@Override public Group addGroup(Group group) throws AuthorizationAccessException { return configurableUserGroupProvider.addGroup(group); }
@Override public User addUser(User user) throws AuthorizationAccessException { return configurableUserGroupProvider.addUser(user); }
@Override public void checkInheritability(String proposedFingerprint) throws AuthorizationAccessException, UninheritableAuthorizationsException { configurableUserGroupProvider.checkInheritability(proposedFingerprint); }
@Override public boolean isConfigurable(User user) { return configurableUserGroupProvider.isConfigurable(user); }
@Override public void inheritFingerprint(String fingerprint) throws AuthorizationAccessException { configurableUserGroupProvider.inheritFingerprint(fingerprint); }
@Override public String getFingerprint() throws AuthorizationAccessException { return configurableUserGroupProvider.getFingerprint(); }
@Override public User getUser(String identifier) throws AuthorizationAccessException { User user = configurableUserGroupProvider.getUser(identifier); if (user == null) { user = super.getUser(identifier); } return user; }
@Override public Group getGroup(String identifier) throws AuthorizationAccessException { Group group = configurableUserGroupProvider.getGroup(identifier); if (group == null) { group = super.getGroup(identifier); } return group; }
@Override public User deleteUser(User user) throws AuthorizationAccessException { return configurableUserGroupProvider.deleteUser(user); }
@Override public Group deleteGroup(Group group) throws AuthorizationAccessException { return configurableUserGroupProvider.deleteGroup(group); }
@Override public boolean isConfigurable(Group group) { return configurableUserGroupProvider.isConfigurable(group); }
@Override public void inheritFingerprint(String fingerprint) throws AuthorizationAccessException { if (StringUtils.isBlank(fingerprint)) { return; } final String userGroupFingerprint = parseFingerprint(fingerprint); if (StringUtils.isNotBlank(userGroupFingerprint) && userGroupProvider instanceof ConfigurableUserGroupProvider) { ((ConfigurableUserGroupProvider) userGroupProvider).inheritFingerprint(userGroupFingerprint); } }
@Override public String getFingerprint() throws AuthorizationAccessException { final StringWriter out = new StringWriter(); try { // create the document final DocumentBuilder documentBuilder = DOCUMENT_BUILDER_FACTORY.newDocumentBuilder(); final Document document = documentBuilder.newDocument(); // create the root element final Element managedRangerAuthorizationsElement = document.createElement("managedRangerAuthorizations"); document.appendChild(managedRangerAuthorizationsElement); // create the user group provider element final Element userGroupProviderElement = document.createElement(USER_GROUP_PROVIDER_ELEMENT); managedRangerAuthorizationsElement.appendChild(userGroupProviderElement); // append fingerprint if the provider is configurable if (userGroupProvider instanceof ConfigurableUserGroupProvider) { userGroupProviderElement.appendChild(document.createTextNode(((ConfigurableUserGroupProvider) userGroupProvider).getFingerprint())); } final Transformer transformer = TransformerFactory.newInstance().newTransformer(); transformer.transform(new DOMSource(document), new StreamResult(out)); } catch (ParserConfigurationException | TransformerException e) { throw new AuthorizationAccessException("Unable to generate fingerprint", e); } return out.toString(); }
/** * Determines whether the specified user is configurable. Provides the opportunity for a ConfigurableUserGroupProvider to prevent * editing of a specific user. By default, all known users are configurable. * * @param user the user * @return is configurable */ default boolean isConfigurable(User user) { if (user == null) { throw new IllegalArgumentException("User cannot be null"); } return getUser(user.getIdentifier()) != null; }
/** * Determines whether the specified group is configurable. Provides the opportunity for a ConfigurableUserGroupProvider to prevent * editing of a specific group. By default, all known groups are configurable. * * @param group the group * @return is configurable */ default boolean isConfigurable(Group group) { if (group == null) { throw new IllegalArgumentException("Group cannot be null"); } return getGroup(group.getIdentifier()) != null; }
@Override public User deleteUser(final String userId) { if (userGroupProvider instanceof ConfigurableUserGroupProvider) { final ConfigurableUserGroupProvider configurableUserGroupProvider = (ConfigurableUserGroupProvider) userGroupProvider; final User user = getUser(userId); final User removedUser = configurableUserGroupProvider.deleteUser(user); // ensure the user was removed if (removedUser == null) { throw new ResourceNotFoundException(String.format("Unable to find user with id '%s'.", userId)); } // remove any references to the user being deleted from policies if possible if (accessPolicyProvider instanceof ConfigurableAccessPolicyProvider) { for (AccessPolicy policy : accessPolicyProvider.getAccessPolicies()) { final ConfigurableAccessPolicyProvider configurableAccessPolicyProvider = (ConfigurableAccessPolicyProvider) accessPolicyProvider; // ensure this policy contains a reference to the user and this policy is configurable (check proactively to prevent an exception) if (policy.getUsers().contains(removedUser.getIdentifier()) && configurableAccessPolicyProvider.isConfigurable(policy)) { final AccessPolicy.Builder builder = new AccessPolicy.Builder(policy).removeUser(removedUser.getIdentifier()); configurableAccessPolicyProvider.updateAccessPolicy(builder.build()); } } } return removedUser; } else { throw new IllegalStateException(MSG_NON_CONFIGURABLE_USERS); } }
@Override public Group deleteUserGroup(final String userGroupId) { if (userGroupProvider instanceof ConfigurableUserGroupProvider) { final ConfigurableUserGroupProvider configurableUserGroupProvider = (ConfigurableUserGroupProvider) userGroupProvider; final Group group = getUserGroup(userGroupId); final Group removedGroup = configurableUserGroupProvider.deleteGroup(group); // ensure the user was removed if (removedGroup == null) { throw new ResourceNotFoundException(String.format("Unable to find user group with id '%s'.", removedGroup)); } // remove any references to the user group being deleted from policies if possible if (accessPolicyProvider instanceof ConfigurableAccessPolicyProvider) { for (AccessPolicy policy : accessPolicyProvider.getAccessPolicies()) { final ConfigurableAccessPolicyProvider configurableAccessPolicyProvider = (ConfigurableAccessPolicyProvider) accessPolicyProvider; // ensure this policy contains a reference to the user group and this policy is configurable (check proactively to prevent an exception) if (policy.getGroups().contains(removedGroup.getIdentifier()) && configurableAccessPolicyProvider.isConfigurable(policy)) { final AccessPolicy.Builder builder = new AccessPolicy.Builder(policy).removeGroup(removedGroup.getIdentifier()); configurableAccessPolicyProvider.updateAccessPolicy(builder.build()); } } } return removedGroup; } else { throw new IllegalStateException(MSG_NON_CONFIGURABLE_USERS); } }
public static boolean isGroupConfigurable(final Authorizer authorizer, final Group group) { if (!isConfigurableUserGroupProvider(authorizer)) { return false; } final ManagedAuthorizer managedAuthorizer = (ManagedAuthorizer) authorizer; final ConfigurableUserGroupProvider configurableUserGroupProvider = (ConfigurableUserGroupProvider) managedAuthorizer.getAccessPolicyProvider().getUserGroupProvider(); return configurableUserGroupProvider.isConfigurable(group); }
@Override public void checkInheritability(String proposedFingerprint) throws AuthorizationAccessException, UninheritableAuthorizationsException { final String userGroupFingerprint = parseFingerprint(proposedFingerprint); if (StringUtils.isNotBlank(userGroupFingerprint)) { if (userGroupProvider instanceof ConfigurableUserGroupProvider) { ((ConfigurableUserGroupProvider) userGroupProvider).checkInheritability(userGroupFingerprint); } else { throw new UninheritableAuthorizationsException("User/Group fingerprint is not blank and the configured UserGroupProvider does not support fingerprinting."); } } }
@Override public void inheritFingerprint(String fingerprint) throws AuthorizationAccessException { if (StringUtils.isBlank(fingerprint)) { return; } final FingerprintHolder fingerprintHolder = parseFingerprint(fingerprint); if (StringUtils.isNotBlank(fingerprintHolder.getPolicyFingerprint()) && accessPolicyProvider instanceof ConfigurableAccessPolicyProvider) { ((ConfigurableAccessPolicyProvider) accessPolicyProvider).inheritFingerprint(fingerprintHolder.getPolicyFingerprint()); } if (StringUtils.isNotBlank(fingerprintHolder.getUserGroupFingerprint()) && userGroupProvider instanceof ConfigurableUserGroupProvider) { ((ConfigurableUserGroupProvider) userGroupProvider).inheritFingerprint(fingerprintHolder.getUserGroupFingerprint()); } }