private boolean checkSpecificUserConditions(final String login) { Preconditions.checkState(transactionManager.isTransactionActive(), "Tx user can't be changed outside of transaction"); final ODatabaseDocument db = connectionProvider.get(); final OSecurityUser original = db.getUser(); final boolean userChanged = !original.getName().equals(login); Preconditions.checkState(specificTxUser.get() == null || !userChanged, "Specific user already defined for transaction as '%s'", specificTxUser.get() == null ? null : specificTxUser.get().getName()); return userChanged; }
@Override public void start(RequestCycle cycle) { OrientDbWebSession session = OrientDbWebSession.get(); ODatabaseDocumentInternal db = session.getDatabase(); //It's required to have ability to check security rights locally OSecurityUser oUser = session.getUser(); OSecurityUser dbUser = db.getUser(); if(oUser!=null && oUser.getDocument()!=null && oUser.getDocument().getIdentity()!=null && (!oUser.getDocument().getIdentity().isValid() || dbUser==null || !Objects.equal(dbUser.getName(), oUser.getName()))) { db.setUser(db.getMetadata().getSecurity().getUser(oUser.getName())); } db.begin(); }
/** * Check that all required permissions present for specified resource and specific * @param resource specific resource to secure * @param specific specific resource to secure * @param permissions {@link OrientPermission}s to check * @return true of require resource if allowed for current user */ public static boolean isAllowed(ORule.ResourceGeneric resource, String specific, OrientPermission... permissions) { return OrientDbWebSession.get().getEffectiveUser() .checkIfAllowed(resource, specific, OrientPermission.combinedPermission(permissions))!=null; }
if (currentUser != null) { if (iAllowAll == null || (iAllowAll != null && !iAllowAll.contains(currentUser.getIdentity()))) { if (iAllowOperation != null && iAllowOperation.contains(currentUser.getIdentity())) return true; for (OSecurityRole r : currentUser.getRoles()) {
public ODocument getDefaultPerspective(ODatabaseDocument db, OSecurityUser user) { if(user!=null) { Object perspectiveObj = user.getDocument().field("perspective"); if(perspectiveObj!=null && perspectiveObj instanceof OIdentifiable) return (ODocument)((OIdentifiable)perspectiveObj).getRecord(); Set<? extends OSecurityRole> roles = user.getRoles(); ODocument perspective = null; for (OSecurityRole oRole : roles) { perspective = getPerspectiveForORole(oRole); if(perspective!=null) return perspective; } } ODocument perspective = getPerspectiveByName(db, DEFAULT_PERSPECTIVE); if(perspective==null) { perspective = runtimeRepairDefaultPerspective(); } return perspective; }
public static String getLinkForUser(OSecurityUser user) { return getLinkForUser(user.getDocument()); }
return true; if (database.getUser().isRuleDefined(ORule.ResourceGeneric.BYPASS_RESTRICTED, null)) if (database.getUser().checkIfAllowed(ORule.ResourceGeneric.BYPASS_RESTRICTED, null, ORole.PERMISSION_READ) != null)
@Override public Roles getRoles() { Roles ret = new Roles(); if(isSignedIn()) { Set<? extends OSecurityRole> roles = getUser().getRoles(); for (OSecurityRole oRole : roles) { ret.add(oRole.getName()); OSecurityRole parent = oRole.getParentRole(); while(parent!=null && !ret.contains(parent.getName())) { ret.add(parent.getName()); parent = parent.getParentRole(); } } } return ret; }
protected void bindDefaultContextVariables() { if (context != null) { if (getDatabase() != null && getDatabase().getUser() != null) { context.setVariable(DEFAULT_PARAM_USER, getDatabase().getUser().getIdentity()); } } }
@Override protected ODocument execute(ODatabaseDocument oDatabaseDocument) { ODocument document = user.getDocument(); document = (ODocument) document.reload(); document.field(LAST_SESSION_FIELD, sessionId); document.save(); return document; } }.execute();
final OSecurityUser user = database.getUser(); if (user != null) identity = user.getIdentity(); } else if (identityType.equals("role")) { final Set<? extends OSecurityRole> roles = database.getUser().getRoles(); if (!roles.isEmpty()) identity = roles.iterator().next().getIdentity();
@Override public Roles getRoles() { Roles ret = new Roles(); if(isSignedIn()) { Set<? extends OSecurityRole> roles = getUser().getRoles(); for (OSecurityRole oRole : roles) { ret.add(oRole.getName()); OSecurityRole parent = oRole.getParentRole(); while(parent!=null && !ret.contains(parent.getName())) { ret.add(parent.getName()); parent = parent.getParentRole(); } } } return ret; }
@Test public void testDBClosure() throws Exception { DBClosure<OSecurityUser> adminClosure = new DBClosure<OSecurityUser>() { private static final long serialVersionUID = 1L; @Override protected OSecurityUser execute(ODatabaseDocument db) { assertEquals(db, ODatabaseRecordThreadLocal.instance().get()); return db.getUser(); } }; assertEquals(wicket.getTester().getMetadata().getSecurity().getUser("admin").getIdentity(), adminClosure.execute().getIdentity()); DBClosure<OSecurityUser> readerClosure = new DBClosure<OSecurityUser>("reader", "reader") { private static final long serialVersionUID = 1L; @Override protected OSecurityUser execute(ODatabaseDocument db) { assertEquals(db, ODatabaseRecordThreadLocal.instance().get()); return db.getUser(); } }; assertEquals(wicket.getTester().getMetadata().getSecurity().getUser("reader").getIdentity(), readerClosure.execute().getIdentity()); }
public String getUserName() throws SQLException { database.activateOnCurrentThread(); return database.getUser().getName(); }
@Override public void start(RequestCycle cycle) { OrientDbWebSession session = OrientDbWebSession.get(); ODatabaseDocumentInternal db = session.getDatabase(); //It's required to have ability to check security rights locally OSecurityUser oUser = session.getUser(); OSecurityUser dbUser = db.getUser(); if(oUser!=null && oUser.getDocument()!=null && oUser.getDocument().getIdentity()!=null && (!oUser.getDocument().getIdentity().isValid() || dbUser==null || !Objects.equal(dbUser.getName(), oUser.getName()))) { db.setUser(db.getMetadata().getSecurity().getUser(oUser.getName())); } db.begin(); }
@Override protected ODocument execute(ODatabaseDocument oDatabaseDocument) { ODocument document = user.getDocument(); document = (ODocument) document.reload(); document.field(ONLINE_FIELD, online); document.save(); return document; } }.execute();
/** * Check that all required permissions present for specified resource and specific * @param resource specific resource to secure * @param specific specific resource to secure * @param permissions {@link OrientPermission}s to check * @return true of require resource if allowed for current user */ public static boolean isAllowed(ORule.ResourceGeneric resource, String specific, OrientPermission... permissions) { return OrientDbWebSession.get().getEffectiveUser() .checkIfAllowed(resource, specific, OrientPermission.combinedPermission(permissions))!=null; }
final boolean userChanged = checkSpecificUserConditions(user.getName()); final ODatabaseDocumentInternal db = (ODatabaseDocumentInternal) connectionProvider.get(); final OSecurityUser original = db.getUser(); Throwables.throwIfUnchecked(th); throw new UserActionException(String.format("Failed to perform tx action with user '%s'", user.getName()), th); } finally { if (userChanged) {
assertFalse(tester.isSignedIn()); assertNull(tester.getSession().getUser()); assertContains(tester.getDatabase().getUser().getDocument().toJSON(), getCurrentUser()); tester.signIn("writer", "writer"); assertTrue(tester.isSignedIn()); assertEquals("writer", tester.getSession().getUser().getName()); assertContains("writer", tester.getSession().getUserAsODocument().toJSON()); assertContains(tester.getSession().getUserAsODocument().toJSON(), getCurrentUser()); tester.signOut(); assertFalse(tester.isSignedIn()); assertContains(tester.getDatabase().getUser().getDocument().toJSON(), getCurrentUser()); tester.signIn("admin", "admin"); assertTrue(tester.isSignedIn()); assertEquals("admin", tester.getSession().getUser().getName()); assertContains(tester.getSession().getUserAsODocument().toJSON(),getCurrentUser()); assertContains(tester.getDatabase().getUser().getDocument().toJSON(), getCurrentUser()); assertEquals("admin", tester.getSession().getUser().getName()); assertContains(tester.getSession().getUserAsODocument().toJSON(), currentUser);
@Override public boolean authenticate(String username, String password) { boolean ret = super.authenticate(username, password); OrienteerWebApplication app = OrienteerWebApplication.get(); UserOnlineModule onlineModule = app.getServiceInstance(UserOnlineModule.class); if(ret) { perspective=null; String locale = getDatabase().getUser().getDocument().field(OrienteerLocalizationModule.OPROPERTY_LOCALE); onlineModule.updateOnlineUser(getUser(), true); if (!Strings.isNullOrEmpty(locale)) { Locale localeForLanguage = Locale.forLanguageTag(locale); if (localeForLanguage != null) { OrienteerWebSession.get().setLocale(localeForLanguage); } } onlineModule.updateSessionUser(getUser(), getId()); } return ret; }