Search in sources :

Example 1 with AuthorizationManager

use of org.infinispan.security.AuthorizationManager in project infinispan by infinispan.

the class ConflictManagerFactory method get.

@SuppressWarnings("unchecked")
public static <K, V> ConflictManager<K, V> get(AdvancedCache<K, V> cache) {
    AuthorizationManager authzManager = cache.getAuthorizationManager();
    if (authzManager != null) {
        authzManager.checkPermission(AuthorizationPermission.ALL_READ);
        authzManager.checkPermission(AuthorizationPermission.ALL_WRITE);
    }
    return cache.getComponentRegistry().getComponent(InternalConflictManager.class);
}
Also used : AuthorizationManager(org.infinispan.security.AuthorizationManager)

Example 2 with AuthorizationManager

use of org.infinispan.security.AuthorizationManager in project infinispan by infinispan.

the class ScriptingManagerImpl method runScript.

@Override
public <T> CompletionStage<T> runScript(String scriptName, TaskContext context) {
    ScriptMetadata metadata = getScriptMetadata(scriptName);
    if (authorizer != null) {
        AuthorizationManager authorizationManager = context.getCache().isPresent() ? SecurityActions.getAuthorizationManager(context.getCache().get().getAdvancedCache()) : null;
        if (authorizationManager != null) {
            // when the cache is secured
            authorizationManager.checkPermission(AuthorizationPermission.EXEC, metadata.role().orElse(null));
        } else {
            if (context.getSubject().isPresent()) {
                authorizer.checkPermission(context.getSubject().get(), AuthorizationPermission.EXEC);
            } else {
                authorizer.checkPermission(AuthorizationPermission.EXEC, metadata.role().orElse(null));
            }
        }
    }
    MediaType scriptMediaType = metadata.dataType();
    MediaType requestMediaType = context.getCache().map(c -> c.getAdvancedCache().getValueDataConversion().getRequestMediaType()).orElse(MediaType.MATCH_ALL);
    Bindings userBindings = context.getParameters().map(p -> {
        Map<String, ?> params = scriptConversions.convertParameters(context);
        return new SimpleBindings((Map<String, Object>) params);
    }).orElse(new SimpleBindings());
    SimpleBindings systemBindings = new SimpleBindings();
    DataTypedCacheManager dataTypedCacheManager = new DataTypedCacheManager(scriptMediaType, cacheManager, context.getSubject().orElse(null));
    systemBindings.put(SystemBindings.CACHE_MANAGER.toString(), dataTypedCacheManager);
    systemBindings.put(SystemBindings.SCRIPTING_MANAGER.toString(), this);
    context.getCache().ifPresent(cache -> {
        if (requestMediaType != null && !requestMediaType.equals(MediaType.MATCH_ALL)) {
            cache = cache.getAdvancedCache().withMediaType(scriptMediaType, scriptMediaType);
        }
        systemBindings.put(SystemBindings.CACHE.toString(), cache);
    });
    context.getMarshaller().ifPresent(marshaller -> {
        systemBindings.put(SystemBindings.MARSHALLER.toString(), marshaller);
    });
    CacheScriptBindings bindings = new CacheScriptBindings(systemBindings, userBindings);
    ScriptRunner runner = metadata.mode().getRunner();
    return runner.runScript(this, metadata, bindings).thenApply(t -> (T) scriptConversions.convertToRequestType(t, metadata.dataType(), requestMediaType));
}
Also used : Bindings(javax.script.Bindings) LogFactory(org.infinispan.util.logging.LogFactory) ScriptingManager(org.infinispan.scripting.ScriptingManager) BiFunction(java.util.function.BiFunction) GlobalConfiguration(org.infinispan.configuration.global.GlobalConfiguration) Cache(org.infinispan.Cache) ScriptConversions(org.infinispan.scripting.utils.ScriptConversions) Function(java.util.function.Function) ConcurrentMap(java.util.concurrent.ConcurrentMap) Start(org.infinispan.factories.annotations.Start) Scopes(org.infinispan.factories.scopes.Scopes) MediaType(org.infinispan.commons.dataconversion.MediaType) EmbeddedCacheManager(org.infinispan.manager.EmbeddedCacheManager) Map(java.util.Map) TaskManager(org.infinispan.tasks.TaskManager) EncoderRegistry(org.infinispan.marshall.core.EncoderRegistry) Scope(org.infinispan.factories.scopes.Scope) ScriptException(javax.script.ScriptException) Compilable(javax.script.Compilable) CacheEntry(org.infinispan.container.entries.CacheEntry) AuthorizationPermission(org.infinispan.security.AuthorizationPermission) AuthorizationManager(org.infinispan.security.AuthorizationManager) TaskContext(org.infinispan.tasks.TaskContext) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) Set(java.util.Set) ScriptEngineManager(javax.script.ScriptEngineManager) Inject(org.infinispan.factories.annotations.Inject) Objects(java.util.Objects) SimpleBindings(javax.script.SimpleBindings) CompletionStage(java.util.concurrent.CompletionStage) Authorizer(org.infinispan.security.impl.Authorizer) Log(org.infinispan.scripting.logging.Log) CompiledScript(javax.script.CompiledScript) ScriptEngine(javax.script.ScriptEngine) BlockingManager(org.infinispan.util.concurrent.BlockingManager) SimpleBindings(javax.script.SimpleBindings) MediaType(org.infinispan.commons.dataconversion.MediaType) AuthorizationManager(org.infinispan.security.AuthorizationManager) Bindings(javax.script.Bindings) SimpleBindings(javax.script.SimpleBindings) ConcurrentMap(java.util.concurrent.ConcurrentMap) Map(java.util.Map) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap)

Example 3 with AuthorizationManager

use of org.infinispan.security.AuthorizationManager in project infinispan by infinispan.

the class QueryFacadeImpl method query.

@Override
public byte[] query(AdvancedCache<?, ?> cache, byte[] query) {
    AuthorizationManager authorizationManager = SecurityActions.getCacheAuthorizationManager(cache);
    if (authorizationManager != null) {
        authorizationManager.checkPermission(AuthorizationPermission.BULK_READ);
    }
    RemoteQueryManager remoteQueryManager = SecurityActions.getRemoteQueryManager(cache);
    if (remoteQueryManager.getQueryEngine(cache) == null) {
        // todo [anistor] remoteQueryManager should be null if not queryable
        throw log.queryingNotEnabled(cache.getName());
    }
    try {
        MediaType requestMediaType = cache.getValueDataConversion().getRequestMediaType();
        QueryRequest request = remoteQueryManager.decodeQueryRequest(query, requestMediaType);
        int startOffset = request.getStartOffset().intValue();
        int maxResults = request.getMaxResults();
        boolean local = request.isLocal();
        return remoteQueryManager.executeQuery(request.getQueryString(), request.getNamedParametersMap(), startOffset, maxResults, cache, requestMediaType, local);
    } catch (Exception e) {
        if (log.isDebugEnabled()) {
            log.debugf(e, "Error executing remote query : %s", e.getMessage());
        }
        throw e;
    }
}
Also used : QueryRequest(org.infinispan.query.remote.client.impl.QueryRequest) MediaType(org.infinispan.commons.dataconversion.MediaType) AuthorizationManager(org.infinispan.security.AuthorizationManager)

Aggregations

AuthorizationManager (org.infinispan.security.AuthorizationManager)3 MediaType (org.infinispan.commons.dataconversion.MediaType)2 Map (java.util.Map)1 Objects (java.util.Objects)1 Set (java.util.Set)1 CompletionStage (java.util.concurrent.CompletionStage)1 ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)1 ConcurrentMap (java.util.concurrent.ConcurrentMap)1 BiFunction (java.util.function.BiFunction)1 Function (java.util.function.Function)1 Bindings (javax.script.Bindings)1 Compilable (javax.script.Compilable)1 CompiledScript (javax.script.CompiledScript)1 ScriptEngine (javax.script.ScriptEngine)1 ScriptEngineManager (javax.script.ScriptEngineManager)1 ScriptException (javax.script.ScriptException)1 SimpleBindings (javax.script.SimpleBindings)1 Cache (org.infinispan.Cache)1 GlobalConfiguration (org.infinispan.configuration.global.GlobalConfiguration)1 CacheEntry (org.infinispan.container.entries.CacheEntry)1