@Override public ODocument getDocument() { return user.getDocument(); }
public OImmutableUser(long version, OUser user) { this.version = version; this.name = user.getName(); this.password = user.getPassword(); this.status = user.getAccountStatus(); this.rid = user.getIdentity().getIdentity(); this.user = user; for (ORole role : user.getRoles()) { roles.add(new OImmutableRole(role)); } }
public OUser(String iUserName, final String iUserPassword) { super("OUser"); document.field("name", iUserName); setPassword(iUserPassword); setAccountStatus(STATUSES.ACTIVE); }
@Override public String toString() { return getName(); }
@Override public void fromStream(final ODocument iSource) { if (document != null) return; document = iSource; roles = new HashSet<ORole>(); final Collection<ODocument> loadedRoles = iSource.field("roles"); if (loadedRoles != null) for (final ODocument d : loadedRoles) { if (d != null) { ORole role = createRole(d); if (role != null) roles.add(role); } else OLogManager.instance() .warn(this, "User '%s' is declared to have a role that does not exist in the database. Ignoring it.", getName()); } }
private void onDbCreated(ODatabaseDocumentTx db, IOrientDbSettings settings) { if(OrientDbSettings.ADMIN_DEFAULT_USERNAME.equals(settings.getAdminUserName()) && !OrientDbSettings.ADMIN_DEFAULT_PASSWORD.equals(settings.getAdminPassword())) { OUser admin = db.getMetadata().getSecurity().getUser(OrientDbSettings.ADMIN_DEFAULT_USERNAME); admin.setPassword(settings.getAdminPassword()); admin.save(); } if(OrientDbSettings.READER_DEFAULT_USERNAME.equals(settings.getGuestUserName()) && !OrientDbSettings.READER_DEFAULT_PASSWORD.equals(settings.getGuestPassword())) { OUser reader = db.getMetadata().getSecurity().getUser(OrientDbSettings.READER_DEFAULT_USERNAME); reader.setPassword(settings.getGuestPassword()); reader.save(); } }
/** * @return currently signed in {@link OUser}. Returns null in case of no user was signed in. */ public OSecurityUser getUser() { ODocument userDoc = getUserAsODocument(); return userDoc!=null?new OUser(userDoc):null; }
public OUser authenticate(final OToken authToken) { final String dbName = getDatabase().getName(); if (authToken.getIsValid() != true) { throw new OSecurityAccessException(dbName, "Token not valid"); } OUser user = authToken.getUser(getDatabase()); if (user == null && authToken.getUserName() != null) { // Token handler may not support returning an OUser so let's get username (subject) and query: user = getUser(authToken.getUserName()); } if (user == null) { throw new OSecurityAccessException(dbName, "Authentication failed, could not load user from token"); } if (user.getAccountStatus() != STATUSES.ACTIVE) throw new OSecurityAccessException(dbName, "User '" + user.getName() + "' is not active"); return user; }
public OUser authenticate(final String iUserName, final String iUserPassword) { final String dbName = getDatabase().getName(); final OUser user = getUser(iUserName); if (user == null) throw new OSecurityAccessException(dbName, "User or password not valid for database: '" + dbName + "'"); if (user.getAccountStatus() != OSecurityUser.STATUSES.ACTIVE) throw new OSecurityAccessException(dbName, "User '" + iUserName + "' is not active"); if (!(getDatabase().getStorage() instanceof OStorageProxy)) { // CHECK USER & PASSWORD if (!user.checkPassword(iUserPassword)) { // WAIT A BIT TO AVOID BRUTE FORCE try { Thread.sleep(200); } catch (InterruptedException ignore) { Thread.currentThread().interrupt(); } throw new OSecurityAccessException(dbName, "User or password not valid for database: '" + dbName + "'"); } } return user; }
@Test public void testDBClosure() throws Exception { DBClosure<OSecurityUser> adminClosure = new DBClosure<OSecurityUser>() { private static final long serialVersionUID = 1L; @Override protected OSecurityUser execute(ODatabaseDocument db) { assertEquals(db, ODatabaseRecordThreadLocal.instance().get()); return db.getUser(); } }; assertEquals(wicket.getTester().getMetadata().getSecurity().getUser("admin").getIdentity(), adminClosure.execute().getIdentity()); DBClosure<OSecurityUser> readerClosure = new DBClosure<OSecurityUser>("reader", "reader") { private static final long serialVersionUID = 1L; @Override protected OSecurityUser execute(ODatabaseDocument db) { assertEquals(db, ODatabaseRecordThreadLocal.instance().get()); return db.getUser(); } }; assertEquals(wicket.getTester().getMetadata().getSecurity().getUser("reader").getIdentity(), readerClosure.execute().getIdentity()); }
@Override public boolean checkPassword(String userId, String password) { OPersistenceSession session = (OPersistenceSession)getSession(PersistenceSession.class); OUser oUser = session.getDatabase().getMetadata().getSecurity().getUser(userId); return oUser!=null?oUser.checkPassword(password):false; }
@Override @Deprecated public OSecurityRole allow(String iResource, int iOperation) { final String resourceSpecific = ORule.mapLegacyResourceToSpecificResource(iResource); final ORule.ResourceGeneric resourceGeneric = ORule.mapLegacyResourceToGenericResource(iResource); if (resourceSpecific == null || resourceSpecific.equals("*")) return allow(resourceGeneric, null, iOperation); return allow(resourceGeneric, resourceSpecific, iOperation); }
public OUser addRole(final String iRole) { if (iRole != null) addRole(document.getDatabase().getMetadata().getSecurity().getRole(iRole)); return this; }
public STATUSES getAccountStatus() { final String status = (String) document.field("status"); if (status == null) throw new OSecurityException("User '" + getName() + "' has no status"); return STATUSES.valueOf(status); }
/** * @return currently signed in {@link OUser}. Returns null in case of no user was signed in. */ public OSecurityUser getUser() { ODocument userDoc = getUserAsODocument(); return userDoc!=null?new OUser(userDoc):null; }
public OUserSymmetricKeyConfig(final OUser user) { if(user == null) throw new OSecurityException("OUserSymmetricKeyConfig() OUser is null"); OIdentifiable id = user.getIdentity();
/** * Checks if a rule was defined for the user. * * @return True is a rule is defined, otherwise false */ public boolean isRuleDefined(final ORule.ResourceGeneric resourceGeneric, String resourceSpecific) { for (ORole r : roles) if (r == null) OLogManager.instance() .warn(this, "User '%s' has a null role, bypass it. Consider to fix this user roles before to continue", getName()); else if (r.hasRule(resourceGeneric, resourceSpecific)) return true; return false; }
private void updateDefaultOrienteerUsers(ODatabaseDocument db) { OSecurity security = db.getMetadata().getSecurity(); final ODocument admin = security.getUser("admin").getDocument(); admin.field(OrienteerUser.PROP_ID, UUID.randomUUID().toString()); admin.field(OrienteerUser.PROP_EMAIL, "admin@gmail.com"); admin.save(); final ODocument reader = security.getUser("reader").getDocument(); reader.field(OrienteerUser.PROP_ID, UUID.randomUUID().toString()); reader.field(OrienteerUser.PROP_EMAIL, "reader@gmail.com"); reader.save(); final ODocument writer = security.getUser("writer").getDocument(); writer.field(OrienteerUser.PROP_ID, UUID.randomUUID().toString()); writer.field(OrienteerUser.PROP_EMAIL, "writer@gmail.com"); writer.save(); }