Examples with SecurityApiException org.killbill.billing.security.SecurityApiException used on opensource projects

Search in sources :

Example 1 with SecurityApiException

use of org.killbill.billing.security.SecurityApiException in project killbill by killbill.

the class DefaultUserDao method addRoleDefinition.

@Override
public void addRoleDefinition(final String role, final List<String> permissions, final String createdBy) throws SecurityApiException {
    final DateTime createdDate = clock.getUTCNow();
    inTransactionWithExceptionHandling(new TransactionCallback<Void>() {

        @Override
        public Void inTransaction(final Handle handle, final TransactionStatus status) throws Exception {
            final RolesPermissionsSqlDao rolesPermissionsSqlDao = handle.attach(RolesPermissionsSqlDao.class);
            final List<RolesPermissionsModelDao> existingRole = rolesPermissionsSqlDao.getByRoleName(role);
            if (!existingRole.isEmpty()) {
                throw new SecurityApiException(ErrorCode.SECURITY_ROLE_ALREADY_EXISTS, role);
            }
            for (final String permission : permissions) {
                rolesPermissionsSqlDao.create(new RolesPermissionsModelDao(role, permission, createdDate, createdBy));
            }
            return null;
        }
    });
}
Also used : TransactionStatus(org.skife.jdbi.v2.TransactionStatus) List(java.util.List) SecurityApiException(org.killbill.billing.security.SecurityApiException) DateTime(org.joda.time.DateTime) SecurityApiException(org.killbill.billing.security.SecurityApiException) Handle(org.skife.jdbi.v2.Handle)

Example 2 with SecurityApiException

use of org.killbill.billing.security.SecurityApiException in project killbill by killbill.

the class DefaultUserDao method insertUser.

@Override
public void insertUser(final String username, final String password, final List<String> roles, final String createdBy) throws SecurityApiException {
    final ByteSource salt = rng.nextBytes();
    final String hashedPasswordBase64 = new SimpleHash(KillbillCredentialsMatcher.HASH_ALGORITHM_NAME, password, salt.toBase64(), securityConfig.getShiroNbHashIterations()).toBase64();
    final DateTime createdDate = clock.getUTCNow();
    inTransactionWithExceptionHandling(new TransactionCallback<Void>() {

        @Override
        public Void inTransaction(final Handle handle, final TransactionStatus status) throws Exception {
            final UserRolesSqlDao userRolesSqlDao = handle.attach(UserRolesSqlDao.class);
            for (final String role : roles) {
                userRolesSqlDao.create(new UserRolesModelDao(username, role, createdDate, createdBy));
            }
            final UsersSqlDao usersSqlDao = handle.attach(UsersSqlDao.class);
            final UserModelDao userModelDao = usersSqlDao.getByUsername(username);
            if (userModelDao != null) {
                throw new SecurityApiException(ErrorCode.SECURITY_USER_ALREADY_EXISTS, username);
            }
            usersSqlDao.create(new UserModelDao(username, hashedPasswordBase64, salt.toBase64(), createdDate, createdBy));
            return null;
        }
    });
}
Also used : TransactionStatus(org.skife.jdbi.v2.TransactionStatus) DateTime(org.joda.time.DateTime) SecurityApiException(org.killbill.billing.security.SecurityApiException) Handle(org.skife.jdbi.v2.Handle) SimpleHash(org.apache.shiro.crypto.hash.SimpleHash) ByteSource(org.apache.shiro.util.ByteSource) SecurityApiException(org.killbill.billing.security.SecurityApiException)

Example 3 with SecurityApiException

use of org.killbill.billing.security.SecurityApiException in project killbill by killbill.

the class DefaultUserDao method updateUserPassword.

@Override
public void updateUserPassword(final String username, final String password, final String updatedBy) throws SecurityApiException {
    final ByteSource salt = rng.nextBytes();
    final String hashedPasswordBase64 = new SimpleHash(KillbillCredentialsMatcher.HASH_ALGORITHM_NAME, password, salt.toBase64(), securityConfig.getShiroNbHashIterations()).toBase64();
    inTransactionWithExceptionHandling(new TransactionCallback<Void>() {

        @Override
        public Void inTransaction(final Handle handle, final TransactionStatus status) throws Exception {
            final DateTime updatedDate = clock.getUTCNow();
            final UsersSqlDao usersSqlDao = handle.attach(UsersSqlDao.class);
            final UserModelDao userModelDao = usersSqlDao.getByUsername(username);
            if (userModelDao == null) {
                throw new SecurityApiException(ErrorCode.SECURITY_INVALID_USER, username);
            }
            usersSqlDao.updatePassword(username, hashedPasswordBase64, salt.toBase64(), updatedDate.toDate(), updatedBy);
            return null;
        }
    });
}
Also used : TransactionStatus(org.skife.jdbi.v2.TransactionStatus) SecurityApiException(org.killbill.billing.security.SecurityApiException) DateTime(org.joda.time.DateTime) Handle(org.skife.jdbi.v2.Handle) SimpleHash(org.apache.shiro.crypto.hash.SimpleHash) ByteSource(org.apache.shiro.util.ByteSource) SecurityApiException(org.killbill.billing.security.SecurityApiException)

Example 4 with SecurityApiException

use of org.killbill.billing.security.SecurityApiException in project killbill by killbill.

the class TestEntityBaseDaoException method testWithCreateException.

@Test(groups = "slow")
public void testWithCreateException() throws Exception {
    final EntitySqlDaoTransactionalJdbiWrapper entitySqlDaoTransactionalJdbiWrapper = new EntitySqlDaoTransactionalJdbiWrapper(dbi, roDbi, clock, null, nonEntityDao, null);
    final TestEntityBaseDao test = new TestEntityBaseDao(nonEntityDao, entitySqlDaoTransactionalJdbiWrapper, KombuchaSqlDao.class);
    final KombuchaModelDao entity = new KombuchaModelDao() {

        @Override
        public Long getRecordId() {
            return null;
        }

        @Override
        public Long getAccountRecordId() {
            return null;
        }

        @Override
        public Long getTenantRecordId() {
            return null;
        }

        @Override
        public TableName getTableName() {
            return null;
        }

        @Override
        public TableName getHistoryTableName() {
            return null;
        }

        @Override
        public UUID getId() {
            return null;
        }

        @Override
        public DateTime getCreatedDate() {
            return null;
        }

        @Override
        public DateTime getUpdatedDate() {
            return null;
        }
    };
    try {
        test.create(entity, internalCallContext);
        Assert.fail("test should throw SecurityApiException");
    } catch (final SecurityApiException e) {
        Assert.assertEquals(e.getCode(), ErrorCode.__UNKNOWN_ERROR_CODE.getCode());
    }
}
Also used : EntitySqlDaoTransactionalJdbiWrapper(org.killbill.billing.util.entity.dao.EntitySqlDaoTransactionalJdbiWrapper) SecurityApiException(org.killbill.billing.security.SecurityApiException) Test(org.testng.annotations.Test)

Example 5 with SecurityApiException

use of org.killbill.billing.security.SecurityApiException in project killbill by killbill.

the class DefaultSecurityApi method sanitizeAndValidatePermissions.

private List<String> sanitizeAndValidatePermissions(final List<String> permissionsRaw) throws SecurityApiException {
    if (permissionsRaw == null) {
        return ImmutableList.<String>of();
    }
    final Collection<String> permissions = Collections2.<String>filter(Lists.<String, String>transform(permissionsRaw, new Function<String, String>() {

        @Override
        public String apply(final String input) {
            return Strings.emptyToNull(input);
        }
    }), Predicates.<String>notNull());
    final Map<String, Set<String>> groupToValues = new HashMap<String, Set<String>>();
    for (final String curPerm : permissions) {
        if ("*".equals(curPerm)) {
            return ImmutableList.of("*");
        }
        final String[] permissionParts = curPerm.split(":");
        if (permissionParts.length != 1 && permissionParts.length != 2) {
            throw new SecurityApiException(ErrorCode.SECURITY_INVALID_PERMISSIONS, curPerm);
        }
        boolean resolved = false;
        for (final Permission cur : Permission.values()) {
            if (!cur.getGroup().equals(permissionParts[0])) {
                continue;
            }
            Set<String> groupPermissions = groupToValues.get(permissionParts[0]);
            if (groupPermissions == null) {
                groupPermissions = new HashSet<String>();
                groupToValues.put(permissionParts[0], groupPermissions);
            }
            if (permissionParts.length == 1 || "*".equals(permissionParts[1])) {
                groupPermissions.clear();
                groupPermissions.add("*");
                resolved = true;
                break;
            }
            if (cur.getValue().equals(permissionParts[1])) {
                groupPermissions.add(permissionParts[1]);
                resolved = true;
                break;
            }
        }
        if (!resolved) {
            throw new SecurityApiException(ErrorCode.SECURITY_INVALID_PERMISSIONS, curPerm);
        }
    }
    final List<String> sanitizedPermissions = new ArrayList<String>();
    for (final String group : groupToValues.keySet()) {
        final Set<String> groupPermissions = groupToValues.get(group);
        for (final String value : groupPermissions) {
            sanitizedPermissions.add(String.format("%s:%s", group, value));
        }
    }
    return sanitizedPermissions;
}
Also used : HashSet(java.util.HashSet) Set(java.util.Set) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) Function(com.google.common.base.Function) Permission(org.killbill.billing.security.Permission) SecurityApiException(org.killbill.billing.security.SecurityApiException)

Aggregations

SecurityApiException (org.killbill.billing.security.SecurityApiException)6 DateTime (org.joda.time.DateTime)4 Handle (org.skife.jdbi.v2.Handle)4 TransactionStatus (org.skife.jdbi.v2.TransactionStatus)4 List (java.util.List)2 SimpleHash (org.apache.shiro.crypto.hash.SimpleHash)2 ByteSource (org.apache.shiro.util.ByteSource)2 Function (com.google.common.base.Function)1 Predicate (com.google.common.base.Predicate)1 ArrayList (java.util.ArrayList)1 HashMap (java.util.HashMap)1 HashSet (java.util.HashSet)1 Set (java.util.Set)1 Permission (org.killbill.billing.security.Permission)1 EntitySqlDaoTransactionalJdbiWrapper (org.killbill.billing.util.entity.dao.EntitySqlDaoTransactionalJdbiWrapper)1 Test (org.testng.annotations.Test)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial