use of org.osgi.service.useradmin.Role in project felix by apache.
the class MongoDBStore method addRole.
@Override
public Role addRole(String roleName, int type) throws MongoException {
if (roleName == null) {
throw new IllegalArgumentException("Role cannot be null!");
}
DBCollection coll = getCollection();
Role role = getRole(roleName);
if (role != null) {
return null;
}
// Role does not exist; insert it...
DBObject data = m_helper.serialize(roleName, type);
WriteResult result = coll.insert(data);
if (result.getLastError() != null) {
result.getLastError().throwOnError();
}
// FELIX-4400: ensure we return the correct role...
return getRole(roleName);
}
use of org.osgi.service.useradmin.Role in project felix by apache.
the class MongoDBStore method roleChanged.
@Override
public void roleChanged(UserAdminEvent event) {
if (UserAdminEvent.ROLE_CHANGED == event.getType()) {
// Only the changes are interesting, as the creation and
// removal are already caught by #addRole and #removeRole....
Role changedRole = event.getRole();
try {
DBCollection coll = getCollection();
DBObject query = getTemplateObject(changedRole);
DBObject update = m_helper.serializeUpdate(changedRole);
WriteResult result = coll.update(query, update, false, /* upsert */
false);
if (result.getLastError() != null) {
result.getLastError().throwOnError();
}
} catch (MongoException e) {
m_log.log(LogService.LOG_WARNING, "Failed to update changed role: " + changedRole.getName(), e);
}
}
}
use of org.osgi.service.useradmin.Role in project felix by apache.
the class MongoSerializerHelper method deserialize.
/**
* Converts a given {@link DBObject} to a {@link Role} instance.
*
* @param object the {@link DBObject} to convert, cannot be <code>null</code>.
* @return a {@link Role} instance, never <code>null</code>.
*/
public Role deserialize(DBObject object) {
int type = ((Integer) object.get(TYPE)).intValue();
String name = (String) object.get(NAME);
Role result = RoleFactory.createRole(type, name);
// Read the generic properties of the role...
deserializeDictionary(result.getProperties(), (DBObject) object.get(PROPERTIES));
if ((Role.GROUP == type) || (Role.USER == type)) {
// This is safe, as Group extends from User...
deserializeDictionary(((User) result).getCredentials(), (DBObject) object.get(CREDENTIALS));
if (Role.GROUP == type) {
for (Role member : getRoles((BasicDBList) object.get(MEMBERS))) {
((Group) result).addMember(member);
}
for (Role member : getRoles((BasicDBList) object.get(REQUIRED_MEMBERS))) {
((Group) result).addRequiredMember(member);
}
}
}
return result;
}
use of org.osgi.service.useradmin.Role in project felix by apache.
the class AuthorizationImpl method getRoles.
/**
* {@inheritDoc}
*/
public String[] getRoles() {
List result = new ArrayList();
Iterator rolesIter = m_roleManager.getRoles(null).iterator();
while (rolesIter.hasNext()) {
Role role = (Role) rolesIter.next();
if (!Role.USER_ANYONE.equals(role.getName()) && m_roleChecker.isImpliedBy(role, m_user)) {
result.add(role.getName());
}
}
return result.isEmpty() ? null : (String[]) result.toArray(new String[result.size()]);
}
use of org.osgi.service.useradmin.Role in project felix by apache.
the class RoleChecker method isGroupImpliedBy.
/**
* Verifies whether the given group is implied by the given role.
*
* @param group the group to check, cannot be <code>null</code>;
* @param impliedRole the implied role to check for, cannot be <code>null</code>;
* @param seenGroups a list of all seen groups, used for detecting cycles in groups, cannot be <code>null</code>.
* @return <code>true</code> if the given group has the implied role, <code>false</code> otherwise.
*/
private boolean isGroupImpliedBy(Group group, Role impliedRole, List seenGroups) {
Role[] basicRoles = group.getMembers();
Role[] requiredRoles = group.getRequiredMembers();
boolean isImplied = true;
// Check whether all required roles are implied...
for (int i = 0; (requiredRoles != null) && isImplied && (i < requiredRoles.length); i++) {
Role requiredRole = requiredRoles[i];
if (seenGroups.contains(requiredRole)) {
// Found a cycle between groups; always yield false!
return false;
}
if (requiredRole instanceof Group) {
seenGroups.add(requiredRole);
isImplied = isGroupImpliedBy((Group) requiredRole, impliedRole, seenGroups);
} else /* if ((requiredRole instanceof User) || (requiredRole instanceof Role)) */
{
isImplied = isRoleImpliedBy(requiredRole, impliedRole);
}
}
// Required role is not implied by the given role; we can stop now...
if (!isImplied) {
return false;
}
// Ok; all required roles are implied, let's verify whether a least one basic role is implied...
isImplied = false;
// Check whether at least one basic role is implied...
for (int i = 0; (basicRoles != null) && !isImplied && (i < basicRoles.length); i++) {
Role basicRole = (Role) basicRoles[i];
if (seenGroups.contains(basicRole)) {
// Found a cycle between groups; always yield false!
return false;
}
if (basicRole instanceof Group) {
seenGroups.add(basicRole);
isImplied = isGroupImpliedBy((Group) basicRole, impliedRole, seenGroups);
} else /* if ((basicRole instanceof User) || (basicRole instanceof Role)) */
{
isImplied = isRoleImpliedBy(basicRole, impliedRole);
}
}
return isImplied;
}
Aggregations