Example 1 with Permission
use of org.eclipse.kapua.service.authorization.permission.Permission in project kapua by eclipse.
the class TopicInfoStoreServiceImpl method checkDataAccess.
private void checkDataAccess(KapuaId scopeId, Actions action) throws KapuaException {
//
// Check Access
// TODO add enum for actions
Permission permission = permissionFactory.newPermission(DatastoreDomain.DATASTORE, action, scopeId);
authorizationService.checkPermission(permission);
}
Also used :
Permission(org.eclipse.kapua.service.authorization.permission.Permission)
Example 2 with Permission
use of org.eclipse.kapua.service.authorization.permission.Permission in project kapua by eclipse.
the class KapuaAuthorizingRealm method doGetAuthorizationInfo.
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) throws AuthenticationException {
//
// Extract principal
String username = (String) principals.getPrimaryPrincipal();
logger.debug("Getting authorization info for: {}", username);
//
// Get Services
KapuaLocator locator = KapuaLocator.getInstance();
UserService userService = locator.getService(UserService.class);
UserPermissionService userPermissionService = locator.getService(UserPermissionService.class);
UserPermissionFactory userPermissionFactory = locator.getFactory(UserPermissionFactory.class);
PermissionFactory permissionFactory = locator.getFactory(PermissionFactory.class);
//
// Get the associated user by name
final User user;
try {
user = KapuaSecurityUtils.doPriviledge(new Callable<User>() {
@Override
public User call() throws Exception {
return userService.findByName(username);
}
});
} catch (Exception e) {
// to preserve the original exception message (if possible)
if (e instanceof AuthenticationException) {
throw (AuthenticationException) e;
} else {
throw new ShiroException("Error while find user!", e);
}
}
// Check existence
if (user == null) {
throw new UnknownAccountException();
}
//
// Get user permissions set
UserPermissionQuery query = userPermissionFactory.newQuery(user.getScopeId());
KapuaPredicate predicate = new AttributePredicate<KapuaId>(UserPermissionPredicates.USER_ID, user.getId());
query.setPredicate(predicate);
final KapuaListResult<UserPermission> userPermissions;
try {
userPermissions = KapuaSecurityUtils.doPriviledge(new Callable<KapuaListResult<UserPermission>>() {
@Override
public KapuaListResult<UserPermission> call() throws Exception {
return userPermissionService.query(query);
}
});
} catch (Exception e) {
// to preserve the original exception message (if possible)
if (e instanceof AuthenticationException) {
throw (AuthenticationException) e;
} else {
throw new ShiroException("Error while find permissions!", e);
}
}
//
// Create SimpleAuthorizationInfo with principals permissions
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
for (UserPermission userPermission : userPermissions.getItems()) {
Permission p = permissionFactory.newPermission(userPermission.getPermission().getDomain(), userPermission.getPermission().getAction(), userPermission.getPermission().getTargetScopeId());
logger.trace("Username: {} has permission: {}", username, p);
info.addStringPermission(p.toString());
}
return info;
}
Also used :
KapuaLocator(org.eclipse.kapua.locator.KapuaLocator)
User(org.eclipse.kapua.service.user.User)
SimpleAuthorizationInfo(org.apache.shiro.authz.SimpleAuthorizationInfo)
UserService(org.eclipse.kapua.service.user.UserService)
AuthenticationException(org.apache.shiro.authc.AuthenticationException)
PermissionFactory(org.eclipse.kapua.service.authorization.permission.PermissionFactory)
UserPermissionFactory(org.eclipse.kapua.service.authorization.user.permission.UserPermissionFactory)
UnknownAccountException(org.apache.shiro.authc.UnknownAccountException)
Callable(java.util.concurrent.Callable)
ShiroException(org.apache.shiro.ShiroException)
AuthenticationException(org.apache.shiro.authc.AuthenticationException)
UnknownAccountException(org.apache.shiro.authc.UnknownAccountException)
KapuaException(org.eclipse.kapua.KapuaException)
AttributePredicate(org.eclipse.kapua.commons.model.query.predicate.AttributePredicate)
ShiroException(org.apache.shiro.ShiroException)
UserPermissionQuery(org.eclipse.kapua.service.authorization.user.permission.UserPermissionQuery)
UserPermission(org.eclipse.kapua.service.authorization.user.permission.UserPermission)
Permission(org.eclipse.kapua.service.authorization.permission.Permission)
UserPermissionService(org.eclipse.kapua.service.authorization.user.permission.UserPermissionService)
UserPermissionFactory(org.eclipse.kapua.service.authorization.user.permission.UserPermissionFactory)
KapuaPredicate(org.eclipse.kapua.model.query.predicate.KapuaPredicate)
UserPermission(org.eclipse.kapua.service.authorization.user.permission.UserPermission)
Example 3 with Permission
use of org.eclipse.kapua.service.authorization.permission.Permission in project kapua by eclipse.
the class GwtAuthorizationServiceImpl method hasAccess.
/**
* Returns true if the currently connected user has the specified permission granted.
*/
public Boolean hasAccess(String gwtPermission) throws GwtKapuaException {
Boolean hasAccess = false;
try {
KapuaLocator locator = KapuaLocator.getInstance();
AuthorizationService authorizationService = locator.getService(AuthorizationService.class);
// Parse from string
PermissionFactory permissionFactory = locator.getFactory(PermissionFactory.class);
Permission permission = permissionFactory.parseString(gwtPermission);
// Check
hasAccess = authorizationService.isPermitted(permission);
} catch (Throwable t) {
KapuaExceptionHandler.handle(t);
}
return hasAccess;
}
Also used :
KapuaLocator(org.eclipse.kapua.locator.KapuaLocator)
GwtAuthorizationService(org.eclipse.kapua.app.console.shared.service.GwtAuthorizationService)
AuthorizationService(org.eclipse.kapua.service.authorization.AuthorizationService)
PermissionFactory(org.eclipse.kapua.service.authorization.permission.PermissionFactory)
Permission(org.eclipse.kapua.service.authorization.permission.Permission)
Example 4 with Permission
use of org.eclipse.kapua.service.authorization.permission.Permission in project kapua by eclipse.
the class GwtUserServiceImpl method update.
public GwtUser update(GwtXSRFToken xsrfToken, GwtUser gwtUser) throws GwtKapuaException {
checkXSRFToken(xsrfToken);
GwtUser gwtUserUpdated = null;
try {
KapuaLocator locator = KapuaLocator.getInstance();
UserService userService = locator.getService(UserService.class);
KapuaId scopeId = KapuaEid.parseShortId(gwtUser.getScopeId());
KapuaId userId = KapuaEid.parseShortId(gwtUser.getId());
User user = userService.find(scopeId, userId);
if (user != null) {
//
// Update user
user.setName(gwtUser.getUnescapedUsername());
user.setDisplayName(gwtUser.getUnescapedDisplayName());
user.setEmail(gwtUser.getUnescapedEmail());
user.setPhoneNumber(gwtUser.getUnescapedPhoneNumber());
// status
user.setStatus(UserStatus.valueOf(gwtUser.getStatus()));
//
// Update permissions
Set<String> newPermissions = new HashSet<String>();
if (gwtUser.getPermissions() != null) {
// build the set of permissions
newPermissions.addAll(Arrays.asList(gwtUser.getPermissions().split(",")));
}
UserPermissionService userPermissionService = locator.getService(UserPermissionService.class);
UserPermissionFactory userPermissionFactory = locator.getFactory(UserPermissionFactory.class);
PermissionFactory permissionFactory = locator.getFactory(PermissionFactory.class);
Set<UserPermissionCreator> newUserPermissions = new HashSet<UserPermissionCreator>();
for (String p : newPermissions) {
UserPermissionCreator userPermissionCreator = userPermissionFactory.newCreator(user.getScopeId());
userPermissionCreator.setUserId(scopeId);
String[] tokens = p.split(":");
String domain = null;
Actions action = null;
KapuaId targetScopeId = null;
if (tokens.length > 0) {
domain = tokens[0];
}
if (tokens.length > 1) {
action = Actions.valueOf(tokens[1]);
}
if (tokens.length > 2) {
targetScopeId = KapuaEid.parseShortId(tokens[2]);
}
Permission permission = permissionFactory.newPermission(domain, action, targetScopeId);
userPermissionCreator.setPermission(permission);
userPermissionService.create(userPermissionCreator);
}
userPermissionService.merge(newUserPermissions);
// Update credentials
if (gwtUser.getPassword() != null) {
CredentialService credentialService = locator.getService(CredentialService.class);
CredentialFactory credentialFactory = locator.getFactory(CredentialFactory.class);
CredentialListResult credentials = credentialService.findByUserId(scopeId, userId);
if (!credentials.isEmpty()) {
//
// Delete old PASSWORD credential
Credential oldCredential = null;
for (Credential c : credentials.getItems()) {
if (CredentialType.PASSWORD.equals(c.getCredentialType())) {
oldCredential = c;
break;
}
}
credentialService.delete(oldCredential.getScopeId(), oldCredential.getId());
//
// Create new PASSWORD credential
CredentialCreator credentialCreator = credentialFactory.newCreator(scopeId, user.getId(), CredentialType.PASSWORD, gwtUser.getPassword());
credentialService.create(credentialCreator);
}
}
// optlock
user.setOptlock(gwtUser.getOptlock());
// update the user
userService.update(user);
//
// convert to GwtAccount and return
// reload the user as we want to load all its permissions
gwtUserUpdated = KapuaGwtConverter.convert(userService.find(user.getScopeId(), user.getId()));
}
} catch (Throwable t) {
KapuaExceptionHandler.handle(t);
}
return gwtUserUpdated;
}
Also used :
KapuaLocator(org.eclipse.kapua.locator.KapuaLocator)
Credential(org.eclipse.kapua.service.authentication.credential.Credential)
GwtUser(org.eclipse.kapua.app.console.shared.model.GwtUser)
User(org.eclipse.kapua.service.user.User)
GwtUserService(org.eclipse.kapua.app.console.shared.service.GwtUserService)
UserService(org.eclipse.kapua.service.user.UserService)
Actions(org.eclipse.kapua.service.authorization.permission.Actions)
PermissionFactory(org.eclipse.kapua.service.authorization.permission.PermissionFactory)
UserPermissionFactory(org.eclipse.kapua.service.authorization.user.permission.UserPermissionFactory)
CredentialFactory(org.eclipse.kapua.service.authentication.credential.CredentialFactory)
CredentialCreator(org.eclipse.kapua.service.authentication.credential.CredentialCreator)
CredentialService(org.eclipse.kapua.service.authentication.credential.CredentialService)
Permission(org.eclipse.kapua.service.authorization.permission.Permission)
GwtUser(org.eclipse.kapua.app.console.shared.model.GwtUser)
UserPermissionService(org.eclipse.kapua.service.authorization.user.permission.UserPermissionService)
UserPermissionFactory(org.eclipse.kapua.service.authorization.user.permission.UserPermissionFactory)
CredentialListResult(org.eclipse.kapua.service.authentication.credential.CredentialListResult)
KapuaId(org.eclipse.kapua.model.id.KapuaId)
HashSet(java.util.HashSet)
UserPermissionCreator(org.eclipse.kapua.service.authorization.user.permission.UserPermissionCreator)
Example 5 with Permission
use of org.eclipse.kapua.service.authorization.permission.Permission in project kapua by eclipse.
the class GwtUserServiceImpl method create.
public GwtUser create(GwtXSRFToken xsrfToken, GwtUserCreator gwtUserCreator) throws GwtKapuaException {
checkXSRFToken(xsrfToken);
GwtUser gwtUser = null;
try {
KapuaLocator locator = KapuaLocator.getInstance();
UserFactory userFactory = locator.getFactory(UserFactory.class);
KapuaId scopeId = KapuaEid.parseShortId(gwtUserCreator.getScopeId());
UserCreator userCreator = userFactory.newCreator(scopeId, gwtUserCreator.getUsername());
userCreator.setDisplayName(gwtUserCreator.getDisplayName());
userCreator.setEmail(gwtUserCreator.getEmail());
userCreator.setPhoneNumber(gwtUserCreator.getPhoneNumber());
//
// Create the User
UserService userService = locator.getService(UserService.class);
User user = userService.create(userCreator);
//
// Create permissions
Set<String> permissions = new HashSet<String>();
if (gwtUserCreator.getPermissions() != null) {
// build the set of permissions
permissions.addAll(Arrays.asList(gwtUserCreator.getPermissions().split(",")));
}
UserPermissionService userPermissionService = locator.getService(UserPermissionService.class);
UserPermissionFactory userPermissionFactory = locator.getFactory(UserPermissionFactory.class);
PermissionFactory permissionFactory = locator.getFactory(PermissionFactory.class);
for (String p : permissions) {
UserPermissionCreator userPermissionCreator = userPermissionFactory.newCreator(user.getScopeId());
userPermissionCreator.setUserId(scopeId);
String[] tokens = p.split(":");
String domain = null;
Actions action = null;
KapuaId targetScopeId = null;
if (tokens.length > 0) {
domain = tokens[0];
}
if (tokens.length > 1) {
action = Actions.valueOf(tokens[1]);
}
if (tokens.length > 2) {
targetScopeId = KapuaEid.parseShortId(tokens[2]);
}
Permission permission = permissionFactory.newPermission(domain, action, targetScopeId);
userPermissionCreator.setPermission(permission);
userPermissionService.create(userPermissionCreator);
}
//
// Create credentials
CredentialService credentialService = locator.getService(CredentialService.class);
CredentialFactory credentialFactory = locator.getFactory(CredentialFactory.class);
CredentialCreator credentialCreator = credentialFactory.newCreator(scopeId, user.getId(), CredentialType.PASSWORD, gwtUserCreator.getPassword());
credentialService.create(credentialCreator);
// convert to GwtAccount and return
// reload the user as we want to load all its permissions
gwtUser = KapuaGwtConverter.convert(userService.find(user.getScopeId(), user.getId()));
} catch (Throwable t) {
KapuaExceptionHandler.handle(t);
}
return gwtUser;
}
Also used :
KapuaLocator(org.eclipse.kapua.locator.KapuaLocator)
GwtUser(org.eclipse.kapua.app.console.shared.model.GwtUser)
User(org.eclipse.kapua.service.user.User)
GwtUserService(org.eclipse.kapua.app.console.shared.service.GwtUserService)
UserService(org.eclipse.kapua.service.user.UserService)
Actions(org.eclipse.kapua.service.authorization.permission.Actions)
PermissionFactory(org.eclipse.kapua.service.authorization.permission.PermissionFactory)
UserPermissionFactory(org.eclipse.kapua.service.authorization.user.permission.UserPermissionFactory)
CredentialFactory(org.eclipse.kapua.service.authentication.credential.CredentialFactory)
UserFactory(org.eclipse.kapua.service.user.UserFactory)
CredentialCreator(org.eclipse.kapua.service.authentication.credential.CredentialCreator)
CredentialService(org.eclipse.kapua.service.authentication.credential.CredentialService)
Permission(org.eclipse.kapua.service.authorization.permission.Permission)
GwtUser(org.eclipse.kapua.app.console.shared.model.GwtUser)
UserPermissionService(org.eclipse.kapua.service.authorization.user.permission.UserPermissionService)
UserPermissionFactory(org.eclipse.kapua.service.authorization.user.permission.UserPermissionFactory)
KapuaId(org.eclipse.kapua.model.id.KapuaId)
UserCreator(org.eclipse.kapua.service.user.UserCreator)
GwtUserCreator(org.eclipse.kapua.app.console.shared.model.GwtUserCreator)
HashSet(java.util.HashSet)
UserPermissionCreator(org.eclipse.kapua.service.authorization.user.permission.UserPermissionCreator)
Aggregations
Permission (org.eclipse.kapua.service.authorization.permission.Permission)7
KapuaLocator (org.eclipse.kapua.locator.KapuaLocator)4
PermissionFactory (org.eclipse.kapua.service.authorization.permission.PermissionFactory)4
UserPermissionFactory (org.eclipse.kapua.service.authorization.user.permission.UserPermissionFactory)3
UserPermissionService (org.eclipse.kapua.service.authorization.user.permission.UserPermissionService)3
User (org.eclipse.kapua.service.user.User)3
UserService (org.eclipse.kapua.service.user.UserService)3
HashSet (java.util.HashSet)2
GwtUser (org.eclipse.kapua.app.console.shared.model.GwtUser)2
GwtUserService (org.eclipse.kapua.app.console.shared.service.GwtUserService)2
KapuaId (org.eclipse.kapua.model.id.KapuaId)2
CredentialCreator (org.eclipse.kapua.service.authentication.credential.CredentialCreator)2
CredentialFactory (org.eclipse.kapua.service.authentication.credential.CredentialFactory)2
CredentialService (org.eclipse.kapua.service.authentication.credential.CredentialService)2
Actions (org.eclipse.kapua.service.authorization.permission.Actions)2
UserPermissionCreator (org.eclipse.kapua.service.authorization.user.permission.UserPermissionCreator)2
Callable (java.util.concurrent.Callable)1
ShiroException (org.apache.shiro.ShiroException)1
AuthenticationException (org.apache.shiro.authc.AuthenticationException)1
UnknownAccountException (org.apache.shiro.authc.UnknownAccountException)1
