Examples with SecurityReference org.xwiki.security.SecurityReference used on opensource projects

Example 6 with SecurityReference

use of org.xwiki.security.SecurityReference in project xwiki-platform by xwiki.

the class DefaultSecurityCacheTest method InsertAccess.

private Map<String, SecurityEntry> InsertAccess() throws ConflictingInsertionException, ParentEntryEvictedException {
    Map<String, SecurityEntry> entries = new HashMap<String, SecurityEntry>();
    // Insert access for simple users
    for (UserSecurityReference user : userRefs) {
        for (SecurityReference ref : entityRefs) {
            SecurityAccessEntry entry = mockSecurityAccessEntry(ref, user);
            String key = AddAccessEntry(entry);
            if (key != null)
                entries.put(key, entry);
        }
        SecurityAccessEntry entry = mockSecurityAccessEntry(user, user);
        String key = AddAccessEntry(entry);
        if (key != null)
            entries.put(key, entry);
    }
    // Insert access for group users
    for (UserSecurityReference user : groupUserRefs) {
        for (SecurityReference ref : entityRefs) {
            SecurityAccessEntry entry = mockSecurityAccessEntry(ref, user);
            String key = AddAccessEntry(entry);
            if (key != null)
                entries.put(key, entry);
        }
        SecurityAccessEntry entry = mockSecurityAccessEntry(user, user);
        String key = AddAccessEntry(entry);
        if (key != null)
            entries.put(key, entry);
    }
    return entries;
}

Example 7 with SecurityReference

use of org.xwiki.security.SecurityReference in project xwiki-platform by xwiki.

the class DefaultSecurityCache method getImmediateGroupsFor.

@Override
public Collection<GroupSecurityReference> getImmediateGroupsFor(UserSecurityReference user) {
    Collection<GroupSecurityReference> groups = new HashSet<>();
    SecurityCacheEntry userEntry = getEntry(user);
    // If the user is not in the cache, or if it is, but not as a user, but as a regular document
    if (userEntry == null || !userEntry.isUser()) {
        // In that case, the ancestors are not fully loaded
        return null;
    }
    for (SecurityCacheEntry parent : userEntry.parents) {
        // Add the parent group (if we have not already seen it)
        SecurityReference parentRef = parent.getEntry().getReference();
        if (parentRef instanceof GroupSecurityReference) {
            groups.add((GroupSecurityReference) parentRef);
        }
    }
    return groups;
}

Example 8 with SecurityReference

use of org.xwiki.security.SecurityReference in project xwiki-platform by xwiki.

the class DefaultSecurityCacheLoader method loadUserEntry.

/**
 * Load rules for a user/group into the cache with relations to immediate groups. Groups should be already loaded,
 * else a ParentEntryEvictedException will be thrown. The parent chain of the loaded user will be loaded as needed.
 *
 * @param user The user/group to load.
 * @param groups The collection of groups associated with the user/group
 * @throws ParentEntryEvictedException if any of the parent entries of the group were evicted.
 * @throws ConflictingInsertionException When different threads have inserted conflicting entries into the cache.
 * @throws org.xwiki.security.authorization.AuthorizationException on error.
 */
private void loadUserEntry(UserSecurityReference user, Collection<GroupSecurityReference> groups) throws ParentEntryEvictedException, ConflictingInsertionException, AuthorizationException {
    // Make sure the parent of the user document is loaded.
    Deque<SecurityReference> chain = user.getReversedSecurityReferenceChain();
    chain.removeLast();
    for (SecurityReference ref : chain) {
        SecurityRuleEntry entry = securityCache.get(ref);
        if (entry == null) {
            entry = securityEntryReader.read(ref);
            securityCache.add(entry);
        }
    }
    SecurityRuleEntry entry = securityEntryReader.read(user);
    securityCache.add(entry, groups);
}

Example 9 with SecurityReference

use of org.xwiki.security.SecurityReference in project xwiki-platform by xwiki.

the class DefaultSecurityCacheLoader method loadAccessEntries.

/**
 * Load group entries, and user entries required, to settle the access, settle it,
 * add this decision into the cache and return the access.
 *
 * @param user The user to check access for.
 * @param entity The lowest entity providing security rules on the path of the entity to check access for.
 * @param ruleEntries The rule entries associated with the above entity.
 * @return The access for the user at the entity (equivalent to the one of the entity to check access for).
 * @throws ParentEntryEvictedException If one of the parent entries are evicted before the load is completed.
 * @throws ConflictingInsertionException When different threads have inserted conflicting entries into the cache.
 * @throws org.xwiki.security.authorization.AuthorizationException On error.
 */
private SecurityAccessEntry loadAccessEntries(UserSecurityReference user, SecurityReference entity, Deque<SecurityRuleEntry> ruleEntries) throws ParentEntryEvictedException, ConflictingInsertionException, AuthorizationException {
    // userWiki is the wiki of the user
    SecurityReference userWiki = user.getWikiReference();
    // entityWiki is the wiki of the entity when the user is global and the entity is local
    SecurityReference entityWiki = user.isGlobal() ? entity.getWikiReference() : null;
    if (entityWiki != null && userWiki.equals(entityWiki)) {
        entityWiki = null;
    }
    // Load user and related groups into the cache (global and shadowed locals) as needed
    Collection<GroupSecurityReference> groups = loadUserEntry(user, userWiki, entityWiki);
    // Settle the access
    SecurityAccessEntry accessEntry = authorizationSettlerProvider.get().settle(user, groups, ruleEntries);
    // Store the result into the cache
    securityCache.add(accessEntry, entityWiki);
    // Return the result
    return accessEntry;
}

Example 10 with SecurityReference

use of org.xwiki.security.SecurityReference in project xwiki-platform by xwiki.

the class DefaultAuthorizationSettlerTest method getMockedSecurityRuleEntries.

private Deque<SecurityRuleEntry> getMockedSecurityRuleEntries(String name, final SecurityReference reference, final List<List<SecurityRule>> ruleEntries) {
    final Deque<SecurityReference> refs = reference.getReversedSecurityReferenceChain();
    final Deque<SecurityRuleEntry> entries = new ArrayDeque<SecurityRuleEntry>(refs.size());
    for (SecurityReference ref : refs) {
        entries.push(mock(SecurityRuleEntry.class, name + ref));
    }
    int i = 0;
    SecurityReference ref = reference;
    for (SecurityRuleEntry entry : entries) {
        List<SecurityRule> rules;
        if (i < ruleEntries.size()) {
            rules = ruleEntries.get(i);
        } else {
            rules = Collections.emptyList();
        }
        when(entry.getReference()).thenReturn(ref);
        when(entry.getRules()).thenReturn(rules);
        when(entry.isEmpty()).thenReturn(rules.size() == 0);
        ref = ref.getParentSecurityReference();
        i++;
    }
    return entries;
}