use of org.infinispan.security.AuthorizationManager in project infinispan by infinispan.
the class ConflictManagerFactory method get.
@SuppressWarnings("unchecked")
public static <K, V> ConflictManager<K, V> get(AdvancedCache<K, V> cache) {
AuthorizationManager authzManager = cache.getAuthorizationManager();
if (authzManager != null) {
authzManager.checkPermission(AuthorizationPermission.ALL_READ);
authzManager.checkPermission(AuthorizationPermission.ALL_WRITE);
}
return cache.getComponentRegistry().getComponent(InternalConflictManager.class);
}
use of org.infinispan.security.AuthorizationManager in project infinispan by infinispan.
the class ScriptingManagerImpl method runScript.
@Override
public <T> CompletionStage<T> runScript(String scriptName, TaskContext context) {
ScriptMetadata metadata = getScriptMetadata(scriptName);
if (authorizer != null) {
AuthorizationManager authorizationManager = context.getCache().isPresent() ? SecurityActions.getAuthorizationManager(context.getCache().get().getAdvancedCache()) : null;
if (authorizationManager != null) {
// when the cache is secured
authorizationManager.checkPermission(AuthorizationPermission.EXEC, metadata.role().orElse(null));
} else {
if (context.getSubject().isPresent()) {
authorizer.checkPermission(context.getSubject().get(), AuthorizationPermission.EXEC);
} else {
authorizer.checkPermission(AuthorizationPermission.EXEC, metadata.role().orElse(null));
}
}
}
MediaType scriptMediaType = metadata.dataType();
MediaType requestMediaType = context.getCache().map(c -> c.getAdvancedCache().getValueDataConversion().getRequestMediaType()).orElse(MediaType.MATCH_ALL);
Bindings userBindings = context.getParameters().map(p -> {
Map<String, ?> params = scriptConversions.convertParameters(context);
return new SimpleBindings((Map<String, Object>) params);
}).orElse(new SimpleBindings());
SimpleBindings systemBindings = new SimpleBindings();
DataTypedCacheManager dataTypedCacheManager = new DataTypedCacheManager(scriptMediaType, cacheManager, context.getSubject().orElse(null));
systemBindings.put(SystemBindings.CACHE_MANAGER.toString(), dataTypedCacheManager);
systemBindings.put(SystemBindings.SCRIPTING_MANAGER.toString(), this);
context.getCache().ifPresent(cache -> {
if (requestMediaType != null && !requestMediaType.equals(MediaType.MATCH_ALL)) {
cache = cache.getAdvancedCache().withMediaType(scriptMediaType, scriptMediaType);
}
systemBindings.put(SystemBindings.CACHE.toString(), cache);
});
context.getMarshaller().ifPresent(marshaller -> {
systemBindings.put(SystemBindings.MARSHALLER.toString(), marshaller);
});
CacheScriptBindings bindings = new CacheScriptBindings(systemBindings, userBindings);
ScriptRunner runner = metadata.mode().getRunner();
return runner.runScript(this, metadata, bindings).thenApply(t -> (T) scriptConversions.convertToRequestType(t, metadata.dataType(), requestMediaType));
}
use of org.infinispan.security.AuthorizationManager in project infinispan by infinispan.
the class QueryFacadeImpl method query.
@Override
public byte[] query(AdvancedCache<?, ?> cache, byte[] query) {
AuthorizationManager authorizationManager = SecurityActions.getCacheAuthorizationManager(cache);
if (authorizationManager != null) {
authorizationManager.checkPermission(AuthorizationPermission.BULK_READ);
}
RemoteQueryManager remoteQueryManager = SecurityActions.getRemoteQueryManager(cache);
if (remoteQueryManager.getQueryEngine(cache) == null) {
// todo [anistor] remoteQueryManager should be null if not queryable
throw log.queryingNotEnabled(cache.getName());
}
try {
MediaType requestMediaType = cache.getValueDataConversion().getRequestMediaType();
QueryRequest request = remoteQueryManager.decodeQueryRequest(query, requestMediaType);
int startOffset = request.getStartOffset().intValue();
int maxResults = request.getMaxResults();
boolean local = request.isLocal();
return remoteQueryManager.executeQuery(request.getQueryString(), request.getNamedParametersMap(), startOffset, maxResults, cache, requestMediaType, local);
} catch (Exception e) {
if (log.isDebugEnabled()) {
log.debugf(e, "Error executing remote query : %s", e.getMessage());
}
throw e;
}
}
Aggregations