use of org.opencastproject.security.api.Role in project opencast by opencast.
the class UserAndRoleDirectoryServiceImpl method getRoles.
/**
* {@inheritDoc}
*
* @see org.opencastproject.security.api.RoleDirectoryService#getRoles()
*/
@Override
@SuppressWarnings("unchecked")
public Iterator<Role> getRoles() {
Organization org = securityService.getOrganization();
if (org == null)
throw new IllegalStateException("No organization is set");
Stream<Role> roles = Stream.empty();
for (RoleProvider roleProvider : roleProviders) {
String providerOrgId = roleProvider.getOrganization();
if (!ALL_ORGANIZATIONS.equals(providerOrgId) && !org.getId().equals(providerOrgId))
continue;
roles = roles.append(IteratorUtils.toList(roleProvider.getRoles())).sort(roleComparator);
}
return roles.iterator();
}
use of org.opencastproject.security.api.Role in project opencast by opencast.
the class UserAndRoleDirectoryServiceImpl method loadUserByUsername.
/**
* {@inheritDoc}
*
* @see org.springframework.security.core.userdetails.UserDetailsService#loadUserByUsername(java.lang.String)
*/
@Override
public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException, org.springframework.dao.DataAccessException {
User user = loadUser(userName);
if (user == null)
throw new UsernameNotFoundException(userName);
// Store the user in the security service
securityService.setUser(user);
Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
for (Role role : user.getRoles()) {
authorities.add(new SimpleGrantedAuthority(role.getName()));
}
// Add additional roles from role providers
if (!InMemoryUserAndRoleProvider.PROVIDER_NAME.equals(user.getProvider())) {
for (RoleProvider roleProvider : roleProviders) {
List<Role> rolesForUser = roleProvider.getRolesForUser(userName);
for (Role role : rolesForUser) authorities.add(new SimpleGrantedAuthority(role.getName()));
}
}
authorities.add(new SimpleGrantedAuthority(securityService.getOrganization().getAnonymousRole()));
// need a non null password to instantiate org.springframework.security.core.userdetails.User
// but CAS authenticated users have no password
String password = user.getPassword() == null ? DEFAULT_PASSWORD : user.getPassword();
return new org.springframework.security.core.userdetails.User(user.getUsername(), password, user.canLogin(), true, true, true, authorities);
}
use of org.opencastproject.security.api.Role in project opencast by opencast.
the class UserAndRoleDirectoryServiceImpl method findRoles.
@Override
@SuppressWarnings("unchecked")
public Iterator<Role> findRoles(String query, Role.Target target, int offset, int limit) {
if (query == null)
throw new IllegalArgumentException("Query must be set");
Organization org = securityService.getOrganization();
if (org == null)
throw new IllegalStateException("No organization is set");
// Find all roles from the role providers
Stream<Role> roles = Stream.empty();
for (RoleProvider roleProvider : roleProviders) {
String providerOrgId = roleProvider.getOrganization();
if (!ALL_ORGANIZATIONS.equals(providerOrgId) && !org.getId().equals(providerOrgId))
continue;
roles = roles.append(IteratorUtils.toList(roleProvider.findRoles(query, target, 0, 0))).sort(roleComparator);
}
return roles.drop(offset).apply(limit > 0 ? StreamOp.<Role>id().take(limit) : StreamOp.<Role>id()).iterator();
}
use of org.opencastproject.security.api.Role in project opencast by opencast.
the class OpencastLdapAuthoritiesPopulator method addAuthorities.
/**
* Add the specified authorities to the provided set
*
* @param authorities
* a set containing the authorities
* @param values
* the values to add to the set
*/
private void addAuthorities(Set<GrantedAuthority> authorities, String[] values) {
if (values != null) {
Organization org = securityService.getOrganization();
if (!organization.equals(org)) {
throw new SecurityException(String.format("Current request belongs to the organization \"%s\". Expected \"%s\"", org.getId(), organization.getId()));
}
for (String value : values) {
/*
* Please note the prefix logic for roles:
*
* - Roles that start with any of the "exclude prefixes" are left intact
* - In any other case, the "role prefix" is prepended to the roles read from LDAP
*
* This only applies to the prefix addition. The conversion to uppercase is independent from these
* considerations
*/
String authority;
if (uppercase)
authority = StringUtils.trimToEmpty(value).replaceAll(ROLE_CLEAN_REGEXP, ROLE_CLEAN_REPLACEMENT).toUpperCase();
else
authority = StringUtils.trimToEmpty(value).replaceAll(ROLE_CLEAN_REGEXP, ROLE_CLEAN_REPLACEMENT);
// Ignore the empty parts
if (!authority.isEmpty()) {
// Check if this role is a group role and assign the groups appropriately
List<Role> groupRoles;
if (groupRoleProvider != null)
groupRoles = groupRoleProvider.getRolesForGroup(authority);
else
groupRoles = Collections.emptyList();
// Try to add the prefix if appropriate
String prefix = this.prefix;
if (!prefix.isEmpty()) {
boolean hasExcludePrefix = false;
for (String excludePrefix : excludedPrefixes) {
if (authority.startsWith(excludePrefix)) {
hasExcludePrefix = true;
break;
}
}
if (hasExcludePrefix)
prefix = "";
}
authority = (prefix + authority).replaceAll(ROLE_CLEAN_REGEXP, ROLE_CLEAN_REPLACEMENT);
debug("Parsed LDAP role \"{}\" to role \"{}\"", value, authority);
if (!groupRoles.isEmpty()) {
// The authority is a group role
debug("Found group for the group with group role \"{}\"", authority);
for (Role role : groupRoles) {
authorities.add(new SimpleGrantedAuthority(role.getName()));
logger.debug("\tAdded role from role \"{}\"'s group: {}", authority, role);
}
}
// Finally, add the authority itself
authorities.add(new SimpleGrantedAuthority(authority));
} else {
debug("Found empty authority. Ignoring...");
}
}
}
}
use of org.opencastproject.security.api.Role in project opencast by opencast.
the class OpencastLdapAuthoritiesPopulatorTest method setUp.
@Before
public void setUp() {
mappings = new HashMap<>();
org = EasyMock.createNiceMock(Organization.class);
EasyMock.expect(org.getId()).andReturn(ORG_NAME).anyTimes();
Set<Role> groupRoles = new HashSet<>();
for (int i = 1; i <= N_GROUP_ROLES; i++) {
Role r = EasyMock.createNiceMock(Role.class);
EasyMock.expect(r.getOrganization()).andReturn(org).anyTimes();
EasyMock.expect(r.getName()).andReturn(format("group_role_%d", i)).anyTimes();
EasyMock.replay(r);
groupRoles.add(r);
}
User mockUser = EasyMock.createNiceMock(User.class);
EasyMock.expect(mockUser.getUsername()).andReturn(USERNAME).anyTimes();
EasyMock.expect(mockUser.getRoles()).andReturn(DEFAULT_INTERNAL_ROLES).anyTimes();
securityService = EasyMock.createNiceMock(SecurityService.class);
EasyMock.expect(securityService.getOrganization()).andReturn(org).anyTimes();
EasyMock.expect(securityService.getUser()).andReturn(mockUser).anyTimes();
groupRoleProvider = EasyMock.createNiceMock(JpaGroupRoleProvider.class);
EasyMock.expect(groupRoleProvider.getRolesForGroup(GROUP_ROLE)).andReturn(new ArrayList<>(groupRoles)).anyTimes();
EasyMock.replay(org, securityService, groupRoleProvider, mockUser);
}
Aggregations