Example 6 with AdminRole
use of org.broadleafcommerce.openadmin.server.security.domain.AdminRole in project BroadleafCommerce by BroadleafCommerce.
the class AdminExternalLoginStateFilter method saveAdminUser.
protected void saveAdminUser(BroadleafExternalAuthenticationUserDetails broadleafUser, AdminUser user) {
// Name, login, password, email are required.
user.setLogin(broadleafUser.getUsername());
user.setUnencodedPassword(broadleafUser.getPassword());
if (user.getUnencodedPassword() == null) {
// If Spring is configured to erase credentials, then this will always be null
// Set the username as a default password here.
user.setUnencodedPassword(user.getLogin());
}
StringBuffer name = new StringBuffer();
if (broadleafUser.getFirstName() != null && broadleafUser.getFirstName().trim().length() > 0) {
name.append(broadleafUser.getFirstName().trim());
name.append(" ");
}
if (broadleafUser.getLastName() != null && broadleafUser.getLastName().trim().length() > 0) {
name.append(broadleafUser.getLastName().trim());
}
user.setName(name.toString());
user.setEmail(broadleafUser.getEmail());
Set<AdminRole> roleSet = user.getAllRoles();
// First, remove all roles associated with the user if they already existed
if (roleSet != null) {
roleSet.clear();
} else {
roleSet = new HashSet<AdminRole>();
user.setAllRoles(roleSet);
}
// Now add the appropriate roles back in
List<AdminRole> availableRoles = adminSecurityService.readAllAdminRoles();
if (availableRoles != null) {
HashMap<String, AdminRole> roleMap = new HashMap<String, AdminRole>();
for (AdminRole role : availableRoles) {
roleMap.put(role.getName(), role);
}
Collection<GrantedAuthority> authorities = broadleafUser.getAuthorities();
for (GrantedAuthority authority : authorities) {
if (roleMap.get(authority.getAuthority()) != null) {
roleSet.add(roleMap.get(authority.getAuthority()));
}
}
}
// Save the user data and all of the roles...
adminSecurityService.saveAdminUser(user);
}
Also used :
HashMap(java.util.HashMap)
GrantedAuthority(org.springframework.security.core.GrantedAuthority)
AdminRole(org.broadleafcommerce.openadmin.server.security.domain.AdminRole)
Example 7 with AdminRole
use of org.broadleafcommerce.openadmin.server.security.domain.AdminRole in project BroadleafCommerce by BroadleafCommerce.
the class AdminRoleDataProvider method createAdminRole.
@DataProvider(name = "setupAdminRole")
public static Object[][] createAdminRole() {
AdminRole adminRole = new AdminRoleImpl();
adminRole.setName("TestAdminUserRole");
adminRole.setDescription("Test Admin Role");
return new Object[][] { new Object[] { adminRole } };
}
Also used :
AdminRoleImpl(org.broadleafcommerce.openadmin.server.security.domain.AdminRoleImpl)
AdminRole(org.broadleafcommerce.openadmin.server.security.domain.AdminRole)
DataProvider(org.testng.annotations.DataProvider)
Example 8 with AdminRole
use of org.broadleafcommerce.openadmin.server.security.domain.AdminRole in project BroadleafCommerce by BroadleafCommerce.
the class AdminNavigationServiceImpl method isUserAuthorizedToViewSection.
@Override
public boolean isUserAuthorizedToViewSection(AdminUser adminUser, AdminSection section) {
List<AdminPermission> authorizedPermissions = section.getPermissions();
Set<String> authorizedPermissionNames = null;
if (authorizedPermissions != null) {
authorizedPermissionNames = new HashSet<>((authorizedPermissions.size() * 2));
for (AdminPermission authorizedPermission : authorizedPermissions) {
authorizedPermissionNames.add(authorizedPermission.getName());
authorizedPermissionNames.add(parseForAllPermission(authorizedPermission.getName()));
}
}
boolean response = false;
if (!CollectionUtils.isEmpty(adminUser.getAllRoles())) {
for (AdminRole role : adminUser.getAllRoles()) {
for (AdminPermission permission : role.getAllPermissions()) {
if (checkPermissions(authorizedPermissionNames, permission.getName())) {
response = true;
}
}
}
}
if (!response && !CollectionUtils.isEmpty(adminUser.getAllPermissions())) {
for (AdminPermission permission : adminUser.getAllPermissions()) {
if (checkPermissions(authorizedPermissionNames, permission.getName())) {
response = true;
}
}
}
if (!response) {
for (String defaultPermission : AdminSecurityService.DEFAULT_PERMISSIONS) {
if (checkPermissions(authorizedPermissionNames, defaultPermission)) {
response = true;
}
}
}
if (response) {
for (SectionAuthorization sectionAuthorization : additionalSectionAuthorizations) {
if (!sectionAuthorization.isUserAuthorizedToViewSection(adminUser, section)) {
response = false;
break;
}
}
}
return response;
}
Also used :
AdminPermission(org.broadleafcommerce.openadmin.server.security.domain.AdminPermission)
AdminRole(org.broadleafcommerce.openadmin.server.security.domain.AdminRole)
Example 9 with AdminRole
use of org.broadleafcommerce.openadmin.server.security.domain.AdminRole in project BroadleafCommerce by BroadleafCommerce.
the class AdminUserProvisioningServiceImpl method provisionAdminUser.
@Override
public AdminUserDetails provisionAdminUser(BroadleafExternalAuthenticationUserDetails details) {
HashSet<String> parsedRoleNames = parseRolesFromUserDetails(details);
HashSet<AdminRole> parsedRoles = new HashSet<AdminRole>();
List<AdminRole> adminRoles = securityService.readAllAdminRoles();
if (adminRoles != null) {
for (AdminRole role : adminRoles) {
if (parsedRoleNames.contains(role.getName())) {
parsedRoles.add(role);
}
}
}
Set<SimpleGrantedAuthority> adminUserAuthorities = extractAdminUserAuthorities(parsedRoles);
AdminUser adminUser = securityService.readAdminUserByUserName(details.getUsername());
if (adminUser == null) {
adminUser = new AdminUserImpl();
adminUser.setLogin(details.getUsername());
}
if (StringUtils.isNotBlank(details.getEmail())) {
adminUser.setEmail(details.getEmail());
}
StringBuilder name = new StringBuilder();
if (StringUtils.isNotBlank(details.getFirstName())) {
name.append(details.getFirstName()).append(" ");
}
if (StringUtils.isNotBlank(details.getLastName())) {
name.append(details.getLastName());
}
String fullName = name.toString();
if (StringUtils.isNotBlank(fullName)) {
adminUser.setName(fullName);
} else {
adminUser.setName(details.getUsername());
}
// set the roles for the admin user to our new set of roles
adminUser.setAllRoles(new HashSet<>(parsedRoles));
// Add optional support for things like Multi-Tenant, etc...
adminExternalLoginExtensionManager.getProxy().performAdditionalAuthenticationTasks(adminUser, details);
// Save the user data and all of the roles...
adminUser = securityService.saveAdminUser(adminUser);
return new AdminUserDetails(adminUser.getId(), details.getUsername(), "", true, true, true, true, adminUserAuthorities);
}
Also used :
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
AdminUserImpl(org.broadleafcommerce.openadmin.server.security.domain.AdminUserImpl)
AdminUser(org.broadleafcommerce.openadmin.server.security.domain.AdminUser)
AdminRole(org.broadleafcommerce.openadmin.server.security.domain.AdminRole)
HashSet(java.util.HashSet)
Aggregations
AdminRole (org.broadleafcommerce.openadmin.server.security.domain.AdminRole)9
SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)3
ArrayList (java.util.ArrayList)2
HashSet (java.util.HashSet)2
AdminPermission (org.broadleafcommerce.openadmin.server.security.domain.AdminPermission)2
AdminUser (org.broadleafcommerce.openadmin.server.security.domain.AdminUser)2
HashMap (java.util.HashMap)1
Query (javax.persistence.Query)1
AdminRoleImpl (org.broadleafcommerce.openadmin.server.security.domain.AdminRoleImpl)1
AdminUserImpl (org.broadleafcommerce.openadmin.server.security.domain.AdminUserImpl)1
GrantedAuthority (org.springframework.security.core.GrantedAuthority)1
Rollback (org.springframework.test.annotation.Rollback)1
DataProvider (org.testng.annotations.DataProvider)1
Test (org.testng.annotations.Test)1
