Example 6 with ValueWrapper
use of eu.bcvsolutions.idm.core.api.config.cache.domain.ValueWrapper in project CzechIdMng by bcvsolutions.
the class DefaultAuthorizationManager method getEnabledDistinctPolicies.
/**
* Cache decorator - get or load current identity authorization policies.
* Distinct policies are returned only
*
* @param identityId
* @param entityType
* @return
*/
@SuppressWarnings({ "rawtypes", "unchecked" })
protected List<IdmAuthorizationPolicyDto> getEnabledDistinctPolicies(UUID identityId, Class<? extends Identifiable> entityType) {
if (identityId == null) {
// TODO: support setting policies to not logged user - e.g. public endpoints.
return Lists.newArrayList();
}
Assert.notNull(entityType, "Entity type is required.");
//
// try to get cached policies
Map<Class<? extends Identifiable>, List<UUID>> cachedPolicies;
ValueWrapper value = cacheManager.getValue(AUTHORIZATION_POLICY_CACHE_NAME, identityId);
if (value != null) {
// cache value is never null - create copy
cachedPolicies = new HashMap<>((Map) value.get());
} else {
cachedPolicies = new HashMap<>();
}
if (cachedPolicies.containsKey(entityType)) {
// cache contains policy identifiers only -> get policy dto
return cachedPolicies.get(entityType).stream().map(policyId -> getAuthorizationPolicy(policyId)).collect(Collectors.toList());
}
// distinct policies
List<IdmAuthorizationPolicyDto> enabledDistinctPolicies = new ArrayList<>();
// load policies
service.getEnabledPolicies(identityId, entityType).stream().filter(// TODO: compatibility issues - agendas without authorization support
p -> supportsEntityType(p, entityType)).forEach(policy -> {
boolean contains = false;
for (IdmAuthorizationPolicyDto registeredPolicy : enabledDistinctPolicies) {
if (isDuplicate(policy, registeredPolicy)) {
// policy with the same configuration is already registered
contains = true;
break;
}
}
// register policy
if (!contains) {
enabledDistinctPolicies.add(policy);
}
// cache all policies (even duplicates to prevent select)
cacheManager.cacheValue(AUTHORIZATION_POLICY_DEFINITION_CACHE_NAME, policy.getId(), policy);
});
// cache policies as uuid
cachedPolicies.put(entityType, // dto => uuid
enabledDistinctPolicies.stream().map(AbstractDto::getId).collect(Collectors.toList()));
cacheManager.cacheValue(AUTHORIZATION_POLICY_CACHE_NAME, identityId, cachedPolicies);
//
return enabledDistinctPolicies;
}
Also used :
Autowired(org.springframework.beans.factory.annotation.Autowired)
HashMap(java.util.HashMap)
ValueWrapper(eu.bcvsolutions.idm.core.api.config.cache.domain.ValueWrapper)
StringUtils(org.apache.commons.lang3.StringUtils)
SecurityService(eu.bcvsolutions.idm.core.security.api.service.SecurityService)
ArrayList(java.util.ArrayList)
HashSet(java.util.HashSet)
AutowireHelper(eu.bcvsolutions.idm.core.api.utils.AutowireHelper)
AbstractDto(eu.bcvsolutions.idm.core.api.dto.AbstractDto)
Lists(com.google.common.collect.Lists)
Predicate(javax.persistence.criteria.Predicate)
Map(java.util.Map)
BasePermission(eu.bcvsolutions.idm.core.security.api.domain.BasePermission)
CriteriaBuilder(javax.persistence.criteria.CriteriaBuilder)
ModuleService(eu.bcvsolutions.idm.core.api.service.ModuleService)
AuthorizableService(eu.bcvsolutions.idm.core.security.api.service.AuthorizableService)
Objects(com.google.common.base.Objects)
Root(javax.persistence.criteria.Root)
AuthorizationManager(eu.bcvsolutions.idm.core.security.api.service.AuthorizationManager)
CriteriaQuery(javax.persistence.criteria.CriteriaQuery)
IdmCacheManager(eu.bcvsolutions.idm.core.api.service.IdmCacheManager)
AuthorizationPolicy(eu.bcvsolutions.idm.core.security.api.domain.AuthorizationPolicy)
Set(java.util.Set)
UUID(java.util.UUID)
AuthorizationEvaluator(eu.bcvsolutions.idm.core.security.api.service.AuthorizationEvaluator)
Collectors(java.util.stream.Collectors)
ApplicationContext(org.springframework.context.ApplicationContext)
Serializable(java.io.Serializable)
List(java.util.List)
AuthorizationEvaluatorDto(eu.bcvsolutions.idm.core.security.api.dto.AuthorizationEvaluatorDto)
PermissionUtils(eu.bcvsolutions.idm.core.security.api.utils.PermissionUtils)
IdmAuthorizationPolicyDto(eu.bcvsolutions.idm.core.api.dto.IdmAuthorizationPolicyDto)
NoSuchBeanDefinitionException(org.springframework.beans.factory.NoSuchBeanDefinitionException)
Identifiable(eu.bcvsolutions.idm.core.api.domain.Identifiable)
IdmAuthorizationPolicyService(eu.bcvsolutions.idm.core.api.service.IdmAuthorizationPolicyService)
IdmGroupPermission(eu.bcvsolutions.idm.core.security.api.domain.IdmGroupPermission)
AuthorizableType(eu.bcvsolutions.idm.core.security.api.dto.AuthorizableType)
Assert(org.springframework.util.Assert)
ValueWrapper(eu.bcvsolutions.idm.core.api.config.cache.domain.ValueWrapper)
ArrayList(java.util.ArrayList)
IdmAuthorizationPolicyDto(eu.bcvsolutions.idm.core.api.dto.IdmAuthorizationPolicyDto)
Identifiable(eu.bcvsolutions.idm.core.api.domain.Identifiable)
AbstractDto(eu.bcvsolutions.idm.core.api.dto.AbstractDto)
ArrayList(java.util.ArrayList)
List(java.util.List)
HashMap(java.util.HashMap)
Map(java.util.Map)
Example 7 with ValueWrapper
use of eu.bcvsolutions.idm.core.api.config.cache.domain.ValueWrapper in project CzechIdMng by bcvsolutions.
the class DefaultAuthorizationManager method getAuthorizationPolicy.
/**
* Get autorization policy with cache usage.
*
* @param policyId policy identifier
* @return policy dto
* @since 10.7.0
*/
private IdmAuthorizationPolicyDto getAuthorizationPolicy(UUID policyId) {
ValueWrapper value = cacheManager.getValue(AUTHORIZATION_POLICY_DEFINITION_CACHE_NAME, policyId);
if (value != null) {
// cache value can be null
return (IdmAuthorizationPolicyDto) value.get();
}
// load + cache (not exist ~ null policy can be cached to to prevent future select)
IdmAuthorizationPolicyDto policy = service.get(policyId);
cacheManager.cacheValue(AUTHORIZATION_POLICY_DEFINITION_CACHE_NAME, policyId, policy);
//
return policy;
}
Also used :
ValueWrapper(eu.bcvsolutions.idm.core.api.config.cache.domain.ValueWrapper)
IdmAuthorizationPolicyDto(eu.bcvsolutions.idm.core.api.dto.IdmAuthorizationPolicyDto)
Example 8 with ValueWrapper
use of eu.bcvsolutions.idm.core.api.config.cache.domain.ValueWrapper in project CzechIdMng by bcvsolutions.
the class DefaultTokenManager method getToken.
@Override
public IdmTokenDto getToken(UUID tokenId, BasePermission... permission) {
ValueWrapper value = cacheManager.getValue(TOKEN_CACHE_NAME, tokenId);
if (value != null) {
return (IdmTokenDto) value.get();
}
//
IdmTokenDto token = tokenService.get(tokenId, permission);
cacheManager.cacheValue(TOKEN_CACHE_NAME, tokenId, token);
//
return token;
}
Also used :
IdmTokenDto(eu.bcvsolutions.idm.core.api.dto.IdmTokenDto)
ValueWrapper(eu.bcvsolutions.idm.core.api.config.cache.domain.ValueWrapper)
Example 9 with ValueWrapper
use of eu.bcvsolutions.idm.core.api.config.cache.domain.ValueWrapper in project CzechIdMng by bcvsolutions.
the class DefaultAuthorizationManagerIntegrationTest method testCacheAfterContractIsChanged.
@Test
@Transactional
@SuppressWarnings({ "rawtypes", "unchecked" })
public void testCacheAfterContractIsChanged() {
// create and login identity
IdmIdentityDto identity = getHelper().createIdentity();
UUID mockIdentity = UUID.randomUUID();
// prepare role
IdmRoleDto role = getHelper().createRole();
getHelper().createBasePolicy(role.getId(), IdmBasePermission.AUTOCOMPLETE, IdmBasePermission.READ);
getHelper().createIdentityRole(identity, role);
//
Assert.assertNull(cacheManager.getValue(AuthorizationManager.AUTHORIZATION_POLICY_CACHE_NAME, identity.getId()));
Assert.assertNull(cacheManager.getValue(AuthorizationManager.PERMISSION_CACHE_NAME, identity.getId()));
Assert.assertNull(cacheManager.getValue(AuthorizationManager.AUTHORIZATION_POLICY_CACHE_NAME, mockIdentity));
Assert.assertNull(cacheManager.getValue(AuthorizationManager.PERMISSION_CACHE_NAME, mockIdentity));
//
cacheManager.cacheValue(AuthorizationManager.AUTHORIZATION_POLICY_CACHE_NAME, mockIdentity, new HashMap<>());
cacheManager.cacheValue(AuthorizationManager.PERMISSION_CACHE_NAME, mockIdentity, new HashMap<>());
Assert.assertNotNull(cacheManager.getValue(AuthorizationManager.AUTHORIZATION_POLICY_CACHE_NAME, mockIdentity));
Assert.assertNotNull(cacheManager.getValue(AuthorizationManager.PERMISSION_CACHE_NAME, mockIdentity));
//
// without login
Set<String> permissions = manager.getPermissions(role);
Assert.assertTrue(permissions.isEmpty());
//
try {
getHelper().login(identity);
//
// new entity is not supported with cache, but permissions are evaluated
permissions = manager.getPermissions(new IdmRoleDto());
Assert.assertEquals(2, permissions.size());
Assert.assertTrue(permissions.stream().anyMatch(p -> p.equals(IdmBasePermission.AUTOCOMPLETE.getName())));
Assert.assertTrue(permissions.stream().anyMatch(p -> p.equals(IdmBasePermission.READ.getName())));
Assert.assertNull(cacheManager.getValue(AuthorizationManager.PERMISSION_CACHE_NAME, identity.getId()));
//
// load from db
permissions = manager.getPermissions(role);
Assert.assertEquals(2, permissions.size());
Assert.assertTrue(permissions.stream().anyMatch(p -> p.equals(IdmBasePermission.AUTOCOMPLETE.getName())));
Assert.assertTrue(permissions.stream().anyMatch(p -> p.equals(IdmBasePermission.READ.getName())));
Assert.assertNotNull(cacheManager.getValue(AuthorizationManager.AUTHORIZATION_POLICY_CACHE_NAME, identity.getId()));
Assert.assertNotNull(cacheManager.getValue(AuthorizationManager.PERMISSION_CACHE_NAME, identity.getId()));
// load from cache
permissions = manager.getPermissions(role);
Assert.assertEquals(2, permissions.size());
Assert.assertTrue(permissions.stream().anyMatch(p -> p.equals(IdmBasePermission.AUTOCOMPLETE.getName())));
Assert.assertTrue(permissions.stream().anyMatch(p -> p.equals(IdmBasePermission.READ.getName())));
Assert.assertNotNull(cacheManager.getValue(AuthorizationManager.AUTHORIZATION_POLICY_CACHE_NAME, identity.getId()));
Assert.assertNotNull(cacheManager.getValue(AuthorizationManager.PERMISSION_CACHE_NAME, identity.getId()));
// check cache content - one
ValueWrapper cacheValue = cacheManager.getValue(AuthorizationManager.AUTHORIZATION_POLICY_CACHE_NAME, identity.getId());
List<UUID> cachedPolicies = (List) ((Map) cacheValue.get()).get(role.getClass());
Assert.assertEquals(1, cachedPolicies.size());
Assert.assertEquals(BasePermissionEvaluator.class.getCanonicalName(), ((IdmAuthorizationPolicyDto) cacheManager.getValue(AuthorizationManager.AUTHORIZATION_POLICY_DEFINITION_CACHE_NAME, cachedPolicies.get(0)).get()).getEvaluatorType());
cacheValue = cacheManager.getValue(AuthorizationManager.PERMISSION_CACHE_NAME, identity.getId());
permissions = (Set) ((Map) cacheValue.get()).get(role.getId());
Assert.assertEquals(2, permissions.size());
Assert.assertTrue(permissions.stream().anyMatch(p -> p.equals(IdmBasePermission.AUTOCOMPLETE.getName())));
Assert.assertTrue(permissions.stream().anyMatch(p -> p.equals(IdmBasePermission.READ.getName())));
//
// change contract => evict cache of logged identity
getHelper().createContract(identity);
//
// check cache is evicted only for logged identity
Assert.assertNotNull(cacheManager.getValue(AuthorizationManager.AUTHORIZATION_POLICY_CACHE_NAME, identity.getId()));
Assert.assertNull(cacheManager.getValue(AuthorizationManager.PERMISSION_CACHE_NAME, identity.getId()));
Assert.assertNotNull(cacheManager.getValue(AuthorizationManager.AUTHORIZATION_POLICY_CACHE_NAME, mockIdentity));
Assert.assertNotNull(cacheManager.getValue(AuthorizationManager.PERMISSION_CACHE_NAME, mockIdentity));
} finally {
logout();
}
}
Also used :
IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto)
Autowired(org.springframework.beans.factory.annotation.Autowired)
HashMap(java.util.HashMap)
ValueWrapper(eu.bcvsolutions.idm.core.api.config.cache.domain.ValueWrapper)
CoreGroupPermission(eu.bcvsolutions.idm.core.model.domain.CoreGroupPermission)
IdmBasePermission(eu.bcvsolutions.idm.core.security.api.domain.IdmBasePermission)
Map(java.util.Map)
UuidEvaluator(eu.bcvsolutions.idm.core.security.evaluator.UuidEvaluator)
IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)
IdmRoleFilter(eu.bcvsolutions.idm.core.api.dto.filter.IdmRoleFilter)
BasePermissionEvaluator(eu.bcvsolutions.idm.core.security.evaluator.BasePermissionEvaluator)
Before(org.junit.Before)
AuthorizationManager(eu.bcvsolutions.idm.core.security.api.service.AuthorizationManager)
IdmIdentityRoleService(eu.bcvsolutions.idm.core.api.service.IdmIdentityRoleService)
IdmIdentity(eu.bcvsolutions.idm.core.model.entity.IdmIdentity)
IdmIdentityContractService(eu.bcvsolutions.idm.core.api.service.IdmIdentityContractService)
Assert.assertNotNull(org.junit.Assert.assertNotNull)
ContractState(eu.bcvsolutions.idm.core.api.domain.ContractState)
IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)
IdmCacheManager(eu.bcvsolutions.idm.core.api.service.IdmCacheManager)
IdmRoleService(eu.bcvsolutions.idm.core.api.service.IdmRoleService)
Assert.assertTrue(org.junit.Assert.assertTrue)
Set(java.util.Set)
Test(org.junit.Test)
UUID(java.util.UUID)
RoleConfiguration(eu.bcvsolutions.idm.core.api.config.domain.RoleConfiguration)
ApplicationContext(org.springframework.context.ApplicationContext)
ConfigurationMap(eu.bcvsolutions.idm.core.api.domain.ConfigurationMap)
List(java.util.List)
AuthorizationEvaluatorDto(eu.bcvsolutions.idm.core.security.api.dto.AuthorizationEvaluatorDto)
IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)
Assert.assertFalse(org.junit.Assert.assertFalse)
IdmAuthorizationPolicyDto(eu.bcvsolutions.idm.core.api.dto.IdmAuthorizationPolicyDto)
LocalDate(java.time.LocalDate)
AbstractEvaluatorIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractEvaluatorIntegrationTest)
IdmAuthorizationPolicyService(eu.bcvsolutions.idm.core.api.service.IdmAuthorizationPolicyService)
IdmIdentityService(eu.bcvsolutions.idm.core.api.service.IdmIdentityService)
GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString)
Assert(org.junit.Assert)
Assert.assertEquals(org.junit.Assert.assertEquals)
AuthorizableType(eu.bcvsolutions.idm.core.security.api.dto.AuthorizableType)
Transactional(org.springframework.transaction.annotation.Transactional)
IdmRole(eu.bcvsolutions.idm.core.model.entity.IdmRole)
IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)
ValueWrapper(eu.bcvsolutions.idm.core.api.config.cache.domain.ValueWrapper)
BasePermissionEvaluator(eu.bcvsolutions.idm.core.security.evaluator.BasePermissionEvaluator)
List(java.util.List)
GuardedString(eu.bcvsolutions.idm.core.security.api.domain.GuardedString)
IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)
UUID(java.util.UUID)
HashMap(java.util.HashMap)
Map(java.util.Map)
ConfigurationMap(eu.bcvsolutions.idm.core.api.domain.ConfigurationMap)
Test(org.junit.Test)
AbstractEvaluatorIntegrationTest(eu.bcvsolutions.idm.test.api.AbstractEvaluatorIntegrationTest)
Transactional(org.springframework.transaction.annotation.Transactional)
Example 10 with ValueWrapper
use of eu.bcvsolutions.idm.core.api.config.cache.domain.ValueWrapper in project CzechIdMng by bcvsolutions.
the class DefaultEntityEventManager method deregisterAsynchronousTask.
@Override
public boolean deregisterAsynchronousTask(LongRunningTaskExecutor<?> executor) {
if (!isAsynchronous()) {
return true;
}
//
if (notifiedLrts.containsKey(executor.getLongRunningTaskId())) {
notifiedLrts.remove(executor.getLongRunningTaskId());
return false;
}
//
//
UUID transactionId = TransactionContextHolder.getContext().getTransactionId();
ValueWrapper value = cacheManager.getValue(TRANSACTION_EVENT_CACHE_NAME, transactionId);
if (value == null) {
LOG.debug("Transaction id [{}] was processed already (synchronously or complete).", transactionId);
lrts.remove(transactionId);
return true;
}
//
return false;
}
Also used :
ValueWrapper(eu.bcvsolutions.idm.core.api.config.cache.domain.ValueWrapper)
UUID(java.util.UUID)
Aggregations
ValueWrapper (eu.bcvsolutions.idm.core.api.config.cache.domain.ValueWrapper)19
UUID (java.util.UUID)7
Set (java.util.Set)5
IdmAuthorizationPolicyDto (eu.bcvsolutions.idm.core.api.dto.IdmAuthorizationPolicyDto)4
HashMap (java.util.HashMap)4
List (java.util.List)4
Map (java.util.Map)4
IdmAuthorizationPolicyService (eu.bcvsolutions.idm.core.api.service.IdmAuthorizationPolicyService)3
IdmCacheManager (eu.bcvsolutions.idm.core.api.service.IdmCacheManager)3
GuardedString (eu.bcvsolutions.idm.core.security.api.domain.GuardedString)3
AuthorizableType (eu.bcvsolutions.idm.core.security.api.dto.AuthorizableType)3
AuthorizationEvaluatorDto (eu.bcvsolutions.idm.core.security.api.dto.AuthorizationEvaluatorDto)3
AuthorizationManager (eu.bcvsolutions.idm.core.security.api.service.AuthorizationManager)3
Autowired (org.springframework.beans.factory.annotation.Autowired)3
RoleConfiguration (eu.bcvsolutions.idm.core.api.config.domain.RoleConfiguration)2
ConfigurationMap (eu.bcvsolutions.idm.core.api.domain.ConfigurationMap)2
ContractState (eu.bcvsolutions.idm.core.api.domain.ContractState)2
IdmIdentityContractDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)2
IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)2
IdmIdentityRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto)2
