Examples with PrefixRestriction org.dcache.auth.attributes.PrefixRestriction used on opensource projects

Example 1 with PrefixRestriction

use of org.dcache.auth.attributes.PrefixRestriction in project dcache by dCache.

the class Gplazma2LoginStrategy method setUploadPath.

public void setUploadPath(String s) {
    if (Strings.isNullOrEmpty(s) || !s.startsWith("/")) {
        _createPrefixRestriction = path -> new PrefixRestriction(path);
    } else {
        FsPath uploadPath = FsPath.create(s);
        _createPrefixRestriction = path -> new PrefixRestriction(path, uploadPath);
    }
}

Example 2 with PrefixRestriction

use of org.dcache.auth.attributes.PrefixRestriction in project dcache by dCache.

the class MacaroonRequestHandler method buildContext.

private MacaroonContext buildContext(String target, Request request) throws ErrorResponseException {
    MacaroonContext context = new MacaroonContext();
    FsPath desiredPath = _pathMapper.asDcachePath(request, target);
    FsPath userRoot = FsPath.ROOT;
    FsPath prefixRestrictionPath = null;
    for (LoginAttribute attr : AuthenticationHandler.getLoginAttributes(request)) {
        if (attr instanceof HomeDirectory) {
            context.setHome(FsPath.ROOT.resolve(((HomeDirectory) attr).getHome()));
        } else if (attr instanceof RootDirectory) {
            userRoot = FsPath.ROOT.resolve(((RootDirectory) attr).getRoot());
        } else if (attr instanceof Expiry) {
            context.updateExpiry(((Expiry) attr).getExpiry());
        } else if (attr instanceof DenyActivityRestriction) {
            context.removeActivities(((DenyActivityRestriction) attr).getDenied());
        } else if (attr instanceof PrefixRestriction) {
            ImmutableSet<FsPath> paths = ((PrefixRestriction) attr).getPrefixes();
            if (target.equals("/")) {
                checkArgument(paths.size() == 1, "Cannot serialise with multiple path restrictions");
                prefixRestrictionPath = paths.iterator().next();
            } else {
                prefixRestrictionPath = paths.stream().filter(desiredPath::hasPrefix).findFirst().orElseThrow(() -> new ErrorResponseException(SC_BAD_REQUEST, "Bad request path: Desired path not within existing path"));
            }
        } else if (attr instanceof Restriction) {
            throw new ErrorResponseException(SC_BAD_REQUEST, "Cannot serialise restriction " + attr.getClass().getSimpleName());
        } else if (attr instanceof MaxUploadSize) {
            try {
                context.updateMaxUpload(((MaxUploadSize) attr).getMaximumSize());
            } catch (InvalidCaveatException e) {
                throw new ErrorResponseException(SC_BAD_REQUEST, "Cannot add max-upload: " + e.getMessage());
            }
        }
    }
    Subject subject = getSubject();
    context.setUid(Subjects.getUid(subject));
    context.setGids(Subjects.getGids(subject));
    context.setUsername(Subjects.getUserName(subject));
    FsPath effectiveRoot = _pathMapper.effectiveRoot(userRoot, m -> new ErrorResponseException(SC_BAD_REQUEST, m));
    context.setRoot(effectiveRoot);
    FsPath path = prefixRestrictionPath != null ? prefixRestrictionPath : target.equals("/") ? null : desiredPath;
    if (path != null) {
        context.setPath(path.stripPrefix(effectiveRoot));
    }
    return context;
}

Example 3 with PrefixRestriction

use of org.dcache.auth.attributes.PrefixRestriction in project dcache by dCache.

the class ConfigurationParser method parseAttributes.

private List<LoginAttribute> parseAttributes(String description) throws BadLineException {
    List<LoginAttribute> attributes = new ArrayList<>();
    boolean isReadOnly = false;
    Set<Class<? extends LoginAttribute>> addedAttributes = new HashSet<>();
    for (String attr : Splitter.on(' ').omitEmptyStrings().split(description)) {
        try {
            if (attr.equals("read-only")) {
                checkBadLine(!isReadOnly, "already defined 'read-only'");
                isReadOnly = true;
                attributes.add(Restrictions.readOnly());
                continue;
            }
            int idx = attr.indexOf(':');
            checkBadLine(idx > -1, "Missing ':'");
            checkBadLine(idx != 0, "Missing type");
            checkBadLine(idx < attr.length() - 1, "Missing argument");
            String type = attr.substring(0, idx);
            String arg = attr.substring(idx + 1);
            if (PATH_ATTRIBUTES.contains(type)) {
                checkBadLine(arg.startsWith("/"), "Argument must be an absolute" + " path");
            }
            LoginAttribute attribute;
            switch(type) {
                case "root":
                    attribute = new RootDirectory(arg);
                    break;
                case "home":
                    attribute = new HomeDirectory(arg);
                    break;
                case "prefix":
                    attribute = new PrefixRestriction(FsPath.create(arg));
                    break;
                case "max-upload":
                    try {
                        attribute = new MaxUploadSize(SIZE_PARSER.parse(arg));
                    } catch (NumberFormatException e) {
                        throw new BadLineException("Bad file size: " + e.getMessage());
                    }
                    break;
                default:
                    throw new BadLineException("Unknown type \"" + type + "\"");
            }
            if (!addedAttributes.add(attribute.getClass())) {
                throw new BadLineException("Multiple " + type + " defined.");
            }
            attributes.add(attribute);
        } catch (BadLineException e) {
            throw new BadLineException("Bad attribute \"" + attr + "\": " + e.getMessage());
        }
    }
    return attributes;
}