Examples with SecurityState io.jmix.core.entity.SecurityState used on opensource projects

Search in sources :

Example 1 with SecurityState

use of io.jmix.core.entity.SecurityState in project jmix by jmix-framework.

the class EntityImportExportImpl method assertToken.

protected void assertToken(Object entity, FetchPlan fetchPlan) {
    if (coreProperties.isEntitySerializationTokenRequired()) {
        SecurityState securityState = EntitySystemAccess.getSecurityState(entity);
        if (securityState.getRestoreState() == SecurityState.RestoreState.RESTORED_FROM_NULL_TOKEN) {
            MetaClass metaClass = metadata.getClass(entity.getClass());
            for (MetaProperty metaProperty : metaClass.getProperties()) {
                if (metaProperty.getRange().isClass() && metadataTools.isJpa(metaProperty) && fetchPlan.containsProperty(metaProperty.getName())) {
                    InMemoryCrudEntityContext inMemoryContext = new InMemoryCrudEntityContext(metaProperty.getRange().asClass(), applicationContext);
                    accessManager.applyRegisteredConstraints(inMemoryContext);
                    if (inMemoryContext.readPredicate() != null) {
                        throw new EntityTokenException(format("Could not read export/import token from entity %s.", entity));
                    }
                }
            }
        }
    }
}
Also used : InMemoryCrudEntityContext(io.jmix.core.accesscontext.InMemoryCrudEntityContext) EntityTokenException(io.jmix.core.impl.serialization.EntityTokenException) MetaClass(io.jmix.core.metamodel.model.MetaClass) EntitySystemAccess.getSecurityState(io.jmix.core.entity.EntitySystemAccess.getSecurityState) SecurityState(io.jmix.core.entity.SecurityState) MetaProperty(io.jmix.core.metamodel.model.MetaProperty)

Example 2 with SecurityState

use of io.jmix.core.entity.SecurityState in project jmix by jmix-framework.

the class EntityAttributesEraserImpl method restoreAttributes.

public void restoreAttributes(Object entity) {
    SecurityState securityState = EntitySystemAccess.getSecurityState(entity);
    MetaClass metaClass = metadata.getClass(entity.getClass());
    for (String attrName : securityState.getErasedAttributes()) {
        Collection<Object> ids = securityState.getErasedIds(attrName);
        if (!ids.isEmpty()) {
            MetaProperty metaProperty = metaClass.getProperty(attrName);
            if (Collection.class.isAssignableFrom(metaProperty.getJavaType())) {
                restoreCollectionAttribute(entity, metaProperty, ids);
            } else if (Entity.class.isAssignableFrom(metaProperty.getJavaType())) {
                restoreSingleAttribute(entity, metaProperty, ids);
            }
        }
    }
}
Also used : MetaClass(io.jmix.core.metamodel.model.MetaClass) SecurityState(io.jmix.core.entity.SecurityState) MetaProperty(io.jmix.core.metamodel.model.MetaProperty)

Example 3 with SecurityState

use of io.jmix.core.entity.SecurityState in project jmix by jmix-framework.

the class EntitySerializationTokenManager method restoreSecurityToken.

/**
 * Decrypt security token and read filtered data
 */
public void restoreSecurityToken(Object entity, @Nullable String securityToken) {
    MetaClass metaClass = metadata.getClass(entity.getClass());
    SecurityState securityState = EntitySystemAccess.getSecurityState(entity);
    if (securityToken != null) {
        try {
            byte[] decrypted = createCipher(Cipher.DECRYPT_MODE).doFinal(Base64.getDecoder().decode(securityToken));
            JsonObject tokenObject = JsonParser.parseString(new String(decrypted, StandardCharsets.UTF_8)).getAsJsonObject();
            validateToken(tokenObject, entity, metaClass);
            for (String key : tokenObject.keySet()) {
                if (!SYSTEM_ATTRIBUTE_KEYS.contains(key)) {
                    String propertyName = String.valueOf(key);
                    MetaProperty metaProperty = metaClass.getProperty(propertyName);
                    for (JsonElement id : tokenObject.getAsJsonArray(propertyName)) {
                        securityState.addErasedId(propertyName, parseId(id, metaProperty.getRange().asClass()));
                    }
                }
            }
            securityState.setRestoreState(SecurityState.RestoreState.RESTORED_FROM_TOKEN);
        } catch (IllegalBlockSizeException | BadPaddingException e) {
            throw new RuntimeException("An error occurred while reading security token", e);
        }
    } else {
        securityState.setRestoreState(SecurityState.RestoreState.RESTORED_FROM_NULL_TOKEN);
    }
}
Also used : MetaClass(io.jmix.core.metamodel.model.MetaClass) JsonElement(com.google.gson.JsonElement) JsonObject(com.google.gson.JsonObject) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) BadPaddingException(javax.crypto.BadPaddingException) SecurityState(io.jmix.core.entity.SecurityState) MetaProperty(io.jmix.core.metamodel.model.MetaProperty)

Example 4 with SecurityState

use of io.jmix.core.entity.SecurityState in project jmix by jmix-framework.

the class EntitySerializationTokenManager method generateSecurityToken.

/**
 * Encrypt security state and write the result to the security token
 */
@Nullable
public String generateSecurityToken(Object entity) {
    EntityPreconditions.checkEntityType(entity);
    MetaClass metaClass = metadata.getClass(entity.getClass());
    SecurityState securityState = EntitySystemAccess.getSecurityState(entity);
    JsonObject tokenObject = new JsonObject();
    tokenObject.addProperty(ENTITY_NAME_KEY, metaClass.getName());
    if (!metadataTools.hasCompositePrimaryKey(metaClass) && !EntitySystemAccess.isEmbeddable(entity)) {
        addSingleId(tokenObject, ENTITY_ID_KEY, EntityValues.getId(entity));
    }
    if (securityState.getErasedData() != null) {
        securityState.getErasedData().asMap().forEach((k, v) -> addCollectionId(tokenObject, k, v));
    }
    try {
        return Base64.getEncoder().encodeToString(createCipher(Cipher.ENCRYPT_MODE).doFinal(tokenObject.toString().getBytes(StandardCharsets.UTF_8)));
    } catch (IllegalBlockSizeException | BadPaddingException e) {
        throw new RuntimeException("An error occurred while generating security token", e);
    }
}
Also used : MetaClass(io.jmix.core.metamodel.model.MetaClass) JsonObject(com.google.gson.JsonObject) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) BadPaddingException(javax.crypto.BadPaddingException) SecurityState(io.jmix.core.entity.SecurityState) Nullable(javax.annotation.Nullable)

Aggregations

SecurityState (io.jmix.core.entity.SecurityState)4 MetaClass (io.jmix.core.metamodel.model.MetaClass)4 MetaProperty (io.jmix.core.metamodel.model.MetaProperty)3 JsonObject (com.google.gson.JsonObject)2 BadPaddingException (javax.crypto.BadPaddingException)2 IllegalBlockSizeException (javax.crypto.IllegalBlockSizeException)2 JsonElement (com.google.gson.JsonElement)1 InMemoryCrudEntityContext (io.jmix.core.accesscontext.InMemoryCrudEntityContext)1 EntitySystemAccess.getSecurityState (io.jmix.core.entity.EntitySystemAccess.getSecurityState)1 EntityTokenException (io.jmix.core.impl.serialization.EntityTokenException)1 Nullable (javax.annotation.Nullable)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial