Examples with IAuthorizationPrincipal org.apereo.portal.security.IAuthorizationPrincipal used on opensource projects

Example 46 with IAuthorizationPrincipal

use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.

the class AuthorizationTester method testDoesPrincipalHavePermission.

public void testDoesPrincipalHavePermission() throws Exception {
    print("***** ENTERING AuthorizationTester.testDoesPrincipalHavePermission() *****");
    String msg = null;
    IPermission testPermission = null;
    boolean testResult = false;
    int idx = 0;
    msg = "Creating authorizationPrincipal for student.";
    print(msg);
    IAuthorizationPrincipal prin = getService().newPrincipal("student", IPERSON_CLASS);
    assertNotNull(msg, prin);
    testPermission = (IPermission) testPermissions.get(0);
    msg = "Testing  " + testPermission + " (should be TRUE -- inherited from Everyone)";
    print(msg);
    testResult = prin.hasPermission(OWNER, TEST_ACTIVITY, testPermission.getTarget());
    assertTrue(msg, testResult);
    testPermission = (IPermission) testPermissions.get(1);
    msg = "Testing  " + testPermission + " (should be FALSE -- directly denied)";
    print(msg);
    testResult = prin.hasPermission(OWNER, TEST_ACTIVITY, testPermission.getTarget());
    assertTrue(msg, !testResult);
    msg = "Testing  the rest of the test permissions (should be TRUE).";
    print(msg);
    for (idx = 2; idx < NUMBER_TEST_PERMISSIONS; idx++) {
        testPermission = (IPermission) testPermissions.get(idx);
        testResult = prin.hasPermission(OWNER, TEST_ACTIVITY, testPermission.getTarget());
        assertTrue(msg, testResult);
    }
    print("***** LEAVING AuthorizationTester.testDoesPrincipalHavePermission() *****" + CR);
}

Example 47 with IAuthorizationPrincipal

use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.

the class AuthorizationTester method testPermissionPrincipal.

/**
 * Tests concurrent access to permissions via "singleton" principal objects. Only run this test
 * when the property org.apereo.portal.security.IAuthorizationService.cachePermissions=true,
 * since performance of the db calls will distort the time needed to complete the various parts
 * of the test.
 */
public void testPermissionPrincipal() throws Exception {
    print("***** ENTERING AuthorizationTester.testPermissionPrincipal() *****");
    Class type = IPERSON_CLASS;
    String key = "student";
    int numPrincipals = 10;
    int numTestingThreads = 10;
    int idx = 0;
    long pauseBeforeUpdateMillis = 3000;
    long pauseAfterUpdateMillis = 10000;
    IAuthorizationPrincipal[] principals = new IAuthorizationPrincipal[numPrincipals];
    for (idx = 0; idx < numPrincipals; idx++) {
        principals[idx] = getService().newPrincipal(key, type);
    }
    String msg = "Test that principal " + principals[0] + " is being cached.";
    print(msg);
    for (idx = 1; idx < numPrincipals; idx++) {
        assertTrue(msg, principals[idx] == principals[0]);
    }
    IAuthorizationPrincipal p1 = principals[0];
    IPermission testPermission = (IPermission) testPermissions.get(0);
    msg = "Testing  first principal for " + testPermission + " (should be TRUE -- inherited from Everyone)";
    print(msg);
    boolean testResult = p1.hasPermission(OWNER, TEST_ACTIVITY, testPermission.getTarget());
    assertTrue(msg, testResult);
    print("Starting testing Threads.");
    Thread[] testers = new Thread[numTestingThreads];
    for (idx = 0; idx < numTestingThreads; idx++) {
        String id = "" + idx;
        PrincipalTester pt = new PrincipalTester(key, type, 10, id, testPermission);
        testers[idx] = new Thread(pt);
        testers[idx].start();
    }
    print("Will now sleep for " + pauseBeforeUpdateMillis + " ms to let testing threads run.");
    try {
        Thread.sleep(pauseBeforeUpdateMillis);
    } catch (Exception ex) {
    }
    /*
         * Remove a permission and test a principal.  After a pause, the testing threads
         * will wake up and perform the 2nd part of their tests to confirm this update.
         */
    msg = "Deleting " + testPermission;
    print(msg);
    IPermission[] perms = new IPermission[1];
    perms[0] = testPermission;
    getService().removePermissions(perms);
    msg = "Testing  first principal for " + testPermission + " (should be FALSE -- has been removed.)";
    print(msg);
    testResult = p1.hasPermission(OWNER, TEST_ACTIVITY, testPermission.getTarget());
    assertTrue(msg, !testResult);
    print("Will now sleep for " + pauseAfterUpdateMillis + " ms to let testing threads complete.");
    try {
        Thread.sleep(pauseAfterUpdateMillis);
    } catch (Exception ex) {
    }
    print("***** LEAVING AuthorizationTester.testPermissionPrincipal() *****" + CR);
}

Example 48 with IAuthorizationPrincipal

use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.

the class EntityFactory method setPrincipal.

private static void setPrincipal(Entity entity) {
    IAuthorizationPrincipal authP = EntityService.instance().getPrincipalForEntity(entity);
    Principal principal = new PrincipalImpl(authP.getKey(), authP.getPrincipalString());
    entity.setPrincipal(principal);
}

Example 49 with IAuthorizationPrincipal

use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.

the class DistributedLayoutManager method getDistributedUserLayout.

protected DistributedUserLayout getDistributedUserLayout() {
    DistributedUserLayout userLayout = this.layoutCachingService.getCachedLayout(owner, profile);
    if (null == userLayout) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Load from store for " + owner.getAttribute(IPerson.USERNAME));
        }
        userLayout = this.distributedLayoutStore.getUserLayout(this.owner, this.profile);
        final Document userLayoutDocument = userLayout.getLayout();
        // DistributedLayoutManager shall gracefully remove channels
        // that the user isn't authorized to render from folders of type
        // 'header' and 'footer'.
        IAuthorizationPrincipal principal = authorizationService.newPrincipal(owner.getUserName(), IPerson.class);
        NodeList nodes = userLayoutDocument.getElementsByTagName("folder");
        for (int i = 0; i < nodes.getLength(); i++) {
            Element fd = (Element) nodes.item(i);
            String type = fd.getAttribute("type");
            if (type != null && (type.equals("header") || type.equals("footer") || type.equals("sidebar"))) {
                // Here's where we do the work...
                if (LOG.isDebugEnabled()) {
                    LOG.debug("RDBMUserLayoutStore examining the '" + type + "' folder of user '" + owner.getUserName() + "' for non-authorized channels.");
                }
                NodeList channels = fd.getElementsByTagName("channel");
                for (int j = 0; j < channels.getLength(); j++) {
                    Element ch = (Element) channels.item(j);
                    try {
                        String chanId = ch.getAttribute("chanID");
                        if (!principal.canRender(chanId)) {
                            fd.removeChild(ch);
                            if (LOG.isDebugEnabled()) {
                                LOG.debug("RDBMUserLayoutStore removing channel '" + ch.getAttribute("fname") + "' from the header or footer of user '" + owner.getUserName() + "' because he/she isn't authorized to render it.");
                            }
                        }
                    } catch (Throwable t) {
                        // Log this...
                        LOG.warn("RDBMUserLayoutStore was unable to analyze channel element with Id=" + ch.getAttribute("chanID"), t);
                    }
                }
            }
        }
        setUserLayoutDOM(userLayout);
    }
    return userLayout;
}

Example 50 with IAuthorizationPrincipal

use of org.apereo.portal.security.IAuthorizationPrincipal in project uPortal by Jasig.

the class PermissionsRESTController method getPermissionsForEntity.

protected List<JsonPermission> getPermissionsForEntity(JsonEntityBean entity, boolean includeInherited) {
    Set<UniquePermission> directAssignments = new HashSet<UniquePermission>();
    IAuthorizationPrincipal p = this.authorizationService.newPrincipal(entity.getId(), entity.getEntityType().getClazz());
    // first get the permissions explicitly set for this principal
    IPermission[] directPermissions = permissionStore.select(null, p.getPrincipalString(), null, null, null);
    for (IPermission permission : directPermissions) {
        directAssignments.add(new UniquePermission(permission.getOwner(), permission.getActivity(), permission.getTarget(), false));
    }
    Set<UniquePermission> inheritedAssignments = new HashSet<UniquePermission>();
    if (includeInherited) {
        IGroupMember member = GroupService.getGroupMember(p.getKey(), p.getType());
        for (IEntityGroup parent : member.getAncestorGroups()) {
            IAuthorizationPrincipal parentPrincipal = this.authorizationService.newPrincipal(parent);
            IPermission[] parentPermissions = permissionStore.select(null, parentPrincipal.getPrincipalString(), null, null, null);
            for (IPermission permission : parentPermissions) {
                inheritedAssignments.add(new UniquePermission(permission.getOwner(), permission.getActivity(), permission.getTarget(), true));
            }
        }
    }
    List<JsonPermission> rslt = new ArrayList<JsonPermission>();
    for (UniquePermission permission : directAssignments) {
        if (p.hasPermission(permission.getOwner(), permission.getActivity(), permission.getIdentifier())) {
            rslt.add(getPermissionForPrincipal(permission, entity));
        }
    }
    for (UniquePermission permission : inheritedAssignments) {
        if (p.hasPermission(permission.getOwner(), permission.getActivity(), permission.getIdentifier())) {
            rslt.add(getPermissionForPrincipal(permission, entity));
        }
    }
    Collections.sort(rslt);
    return rslt;
}