use of eu.bcvsolutions.idm.core.security.api.domain.DefaultGrantedAuthority in project CzechIdMng by bcvsolutions.
the class DefaultIdmAuthorizationPolicyService method getGrantedAuthorities.
@Override
@Transactional(readOnly = true)
public Set<GrantedAuthority> getGrantedAuthorities(UUID identityId, List<IdmAuthorizationPolicyDto> policies) {
final Set<GrantedAuthority> authorities = new HashSet<>();
// find all active policies and return their authority by authorizable type
for (IdmAuthorizationPolicyDto policy : policies) {
// evaluate policy permissions - authorities are eveluated on null entity
String groupPermission = policy.getGroupPermission();
Set<String> baseAuthorities = getAuthorizationManager().getAuthorities(identityId, policy);
//
if (IdmGroupPermission.APP.getName().equals(groupPermission) || (StringUtils.isEmpty(groupPermission) && baseAuthorities.contains(IdmBasePermission.ADMIN.getName()))) {
// admin
return Sets.newHashSet(new DefaultGrantedAuthority(IdmGroupPermission.APP.getName(), IdmBasePermission.ADMIN.getName()));
}
if (StringUtils.isEmpty(groupPermission)) {
if (baseAuthorities.contains(IdmBasePermission.ADMIN.getName())) {
// all groups => synonym to APP_ADMIN
authorities.add(new DefaultGrantedAuthority(IdmGroupPermission.APP.getName(), IdmBasePermission.ADMIN.getName()));
} else {
// some base permission only
moduleService.getAvailablePermissions().forEach(availableGroupPermission -> {
if (IdmGroupPermission.APP != availableGroupPermission) {
// app is wildcard only - skipping
for (String permission : baseAuthorities) {
authorities.add(new DefaultGrantedAuthority(availableGroupPermission.getName(), permission));
}
;
}
});
}
} else if (baseAuthorities.contains(IdmBasePermission.ADMIN.getName())) {
authorities.add(new DefaultGrantedAuthority(groupPermission, IdmBasePermission.ADMIN.getName()));
} else {
for (String permission : baseAuthorities) {
authorities.add(new DefaultGrantedAuthority(groupPermission, permission));
}
;
}
}
//
return authorities;
}
use of eu.bcvsolutions.idm.core.security.api.domain.DefaultGrantedAuthority in project CzechIdMng by bcvsolutions.
the class JwtAuthenticationMapper method fromDto.
/**
* Converts dto to authentication.
*
* @param dto
* @return
*/
public IdmJwtAuthentication fromDto(IdmJwtAuthenticationDto dto) {
Assert.notNull(dto);
//
Collection<DefaultGrantedAuthorityDto> authorities = dto.getAuthorities();
List<GrantedAuthority> grantedAuthorities = new ArrayList<>();
if (authorities != null) {
for (DefaultGrantedAuthorityDto a : authorities) {
grantedAuthorities.add(new DefaultGrantedAuthority(a.getAuthority()));
}
}
IdmJwtAuthentication authentication = new IdmJwtAuthentication(new IdmIdentityDto(dto.getCurrentIdentityId(), dto.getCurrentUsername()), new IdmIdentityDto(dto.getOriginalIdentityId(), dto.getOriginalUsername()), dto.getExpiration(), dto.getIssuedAt(), grantedAuthorities, dto.getFromModule());
return authentication;
}
use of eu.bcvsolutions.idm.core.security.api.domain.DefaultGrantedAuthority in project CzechIdMng by bcvsolutions.
the class DefaultGrantedAuthoritiesFactoryTest method testGroupAdmin.
/**
* Group admin has all group authorities
*/
@Test
public void testGroupAdmin() {
IdmRoleDto role = new IdmRoleDto();
role.setName("role");
role.setId(UUID.randomUUID());
IdmIdentityDto identity = new IdmIdentityDto();
identity.setId(UUID.randomUUID());
identity.setUsername("identityAdmin");
IdmIdentityContractDto contract = new IdmIdentityContractDto();
contract.setId(UUID.randomUUID());
contract.setIdentity(identity.getId());
IdmIdentityRoleDto identityRole = new IdmIdentityRoleDto();
identityRole.setIdentityContractDto(contract);
identityRole.setRole(role.getId());
List<IdmIdentityRoleDto> roles = Lists.newArrayList(identityRole);
when(moduleService.getAvailablePermissions()).thenReturn(groupPermissions);
when(identityService.getByUsername(identity.getUsername())).thenReturn(identity);
when(roleService.get(role.getId())).thenReturn(role);
when(identityRoleService.findValidRole(identity.getId(), null)).thenReturn(new PageImpl<>(new ArrayList<>(roles)));
when(roleService.getSubroles(any(UUID.class))).thenReturn(Lists.newArrayList());
when(authorizationPolicyService.getDefaultAuthorities(any())).thenReturn(Sets.newHashSet(new DefaultGrantedAuthority(CoreGroupPermission.IDENTITY, IdmBasePermission.ADMIN), new DefaultGrantedAuthority(CoreGroupPermission.IDENTITY, IdmBasePermission.READ), new DefaultGrantedAuthority(CoreGroupPermission.IDENTITY, IdmBasePermission.DELETE)));
// returns trimmed authorities
List<GrantedAuthority> grantedAuthorities = defaultGrantedAuthoritiesFactory.getGrantedAuthorities(identity.getUsername());
//
assertEquals(1, grantedAuthorities.size());
assertEquals(new DefaultGrantedAuthority(CoreGroupPermission.IDENTITY, IdmBasePermission.ADMIN), grantedAuthorities.iterator().next());
}
use of eu.bcvsolutions.idm.core.security.api.domain.DefaultGrantedAuthority in project CzechIdMng by bcvsolutions.
the class IdmAuthorityHieararchyUnitTest method testSimpleRole.
@Test
public void testSimpleRole() {
Mockito.when(moduleService.getAvailablePermissions()).thenReturn(Arrays.asList(CoreGroupPermission.values()));
//
Collection<?> authorities = hierarchy.getReachableGrantedAuthorities(Lists.newArrayList(new DefaultGrantedAuthority(CoreGroupPermission.AUDIT_READ)));
Assert.assertEquals(1, authorities.size());
Assert.assertEquals(new DefaultGrantedAuthority(CoreGroupPermission.AUDIT_READ), authorities.iterator().next());
}
use of eu.bcvsolutions.idm.core.security.api.domain.DefaultGrantedAuthority in project CzechIdMng by bcvsolutions.
the class DefaultGrantedAuthoritiesFactory method trimAdminAuthorities.
/**
* trims redundant authorities
*
* @param authorities
* @return
*/
private Set<GrantedAuthority> trimAdminAuthorities(Set<GrantedAuthority> authorities) {
if (authorities.contains(new DefaultGrantedAuthority(IdmGroupPermission.APP_ADMIN))) {
return Sets.newHashSet(new DefaultGrantedAuthority(IdmGroupPermission.APP_ADMIN));
}
Set<GrantedAuthority> trimmedAuthorities = new HashSet<>();
authorities.forEach(grantedAuthority -> {
String authority = grantedAuthority.getAuthority();
if (authority.endsWith(IdmAuthorityHierarchy.ADMIN_SUFFIX)) {
trimmedAuthorities.add(grantedAuthority);
} else {
String groupName = IdmAuthorityHierarchy.getGroupName(authority);
if (!authorities.contains(new DefaultGrantedAuthority(groupName, IdmBasePermission.ADMIN.getName()))) {
trimmedAuthorities.add(grantedAuthority);
}
}
});
return trimmedAuthorities;
}
Aggregations