use of org.eclipse.hono.auth.Authorities in project hono by eclipse.
the class FileBasedAuthenticationService method parseRoles.
private void parseRoles(final JsonObject rolesObject) {
rolesObject.stream().filter(entry -> entry.getValue() instanceof JsonArray).forEach(entry -> {
final String roleName = entry.getKey();
final JsonArray authSpecs = (JsonArray) entry.getValue();
log.debug("adding role [{}] with {} authorities", roleName, authSpecs.size());
roles.put(roleName, toAuthorities(authSpecs));
});
}
use of org.eclipse.hono.auth.Authorities in project hono by eclipse.
the class FileBasedAuthenticationService method parseRoles.
private void parseRoles(final JsonObject rolesObject) {
rolesObject.stream().filter(entry -> entry.getValue() instanceof JsonArray).forEach(entry -> {
final String roleName = entry.getKey();
final JsonArray authSpecs = (JsonArray) entry.getValue();
log.debug("adding role [{}] with {} authorities", roleName, authSpecs.size());
roles.put(roleName, toAuthorities(authSpecs));
});
}
use of org.eclipse.hono.auth.Authorities in project hono by eclipse.
the class FileBasedAuthenticationService method getAuthorities.
private Authorities getAuthorities(final JsonObject user) {
AuthoritiesImpl result = new AuthoritiesImpl();
user.getJsonArray(FIELD_AUTHORITIES).forEach(obj -> {
final String authority = (String) obj;
Authorities roleAuthorities = roles.get(authority);
if (roleAuthorities != null) {
result.addAll(roleAuthorities);
}
});
return result;
}
use of org.eclipse.hono.auth.Authorities in project hono by eclipse.
the class FileBasedAuthenticationService method toAuthorities.
private Authorities toAuthorities(final JsonArray authorities) {
AuthoritiesImpl result = new AuthoritiesImpl();
Objects.requireNonNull(authorities).stream().filter(obj -> obj instanceof JsonObject).forEach(obj -> {
final JsonObject authSpec = (JsonObject) obj;
final JsonArray activities = authSpec.getJsonArray(FIELD_ACTIVITIES, new JsonArray());
final String resource = authSpec.getString(FIELD_RESOURCE);
final String operation = authSpec.getString(FIELD_OPERATION);
if (resource != null) {
List<Activity> activityList = new ArrayList<>();
activities.forEach(s -> {
Activity act = Activity.valueOf((String) s);
if (act != null) {
activityList.add(act);
}
});
result.addResource(resource, activityList.toArray(new Activity[activityList.size()]));
} else if (operation != null) {
String[] parts = operation.split(":", 2);
if (parts.length == 2) {
result.addOperation(parts[0], parts[1]);
} else {
log.debug("ignoring malformed operation spec [{}], operation name missing", operation);
}
} else {
throw new IllegalArgumentException("malformed authorities");
}
});
return result;
}
use of org.eclipse.hono.auth.Authorities in project hono by eclipse.
the class FileBasedAuthenticationService method verify.
private void verify(final String authenticationId, final JsonObject user, final String authorizationId, final Handler<AsyncResult<HonoUser>> authenticationResultHandler) {
JsonObject effectiveUser = user;
String effectiveAuthorizationId = authenticationId;
if (authorizationId != null && !authorizationId.isEmpty() && isAuthorizedToImpersonate(user)) {
JsonObject impersonatedUser = users.get(authorizationId);
if (impersonatedUser != null) {
effectiveUser = impersonatedUser;
effectiveAuthorizationId = authorizationId;
log.debug("granting authorization id specified by client");
} else {
log.debug("no user found for authorization id provided by client, granting authentication id instead");
}
}
final Authorities grantedAuthorities = getAuthorities(effectiveUser);
final String grantedAuthorizationId = effectiveAuthorizationId;
final Instant tokenExpirationTime = Instant.now().plus(tokenFactory.getTokenLifetime());
final String token = tokenFactory.createToken(grantedAuthorizationId, grantedAuthorities);
HonoUser honoUser = new HonoUser() {
@Override
public String getName() {
return grantedAuthorizationId;
}
@Override
public String getToken() {
return token;
}
@Override
public Authorities getAuthorities() {
return grantedAuthorities;
}
@Override
public boolean isExpired() {
return !Instant.now().isBefore(tokenExpirationTime);
}
@Override
public Instant getExpirationTime() {
return tokenExpirationTime;
}
};
authenticationResultHandler.handle(Future.succeededFuture(honoUser));
}
Aggregations