Search in sources :

Example 6 with AdminClient

use of edu.uiuc.ncsa.myproxy.oa4mp.server.admin.adminClient.AdminClient in project OA4MP by ncsa.

the class PermissionServer method listAdmins.

/**
 * Returns a list of admins for a given client. This will check that the permissions exist for this operation.
 *
 * @param request
 * @return
 */
public PermissionResponse listAdmins(ListAdminsRequest request) {
    // request needs an client id
    // canRead(request);
    List<Identifier> adminIDs = getPermissionStore().getAdmins(request.getClient().getIdentifier());
    List<AdminClient> admins = new LinkedList<>();
    for (Identifier id : adminIDs) {
        try {
            getPermissionStore().get(id, request.getClient().getIdentifier());
            admins.add(getAdminClientStore().get(id));
        } catch (Throwable t) {
        // rock on
        }
    }
    return new ListAdminsResponse(admins);
}
Also used : Identifier(edu.uiuc.ncsa.security.core.Identifier) LinkedList(java.util.LinkedList) AdminClient(edu.uiuc.ncsa.myproxy.oa4mp.server.admin.adminClient.AdminClient)

Example 7 with AdminClient

use of edu.uiuc.ncsa.myproxy.oa4mp.server.admin.adminClient.AdminClient in project OA4MP by ncsa.

the class AttributeServer method removeAdminClient.

/**
 * Remove a subset of attributes for an admin client.
 *
 * @param request
 * @return
 */
protected AttributeAdminClientResponse removeAdminClient(AttributeRemoveRequest request) {
    AdminClient client = getAdminClientStore().get(request.getAdminClient().getIdentifier());
    ColumnMap map = new ColumnMap();
    getACConverter().toMap(client, map);
    for (String key : request.getAttributes()) {
        // don't let anyone change the identifier.
        if (!key.equals(getACConverter().getKeys().identifier())) {
            map.remove(key);
        }
    }
    AdminClient updatedClient = getACConverter().fromMap(map, null);
    getAdminClientStore().save(updatedClient);
    AttributeAdminClientResponse attributeClientResponse = new AttributeAdminClientResponse(updatedClient);
    return attributeClientResponse;
}
Also used : ColumnMap(edu.uiuc.ncsa.security.storage.sql.internals.ColumnMap) AdminClient(edu.uiuc.ncsa.myproxy.oa4mp.server.admin.adminClient.AdminClient)

Example 8 with AdminClient

use of edu.uiuc.ncsa.myproxy.oa4mp.server.admin.adminClient.AdminClient in project OA4MP by ncsa.

the class ClientServerTest method testRemove.

public void testRemove(CMTestStoreProvider tp2) throws Exception {
    CC cc = setupClients(tp2);
    // so approve this
    ClientServer server = new ClientServer(tp2.getCOSE());
    ApproveRequest approveRequest = RequestFactory.createRequest(cc.adminClient, new TypeClient(), new ActionApprove(), cc.client, null);
    server.process(approveRequest);
    assert tp2.getClientApprovalStore().containsKey(cc.client.getIdentifier());
    assert tp2.getClientApprovalStore().get(cc.client.getIdentifier()).isApproved();
    assert !tp2.getPermissionStore().get(cc.adminClient.getIdentifier(), cc.client.getIdentifier()).isEmpty();
    AdminClient ac2 = getAdminClient(tp2.getAdminClientStore());
    PermissionServer permissionServer = new PermissionServer(tp2.getCOSE());
    AddClientRequest addClientRequest = RequestFactory.createRequest(ac2, new TypePermission(), new ActionAdd(), cc.client, null);
    permissionServer.process(addClientRequest);
    assert !tp2.getPermissionStore().get(ac2.getIdentifier(), cc.client.getIdentifier()).isEmpty();
    // ok, so now we have a couple of admin clients with permissions on this client and it is approved. Let's
    // see if everything gets cleaned out.
    RemoveRequest removeRequest = RequestFactory.createRequest(cc.adminClient, new TypeClient(), new ActionRemove(), cc.client, null);
    server.process(removeRequest);
    assert !tp2.getClientStore().containsKey(cc.client.getIdentifier());
    assert !tp2.getClientApprovalStore().containsKey(cc.client.getIdentifier());
    assert tp2.getPermissionStore().get(cc.adminClient.getIdentifier(), cc.client.getIdentifier()).isEmpty();
    assert tp2.getPermissionStore().get(ac2.getIdentifier(), cc.client.getIdentifier()).isEmpty();
}
Also used : PermissionServer(edu.uiuc.ncsa.myproxy.oa4mp.oauth2.cm.util.permissions.PermissionServer) TypeClient(edu.uiuc.ncsa.myproxy.oa4mp.server.admin.things.types.TypeClient) TypePermission(edu.uiuc.ncsa.myproxy.oa4mp.server.admin.things.types.TypePermission) AdminClient(edu.uiuc.ncsa.myproxy.oa4mp.server.admin.adminClient.AdminClient) AddClientRequest(edu.uiuc.ncsa.myproxy.oa4mp.oauth2.cm.util.permissions.AddClientRequest)

Example 9 with AdminClient

use of edu.uiuc.ncsa.myproxy.oa4mp.server.admin.adminClient.AdminClient in project OA4MP by ncsa.

the class PermissionServerTest method testGetAdmins.

public void testGetAdmins(CMTestStoreProvider tp2) throws Exception {
    int clientCount = 4;
    CC cc = setupClients(tp2);
    List<AdminClient> admins = new LinkedList<>();
    for (int i = 0; i < clientCount; i++) {
        AdminClient ac2 = getAdminClient(tp2.getAdminClientStore());
        Permission p = tp2.getPermissionStore().create();
        p.setDelete(true);
        p.setRead(true);
        p.setApprove(true);
        p.setCreate(true);
        p.setWrite(true);
        p.setAdminID(ac2.getIdentifier());
        p.setClientID(cc.client.getIdentifier());
        tp2.getPermissionStore().save(p);
        admins.add(ac2);
    }
    admins.add(cc.adminClient);
    // need this list of identifiers later for checking that the returned result is correct.
    List<Identifier> adminIDs = new LinkedList<>();
    for (AdminClient ac : admins) {
        adminIDs.add(ac.getIdentifier());
    }
    PermissionServer permissionServer = new PermissionServer(tp2.getCOSE());
    // ListAdminsRequest req = new ListAdminsRequest(cc.adminClient, cc.client);
    ListAdminsRequest req = (ListAdminsRequest) RequestFactory.createRequest(null, new TypePermission(), new ActionList(), cc.client, null);
    ListAdminsResponse resp = (ListAdminsResponse) permissionServer.process(req);
    // so add a bunch of admins for a single client and check that they all come back.
    List<AdminClient> returnedACs = resp.getAdmins();
    assert returnedACs.size() == admins.size();
    for (AdminClient x : returnedACs) {
        assert adminIDs.contains(x.getIdentifier());
    }
}
Also used : LinkedList(java.util.LinkedList) Identifier(edu.uiuc.ncsa.security.core.Identifier) TypePermission(edu.uiuc.ncsa.myproxy.oa4mp.server.admin.things.types.TypePermission) TypePermission(edu.uiuc.ncsa.myproxy.oa4mp.server.admin.things.types.TypePermission) Permission(edu.uiuc.ncsa.myproxy.oa4mp.server.admin.permissions.Permission) ActionList(edu.uiuc.ncsa.myproxy.oa4mp.server.admin.things.actions.ActionList) AdminClient(edu.uiuc.ncsa.myproxy.oa4mp.server.admin.adminClient.AdminClient)

Example 10 with AdminClient

use of edu.uiuc.ncsa.myproxy.oa4mp.server.admin.adminClient.AdminClient in project OA4MP by ncsa.

the class PermissionTest method testAttributes.

public void testAttributes(PermissionsStore pStore, ClientStore clientStore, AdminClientStore acStore) throws Exception {
    AdminClient ac = (AdminClient) acStore.create();
    OA2Client c = (OA2Client) clientStore.create();
    Permission p = (Permission) pStore.create();
    p.setAdminID(ac.getIdentifier());
    p.setClientID(c.getIdentifier());
    p.setApprove(false);
    pStore.save(p);
    Permission p2 = (Permission) pStore.get(p.getIdentifier());
    assert p2.equals(p);
    p.setCreate(false);
    pStore.save(p);
    p2 = (Permission) pStore.get(p.getIdentifier());
    assert p2.equals(p);
    p.setRead(false);
    pStore.save(p);
    p2 = (Permission) pStore.get(p.getIdentifier());
    assert p2.equals(p);
    p.setDelete(false);
    pStore.save(p);
    p2 = (Permission) pStore.get(p.getIdentifier());
    assert p2.equals(p);
    p.setDelete(false);
    pStore.save(p);
    p2 = (Permission) pStore.get(p.getIdentifier());
    assert p2.equals(p);
}
Also used : OA2Client(edu.uiuc.ncsa.security.oauth_2_0.OA2Client) Permission(edu.uiuc.ncsa.myproxy.oa4mp.server.admin.permissions.Permission) AdminClient(edu.uiuc.ncsa.myproxy.oa4mp.server.admin.adminClient.AdminClient)

Aggregations

AdminClient (edu.uiuc.ncsa.myproxy.oa4mp.server.admin.adminClient.AdminClient)20 Permission (edu.uiuc.ncsa.myproxy.oa4mp.server.admin.permissions.Permission)5 Identifier (edu.uiuc.ncsa.security.core.Identifier)4 OA2Client (edu.uiuc.ncsa.security.oauth_2_0.OA2Client)4 TypePermission (edu.uiuc.ncsa.myproxy.oa4mp.server.admin.things.types.TypePermission)3 ColumnMap (edu.uiuc.ncsa.security.storage.sql.internals.ColumnMap)3 JSONObject (net.sf.json.JSONObject)3 AdminClientKeys (edu.uiuc.ncsa.myproxy.oa4mp.server.admin.adminClient.AdminClientKeys)2 PermissionList (edu.uiuc.ncsa.myproxy.oa4mp.server.admin.permissions.PermissionList)2 PrintWriter (java.io.PrintWriter)2 LinkedList (java.util.LinkedList)2 OA2SE (edu.uiuc.ncsa.myproxy.oa4mp.oauth2.OA2SE)1 AddClientRequest (edu.uiuc.ncsa.myproxy.oa4mp.oauth2.cm.util.permissions.AddClientRequest)1 PermissionServer (edu.uiuc.ncsa.myproxy.oa4mp.oauth2.cm.util.permissions.PermissionServer)1 ActionAdd (edu.uiuc.ncsa.myproxy.oa4mp.server.admin.things.actions.ActionAdd)1 ActionList (edu.uiuc.ncsa.myproxy.oa4mp.server.admin.things.actions.ActionList)1 TypeClient (edu.uiuc.ncsa.myproxy.oa4mp.server.admin.things.types.TypeClient)1 GeneralException (edu.uiuc.ncsa.security.core.exceptions.GeneralException)1 BasicIdentifier (edu.uiuc.ncsa.security.core.util.BasicIdentifier)1 ClientApproval (edu.uiuc.ncsa.security.delegation.server.storage.ClientApproval)1