Examples with AclMetadataPrincipal org.pentaho.platform.repository2.unified.jcr.JcrAclMetadataStrategy.AclMetadataPrincipal used on opensource projects

Search in sources :

Example 1 with AclMetadataPrincipal

use of org.pentaho.platform.repository2.unified.jcr.JcrAclMetadataStrategy.AclMetadataPrincipal in project pentaho-platform by pentaho.

the class SpringSecurityPrincipalProvider method getPrincipal.

/**
 * {@inheritDoc}
 * <p/>
 * <p> Attempts to load user using given {@code principalName} using a Pentaho {@code UserDetailsService}. If it fails
 * to find user, it returns a {@link Group} which will be caught by {@code SpringSecurityLoginModule}. </p>
 */
public synchronized Principal getPrincipal(final String principalName) {
    if (logger.isDebugEnabled()) {
        logger.debug("principalName: [" + principalName + "]");
    }
    checkInitialized();
    Assert.notNull(principalName);
    // specially
    if (AclMetadataPrincipal.isAclMetadataPrincipal(principalName)) {
        return new AclMetadataPrincipal(principalName);
    } else if (adminId.equals(principalName)) {
        return adminPrincipal;
    } else if (anonymousId.equals(principalName)) {
        return anonymousPrincipal;
    } else if (EveryonePrincipal.getInstance().getName().equals(principalName)) {
        return EveryonePrincipal.getInstance();
    } else {
        if (JcrTenantUtils.isTenantedUser(principalName)) {
            // 1. then try the user cache
            if (cacheManager != null) {
                Principal userFromUserCache = (Principal) cacheManager.getFromRegionCache(USER_CACHE_REGION, JcrTenantUtils.getTenantedUser(principalName));
                if (userFromUserCache != null) {
                    if (logger.isTraceEnabled()) {
                        // $NON-NLS-1$ //$NON-NLS-2$
                        logger.trace("user " + principalName + " found in cache");
                    }
                    return userFromUserCache;
                } else {
                    if (logger.isTraceEnabled()) {
                        // $NON-NLS-1$ //$NON-NLS-2$
                        logger.trace("user " + principalName + " not found in cache");
                    }
                }
            } else {
                if (logger.isTraceEnabled()) {
                    logger.trace(" Cache is not available. Will create a principal for user [" + principalName + ']');
                }
            }
            // it may not be necessary to get user's details to emit principal,
            if (skipUserVerification || internalGetUserDetails(principalName) != null) {
                final Principal user = new UserPrincipal(principalName);
                if (cacheManager != null) {
                    cacheManager.putInRegionCache(USER_CACHE_REGION, principalName, user);
                }
                return user;
            }
        } else if (JcrTenantUtils.isTenatedRole(principalName)) {
            // 1. first try the role cache
            if (cacheManager != null) {
                Principal roleFromCache = (Principal) cacheManager.getFromRegionCache(ROLE_CACHE_REGION, JcrTenantUtils.getTenantedRole(principalName));
                if (roleFromCache != null) {
                    if (logger.isTraceEnabled()) {
                        // $NON-NLS-1$ //$NON-NLS-2$
                        logger.trace("role " + principalName + " found in cache");
                    }
                    return roleFromCache;
                } else {
                    if (logger.isTraceEnabled()) {
                        // $NON-NLS-1$ //$NON-NLS-2$
                        logger.trace("role " + principalName + " not found in cache");
                    }
                }
            } else {
                if (logger.isTraceEnabled()) {
                    logger.trace(" Cache is not available. Will create a principal for role [" + principalName + ']');
                }
            }
            // 2. finally just assume role; this assumption serves two purposes:
            // (1) avoid any role search config by the user
            // and (2) performance (if we don't care that a role is not
            // present--why look it up); finally, a Group returned
            // by this class will be caught in
            // SpringSecurityLoginModule.getPrincipal and the login will fail
            final Principal roleToCache = createSpringSecurityRolePrincipal(principalName);
            if (cacheManager != null) {
                cacheManager.putInRegionCache(ROLE_CACHE_REGION, principalName, roleToCache);
            }
            if (logger.isTraceEnabled()) {
                // $NON-NLS-1$ //$NON-NLS-2$
                logger.trace("assuming " + principalName + " is a role");
            }
            return roleToCache;
        }
        return null;
    }
}
Also used : AclMetadataPrincipal(org.pentaho.platform.repository2.unified.jcr.JcrAclMetadataStrategy.AclMetadataPrincipal) EveryonePrincipal(org.apache.jackrabbit.core.security.principal.EveryonePrincipal) AnonymousPrincipal(org.apache.jackrabbit.core.security.AnonymousPrincipal) UserPrincipal(org.apache.jackrabbit.core.security.UserPrincipal) AclMetadataPrincipal(org.pentaho.platform.repository2.unified.jcr.JcrAclMetadataStrategy.AclMetadataPrincipal) AdminPrincipal(org.apache.jackrabbit.core.security.principal.AdminPrincipal) Principal(java.security.Principal) UserPrincipal(org.apache.jackrabbit.core.security.UserPrincipal)

Example 2 with AclMetadataPrincipal

use of org.pentaho.platform.repository2.unified.jcr.JcrAclMetadataStrategy.AclMetadataPrincipal in project pentaho-platform by pentaho.

the class SpringSecurityPrincipalProvider method getGroupMembership.

/**
 * {@inheritDoc}
 * <p/>
 * <p> Called from {@code AbstractLoginModule.getPrincipals()} </p>
 */
public PrincipalIterator getGroupMembership(final Principal principal) {
    checkInitialized();
    Assert.notNull(principal);
    // first handle anonymous and everyone specially
    Set<Principal> groups = new HashSet<Principal>();
    if (principal instanceof AnonymousPrincipal) {
        return PrincipalIteratorAdapter.EMPTY;
    } else if (principal instanceof EveryonePrincipal) {
        return PrincipalIteratorAdapter.EMPTY;
    }
    // metadata principals never have group membership
    if (!(principal instanceof Group) && !(principal instanceof AdminPrincipal) && !(principal instanceof AclMetadataPrincipal)) {
        UserDetails user = internalGetUserDetails(principal.getName());
        if (user == null) {
            return new PrincipalIteratorAdapter(groups);
        }
        for (final GrantedAuthority role : user.getAuthorities()) {
            final String roleAuthority = role.getAuthority();
            Principal fromCache;
            if (cacheManager == null) {
                fromCache = null;
            } else {
                fromCache = (Principal) cacheManager.getFromRegionCache(ROLE_CACHE_REGION, roleAuthority);
            }
            if (fromCache != null) {
                groups.add(fromCache);
            } else {
                groups.add(createSpringSecurityRolePrincipal(roleAuthority));
            }
        }
    }
    groups.add(EveryonePrincipal.getInstance());
    if (logger.isTraceEnabled()) {
        // $NON-NLS-1$ //$NON-NLS-2$
        logger.trace("group membership for principal=" + principal + " is " + groups);
    }
    return new PrincipalIteratorAdapter(groups);
}
Also used : Group(java.security.acl.Group) AdminPrincipal(org.apache.jackrabbit.core.security.principal.AdminPrincipal) AclMetadataPrincipal(org.pentaho.platform.repository2.unified.jcr.JcrAclMetadataStrategy.AclMetadataPrincipal) UserDetails(org.springframework.security.core.userdetails.UserDetails) AnonymousPrincipal(org.apache.jackrabbit.core.security.AnonymousPrincipal) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) GrantedAuthority(org.springframework.security.core.GrantedAuthority) PrincipalIteratorAdapter(org.apache.jackrabbit.core.security.principal.PrincipalIteratorAdapter) EveryonePrincipal(org.apache.jackrabbit.core.security.principal.EveryonePrincipal) AnonymousPrincipal(org.apache.jackrabbit.core.security.AnonymousPrincipal) UserPrincipal(org.apache.jackrabbit.core.security.UserPrincipal) AclMetadataPrincipal(org.pentaho.platform.repository2.unified.jcr.JcrAclMetadataStrategy.AclMetadataPrincipal) AdminPrincipal(org.apache.jackrabbit.core.security.principal.AdminPrincipal) Principal(java.security.Principal) EveryonePrincipal(org.apache.jackrabbit.core.security.principal.EveryonePrincipal) HashSet(java.util.HashSet)

Example 3 with AclMetadataPrincipal

use of org.pentaho.platform.repository2.unified.jcr.JcrAclMetadataStrategy.AclMetadataPrincipal in project pentaho-platform by pentaho.

the class TestPrincipalProvider method getGroupMembership.

/**
 * {@inheritDoc}
 *
 * <p>
 * Called from {@code AbstractLoginModule.getPrincipals()}
 * </p>
 */
@Override
public PrincipalIterator getGroupMembership(Principal principal) {
    if (principal instanceof EveryonePrincipal) {
        return PrincipalIteratorAdapter.EMPTY;
    }
    if (principal instanceof AclMetadataPrincipal) {
        return PrincipalIteratorAdapter.EMPTY;
    }
    Set<Principal> principals = new HashSet<Principal>(roleAssignments.containsKey(principal.getName()) ? roleAssignments.get(principal.getName()) : new HashSet<Principal>());
    principals.add(EveryonePrincipal.getInstance());
    if (principal instanceof AdminPrincipal) {
        principals.add(adminRolePrincipal);
    } else if (principal instanceof UserPrincipal) {
        if (userRoleDao != null) {
            List<IPentahoRole> roles;
            try {
                roles = userRoleDao.getUserRoles(null, principal.getName());
                for (IPentahoRole role : roles) {
                    principals.add(new SpringSecurityRolePrincipal(tenantedRoleNameUtils.getPrincipleId(role.getTenant(), role.getName())));
                }
            } catch (Exception e) {
                roles = userRoleDao.getUserRoles(null, principal.getName());
                for (IPentahoRole role : roles) {
                    principals.add(new SpringSecurityRolePrincipal(tenantedRoleNameUtils.getPrincipleId(role.getTenant(), role.getName())));
                }
            }
        } else {
            if (principal.getName() != null && (principal.getName().startsWith("admin") || principal.getName().startsWith("suzy") || principal.getName().startsWith("tiffany"))) {
                ITenant tenant = tenantedUserNameUtils.getTenant(principal.getName());
                principals.add(new SpringSecurityRolePrincipal(tenantedRoleNameUtils.getPrincipleId(tenant, "Authenticated")));
            }
            if (principal.getName() != null && principal.getName().startsWith("admin")) {
                ITenant tenant = tenantedUserNameUtils.getTenant(principal.getName());
                principals.add(new SpringSecurityRolePrincipal(tenantedRoleNameUtils.getPrincipleId(tenant, "TenantAdmin")));
            }
            if (principal.getName() != null && principal.getName().startsWith("super")) {
                ITenant tenant = tenantedUserNameUtils.getTenant(principal.getName());
                principals.add(new SpringSecurityRolePrincipal(tenantedRoleNameUtils.getPrincipleId(tenant, "SysAdmin")));
            }
        }
    }
    return new PrincipalIteratorAdapter(principals);
}
Also used : PrincipalIteratorAdapter(org.apache.jackrabbit.core.security.principal.PrincipalIteratorAdapter) UserPrincipal(org.apache.jackrabbit.core.security.UserPrincipal) NoSuchWorkspaceException(javax.jcr.NoSuchWorkspaceException) RepositoryException(javax.jcr.RepositoryException) LoginException(javax.jcr.LoginException) AclMetadataPrincipal(org.pentaho.platform.repository2.unified.jcr.JcrAclMetadataStrategy.AclMetadataPrincipal) AdminPrincipal(org.apache.jackrabbit.core.security.principal.AdminPrincipal) ITenant(org.pentaho.platform.api.mt.ITenant) ArrayList(java.util.ArrayList) List(java.util.List) IPentahoRole(org.pentaho.platform.api.engine.security.userroledao.IPentahoRole) EveryonePrincipal(org.apache.jackrabbit.core.security.principal.EveryonePrincipal) EveryonePrincipal(org.apache.jackrabbit.core.security.principal.EveryonePrincipal) AnonymousPrincipal(org.apache.jackrabbit.core.security.AnonymousPrincipal) UserPrincipal(org.apache.jackrabbit.core.security.UserPrincipal) AclMetadataPrincipal(org.pentaho.platform.repository2.unified.jcr.JcrAclMetadataStrategy.AclMetadataPrincipal) AdminPrincipal(org.apache.jackrabbit.core.security.principal.AdminPrincipal) Principal(java.security.Principal) HashSet(java.util.HashSet)

Aggregations

Principal (java.security.Principal)3 AnonymousPrincipal (org.apache.jackrabbit.core.security.AnonymousPrincipal)3 UserPrincipal (org.apache.jackrabbit.core.security.UserPrincipal)3 AdminPrincipal (org.apache.jackrabbit.core.security.principal.AdminPrincipal)3 EveryonePrincipal (org.apache.jackrabbit.core.security.principal.EveryonePrincipal)3 AclMetadataPrincipal (org.pentaho.platform.repository2.unified.jcr.JcrAclMetadataStrategy.AclMetadataPrincipal)3 HashSet (java.util.HashSet)2 PrincipalIteratorAdapter (org.apache.jackrabbit.core.security.principal.PrincipalIteratorAdapter)2 Group (java.security.acl.Group)1 ArrayList (java.util.ArrayList)1 List (java.util.List)1 LoginException (javax.jcr.LoginException)1 NoSuchWorkspaceException (javax.jcr.NoSuchWorkspaceException)1 RepositoryException (javax.jcr.RepositoryException)1 IPentahoRole (org.pentaho.platform.api.engine.security.userroledao.IPentahoRole)1 ITenant (org.pentaho.platform.api.mt.ITenant)1 GrantedAuthority (org.springframework.security.core.GrantedAuthority)1 SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)1 UserDetails (org.springframework.security.core.userdetails.UserDetails)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial