/** * Applies policy to the entry given the actual principals that will be applied to the policy entry. * * @param entry * the policy entry to which the policy should be applied * @param permissionType * the type of the permission that the policy will be applied to * @param acls * the principals that represent the actual policy * * @throw IllegalArgumentException if {@code permissionType} is unsupported */ protected void applyAcl(AuthorizationEntry entry, PermissionType permissionType, Set<Object> acls) { switch (permissionType) { case READ: entry.setReadACLs(acls); break; case WRITE: entry.setWriteACLs(acls); break; case ADMIN: entry.setAdminACLs(acls); break; default: throw new IllegalArgumentException("Unknown permission " + permissionType + "."); } }
entry = entries.get(dest); if (entry == null) { entry = new AuthorizationEntry(); entry.setDestination(dest); entries.put(dest, entry);
@Override public Set<Object> getAdminACLs(ActiveMQDestination destination) { Set<AuthorizationEntry> entries = getAllEntries(destination); Set<Object> answer = new WildcardAwareSet<Object>(); // now lets go through each entry adding individual for (Iterator<AuthorizationEntry> iter = entries.iterator(); iter.hasNext();) { AuthorizationEntry entry = iter.next(); answer.addAll(entry.getAdminACLs()); } return answer; }
public void setAdmin(String roles) throws Exception { adminRoles = roles; setAdminACLs(parseACLs(adminRoles)); }
public void setWrite(String roles) throws Exception { writeRoles = roles; setWriteACLs(parseACLs(writeRoles)); }
public void setRead(String roles) throws Exception { readRoles = roles; setReadACLs(parseACLs(readRoles)); }
protected AuthorizationEntry createAuthorizationEntry(KapuaConnectionContext kcc, Acl acl, String address) { AuthorizationEntry authorizationEntry = new AuthorizationEntry(); authorizationEntry.setDestination(ActiveMQDestination.createDestination(address, ActiveMQDestination.TOPIC_TYPE)); Set<Object> writeACLs = new HashSet<>(); Set<Object> readACLs = new HashSet<>(); Set<Object> adminACLs = new HashSet<>(); if (acl.isRead()) { readACLs.add(kcc.getPrincipal()); } if (acl.isWrite()) { writeACLs.add(kcc.getPrincipal()); } if (acl.isAdmin()) { adminACLs.add(kcc.getPrincipal()); } authorizationEntry.setWriteACLs(writeACLs); authorizationEntry.setReadACLs(readACLs); authorizationEntry.setAdminACLs(adminACLs); return authorizationEntry; }
public void afterPropertiesSet() throws Exception { super.afterPropertiesSet(); if (adminRoles != null) { setAdminACLs(parseACLs(adminRoles)); } if (writeRoles != null) { setWriteACLs(parseACLs(writeRoles)); } if (readRoles != null) { setReadACLs(parseACLs(readRoles)); } } }
@Override public Set<Object> getWriteACLs(ActiveMQDestination destination) { Set<AuthorizationEntry> entries = getAllEntries(destination); Set<Object> answer = new WildcardAwareSet<Object>(); // now lets go through each entry adding individual for (Iterator<AuthorizationEntry> iter = entries.iterator(); iter.hasNext();) { AuthorizationEntry entry = iter.next(); answer.addAll(entry.getWriteACLs()); } return answer; }
@Override public Set<Object> getReadACLs(ActiveMQDestination destination) { Set<AuthorizationEntry> entries = getAllEntries(destination); Set<Object> answer = new WildcardAwareSet<Object>(); // now lets go through each entry adding individual for (Iterator<AuthorizationEntry> iter = entries.iterator(); iter.hasNext();) { AuthorizationEntry entry = iter.next(); answer.addAll(entry.getReadACLs()); } return answer; }
AuthorizationEntry entry = entries.remove(oldDest); if (entry != null) { entry.setDestination(newDest); DefaultAuthorizationMap map = this.map.get(); map.put(newDest, entry);
/** * Handler for new policy entries in the directory. * * @param namingEvent * the new entry event that occurred * @param destinationType * the type of the destination to which the event applies * @param permissionType * the permission type to which the event applies */ public void objectAdded(NamingEvent namingEvent, DestinationType destinationType, PermissionType permissionType) { LOG.debug("Adding object: {}", namingEvent.getNewBinding()); SearchResult result = (SearchResult) namingEvent.getNewBinding(); try { DefaultAuthorizationMap map = this.map.get(); LdapName name = new LdapName(result.getName()); AuthorizationEntry entry = getEntry(map, name, destinationType); applyACL(entry, result, permissionType); if (!(entry instanceof TempDestinationAuthorizationEntry)) { map.put(entry.getDestination(), entry); } } catch (InvalidNameException e) { LOG.error("Policy not applied! Error parsing DN for addition of {}", result.getName(), e); } catch (Exception e) { LOG.error("Policy not applied! Error processing object addition for addition of {}", result.getName(), e); } }
public void setAdmin(String roles) throws Exception { adminRoles = roles; setAdminACLs(parseACLs(adminRoles)); }
public void setWrite(String roles) throws Exception { writeRoles = roles; setWriteACLs(parseACLs(writeRoles)); }
public void setRead(String roles) throws Exception { readRoles = roles; setReadACLs(parseACLs(readRoles)); }
public Set<Object> getWriteACLs(ActiveMQDestination destination) { Set<AuthorizationEntry> entries = getAllEntries(destination); Set<Object> answer = new HashSet<Object>(); // now lets go through each entry adding individual for (Iterator<AuthorizationEntry> iter = entries.iterator(); iter.hasNext();) { AuthorizationEntry entry = iter.next(); answer.addAll(entry.getWriteACLs()); } return answer; }
public Set<Object> getReadACLs(ActiveMQDestination destination) { Set<AuthorizationEntry> entries = getAllEntries(destination); Set<Object> answer = new HashSet<Object>(); // now lets go through each entry adding individual for (Iterator<AuthorizationEntry> iter = entries.iterator(); iter.hasNext();) { AuthorizationEntry entry = iter.next(); answer.addAll(entry.getReadACLs()); } return answer; }
AuthorizationEntry entry = entries.remove(oldDest); if (entry != null) { entry.setDestination(newDest); DefaultAuthorizationMap map = this.map.get(); map.put(newDest, entry);
/** * Handler for new policy entries in the directory. * * @param namingEvent * the new entry event that occurred * @param destinationType * the type of the destination to which the event applies * @param permissionType * the permission type to which the event applies */ public void objectAdded(NamingEvent namingEvent, DestinationType destinationType, PermissionType permissionType) { LOG.debug("Adding object: {}", namingEvent.getNewBinding()); SearchResult result = (SearchResult) namingEvent.getNewBinding(); try { DefaultAuthorizationMap map = this.map.get(); LdapName name = new LdapName(result.getName()); AuthorizationEntry entry = getEntry(map, name, destinationType); applyACL(entry, result, permissionType); if (!(entry instanceof TempDestinationAuthorizationEntry)) { map.put(entry.getDestination(), entry); } } catch (InvalidNameException e) { LOG.error("Policy not applied! Error parsing DN for addition of {}", result.getName(), e); } catch (Exception e) { LOG.error("Policy not applied! Error processing object addition for addition of {}", result.getName(), e); } }
/** * Applies policy to the entry given the actual principals that will be applied to the policy entry. * * @param entry * the policy entry to which the policy should be applied * @param permissionType * the type of the permission that the policy will be applied to * @param acls * the principals that represent the actual policy * * @throw IllegalArgumentException if {@code permissionType} is unsupported */ protected void applyAcl(AuthorizationEntry entry, PermissionType permissionType, Set<Object> acls) { switch (permissionType) { case READ: entry.setReadACLs(acls); break; case WRITE: entry.setWriteACLs(acls); break; case ADMIN: entry.setAdminACLs(acls); break; default: throw new IllegalArgumentException("Unknown permission " + permissionType + "."); } }