use of ddf.security.expansion.Expansion in project ddf by codice.
the class ExpandCommand method execute.
/**
* Called to execute the security:encrypt console command.
*/
@Override
public Object execute() throws Exception {
if ((key == null) || (values == null)) {
return null;
}
if ((expansionList != null) && (!expansionList.isEmpty())) {
for (Expansion expansion : expansionList) {
Set<String> expandedValues = expansion.expand(key, values);
System.out.print(Ansi.ansi().fg(Ansi.Color.YELLOW).toString());
System.out.println(expandedValues);
System.out.print(Ansi.ansi().reset().toString());
}
} else {
System.out.println("No expansion services currently available.");
}
return null;
}
use of ddf.security.expansion.Expansion in project ddf by codice.
the class AbstractAuthorizingRealm method doGetAuthorizationInfo.
/**
* Takes the security attributes about the subject of the incoming security token and builds
* sets of permissions and roles for use in further checking.
*
* @param principalCollection holds the security assertions for the primary principal of this request
* @return a new collection of permissions and roles corresponding to the security assertions
* @throws AuthorizationException if there are no security assertions associated with this principal collection or
* if the token cannot be processed successfully.
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
LOGGER.debug("Retrieving authorization info for {}", principalCollection.getPrimaryPrincipal());
SecurityAssertion assertion = principalCollection.oneByType(SecurityAssertion.class);
if (assertion == null) {
String msg = "No assertion found, cannot retrieve authorization info.";
throw new AuthorizationException(msg);
}
List<AttributeStatement> attributeStatements = assertion.getAttributeStatements();
Set<Permission> permissions = new HashSet<>();
Set<String> roles = new HashSet<>();
Map<String, Set<String>> permissionsMap = new HashMap<>();
Collection<Expansion> expansionServices = getUserExpansionServices();
for (AttributeStatement curStatement : attributeStatements) {
addAttributesToMap(curStatement.getAttributes(), permissionsMap, expansionServices);
}
for (Map.Entry<String, Set<String>> entry : permissionsMap.entrySet()) {
permissions.add(new KeyValuePermission(entry.getKey(), entry.getValue()));
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("Adding permission: {} : {}", entry.getKey(), StringUtils.join(entry.getValue(), ","));
}
}
if (permissionsMap.containsKey(SAML_ROLE)) {
roles.addAll(permissionsMap.get(SAML_ROLE));
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("Adding roles to authorization info: {}", StringUtils.join(roles, ","));
}
}
info.setObjectPermissions(permissions);
info.setRoles(roles);
return info;
}
use of ddf.security.expansion.Expansion in project ddf by codice.
the class AbstractAuthorizingRealm method expandPermissions.
protected List<Permission> expandPermissions(List<Permission> permissions) {
Collection<Expansion> expansionServices = getMetacardExpansionServices();
if (CollectionUtils.isEmpty(expansionServices)) {
return permissions;
}
List<Permission> expandedPermissions = new ArrayList<>(permissions.size());
for (Permission permission : permissions) {
if (permission instanceof KeyValuePermission) {
for (Expansion expansionService : expansionServices) {
Set<String> expandedSet = expansionService.expand(((KeyValuePermission) permission).getKey(), new HashSet<>(((KeyValuePermission) permission).getValues()));
expandedPermissions.add(new KeyValuePermission(((KeyValuePermission) permission).getKey(), expandedSet));
}
} else if (permission instanceof KeyValueCollectionPermission) {
List<Permission> keyValuePermissionList = ((KeyValueCollectionPermission) permission).getKeyValuePermissionList();
List<Permission> expandedCollection = expandPermissions(keyValuePermissionList);
//we know that everything in a key value collection is a key value permission so just do the unchecked cast
List<KeyValuePermission> castedList = castToKeyValueList(expandedCollection);
expandedPermissions.add(new KeyValueCollectionPermission(((KeyValueCollectionPermission) permission).getAction(), castedList));
} else {
expandedPermissions.add(permission);
}
}
return expandedPermissions;
}
use of ddf.security.expansion.Expansion in project ddf by codice.
the class AbstractAuthorizingRealm method addUserExpansion.
public void addUserExpansion(ServiceReference<Expansion> expansionServiceRef) {
Bundle bundle = FrameworkUtil.getBundle(AbstractAuthorizingRealm.class);
if (bundle != null) {
Expansion expansion = bundle.getBundleContext().getService(expansionServiceRef);
addUserExpansion(expansionServiceRef, expansion);
}
}
use of ddf.security.expansion.Expansion in project ddf by codice.
the class AbstractAuthorizingRealm method addMetacardExpansion.
public void addMetacardExpansion(ServiceReference<Expansion> expansionServiceRef) {
Bundle bundle = FrameworkUtil.getBundle(AbstractAuthorizingRealm.class);
if (bundle != null) {
Expansion expansion = bundle.getBundleContext().getService(expansionServiceRef);
addMetacardExpansion(expansionServiceRef, expansion);
}
}
Aggregations