Example 6 with IPermission
use of org.apereo.portal.security.IPermission in project uPortal by Jasig.
the class AuthorizationTester method testPermissionPrincipal.
/**
* Tests concurrent access to permissions via "singleton" principal objects. Only run this test
* when the property org.apereo.portal.security.IAuthorizationService.cachePermissions=true,
* since performance of the db calls will distort the time needed to complete the various parts
* of the test.
*/
public void testPermissionPrincipal() throws Exception {
print("***** ENTERING AuthorizationTester.testPermissionPrincipal() *****");
Class type = IPERSON_CLASS;
String key = "student";
int numPrincipals = 10;
int numTestingThreads = 10;
int idx = 0;
long pauseBeforeUpdateMillis = 3000;
long pauseAfterUpdateMillis = 10000;
IAuthorizationPrincipal[] principals = new IAuthorizationPrincipal[numPrincipals];
for (idx = 0; idx < numPrincipals; idx++) {
principals[idx] = getService().newPrincipal(key, type);
}
String msg = "Test that principal " + principals[0] + " is being cached.";
print(msg);
for (idx = 1; idx < numPrincipals; idx++) {
assertTrue(msg, principals[idx] == principals[0]);
}
IAuthorizationPrincipal p1 = principals[0];
IPermission testPermission = (IPermission) testPermissions.get(0);
msg = "Testing first principal for " + testPermission + " (should be TRUE -- inherited from Everyone)";
print(msg);
boolean testResult = p1.hasPermission(OWNER, TEST_ACTIVITY, testPermission.getTarget());
assertTrue(msg, testResult);
print("Starting testing Threads.");
Thread[] testers = new Thread[numTestingThreads];
for (idx = 0; idx < numTestingThreads; idx++) {
String id = "" + idx;
PrincipalTester pt = new PrincipalTester(key, type, 10, id, testPermission);
testers[idx] = new Thread(pt);
testers[idx].start();
}
print("Will now sleep for " + pauseBeforeUpdateMillis + " ms to let testing threads run.");
try {
Thread.sleep(pauseBeforeUpdateMillis);
} catch (Exception ex) {
}
/*
* Remove a permission and test a principal. After a pause, the testing threads
* will wake up and perform the 2nd part of their tests to confirm this update.
*/
msg = "Deleting " + testPermission;
print(msg);
IPermission[] perms = new IPermission[1];
perms[0] = testPermission;
getService().removePermissions(perms);
msg = "Testing first principal for " + testPermission + " (should be FALSE -- has been removed.)";
print(msg);
testResult = p1.hasPermission(OWNER, TEST_ACTIVITY, testPermission.getTarget());
assertTrue(msg, !testResult);
print("Will now sleep for " + pauseAfterUpdateMillis + " ms to let testing threads complete.");
try {
Thread.sleep(pauseAfterUpdateMillis);
} catch (Exception ex) {
}
print("***** LEAVING AuthorizationTester.testPermissionPrincipal() *****" + CR);
}
Also used :
IOException(java.io.IOException)
AuthorizationException(org.apereo.portal.AuthorizationException)
PortalSecurityException(org.apereo.portal.security.PortalSecurityException)
IPermission(org.apereo.portal.security.IPermission)
IAuthorizationPrincipal(org.apereo.portal.security.IAuthorizationPrincipal)
Example 7 with IPermission
use of org.apereo.portal.security.IPermission in project uPortal by Jasig.
the class AuthorizationTester method setUp.
protected void setUp() {
String msg = null;
IPermission[] retrievedPermissions = null;
IPermission newPermission, retrievedPermission = null;
java.util.Date effectiveDate = new java.util.Date();
java.util.Date expirationDate = new java.util.Date(System.currentTimeMillis() + (60 * 60 * 24 * 1000));
int idx = 0;
try {
if (GROUP_CLASS == null) {
GROUP_CLASS = Class.forName("org.apereo.portal.groups.IEntityGroup");
}
if (IPERSON_CLASS == null) {
IPERSON_CLASS = Class.forName("org.apereo.portal.security.IPerson");
}
GROUP_SEPARATOR = GroupServiceConfiguration.getConfiguration().getNodeSeparator();
EVERYONE_GROUP_KEY = "local" + GROUP_SEPARATOR + "0";
EVERYONE_GROUP_PRINCIPAL_KEY = "3." + EVERYONE_GROUP_KEY;
NOONE_GROUP_PRINCIPAL_KEY = "3.local" + GROUP_SEPARATOR + "999";
STUDENT_GROUP_PRINCIPAL_KEY = "3.local" + GROUP_SEPARATOR + "1";
msg = "Creating test permissions.";
print(msg);
retrievedPermissions = getPermissionStore().select(OWNER, EVERYONE_GROUP_PRINCIPAL_KEY, TEST_ACTIVITY, null, IPermission.PERMISSION_TYPE_GRANT);
assertEquals(msg, 0, retrievedPermissions.length);
for (idx = 0; idx < NUMBER_TEST_PERMISSIONS; idx++) {
newPermission = getPermissionStore().newInstance(OWNER);
newPermission.setPrincipal(EVERYONE_GROUP_PRINCIPAL_KEY);
newPermission.setActivity(TEST_ACTIVITY);
newPermission.setTarget(TEST_TARGET + idx);
newPermission.setType(IPermission.PERMISSION_TYPE_GRANT);
newPermission.setEffective(effectiveDate);
newPermission.setExpires(expirationDate);
getPermissionStore().add(newPermission);
testPermissions.add(newPermission);
}
retrievedPermissions = getPermissionStore().select(OWNER, EVERYONE_GROUP_PRINCIPAL_KEY, TEST_ACTIVITY, null, IPermission.PERMISSION_TYPE_GRANT);
assertEquals(msg, NUMBER_TEST_PERMISSIONS, retrievedPermissions.length);
msg = "Creating test DENY permission for student group.";
print(msg);
retrievedPermission = (IPermission) testPermissions.get(0);
newPermission = getPermissionStore().newInstance(OWNER);
newPermission.setActivity(TEST_ACTIVITY);
newPermission.setPrincipal(STUDENT_GROUP_PRINCIPAL_KEY);
newPermission.setTarget(retrievedPermission.getTarget());
newPermission.setType(IPermission.PERMISSION_TYPE_DENY);
retrievedPermissions = getPermissionStore().select(OWNER, STUDENT_GROUP_PRINCIPAL_KEY, TEST_ACTIVITY, retrievedPermission.getTarget(), IPermission.PERMISSION_TYPE_DENY);
assertEquals(msg, 0, retrievedPermissions.length);
getPermissionStore().add(newPermission);
retrievedPermissions = getPermissionStore().select(OWNER, STUDENT_GROUP_PRINCIPAL_KEY, TEST_ACTIVITY, retrievedPermission.getTarget(), IPermission.PERMISSION_TYPE_DENY);
assertEquals(msg, 1, retrievedPermissions.length);
testPermissions.add(newPermission);
msg = "Creating test DENY permission for student entity.";
print(msg);
newPermission = getPermissionStore().newInstance(OWNER);
retrievedPermission = (IPermission) testPermissions.get(1);
newPermission.setPrincipal(STUDENT_PRINCIPAL_KEY);
newPermission.setActivity(TEST_ACTIVITY);
newPermission.setTarget(retrievedPermission.getTarget());
newPermission.setType(IPermission.PERMISSION_TYPE_DENY);
retrievedPermissions = getPermissionStore().select(OWNER, STUDENT_PRINCIPAL_KEY, TEST_ACTIVITY, retrievedPermission.getTarget(), IPermission.PERMISSION_TYPE_DENY);
assertEquals(msg, 0, retrievedPermissions.length);
getPermissionStore().add(newPermission);
retrievedPermissions = getPermissionStore().select(OWNER, STUDENT_PRINCIPAL_KEY, TEST_ACTIVITY, retrievedPermission.getTarget(), IPermission.PERMISSION_TYPE_DENY);
assertEquals(msg, 1, retrievedPermissions.length);
testPermissions.add(newPermission);
} catch (Exception ex) {
print("AuthorizationTester.setUp(): " + ex.getMessage());
}
}
Also used :
IPermission(org.apereo.portal.security.IPermission)
IOException(java.io.IOException)
AuthorizationException(org.apereo.portal.AuthorizationException)
PortalSecurityException(org.apereo.portal.security.PortalSecurityException)
Example 8 with IPermission
use of org.apereo.portal.security.IPermission in project uPortal by Jasig.
the class AuthorizationTester method testDoesPrincipalHavePermission.
public void testDoesPrincipalHavePermission() throws Exception {
print("***** ENTERING AuthorizationTester.testDoesPrincipalHavePermission() *****");
String msg = null;
IPermission testPermission = null;
boolean testResult = false;
int idx = 0;
msg = "Creating authorizationPrincipal for student.";
print(msg);
IAuthorizationPrincipal prin = getService().newPrincipal("student", IPERSON_CLASS);
assertNotNull(msg, prin);
testPermission = (IPermission) testPermissions.get(0);
msg = "Testing " + testPermission + " (should be TRUE -- inherited from Everyone)";
print(msg);
testResult = prin.hasPermission(OWNER, TEST_ACTIVITY, testPermission.getTarget());
assertTrue(msg, testResult);
testPermission = (IPermission) testPermissions.get(1);
msg = "Testing " + testPermission + " (should be FALSE -- directly denied)";
print(msg);
testResult = prin.hasPermission(OWNER, TEST_ACTIVITY, testPermission.getTarget());
assertTrue(msg, !testResult);
msg = "Testing the rest of the test permissions (should be TRUE).";
print(msg);
for (idx = 2; idx < NUMBER_TEST_PERMISSIONS; idx++) {
testPermission = (IPermission) testPermissions.get(idx);
testResult = prin.hasPermission(OWNER, TEST_ACTIVITY, testPermission.getTarget());
assertTrue(msg, testResult);
}
print("***** LEAVING AuthorizationTester.testDoesPrincipalHavePermission() *****" + CR);
}
Also used :
IPermission(org.apereo.portal.security.IPermission)
IAuthorizationPrincipal(org.apereo.portal.security.IAuthorizationPrincipal)
Example 9 with IPermission
use of org.apereo.portal.security.IPermission in project uPortal by Jasig.
the class GroupListHelperImpl method getIndividualBestRootEntity.
@Override
public JsonEntityBean getIndividualBestRootEntity(final IPerson person, final String groupType, final String permissionOwner, final String[] permissionActivities) {
if (log.isDebugEnabled()) {
log.debug("Choosing best root group for user='" + person.getUserName() + "', groupType='" + groupType + "', permissionOwner='" + permissionOwner + "', permissionActivities='" + Arrays.toString(permissionActivities) + "'");
}
final IAuthorizationPrincipal principal = AuthorizationPrincipalHelper.principalFromUser(person);
final JsonEntityBean canonicalRootGroup = getRootEntity(groupType);
if (log.isDebugEnabled()) {
log.debug("Found for groupType='" + groupType + "' the following canonicalRootGroup: " + canonicalRootGroup);
}
/*
* First check the canonical root group for the applicable activities
* (NOTE: the uPortal permissions infrastructure handles checking of
* special, collective targets like "ALL_GROUPS" and "All_categories").
*/
for (String activity : permissionActivities) {
if (principal.hasPermission(permissionOwner, activity, canonicalRootGroup.getId())) {
return canonicalRootGroup;
}
}
// So much for the easy path -- see if the user has any records at all for this specific owner/activity
// Default
JsonEntityBean rslt = null;
final List<IPermission> permissionsOfRelevantActivity = new ArrayList<IPermission>();
for (String activity : permissionActivities) {
permissionsOfRelevantActivity.addAll(Arrays.asList(principal.getAllPermissions(permissionOwner, activity, null)));
}
if (log.isDebugEnabled()) {
log.debug("For user='" + person.getUserName() + "', groupType='" + groupType + "', permissionOwner='" + permissionOwner + "', permissionActivities='" + Arrays.toString(permissionActivities) + "' permissionsOfRelevantTypes.size()=" + permissionsOfRelevantActivity.size());
}
switch(permissionsOfRelevantActivity.size()) {
case 0:
// No problem -- user doesn't have any of this sort of permission (leave it null)
break;
default:
// root group to send back. With luck there aren't many matches.
for (IPermission p : permissionsOfRelevantActivity) {
IEntityGroup groupMember = GroupService.findGroup(p.getTarget());
final JsonEntityBean candidate = getEntity(groupMember);
// Pass on any matches of the wrong groupType...
if (!candidate.getEntityTypeAsString().equalsIgnoreCase(groupType)) {
continue;
}
if (rslt == null) {
// First allowable selection; run with this one
// unless/until we're forced to make a choice.
rslt = candidate;
} else {
// the same rich hierarchy.
if (candidate.getChildren().size() > rslt.getChildren().size()) {
rslt = candidate;
}
}
}
break;
}
if (log.isDebugEnabled()) {
log.debug("Selected for user='" + person.getUserName() + "', groupType='" + groupType + "', permissionOwner='" + permissionOwner + "', permissionActivities='" + Arrays.toString(permissionActivities) + "' the following best root group: " + rslt);
}
return rslt;
}
Also used :
IEntityGroup(org.apereo.portal.groups.IEntityGroup)
IPermission(org.apereo.portal.security.IPermission)
IAuthorizationPrincipal(org.apereo.portal.security.IAuthorizationPrincipal)
ArrayList(java.util.ArrayList)
Example 10 with IPermission
use of org.apereo.portal.security.IPermission in project uPortal by Jasig.
the class ApiPermissionsService method getAssignmentsForPerson.
@Override
public Set<Assignment> getAssignmentsForPerson(String username, boolean includeInherited) {
Set<Assignment> rslt = new HashSet<Assignment>();
IAuthorizationPrincipal authP = this.authorizationService.newPrincipal(username, EntityEnum.PERSON.getClazz());
// first get the permissions explicitly set for this principal
IPermission[] directPermissions = permissionStore.select(null, authP.getPrincipalString(), null, null, null);
for (IPermission permission : directPermissions) {
if (authP.hasPermission(permission.getOwner(), permission.getActivity(), permission.getTarget())) {
Assignment a = createAssignment(permission, authP, false);
if (a != null) {
rslt.add(a);
}
}
}
if (includeInherited) {
IGroupMember member = GroupService.getGroupMember(authP.getKey(), authP.getType());
for (IEntityGroup parent : member.getAncestorGroups()) {
IAuthorizationPrincipal parentPrincipal = this.authorizationService.newPrincipal(parent);
IPermission[] parentPermissions = permissionStore.select(null, parentPrincipal.getPrincipalString(), null, null, null);
for (IPermission permission : parentPermissions) {
if (authP.hasPermission(permission.getOwner(), permission.getActivity(), permission.getTarget())) {
Assignment a = createAssignment(permission, authP, true);
if (a != null) {
rslt.add(a);
}
}
}
}
}
return rslt;
}
Also used :
IEntityGroup(org.apereo.portal.groups.IEntityGroup)
IGroupMember(org.apereo.portal.groups.IGroupMember)
IPermission(org.apereo.portal.security.IPermission)
IAuthorizationPrincipal(org.apereo.portal.security.IAuthorizationPrincipal)
HashSet(java.util.HashSet)
Aggregations
IPermission (org.apereo.portal.security.IPermission)23
IAuthorizationPrincipal (org.apereo.portal.security.IAuthorizationPrincipal)13
ArrayList (java.util.ArrayList)9
IEntityGroup (org.apereo.portal.groups.IEntityGroup)8
IGroupMember (org.apereo.portal.groups.IGroupMember)7
HashSet (java.util.HashSet)5
AuthorizationException (org.apereo.portal.AuthorizationException)4
JsonEntityBean (org.apereo.portal.layout.dlm.remoting.JsonEntityBean)4
IPerson (org.apereo.portal.security.IPerson)4
IUpdatingPermissionManager (org.apereo.portal.security.IUpdatingPermissionManager)3
RequestMapping (org.springframework.web.bind.annotation.RequestMapping)3
IOException (java.io.IOException)2
Date (java.util.Date)2
IEntity (org.apereo.portal.groups.IEntity)2
IPermissionActivity (org.apereo.portal.permission.IPermissionActivity)2
IPortletDefinition (org.apereo.portal.portlet.om.IPortletDefinition)2
PortalSecurityException (org.apereo.portal.security.PortalSecurityException)2
AuthorizationService (org.apereo.portal.services.AuthorizationService)2
Connection (java.sql.Connection)1
PreparedStatement (java.sql.PreparedStatement)1
