Search in sources :

Example 1 with DefaultGrantedAuthority

use of eu.bcvsolutions.idm.core.security.api.domain.DefaultGrantedAuthority in project CzechIdMng by bcvsolutions.

the class DefaultIdmAuthorizationPolicyService method getGrantedAuthorities.

@Override
@Transactional(readOnly = true)
public Set<GrantedAuthority> getGrantedAuthorities(UUID identityId, List<IdmAuthorizationPolicyDto> policies) {
    final Set<GrantedAuthority> authorities = new HashSet<>();
    // find all active policies and return their authority by authorizable type
    for (IdmAuthorizationPolicyDto policy : policies) {
        // evaluate policy permissions - authorities are eveluated on null entity
        String groupPermission = policy.getGroupPermission();
        Set<String> baseAuthorities = getAuthorizationManager().getAuthorities(identityId, policy);
        // 
        if (IdmGroupPermission.APP.getName().equals(groupPermission) || (StringUtils.isEmpty(groupPermission) && baseAuthorities.contains(IdmBasePermission.ADMIN.getName()))) {
            // admin
            return Sets.newHashSet(new DefaultGrantedAuthority(IdmGroupPermission.APP.getName(), IdmBasePermission.ADMIN.getName()));
        }
        if (StringUtils.isEmpty(groupPermission)) {
            if (baseAuthorities.contains(IdmBasePermission.ADMIN.getName())) {
                // all groups => synonym to APP_ADMIN
                authorities.add(new DefaultGrantedAuthority(IdmGroupPermission.APP.getName(), IdmBasePermission.ADMIN.getName()));
            } else {
                // some base permission only
                moduleService.getAvailablePermissions().forEach(availableGroupPermission -> {
                    if (IdmGroupPermission.APP != availableGroupPermission) {
                        // app is wildcard only - skipping
                        for (String permission : baseAuthorities) {
                            authorities.add(new DefaultGrantedAuthority(availableGroupPermission.getName(), permission));
                        }
                        ;
                    }
                });
            }
        } else if (baseAuthorities.contains(IdmBasePermission.ADMIN.getName())) {
            authorities.add(new DefaultGrantedAuthority(groupPermission, IdmBasePermission.ADMIN.getName()));
        } else {
            for (String permission : baseAuthorities) {
                authorities.add(new DefaultGrantedAuthority(groupPermission, permission));
            }
            ;
        }
    }
    // 
    return authorities;
}
Also used : DefaultGrantedAuthority(eu.bcvsolutions.idm.core.security.api.domain.DefaultGrantedAuthority) GrantedAuthority(org.springframework.security.core.GrantedAuthority) IdmAuthorizationPolicyDto(eu.bcvsolutions.idm.core.api.dto.IdmAuthorizationPolicyDto) DefaultGrantedAuthority(eu.bcvsolutions.idm.core.security.api.domain.DefaultGrantedAuthority) HashSet(java.util.HashSet) Transactional(org.springframework.transaction.annotation.Transactional)

Example 2 with DefaultGrantedAuthority

use of eu.bcvsolutions.idm.core.security.api.domain.DefaultGrantedAuthority in project CzechIdMng by bcvsolutions.

the class JwtAuthenticationMapper method fromDto.

/**
 * Converts dto to authentication.
 *
 * @param dto
 * @return
 */
public IdmJwtAuthentication fromDto(IdmJwtAuthenticationDto dto) {
    Assert.notNull(dto);
    // 
    Collection<DefaultGrantedAuthorityDto> authorities = dto.getAuthorities();
    List<GrantedAuthority> grantedAuthorities = new ArrayList<>();
    if (authorities != null) {
        for (DefaultGrantedAuthorityDto a : authorities) {
            grantedAuthorities.add(new DefaultGrantedAuthority(a.getAuthority()));
        }
    }
    IdmJwtAuthentication authentication = new IdmJwtAuthentication(new IdmIdentityDto(dto.getCurrentIdentityId(), dto.getCurrentUsername()), new IdmIdentityDto(dto.getOriginalIdentityId(), dto.getOriginalUsername()), dto.getExpiration(), dto.getIssuedAt(), grantedAuthorities, dto.getFromModule());
    return authentication;
}
Also used : DefaultGrantedAuthorityDto(eu.bcvsolutions.idm.core.security.api.dto.DefaultGrantedAuthorityDto) DefaultGrantedAuthority(eu.bcvsolutions.idm.core.security.api.domain.DefaultGrantedAuthority) GrantedAuthority(org.springframework.security.core.GrantedAuthority) ArrayList(java.util.ArrayList) IdmJwtAuthentication(eu.bcvsolutions.idm.core.security.api.domain.IdmJwtAuthentication) DefaultGrantedAuthority(eu.bcvsolutions.idm.core.security.api.domain.DefaultGrantedAuthority) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)

Example 3 with DefaultGrantedAuthority

use of eu.bcvsolutions.idm.core.security.api.domain.DefaultGrantedAuthority in project CzechIdMng by bcvsolutions.

the class DefaultGrantedAuthoritiesFactoryTest method testGroupAdmin.

/**
 * Group admin has all group authorities
 */
@Test
public void testGroupAdmin() {
    IdmRoleDto role = new IdmRoleDto();
    role.setName("role");
    role.setId(UUID.randomUUID());
    IdmIdentityDto identity = new IdmIdentityDto();
    identity.setId(UUID.randomUUID());
    identity.setUsername("identityAdmin");
    IdmIdentityContractDto contract = new IdmIdentityContractDto();
    contract.setId(UUID.randomUUID());
    contract.setIdentity(identity.getId());
    IdmIdentityRoleDto identityRole = new IdmIdentityRoleDto();
    identityRole.setIdentityContractDto(contract);
    identityRole.setRole(role.getId());
    List<IdmIdentityRoleDto> roles = Lists.newArrayList(identityRole);
    when(moduleService.getAvailablePermissions()).thenReturn(groupPermissions);
    when(identityService.getByUsername(identity.getUsername())).thenReturn(identity);
    when(roleService.get(role.getId())).thenReturn(role);
    when(identityRoleService.findValidRole(identity.getId(), null)).thenReturn(new PageImpl<>(new ArrayList<>(roles)));
    when(roleService.getSubroles(any(UUID.class))).thenReturn(Lists.newArrayList());
    when(authorizationPolicyService.getDefaultAuthorities(any())).thenReturn(Sets.newHashSet(new DefaultGrantedAuthority(CoreGroupPermission.IDENTITY, IdmBasePermission.ADMIN), new DefaultGrantedAuthority(CoreGroupPermission.IDENTITY, IdmBasePermission.READ), new DefaultGrantedAuthority(CoreGroupPermission.IDENTITY, IdmBasePermission.DELETE)));
    // returns trimmed authorities
    List<GrantedAuthority> grantedAuthorities = defaultGrantedAuthoritiesFactory.getGrantedAuthorities(identity.getUsername());
    // 
    assertEquals(1, grantedAuthorities.size());
    assertEquals(new DefaultGrantedAuthority(CoreGroupPermission.IDENTITY, IdmBasePermission.ADMIN), grantedAuthorities.iterator().next());
}
Also used : IdmRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmRoleDto) DefaultGrantedAuthority(eu.bcvsolutions.idm.core.security.api.domain.DefaultGrantedAuthority) GrantedAuthority(org.springframework.security.core.GrantedAuthority) ArrayList(java.util.ArrayList) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmIdentityRoleDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto) UUID(java.util.UUID) DefaultGrantedAuthority(eu.bcvsolutions.idm.core.security.api.domain.DefaultGrantedAuthority) IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto) Test(org.junit.Test) AbstractUnitTest(eu.bcvsolutions.idm.test.api.AbstractUnitTest)

Example 4 with DefaultGrantedAuthority

use of eu.bcvsolutions.idm.core.security.api.domain.DefaultGrantedAuthority in project CzechIdMng by bcvsolutions.

the class IdmAuthorityHieararchyUnitTest method testSimpleRole.

@Test
public void testSimpleRole() {
    Mockito.when(moduleService.getAvailablePermissions()).thenReturn(Arrays.asList(CoreGroupPermission.values()));
    // 
    Collection<?> authorities = hierarchy.getReachableGrantedAuthorities(Lists.newArrayList(new DefaultGrantedAuthority(CoreGroupPermission.AUDIT_READ)));
    Assert.assertEquals(1, authorities.size());
    Assert.assertEquals(new DefaultGrantedAuthority(CoreGroupPermission.AUDIT_READ), authorities.iterator().next());
}
Also used : DefaultGrantedAuthority(eu.bcvsolutions.idm.core.security.api.domain.DefaultGrantedAuthority) Test(org.junit.Test) AbstractUnitTest(eu.bcvsolutions.idm.test.api.AbstractUnitTest)

Example 5 with DefaultGrantedAuthority

use of eu.bcvsolutions.idm.core.security.api.domain.DefaultGrantedAuthority in project CzechIdMng by bcvsolutions.

the class DefaultGrantedAuthoritiesFactory method trimAdminAuthorities.

/**
 * trims redundant authorities
 *
 * @param authorities
 * @return
 */
private Set<GrantedAuthority> trimAdminAuthorities(Set<GrantedAuthority> authorities) {
    if (authorities.contains(new DefaultGrantedAuthority(IdmGroupPermission.APP_ADMIN))) {
        return Sets.newHashSet(new DefaultGrantedAuthority(IdmGroupPermission.APP_ADMIN));
    }
    Set<GrantedAuthority> trimmedAuthorities = new HashSet<>();
    authorities.forEach(grantedAuthority -> {
        String authority = grantedAuthority.getAuthority();
        if (authority.endsWith(IdmAuthorityHierarchy.ADMIN_SUFFIX)) {
            trimmedAuthorities.add(grantedAuthority);
        } else {
            String groupName = IdmAuthorityHierarchy.getGroupName(authority);
            if (!authorities.contains(new DefaultGrantedAuthority(groupName, IdmBasePermission.ADMIN.getName()))) {
                trimmedAuthorities.add(grantedAuthority);
            }
        }
    });
    return trimmedAuthorities;
}
Also used : DefaultGrantedAuthority(eu.bcvsolutions.idm.core.security.api.domain.DefaultGrantedAuthority) GrantedAuthority(org.springframework.security.core.GrantedAuthority) DefaultGrantedAuthority(eu.bcvsolutions.idm.core.security.api.domain.DefaultGrantedAuthority) HashSet(java.util.HashSet)

Aggregations

DefaultGrantedAuthority (eu.bcvsolutions.idm.core.security.api.domain.DefaultGrantedAuthority)10 GrantedAuthority (org.springframework.security.core.GrantedAuthority)7 ArrayList (java.util.ArrayList)5 AbstractUnitTest (eu.bcvsolutions.idm.test.api.AbstractUnitTest)4 Test (org.junit.Test)4 IdmIdentityDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto)3 HashSet (java.util.HashSet)3 IdmIdentityContractDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto)2 IdmIdentityRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmIdentityRoleDto)2 DefaultGrantedAuthorityDto (eu.bcvsolutions.idm.core.security.api.dto.DefaultGrantedAuthorityDto)2 UUID (java.util.UUID)2 IdmAuthorizationPolicyDto (eu.bcvsolutions.idm.core.api.dto.IdmAuthorizationPolicyDto)1 IdmRoleDto (eu.bcvsolutions.idm.core.api.dto.IdmRoleDto)1 IdmRole (eu.bcvsolutions.idm.core.model.entity.IdmRole)1 GroupPermission (eu.bcvsolutions.idm.core.security.api.domain.GroupPermission)1 IdmGroupPermission (eu.bcvsolutions.idm.core.security.api.domain.IdmGroupPermission)1 IdmJwtAuthentication (eu.bcvsolutions.idm.core.security.api.domain.IdmJwtAuthentication)1 Collection (java.util.Collection)1 Transactional (org.springframework.transaction.annotation.Transactional)1