Search in sources :

Example 1 with UserService

use of org.eclipse.kapua.service.user.UserService in project kapua by eclipse.

the class KapuaAuthenticatingRealm method doGetAuthenticationInfo.

@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
    // 
    // Extract credentials
    UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
    String tokenUsername = token.getUsername();
    // char[] tokenPassword = token.getPassword();
    // 
    // Get Services
    KapuaLocator locator;
    UserService userService;
    AccountService accountService;
    CredentialService credentialService;
    try {
        locator = KapuaLocator.getInstance();
        userService = locator.getService(UserService.class);
        accountService = locator.getService(AccountService.class);
        credentialService = locator.getService(CredentialService.class);
    } catch (KapuaRuntimeException kre) {
        throw new ShiroException("Error while getting services!", kre);
    }
    // 
    // Get the associated user by name
    final User user;
    try {
        user = KapuaSecurityUtils.doPriviledge(new Callable<User>() {

            @Override
            public User call() throws Exception {
                return userService.findByName(tokenUsername);
            }
        });
    } catch (Exception e) {
        // to preserve the original exception message (if possible)
        if (e instanceof AuthenticationException) {
            throw (AuthenticationException) e;
        } else {
            throw new ShiroException("Error while find user!", e);
        }
    }
    // Check existence
    if (user == null) {
        throw new UnknownAccountException();
    }
    // Check disabled
    if (UserStatus.DISABLED.equals(user.getStatus())) {
        throw new DisabledAccountException();
    }
    // 
    // Find account
    final Account account;
    try {
        account = KapuaSecurityUtils.doPriviledge(new Callable<Account>() {

            @Override
            public Account call() throws Exception {
                return accountService.find(user.getScopeId());
            }
        });
    } catch (Exception e) {
        // to preserve the original exception message (if possible)
        if (e instanceof AuthenticationException) {
            throw (AuthenticationException) e;
        } else {
            throw new ShiroException("Error while find account!", e);
        }
    }
    // Check existence
    if (account == null) {
        throw new UnknownAccountException();
    }
    // 
    // Find credentials
    // FIXME: manage multiple credentials and multiple credentials type
    Credential credential = null;
    try {
        credential = KapuaSecurityUtils.doPriviledge(new Callable<Credential>() {

            @Override
            public Credential call() throws Exception {
                CredentialListResult credentialList = credentialService.findByUserId(user.getScopeId(), user.getId());
                // TODO may be better to filter by credential type?
                if (credentialList != null && !credentialList.isEmpty()) {
                    return credentialList.getItem(0);
                } else {
                    throw new UnknownAccountException();
                }
            }
        });
    } catch (Exception e) {
        if (e instanceof AuthenticationException) {
            throw (AuthenticationException) e;
        } else {
            throw new ShiroException("Error while find credentials!", e);
        }
    }
    // 
    // BuildAuthenticationInfo8
    KapuaSimpleAuthenticationInfo info = new KapuaSimpleAuthenticationInfo(user, credential, account, getName());
    return info;
}
Also used : DisabledAccountException(org.apache.shiro.authc.DisabledAccountException) KapuaLocator(org.eclipse.kapua.locator.KapuaLocator) Account(org.eclipse.kapua.service.account.Account) Credential(org.eclipse.kapua.service.authentication.credential.Credential) User(org.eclipse.kapua.service.user.User) UserService(org.eclipse.kapua.service.user.UserService) AuthenticationException(org.apache.shiro.authc.AuthenticationException) KapuaRuntimeException(org.eclipse.kapua.KapuaRuntimeException) UnknownAccountException(org.apache.shiro.authc.UnknownAccountException) Callable(java.util.concurrent.Callable) ShiroException(org.apache.shiro.ShiroException) DisabledAccountException(org.apache.shiro.authc.DisabledAccountException) KapuaRuntimeException(org.eclipse.kapua.KapuaRuntimeException) AuthenticationException(org.apache.shiro.authc.AuthenticationException) UnknownAccountException(org.apache.shiro.authc.UnknownAccountException) KapuaException(org.eclipse.kapua.KapuaException) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken) ShiroException(org.apache.shiro.ShiroException) KapuaSimpleAuthenticationInfo(org.eclipse.kapua.service.authentication.shiro.credential.KapuaSimpleAuthenticationInfo) CredentialService(org.eclipse.kapua.service.authentication.credential.CredentialService) CredentialListResult(org.eclipse.kapua.service.authentication.credential.CredentialListResult) AccountService(org.eclipse.kapua.service.account.AccountService)

Example 2 with UserService

use of org.eclipse.kapua.service.user.UserService in project kapua by eclipse.

the class KapuaAuthorizingRealm method doGetAuthorizationInfo.

@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) throws AuthenticationException {
    // 
    // Extract principal
    String username = (String) principals.getPrimaryPrincipal();
    logger.debug("Getting authorization info for: {}", username);
    // 
    // Get Services
    KapuaLocator locator = KapuaLocator.getInstance();
    UserService userService = locator.getService(UserService.class);
    UserPermissionService userPermissionService = locator.getService(UserPermissionService.class);
    UserPermissionFactory userPermissionFactory = locator.getFactory(UserPermissionFactory.class);
    PermissionFactory permissionFactory = locator.getFactory(PermissionFactory.class);
    // 
    // Get the associated user by name
    final User user;
    try {
        user = KapuaSecurityUtils.doPriviledge(new Callable<User>() {

            @Override
            public User call() throws Exception {
                return userService.findByName(username);
            }
        });
    } catch (Exception e) {
        // to preserve the original exception message (if possible)
        if (e instanceof AuthenticationException) {
            throw (AuthenticationException) e;
        } else {
            throw new ShiroException("Error while find user!", e);
        }
    }
    // Check existence
    if (user == null) {
        throw new UnknownAccountException();
    }
    // 
    // Get user permissions set
    UserPermissionQuery query = userPermissionFactory.newQuery(user.getScopeId());
    KapuaPredicate predicate = new AttributePredicate<KapuaId>(UserPermissionPredicates.USER_ID, user.getId());
    query.setPredicate(predicate);
    final KapuaListResult<UserPermission> userPermissions;
    try {
        userPermissions = KapuaSecurityUtils.doPriviledge(new Callable<KapuaListResult<UserPermission>>() {

            @Override
            public KapuaListResult<UserPermission> call() throws Exception {
                return userPermissionService.query(query);
            }
        });
    } catch (Exception e) {
        // to preserve the original exception message (if possible)
        if (e instanceof AuthenticationException) {
            throw (AuthenticationException) e;
        } else {
            throw new ShiroException("Error while find permissions!", e);
        }
    }
    // 
    // Create SimpleAuthorizationInfo with principals permissions
    SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
    for (UserPermission userPermission : userPermissions.getItems()) {
        Permission p = permissionFactory.newPermission(userPermission.getPermission().getDomain(), userPermission.getPermission().getAction(), userPermission.getPermission().getTargetScopeId());
        logger.trace("Username: {} has permission: {}", username, p);
        info.addStringPermission(p.toString());
    }
    return info;
}
Also used : KapuaLocator(org.eclipse.kapua.locator.KapuaLocator) User(org.eclipse.kapua.service.user.User) SimpleAuthorizationInfo(org.apache.shiro.authz.SimpleAuthorizationInfo) UserService(org.eclipse.kapua.service.user.UserService) AuthenticationException(org.apache.shiro.authc.AuthenticationException) PermissionFactory(org.eclipse.kapua.service.authorization.permission.PermissionFactory) UserPermissionFactory(org.eclipse.kapua.service.authorization.user.permission.UserPermissionFactory) UnknownAccountException(org.apache.shiro.authc.UnknownAccountException) Callable(java.util.concurrent.Callable) ShiroException(org.apache.shiro.ShiroException) AuthenticationException(org.apache.shiro.authc.AuthenticationException) UnknownAccountException(org.apache.shiro.authc.UnknownAccountException) KapuaException(org.eclipse.kapua.KapuaException) AttributePredicate(org.eclipse.kapua.commons.model.query.predicate.AttributePredicate) ShiroException(org.apache.shiro.ShiroException) UserPermissionQuery(org.eclipse.kapua.service.authorization.user.permission.UserPermissionQuery) UserPermission(org.eclipse.kapua.service.authorization.user.permission.UserPermission) Permission(org.eclipse.kapua.service.authorization.permission.Permission) UserPermissionService(org.eclipse.kapua.service.authorization.user.permission.UserPermissionService) UserPermissionFactory(org.eclipse.kapua.service.authorization.user.permission.UserPermissionFactory) KapuaPredicate(org.eclipse.kapua.model.query.predicate.KapuaPredicate) UserPermission(org.eclipse.kapua.service.authorization.user.permission.UserPermission)

Example 3 with UserService

use of org.eclipse.kapua.service.user.UserService in project kapua by eclipse.

the class UserServiceTest method testCreate.

/**
 * We should ignore this test until we have build fixed.
 */
@Test
public void testCreate() throws Exception {
    // prepare the UserCreator
    long now = (new Date()).getTime();
    String username = MessageFormat.format("aaa_test_username_{0,number,#}", now);
    String userEmail = MessageFormat.format("testuser_{0,number,#}@organization.com", now);
    String displayName = MessageFormat.format("User Display Name {0}", now);
    // KapuaPeid accountPeid = KapuaEidGenerator.generate();//
    KapuaLocator locator = KapuaLocator.getInstance();
    IdGeneratorService idGeneratorService = locator.getService(IdGeneratorService.class);
    KapuaId scopeId = idGeneratorService.generate();
    KapuaLocator serviceLocator = KapuaLocator.getInstance();
    UserFactory kapuaEntityCreatorFactory = serviceLocator.getFactory(UserFactory.class);
    UserCreator userCreator = kapuaEntityCreatorFactory.newCreator(scopeId, username);
    userCreator.setDisplayName(displayName);
    userCreator.setEmail(userEmail);
    userCreator.setPhoneNumber("+1 555 123 4567");
    // create the User
    UserService userService = serviceLocator.getService(UserService.class);
    User user = userService.create(userCreator);
    user = userService.find(user.getScopeId(), user.getId());
    // 
    // User asserts
    assertNotNull(user.getId());
    assertNotNull(user.getId().getId());
    assertTrue(user.getOptlock() >= 0);
    assertEquals(scopeId, user.getScopeId());
    assertEquals(userCreator.getName(), user.getName());
    assertNotNull(user.getCreatedOn());
    assertNotNull(user.getCreatedBy());
    assertNotNull(user.getModifiedOn());
    assertNotNull(user.getModifiedBy());
    assertEquals(userCreator.getDisplayName(), user.getDisplayName());
    assertEquals(userCreator.getEmail(), user.getEmail());
    assertEquals(userCreator.getPhoneNumber(), user.getPhoneNumber());
    assertEquals(UserStatus.ENABLED, user.getStatus());
}
Also used : KapuaLocator(org.eclipse.kapua.locator.KapuaLocator) User(org.eclipse.kapua.service.user.User) UserService(org.eclipse.kapua.service.user.UserService) UserFactory(org.eclipse.kapua.service.user.UserFactory) KapuaId(org.eclipse.kapua.model.id.KapuaId) UserCreator(org.eclipse.kapua.service.user.UserCreator) IdGeneratorService(org.eclipse.kapua.service.generator.id.IdGeneratorService) Date(java.util.Date) Test(org.junit.Test)

Example 4 with UserService

use of org.eclipse.kapua.service.user.UserService in project kapua by eclipse.

the class AuthenticationServiceMock method login.

@Override
public AccessToken login(AuthenticationCredentials authenticationToken) throws KapuaException {
    if (!(authenticationToken instanceof UsernamePasswordTokenMock))
        throw KapuaException.internalError("Unmanaged credentials type");
    UsernamePasswordTokenMock usrPwdTokenMock = (UsernamePasswordTokenMock) authenticationToken;
    KapuaLocator serviceLocator = KapuaLocator.getInstance();
    UserService userService = serviceLocator.getService(UserService.class);
    User user = userService.findByName(usrPwdTokenMock.getUsername());
    KapuaSession kapuaSession = new KapuaSession(null, null, user.getScopeId(), user.getId(), user.getName());
    KapuaSecurityUtils.setSession(kapuaSession);
    // TODO Auto-generated method stub
    return null;
}
Also used : KapuaLocator(org.eclipse.kapua.locator.KapuaLocator) User(org.eclipse.kapua.service.user.User) UserService(org.eclipse.kapua.service.user.UserService) KapuaSession(org.eclipse.kapua.commons.security.KapuaSession)

Example 5 with UserService

use of org.eclipse.kapua.service.user.UserService in project kapua by eclipse.

the class GwtAuthorizationServiceImpl method establishSession.

private GwtSession establishSession() throws KapuaException {
    KapuaLocator locator = KapuaLocator.getInstance();
    // 
    // Get info from session
    KapuaSession kapuaSession = KapuaSecurityUtils.getSession();
    // 
    // Get user info
    UserService userService = locator.getService(UserService.class);
    User user = userService.find(kapuaSession.getScopeId(), kapuaSession.getUserId());
    // 
    // Get permission info
    AuthorizationService authorizationService = locator.getService(AuthorizationService.class);
    PermissionFactory permissionFactory = locator.getFactory(PermissionFactory.class);
    boolean hasAccountCreate = authorizationService.isPermitted(permissionFactory.newPermission(AccountDomain.ACCOUNT, Actions.write, kapuaSession.getScopeId()));
    boolean hasAccountRead = authorizationService.isPermitted(permissionFactory.newPermission(AccountDomain.ACCOUNT, Actions.read, kapuaSession.getScopeId()));
    boolean hasAccountUpdate = authorizationService.isPermitted(permissionFactory.newPermission(AccountDomain.ACCOUNT, Actions.write, kapuaSession.getScopeId()));
    boolean hasAccountDelete = authorizationService.isPermitted(permissionFactory.newPermission(AccountDomain.ACCOUNT, Actions.delete, kapuaSession.getScopeId()));
    boolean hasAccountAll = authorizationService.isPermitted(permissionFactory.newPermission(AccountDomain.ACCOUNT, null, null));
    boolean hasDeviceCreate = authorizationService.isPermitted(permissionFactory.newPermission(DeviceDomain.DEVICE, Actions.write, kapuaSession.getScopeId()));
    boolean hasDeviceRead = authorizationService.isPermitted(permissionFactory.newPermission(DeviceDomain.DEVICE, Actions.read, kapuaSession.getScopeId()));
    boolean hasDeviceUpdate = authorizationService.isPermitted(permissionFactory.newPermission(DeviceDomain.DEVICE, Actions.write, kapuaSession.getScopeId()));
    boolean hasDeviceDelete = authorizationService.isPermitted(permissionFactory.newPermission(DeviceDomain.DEVICE, Actions.delete, kapuaSession.getScopeId()));
    boolean hasDeviceManage = authorizationService.isPermitted(permissionFactory.newPermission(DeviceLifecycleDomain.DEVICE_LIFECYCLE, Actions.write, kapuaSession.getScopeId()));
    boolean hasDataRead = authorizationService.isPermitted(permissionFactory.newPermission("data", Actions.read, kapuaSession.getScopeId()));
    boolean hasUserCreate = authorizationService.isPermitted(permissionFactory.newPermission("user", Actions.write, kapuaSession.getScopeId()));
    boolean hasUserRead = authorizationService.isPermitted(permissionFactory.newPermission("user", Actions.read, kapuaSession.getScopeId()));
    boolean hasUserUpdate = authorizationService.isPermitted(permissionFactory.newPermission("user", Actions.write, kapuaSession.getScopeId()));
    boolean hasUserDelete = authorizationService.isPermitted(permissionFactory.newPermission("user", Actions.delete, kapuaSession.getScopeId()));
    // 
    // Get account info
    AccountService accountService = locator.getService(AccountService.class);
    Account account = accountService.find(kapuaSession.getScopeId());
    // 
    // Convert entities
    GwtUser gwtUser = KapuaGwtConverter.convert(user);
    GwtAccount gwtAccount = KapuaGwtConverter.convert(account);
    // 
    // Build the session
    GwtSession gwtSession = new GwtSession();
    // Console info
    SystemSetting commonsConfig = SystemSetting.getInstance();
    gwtSession.setVersion(commonsConfig.getString(SystemSettingKey.VERSION));
    gwtSession.setBuildVersion(commonsConfig.getString(SystemSettingKey.BUILD_VERSION));
    gwtSession.setBuildNumber(commonsConfig.getString(SystemSettingKey.BUILD_NUMBER));
    // User info
    gwtSession.setGwtUser(gwtUser);
    gwtSession.setGwtAccount(gwtAccount);
    gwtSession.setRootAccount(gwtAccount);
    gwtSession.setSelectedAccount(gwtAccount);
    // Permission info
    gwtSession.setAccountCreatePermission(hasAccountCreate);
    gwtSession.setAccountReadPermission(hasAccountRead);
    gwtSession.setAccountUpdatePermission(hasAccountUpdate);
    gwtSession.setAccountDeletePermission(hasAccountDelete);
    gwtSession.setAccountAllPermission(hasAccountAll);
    gwtSession.setDeviceCreatePermission(hasDeviceCreate);
    gwtSession.setDeviceReadPermission(hasDeviceRead);
    gwtSession.setDeviceUpdatePermission(hasDeviceUpdate);
    gwtSession.setDeviceDeletePermission(hasDeviceDelete);
    gwtSession.setDeviceManagePermission(hasDeviceManage);
    gwtSession.setDataReadPermission(hasDataRead);
    gwtSession.setUserCreatePermission(hasUserCreate);
    gwtSession.setUserReadPermission(hasUserRead);
    gwtSession.setUserUpdatePermission(hasUserUpdate);
    gwtSession.setUserDeletePermission(hasUserDelete);
    return gwtSession;
}
Also used : KapuaLocator(org.eclipse.kapua.locator.KapuaLocator) Account(org.eclipse.kapua.service.account.Account) GwtAccount(org.eclipse.kapua.app.console.shared.model.GwtAccount) GwtUser(org.eclipse.kapua.app.console.shared.model.GwtUser) User(org.eclipse.kapua.service.user.User) UserService(org.eclipse.kapua.service.user.UserService) KapuaSession(org.eclipse.kapua.commons.security.KapuaSession) PermissionFactory(org.eclipse.kapua.service.authorization.permission.PermissionFactory) GwtAccount(org.eclipse.kapua.app.console.shared.model.GwtAccount) SystemSetting(org.eclipse.kapua.commons.setting.system.SystemSetting) GwtSession(org.eclipse.kapua.app.console.shared.model.GwtSession) GwtAuthorizationService(org.eclipse.kapua.app.console.shared.service.GwtAuthorizationService) AuthorizationService(org.eclipse.kapua.service.authorization.AuthorizationService) GwtUser(org.eclipse.kapua.app.console.shared.model.GwtUser) AccountService(org.eclipse.kapua.service.account.AccountService)

Aggregations

UserService (org.eclipse.kapua.service.user.UserService)12 KapuaLocator (org.eclipse.kapua.locator.KapuaLocator)11 User (org.eclipse.kapua.service.user.User)11 GwtUser (org.eclipse.kapua.app.console.shared.model.GwtUser)7 KapuaId (org.eclipse.kapua.model.id.KapuaId)6 GwtUserService (org.eclipse.kapua.app.console.shared.service.GwtUserService)5 PermissionFactory (org.eclipse.kapua.service.authorization.permission.PermissionFactory)5 CredentialService (org.eclipse.kapua.service.authentication.credential.CredentialService)4 UserPermissionFactory (org.eclipse.kapua.service.authorization.user.permission.UserPermissionFactory)4 UserPermissionService (org.eclipse.kapua.service.authorization.user.permission.UserPermissionService)4 UserFactory (org.eclipse.kapua.service.user.UserFactory)4 KapuaSession (org.eclipse.kapua.commons.security.KapuaSession)3 CredentialCreator (org.eclipse.kapua.service.authentication.credential.CredentialCreator)3 CredentialFactory (org.eclipse.kapua.service.authentication.credential.CredentialFactory)3 Permission (org.eclipse.kapua.service.authorization.permission.Permission)3 Date (java.util.Date)2 HashSet (java.util.HashSet)2 Callable (java.util.concurrent.Callable)2 ShiroException (org.apache.shiro.ShiroException)2 AuthenticationException (org.apache.shiro.authc.AuthenticationException)2