Search in sources :

Example 1 with Expansion

use of ddf.security.expansion.Expansion in project ddf by codice.

the class ExpandCommand method execute.

/**
     * Called to execute the security:encrypt console command.
     */
@Override
public Object execute() throws Exception {
    if ((key == null) || (values == null)) {
        return null;
    }
    if ((expansionList != null) && (!expansionList.isEmpty())) {
        for (Expansion expansion : expansionList) {
            Set<String> expandedValues = expansion.expand(key, values);
            System.out.print(Ansi.ansi().fg(Ansi.Color.YELLOW).toString());
            System.out.println(expandedValues);
            System.out.print(Ansi.ansi().reset().toString());
        }
    } else {
        System.out.println("No expansion services currently available.");
    }
    return null;
}
Also used : Expansion(ddf.security.expansion.Expansion)

Example 2 with Expansion

use of ddf.security.expansion.Expansion in project ddf by codice.

the class AbstractAuthorizingRealm method doGetAuthorizationInfo.

/**
     * Takes the security attributes about the subject of the incoming security token and builds
     * sets of permissions and roles for use in further checking.
     *
     * @param principalCollection holds the security assertions for the primary principal of this request
     * @return a new collection of permissions and roles corresponding to the security assertions
     * @throws AuthorizationException if there are no security assertions associated with this principal collection or
     *                                if the token cannot be processed successfully.
     */
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
    SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
    LOGGER.debug("Retrieving authorization info for {}", principalCollection.getPrimaryPrincipal());
    SecurityAssertion assertion = principalCollection.oneByType(SecurityAssertion.class);
    if (assertion == null) {
        String msg = "No assertion found, cannot retrieve authorization info.";
        throw new AuthorizationException(msg);
    }
    List<AttributeStatement> attributeStatements = assertion.getAttributeStatements();
    Set<Permission> permissions = new HashSet<>();
    Set<String> roles = new HashSet<>();
    Map<String, Set<String>> permissionsMap = new HashMap<>();
    Collection<Expansion> expansionServices = getUserExpansionServices();
    for (AttributeStatement curStatement : attributeStatements) {
        addAttributesToMap(curStatement.getAttributes(), permissionsMap, expansionServices);
    }
    for (Map.Entry<String, Set<String>> entry : permissionsMap.entrySet()) {
        permissions.add(new KeyValuePermission(entry.getKey(), entry.getValue()));
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Adding permission: {} : {}", entry.getKey(), StringUtils.join(entry.getValue(), ","));
        }
    }
    if (permissionsMap.containsKey(SAML_ROLE)) {
        roles.addAll(permissionsMap.get(SAML_ROLE));
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Adding roles to authorization info: {}", StringUtils.join(roles, ","));
        }
    }
    info.setObjectPermissions(permissions);
    info.setRoles(roles);
    return info;
}
Also used : SimpleAuthorizationInfo(org.apache.shiro.authz.SimpleAuthorizationInfo) HashSet(java.util.HashSet) Set(java.util.Set) AuthorizationException(org.apache.shiro.authz.AuthorizationException) HashMap(java.util.HashMap) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) XSString(org.opensaml.core.xml.schema.XSString) SecurityAssertion(ddf.security.assertion.SecurityAssertion) AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) KeyValuePermission(ddf.security.permission.KeyValuePermission) Permission(org.apache.shiro.authz.Permission) KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission) Expansion(ddf.security.expansion.Expansion) HashMap(java.util.HashMap) Map(java.util.Map) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) KeyValuePermission(ddf.security.permission.KeyValuePermission) HashSet(java.util.HashSet)

Example 3 with Expansion

use of ddf.security.expansion.Expansion in project ddf by codice.

the class AbstractAuthorizingRealm method expandPermissions.

protected List<Permission> expandPermissions(List<Permission> permissions) {
    Collection<Expansion> expansionServices = getMetacardExpansionServices();
    if (CollectionUtils.isEmpty(expansionServices)) {
        return permissions;
    }
    List<Permission> expandedPermissions = new ArrayList<>(permissions.size());
    for (Permission permission : permissions) {
        if (permission instanceof KeyValuePermission) {
            for (Expansion expansionService : expansionServices) {
                Set<String> expandedSet = expansionService.expand(((KeyValuePermission) permission).getKey(), new HashSet<>(((KeyValuePermission) permission).getValues()));
                expandedPermissions.add(new KeyValuePermission(((KeyValuePermission) permission).getKey(), expandedSet));
            }
        } else if (permission instanceof KeyValueCollectionPermission) {
            List<Permission> keyValuePermissionList = ((KeyValueCollectionPermission) permission).getKeyValuePermissionList();
            List<Permission> expandedCollection = expandPermissions(keyValuePermissionList);
            //we know that everything in a key value collection is a key value permission so just do the unchecked cast
            List<KeyValuePermission> castedList = castToKeyValueList(expandedCollection);
            expandedPermissions.add(new KeyValueCollectionPermission(((KeyValueCollectionPermission) permission).getAction(), castedList));
        } else {
            expandedPermissions.add(permission);
        }
    }
    return expandedPermissions;
}
Also used : KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission) ArrayList(java.util.ArrayList) KeyValuePermission(ddf.security.permission.KeyValuePermission) Permission(org.apache.shiro.authz.Permission) KeyValueCollectionPermission(ddf.security.permission.KeyValueCollectionPermission) ArrayList(java.util.ArrayList) List(java.util.List) XSString(org.opensaml.core.xml.schema.XSString) Expansion(ddf.security.expansion.Expansion) KeyValuePermission(ddf.security.permission.KeyValuePermission)

Example 4 with Expansion

use of ddf.security.expansion.Expansion in project ddf by codice.

the class AbstractAuthorizingRealm method addUserExpansion.

public void addUserExpansion(ServiceReference<Expansion> expansionServiceRef) {
    Bundle bundle = FrameworkUtil.getBundle(AbstractAuthorizingRealm.class);
    if (bundle != null) {
        Expansion expansion = bundle.getBundleContext().getService(expansionServiceRef);
        addUserExpansion(expansionServiceRef, expansion);
    }
}
Also used : Bundle(org.osgi.framework.Bundle) Expansion(ddf.security.expansion.Expansion)

Example 5 with Expansion

use of ddf.security.expansion.Expansion in project ddf by codice.

the class AbstractAuthorizingRealm method addMetacardExpansion.

public void addMetacardExpansion(ServiceReference<Expansion> expansionServiceRef) {
    Bundle bundle = FrameworkUtil.getBundle(AbstractAuthorizingRealm.class);
    if (bundle != null) {
        Expansion expansion = bundle.getBundleContext().getService(expansionServiceRef);
        addMetacardExpansion(expansionServiceRef, expansion);
    }
}
Also used : Bundle(org.osgi.framework.Bundle) Expansion(ddf.security.expansion.Expansion)

Aggregations

Expansion (ddf.security.expansion.Expansion)7 XSString (org.opensaml.core.xml.schema.XSString)3 KeyValueCollectionPermission (ddf.security.permission.KeyValueCollectionPermission)2 KeyValuePermission (ddf.security.permission.KeyValuePermission)2 HashSet (java.util.HashSet)2 List (java.util.List)2 Map (java.util.Map)2 Permission (org.apache.shiro.authz.Permission)2 Bundle (org.osgi.framework.Bundle)2 SecurityAssertion (ddf.security.assertion.SecurityAssertion)1 ArrayList (java.util.ArrayList)1 HashMap (java.util.HashMap)1 Set (java.util.Set)1 ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)1 AuthorizationException (org.apache.shiro.authz.AuthorizationException)1 SimpleAuthorizationInfo (org.apache.shiro.authz.SimpleAuthorizationInfo)1 XMLObject (org.opensaml.core.xml.XMLObject)1 AttributeStatement (org.opensaml.saml.saml2.core.AttributeStatement)1