public Details newTransientDetails(IObject object) throws ApiUsageException, SecurityViolation { checkReady("transientDetails"); return interceptor.newTransientDetails(object); }
public Details checkManagedDetails(IObject object, Details trustedDetails) throws ApiUsageException, SecurityViolation { checkReady("managedDetails"); return interceptor.checkManagedDetails(object, trustedDetails); }
/** * calls back to {@link BasicSecuritySystem#newTransientDetails(IObject)} for * properly setting {@link IObject#getDetails() Details} */ public boolean onSave(Object entity, Serializable id, Object[] state, String[] propertyNames, Type[] types) { debug("Intercepted save."); this.stats.updatedObjects(1); if (entity instanceof IObject) { IObject iobj = (IObject) entity; int idx = HibernateUtils.detailsIndex(propertyNames); Details d = evaluateLinkages(iobj); // Get a new details based on the current context d = newTransientDetails(iobj, d); state[idx] = d; } return true; // transferDetails ALWAYS edits the new entity. }
/** * Simplified factory method which generates all the security primitives * internally. Primarily useful for generated testing instances. * @param sm the session manager * @param sf the session factory * @param cache the session cache * @return a configured security system */ public static BasicSecuritySystem selfConfigure(SessionManager sm, ServiceFactory sf, SessionCache cache) { CurrentDetails cd = new CurrentDetails(cache); SystemTypes st = new SystemTypes(); TokenHolder th = new TokenHolder(); Roles roles = new Roles(); final SessionProvider sessionProvider = new SessionProviderInMemory(roles, new NodeProviderInMemory(""), null); final OmeroInterceptor oi = new OmeroInterceptor(roles, st, new ExtendedMetadata.Impl(), cd, th, new PerSessionStats(cd), new LightAdminPrivileges(roles), null, new HashSet<String>(), new HashSet<String>()); SecurityFilterHolder holder = new SecurityFilterHolder( cd, new OneGroupSecurityFilter(roles), new AllGroupsSecurityFilter(null, roles), new SharingSecurityFilter(roles, null)); BasicSecuritySystem sec = new BasicSecuritySystem(oi, st, cd, sm, sessionProvider, new EventProviderInMemory(), roles, sf, new TokenHolder(), Collections.<SecurityFilter>singletonList(holder), new DefaultPolicyService(), new BasicACLVoter(cd, st, th, holder, sessionProvider, new ReadOnlyStatus(false, false))); return sec; }
public void onCollectionRecreate(Object collection, Serializable key) throws CallbackException { debug("Intercepted collection recreate."); }
private void debug(String msg) { if (log.isDebugEnabled()) { log(msg); } }
Object[] currentState, Object[] previousState, String[] propertyNames, Type[] types) { debug("Intercepted update."); this.stats.updatedObjects(1); boolean altered = false; int idx = HibernateUtils.detailsIndex(propertyNames); Details newDetails = evaluateLinkages(iobj); if (currentPath != null && currentName != null && !(currentPath.equals(previousState[pathIndex]) && currentName.equals(previousState[nameIndex])) && isProblemFilepath(currentPath + currentName)) { throw new SecurityViolation("only administrators may introduce non-canonical OriginalFile path or name"); altered |= resetDetails(iobj, currentState, previousState, idx, newDetails);
altered |= managedOwner(privileged, iobj, previousDetails, currentDetails, newDetails, bec); altered |= managedGroup(privileged, iobj, previousDetails, currentDetails, newDetails, bec); altered |= managedEvent(privileged, iobj, previousDetails, currentDetails, newDetails);
public void onCollectionRemove(Object collection, Serializable key) throws CallbackException { debug("Intercepted collection remove."); }
/** * @see SecuritySystem#newTransientDetails(IObject) */ public Details newTransientDetails(IObject obj) { if (obj == null) { throw new ApiUsageException("Argument cannot be null."); } final Details newDetails = obj.getDetails().newInstance(); return newTransientDetails(obj, newDetails); }
/** * asks {@link BasicSecuritySystem} to create a new managed {@link Details} * based on the previous state of this entity. If the previous state is null * (see ticket:3929) then throw an exception. * * @param entity * IObject to be updated * @param currentState * the possibly changed field data for this entity * @param previousState * the field data as seen in the db * @param idx * the index of Details in the state arrays. */ protected boolean resetDetails(IObject entity, Object[] currentState, Object[] previousState, int idx, Details newDetails) { if (previousState == null) { log.warn(String.format("Null previousState for %s(loaded=%s). Details=%s", entity, entity.isLoaded(), currentState[idx])); throw new InternalException("Previous state is null. Possibly caused by evict. See ticket:3929"); } final Details previous = (Details) previousState[idx]; final Details result = checkManagedDetails(entity, previous, newDetails); if (previous != result) { currentState[idx] = result; return true; } return false; }
/** default logic */ public void onDelete(Object entity, Serializable id, Object[] state, String[] propertyNames, Type[] types) throws CallbackException { debug("Intercepted delete."); EMPTY.onDelete(entity, id, state, propertyNames, types); }
@Transactional(readOnly = true) public Boolean doWork(Session session, ServiceFactory sf) { final OriginalFile file = new OriginalFile(); if (isIntoUserGroup) { final long userGroupId = sf.getAdminService().getSecurityRoles().getUserGroupId(); file.getDetails().setGroup((ome.model.meta.ExperimenterGroup) session.get(ome.model.meta.ExperimenterGroup.class, userGroupId)); } file.setRepo(scripts.getUuid()); /* check with interceptor */ try { interceptor.newTransientDetails(file); } catch (ome.conditions.SecurityViolation sv) { return false; } /* check with ACL voter */ file.setRepo(null); // can never create with repo set return aclVoter.allowCreation(file); } });
/** * @see SecuritySystem#checkManagedDetails(IObject, Details) */ public Details checkManagedDetails(final IObject iobj, final Details previousDetails) { if (iobj == null) { throw new ApiUsageException("Argument cannot be null."); } return checkManagedDetails(iobj, previousDetails, iobj.getDetails().newInstance()); }
/** * default logic, but we may want to use them eventually for * dependency-injection. */ public Object instantiate(String entityName, EntityMode entityMode, Serializable id) throws CallbackException { debug("Intercepted instantiate."); return EMPTY.instantiate(entityName, entityMode, id); }
/** default logic */ public int[] findDirty(Object entity, Serializable id, Object[] currentState, Object[] previousState, String[] propertyNames, Type[] types) { debug("Intercepted dirty check."); return EMPTY.findDirty(entity, id, currentState, previousState, propertyNames, types); }
public void preFlush(Iterator entities) throws CallbackException { debug("Intercepted preFlush."); EMPTY.preFlush(entities); }
public void postFlush(Iterator entities) throws CallbackException { debug("Intercepted postFlush."); if (TransactionSynchronizationManager.isCurrentTransactionReadOnly()) { debug("detected read-only transaction"); } else if (sqlAction != null) { /* read-write transactions may trigger checks */ debug("updating current light administrator privileges"); final Set<AdminPrivilege> privileges = currentUser.current().getCurrentAdminPrivileges(); sqlAction.deleteCurrentAdminPrivileges(); if (CollectionUtils.isNotEmpty(privileges)) { sqlAction.insertCurrentAdminPrivileges(privileges); } } }
/** default logic. */ public boolean onLoad(Object entity, Serializable id, Object[] state, String[] propertyNames, Type[] types) throws CallbackException { debug("Intercepted load."); this.stats.loadedObjects(1); return EMPTY.onLoad(entity, id, state, propertyNames, types); }
public void onCollectionUpdate(Object collection, Serializable key) throws CallbackException { debug("Intercepted collection update."); if (collection instanceof PersistentList) { PersistentList list = (PersistentList) collection;