Example 16 with OSecurityUser
use of com.orientechnologies.orient.core.metadata.security.OSecurityUser in project wicket-orientdb by OrienteerBAP.
the class OrientResourceAuthorizationStrategy method checkResource.
/**
* Check that current user has access to mentioned resource
* @param resource resource check
* @param action {@link Action} to check for
* @param permissions {@link OrientPermission}s to check
* @return true if access is allowed
*/
public boolean checkResource(String resource, Action action, OrientPermission[] permissions) {
String actionName = action.getName();
int actionIndx = resource.indexOf(':');
if (actionIndx > 0) {
if (!(resource.endsWith(actionName) && resource.length() > actionName.length() && resource.charAt(resource.length() - actionName.length() - 1) == ':'))
return true;
else
// Should cut off action
resource = resource.substring(0, actionIndx);
} else // Default suffix is for render: so other should be skipped
if (!Component.RENDER.equals(action))
return true;
OSecurityUser user = OrientDbWebSession.get().getUser();
if (user == null)
return false;
ORule.ResourceGeneric generic = OSecurityHelper.getResourceGeneric(resource);
String specific = OSecurityHelper.getResourceSpecific(resource);
return user != null ? user.checkIfAllowed(generic, specific, OrientPermission.combinedPermission(permissions)) != null : false;
}
Also used :
ORule(com.orientechnologies.orient.core.metadata.security.ORule)
OSecurityUser(com.orientechnologies.orient.core.metadata.security.OSecurityUser)
Example 17 with OSecurityUser
use of com.orientechnologies.orient.core.metadata.security.OSecurityUser in project wicket-orientdb by OrienteerBAP.
the class TransactionRequestCycleListener method start.
@Override
public void start(RequestCycle cycle) {
OrientDbWebSession session = OrientDbWebSession.get();
ODatabaseDocumentInternal db = session.getDatabaseDocumentInternal();
// It's required to have ability to check security rights locally
OSecurityUser oUser = session.getUser();
OSecurityUser dbUser = db.getUser();
if (oUser != null && oUser.getDocument() != null && oUser.getDocument().getIdentity() != null && (!oUser.getDocument().getIdentity().isValid() || dbUser == null || !Objects.equal(dbUser.getName(), oUser.getName()))) {
db.setUser(db.getMetadata().getSecurity().getUser(oUser.getName()));
}
db.begin();
}
Also used :
OSecurityUser(com.orientechnologies.orient.core.metadata.security.OSecurityUser)
ODatabaseDocumentInternal(com.orientechnologies.orient.core.db.ODatabaseDocumentInternal)
Example 18 with OSecurityUser
use of com.orientechnologies.orient.core.metadata.security.OSecurityUser in project guice-persist-orient by xvik.
the class UserManager method checkSpecificUserConditions.
private boolean checkSpecificUserConditions(final String login) {
Preconditions.checkState(transactionManager.isTransactionActive(), "Tx user can't be changed outside of transaction");
final ODatabaseDocument db = connectionProvider.get();
final OSecurityUser original = db.getUser();
final boolean userChanged = !original.getName().equals(login);
Preconditions.checkState(specificTxUser.get() == null || !userChanged, "Specific user already defined for transaction as '%s'", specificTxUser.get() == null ? null : specificTxUser.get().getName());
return userChanged;
}
Also used :
ODatabaseDocument(com.orientechnologies.orient.core.db.document.ODatabaseDocument)
OSecurityUser(com.orientechnologies.orient.core.metadata.security.OSecurityUser)
Example 19 with OSecurityUser
use of com.orientechnologies.orient.core.metadata.security.OSecurityUser in project orientdb-enterprise-agent by SAP.
the class OSecuritySymmetricKeyAuth method createServerUser.
// Derived implementations can override this method to provide new server user implementations.
@Override
protected OSecurityUser createServerUser(final ODocument userDoc) {
OSecurityUser userCfg = null;
try {
OSecuritySymmetricKeyUser user = new OSecuritySymmetricKeyUser(userDoc);
symmetricKeys.put(user.getName(), user);
OSecurityRole role = OSecurityShared.createRole(null, user);
userCfg = new OImmutableUser(user.getName(), user.getPassword(), OSecurityUser.SECURITY_USER_TYPE, role);
} catch (Exception ex) {
OLogManager.instance().error(this, "createServerUser()", ex);
}
return userCfg;
}
Also used :
OImmutableUser(com.orientechnologies.orient.core.metadata.security.OImmutableUser)
OSecurityRole(com.orientechnologies.orient.core.metadata.security.OSecurityRole)
OSecurityUser(com.orientechnologies.orient.core.metadata.security.OSecurityUser)
Example 20 with OSecurityUser
use of com.orientechnologies.orient.core.metadata.security.OSecurityUser in project orientdb-enterprise-agent by SAP.
the class OSystemSymmetricKeyAuth method authenticate.
// OSecurityAuthenticator
// Returns the actual username if successful, null otherwise.
// This will authenticate username using the system database.
public OSecurityUser authenticate(ODatabaseSession session, final String username, final String password) {
OSecurityUser principal = null;
try {
// dbName parameter is null because we don't need to filter any roles for this.
OSecurityUser user = getSecurity().getSystemUser(username, null);
if (user != null && user.getAccountStatus() == OSecurityUser.STATUSES.ACTIVE) {
ODocument doc = getSecurity().getContext().getSystemDatabase().executeWithDB((db) -> {
return db.load(user.getIdentity().getIdentity());
});
OUserSymmetricKeyConfig userConfig = new OUserSymmetricKeyConfig(doc);
OSymmetricKey sk = OSymmetricKey.fromConfig(userConfig);
String decryptedUsername = sk.decryptAsString(password);
if (OSecurityManager.instance().checkPassword(username, decryptedUsername)) {
principal = user;
}
}
} catch (Exception ex) {
OLogManager.instance().error(this, "authenticate()", ex);
}
return principal;
}
Also used :
OSymmetricKey(com.orientechnologies.orient.core.security.symmetrickey.OSymmetricKey)
OSecurityUser(com.orientechnologies.orient.core.metadata.security.OSecurityUser)
ODocument(com.orientechnologies.orient.core.record.impl.ODocument)
OUserSymmetricKeyConfig(com.orientechnologies.orient.core.security.symmetrickey.OUserSymmetricKeyConfig)
Aggregations
OSecurityUser (com.orientechnologies.orient.core.metadata.security.OSecurityUser)20
Test (org.junit.Test)6
ODatabaseDocumentTx (com.orientechnologies.orient.core.db.document.ODatabaseDocumentTx)5
OToken (com.orientechnologies.orient.core.metadata.security.OToken)5
ODatabaseDocumentInternal (com.orientechnologies.orient.core.db.ODatabaseDocumentInternal)3
ODocument (com.orientechnologies.orient.core.record.impl.ODocument)3
ONetworkProtocolData (com.orientechnologies.orient.server.network.protocol.ONetworkProtocolData)3
OModificationOperationProhibitedException (com.orientechnologies.common.concur.lock.OModificationOperationProhibitedException)2
ODatabaseDocument (com.orientechnologies.orient.core.db.document.ODatabaseDocument)2
ORule (com.orientechnologies.orient.core.metadata.security.ORule)2
OUser (com.orientechnologies.orient.core.metadata.security.OUser)2
OSymmetricKey (com.orientechnologies.orient.core.security.symmetrickey.OSymmetricKey)2
ONeedRetryException (com.orientechnologies.common.concur.ONeedRetryException)1
OLockException (com.orientechnologies.common.concur.lock.OLockException)1
OException (com.orientechnologies.common.exception.OException)1
OHighLevelException (com.orientechnologies.common.exception.OHighLevelException)1
ODatabaseListener (com.orientechnologies.orient.core.db.ODatabaseListener)1
OSchemaException (com.orientechnologies.orient.core.exception.OSchemaException)1
OSecurityAccessException (com.orientechnologies.orient.core.exception.OSecurityAccessException)1
OClass (com.orientechnologies.orient.core.metadata.schema.OClass)1
