Examples with OperationRequest won.auth.model.OperationRequest used on opensource projects

Search in sources :

Example 6 with OperationRequest

use of won.auth.model.OperationRequest in project webofneeds by researchstudio-sat.

the class AclEnforcer method isAccessGranted.

private static boolean isAccessGranted(WonAclEvalContext wonAclEvalContext, Connection con) {
    OperationRequest or = populateOperationRequest(wonAclEvalContext, con);
    AclEvalResult result = wonAclEvalContext.decideAndRemember(or);
    return DecisionValue.ACCESS_GRANTED.equals(result.getDecision());
}
Also used : OperationRequest(won.auth.model.OperationRequest) AclEvalResult(won.auth.model.AclEvalResult)

Example 7 with OperationRequest

use of won.auth.model.OperationRequest in project webofneeds by researchstudio-sat.

the class AclEnforcer method populateOperationRequest.

private static OperationRequest populateOperationRequest(WonAclEvalContext wonAclEvalContext, Connection con) {
    OperationRequest or = wonAclEvalContext.getOperationRequest();
    or.setReqConnection(con.getConnectionURI());
    or.setReqSocket(con.getSocketURI());
    or.setReqSocketType(con.getTypeURI());
    or.setReqConnectionState(AuthUtils.toAuthConnectionState(con.getState()));
    or.setReqConnectionTargetAtom(con.getTargetAtomURI());
    return or;
}
Also used : OperationRequest(won.auth.model.OperationRequest)

Example 8 with OperationRequest

use of won.auth.model.OperationRequest in project webofneeds by researchstudio-sat.

the class AtomService method checkReplaceAllowed.

private void checkReplaceAllowed(Dataset atomContent, URI atomUri, WonAclEvaluator evaluator, OperationRequest request) {
    Iterator<String> graphNames = atomContent.listNames();
    URI aclGraphUri = WonRelativeUriHelper.createAclGraphURIForAtomURI(atomUri);
    URI keyGraphUri = WonRelativeUriHelper.createKeyGraphURIForAtomURI(atomUri);
    OperationRequest or = AuthUtils.cloneShallow(request);
    or.setReqPosition(POSITION_ATOM_GRAPH);
    while (graphNames.hasNext()) {
        String graphName = graphNames.next();
        if (graphName.endsWith(WonMessage.SIGNATURE_URI_GRAPHURI_SUFFIX)) {
            // don't check permissions for signatures
            continue;
        }
        URI graphUri = URI.create(graphName);
        if (aclGraphUri.equals(graphUri)) {
            or.addReqGraphType(GraphType.ACL_GRAPH);
        } else if (keyGraphUri.equals(graphUri)) {
            or.addReqGraphType(GraphType.KEY_GRAPH);
        } else {
            or.addReqGraphType(GraphType.CONTENT_GRAPH);
        }
        or.addReqGraph(graphUri);
    }
    AclEvalResult result = evaluator.decide(or);
    if (DecisionValue.ACCESS_DENIED.equals(result.getDecision())) {
        throw new ForbiddenMessageException("Replace operation is not allowed");
    }
}
Also used : OperationRequest(won.auth.model.OperationRequest) AclEvalResult(won.auth.model.AclEvalResult) URI(java.net.URI)

Example 9 with OperationRequest

use of won.auth.model.OperationRequest in project webofneeds by researchstudio-sat.

the class LinkedDataWebController method readConnectionsOfAtom.

/**
 * Get the RDF for the connections of the specified atom.
 *
 * @param request
 * @param identifier
 * @param deep If true, connection data is added to the model (not only
 * connection URIs). Default: false.
 * @param page taken into account only if client supports paging; in that case
 * the specified page is returned
 * @param resumeBefore taken into account only if client supports paging; in
 * that case the page with connections URIs that precede the connection having
 * resumeBefore is returned
 * @param resumeAfter taken into account only if client supports paging; in that
 * case the page with connections URIs that follow the connection having
 * resumeAfter are returned
 * @param type only connection events of the given type are considered when
 * ordering returned connections. Default: all event types.
 * @param timestamp only connection events that where created before the given
 * time are considered when ordering returned connections. Default: current
 * time.
 * @return
 */
@RequestMapping(value = "${uri.path.data}/atom/{identifier}/c", method = RequestMethod.GET, produces = { "application/ld+json", "application/trig", "application/n-quads" })
public ResponseEntity<Dataset> readConnectionsOfAtom(HttpServletRequest request, HttpServletResponse response, @PathVariable(value = "identifier") String identifier, @RequestParam(value = "socket", required = false) String socket, @RequestParam(value = "targetSocket", required = false) String targetSocket, @RequestParam(value = "deep", defaultValue = "false") boolean deep, @RequestParam(value = "p", required = false) Integer page, @RequestParam(value = "resumebefore", required = false) String resumeBefore, @RequestParam(value = "resumeafter", required = false) String resumeAfter, @RequestParam(value = "type", required = false) String type, @RequestParam(value = "timeof", required = false) String timestamp, @RequestParam(value = "state", required = false) String state) {
    logger.debug("readConnectionsOfAtom() called");
    // TODO: pass aclevaluator and operationRequest down to linkeddataservice as an
    // additional filter
    URI atomUri = uriService.createAtomURIForId(identifier);
    Dataset rdfDataset;
    HttpHeaders headers = new HttpHeaders();
    Integer preferedSize = getPreferredSize(request);
    URI connectionsURI = URI.create(atomUri.toString() + "/c");
    try {
        ConnectionState connectionState = getConnectionState(state);
        WonMessageType eventsType = getMessageType(type);
        DateParameter dateParam = new DateParameter(timestamp);
        String passableQuery = getPassableQueryMap("type", type, "timeof", dateParam.getTimestamp(), "deep", Boolean.toString(deep));
        // paging, return everything:
        if (socket != null && targetSocket != null) {
            rdfDataset = linkedDataService.listConnection(URI.create(socket), URI.create(targetSocket), deep);
        } else if (preferedSize == null) {
            // does not support date and type filtering for clients that do not support
            // paging
            rdfDataset = linkedDataService.listConnections(atomUri, deep, true, connectionState).getContent();
        // if no page or resume parameter is specified, display the latest connections:
        } else if (page == null && resumeBefore == null && resumeAfter == null) {
            AtomInformationService.PagedResource<Dataset, Connection> resource = linkedDataService.listConnections(1, atomUri, preferedSize, eventsType, dateParam.getDate(), deep, true, connectionState);
            rdfDataset = resource.getContent();
            addPagedConnectionResourceInSequenceHeader(headers, connectionsURI, resource, passableQuery);
        } else if (page != null) {
            AtomInformationService.PagedResource<Dataset, Connection> resource = linkedDataService.listConnections(page, atomUri, preferedSize, eventsType, dateParam.getDate(), deep, true, connectionState);
            rdfDataset = resource.getContent();
            addPagedConnectionResourceInSequenceHeader(headers, connectionsURI, resource, page, passableQuery);
        } else {
            // before the specified event id:
            if (resumeBefore != null) {
                URI resumeConnURI;
                try {
                    resumeConnURI = new URI(resumeBefore);
                } catch (URISyntaxException e) {
                    throw new IllegalArgumentException("resumeBefore must be a full, valid connection URI");
                }
                AtomInformationService.PagedResource<Dataset, Connection> resource = linkedDataService.listConnectionsAfter(atomUri, resumeConnURI, preferedSize, eventsType, dateParam.getDate(), deep, true, connectionState);
                rdfDataset = resource.getContent();
                addPagedConnectionResourceInSequenceHeader(headers, connectionsURI, resource, passableQuery);
            // resume after parameter specified - display the connections with activities
            // after the specified event id:
            } else {
                // if (resumeAfter != null)
                URI resumeConnURI;
                try {
                    resumeConnURI = new URI(resumeAfter);
                } catch (URISyntaxException e) {
                    throw new IllegalArgumentException("resumeAfter must be a full, valid connection URI");
                }
                AtomInformationService.PagedResource<Dataset, Connection> resource = linkedDataService.listConnectionsBefore(atomUri, resumeConnURI, preferedSize, eventsType, dateParam.getDate(), deep, true, connectionState);
                rdfDataset = resource.getContent();
                addPagedConnectionResourceInSequenceHeader(headers, connectionsURI, resource, passableQuery);
            }
        }
        WonAclEvalContext ec = WonAclRequestHelper.getWonAclEvaluationContext(request);
        // check if the dataset contains any connections
        if (ec.isModeFilter() && !RdfUtils.toStatementStream(rdfDataset).anyMatch(p -> p.getPredicate().equals(RDFS.member))) {
            // the dataset may be empty because no connections are allowed
            // we don't have a position for all connections in the ACL, so we say: if the
            // user
            // is allowed to see the top level, we show the empty container, otherwise deny
            OperationRequest or = ec.getOperationRequest();
            or.setReqPosition(POSITION_ROOT);
            AclEvalResult result = ec.decideAndRemember(or);
            if (ACCESS_DENIED.equals(result.getDecision())) {
                int statusCode = HttpStatus.FORBIDDEN.value();
                Optional<AclEvalResult> accResult = WonAclRequestHelper.getWonAclEvaluationContext(request).getCombinedResults();
                if (accResult.isPresent()) {
                    WonAclRequestHelper.setAuthInfoAsResponseHeader(response, accResult.get());
                    statusCode = WonAclRequestHelper.getHttpStatusCodeForAclEvaluationResult(accResult.get());
                }
                HttpStatus status = HttpStatus.valueOf(statusCode);
                logger.debug("sending status {}", status);
                // append the required headers
                addMutableResourceHeaders(headers);
                addLocationHeaderIfNecessary(headers, URI.create(request.getRequestURI()), connectionsURI);
                return new ResponseEntity<>(null, headers, status);
            }
        }
        // append the required headers
        addMutableResourceHeaders(headers);
        addLocationHeaderIfNecessary(headers, URI.create(request.getRequestURI()), connectionsURI);
        addCORSHeader(headers);
        return new ResponseEntity<>(rdfDataset, headers, HttpStatus.OK);
    } catch (ParseException e) {
        logger.warn("could not parse timestamp into Date:{}", timestamp);
        return new ResponseEntity<>(HttpStatus.NOT_FOUND);
    } catch (NoSuchAtomException e) {
        logger.warn("did not find atom {}", e.getUnknownAtomURI());
        return new ResponseEntity<>(HttpStatus.NOT_FOUND);
    } catch (NoSuchConnectionException e) {
        logger.warn("did not find connection that should be connected to atom. connection:{}", e.getUnknownConnectionURI());
        return new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR);
    }
}
Also used : HttpHeaders(org.springframework.http.HttpHeaders) NoSuchAtomException(won.protocol.exception.NoSuchAtomException) URISyntaxException(java.net.URISyntaxException) AclEvalResult(won.auth.model.AclEvalResult) URI(java.net.URI) WonAclEvalContext(won.node.springsecurity.acl.WonAclEvalContext) AtomInformationService(won.node.service.persistence.AtomInformationService) HttpStatus(org.springframework.http.HttpStatus) NoSuchConnectionException(won.protocol.exception.NoSuchConnectionException) Dataset(org.apache.jena.query.Dataset) WonMessageType(won.protocol.message.WonMessageType) Connection(won.protocol.model.Connection) OperationRequest(won.auth.model.OperationRequest) ResponseEntity(org.springframework.http.ResponseEntity) ConnectionState(won.protocol.model.ConnectionState) ParseException(java.text.ParseException) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Aggregations

OperationRequest (won.auth.model.OperationRequest)9 AclEvalResult (won.auth.model.AclEvalResult)7 URI (java.net.URI)5 Dataset (org.apache.jena.query.Dataset)3 Graph (org.apache.jena.graph.Graph)2 NoSuchAtomException (won.protocol.exception.NoSuchAtomException)2 Connection (won.protocol.model.Connection)2 URISyntaxException (java.net.URISyntaxException)1 ParseException (java.text.ParseException)1 Instant (java.time.Instant)1 Optional (java.util.Optional)1 Difference (org.apache.jena.graph.compose.Difference)1 Shapes (org.apache.jena.shacl.Shapes)1 Test (org.junit.Test)1 ClassPathResource (org.springframework.core.io.ClassPathResource)1 Resource (org.springframework.core.io.Resource)1 HttpHeaders (org.springframework.http.HttpHeaders)1 HttpStatus (org.springframework.http.HttpStatus)1 ResponseEntity (org.springframework.http.ResponseEntity)1 Transactional (org.springframework.transaction.annotation.Transactional)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial