Examples with AuthorizationManager - org.wso2.carbon.user.api.AuthorizationManager

Example 11 with AuthorizationManager

use of org.wso2.carbon.user.api.AuthorizationManager in project carbon-apimgt by wso2.

the class StandaloneAuthorizationManagerClientTestCase method testIsUserAuthorized.

@Test
public void testIsUserAuthorized() throws Exception {
    StandaloneAuthorizationManagerClient standaloneAuthorizationManagerClient = new StandaloneAuthorizationManagerClient();
    standaloneAuthorizationManagerClient.isUserAuthorized("john", "create");
    Mockito.verify(authorizationManager, Mockito.times(1)).isUserAuthorized("john", "create", CarbonConstants.UI_PERMISSION_ACTION);
}

Also used : StandaloneAuthorizationManagerClient(org.wso2.carbon.apimgt.impl.utils.StandaloneAuthorizationManagerClient) Test(org.junit.Test) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)

Example 12 with AuthorizationManager

use of org.wso2.carbon.user.api.AuthorizationManager in project carbon-apimgt by wso2.

the class APIManagerComponent method setupImagePermissions.

private void setupImagePermissions() throws APIManagementException {
    try {
        AuthorizationManager accessControlAdmin = ServiceReferenceHolder.getInstance().getRealmService().getTenantUserRealm(MultitenantConstants.SUPER_TENANT_ID).getAuthorizationManager();
        String imageLocation = APIUtil.getMountedPath(RegistryContext.getBaseInstance(), RegistryConstants.GOVERNANCE_REGISTRY_BASE_PATH) + APIConstants.API_IMAGE_LOCATION;
        if (!accessControlAdmin.isRoleAuthorized(CarbonConstants.REGISTRY_ANONNYMOUS_ROLE_NAME, imageLocation, ActionConstants.GET)) {
            // Can we get rid of this?
            accessControlAdmin.authorizeRole(CarbonConstants.REGISTRY_ANONNYMOUS_ROLE_NAME, imageLocation, ActionConstants.GET);
        }
    } catch (UserStoreException e) {
        throw new APIManagementException("Error while setting up permissions for image collection", e);
    }
}

Also used : APIManagementException(org.wso2.carbon.apimgt.api.APIManagementException) UserStoreException(org.wso2.carbon.user.api.UserStoreException) AuthorizationManager(org.wso2.carbon.user.api.AuthorizationManager)

Example 13 with AuthorizationManager

use of org.wso2.carbon.user.api.AuthorizationManager in project carbon-apimgt by wso2.

the class APIUtil method loadloadTenantAPIRXT.

/**
 * Load the  API RXT to the registry for tenants
 *
 * @param tenant
 * @param tenantID
 * @throws APIManagementException
 */
public static void loadloadTenantAPIRXT(String tenant, int tenantID) throws APIManagementException {
    RegistryService registryService = ServiceReferenceHolder.getInstance().getRegistryService();
    UserRegistry registry = null;
    try {
        registry = registryService.getGovernanceSystemRegistry(tenantID);
    } catch (RegistryException e) {
        throw new APIManagementException("Error when create registry instance ", e);
    }
    String rxtDir = CarbonUtils.getCarbonHome() + File.separator + "repository" + File.separator + "resources" + File.separator + "rxts";
    File file = new File(rxtDir);
    FilenameFilter filenameFilter = new FilenameFilter() {

        @Override
        public boolean accept(File dir, String name) {
            // if the file extension is .rxt return true, else false
            return name.endsWith(".rxt");
        }
    };
    String[] rxtFilePaths = file.list(filenameFilter);
    if (rxtFilePaths == null) {
        throw new APIManagementException("rxt files not found in directory " + rxtDir);
    }
    for (String rxtPath : rxtFilePaths) {
        String resourcePath = GovernanceConstants.RXT_CONFIGS_PATH + RegistryConstants.PATH_SEPARATOR + rxtPath;
        // This is  "registry" is a governance registry instance, therefore calculate the relative path to governance.
        String govRelativePath = RegistryUtils.getRelativePathToOriginal(resourcePath, APIUtil.getMountedPath(RegistryContext.getBaseInstance(), RegistryConstants.GOVERNANCE_REGISTRY_BASE_PATH));
        try {
            // calculate resource path
            RegistryAuthorizationManager authorizationManager = new RegistryAuthorizationManager(ServiceReferenceHolder.getUserRealm());
            resourcePath = authorizationManager.computePathOnMount(resourcePath);
            org.wso2.carbon.user.api.AuthorizationManager authManager = ServiceReferenceHolder.getInstance().getRealmService().getTenantUserRealm(tenantID).getAuthorizationManager();
            if (registry.resourceExists(govRelativePath)) {
                // set anonymous user permission to RXTs
                authManager.authorizeRole(APIConstants.ANONYMOUS_ROLE, resourcePath, ActionConstants.GET);
                continue;
            }
            String rxt = FileUtil.readFileToString(rxtDir + File.separator + rxtPath);
            Resource resource = registry.newResource();
            resource.setContent(rxt.getBytes(Charset.defaultCharset()));
            resource.setMediaType(APIConstants.RXT_MEDIA_TYPE);
            registry.put(govRelativePath, resource);
            authManager.authorizeRole(APIConstants.ANONYMOUS_ROLE, resourcePath, ActionConstants.GET);
        } catch (UserStoreException e) {
            throw new APIManagementException("Error while adding role permissions to API", e);
        } catch (IOException e) {
            String msg = "Failed to read rxt files";
            throw new APIManagementException(msg, e);
        } catch (RegistryException e) {
            String msg = "Failed to add rxt to registry ";
            throw new APIManagementException(msg, e);
        }
    }
}

Also used : Resource(org.wso2.carbon.registry.core.Resource) APIProductResource(org.wso2.carbon.apimgt.api.model.APIProductResource) APIResource(org.wso2.carbon.apimgt.api.doc.model.APIResource) UserRegistry(org.wso2.carbon.registry.core.session.UserRegistry) IOException(java.io.IOException) RegistryException(org.wso2.carbon.registry.core.exceptions.RegistryException) FilenameFilter(java.io.FilenameFilter) APIManagementException(org.wso2.carbon.apimgt.api.APIManagementException) RegistryAuthorizationManager(org.wso2.carbon.registry.core.jdbc.realm.RegistryAuthorizationManager) UserStoreException(org.wso2.carbon.user.api.UserStoreException) RegistryService(org.wso2.carbon.registry.core.service.RegistryService) ResourceFile(org.wso2.carbon.apimgt.api.model.ResourceFile) File(java.io.File)

Example 14 with AuthorizationManager

use of org.wso2.carbon.user.api.AuthorizationManager in project carbon-apimgt by wso2.

the class TestUtils method mockRegistryAndUserRealm.

public static ServiceReferenceHolder mockRegistryAndUserRealm(int tenantId) throws UserStoreException, RegistryException, XMLStreamException {
    ServiceReferenceHolder sh = getServiceReferenceHolder();
    RealmService realmService = Mockito.mock(RealmService.class);
    TenantManager tm = Mockito.mock(TenantManager.class);
    PowerMockito.when(sh.getRealmService()).thenReturn(realmService);
    PowerMockito.when(realmService.getTenantManager()).thenReturn(tm);
    RegistryService registryService = Mockito.mock(RegistryService.class);
    PowerMockito.when(sh.getRegistryService()).thenReturn(registryService);
    UserRegistry userReg = Mockito.mock(UserRegistry.class);
    PowerMockito.when(registryService.getGovernanceUserRegistry()).thenReturn(userReg);
    UserRegistry systemReg = Mockito.mock(UserRegistry.class);
    PowerMockito.when(registryService.getConfigSystemRegistry()).thenReturn(systemReg);
    UserRealm userRealm = Mockito.mock(UserRealm.class);
    UserRealm bootstrapRealm = Mockito.mock(UserRealm.class);
    PowerMockito.when(systemReg.getUserRealm()).thenReturn(userRealm);
    PowerMockito.doNothing().when(ServiceReferenceHolder.class);
    ServiceReferenceHolder.setUserRealm(userRealm);
    org.wso2.carbon.user.api.UserRealm userR = Mockito.mock(org.wso2.carbon.user.api.UserRealm.class);
    PowerMockito.when(realmService.getTenantUserRealm(-1234)).thenReturn(userR);
    AuthorizationManager authManager = Mockito.mock(AuthorizationManager.class);
    PowerMockito.when(userR.getAuthorizationManager()).thenReturn(authManager);
    PowerMockito.when(realmService.getBootstrapRealm()).thenReturn(bootstrapRealm);
    ServiceReferenceHolder.setUserRealm(bootstrapRealm);
    PowerMockito.when(tm.getTenantId(Matchers.anyString())).thenReturn(tenantId);
    return sh;
}

Also used : ServiceReferenceHolder(org.wso2.carbon.apimgt.impl.internal.ServiceReferenceHolder) UserRealm(org.wso2.carbon.user.core.UserRealm) RealmService(org.wso2.carbon.user.core.service.RealmService) UserRegistry(org.wso2.carbon.registry.core.session.UserRegistry) AuthorizationManager(org.wso2.carbon.user.api.AuthorizationManager) RegistryService(org.wso2.carbon.registry.core.service.RegistryService) TenantManager(org.wso2.carbon.user.core.tenant.TenantManager)

Example 15 with AuthorizationManager

use of org.wso2.carbon.user.api.AuthorizationManager in project carbon-apimgt by wso2.

the class RegistryPersistenceUtil method getAuthorizedRoles.

public static String[] getAuthorizedRoles(String apiPath, String tenantDomain) throws UserStoreException {
    String resourcePath = RegistryUtils.getAbsolutePath(RegistryContext.getBaseInstance(), getMountedPath(RegistryContext.getBaseInstance(), RegistryConstants.GOVERNANCE_REGISTRY_BASE_PATH) + apiPath);
    if (!MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(tenantDomain)) {
        int tenantId = ServiceReferenceHolder.getInstance().getRealmService().getTenantManager().getTenantId(tenantDomain);
        AuthorizationManager authManager = ServiceReferenceHolder.getInstance().getRealmService().getTenantUserRealm(tenantId).getAuthorizationManager();
        return authManager.getAllowedRolesForResource(resourcePath, ActionConstants.GET);
    } else {
        RegistryAuthorizationManager authorizationManager = new RegistryAuthorizationManager(ServiceReferenceHolder.getUserRealm());
        return authorizationManager.getAllowedRolesForResource(resourcePath, ActionConstants.GET);
    }
}

Also used : RegistryAuthorizationManager(org.wso2.carbon.registry.core.jdbc.realm.RegistryAuthorizationManager) RegistryAuthorizationManager(org.wso2.carbon.registry.core.jdbc.realm.RegistryAuthorizationManager) AuthorizationManager(org.wso2.carbon.user.api.AuthorizationManager)

Aggregations

AuthorizationManager (org.wso2.carbon.user.api.AuthorizationManager)11 RegistryAuthorizationManager (org.wso2.carbon.registry.core.jdbc.realm.RegistryAuthorizationManager)10 APIManagementException (org.wso2.carbon.apimgt.api.APIManagementException)7 Resource (org.wso2.carbon.registry.core.Resource)7 UserStoreException (org.wso2.carbon.user.api.UserStoreException)7 Test (org.junit.Test)4 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)4 RegistryException (org.wso2.carbon.registry.core.exceptions.RegistryException)4 RegistryService (org.wso2.carbon.registry.core.service.RegistryService)4 UserRegistry (org.wso2.carbon.registry.core.session.UserRegistry)4 RealmService (org.wso2.carbon.user.core.service.RealmService)4 APIProductResource (org.wso2.carbon.apimgt.api.model.APIProductResource)3 ServiceReferenceHolder (org.wso2.carbon.apimgt.impl.internal.ServiceReferenceHolder)3 UserRealm (org.wso2.carbon.user.api.UserRealm)3 File (java.io.File)2 FilenameFilter (java.io.FilenameFilter)2 IOException (java.io.IOException)2 APIResource (org.wso2.carbon.apimgt.api.doc.model.APIResource)2 API (org.wso2.carbon.apimgt.api.model.API)2 SubscribedAPI (org.wso2.carbon.apimgt.api.model.SubscribedAPI)2