Search in sources :

Example 1 with MultiTargetedRestriction

use of org.dcache.auth.attributes.MultiTargetedRestriction in project dcache by dCache.

the class ScopeBasedAuthzProfile method buildRestriction.

private Restriction buildRestriction(List<AuthorisationSupplier> scopes) {
    Map<FsPath, MultiTargetedRestriction.Authorisation> authorisations = new HashMap<>();
    scopes.stream().map(s -> s.authorisation(prefix)).filter(Optional::isPresent).map(Optional::get).forEach(a -> {
        FsPath path = a.getPath();
        MultiTargetedRestriction.Authorisation existing = authorisations.get(path);
        if (existing != null) {
            Collection<Activity> combined = EnumSet.copyOf(existing.getActivity());
            combined.addAll(a.getActivity());
            a = new MultiTargetedRestriction.Authorisation(combined, path);
        }
        authorisations.put(path, a);
    });
    return new MultiTargetedRestriction(authorisations.values());
}
Also used : ExemptFromNamespaceChecks(org.dcache.auth.ExemptFromNamespaceChecks) MultiTargetedRestriction(org.dcache.auth.attributes.MultiTargetedRestriction) FsPath(diskCacheV111.util.FsPath) Preconditions.checkAuthentication(org.dcache.gplazma.util.Preconditions.checkAuthentication) Restriction(org.dcache.auth.attributes.Restriction) Collection(java.util.Collection) Set(java.util.Set) HashMap(java.util.HashMap) Streams(com.google.common.collect.Streams) Collectors(java.util.stream.Collectors) AuthenticationException(org.dcache.gplazma.AuthenticationException) ProfileResult(org.dcache.gplazma.oidc.ProfileResult) List(java.util.List) Principal(java.security.Principal) Map(java.util.Map) Objects.requireNonNull(java.util.Objects.requireNonNull) Activity(org.dcache.auth.attributes.Activity) Optional(java.util.Optional) JsonNode(com.fasterxml.jackson.databind.JsonNode) Collections(java.util.Collections) IdentityProvider(org.dcache.gplazma.oidc.IdentityProvider) EnumSet(java.util.EnumSet) Optional(java.util.Optional) HashMap(java.util.HashMap) MultiTargetedRestriction(org.dcache.auth.attributes.MultiTargetedRestriction) Activity(org.dcache.auth.attributes.Activity) FsPath(diskCacheV111.util.FsPath)

Example 2 with MultiTargetedRestriction

use of org.dcache.auth.attributes.MultiTargetedRestriction in project dcache by dCache.

the class SciTokenPlugin method buildRestriction.

private Restriction buildRestriction(FsPath prefix, List<AuthorisationSupplier> scopes) {
    Map<FsPath, Authorisation> authorisations = new HashMap<>();
    scopes.stream().map(s -> s.authorisation(prefix)).filter(Optional::isPresent).map(Optional::get).forEach(a -> {
        FsPath path = a.getPath();
        Authorisation existing = authorisations.get(path);
        if (existing != null) {
            Collection<Activity> combined = EnumSet.copyOf(existing.getActivity());
            combined.addAll(a.getActivity());
            a = new Authorisation(combined, path);
        }
        authorisations.put(path, a);
    });
    return new MultiTargetedRestriction(authorisations.values());
}
Also used : ExemptFromNamespaceChecks(org.dcache.auth.ExemptFromNamespaceChecks) MultiTargetedRestriction(org.dcache.auth.attributes.MultiTargetedRestriction) FsPath(diskCacheV111.util.FsPath) Restriction(org.dcache.auth.attributes.Restriction) Subjects(org.dcache.auth.Subjects) JwtSubPrincipal(org.dcache.auth.JwtSubPrincipal) LoggerFactory(org.slf4j.LoggerFactory) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) OpenIdGroupPrincipal(org.dcache.auth.OpenIdGroupPrincipal) Preconditions.checkArgument(com.google.common.base.Preconditions.checkArgument) GPlazmaAuthenticationPlugin(org.dcache.gplazma.plugins.GPlazmaAuthenticationPlugin) HttpClient(org.apache.http.client.HttpClient) Objects.requireNonNull(java.util.Objects.requireNonNull) Map(java.util.Map) Authorisation(org.dcache.auth.attributes.MultiTargetedRestriction.Authorisation) Splitter(com.google.common.base.Splitter) EnumSet(java.util.EnumSet) OidcSubjectPrincipal(org.dcache.auth.OidcSubjectPrincipal) BearerTokenCredential(org.dcache.auth.BearerTokenCredential) ImmutableSet(com.google.common.collect.ImmutableSet) Properties(java.util.Properties) Logger(org.slf4j.Logger) Preconditions.checkAuthentication(org.dcache.gplazma.util.Preconditions.checkAuthentication) Collection(java.util.Collection) JsonWebToken(org.dcache.gplazma.util.JsonWebToken) Set(java.util.Set) IOException(java.io.IOException) JwtJtiPrincipal(org.dcache.auth.JwtJtiPrincipal) Instant(java.time.Instant) Collectors(java.util.stream.Collectors) AuthenticationException(org.dcache.gplazma.AuthenticationException) List(java.util.List) Principal(java.security.Principal) Args(org.dcache.util.Args) Activity(org.dcache.auth.attributes.Activity) Optional(java.util.Optional) Collections(java.util.Collections) HttpClients(org.apache.http.impl.client.HttpClients) Optional(java.util.Optional) HashMap(java.util.HashMap) MultiTargetedRestriction(org.dcache.auth.attributes.MultiTargetedRestriction) Authorisation(org.dcache.auth.attributes.MultiTargetedRestriction.Authorisation) Activity(org.dcache.auth.attributes.Activity) FsPath(diskCacheV111.util.FsPath)

Aggregations

FsPath (diskCacheV111.util.FsPath)2 Principal (java.security.Principal)2 Collection (java.util.Collection)2 Collections (java.util.Collections)2 EnumSet (java.util.EnumSet)2 HashMap (java.util.HashMap)2 List (java.util.List)2 Map (java.util.Map)2 Objects.requireNonNull (java.util.Objects.requireNonNull)2 Optional (java.util.Optional)2 Set (java.util.Set)2 Collectors (java.util.stream.Collectors)2 ExemptFromNamespaceChecks (org.dcache.auth.ExemptFromNamespaceChecks)2 Activity (org.dcache.auth.attributes.Activity)2 MultiTargetedRestriction (org.dcache.auth.attributes.MultiTargetedRestriction)2 Restriction (org.dcache.auth.attributes.Restriction)2 AuthenticationException (org.dcache.gplazma.AuthenticationException)2 Preconditions.checkAuthentication (org.dcache.gplazma.util.Preconditions.checkAuthentication)2 JsonNode (com.fasterxml.jackson.databind.JsonNode)1 Preconditions.checkArgument (com.google.common.base.Preconditions.checkArgument)1