Examples with Authorization io.vertigo.account.authorization.metamodel.Authorization used on opensource projects

Search in sources :

Example 6 with Authorization

use of io.vertigo.account.authorization.metamodel.Authorization in project vertigo by KleeGroup.

the class SecuredEntityDeserializer method deserialize.

/**
 * {@inheritDoc}
 */
@Override
public SecuredEntity deserialize(final JsonElement json, final Type typeOfT, final JsonDeserializationContext context) {
    final JsonObject jsonSecuredEntity = json.getAsJsonObject();
    final DtDefinition entityDefinition = findDtDefinition(jsonSecuredEntity.get("entity").getAsString());
    final List<DtField> securityFields = new ArrayList<>();
    for (final JsonElement securityField : jsonSecuredEntity.get("securityFields").getAsJsonArray()) {
        securityFields.add(deserializeDtField(entityDefinition, securityField.getAsString()));
    }
    final List<SecurityDimension> advancedDimensions = new ArrayList<>();
    for (final JsonElement advancedDimension : jsonSecuredEntity.get("securityDimensions").getAsJsonArray()) {
        // TODO if null ?
        advancedDimensions.add(deserializeSecurityDimensions(entityDefinition, advancedDimension.getAsJsonObject(), context));
    }
    // on garde la map des operations pour resoudre les grants
    final Map<String, Authorization> permissionPerOperations = new HashMap<>();
    for (final JsonElement operation : jsonSecuredEntity.get("operations").getAsJsonArray()) {
        // TODO if null ?
        final Authorization permission = deserializeOperations(entityDefinition, operation.getAsJsonObject(), context, permissionPerOperations);
        Assertion.checkArgument(!permissionPerOperations.containsKey(permission.getOperation().get()), "Operation {0} already declared on {1}", permission.getOperation().get(), entityDefinition.getName());
        permissionPerOperations.put(permission.getOperation().get(), permission);
    }
    return new SecuredEntity(entityDefinition, securityFields, advancedDimensions, new ArrayList<>(permissionPerOperations.values()));
}
Also used : HashMap(java.util.HashMap) SecuredEntity(io.vertigo.account.authorization.metamodel.SecuredEntity) DtDefinition(io.vertigo.dynamo.domain.metamodel.DtDefinition) ArrayList(java.util.ArrayList) JsonObject(com.google.gson.JsonObject) DtField(io.vertigo.dynamo.domain.metamodel.DtField) Authorization(io.vertigo.account.authorization.metamodel.Authorization) JsonElement(com.google.gson.JsonElement) SecurityDimension(io.vertigo.account.authorization.metamodel.SecurityDimension)

Example 7 with Authorization

use of io.vertigo.account.authorization.metamodel.Authorization in project vertigo by KleeGroup.

the class AuthorizationManagerImpl method getSearchSecurity.

/**
 * {@inheritDoc}
 */
@Override
public <K extends KeyConcept> String getSearchSecurity(final Class<K> keyConceptClass, final OperationName<K> operationName) {
    Assertion.checkNotNull(keyConceptClass);
    Assertion.checkNotNull(operationName);
    // ---
    final Optional<UserAuthorizations> userPermissionsOpt = getUserPermissionsOpt();
    if (!userPermissionsOpt.isPresent()) {
        // Attention : pas de *:*
        return "";
    }
    final UserAuthorizations userPermissions = userPermissionsOpt.get();
    final SearchSecurityRuleTranslator securityRuleTranslator = new SearchSecurityRuleTranslator();
    securityRuleTranslator.withCriteria(userPermissions.getSecurityKeys());
    final DtDefinition dtDefinition = DtObjectUtil.findDtDefinition(keyConceptClass);
    final List<Authorization> permissions = userPermissions.getEntityAuthorizations(dtDefinition).stream().filter(permission -> permission.getOperation().get().equals(operationName.name())).collect(Collectors.toList());
    for (final Authorization permission : permissions) {
        for (final RuleMultiExpression ruleExpression : permission.getRules()) {
            securityRuleTranslator.withRule(ruleExpression);
        }
    }
    return securityRuleTranslator.toSearchQuery();
}
Also used : Authorization(io.vertigo.account.authorization.metamodel.Authorization) RuleMultiExpression(io.vertigo.account.authorization.metamodel.rulemodel.RuleMultiExpression) CriteriaSecurityRuleTranslator(io.vertigo.account.impl.authorization.dsl.translator.CriteriaSecurityRuleTranslator) VSecurityManager(io.vertigo.persona.security.VSecurityManager) UserAuthorizations(io.vertigo.account.authorization.UserAuthorizations) AuthorizationName(io.vertigo.account.authorization.metamodel.AuthorizationName) DtDefinition(io.vertigo.dynamo.domain.metamodel.DtDefinition) DtObjectUtil(io.vertigo.dynamo.domain.util.DtObjectUtil) Criteria(io.vertigo.dynamo.criteria.Criteria) AuthorizationManager(io.vertigo.account.authorization.AuthorizationManager) Collectors(java.util.stream.Collectors) Inject(javax.inject.Inject) Home(io.vertigo.app.Home) List(java.util.List) DefinitionUtil(io.vertigo.core.definition.DefinitionUtil) Criterions(io.vertigo.dynamo.criteria.Criterions) Assertion(io.vertigo.lang.Assertion) KeyConcept(io.vertigo.dynamo.domain.model.KeyConcept) Optional(java.util.Optional) Authorization(io.vertigo.account.authorization.metamodel.Authorization) OperationName(io.vertigo.account.authorization.metamodel.OperationName) Collections(java.util.Collections) SearchSecurityRuleTranslator(io.vertigo.account.impl.authorization.dsl.translator.SearchSecurityRuleTranslator) UserSession(io.vertigo.persona.security.UserSession) SecuredEntity(io.vertigo.account.authorization.metamodel.SecuredEntity) SearchSecurityRuleTranslator(io.vertigo.account.impl.authorization.dsl.translator.SearchSecurityRuleTranslator) RuleMultiExpression(io.vertigo.account.authorization.metamodel.rulemodel.RuleMultiExpression) DtDefinition(io.vertigo.dynamo.domain.metamodel.DtDefinition) UserAuthorizations(io.vertigo.account.authorization.UserAuthorizations)

Example 8 with Authorization

use of io.vertigo.account.authorization.metamodel.Authorization in project vertigo by KleeGroup.

the class VSecurityManagerTest method testAuthorizedOnEntityOverride.

@Test
public void testAuthorizedOnEntityOverride() {
    final Record record = createRecord();
    final Record recordTooExpensive = createRecord();
    recordTooExpensive.setAmount(10000d);
    final Record recordOtherUser = createRecord();
    recordOtherUser.setUtiIdOwner(2000L);
    final Record recordOtherUserAndTooExpensive = createRecord();
    recordOtherUserAndTooExpensive.setUtiIdOwner(2000L);
    recordOtherUserAndTooExpensive.setAmount(10000d);
    final Authorization recordRead = getAuthorization(RecordAuthorizations.ATZ_RECORD$READ_HP);
    final UserSession userSession = securityManager.<TestUserSession>createUserSession();
    try {
        securityManager.startCurrentUserSession(userSession);
        authorizationManager.obtainUserAuthorizations().withSecurityKeys("utiId", DEFAULT_UTI_ID).withSecurityKeys("typId", DEFAULT_TYPE_ID).withSecurityKeys("montantMax", DEFAULT_MONTANT_MAX).addAuthorization(recordRead);
        final boolean canReadRecord = authorizationManager.hasAuthorization(RecordAuthorizations.ATZ_RECORD$READ_HP);
        Assert.assertTrue(canReadRecord);
        // read -> MONTANT<=${montantMax} or UTI_ID_OWNER=${utiId}
        Assert.assertTrue(authorizationManager.isAuthorized(record, RecordOperations.READ));
        Assert.assertTrue(authorizationManager.isAuthorized(recordTooExpensive, RecordOperations.READ));
        Assert.assertTrue(authorizationManager.isAuthorized(recordOtherUser, RecordOperations.READ));
        Assert.assertTrue(authorizationManager.isAuthorized(recordOtherUserAndTooExpensive, RecordOperations.READ));
    } finally {
        securityManager.stopCurrentUserSession();
    }
}
Also used : Authorization(io.vertigo.account.authorization.metamodel.Authorization) TestUserSession(io.vertigo.account.data.TestUserSession) UserSession(io.vertigo.persona.security.UserSession) Record(io.vertigo.account.authorization.model.Record) TestUserSession(io.vertigo.account.data.TestUserSession) Test(org.junit.Test)

Example 9 with Authorization

use of io.vertigo.account.authorization.metamodel.Authorization in project vertigo by KleeGroup.

the class VSecurityManagerTest method testAuthorizedOnEntityTreeAxes.

@Test
public void testAuthorizedOnEntityTreeAxes() {
    final Record record = createRecord();
    record.setEtaCd("PUB");
    final Record recordOtherType = createRecord();
    recordOtherType.setEtaCd("PUB");
    recordOtherType.setTypId(11L);
    final Record recordOtherEtat = createRecord();
    recordOtherEtat.setEtaCd("CRE");
    final Record recordOtherUser = createRecord();
    recordOtherUser.setEtaCd("PUB");
    recordOtherUser.setUtiIdOwner(2000L);
    final Record recordOtherUserAndTooExpensive = createRecord();
    recordOtherUserAndTooExpensive.setEtaCd("PUB");
    recordOtherUserAndTooExpensive.setUtiIdOwner(2000L);
    recordOtherUserAndTooExpensive.setAmount(10000d);
    final Record recordOtherCommune = createRecord();
    recordOtherCommune.setEtaCd("PUB");
    recordOtherCommune.setComId(3L);
    final Record recordDepartement = createRecord();
    recordDepartement.setEtaCd("PUB");
    recordDepartement.setComId(null);
    final Record recordOtherDepartement = createRecord();
    recordOtherDepartement.setEtaCd("PUB");
    recordOtherDepartement.setDepId(10L);
    recordOtherDepartement.setComId(null);
    final Record recordRegion = createRecord();
    recordRegion.setEtaCd("PUB");
    recordRegion.setDepId(null);
    recordRegion.setComId(null);
    final Record recordNational = createRecord();
    recordNational.setEtaCd("PUB");
    recordNational.setRegId(null);
    recordNational.setDepId(null);
    recordNational.setComId(null);
    final Authorization recordNotify = getAuthorization(RecordAuthorizations.ATZ_RECORD$NOTIFY);
    final UserSession userSession = securityManager.<TestUserSession>createUserSession();
    try {
        securityManager.startCurrentUserSession(userSession);
        authorizationManager.obtainUserAuthorizations().withSecurityKeys("utiId", DEFAULT_UTI_ID).withSecurityKeys("typId", DEFAULT_TYPE_ID).withSecurityKeys("montantMax", DEFAULT_MONTANT_MAX).withSecurityKeys("geo", // droit sur tout un département
        new Long[] { DEFAULT_REG_ID, DEFAULT_DEP_ID, null }).addAuthorization(recordNotify);
        Assert.assertTrue(authorizationManager.hasAuthorization(RecordAuthorizations.ATZ_RECORD$NOTIFY));
        // grant read -> MONTANT<=${montantMax} or UTI_ID_OWNER=${utiId}
        Assert.assertTrue(authorizationManager.isAuthorized(record, RecordOperations.READ));
        Assert.assertTrue(authorizationManager.isAuthorized(recordOtherUser, RecordOperations.READ));
        Assert.assertFalse(authorizationManager.isAuthorized(recordOtherUserAndTooExpensive, RecordOperations.READ));
        // grant read2 -> MONTANT<=${montantMax} or UTI_ID_OWNER=${utiId}
        Assert.assertTrue(authorizationManager.isAuthorized(record, RecordOperations.READ2));
        Assert.assertTrue(authorizationManager.isAuthorized(recordOtherUser, RecordOperations.READ2));
        Assert.assertFalse(authorizationManager.isAuthorized(recordOtherUserAndTooExpensive, RecordOperations.READ2));
        // notify -> TYP_ID=${typId} and ETA_CD=PUB and GEO<=${geo}
        Assert.assertTrue(authorizationManager.isAuthorized(record, RecordOperations.NOTIFY));
        Assert.assertFalse(authorizationManager.isAuthorized(recordOtherType, RecordOperations.NOTIFY));
        Assert.assertFalse(authorizationManager.isAuthorized(recordOtherEtat, RecordOperations.NOTIFY));
        Assert.assertTrue(authorizationManager.isAuthorized(recordOtherUser, RecordOperations.NOTIFY));
        Assert.assertTrue(authorizationManager.isAuthorized(recordOtherUserAndTooExpensive, RecordOperations.NOTIFY));
        Assert.assertTrue(authorizationManager.isAuthorized(recordOtherCommune, RecordOperations.NOTIFY));
        Assert.assertTrue(authorizationManager.isAuthorized(recordDepartement, RecordOperations.NOTIFY));
        Assert.assertFalse(authorizationManager.isAuthorized(recordOtherDepartement, RecordOperations.NOTIFY));
        Assert.assertFalse(authorizationManager.isAuthorized(recordRegion, RecordOperations.NOTIFY));
        Assert.assertFalse(authorizationManager.isAuthorized(recordNational, RecordOperations.NOTIFY));
        // override write -> TYP_ID=${typId} and ETA_CD=PUB and GEO<=${geo}
        // default write don't apply : (UTI_ID_OWNER=${utiId} and ETA_CD<ARC) or (TYP_ID=${typId} and MONTANT<=${montantMax} and ETA_CD<ARC)
        Assert.assertTrue(authorizationManager.isAuthorized(record, RecordOperations.WRITE));
        Assert.assertFalse(authorizationManager.isAuthorized(recordOtherType, RecordOperations.WRITE));
        Assert.assertFalse(authorizationManager.isAuthorized(recordOtherEtat, RecordOperations.WRITE));
        Assert.assertTrue(authorizationManager.isAuthorized(recordOtherUser, RecordOperations.WRITE));
        Assert.assertTrue(authorizationManager.isAuthorized(recordOtherUserAndTooExpensive, RecordOperations.WRITE));
        Assert.assertTrue(authorizationManager.isAuthorized(recordOtherCommune, RecordOperations.WRITE));
        Assert.assertTrue(authorizationManager.isAuthorized(recordDepartement, RecordOperations.WRITE));
        Assert.assertFalse(authorizationManager.isAuthorized(recordOtherDepartement, RecordOperations.WRITE));
        Assert.assertFalse(authorizationManager.isAuthorized(recordRegion, RecordOperations.WRITE));
        Assert.assertFalse(authorizationManager.isAuthorized(recordNational, RecordOperations.WRITE));
    } finally {
        securityManager.stopCurrentUserSession();
    }
}
Also used : Authorization(io.vertigo.account.authorization.metamodel.Authorization) TestUserSession(io.vertigo.account.data.TestUserSession) UserSession(io.vertigo.persona.security.UserSession) Record(io.vertigo.account.authorization.model.Record) TestUserSession(io.vertigo.account.data.TestUserSession) Test(org.junit.Test)

Example 10 with Authorization

use of io.vertigo.account.authorization.metamodel.Authorization in project vertigo by KleeGroup.

the class VSecurityManagerTest method testAuthorizedOnEntity.

@Test
public void testAuthorizedOnEntity() {
    final Record record = createRecord();
    final Record recordTooExpensive = createRecord();
    recordTooExpensive.setAmount(10000d);
    final Record recordOtherUser = createRecord();
    recordOtherUser.setUtiIdOwner(2000L);
    final Record recordOtherUserAndTooExpensive = createRecord();
    recordOtherUserAndTooExpensive.setUtiIdOwner(2000L);
    recordOtherUserAndTooExpensive.setAmount(10000d);
    final Authorization recordRead = getAuthorization(RecordAuthorizations.ATZ_RECORD$READ);
    final UserSession userSession = securityManager.<TestUserSession>createUserSession();
    try {
        securityManager.startCurrentUserSession(userSession);
        authorizationManager.obtainUserAuthorizations().withSecurityKeys("utiId", DEFAULT_UTI_ID).withSecurityKeys("typId", DEFAULT_TYPE_ID).withSecurityKeys("montantMax", DEFAULT_MONTANT_MAX).addAuthorization(recordRead);
        final boolean canReadRecord = authorizationManager.hasAuthorization(RecordAuthorizations.ATZ_RECORD$READ);
        Assert.assertTrue(canReadRecord);
        // read -> MONTANT<=${montantMax} or UTI_ID_OWNER=${utiId}
        Assert.assertTrue(authorizationManager.isAuthorized(record, RecordOperations.READ));
        Assert.assertTrue(authorizationManager.isAuthorized(recordTooExpensive, RecordOperations.READ));
        Assert.assertTrue(authorizationManager.isAuthorized(recordOtherUser, RecordOperations.READ));
        Assert.assertFalse(authorizationManager.isAuthorized(recordOtherUserAndTooExpensive, RecordOperations.READ));
    } finally {
        securityManager.stopCurrentUserSession();
    }
}
Also used : Authorization(io.vertigo.account.authorization.metamodel.Authorization) TestUserSession(io.vertigo.account.data.TestUserSession) UserSession(io.vertigo.persona.security.UserSession) Record(io.vertigo.account.authorization.model.Record) TestUserSession(io.vertigo.account.data.TestUserSession) Test(org.junit.Test)

Aggregations

Authorization (io.vertigo.account.authorization.metamodel.Authorization)14 UserSession (io.vertigo.persona.security.UserSession)10 Test (org.junit.Test)10 TestUserSession (io.vertigo.account.data.TestUserSession)9 Record (io.vertigo.account.authorization.model.Record)8 DtDefinition (io.vertigo.dynamo.domain.metamodel.DtDefinition)3 JsonElement (com.google.gson.JsonElement)2 JsonObject (com.google.gson.JsonObject)2 AuthorizationName (io.vertigo.account.authorization.metamodel.AuthorizationName)2 SecuredEntity (io.vertigo.account.authorization.metamodel.SecuredEntity)2 Assertion (io.vertigo.lang.Assertion)2 ArrayList (java.util.ArrayList)2 Collections (java.util.Collections)2 HashMap (java.util.HashMap)2 List (java.util.List)2 Collectors (java.util.stream.Collectors)2 AuthorizationManager (io.vertigo.account.authorization.AuthorizationManager)1 UserAuthorizations (io.vertigo.account.authorization.UserAuthorizations)1 OperationName (io.vertigo.account.authorization.metamodel.OperationName)1 Role (io.vertigo.account.authorization.metamodel.Role)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial