use of org.opencastproject.security.api.Role in project opencast by opencast.
the class UserAndRoleDirectoryServiceImpl method mergeUsers.
/**
* Merges two representations of a user, as returned by two different user providers. The set or roles from the
* provided users will be merged into one set.
*
* @param user1
* the first user to merge
* @param user2
* the second user to merge
* @return a user with a merged set of roles
*/
protected User mergeUsers(User user1, User user2) {
HashSet<JaxbRole> mergedRoles = new HashSet<JaxbRole>();
for (Role role : user1.getRoles()) {
mergedRoles.add(JaxbRole.fromRole(role));
}
for (Role role : user2.getRoles()) {
mergedRoles.add(JaxbRole.fromRole(role));
}
String name = StringUtils.isNotBlank(user1.getName()) ? user1.getName() : user2.getName();
String email = StringUtils.isNotBlank(user1.getEmail()) ? user1.getEmail() : user2.getEmail();
String password = user1.getPassword() == null ? user2.getPassword() : user1.getPassword();
boolean manageable = user1.isManageable() || user2.isManageable() ? true : false;
JaxbOrganization organization = JaxbOrganization.fromOrganization(user1.getOrganization());
String provider = StringUtils.join(Collections.nonNullList(user1.getProvider(), user2.getProvider()), ",");
JaxbUser jaxbUser = new JaxbUser(user1.getUsername(), password, name, email, provider, organization, mergedRoles);
jaxbUser.setManageable(manageable);
return jaxbUser;
}
use of org.opencastproject.security.api.Role in project opencast by opencast.
the class OpencastLdapAuthoritiesPopulator method getGrantedAuthorities.
@Override
public Collection<? extends GrantedAuthority> getGrantedAuthorities(DirContextOperations userData, String username) {
Set<GrantedAuthority> authorities = new HashSet<>();
for (String attributeName : attributeNames) {
try {
String[] attributeValues = userData.getStringAttributes(attributeName);
// Should the attribute not be defined, the returned array is null
if (attributeValues != null) {
for (String attributeValue : attributeValues) {
// The attribute value may be a single authority (a single role) or a list of roles
addAuthorities(authorities, attributeValue.split(","));
}
} else {
debug("({}) Could not find any attribute named '{}' in user '{}'", attributeName, userData.getDn());
}
} catch (ClassCastException e) {
error("Specified attribute containing user roles ('{}') was not of expected type String: {}", attributeName, e);
}
}
// Add the list of additional roles
addAuthorities(authorities, additionalAuthorities);
if (logger.isDebugEnabled()) {
debug("Returning user {} with authorities:", username);
for (GrantedAuthority authority : authorities) {
logger.error("\t{}", authority);
}
}
// Update the user in the security service if it matches the user whose authorities are being returned
if ((securityService.getOrganization().equals(organization)) && ((securityService.getUser() == null) || (securityService.getUser().getUsername().equals(username)))) {
Set<JaxbRole> roles = new HashSet<>();
// Get the current roles
for (Role existingRole : securityService.getUser().getRoles()) {
authorities.add(new SimpleGrantedAuthority(existingRole.getName()));
}
// Convert GrantedAuthority's into JaxbRole's
for (GrantedAuthority authority : authorities) roles.add(new JaxbRole(authority.getAuthority(), JaxbOrganization.fromOrganization(organization)));
JaxbUser user = new JaxbUser(username, LdapUserProviderInstance.PROVIDER_NAME, JaxbOrganization.fromOrganization(organization), roles.toArray(new JaxbRole[0]));
securityService.setUser(user);
}
return authorities;
}
use of org.opencastproject.security.api.Role in project opencast by opencast.
the class OpencastLdapAuthoritiesPopulatorTest method addRoles.
private void addRoles(Set<GrantedAuthority> roles, String thePrefix, String[] excludePrefixes, boolean toUpper, JpaGroupRoleProvider groupProvider, Organization org, String... strRoles) {
if (toUpper)
thePrefix = StringUtils.trimToEmpty(thePrefix).toUpperCase();
else
thePrefix = StringUtils.trimToEmpty(thePrefix);
if (strRoles != null) {
for (String strRole : strRoles) {
String role;
if (toUpper)
role = StringUtils.trimToEmpty(strRole).replaceAll("[\\s_]+", "_").toUpperCase();
else
role = StringUtils.trimToEmpty(strRole).replaceAll("[\\s_]+", "_");
if (!role.isEmpty()) {
String prefix = thePrefix;
if (groupProvider != null) {
List<Role> groupRoles = groupRoleProvider.getRolesForGroup(role);
if (!groupRoles.isEmpty()) {
logger.debug("Found group role {} with the following roles:", role);
for (Role groupRole : groupRoles) {
logger.debug("\t* {}", groupRole);
roles.add(new SimpleGrantedAuthority(groupRole.getName()));
}
prefix = "";
}
} else if (!thePrefix.isEmpty()) {
if (excludePrefixes != null) {
for (String excludePrefix : excludePrefixes) {
String excPrefix;
if (toUpper)
excPrefix = StringUtils.trimToEmpty(excludePrefix).toUpperCase();
else
excPrefix = StringUtils.trimToEmpty(excludePrefix);
if (role.startsWith(excPrefix)) {
prefix = "";
break;
}
}
}
}
role = (prefix + role).replaceAll("[\\s_]+", "_");
logger.debug("Adding expected authority '{}'", role);
roles.add(new SimpleGrantedAuthority(role));
}
}
}
}
use of org.opencastproject.security.api.Role in project opencast by opencast.
the class CustomRoleProvider method findRoles.
/**
* @see org.opencastproject.security.api.RoleProvider#findRoles(String, Role.Target, int, int)
*/
@Override
public Iterator<Role> findRoles(String query, Role.Target target, int offset, int limit) {
if (query == null)
throw new IllegalArgumentException("Query must be set");
Organization organization = securityService.getOrganization();
// Match the custom regular expression first if this is an ACL role query
if ((target == Role.Target.ACL) && (rolematch != null)) {
String exactQuery = StringUtils.removeEnd(query, "%");
Matcher m = rolematch.matcher(exactQuery);
if (m.matches()) {
List<Role> roles = new LinkedList<Role>();
JaxbOrganization jaxbOrganization = JaxbOrganization.fromOrganization(organization);
roles.add(new JaxbRole(exactQuery, jaxbOrganization, "Custom Role", Role.Type.EXTERNAL));
return roles.iterator();
}
}
// Otherwise match on the custom roles specified in a list
return Stream.$(roles).filter(filterByName._2(query)).drop(offset).apply(limit > 0 ? StreamOp.<String>id().take(limit) : StreamOp.<String>id()).map(toRole._2(organization)).iterator();
}
use of org.opencastproject.security.api.Role in project opencast by opencast.
the class JpaGroupRoleProvider method getGroupsRoles.
/**
* Returns all roles from a given group list
*
* @param groups
* the group list
* @return the role list
*/
private List<Role> getGroupsRoles(List<JpaGroup> groups) {
List<Role> roles = new ArrayList<Role>();
for (Group group : groups) {
roles.add(new JaxbRole(group.getRole(), JaxbOrganization.fromOrganization(group.getOrganization()), "", Role.Type.GROUP));
for (Role role : group.getRoles()) {
JaxbRole grouprole = new JaxbRole(role.getName(), JaxbOrganization.fromOrganization(role.getOrganization()), role.getDescription(), Role.Type.DERIVED);
roles.add(grouprole);
}
}
return roles;
}
Aggregations