Example 46 with IPentahoUser
use of org.pentaho.platform.api.engine.security.userroledao.IPentahoUser in project pentaho-platform by pentaho.
the class AbstractJcrBackedUserRoleDao method getUsers.
public List<IPentahoUser> getUsers(Session session, ITenant theTenant, boolean includeSubtenants) throws RepositoryException {
ArrayList<IPentahoUser> users = new ArrayList<IPentahoUser>();
if (theTenant == null || theTenant.getId() == null) {
theTenant = JcrTenantUtils.getTenant();
}
if (TenantUtils.isAccessibleTenant(theTenant)) {
UserManager userMgr = getUserManager(theTenant, session);
pPrincipalName = getJcrName(session);
Iterator<Authorizable> it = userMgr.findAuthorizables(pPrincipalName, null, UserManager.SEARCH_TYPE_USER);
while (it.hasNext()) {
User user = (User) it.next();
IPentahoUser pentahoUser = convertToPentahoUser(user);
if (includeSubtenants) {
users.add(pentahoUser);
} else {
if (pentahoUser.getTenant() != null && pentahoUser.getTenant().equals(theTenant)) {
users.add(pentahoUser);
}
}
}
}
return users;
}
Also used :
IPentahoUser(org.pentaho.platform.api.engine.security.userroledao.IPentahoUser)
User(org.apache.jackrabbit.api.security.user.User)
PentahoUser(org.pentaho.platform.security.userroledao.PentahoUser)
UserManager(org.apache.jackrabbit.api.security.user.UserManager)
ArrayList(java.util.ArrayList)
Authorizable(org.apache.jackrabbit.api.security.user.Authorizable)
IPentahoUser(org.pentaho.platform.api.engine.security.userroledao.IPentahoUser)
Example 47 with IPentahoUser
use of org.pentaho.platform.api.engine.security.userroledao.IPentahoUser in project pentaho-platform by pentaho.
the class AbstractJcrBackedUserRoleDao method canDeleteUser.
/**
* Checks to see if the removal of the received roles and users would cause the system to have no login associated
* with the Admin role. This check is to be made before any changes take place
*
* @return Error message if invalid or null if ok
* @throws RepositoryException
*/
private boolean canDeleteUser(Session session, final IPentahoUser user) throws RepositoryException {
boolean userHasAdminRole = false;
List<IPentahoRole> roles = getUserRoles(null, user.getUsername());
for (IPentahoRole role : roles) {
if (tenantAdminRoleName.equals(role.getName())) {
userHasAdminRole = true;
break;
}
}
if ((isMyself(user.getUsername()) || isDefaultAdminUser(user.getUsername())) && userHasAdminRole) {
throw new RepositoryException(Messages.getInstance().getString("AbstractJcrBackedUserRoleDao.ERROR_0008_UNABLE_TO_DELETE_USER_IS_YOURSELF_OR_DEFAULT_ADMIN_USER"));
}
if (userHasAdminRole) {
List<IPentahoUser> usersWithAdminRole = getRoleMembers(session, null, tenantAdminRoleName);
if (usersWithAdminRole == null) {
throw new RepositoryException(Messages.getInstance().getString("AbstractJcrBackedUserRoleDao.ERROR_0004_LAST_USER_NEEDED_IN_ROLE", tenantAdminRoleName));
}
if (usersWithAdminRole.size() > 1) {
return true;
} else if (usersWithAdminRole.size() == 1) {
return false;
} else {
throw new RepositoryException(Messages.getInstance().getString("AbstractJcrBackedUserRoleDao.ERROR_0004_LAST_USER_NEEDED_IN_ROLE", tenantAdminRoleName));
}
}
return true;
}
Also used :
RepositoryException(javax.jcr.RepositoryException)
IPentahoRole(org.pentaho.platform.api.engine.security.userroledao.IPentahoRole)
IPentahoUser(org.pentaho.platform.api.engine.security.userroledao.IPentahoUser)
Example 48 with IPentahoUser
use of org.pentaho.platform.api.engine.security.userroledao.IPentahoUser in project pentaho-platform by pentaho.
the class UserRoleDaoUserDetailsService method loadUserByUsername.
// ~ Constructors
// ====================================================================================================
// ~ Methods
// =========================================================================================================
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
final boolean ACCOUNT_NON_EXPIRED = true;
final boolean CREDS_NON_EXPIRED = true;
final boolean ACCOUNT_NON_LOCKED = true;
IPentahoUser user;
try {
if (userRoleDao == null) {
userRoleDao = PentahoSystem.get(IUserRoleDao.class, "userRoleDaoProxy", PentahoSessionHolder.getSession());
}
user = userRoleDao.getUser(null, username);
} catch (UncategorizedUserRoleDaoException e) {
throw new UserRoleDaoUserDetailsServiceException(Messages.getInstance().getString("UserRoleDaoUserDetailsService.ERROR_0003_DATA_ACCESS_EXCEPTION"), // $NON-NLS-1$
e);
}
if (user == null) {
throw new UsernameNotFoundException(Messages.getInstance().getString(// $NON-NLS-1$
"UserRoleDaoUserDetailsService.ERROR_0001_USER_NOT_FOUND"));
}
// convert IPentahoUser to a UserDetails instance
List<IPentahoRole> userRoles = userRoleDao.getUserRoles(null, username);
int authsSize = userRoles != null ? userRoles.size() : 0;
GrantedAuthority[] auths = new GrantedAuthority[authsSize];
int i = 0;
for (IPentahoRole role : userRoles) {
auths[i++] = new SimpleGrantedAuthority(role.getName());
}
List<GrantedAuthority> dbAuths = new ArrayList<GrantedAuthority>(Arrays.asList(auths));
addCustomAuthorities(user.getUsername(), dbAuths);
// Store the Tenant ID in the session
IPentahoSession session = PentahoSessionHolder.getSession();
String tenantId = (String) session.getAttribute(IPentahoSession.TENANT_ID_KEY);
if (tenantId == null) {
ITenant tenant = JcrTenantUtils.getTenant(username, true);
session.setAttribute(IPentahoSession.TENANT_ID_KEY, tenant.getId());
}
if (!StringUtils.isEmpty(defaultRoleString)) {
defaultRole = new SimpleGrantedAuthority(defaultRoleString);
}
if (defaultRole != null && !dbAuths.contains(defaultRole)) {
dbAuths.add(defaultRole);
}
if (dbAuths.size() == 0) {
throw new UsernameNotFoundException(Messages.getInstance().getString(// $NON-NLS-1$
"UserRoleDaoUserDetailsService.ERROR_0002_NO_AUTHORITIES"));
}
return new User(user.getUsername(), user.getPassword(), user.isEnabled(), ACCOUNT_NON_EXPIRED, CREDS_NON_EXPIRED, ACCOUNT_NON_LOCKED, dbAuths);
}
Also used :
UsernameNotFoundException(org.springframework.security.core.userdetails.UsernameNotFoundException)
User(org.springframework.security.core.userdetails.User)
IPentahoUser(org.pentaho.platform.api.engine.security.userroledao.IPentahoUser)
IPentahoSession(org.pentaho.platform.api.engine.IPentahoSession)
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
GrantedAuthority(org.springframework.security.core.GrantedAuthority)
ArrayList(java.util.ArrayList)
IUserRoleDao(org.pentaho.platform.api.engine.security.userroledao.IUserRoleDao)
IPentahoUser(org.pentaho.platform.api.engine.security.userroledao.IPentahoUser)
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
ITenant(org.pentaho.platform.api.mt.ITenant)
UncategorizedUserRoleDaoException(org.pentaho.platform.api.engine.security.userroledao.UncategorizedUserRoleDaoException)
IPentahoRole(org.pentaho.platform.api.engine.security.userroledao.IPentahoRole)
Example 49 with IPentahoUser
use of org.pentaho.platform.api.engine.security.userroledao.IPentahoUser in project pentaho-platform by pentaho.
the class UserRoleDaoUserRoleListService method getUsersInRole.
public List<String> getUsersInRole(ITenant tenant, IPentahoRole role, String roleName) {
if (role == null) {
return Collections.emptyList();
}
List<IPentahoUser> users = null;
List<String> usernames = new ArrayList<String>();
if (tenant == null) {
users = userRoleDao.getRoleMembers(null, roleName);
} else {
users = userRoleDao.getRoleMembers(tenant, roleName);
}
for (IPentahoUser user : users) {
usernames.add(user.getUsername());
}
return usernames;
}
Also used :
ArrayList(java.util.ArrayList)
IPentahoUser(org.pentaho.platform.api.engine.security.userroledao.IPentahoUser)
Example 50 with IPentahoUser
use of org.pentaho.platform.api.engine.security.userroledao.IPentahoUser in project pentaho-platform by pentaho.
the class ProxyPentahoUserRoleHelper method syncUsers.
/**
* Synchronizes <code>user</code> with fields from <code>proxyUser</code>. The roles set of given
* <code>user</code> is unmodified.
*/
public static IPentahoUser syncUsers(IPentahoUser user, ProxyPentahoUser proxyUser) {
IPentahoUser syncedUser = user;
if (syncedUser == null) {
syncedUser = new PentahoUser(proxyUser.getName());
}
syncedUser.setDescription(proxyUser.getDescription());
// password is not changed. If the user enters a value, set the password.
if (!StringUtils.isBlank(proxyUser.getPassword())) {
PasswordEncoder encoder = // $NON-NLS-1$
PentahoSystem.get(PasswordEncoder.class, "passwordEncoder", PentahoSessionHolder.getSession());
syncedUser.setPassword(encoder.encodePassword(proxyUser.getPassword(), null));
}
syncedUser.setEnabled(proxyUser.getEnabled());
return syncedUser;
}
Also used :
IPentahoUser(org.pentaho.platform.api.engine.security.userroledao.IPentahoUser)
PentahoUser(org.pentaho.platform.security.userroledao.PentahoUser)
PasswordEncoder(org.springframework.security.authentication.encoding.PasswordEncoder)
IPentahoUser(org.pentaho.platform.api.engine.security.userroledao.IPentahoUser)
Aggregations
IPentahoUser (org.pentaho.platform.api.engine.security.userroledao.IPentahoUser)60
Test (org.junit.Test)23
ArrayList (java.util.ArrayList)16
ITenant (org.pentaho.platform.api.mt.ITenant)15
IUserRoleDao (org.pentaho.platform.api.engine.security.userroledao.IUserRoleDao)13
IPentahoRole (org.pentaho.platform.api.engine.security.userroledao.IPentahoRole)12
NotFoundException (org.pentaho.platform.api.engine.security.userroledao.NotFoundException)11
RepositoryException (javax.jcr.RepositoryException)8
PentahoUser (org.pentaho.platform.security.userroledao.PentahoUser)8
AlreadyExistsException (org.pentaho.platform.api.engine.security.userroledao.AlreadyExistsException)7
HashSet (java.util.HashSet)6
Matchers.anyString (org.mockito.Matchers.anyString)5
IPentahoSession (org.pentaho.platform.api.engine.IPentahoSession)5
IOException (java.io.IOException)4
AccessControlException (javax.jcr.security.AccessControlException)4
Group (org.apache.jackrabbit.api.security.user.Group)4
BeansException (org.springframework.beans.BeansException)4
User (org.apache.jackrabbit.api.security.user.User)3
UncategorizedUserRoleDaoException (org.pentaho.platform.api.engine.security.userroledao.UncategorizedUserRoleDaoException)3
UserListWrapper (org.pentaho.platform.web.http.api.resources.UserListWrapper)3
