public static Set<String> getEffective(final Set<String> allowedRealms, final String requestedRealm) { Set<String> allowed = RealmUtils.normalize(allowedRealms); Set<String> requested = new HashSet<>(); requested.add(requestedRealm); Set<String> effective = new HashSet<>(); effective.addAll(requested.stream().filter(new StartsWithPredicate(allowed)).collect(Collectors.toSet())); effective.addAll(allowed.stream().filter(new StartsWithPredicate(requested)).collect(Collectors.toSet())); // includes dynamic realms if (allowedRealms != null) { effective.addAll(allowedRealms.stream().filter(new DynRealmsPredicate()).collect(Collectors.toSet())); } return effective; }
protected boolean securityChecks(final Set<String> effectiveRealms, final String realm, final String key) { boolean authorized = effectiveRealms.stream().anyMatch(ownedRealm -> realm.startsWith(ownedRealm)); if (!authorized) { AnyDAO<?> anyDAO = this instanceof UserLogic ? userDAO : this instanceof GroupLogic ? groupDAO : anyObjectDAO; authorized = anyDAO.findDynRealms(key).stream(). anyMatch(dynRealm -> effectiveRealms.contains(dynRealm)); } if (!authorized) { throw new DelegatedAdministrationException( realm, (this instanceof UserLogic ? AnyTypeKind.USER : this instanceof GroupLogic ? AnyTypeKind.GROUP : AnyTypeKind.ANY_OBJECT).name(), key); } return effectiveRealms.stream().anyMatch(new RealmUtils.DynRealmsPredicate()); }
@Override protected boolean securityChecks(final Set<String> effectiveRealms, final String realm, final String key) { boolean authorized = effectiveRealms.stream().anyMatch(ownedRealm -> realm.startsWith(ownedRealm) || ownedRealm.equals(RealmUtils.getGroupOwnerRealm(realm, key))); if (!authorized) { authorized = groupDAO.findDynRealms(key).stream(). anyMatch(dynRealm -> effectiveRealms.contains(dynRealm)); } if (!authorized) { throw new DelegatedAdministrationException(realm, AnyTypeKind.GROUP.name(), key); } return effectiveRealms.stream().anyMatch(new RealmUtils.DynRealmsPredicate()); }
public static Set<String> getEffective(final Set<String> allowedRealms, final String requestedRealm) { Set<String> allowed = RealmUtils.normalize(allowedRealms); Set<String> requested = new HashSet<>(); requested.add(requestedRealm); Set<String> effective = new HashSet<>(); effective.addAll(requested.stream().filter(new StartsWithPredicate(allowed)).collect(Collectors.toSet())); effective.addAll(allowed.stream().filter(new StartsWithPredicate(requested)).collect(Collectors.toSet())); // includes dynamic realms if (allowedRealms != null) { effective.addAll(allowedRealms.stream().filter(new DynRealmsPredicate()).collect(Collectors.toSet())); } return effective; }