exist", aDataProvider.getCurrentURI());
    }
    LOGGER.info(sLogPrefix + "Using '" + aDefaultOwner.getID() + "' / '" + aDefaultOwner.getLoginName() + "' as the default owner");
    final boolean bOverwriteExisting = aRequestScope.params().getAsBoolean(PARAM_OVERVWRITE_EXISTING, DEFAULT_OVERWRITE_EXISTING);
    final byte[] aPayload = StreamHelper.getAllBytes(aRequestScope.getRequest().getInputStream());
    final IMicroDocument aDoc = MicroReader.readMicroXML(aPayload);
    if (aDoc == null || aDoc.getDocumentElement() == null) {
        // Cannot parse
        throw new SMPBadRequestException("Failed to parse XML payload", aDataProvider.getCurrentURI());
    }
    final String sVersion = aDoc.getDocumentElement().getAttributeValue(CSMPExchange.ATTR_VERSION);
    if (!CSMPExchange.VERSION_10.equals(sVersion)) {
        throw new SMPBadRequestException("The provided payload is not an XML file version 1.0", aDataProvider.getCurrentURI());
    }
    // Version 1.0
    LOGGER.info(sLogPrefix + "The provided payload is an XML file version 1.0");
    final ZonedDateTime aQueryDT = PDTFactory.getCurrentZonedDateTimeUTC();
    final StopWatch aSW = StopWatch.createdStarted();
    // Start the import
    final ICommonsList<ImportActionItem> aActionList = new CommonsArrayList<>();
    final ImportSummary aImportSummary = new ImportSummary();
    ServiceGroupImport.importXMLVer10(aDoc.getDocumentElement(), bOverwriteExisting, aDefaultOwner, aAllServiceGroupIDs, aAllBusinessCardIDs, aActionList, aImportSummary);
    aSW.stop();
    LOGGER.info(sLogPrefix + "Finished import after " + aSW.getMillis() + " milliseconds");
    // Everything added to the action list is already logged
    final boolean bResponseAsXML = true;
    if (bResponseAsXML) {
        // Create XML version
        final IMicroDocument aResponseDoc = new MicroDocument();
        final IMicroElement eRoot = aResponseDoc.appendElement("importResult");
        eRoot.setAttribute("version", "1");
        eRoot.setAttribute("importStartDateTime", PDTWebDateHelper.getAsStringXSD(aQueryDT));
        final IMicroElement eSettings = eRoot.appendElement("settings");
        eSettings.setAttribute("overwriteExisting", bOverwriteExisting);
        eSettings.setAttribute("defaultOwnerID", aDefaultOwner.getID());
        eSettings.setAttribute("defaultOwnerLoginName", aDefaultOwner.getLoginName());
        final ICommonsMap<String, MutableInt> aErrorLevelCount = new CommonsTreeMap<>();
        for (final ImportActionItem aAction : aActionList) {
            eRoot.appendChild(aAction.getAsMicroElement("action"));
            aErrorLevelCount.computeIfAbsent(aAction.getErrorLevelName(), k -> new MutableInt(0)).inc();
        }
        {
            final IMicroElement eSummary = eRoot.appendElement("summary");
            eSummary.setAttribute("durationMillis", aSW.getMillis());
            for (final Map.Entry<String, MutableInt> aEntry : aErrorLevelCount.entrySet()) eSummary.appendElement("errorlevel").setAttribute("id", aEntry.getKey()).setAttribute("count", aEntry.getValue().intValue());
            aImportSummary.appendTo(eSummary);
        }
        final XMLWriterSettings aXWS = new XMLWriterSettings().setIndent(EXMLSerializeIndent.INDENT_AND_ALIGN);
        aUnifiedResponse.setContentAndCharset(MicroWriter.getNodeAsString(aResponseDoc, aXWS), aXWS.getCharset()).setMimeType(new MimeType(CMimeType.APPLICATION_XML).addParameter(CMimeType.PARAMETER_NAME_CHARSET, aXWS.getCharset().name()));
    } else {
        // Create JSON version
        final IJsonObject aJson = new JsonObject();
        aJson.add("version", "1");
        aJson.add("importStartDateTime", DateTimeFormatter.ISO_ZONED_DATE_TIME.format(aQueryDT));
        aJson.addJson("settings", new JsonObject().add("overwriteExisting", bOverwriteExisting).add("defaultOwnerID", aDefaultOwner.getID()).add("defaultOwnerLoginName", aDefaultOwner.getLoginName()));
        final IJsonArray aActions = new JsonArray();
        final ICommonsMap<String, MutableInt> aLevelCount = new CommonsTreeMap<>();
        for (final ImportActionItem aAction : aActionList) {
            aActions.add(aAction.getAsJsonObject());
            aLevelCount.computeIfAbsent(aAction.getErrorLevelName(), k -> new MutableInt(0)).inc();
        }
        aJson.addJson("actions", aActions);
        {
            final IJsonObject aSummary = new JsonObject();
            aSummary.add("durationMillis", aSW.getMillis());
            final IJsonArray aLevels = new JsonArray();
            for (final Map.Entry<String, MutableInt> aEntry : aLevelCount.entrySet()) aLevels.add(new JsonObject().add("id", aEntry.getKey()).add("count", aEntry.getValue().intValue()));
            aSummary.addJson("errorlevels", aLevels);
            aImportSummary.appendTo(aSummary);
            aJson.addJson("summary", aSummary);
        }
        final String sRet = new JsonWriter(JsonWriterSettings.DEFAULT_SETTINGS_FORMATTED).writeAsString(aJson);
        aUnifiedResponse.setContentAndCharset(sRet, StandardCharsets.UTF_8).setMimeType(CMimeType.APPLICATION_JSON);
    }
    aUnifiedResponse.disableCaching();
}

Example 10 with IUserManager

use of com.helger.photon.security.user.IUserManager in project phoss-smp by phax.

the class PageSecureServiceGroup method isValidToDisplayPage.

@Override
@Nonnull
protected IValidityIndicator isValidToDisplayPage(@Nonnull final WebPageExecutionContext aWPEC) {
    final HCNodeList aNodeList = aWPEC.getNodeList();
    final IUserManager aUserMgr = PhotonSecurityManager.getUserMgr();
    if (aUserMgr.getActiveUserCount() == 0) {
        aNodeList.addChild(warn("No user is present! At least one user must be present to create a service group."));
        aNodeList.addChild(new BootstrapButton().addChild("Create new user").setOnClick(createCreateURL(aWPEC, BootstrapPagesMenuConfigurator.MENU_ADMIN_SECURITY_USER)).setIcon(EDefaultIcon.YES));
        return EValidity.INVALID;
    }
    return super.isValidToDisplayPage(aWPEC);
}