Examples with AccessControlEntry org.opencastproject.security.api.AccessControlEntry used on opensource projects

Search in sources :

Example 26 with AccessControlEntry

use of org.opencastproject.security.api.AccessControlEntry in project opencast by opencast.

the class EventHttpServletRequest method deserializeJsonToAcl.

/**
 * De-serialize an JSON into an {@link AccessControlList}.
 *
 * @param json
 *          The {@link AccessControlList} to serialize.
 * @param assumeAllow
 *          Assume that all entries are allows.
 * @return An {@link AccessControlList} representation of the Json
 * @throws ParseException
 */
protected static AccessControlList deserializeJsonToAcl(String json, boolean assumeAllow) throws ParseException {
    JSONParser parser = new JSONParser();
    JSONArray aclJson = (JSONArray) parser.parse(json);
    @SuppressWarnings("unchecked") ListIterator<Object> iterator = aclJson.listIterator();
    JSONObject aceJson;
    List<AccessControlEntry> entries = new ArrayList<AccessControlEntry>();
    while (iterator.hasNext()) {
        aceJson = (JSONObject) iterator.next();
        String action = aceJson.get(ACTION_JSON_KEY) != null ? aceJson.get(ACTION_JSON_KEY).toString() : "";
        String allow;
        if (assumeAllow) {
            allow = "true";
        } else {
            allow = aceJson.get(ALLOW_JSON_KEY) != null ? aceJson.get(ALLOW_JSON_KEY).toString() : "";
        }
        String role = aceJson.get(ROLE_JSON_KEY) != null ? aceJson.get(ROLE_JSON_KEY).toString() : "";
        if (StringUtils.trimToNull(action) != null && StringUtils.trimToNull(allow) != null && StringUtils.trimToNull(role) != null) {
            AccessControlEntry ace = new AccessControlEntry(role, action, Boolean.parseBoolean(allow));
            entries.add(ace);
        } else {
            throw new IllegalArgumentException(String.format("One of the access control elements is missing a property. The action was '%s', allow was '%s' and the role was '%s'", action, allow, role));
        }
    }
    return new AccessControlList(entries);
}
Also used : AccessControlList(org.opencastproject.security.api.AccessControlList) JSONObject(org.json.simple.JSONObject) JSONArray(org.json.simple.JSONArray) ArrayList(java.util.ArrayList) AccessControlEntry(org.opencastproject.security.api.AccessControlEntry) JSONParser(org.json.simple.parser.JSONParser) JSONObject(org.json.simple.JSONObject)

Example 27 with AccessControlEntry

use of org.opencastproject.security.api.AccessControlEntry in project opencast by opencast.

the class EventIndexUtils method addAuthorization.

/**
 * Adds authorization fields to the input document.
 *
 * @param doc
 *          the input document
 * @param aclString
 *          the access control list string
 */
private static void addAuthorization(SearchMetadataCollection doc, String aclString) {
    Map<String, List<String>> permissions = new HashMap<String, List<String>>();
    // Define containers for common permissions
    for (Action action : Permissions.Action.values()) {
        permissions.put(action.toString(), new ArrayList<String>());
    }
    AccessControlList acl = AccessControlParser.parseAclSilent(aclString);
    for (AccessControlEntry entry : acl.getEntries()) {
        if (!entry.isAllow()) {
            logger.info("Event index does not support denial via ACL, ignoring {}", entry);
            continue;
        }
        List<String> actionPermissions = permissions.get(entry.getAction());
        if (actionPermissions == null) {
            actionPermissions = new ArrayList<String>();
            permissions.put(entry.getAction(), actionPermissions);
        }
        actionPermissions.add(entry.getRole());
    }
    // Write the permissions to the input document
    for (Map.Entry<String, List<String>> entry : permissions.entrySet()) {
        String fieldName = EventIndexSchema.ACL_PERMISSION_PREFIX.concat(entry.getKey());
        doc.addField(fieldName, entry.getValue(), false);
    }
}
Also used : AccessControlList(org.opencastproject.security.api.AccessControlList) Action(org.opencastproject.security.api.Permissions.Action) HashMap(java.util.HashMap) AccessControlEntry(org.opencastproject.security.api.AccessControlEntry) ArrayList(java.util.ArrayList) ListProviderUtil.splitStringList(org.opencastproject.index.service.util.ListProviderUtil.splitStringList) AccessControlList(org.opencastproject.security.api.AccessControlList) List(java.util.List) HashMap(java.util.HashMap) Map(java.util.Map)

Example 28 with AccessControlEntry

use of org.opencastproject.security.api.AccessControlEntry in project opencast by opencast.

the class SeriesIndexUtils method addAuthorization.

/**
 * Adds authorization fields to the input document.
 *
 * @param doc
 *          the input document
 * @param aclString
 *          the access control list string
 */
private static void addAuthorization(SearchMetadataCollection doc, String aclString) {
    Map<String, List<String>> permissions = new HashMap<String, List<String>>();
    // Define containers for common permissions
    for (Action action : Permissions.Action.values()) {
        permissions.put(action.toString(), new ArrayList<String>());
    }
    AccessControlList acl = AccessControlParser.parseAclSilent(aclString);
    for (AccessControlEntry entry : acl.getEntries()) {
        if (!entry.isAllow()) {
            logger.info("Series index does not support denial via ACL, ignoring {}", entry);
            continue;
        }
        List<String> actionPermissions = permissions.get(entry.getAction());
        if (actionPermissions == null) {
            actionPermissions = new ArrayList<String>();
            permissions.put(entry.getAction(), actionPermissions);
        }
        actionPermissions.add(entry.getRole());
    }
    // Write the permissions to the input document
    for (Map.Entry<String, List<String>> entry : permissions.entrySet()) {
        String fieldName = SeriesIndexSchema.ACL_PERMISSION_PREFIX.concat(entry.getKey());
        doc.addField(fieldName, entry.getValue(), false);
    }
}
Also used : AccessControlList(org.opencastproject.security.api.AccessControlList) Action(org.opencastproject.security.api.Permissions.Action) HashMap(java.util.HashMap) AccessControlEntry(org.opencastproject.security.api.AccessControlEntry) ArrayList(java.util.ArrayList) ListProviderUtil.splitStringList(org.opencastproject.index.service.util.ListProviderUtil.splitStringList) AccessControlList(org.opencastproject.security.api.AccessControlList) List(java.util.List) HashMap(java.util.HashMap) Map(java.util.Map)

Example 29 with AccessControlEntry

use of org.opencastproject.security.api.AccessControlEntry in project opencast by opencast.

the class SeriesServicePersistenceTest method testAccessControlManagment.

@Test
public void testAccessControlManagment() throws Exception {
    // sample access control list
    AccessControlList accessControlList = new AccessControlList();
    List<AccessControlEntry> acl = accessControlList.getEntries();
    acl.add(new AccessControlEntry("admin", "delete", true));
    seriesDatabase.storeSeries(testCatalog);
    String seriesID = testCatalog.getFirst(DublinCore.PROPERTY_IDENTIFIER);
    seriesDatabase.storeSeriesAccessControl(seriesID, accessControlList);
    AccessControlList retrievedACL = seriesDatabase.getAccessControlList(seriesID);
    assertNotNull(retrievedACL);
    acl = retrievedACL.getEntries();
    assertEquals(acl.size(), 1);
    assertEquals(acl.get(0).getRole(), "admin");
    try {
        seriesDatabase.storeSeriesAccessControl("failid", accessControlList);
        fail("Should fail when adding ACL to nonexistent series");
    } catch (NotFoundException e) {
    // expected
    }
}
Also used : AccessControlList(org.opencastproject.security.api.AccessControlList) AccessControlEntry(org.opencastproject.security.api.AccessControlEntry) NotFoundException(org.opencastproject.util.NotFoundException) Test(org.junit.Test)

Example 30 with AccessControlEntry

use of org.opencastproject.security.api.AccessControlEntry in project opencast by opencast.

the class SearchServiceImplTest method setUp.

@Before
public void setUp() throws Exception {
    // workspace
    Workspace workspace = EasyMock.createNiceMock(Workspace.class);
    EasyMock.expect(workspace.get((URI) EasyMock.anyObject())).andAnswer(new IAnswer<File>() {

        @Override
        public File answer() throws Throwable {
            return new File(new URI(EasyMock.getCurrentArguments()[0].toString()));
        }
    }).anyTimes();
    EasyMock.replay(workspace);
    // User, organization and service registry
    userResponder = new Responder<User>(defaultUser);
    organizationResponder = new Responder<Organization>(defaultOrganization);
    SecurityService securityService = EasyMock.createNiceMock(SecurityService.class);
    EasyMock.expect(securityService.getUser()).andAnswer(userResponder).anyTimes();
    EasyMock.expect(securityService.getOrganization()).andAnswer(organizationResponder).anyTimes();
    EasyMock.replay(securityService);
    User anonymous = new JaxbUser("anonymous", "test", defaultOrganization, new JaxbRole(DefaultOrganization.DEFAULT_ORGANIZATION_ANONYMOUS, defaultOrganization));
    UserDirectoryService userDirectoryService = EasyMock.createMock(UserDirectoryService.class);
    EasyMock.expect(userDirectoryService.loadUser((String) EasyMock.anyObject())).andReturn(anonymous).anyTimes();
    EasyMock.replay(userDirectoryService);
    Organization organization = new DefaultOrganization();
    OrganizationDirectoryService organizationDirectoryService = EasyMock.createMock(OrganizationDirectoryService.class);
    EasyMock.expect(organizationDirectoryService.getOrganization((String) EasyMock.anyObject())).andReturn(organization).anyTimes();
    EasyMock.replay(organizationDirectoryService);
    // mpeg7 service
    Mpeg7CatalogService mpeg7CatalogService = new Mpeg7CatalogService();
    // Persistence storage
    searchDatabase = new SearchServiceDatabaseImpl();
    searchDatabase.setEntityManagerFactory(newTestEntityManagerFactory(SearchServiceDatabaseImpl.PERSISTENCE_UNIT));
    searchDatabase.activate(null);
    searchDatabase.setSecurityService(securityService);
    // search service
    service = new SearchServiceImpl();
    serviceRegistry = new ServiceRegistryInMemoryImpl(service, securityService, userDirectoryService, organizationDirectoryService, EasyMock.createNiceMock(IncidentService.class));
    StaticMetadataService mdService = newStaticMetadataService(workspace);
    SeriesService seriesService = EasyMock.createNiceMock(SeriesService.class);
    DublinCoreCatalog seriesCatalog = getSeriesDublinCoreCatalog("/series-dublincore.xml");
    AccessControlList seriesAcl = new AccessControlList();
    EasyMock.expect(seriesService.getSeries((String) EasyMock.anyObject())).andReturn(seriesCatalog).anyTimes();
    EasyMock.expect(seriesService.getSeriesAccessControl((String) EasyMock.anyObject())).andReturn(seriesAcl).anyTimes();
    EasyMock.replay(seriesService);
    service.setStaticMetadataService(mdService);
    service.setWorkspace(workspace);
    service.setMpeg7CatalogService(mpeg7CatalogService);
    service.setSecurityService(securityService);
    service.setOrganizationDirectoryService(organizationDirectoryService);
    service.setUserDirectoryService(userDirectoryService);
    service.setServiceRegistry(serviceRegistry);
    service.setPersistence(searchDatabase);
    SolrServer solrServer = SearchServiceImpl.setupSolr(new File(solrRoot));
    service.testSetup(solrServer, new SolrRequester(solrServer, securityService), new SolrIndexManager(solrServer, workspace, Arrays.asList(mdService), seriesService, mpeg7CatalogService, securityService));
    // acl
    String anonymousRole = securityService.getOrganization().getAnonymousRole();
    acl = new AccessControlList(new AccessControlEntry(anonymousRole, Permissions.Action.READ.toString(), true));
    authorizationService = EasyMock.createNiceMock(AuthorizationService.class);
    EasyMock.expect(authorizationService.getActiveAcl((MediaPackage) EasyMock.anyObject())).andReturn(Tuple.tuple(acl, AclScope.Series)).anyTimes();
    EasyMock.expect(authorizationService.hasPermission((MediaPackage) EasyMock.anyObject(), (String) EasyMock.anyObject())).andReturn(true).anyTimes();
    service.setAuthorizationService(authorizationService);
    EasyMock.replay(authorizationService);
}
Also used : AccessControlList(org.opencastproject.security.api.AccessControlList) User(org.opencastproject.security.api.User) JaxbUser(org.opencastproject.security.api.JaxbUser) Organization(org.opencastproject.security.api.Organization) JaxbOrganization(org.opencastproject.security.api.JaxbOrganization) DefaultOrganization(org.opencastproject.security.api.DefaultOrganization) JaxbUser(org.opencastproject.security.api.JaxbUser) StaticMetadataService(org.opencastproject.metadata.api.StaticMetadataService) URI(java.net.URI) SolrServer(org.apache.solr.client.solrj.SolrServer) SecurityService(org.opencastproject.security.api.SecurityService) SolrRequester(org.opencastproject.search.impl.solr.SolrRequester) ServiceRegistryInMemoryImpl(org.opencastproject.serviceregistry.api.ServiceRegistryInMemoryImpl) SolrIndexManager(org.opencastproject.search.impl.solr.SolrIndexManager) AccessControlEntry(org.opencastproject.security.api.AccessControlEntry) Mpeg7CatalogService(org.opencastproject.metadata.mpeg7.Mpeg7CatalogService) UserDirectoryService(org.opencastproject.security.api.UserDirectoryService) IAnswer(org.easymock.IAnswer) JaxbRole(org.opencastproject.security.api.JaxbRole) SeriesService(org.opencastproject.series.api.SeriesService) AuthorizationService(org.opencastproject.security.api.AuthorizationService) MediaPackage(org.opencastproject.mediapackage.MediaPackage) SearchServiceDatabaseImpl(org.opencastproject.search.impl.persistence.SearchServiceDatabaseImpl) DublinCoreCatalog(org.opencastproject.metadata.dublincore.DublinCoreCatalog) File(java.io.File) Workspace(org.opencastproject.workspace.api.Workspace) DefaultOrganization(org.opencastproject.security.api.DefaultOrganization) OrganizationDirectoryService(org.opencastproject.security.api.OrganizationDirectoryService) Before(org.junit.Before)

Aggregations

AccessControlEntry (org.opencastproject.security.api.AccessControlEntry)38 AccessControlList (org.opencastproject.security.api.AccessControlList)30 Test (org.junit.Test)18 MediaPackage (org.opencastproject.mediapackage.MediaPackage)12 ArrayList (java.util.ArrayList)10 HashMap (java.util.HashMap)7 Job (org.opencastproject.job.api.Job)6 JaxbRole (org.opencastproject.security.api.JaxbRole)6 JobBarrier (org.opencastproject.job.api.JobBarrier)5 JaxbUser (org.opencastproject.security.api.JaxbUser)5 Date (java.util.Date)4 List (java.util.List)4 Map (java.util.Map)4 SearchQuery (org.opencastproject.search.api.SearchQuery)4 AuthorizationService (org.opencastproject.security.api.AuthorizationService)4 DefaultOrganization (org.opencastproject.security.api.DefaultOrganization)4 SecurityService (org.opencastproject.security.api.SecurityService)4 User (org.opencastproject.security.api.User)4 NotFoundException (org.opencastproject.util.NotFoundException)4 File (java.io.File)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial