@Override @Deprecated public OSecurityRole allow(String iResource, int iOperation) { final String resourceSpecific = ORule.mapLegacyResourceToSpecificResource(iResource); final ORule.ResourceGeneric resourceGeneric = ORule.mapLegacyResourceToGenericResource(iResource); if (resourceSpecific == null || resourceSpecific.equals("*")) return allow(resourceGeneric, null, iOperation); return allow(resourceGeneric, resourceSpecific, iOperation); }
public OSecurityRole allow(final ORule.ResourceGeneric resourceGeneric, final String resourceSpecific, final int iOperation) { if (roles.isEmpty()) throw new OSecurityAccessException(getName(), "User '" + getName() + "' has no role defined"); final OSecurityRole role = checkIfAllowed(resourceGeneric, resourceSpecific, iOperation); if (role == null) throw new OSecurityAccessException(getName(), "User '" + getName() + "' does not have permission to execute the operation '" + ORole.permissionToString(iOperation) + "' against the resource: " + resourceGeneric + "." + resourceSpecific); return role; }
@Override @Deprecated public boolean isRuleDefined(String iResource) { final String resourceSpecific = ORule.mapLegacyResourceToSpecificResource(iResource); final ORule.ResourceGeneric resourceGeneric = ORule.mapLegacyResourceToGenericResource(iResource); if (resourceSpecific == null || resourceSpecific.equals("*")) return isRuleDefined(resourceGeneric, null); return isRuleDefined(resourceGeneric, resourceSpecific); }
public void reloadUser() { if (user != null) { activateOnCurrentThread(); if (user.checkIfAllowed(ORule.ResourceGeneric.CLASS, OUser.CLASS_NAME, ORole.PERMISSION_READ) != null) { OMetadata metadata = getMetadata(); if (metadata != null) { final OSecurity security = metadata.getSecurity(); OUser secGetUser = security.getUser(user.getName()); if (secGetUser != null) user = new OImmutableUser(security.getVersion(), secGetUser); else user = new OImmutableUser(-1, new OUser()); } else user = new OImmutableUser(-1, new OUser()); } } }
public void internalOpen(final String iUserName, final String iUserPassword, boolean checkPassword) { try { OSecurity security = metadata.getSecurity(); if (user == null || user.getVersion() != security.getVersion() || !user.getName().equalsIgnoreCase(iUserName)) { final OUser usr; if (checkPassword) { usr = security.authenticate(iUserName, iUserPassword); } else { usr = security.getUser(iUserName); } if (usr != null) user = new OImmutableUser(security.getVersion(), usr); else user = null; checkSecurity(ORule.ResourceGeneric.DATABASE, ORole.PERMISSION_READ); } } catch (OException e) { ODatabaseRecordThreadLocal.instance().remove(); throw e; } catch (Exception e) { ODatabaseRecordThreadLocal.instance().remove(); throw OException.wrapException(new ODatabaseException("Cannot open database url=" + getURL()), e); } }
@Override public String toString() { return getName(); }
@Override @Deprecated public OSecurityRole checkIfAllowed(String iResource, int iOperation) { final String resourceSpecific = ORule.mapLegacyResourceToSpecificResource(iResource); final ORule.ResourceGeneric resourceGeneric = ORule.mapLegacyResourceToGenericResource(iResource); if (resourceSpecific == null || resourceSpecific.equals("*")) return checkIfAllowed(resourceGeneric, null, iOperation); return checkIfAllowed(resourceGeneric, resourceSpecific, iOperation); }
public boolean checkPassword(final String iPassword) { return OSecurityManager.instance().checkPassword(iPassword, getPassword()); }
/** * {@inheritDoc} */ public void setUser(final OSecurityUser user) { checkIfActive(); if (user instanceof OUser) { OMetadata metadata = getMetadata(); if (metadata != null) { final OSecurity security = metadata.getSecurity(); this.user = new OImmutableUser(security.getVersion(), (OUser) user); } else this.user = new OImmutableUser(-1, (OUser) user); } else this.user = (OImmutableUser) user; }
public OSecurityRole checkIfAllowed(final ORule.ResourceGeneric resourceGeneric, final String resourceSpecific, final int iOperation) { for (OImmutableRole r : roles) { if (r == null) OLogManager.instance().warn(this, "User '%s' has a null role, ignoring it. Consider fixing this user's roles before continuing", getName()); else if (r.allow(resourceGeneric, resourceSpecific, iOperation)) return r; } return null; }
/** * {@inheritDoc} */ public <DB extends ODatabaseDocument> DB checkSecurity(final ORule.ResourceGeneric iResourceGeneric, final int iOperation, final Object... iResourcesSpecific) { if (user != null) { try { if (iResourcesSpecific.length != 0) { for (Object target : iResourcesSpecific) { if (target != null) { user.allow(iResourceGeneric, target.toString(), iOperation); } else user.allow(iResourceGeneric, null, iOperation); } } else user.allow(iResourceGeneric, null, iOperation); } catch (OSecurityAccessException e) { if (OLogManager.instance().isDebugEnabled()) OLogManager.instance() .debug(this, "[checkSecurity] User '%s' tried to access the reserved resource '%s', target(s) '%s', operation '%s'", getUser(), iResourceGeneric, Arrays.toString(iResourcesSpecific), iOperation); throw e; } } return (DB) this; }
public boolean isRuleDefined(final ORule.ResourceGeneric resourceGeneric, String resourceSpecific) { for (OImmutableRole r : roles) if (r == null) OLogManager.instance().warn(this, "User '%s' has a null role, ignoring it. Consider fixing this user's roles before continuing", getName()); else if (r.hasRule(resourceGeneric, resourceSpecific)) return true; return false; }
/** * {@inheritDoc} */ public <DB extends ODatabaseDocument> DB checkSecurity(final ORule.ResourceGeneric iResourceGeneric, final int iOperation, final Object iResourceSpecific) { checkOpenness(); if (user != null) { try { if (iResourceSpecific != null) user.allow(iResourceGeneric, iResourceSpecific.toString(), iOperation); else user.allow(iResourceGeneric, null, iOperation); } catch (OSecurityAccessException e) { if (OLogManager.instance().isDebugEnabled()) OLogManager.instance() .debug(this, "[checkSecurity] User '%s' tried to access the reserved resource '%s', target '%s', operation '%s'", getUser(), iResourceGeneric, iResourceSpecific, iOperation); throw e; } } return (DB) this; }
/** * {@inheritDoc} */ public <DB extends ODatabaseDocument> DB checkSecurity(final ORule.ResourceGeneric resourceGeneric, final String resourceSpecific, final int iOperation) { if (user != null) { try { user.allow(resourceGeneric, resourceSpecific, iOperation); } catch (OSecurityAccessException e) { if (OLogManager.instance().isDebugEnabled()) OLogManager.instance() .debug(this, "User '%s' tried to access the reserved resource '%s.%s', operation '%s'", getUser(), resourceGeneric, resourceSpecific, iOperation); throw e; } } return (DB) this; }