Search in sources :

Example 6 with JpaRole

use of org.opencastproject.security.impl.jpa.JpaRole in project opencast by opencast.

the class JpaUserReferenceProvider method addUserReference.

/**
 * {@inheritDoc}
 */
public void addUserReference(JpaUserReference user, String mechanism) {
    // Create a JPA user with an encoded password.
    Set<JpaRole> roles = UserDirectoryPersistenceUtil.saveRoles(user.getRoles(), emf);
    JpaOrganization organization = UserDirectoryPersistenceUtil.saveOrganization((JpaOrganization) user.getOrganization(), emf);
    JpaUserReference userReference = new JpaUserReference(user.getUsername(), user.getName(), user.getEmail(), mechanism, new Date(), organization, roles);
    // Then save the user reference
    EntityManager em = null;
    EntityTransaction tx = null;
    try {
        em = emf.createEntityManager();
        tx = em.getTransaction();
        tx.begin();
        JpaUserReference foundUserRef = findUserReference(user.getUsername(), user.getOrganization().getId(), emf);
        if (foundUserRef == null) {
            em.persist(userReference);
        } else {
            throw new IllegalStateException("User '" + user.getUsername() + "' already exists");
        }
        tx.commit();
        cache.put(user.getUsername() + DELIMITER + user.getOrganization().getId(), user.toUser(PROVIDER_NAME));
    } finally {
        if (tx.isActive()) {
            tx.rollback();
        }
        if (em != null)
            em.close();
    }
}
Also used : EntityTransaction(javax.persistence.EntityTransaction) EntityManager(javax.persistence.EntityManager) JpaOrganization(org.opencastproject.security.impl.jpa.JpaOrganization) JpaRole(org.opencastproject.security.impl.jpa.JpaRole) JpaUserReference(org.opencastproject.security.impl.jpa.JpaUserReference) Date(java.util.Date)

Example 7 with JpaRole

use of org.opencastproject.security.impl.jpa.JpaRole in project opencast by opencast.

the class JpaUserAndRoleProvider method filterRoles.

/**
 * Select only internal roles
 *
 * @param userRoles
 *          the user's full set of roles
 */
private Set<JpaRole> filterRoles(Set<Role> userRoles) {
    Set<JpaRole> roles = new HashSet<JpaRole>();
    for (Role role : userRoles) {
        if (Role.Type.INTERNAL.equals(role.getType()) && !role.getName().startsWith(Group.ROLE_PREFIX)) {
            JpaRole jpaRole = (JpaRole) role;
            roles.add(jpaRole);
        }
    }
    return roles;
}
Also used : JpaRole(org.opencastproject.security.impl.jpa.JpaRole) Role(org.opencastproject.security.api.Role) JpaRole(org.opencastproject.security.impl.jpa.JpaRole) HashSet(java.util.HashSet)

Example 8 with JpaRole

use of org.opencastproject.security.impl.jpa.JpaRole in project opencast by opencast.

the class JpaGroupRoleProviderTest method setUp.

@Before
public void setUp() throws Exception {
    JpaUser adminUser = new JpaUser("admin", "pass1", org1, "Admin", "admin@localhost", "opencast", true, Collections.set(new JpaRole(SecurityConstants.GLOBAL_ADMIN_ROLE, org1)));
    // Set the security sevice
    SecurityService securityService = EasyMock.createNiceMock(SecurityService.class);
    EasyMock.expect(securityService.getUser()).andReturn(adminUser).anyTimes();
    EasyMock.expect(securityService.getOrganization()).andReturn(org1).anyTimes();
    EasyMock.replay(securityService);
    // Create the message sender service
    MessageSender messageSender = EasyMock.createNiceMock(MessageSender.class);
    messageSender.sendObjectMessage(EasyMock.anyObject(String.class), EasyMock.anyObject(MessageSender.DestinationType.class), EasyMock.anyObject(Serializable.class));
    EasyMock.expectLastCall();
    EasyMock.replay(messageSender);
    provider = new JpaGroupRoleProvider();
    provider.setSecurityService(securityService);
    provider.setMessageSender(messageSender);
    provider.setEntityManagerFactory(newTestEntityManagerFactory(JpaUserAndRoleProvider.PERSISTENCE_UNIT));
    provider.activate(null);
}
Also used : Serializable(java.io.Serializable) SecurityService(org.opencastproject.security.api.SecurityService) MessageSender(org.opencastproject.message.broker.api.MessageSender) JpaRole(org.opencastproject.security.impl.jpa.JpaRole) JpaUser(org.opencastproject.security.impl.jpa.JpaUser) Before(org.junit.Before)

Example 9 with JpaRole

use of org.opencastproject.security.impl.jpa.JpaRole in project opencast by opencast.

the class JpaGroupRoleProviderTest method testUpdateGroupNotAllowedAsNonAdminUser.

@Test
public void testUpdateGroupNotAllowedAsNonAdminUser() throws UnauthorizedException {
    JpaGroup group = new JpaGroup("test", org1, "Test", "Test group", Collections.set(new JpaRole(SecurityConstants.GLOBAL_ADMIN_ROLE, org1)));
    try {
        provider.addGroup(group);
        Group loadGroup = provider.loadGroup(group.getGroupId(), group.getOrganization().getId());
        assertNotNull(loadGroup);
        assertEquals(loadGroup.getGroupId(), loadGroup.getGroupId());
    } catch (Exception e) {
        fail("The group schould be added");
    }
    JpaUser user = new JpaUser("user", "pass1", org1, "User", "user@localhost", "opencast", true, Collections.set(new JpaRole("ROLE_USER", org1)));
    // Set the security sevice
    SecurityService securityService = EasyMock.createNiceMock(SecurityService.class);
    EasyMock.expect(securityService.getUser()).andReturn(user).anyTimes();
    EasyMock.expect(securityService.getOrganization()).andReturn(org1).anyTimes();
    EasyMock.replay(securityService);
    provider.setSecurityService(securityService);
    try {
        // try add ROLE_USER
        Response updateGroupResponse = provider.updateGroup(group.getGroupId(), group.getName(), group.getDescription(), "ROLE_USER, " + SecurityConstants.GLOBAL_ADMIN_ROLE, null);
        assertNotNull(updateGroupResponse);
        assertEquals(HttpStatus.SC_FORBIDDEN, updateGroupResponse.getStatus());
        // try remove ROLE_ADMIN
        updateGroupResponse = provider.updateGroup(group.getGroupId(), group.getName(), group.getDescription(), "ROLE_USER", null);
        assertNotNull(updateGroupResponse);
        assertEquals(HttpStatus.SC_FORBIDDEN, updateGroupResponse.getStatus());
    } catch (NotFoundException e) {
        fail("The existing group isn't found");
    }
}
Also used : JpaGroup(org.opencastproject.security.impl.jpa.JpaGroup) Response(javax.ws.rs.core.Response) JpaGroup(org.opencastproject.security.impl.jpa.JpaGroup) Group(org.opencastproject.security.api.Group) SecurityService(org.opencastproject.security.api.SecurityService) JpaRole(org.opencastproject.security.impl.jpa.JpaRole) NotFoundException(org.opencastproject.util.NotFoundException) JpaUser(org.opencastproject.security.impl.jpa.JpaUser) UnauthorizedException(org.opencastproject.security.api.UnauthorizedException) NotFoundException(org.opencastproject.util.NotFoundException) Test(org.junit.Test)

Example 10 with JpaRole

use of org.opencastproject.security.impl.jpa.JpaRole in project opencast by opencast.

the class JpaGroupRoleProviderTest method testRoles.

@Test
@SuppressWarnings("unchecked")
public void testRoles() throws Exception {
    Set<JpaRole> authorities = new HashSet<JpaRole>();
    authorities.add(new JpaRole("ROLE_ASTRO_101_SPRING_2011_STUDENT", org1));
    authorities.add(new JpaRole("ROLE_ASTRO_109_SPRING_2012_STUDENT", org1));
    Set<String> members = new HashSet<String>();
    members.add("admin");
    JpaGroup group = new JpaGroup("test", org1, "Test", "Test group", authorities, members);
    provider.addGroup(group);
    authorities.clear();
    authorities.add(new JpaRole("ROLE_ASTRO_122_SPRING_2011_STUDENT", org1));
    authorities.add(new JpaRole("ROLE_ASTRO_124_SPRING_2012_STUDENT", org1));
    JpaGroup group2 = new JpaGroup("test2", org1, "Test2", "Test 2 group", authorities, members);
    provider.addGroup(group2);
    authorities.clear();
    authorities.add(new JpaRole("ROLE_ASTRO_134_SPRING_2011_STUDENT", org2));
    authorities.add(new JpaRole("ROLE_ASTRO_144_SPRING_2012_STUDENT", org2));
    JpaGroup group3 = new JpaGroup("test2", org2, "Test2", "Test 2 group", authorities, members);
    provider.addGroup(group3);
    List<Role> roles = IteratorUtils.toList(provider.getRoles());
    Assert.assertEquals("There should be four role", 6, roles.size());
    roles.contains(new JpaRole(group.getRole(), org1));
    roles.contains(new JpaRole(group2.getRole(), org1));
}
Also used : JpaGroup(org.opencastproject.security.impl.jpa.JpaGroup) JpaRole(org.opencastproject.security.impl.jpa.JpaRole) Role(org.opencastproject.security.api.Role) JpaRole(org.opencastproject.security.impl.jpa.JpaRole) HashSet(java.util.HashSet) Test(org.junit.Test)

Aggregations

JpaRole (org.opencastproject.security.impl.jpa.JpaRole)37 HashSet (java.util.HashSet)18 UnauthorizedException (org.opencastproject.security.api.UnauthorizedException)18 JpaUser (org.opencastproject.security.impl.jpa.JpaUser)18 Test (org.junit.Test)16 JpaOrganization (org.opencastproject.security.impl.jpa.JpaOrganization)14 JpaGroup (org.opencastproject.security.impl.jpa.JpaGroup)12 NotFoundException (org.opencastproject.util.NotFoundException)11 Role (org.opencastproject.security.api.Role)9 Path (javax.ws.rs.Path)6 RestQuery (org.opencastproject.util.doc.rest.RestQuery)6 EntityManager (javax.persistence.EntityManager)5 EntityTransaction (javax.persistence.EntityTransaction)4 Group (org.opencastproject.security.api.Group)4 SecurityService (org.opencastproject.security.api.SecurityService)4 User (org.opencastproject.security.api.User)4 Date (java.util.Date)3 POST (javax.ws.rs.POST)3 PUT (javax.ws.rs.PUT)3 JSONArray (org.json.simple.JSONArray)3