public static boolean isConfigurableAccessPolicyProvider(final Authorizer authorizer) { if (!isManagedAuthorizer(authorizer)) { return false; } final ManagedAuthorizer managedAuthorizer = (ManagedAuthorizer) authorizer; return managedAuthorizer.getAccessPolicyProvider() instanceof ConfigurableAccessPolicyProvider; }
@Override public void checkInheritability(String proposedFingerprint) throws AuthorizationAccessException, UninheritableAuthorizationsException { baseManagedAuthorizer.checkInheritability(proposedFingerprint); }
@Override public String getFingerprint() throws AuthorizationAccessException { return baseManagedAuthorizer.getFingerprint(); }
@Override public void onConfigured(AuthorizerConfigurationContext configurationContext) throws AuthorizerCreationException { baseManagedAuthorizer.onConfigured(configurationContext); final AccessPolicyProvider accessPolicyProvider = baseManagedAuthorizer.getAccessPolicyProvider(); final UserGroupProvider userGroupProvider = accessPolicyProvider.getUserGroupProvider(); // ensure that only one policy per resource-action exists for (AccessPolicy accessPolicy : accessPolicyProvider.getAccessPolicies()) { if (policyExists(accessPolicyProvider, accessPolicy)) { throw new AuthorizerCreationException(String.format("Found multiple policies for '%s' with '%s'.", accessPolicy.getResource(), accessPolicy.getAction())); } } // ensure that only one group exists per identity for (User user : userGroupProvider.getUsers()) { if (tenantExists(userGroupProvider, user.getIdentifier(), user.getIdentity())) { throw new AuthorizerCreationException(String.format("Found multiple users/user groups with identity '%s'.", user.getIdentity())); } } // ensure that only one group exists per identity for (Group group : userGroupProvider.getGroups()) { if (tenantExists(userGroupProvider, group.getIdentifier(), group.getName())) { throw new AuthorizerCreationException(String.format("Found multiple users/user groups with name '%s'.", group.getName())); } } }
existingAuthFingerprint = managedAuthorizer.getFingerprint().getBytes(StandardCharsets.UTF_8); } else { existingAuthFingerprint = null; logger.trace("Inheriting authorizations"); final String proposedAuthFingerprint = new String(proposedFlow.getAuthorizerFingerprint(), StandardCharsets.UTF_8); managedAuthorizer.inheritFingerprint(proposedAuthFingerprint);
@Override public void inheritFingerprint(String fingerprint) throws AuthorizationAccessException { baseManagedAuthorizer.inheritFingerprint(fingerprint); }
@Override public void preDestruction() throws AuthorizerDestructionException { baseManagedAuthorizer.preDestruction(); } };
@Override public void initialize(AuthorizerInitializationContext initializationContext) throws AuthorizerCreationException { baseManagedAuthorizer.initialize(initializationContext); }
@Override public AccessPolicyProvider getAccessPolicyProvider() { final AccessPolicyProvider baseAccessPolicyProvider = baseManagedAuthorizer.getAccessPolicyProvider(); if (baseAccessPolicyProvider instanceof ConfigurableAccessPolicyProvider) { final ConfigurableAccessPolicyProvider baseConfigurableAccessPolicyProvider = (ConfigurableAccessPolicyProvider) baseAccessPolicyProvider;
managedAuthorizer.checkInheritability(new String(proposed, StandardCharsets.UTF_8)); return AuthorizerInheritability.inheritable(); } catch (final UninheritableAuthorizationsException e) {
private byte[] getAuthorizerFingerprint() { final boolean isInternalAuthorizer = AuthorizerCapabilityDetection.isManagedAuthorizer(authorizer); return isInternalAuthorizer ? ((ManagedAuthorizer) authorizer).getFingerprint().getBytes(StandardCharsets.UTF_8) : null; }
public static boolean isAccessPolicyConfigurable(final Authorizer authorizer, final AccessPolicy accessPolicy) { if (!isConfigurableAccessPolicyProvider(authorizer)) { return false; } final ManagedAuthorizer managedAuthorizer = (ManagedAuthorizer) authorizer; final ConfigurableAccessPolicyProvider configurableAccessPolicyProvider = (ConfigurableAccessPolicyProvider) managedAuthorizer.getAccessPolicyProvider(); return configurableAccessPolicyProvider.isConfigurable(accessPolicy); }
public static boolean isConfigurableUserGroupProvider(final Authorizer authorizer) { if (!isManagedAuthorizer(authorizer)) { return false; } final ManagedAuthorizer managedAuthorizer = (ManagedAuthorizer) authorizer; final AccessPolicyProvider accessPolicyProvider = managedAuthorizer.getAccessPolicyProvider(); return accessPolicyProvider.getUserGroupProvider() instanceof ConfigurableUserGroupProvider; }
public static boolean isUserConfigurable(final Authorizer authorizer, final User user) { if (!isConfigurableUserGroupProvider(authorizer)) { return false; } final ManagedAuthorizer managedAuthorizer = (ManagedAuthorizer) authorizer; final ConfigurableUserGroupProvider configurableUserGroupProvider = (ConfigurableUserGroupProvider) managedAuthorizer.getAccessPolicyProvider().getUserGroupProvider(); return configurableUserGroupProvider.isConfigurable(user); }
public static boolean isGroupConfigurable(final Authorizer authorizer, final Group group) { if (!isConfigurableUserGroupProvider(authorizer)) { return false; } final ManagedAuthorizer managedAuthorizer = (ManagedAuthorizer) authorizer; final ConfigurableUserGroupProvider configurableUserGroupProvider = (ConfigurableUserGroupProvider) managedAuthorizer.getAccessPolicyProvider().getUserGroupProvider(); return configurableUserGroupProvider.isConfigurable(group); }
/** * Gets the groups for the user with the specified identity. Returns null if the authorizer is not able to load user groups. * * @param authorizer the authorizer to load the groups from * @param userIdentity the user identity * @return the listing of groups for the user */ public static Set<String> getUserGroups(final Authorizer authorizer, final String userIdentity) { if (authorizer instanceof ManagedAuthorizer) { final ManagedAuthorizer managedAuthorizer = (ManagedAuthorizer) authorizer; final UserGroupProvider userGroupProvider = managedAuthorizer.getAccessPolicyProvider().getUserGroupProvider(); final UserAndGroups userAndGroups = userGroupProvider.getUserAndGroups(userIdentity); final Set<Group> userGroups = userAndGroups.getGroups(); if (userGroups == null || userGroups.isEmpty()) { return Collections.EMPTY_SET; } else { return userAndGroups.getGroups().stream().map(group -> group.getName()).collect(Collectors.toSet()); } } else { return null; } } }
public StandardPolicyBasedAuthorizerDAO(final Authorizer authorizer) { if (AuthorizerCapabilityDetection.isManagedAuthorizer(authorizer)) { accessPolicyProvider = ((ManagedAuthorizer) authorizer).getAccessPolicyProvider(); } else { accessPolicyProvider = new AccessPolicyProvider() {