Search in sources :

Example 1 with Permission

use of org.eclipse.kapua.service.authorization.permission.Permission in project kapua by eclipse.

the class TopicInfoStoreServiceImpl method checkDataAccess.

private void checkDataAccess(KapuaId scopeId, Actions action) throws KapuaException {
    // 
    // Check Access
    // TODO add enum for actions
    Permission permission = permissionFactory.newPermission(DatastoreDomain.DATASTORE, action, scopeId);
    authorizationService.checkPermission(permission);
}
Also used : Permission(org.eclipse.kapua.service.authorization.permission.Permission)

Example 2 with Permission

use of org.eclipse.kapua.service.authorization.permission.Permission in project kapua by eclipse.

the class KapuaAuthorizingRealm method doGetAuthorizationInfo.

@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) throws AuthenticationException {
    // 
    // Extract principal
    String username = (String) principals.getPrimaryPrincipal();
    logger.debug("Getting authorization info for: {}", username);
    // 
    // Get Services
    KapuaLocator locator = KapuaLocator.getInstance();
    UserService userService = locator.getService(UserService.class);
    UserPermissionService userPermissionService = locator.getService(UserPermissionService.class);
    UserPermissionFactory userPermissionFactory = locator.getFactory(UserPermissionFactory.class);
    PermissionFactory permissionFactory = locator.getFactory(PermissionFactory.class);
    // 
    // Get the associated user by name
    final User user;
    try {
        user = KapuaSecurityUtils.doPriviledge(new Callable<User>() {

            @Override
            public User call() throws Exception {
                return userService.findByName(username);
            }
        });
    } catch (Exception e) {
        // to preserve the original exception message (if possible)
        if (e instanceof AuthenticationException) {
            throw (AuthenticationException) e;
        } else {
            throw new ShiroException("Error while find user!", e);
        }
    }
    // Check existence
    if (user == null) {
        throw new UnknownAccountException();
    }
    // 
    // Get user permissions set
    UserPermissionQuery query = userPermissionFactory.newQuery(user.getScopeId());
    KapuaPredicate predicate = new AttributePredicate<KapuaId>(UserPermissionPredicates.USER_ID, user.getId());
    query.setPredicate(predicate);
    final KapuaListResult<UserPermission> userPermissions;
    try {
        userPermissions = KapuaSecurityUtils.doPriviledge(new Callable<KapuaListResult<UserPermission>>() {

            @Override
            public KapuaListResult<UserPermission> call() throws Exception {
                return userPermissionService.query(query);
            }
        });
    } catch (Exception e) {
        // to preserve the original exception message (if possible)
        if (e instanceof AuthenticationException) {
            throw (AuthenticationException) e;
        } else {
            throw new ShiroException("Error while find permissions!", e);
        }
    }
    // 
    // Create SimpleAuthorizationInfo with principals permissions
    SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
    for (UserPermission userPermission : userPermissions.getItems()) {
        Permission p = permissionFactory.newPermission(userPermission.getPermission().getDomain(), userPermission.getPermission().getAction(), userPermission.getPermission().getTargetScopeId());
        logger.trace("Username: {} has permission: {}", username, p);
        info.addStringPermission(p.toString());
    }
    return info;
}
Also used : KapuaLocator(org.eclipse.kapua.locator.KapuaLocator) User(org.eclipse.kapua.service.user.User) SimpleAuthorizationInfo(org.apache.shiro.authz.SimpleAuthorizationInfo) UserService(org.eclipse.kapua.service.user.UserService) AuthenticationException(org.apache.shiro.authc.AuthenticationException) PermissionFactory(org.eclipse.kapua.service.authorization.permission.PermissionFactory) UserPermissionFactory(org.eclipse.kapua.service.authorization.user.permission.UserPermissionFactory) UnknownAccountException(org.apache.shiro.authc.UnknownAccountException) Callable(java.util.concurrent.Callable) ShiroException(org.apache.shiro.ShiroException) AuthenticationException(org.apache.shiro.authc.AuthenticationException) UnknownAccountException(org.apache.shiro.authc.UnknownAccountException) KapuaException(org.eclipse.kapua.KapuaException) AttributePredicate(org.eclipse.kapua.commons.model.query.predicate.AttributePredicate) ShiroException(org.apache.shiro.ShiroException) UserPermissionQuery(org.eclipse.kapua.service.authorization.user.permission.UserPermissionQuery) UserPermission(org.eclipse.kapua.service.authorization.user.permission.UserPermission) Permission(org.eclipse.kapua.service.authorization.permission.Permission) UserPermissionService(org.eclipse.kapua.service.authorization.user.permission.UserPermissionService) UserPermissionFactory(org.eclipse.kapua.service.authorization.user.permission.UserPermissionFactory) KapuaPredicate(org.eclipse.kapua.model.query.predicate.KapuaPredicate) UserPermission(org.eclipse.kapua.service.authorization.user.permission.UserPermission)

Example 3 with Permission

use of org.eclipse.kapua.service.authorization.permission.Permission in project kapua by eclipse.

the class GwtAuthorizationServiceImpl method hasAccess.

/**
 * Returns true if the currently connected user has the specified permission granted.
 */
public Boolean hasAccess(String gwtPermission) throws GwtKapuaException {
    Boolean hasAccess = false;
    try {
        KapuaLocator locator = KapuaLocator.getInstance();
        AuthorizationService authorizationService = locator.getService(AuthorizationService.class);
        // Parse from string
        PermissionFactory permissionFactory = locator.getFactory(PermissionFactory.class);
        Permission permission = permissionFactory.parseString(gwtPermission);
        // Check
        hasAccess = authorizationService.isPermitted(permission);
    } catch (Throwable t) {
        KapuaExceptionHandler.handle(t);
    }
    return hasAccess;
}
Also used : KapuaLocator(org.eclipse.kapua.locator.KapuaLocator) GwtAuthorizationService(org.eclipse.kapua.app.console.shared.service.GwtAuthorizationService) AuthorizationService(org.eclipse.kapua.service.authorization.AuthorizationService) PermissionFactory(org.eclipse.kapua.service.authorization.permission.PermissionFactory) Permission(org.eclipse.kapua.service.authorization.permission.Permission)

Example 4 with Permission

use of org.eclipse.kapua.service.authorization.permission.Permission in project kapua by eclipse.

the class GwtUserServiceImpl method update.

public GwtUser update(GwtXSRFToken xsrfToken, GwtUser gwtUser) throws GwtKapuaException {
    checkXSRFToken(xsrfToken);
    GwtUser gwtUserUpdated = null;
    try {
        KapuaLocator locator = KapuaLocator.getInstance();
        UserService userService = locator.getService(UserService.class);
        KapuaId scopeId = KapuaEid.parseShortId(gwtUser.getScopeId());
        KapuaId userId = KapuaEid.parseShortId(gwtUser.getId());
        User user = userService.find(scopeId, userId);
        if (user != null) {
            // 
            // Update user
            user.setName(gwtUser.getUnescapedUsername());
            user.setDisplayName(gwtUser.getUnescapedDisplayName());
            user.setEmail(gwtUser.getUnescapedEmail());
            user.setPhoneNumber(gwtUser.getUnescapedPhoneNumber());
            // status
            user.setStatus(UserStatus.valueOf(gwtUser.getStatus()));
            // 
            // Update permissions
            Set<String> newPermissions = new HashSet<String>();
            if (gwtUser.getPermissions() != null) {
                // build the set of permissions
                newPermissions.addAll(Arrays.asList(gwtUser.getPermissions().split(",")));
            }
            UserPermissionService userPermissionService = locator.getService(UserPermissionService.class);
            UserPermissionFactory userPermissionFactory = locator.getFactory(UserPermissionFactory.class);
            PermissionFactory permissionFactory = locator.getFactory(PermissionFactory.class);
            Set<UserPermissionCreator> newUserPermissions = new HashSet<UserPermissionCreator>();
            for (String p : newPermissions) {
                UserPermissionCreator userPermissionCreator = userPermissionFactory.newCreator(user.getScopeId());
                userPermissionCreator.setUserId(scopeId);
                String[] tokens = p.split(":");
                String domain = null;
                Actions action = null;
                KapuaId targetScopeId = null;
                if (tokens.length > 0) {
                    domain = tokens[0];
                }
                if (tokens.length > 1) {
                    action = Actions.valueOf(tokens[1]);
                }
                if (tokens.length > 2) {
                    targetScopeId = KapuaEid.parseShortId(tokens[2]);
                }
                Permission permission = permissionFactory.newPermission(domain, action, targetScopeId);
                userPermissionCreator.setPermission(permission);
                userPermissionService.create(userPermissionCreator);
            }
            userPermissionService.merge(newUserPermissions);
            // Update credentials
            if (gwtUser.getPassword() != null) {
                CredentialService credentialService = locator.getService(CredentialService.class);
                CredentialFactory credentialFactory = locator.getFactory(CredentialFactory.class);
                CredentialListResult credentials = credentialService.findByUserId(scopeId, userId);
                if (!credentials.isEmpty()) {
                    // 
                    // Delete old PASSWORD credential
                    Credential oldCredential = null;
                    for (Credential c : credentials.getItems()) {
                        if (CredentialType.PASSWORD.equals(c.getCredentialType())) {
                            oldCredential = c;
                            break;
                        }
                    }
                    credentialService.delete(oldCredential.getScopeId(), oldCredential.getId());
                    // 
                    // Create new PASSWORD credential
                    CredentialCreator credentialCreator = credentialFactory.newCreator(scopeId, user.getId(), CredentialType.PASSWORD, gwtUser.getPassword());
                    credentialService.create(credentialCreator);
                }
            }
            // optlock
            user.setOptlock(gwtUser.getOptlock());
            // update the user
            userService.update(user);
            // 
            // convert to GwtAccount and return
            // reload the user as we want to load all its permissions
            gwtUserUpdated = KapuaGwtConverter.convert(userService.find(user.getScopeId(), user.getId()));
        }
    } catch (Throwable t) {
        KapuaExceptionHandler.handle(t);
    }
    return gwtUserUpdated;
}
Also used : KapuaLocator(org.eclipse.kapua.locator.KapuaLocator) Credential(org.eclipse.kapua.service.authentication.credential.Credential) GwtUser(org.eclipse.kapua.app.console.shared.model.GwtUser) User(org.eclipse.kapua.service.user.User) GwtUserService(org.eclipse.kapua.app.console.shared.service.GwtUserService) UserService(org.eclipse.kapua.service.user.UserService) Actions(org.eclipse.kapua.service.authorization.permission.Actions) PermissionFactory(org.eclipse.kapua.service.authorization.permission.PermissionFactory) UserPermissionFactory(org.eclipse.kapua.service.authorization.user.permission.UserPermissionFactory) CredentialFactory(org.eclipse.kapua.service.authentication.credential.CredentialFactory) CredentialCreator(org.eclipse.kapua.service.authentication.credential.CredentialCreator) CredentialService(org.eclipse.kapua.service.authentication.credential.CredentialService) Permission(org.eclipse.kapua.service.authorization.permission.Permission) GwtUser(org.eclipse.kapua.app.console.shared.model.GwtUser) UserPermissionService(org.eclipse.kapua.service.authorization.user.permission.UserPermissionService) UserPermissionFactory(org.eclipse.kapua.service.authorization.user.permission.UserPermissionFactory) CredentialListResult(org.eclipse.kapua.service.authentication.credential.CredentialListResult) KapuaId(org.eclipse.kapua.model.id.KapuaId) HashSet(java.util.HashSet) UserPermissionCreator(org.eclipse.kapua.service.authorization.user.permission.UserPermissionCreator)

Example 5 with Permission

use of org.eclipse.kapua.service.authorization.permission.Permission in project kapua by eclipse.

the class GwtUserServiceImpl method create.

public GwtUser create(GwtXSRFToken xsrfToken, GwtUserCreator gwtUserCreator) throws GwtKapuaException {
    checkXSRFToken(xsrfToken);
    GwtUser gwtUser = null;
    try {
        KapuaLocator locator = KapuaLocator.getInstance();
        UserFactory userFactory = locator.getFactory(UserFactory.class);
        KapuaId scopeId = KapuaEid.parseShortId(gwtUserCreator.getScopeId());
        UserCreator userCreator = userFactory.newCreator(scopeId, gwtUserCreator.getUsername());
        userCreator.setDisplayName(gwtUserCreator.getDisplayName());
        userCreator.setEmail(gwtUserCreator.getEmail());
        userCreator.setPhoneNumber(gwtUserCreator.getPhoneNumber());
        // 
        // Create the User
        UserService userService = locator.getService(UserService.class);
        User user = userService.create(userCreator);
        // 
        // Create permissions
        Set<String> permissions = new HashSet<String>();
        if (gwtUserCreator.getPermissions() != null) {
            // build the set of permissions
            permissions.addAll(Arrays.asList(gwtUserCreator.getPermissions().split(",")));
        }
        UserPermissionService userPermissionService = locator.getService(UserPermissionService.class);
        UserPermissionFactory userPermissionFactory = locator.getFactory(UserPermissionFactory.class);
        PermissionFactory permissionFactory = locator.getFactory(PermissionFactory.class);
        for (String p : permissions) {
            UserPermissionCreator userPermissionCreator = userPermissionFactory.newCreator(user.getScopeId());
            userPermissionCreator.setUserId(scopeId);
            String[] tokens = p.split(":");
            String domain = null;
            Actions action = null;
            KapuaId targetScopeId = null;
            if (tokens.length > 0) {
                domain = tokens[0];
            }
            if (tokens.length > 1) {
                action = Actions.valueOf(tokens[1]);
            }
            if (tokens.length > 2) {
                targetScopeId = KapuaEid.parseShortId(tokens[2]);
            }
            Permission permission = permissionFactory.newPermission(domain, action, targetScopeId);
            userPermissionCreator.setPermission(permission);
            userPermissionService.create(userPermissionCreator);
        }
        // 
        // Create credentials
        CredentialService credentialService = locator.getService(CredentialService.class);
        CredentialFactory credentialFactory = locator.getFactory(CredentialFactory.class);
        CredentialCreator credentialCreator = credentialFactory.newCreator(scopeId, user.getId(), CredentialType.PASSWORD, gwtUserCreator.getPassword());
        credentialService.create(credentialCreator);
        // convert to GwtAccount and return
        // reload the user as we want to load all its permissions
        gwtUser = KapuaGwtConverter.convert(userService.find(user.getScopeId(), user.getId()));
    } catch (Throwable t) {
        KapuaExceptionHandler.handle(t);
    }
    return gwtUser;
}
Also used : KapuaLocator(org.eclipse.kapua.locator.KapuaLocator) GwtUser(org.eclipse.kapua.app.console.shared.model.GwtUser) User(org.eclipse.kapua.service.user.User) GwtUserService(org.eclipse.kapua.app.console.shared.service.GwtUserService) UserService(org.eclipse.kapua.service.user.UserService) Actions(org.eclipse.kapua.service.authorization.permission.Actions) PermissionFactory(org.eclipse.kapua.service.authorization.permission.PermissionFactory) UserPermissionFactory(org.eclipse.kapua.service.authorization.user.permission.UserPermissionFactory) CredentialFactory(org.eclipse.kapua.service.authentication.credential.CredentialFactory) UserFactory(org.eclipse.kapua.service.user.UserFactory) CredentialCreator(org.eclipse.kapua.service.authentication.credential.CredentialCreator) CredentialService(org.eclipse.kapua.service.authentication.credential.CredentialService) Permission(org.eclipse.kapua.service.authorization.permission.Permission) GwtUser(org.eclipse.kapua.app.console.shared.model.GwtUser) UserPermissionService(org.eclipse.kapua.service.authorization.user.permission.UserPermissionService) UserPermissionFactory(org.eclipse.kapua.service.authorization.user.permission.UserPermissionFactory) KapuaId(org.eclipse.kapua.model.id.KapuaId) UserCreator(org.eclipse.kapua.service.user.UserCreator) GwtUserCreator(org.eclipse.kapua.app.console.shared.model.GwtUserCreator) HashSet(java.util.HashSet) UserPermissionCreator(org.eclipse.kapua.service.authorization.user.permission.UserPermissionCreator)

Aggregations

Permission (org.eclipse.kapua.service.authorization.permission.Permission)7 KapuaLocator (org.eclipse.kapua.locator.KapuaLocator)4 PermissionFactory (org.eclipse.kapua.service.authorization.permission.PermissionFactory)4 UserPermissionFactory (org.eclipse.kapua.service.authorization.user.permission.UserPermissionFactory)3 UserPermissionService (org.eclipse.kapua.service.authorization.user.permission.UserPermissionService)3 User (org.eclipse.kapua.service.user.User)3 UserService (org.eclipse.kapua.service.user.UserService)3 HashSet (java.util.HashSet)2 GwtUser (org.eclipse.kapua.app.console.shared.model.GwtUser)2 GwtUserService (org.eclipse.kapua.app.console.shared.service.GwtUserService)2 KapuaId (org.eclipse.kapua.model.id.KapuaId)2 CredentialCreator (org.eclipse.kapua.service.authentication.credential.CredentialCreator)2 CredentialFactory (org.eclipse.kapua.service.authentication.credential.CredentialFactory)2 CredentialService (org.eclipse.kapua.service.authentication.credential.CredentialService)2 Actions (org.eclipse.kapua.service.authorization.permission.Actions)2 UserPermissionCreator (org.eclipse.kapua.service.authorization.user.permission.UserPermissionCreator)2 Callable (java.util.concurrent.Callable)1 ShiroException (org.apache.shiro.ShiroException)1 AuthenticationException (org.apache.shiro.authc.AuthenticationException)1 UnknownAccountException (org.apache.shiro.authc.UnknownAccountException)1