Search in sources :

Example 1 with Criteria

use of io.vertigo.dynamo.criteria.Criteria in project vertigo by KleeGroup.

the class StoreAuthenticationPlugin method authenticateAccount.

/**
 * {@inheritDoc}
 */
@Override
public Optional<String> authenticateAccount(final AuthenticationToken token) {
    final Criteria criteriaByLogin = Criterions.isEqualTo(() -> userLoginField, token.getPrincipal());
    final DtList<DtObject> results = storeManager.getDataStore().find(userCredentialDefinition, criteriaByLogin);
    // may ensure, that valid or invalid login took the same time, so we don't assert no result here
    Assertion.checkState(results.size() <= 1, "Too many matching credentials for {0}", token.getPrincipal());
    final AuthenticationToken trustedAuthenticationToken;
    if (token instanceof UsernamePasswordAuthenticationToken) {
        if (results.isEmpty()) {
            trustedAuthenticationToken = defaultUserTrustedCredential;
        } else {
            final String trustedEncodedPassword = (String) userCredentialDefinition.getField(userPasswordField).getDataAccessor().getValue(results.get(0));
            trustedAuthenticationToken = new UsernamePasswordAuthenticationToken(token.getPrincipal(), trustedEncodedPassword);
        }
    } else {
        if (results.isEmpty()) {
            trustedAuthenticationToken = defaultUserTrustedCredential;
        } else {
            trustedAuthenticationToken = new UsernameAuthenticationToken(token.getPrincipal());
        }
    }
    // may ensure, that valid or invalid login took the same time, so we don't assert no result here
    if (// tokens match
    token.match(trustedAuthenticationToken) && !results.isEmpty()) {
        // and Username exists (after)
        final String userTokenId = (String) userCredentialDefinition.getField(userTokenIdField).getDataAccessor().getValue(results.get(0));
        return Optional.of(userTokenId);
    }
    return Optional.empty();
}
Also used : UsernameAuthenticationToken(io.vertigo.account.impl.authentication.UsernameAuthenticationToken) UsernamePasswordAuthenticationToken(io.vertigo.account.impl.authentication.UsernamePasswordAuthenticationToken) AuthenticationToken(io.vertigo.account.authentication.AuthenticationToken) DtObject(io.vertigo.dynamo.domain.model.DtObject) UsernameAuthenticationToken(io.vertigo.account.impl.authentication.UsernameAuthenticationToken) UsernamePasswordAuthenticationToken(io.vertigo.account.impl.authentication.UsernamePasswordAuthenticationToken) Criteria(io.vertigo.dynamo.criteria.Criteria)

Example 2 with Criteria

use of io.vertigo.dynamo.criteria.Criteria in project vertigo by KleeGroup.

the class AuthorizationManagerImpl method getCriteriaSecurity.

/**
 * {@inheritDoc}
 */
@Override
public <K extends KeyConcept> Criteria<K> getCriteriaSecurity(final Class<K> keyConceptClass, final OperationName<K> operation) {
    Assertion.checkNotNull(keyConceptClass);
    Assertion.checkNotNull(operation);
    // ---
    final Optional<UserAuthorizations> userPermissionsOpt = getUserPermissionsOpt();
    if (!userPermissionsOpt.isPresent()) {
        // Si il n'y a pas de session alors pas d'autorisation.
        return Criterions.alwaysFalse();
    }
    final UserAuthorizations userPermissions = userPermissionsOpt.get();
    final DtDefinition dtDefinition = DtObjectUtil.findDtDefinition(keyConceptClass);
    final SecuredEntity securedEntity = findSecuredEntity(dtDefinition);
    final List<Criteria<K>> criterions = userPermissions.getEntityAuthorizations(dtDefinition).stream().filter(permission -> permission.getOperation().get().equals(operation.name()) || permission.getOverrides().contains(operation.name())).flatMap(permission -> permission.getRules().stream()).map(rule -> new CriteriaSecurityRuleTranslator<K>().on(securedEntity).withRule(rule).withCriteria(userPermissions.getSecurityKeys()).toCriteria()).collect(Collectors.toList());
    if (criterions.isEmpty()) {
        // Si il n'y a pas de droits alors pas d'autorisation.
        return Criterions.alwaysFalse();
    }
    Criteria<K> securityCriteria = null;
    for (final Criteria<K> ruleCriteria : criterions) {
        if (securityCriteria == null) {
            securityCriteria = ruleCriteria;
        } else {
            securityCriteria = securityCriteria.or(ruleCriteria);
        }
    }
    return securityCriteria;
}
Also used : RuleMultiExpression(io.vertigo.account.authorization.metamodel.rulemodel.RuleMultiExpression) CriteriaSecurityRuleTranslator(io.vertigo.account.impl.authorization.dsl.translator.CriteriaSecurityRuleTranslator) VSecurityManager(io.vertigo.persona.security.VSecurityManager) UserAuthorizations(io.vertigo.account.authorization.UserAuthorizations) AuthorizationName(io.vertigo.account.authorization.metamodel.AuthorizationName) DtDefinition(io.vertigo.dynamo.domain.metamodel.DtDefinition) DtObjectUtil(io.vertigo.dynamo.domain.util.DtObjectUtil) Criteria(io.vertigo.dynamo.criteria.Criteria) AuthorizationManager(io.vertigo.account.authorization.AuthorizationManager) Collectors(java.util.stream.Collectors) Inject(javax.inject.Inject) Home(io.vertigo.app.Home) List(java.util.List) DefinitionUtil(io.vertigo.core.definition.DefinitionUtil) Criterions(io.vertigo.dynamo.criteria.Criterions) Assertion(io.vertigo.lang.Assertion) KeyConcept(io.vertigo.dynamo.domain.model.KeyConcept) Optional(java.util.Optional) Authorization(io.vertigo.account.authorization.metamodel.Authorization) OperationName(io.vertigo.account.authorization.metamodel.OperationName) Collections(java.util.Collections) SearchSecurityRuleTranslator(io.vertigo.account.impl.authorization.dsl.translator.SearchSecurityRuleTranslator) UserSession(io.vertigo.persona.security.UserSession) SecuredEntity(io.vertigo.account.authorization.metamodel.SecuredEntity) SecuredEntity(io.vertigo.account.authorization.metamodel.SecuredEntity) DtDefinition(io.vertigo.dynamo.domain.metamodel.DtDefinition) CriteriaSecurityRuleTranslator(io.vertigo.account.impl.authorization.dsl.translator.CriteriaSecurityRuleTranslator) Criteria(io.vertigo.dynamo.criteria.Criteria) UserAuthorizations(io.vertigo.account.authorization.UserAuthorizations)

Aggregations

Criteria (io.vertigo.dynamo.criteria.Criteria)2 AuthenticationToken (io.vertigo.account.authentication.AuthenticationToken)1 AuthorizationManager (io.vertigo.account.authorization.AuthorizationManager)1 UserAuthorizations (io.vertigo.account.authorization.UserAuthorizations)1 Authorization (io.vertigo.account.authorization.metamodel.Authorization)1 AuthorizationName (io.vertigo.account.authorization.metamodel.AuthorizationName)1 OperationName (io.vertigo.account.authorization.metamodel.OperationName)1 SecuredEntity (io.vertigo.account.authorization.metamodel.SecuredEntity)1 RuleMultiExpression (io.vertigo.account.authorization.metamodel.rulemodel.RuleMultiExpression)1 UsernameAuthenticationToken (io.vertigo.account.impl.authentication.UsernameAuthenticationToken)1 UsernamePasswordAuthenticationToken (io.vertigo.account.impl.authentication.UsernamePasswordAuthenticationToken)1 CriteriaSecurityRuleTranslator (io.vertigo.account.impl.authorization.dsl.translator.CriteriaSecurityRuleTranslator)1 SearchSecurityRuleTranslator (io.vertigo.account.impl.authorization.dsl.translator.SearchSecurityRuleTranslator)1 Home (io.vertigo.app.Home)1 DefinitionUtil (io.vertigo.core.definition.DefinitionUtil)1 Criterions (io.vertigo.dynamo.criteria.Criterions)1 DtDefinition (io.vertigo.dynamo.domain.metamodel.DtDefinition)1 DtObject (io.vertigo.dynamo.domain.model.DtObject)1 KeyConcept (io.vertigo.dynamo.domain.model.KeyConcept)1 DtObjectUtil (io.vertigo.dynamo.domain.util.DtObjectUtil)1