use of com.walmartlabs.concord.server.security.UserPrincipal in project concord by walmartlabs.
the class FormAccessManager method assertFormAccess.
public void assertFormAccess(String formName, Map<String, Serializable> runAsParams) {
if (runAsParams == null || runAsParams.isEmpty()) {
return;
}
UserPrincipal p = UserPrincipal.assertCurrent();
Set<String> expectedUsers = com.walmartlabs.concord.forms.FormUtils.getRunAsUsers(formName, runAsParams);
if (!expectedUsers.isEmpty() && !expectedUsers.contains(p.getUsername())) {
throw new UnauthorizedException("The current user (" + p.getUsername() + ") doesn't have " + "the necessary permissions to access the form.");
}
Set<String> groups = com.walmartlabs.concord.forms.FormUtils.getRunAsLdapGroups(formName, runAsParams);
if (!groups.isEmpty()) {
Set<String> userLdapGroups = Optional.ofNullable(LdapPrincipal.getCurrent()).map(LdapPrincipal::getGroups).orElse(null);
boolean isGroupMatched = groups.stream().anyMatch(group -> matchesLdapGroup(group, userLdapGroups));
if (!isGroupMatched) {
throw new UnauthorizedException("The current user (" + p.getUsername() + ") doesn't have " + "the necessary permissions to resume process. Expected LDAP group(s) '" + groups + "'");
}
}
}
use of com.walmartlabs.concord.server.security.UserPrincipal in project concord by walmartlabs.
the class ProcessResource method start.
/**
* Starts a new process instance using the specified entry point and provided configuration.
*
* @param entryPoint
* @param req
* @param parentInstanceId
* @param sync
* @return
* @deprecated use {@link #start(MultipartInput, UUID, boolean, String[], HttpServletRequest)}
*/
@POST
@ApiOperation(value = "Start a new process using the specified entry point and provided configuration", hidden = true)
@javax.ws.rs.Path("/{entryPoint}")
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@WithTimer(suffix = "_json")
@Deprecated
public StartProcessResponse start(@PathParam("entryPoint") String entryPoint, Map<String, Object> req, @QueryParam("parentId") UUID parentInstanceId, @Deprecated @DefaultValue("false") @QueryParam("sync") boolean sync, @QueryParam("out") String[] out) {
if (sync) {
throw syncIsForbidden();
}
assertPartialKey(parentInstanceId);
PartialProcessKey processKey = PartialProcessKey.from(UUID.randomUUID());
UUID orgId = OrganizationManager.DEFAULT_ORG_ID;
EntryPoint ep = payloadManager.parseEntryPoint(processKey, orgId, entryPoint);
UserPrincipal userPrincipal = UserPrincipal.assertCurrent();
Payload payload;
try {
payload = payloadManager.createPayload(processKey, parentInstanceId, userPrincipal.getId(), userPrincipal.getUsername(), ep, req, out);
} catch (IOException e) {
log.error("start ['{}'] -> error creating a payload: {}", entryPoint, e);
throw new ConcordApplicationException("Error creating a payload", e);
}
return toResponse(processManager.start(payload));
}
use of com.walmartlabs.concord.server.security.UserPrincipal in project concord by walmartlabs.
the class ProcessCheckpointManager method assertProcessAccess.
public void assertProcessAccess(ProcessEntry e) {
UserPrincipal p = UserPrincipal.assertCurrent();
UUID initiatorId = e.initiatorId();
if (p.getId().equals(initiatorId)) {
// process owners should be able to restore the process from a checkpoint
return;
}
if (Roles.isAdmin()) {
return;
}
UUID projectId = e.projectId();
if (projectId != null) {
projectAccessManager.assertAccess(projectId, ResourceAccessLevel.WRITER, false);
return;
}
throw new UnauthorizedException("The current user (" + p.getUsername() + ") doesn't have " + "the necessary permissions to restore the process using a checkpoint: " + e.instanceId());
}
use of com.walmartlabs.concord.server.security.UserPrincipal in project concord by walmartlabs.
the class ApiKeyRealm method doGetAuthenticationInfo.
@Override
@WithTimer
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
ApiKey t = (ApiKey) token;
UserEntry u = userManager.get(t.getUserId()).orElse(null);
if (u == null) {
return null;
}
if (u.isDisabled()) {
throw new AuthenticationException("User account '" + u.getName() + "' is disabled");
}
auditLog.add(AuditObject.SYSTEM, AuditAction.ACCESS).userId(u.getId()).field("realm", REALM_NAME).field("apiKeyId", t.getKeyId()).log();
UserPrincipal p = new UserPrincipal(REALM_NAME, u);
return new SimpleAccount(Arrays.asList(p, t), t.getKey(), getName());
}
use of com.walmartlabs.concord.server.security.UserPrincipal in project concord by walmartlabs.
the class ProcessResource method start.
/**
* Starts a new process instance using the specified entry point and multipart request data.
*
* @param entryPoint
* @param input
* @param parentInstanceId
* @param sync
* @return
* @deprecated use {@link #start(MultipartInput, UUID, boolean, String[], HttpServletRequest)}
*/
@POST
@ApiOperation(value = "Start a new process using the specified entry point and multipart request data", hidden = true)
@javax.ws.rs.Path("/{entryPoint}")
@Consumes(MediaType.MULTIPART_FORM_DATA)
@Produces(MediaType.APPLICATION_JSON)
@WithTimer(suffix = "_with_entrypoint")
@Deprecated
public StartProcessResponse start(@PathParam("entryPoint") String entryPoint, MultipartInput input, @QueryParam("parentId") UUID parentInstanceId, @Deprecated @DefaultValue("false") @QueryParam("sync") boolean sync, @QueryParam("out") String[] out) {
if (sync) {
throw syncIsForbidden();
}
assertPartialKey(parentInstanceId);
PartialProcessKey processKey = PartialProcessKey.from(UUID.randomUUID());
UUID orgId = OrganizationManager.DEFAULT_ORG_ID;
EntryPoint ep = payloadManager.parseEntryPoint(processKey, orgId, entryPoint);
UserPrincipal userPrincipal = UserPrincipal.assertCurrent();
Payload payload;
try {
payload = payloadManager.createPayload(processKey, parentInstanceId, userPrincipal.getId(), userPrincipal.getUsername(), ep, input, out);
} catch (IOException e) {
log.error("start ['{}'] -> error creating a payload: {}", entryPoint, e);
throw new ConcordApplicationException("Error creating a payload", e);
}
return toResponse(processManager.start(payload));
}
Aggregations