use of com.pspace.ifs.ksan.gw.format.AccessControlPolicy.AccessControlList.Grant.Grantee in project ksan by infinistor.
the class GWUtils method readAclHeader.
protected static void readAclHeader(String grantstr, String permission, AccessControlPolicy policy) {
String[] ids = grantstr.split(GWConstants.COMMA);
for (String readid : ids) {
String[] idkeyvalue = readid.split(GWConstants.EQUAL);
Grant rg = new Grant();
rg.grantee = new Grantee();
if (idkeyvalue[0].trim().compareTo(GWConstants.ID) == 0) {
rg.grantee.type = GWConstants.CANONICAL_USER;
rg.grantee.id = idkeyvalue[1].replaceAll(GWConstants.DOUBLE_QUOTE, "");
}
if (idkeyvalue[0].trim().compareTo(GWConstants.URI) == 0) {
rg.grantee.type = GWConstants.GROUP;
rg.grantee.uri = idkeyvalue[1].replaceAll(GWConstants.DOUBLE_QUOTE, "");
}
if (idkeyvalue[0].trim().compareTo(GWConstants.EMAIL_ADDRESS) == 0) {
rg.grantee.type = GWConstants.CANONICAL_USER;
rg.grantee.emailAddress = idkeyvalue[1].replaceAll(GWConstants.DOUBLE_QUOTE, "");
}
rg.permission = permission;
policy.aclList.grants.add(rg);
}
}
use of com.pspace.ifs.ksan.gw.format.AccessControlPolicy.AccessControlList.Grant.Grantee in project ksan by infinistor.
the class GWUtils method makeOriginalXml.
public static String makeOriginalXml(String xml, S3Parameter s3Parameter) throws GWException {
logger.debug(GWConstants.LOG_UTILS_SOURCE_ACL, xml);
if (Strings.isNullOrEmpty(xml)) {
return "";
}
ObjectMapper objectMapper = new ObjectMapper().configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false).configure(DeserializationFeature.ACCEPT_EMPTY_STRING_AS_NULL_OBJECT, true);
AccessControlPolicyJson actualObj;
try {
actualObj = objectMapper.readValue(xml, AccessControlPolicyJson.class);
} catch (JsonProcessingException e) {
PrintStack.logging(logger, e);
throw new GWException(GWErrorCode.SERVER_ERROR, s3Parameter);
}
AccessControlPolicy accessControlPolicy = new AccessControlPolicy();
accessControlPolicy.owner = new AccessControlPolicy.Owner();
if (actualObj.ow != null) {
if (!Strings.isNullOrEmpty(actualObj.ow.id)) {
accessControlPolicy.owner.id = actualObj.ow.id;
}
if (!Strings.isNullOrEmpty(actualObj.ow.dN)) {
accessControlPolicy.owner.displayName = actualObj.ow.dN;
}
}
if (actualObj.acs != null) {
accessControlPolicy.aclList = new AccessControlPolicy.AccessControlList();
if (actualObj.acs.gt != null) {
accessControlPolicy.aclList.grants = new ArrayList<AccessControlPolicy.AccessControlList.Grant>();
for (AccessControlPolicyJson.ACS.Gt gt : actualObj.acs.gt) {
AccessControlPolicy.AccessControlList.Grant grant = new AccessControlPolicy.AccessControlList.Grant();
if (!Strings.isNullOrEmpty(gt.perm)) {
if (gt.perm.equals(GWConstants.GRANT_AB_FC)) {
grant.permission = GWConstants.GRANT_FULL_CONTROL;
} else if (gt.perm.equals(GWConstants.GRANT_AB_W)) {
grant.permission = GWConstants.GRANT_WRITE;
} else if (gt.perm.equals(GWConstants.GRANT_AB_R)) {
grant.permission = GWConstants.GRANT_READ;
} else if (gt.perm.equals(GWConstants.GRANT_AB_RA)) {
grant.permission = GWConstants.GRANT_READ_ACP;
} else if (gt.perm.equals(GWConstants.GRANT_AB_WA)) {
grant.permission = GWConstants.GRANT_WRITE_ACP;
}
}
if (gt.gte != null) {
AccessControlPolicy.AccessControlList.Grant.Grantee grantee = new AccessControlPolicy.AccessControlList.Grant.Grantee();
if (!Strings.isNullOrEmpty(gt.gte.id)) {
grantee.id = gt.gte.id;
}
if (!Strings.isNullOrEmpty(gt.gte.ddN)) {
grantee.displayName = gt.gte.ddN;
}
if (!Strings.isNullOrEmpty(gt.gte.eA)) {
grantee.emailAddress = gt.gte.eA;
}
if (!Strings.isNullOrEmpty(gt.gte.type)) {
if (gt.gte.type.equals(GWConstants.GRANT_AB_CU)) {
grantee.type = GWConstants.CANONICAL_USER;
} else if (gt.gte.type.equals(GWConstants.GRANT_AB_G)) {
grantee.type = GWConstants.GROUP;
}
}
if (!Strings.isNullOrEmpty(gt.gte.uri)) {
if (gt.gte.uri.equals(GWConstants.GRANT_AB_PU)) {
grantee.uri = GWConstants.AWS_GRANT_URI_ALL_USERS;
} else if (gt.gte.uri.equals(GWConstants.GRANT_AB_AU)) {
grantee.uri = GWConstants.AWS_GRANT_URI_AUTHENTICATED_USERS;
}
}
grant.grantee = grantee;
}
accessControlPolicy.aclList.grants.add(grant);
}
}
}
String aclXml = "";
XmlMapper xmlMapper = new XmlMapper();
try {
xmlMapper.setSerializationInclusion(Include.NON_EMPTY);
aclXml = xmlMapper.writeValueAsString(accessControlPolicy).replaceAll(GWConstants.WSTXNS, GWConstants.XSI);
} catch (JsonProcessingException e) {
PrintStack.logging(logger, e);
throw new GWException(GWErrorCode.SERVER_ERROR, s3Parameter);
}
aclXml = aclXml.replace(GWConstants.ACCESS_CONTROL_POLICY, GWConstants.ACCESS_CONTROL_POLICY_XMLNS);
if (!aclXml.contains(GWConstants.XML_VERSION)) {
aclXml = GWConstants.XML_VERSION_FULL_STANDALONE + aclXml;
}
return aclXml;
}
use of com.pspace.ifs.ksan.gw.format.AccessControlPolicy.AccessControlList.Grant.Grantee in project ksan by infinistor.
the class GWUtils method makeAclXml.
public static String makeAclXml(AccessControlPolicy accessControlPolicy, AccessControlPolicy preAccessControlPolicy, boolean hasKeyWord, String getAclXml, String cannedAcl, Bucket bucketInfo, String userId, String userName, String getGrantRead, String getGrantWrite, String getGrantFullControl, String getGrantReadAcp, String getGrantWriteAcp, S3Parameter s3Parameter) throws GWException {
PublicAccessBlockConfiguration pabc = null;
if (bucketInfo != null && !Strings.isNullOrEmpty(bucketInfo.getAccess())) {
try {
pabc = new XmlMapper().readValue(bucketInfo.getAccess(), PublicAccessBlockConfiguration.class);
} catch (JsonProcessingException e) {
PrintStack.logging(logger, e);
throw new GWException(GWErrorCode.SERVER_ERROR, s3Parameter);
}
}
logger.info(GWConstants.LOG_UTILS_CANNED_ACL, cannedAcl);
logger.info(GWConstants.LOG_UTILS_ACL_XML, getAclXml);
if (preAccessControlPolicy != null && preAccessControlPolicy.owner != null) {
accessControlPolicy.owner.id = preAccessControlPolicy.owner.id;
accessControlPolicy.owner.displayName = preAccessControlPolicy.owner.displayName;
} else {
accessControlPolicy.owner.id = userId;
accessControlPolicy.owner.displayName = userName;
}
String aclXml = null;
if (!hasKeyWord) {
aclXml = getAclXml;
}
if (Strings.isNullOrEmpty(cannedAcl)) {
if (Strings.isNullOrEmpty(aclXml)) {
if (Strings.isNullOrEmpty(getGrantRead) && Strings.isNullOrEmpty(getGrantWrite) && Strings.isNullOrEmpty(getGrantReadAcp) && Strings.isNullOrEmpty(getGrantWriteAcp) && Strings.isNullOrEmpty(getGrantFullControl)) {
Grant priUser = new Grant();
priUser.grantee = new Grantee();
priUser.grantee.type = GWConstants.CANONICAL_USER;
priUser.grantee.id = accessControlPolicy.owner.id;
priUser.grantee.displayName = accessControlPolicy.owner.displayName;
priUser.permission = GWConstants.GRANT_FULL_CONTROL;
accessControlPolicy.aclList.grants.add(priUser);
}
}
} else {
if (GWConstants.CANNED_ACLS_PRIVATE.equalsIgnoreCase(cannedAcl)) {
Grant priUser = new Grant();
priUser.grantee = new Grantee();
priUser.grantee.type = GWConstants.CANONICAL_USER;
priUser.grantee.id = accessControlPolicy.owner.id;
priUser.grantee.displayName = accessControlPolicy.owner.displayName;
priUser.permission = GWConstants.GRANT_FULL_CONTROL;
accessControlPolicy.aclList.grants.add(priUser);
} else if (GWConstants.CANNED_ACLS_PUBLIC_READ.equalsIgnoreCase(cannedAcl)) {
if (pabc != null && GWConstants.STRING_TRUE.equalsIgnoreCase(pabc.BlockPublicAcls)) {
logger.info(GWConstants.LOG_ACCESS_DENIED_PUBLIC_ACLS);
throw new GWException(GWErrorCode.ACCESS_DENIED, s3Parameter);
}
Grant priUser = new Grant();
priUser.grantee = new Grantee();
priUser.grantee.type = GWConstants.CANONICAL_USER;
priUser.grantee.id = accessControlPolicy.owner.id;
priUser.grantee.displayName = accessControlPolicy.owner.displayName;
priUser.permission = GWConstants.GRANT_FULL_CONTROL;
accessControlPolicy.aclList.grants.add(priUser);
Grant pubReadUser = new Grant();
pubReadUser.grantee = new Grantee();
pubReadUser.grantee.type = GWConstants.GROUP;
pubReadUser.grantee.uri = GWConstants.AWS_GRANT_URI_ALL_USERS;
pubReadUser.permission = GWConstants.GRANT_READ;
accessControlPolicy.aclList.grants.add(pubReadUser);
} else if (GWConstants.CANNED_ACLS_PUBLIC_READ_WRITE.equalsIgnoreCase(cannedAcl)) {
if (pabc != null && GWConstants.STRING_TRUE.equalsIgnoreCase(pabc.BlockPublicAcls)) {
logger.info(GWConstants.LOG_ACCESS_DENIED_PUBLIC_ACLS);
throw new GWException(GWErrorCode.ACCESS_DENIED, s3Parameter);
}
Grant priUser = new Grant();
priUser.grantee = new Grantee();
priUser.grantee.type = GWConstants.CANONICAL_USER;
priUser.grantee.id = accessControlPolicy.owner.id;
priUser.grantee.displayName = accessControlPolicy.owner.displayName;
priUser.permission = GWConstants.GRANT_FULL_CONTROL;
accessControlPolicy.aclList.grants.add(priUser);
Grant pubReadUser = new Grant();
pubReadUser.grantee = new Grantee();
pubReadUser.grantee.type = GWConstants.GROUP;
pubReadUser.grantee.uri = GWConstants.AWS_GRANT_URI_ALL_USERS;
pubReadUser.permission = GWConstants.GRANT_READ;
accessControlPolicy.aclList.grants.add(pubReadUser);
Grant pubWriteUser = new Grant();
pubWriteUser.grantee = new Grantee();
pubWriteUser.grantee.type = GWConstants.GROUP;
pubWriteUser.grantee.uri = GWConstants.AWS_GRANT_URI_ALL_USERS;
pubWriteUser.permission = GWConstants.GRANT_WRITE;
accessControlPolicy.aclList.grants.add(pubWriteUser);
} else if (GWConstants.CANNED_ACLS_AUTHENTICATED_READ.equalsIgnoreCase(cannedAcl)) {
if (pabc != null && GWConstants.STRING_TRUE.equalsIgnoreCase(pabc.BlockPublicAcls)) {
logger.info(GWConstants.LOG_ACCESS_DENIED_PUBLIC_ACLS);
throw new GWException(GWErrorCode.ACCESS_DENIED, s3Parameter);
}
Grant priUser = new Grant();
priUser.grantee = new Grantee();
priUser.grantee.type = GWConstants.CANONICAL_USER;
priUser.grantee.id = accessControlPolicy.owner.id;
priUser.grantee.displayName = accessControlPolicy.owner.displayName;
priUser.permission = GWConstants.GRANT_FULL_CONTROL;
accessControlPolicy.aclList.grants.add(priUser);
Grant authReadUser = new Grant();
authReadUser.grantee = new Grantee();
authReadUser.grantee.type = GWConstants.GROUP;
authReadUser.grantee.uri = GWConstants.AWS_GRANT_URI_AUTHENTICATED_USERS;
authReadUser.permission = GWConstants.GRANT_READ;
accessControlPolicy.aclList.grants.add(authReadUser);
} else if (GWConstants.CANNED_ACLS_BUCKET_OWNER_READ.equalsIgnoreCase(cannedAcl)) {
Grant priUser = new Grant();
priUser.grantee = new Grantee();
priUser.grantee.type = GWConstants.CANONICAL_USER;
priUser.grantee.id = accessControlPolicy.owner.id;
priUser.grantee.displayName = accessControlPolicy.owner.displayName;
priUser.permission = GWConstants.GRANT_FULL_CONTROL;
accessControlPolicy.aclList.grants.add(priUser);
Grant bucketOwnerReadUser = new Grant();
bucketOwnerReadUser.grantee = new Grantee();
bucketOwnerReadUser.grantee.type = GWConstants.CANONICAL_USER;
bucketOwnerReadUser.grantee.id = bucketInfo.getUserId();
bucketOwnerReadUser.grantee.displayName = bucketInfo.getUserName();
bucketOwnerReadUser.permission = GWConstants.GRANT_READ;
accessControlPolicy.aclList.grants.add(bucketOwnerReadUser);
} else if (GWConstants.CANNED_ACLS_BUCKET_OWNER_FULL_CONTROL.equalsIgnoreCase(cannedAcl)) {
Grant priUser = new Grant();
priUser.grantee = new Grantee();
priUser.grantee.type = GWConstants.CANONICAL_USER;
priUser.grantee.id = accessControlPolicy.owner.id;
priUser.grantee.displayName = accessControlPolicy.owner.displayName;
priUser.permission = GWConstants.GRANT_FULL_CONTROL;
accessControlPolicy.aclList.grants.add(priUser);
Grant bucketOwnerFullUser = new Grant();
bucketOwnerFullUser.grantee = new Grantee();
bucketOwnerFullUser.grantee.type = GWConstants.CANONICAL_USER;
bucketOwnerFullUser.grantee.id = bucketInfo.getUserId();
bucketOwnerFullUser.grantee.displayName = bucketInfo.getUserName();
bucketOwnerFullUser.permission = GWConstants.GRANT_FULL_CONTROL;
accessControlPolicy.aclList.grants.add(bucketOwnerFullUser);
} else if (GWConstants.CANNED_ACLS.contains(cannedAcl)) {
logger.error(GWErrorCode.NOT_IMPLEMENTED.getMessage() + GWConstants.LOG_ACCESS_CANNED_ACL, cannedAcl);
throw new GWException(GWErrorCode.NOT_IMPLEMENTED, s3Parameter);
} else {
logger.error(HttpServletResponse.SC_BAD_REQUEST + GWConstants.LOG_ACCESS_PROCESS_FAILED);
throw new GWException(GWErrorCode.BAD_REQUEST, s3Parameter);
}
}
if (!Strings.isNullOrEmpty(getGrantRead)) {
readAclHeader(getGrantRead, GWConstants.GRANT_READ, accessControlPolicy);
}
if (!Strings.isNullOrEmpty(getGrantWrite)) {
readAclHeader(getGrantWrite, GWConstants.GRANT_WRITE, accessControlPolicy);
}
if (!Strings.isNullOrEmpty(getGrantReadAcp)) {
readAclHeader(getGrantReadAcp, GWConstants.GRANT_READ_ACP, accessControlPolicy);
}
if (!Strings.isNullOrEmpty(getGrantWriteAcp)) {
readAclHeader(getGrantWriteAcp, GWConstants.GRANT_WRITE_ACP, accessControlPolicy);
}
if (!Strings.isNullOrEmpty(getGrantFullControl)) {
readAclHeader(getGrantFullControl, GWConstants.GRANT_FULL_CONTROL, accessControlPolicy);
}
if (Strings.isNullOrEmpty(aclXml)) {
XmlMapper xmlMapper = new XmlMapper();
try {
aclXml = xmlMapper.writeValueAsString(accessControlPolicy).replaceAll(GWConstants.WSTXNS, GWConstants.XSI);
} catch (JsonProcessingException e) {
PrintStack.logging(logger, e);
throw new GWException(GWErrorCode.SERVER_ERROR, s3Parameter);
}
}
// check user
try {
XmlMapper xmlMapper = new XmlMapper();
AccessControlPolicy checkAcl = xmlMapper.readValue(aclXml, AccessControlPolicy.class);
aclXml = checkAcl.toString();
if (checkAcl.aclList.grants != null) {
for (Grant user : checkAcl.aclList.grants) {
if (!Strings.isNullOrEmpty(user.grantee.displayName) && GWUtils.getDBInstance().getIdentityByName(user.grantee.displayName, s3Parameter) == null) {
logger.info(user.grantee.displayName);
throw new GWException(GWErrorCode.INVALID_ARGUMENT, s3Parameter);
}
if (!Strings.isNullOrEmpty(user.grantee.id) && !user.grantee.id.matches(GWConstants.BACKSLASH_D_PLUS)) {
logger.info(user.grantee.id);
throw new GWException(GWErrorCode.INVALID_ARGUMENT, s3Parameter);
}
if (!Strings.isNullOrEmpty(user.grantee.id) && GWUtils.getDBInstance().getIdentityByID(user.grantee.id, s3Parameter) == null) {
logger.info(user.grantee.id);
throw new GWException(GWErrorCode.INVALID_ARGUMENT, s3Parameter);
}
}
}
} catch (JsonProcessingException e) {
PrintStack.logging(logger, e);
throw new GWException(GWErrorCode.SERVER_ERROR, s3Parameter);
}
return aclXml;
}
Aggregations