private Authorities getAuthorities(final JsonObject user) { final AuthoritiesImpl result = new AuthoritiesImpl(); user.getJsonArray(FIELD_AUTHORITIES).forEach(obj -> { final String authority = (String) obj; final Authorities roleAuthorities = roles.get(authority); if (roleAuthorities != null) { result.addAll(roleAuthorities); } }); return result; }
/** * Adds an authority to execute an operation. * * @param resource The resource the operation belongs to. * @param operation The operation. * @return This instance for command chaining. */ public AuthoritiesImpl addOperation(final String resource, final String operation) { return addOperation(resource, null, operation); }
/** * Adds an authority to perform one or more activities on a resource. * * @param resource The resource. * @param activities The activities. * @return This instance for command chaining. */ public AuthoritiesImpl addResource(final String resource, final Activity... activities) { return addResource(resource, null, activities); }
private Authorities toAuthorities(final JsonArray authorities) { final AuthoritiesImpl result = new AuthoritiesImpl(); Objects.requireNonNull(authorities).stream() .filter(obj -> obj instanceof JsonObject) result.addResource(resource, activityList.toArray(new Activity[activityList.size()])); } else if (operation != null) { final String[] parts = operation.split(":", 2); if (parts.length == 2) { result.addOperation(parts[0], parts[1]); } else { log.debug("ignoring malformed operation spec [{}], operation name missing", operation);
/** * Creates authorities from claims from a JWT. * * @param claims The claims object to retrieve authorities from. * @return The authorities. * @throws NullPointerException is claims is {@code null}. */ public static Authorities from(final Claims claims) { Objects.requireNonNull(claims); final AuthoritiesImpl result = new AuthoritiesImpl(); claims.forEach((key, value) -> { if ((key.startsWith(PREFIX_OPERATION) || key.startsWith(PREFIX_RESOURCE)) && value instanceof String) { LOG.trace("adding claim [key: {}, value: {}]", key, value); result.authorities.put(key, (String) value); } else { LOG.trace("ignoring unsupported claim [key: {}]", key); } }); return result; }
@Override public boolean isAuthorized(final ResourceIdentifier resource, final Activity intent) { boolean allowed = false; if (resource.getResourceId() != null) { allowed = isAuthorized(String.format(resTemplate, resource.toString()), intent); } if (!allowed && resource.getTenantId() != null) { allowed = isAuthorized(String.format(resTemplate, resource.getEndpoint() + "/" + resource.getTenantId()), intent) || isAuthorized(String.format(resTemplate, resource.getEndpoint() + "/*"), intent); } if (!allowed) { allowed = isAuthorized(String.format(resTemplate, resource.getEndpoint()), intent) || isAuthorized(String.format(resTemplate, "*"), intent); } return allowed; }
/** * Adds an authority to execute an operation. * * @param endpoint The endpoint segment of the resource the operation belongs to. * @param tenant The tenant segment of the resource the operation belongs to. * @param operation The operation. * @return This instance for command chaining. */ public AuthoritiesImpl addOperation(final String endpoint, final String tenant, final String operation) { authorities.put(getOperationKey(endpoint, tenant, operation), String.valueOf(Activity.EXECUTE.getCode())); return this; }
private HonoUserImpl(final Jws<Claims> expandedToken, final String token) { Objects.requireNonNull(expandedToken); Objects.requireNonNull(token); if (expandedToken.getBody() == null) { throw new IllegalArgumentException("token has no claims"); } this.token = token; this.expandedToken = expandedToken; this.authorities = AuthoritiesImpl.from(expandedToken.getBody()); }
/** * Adds an authority to perform one or more activities on a resource. * * @param endpoint The endpoint segment of the resource. * @param tenant The tenant segment of the resource. * @param activities The activities. * @return This instance for command chaining. */ public AuthoritiesImpl addResource(final String endpoint, final String tenant, final Activity... activities) { final StringBuilder b = new StringBuilder(); for (final Activity a : activities) { b.append(a.getCode()); } authorities.put(getResourceKey(endpoint, tenant), b.toString()); return this; }
/** * Verifies that the helper can create a token for a given set of * authorities and can then parse the token again. */ @Test public void testCreateAndExpandToken() { final Authorities authorities = new AuthoritiesImpl() .addResource("telemetry", "*", Activity.READ, Activity.WRITE) .addOperation("registration", "*", "assert"); final String token = helper.createToken("userA", authorities); final Jws<Claims> parsedToken = helper.expand(token); assertNotNull(parsedToken.getBody()); } }
/** * Creates authorities from claims from a JWT. * * @param claims The claims object to retrieve authorities from. * @return The authorities. * @throws NullPointerException is claims is {@code null}. */ public static Authorities from(final Claims claims) { Objects.requireNonNull(claims); final AuthoritiesImpl result = new AuthoritiesImpl(); claims.forEach((key, value) -> { if ((key.startsWith(PREFIX_OPERATION) || key.startsWith(PREFIX_RESOURCE)) && value instanceof String) { LOG.trace("adding claim [key: {}, value: {}]", key, value); result.authorities.put(key, (String) value); } else { LOG.trace("ignoring unsupported claim [key: {}]", key); } }); return result; }
@Override public boolean isAuthorized(final ResourceIdentifier resource, final Activity intent) { boolean allowed = false; if (resource.getResourceId() != null) { allowed = isAuthorized(String.format(resTemplate, resource.toString()), intent); } if (!allowed && resource.getTenantId() != null) { allowed = isAuthorized(String.format(resTemplate, resource.getEndpoint() + "/" + resource.getTenantId()), intent) || isAuthorized(String.format(resTemplate, resource.getEndpoint() + "/*"), intent); } if (!allowed) { allowed = isAuthorized(String.format(resTemplate, resource.getEndpoint()), intent) || isAuthorized(String.format(resTemplate, "*"), intent); } return allowed; }
/** * Adds an authority to execute an operation. * * @param endpoint The endpoint segment of the resource the operation belongs to. * @param tenant The tenant segment of the resource the operation belongs to. * @param operation The operation. * @return This instance for command chaining. */ public AuthoritiesImpl addOperation(final String endpoint, final String tenant, final String operation) { authorities.put(getOperationKey(endpoint, tenant, operation), String.valueOf(Activity.EXECUTE.getCode())); return this; }
private HonoUserImpl(final Jws<Claims> expandedToken, final String token) { Objects.requireNonNull(expandedToken); Objects.requireNonNull(token); if (expandedToken.getBody() == null) { throw new IllegalArgumentException("token has no claims"); } this.token = token; this.expandedToken = expandedToken; this.authorities = AuthoritiesImpl.from(expandedToken.getBody()); }
/** * Adds an authority to perform one or more activities on a resource. * * @param endpoint The endpoint segment of the resource. * @param tenant The tenant segment of the resource. * @param activities The activities. * @return This instance for command chaining. */ public AuthoritiesImpl addResource(final String endpoint, final String tenant, final Activity... activities) { final StringBuilder b = new StringBuilder(); for (final Activity a : activities) { b.append(a.getCode()); } authorities.put(getResourceKey(endpoint, tenant), b.toString()); return this; }
/** * Adds an authority to execute an operation. * * @param resource The resource the operation belongs to. * @param operation The operation. * @return This instance for command chaining. */ public AuthoritiesImpl addOperation(final String resource, final String operation) { return addOperation(resource, null, operation); }
/** * Adds an authority to perform one or more activities on a resource. * * @param resource The resource. * @param activities The activities. * @return This instance for command chaining. */ public AuthoritiesImpl addResource(final String resource, final Activity... activities) { return addResource(resource, null, activities); }
@Override public boolean isAuthorized(final ResourceIdentifier resource, final String operation) { boolean allowed = false; if (resource.getResourceId() != null) { allowed = isAuthorized(String.format(opTemplate, resource.toString(), operation), Activity.EXECUTE) || isAuthorized(String.format(opTemplate, resource.toString(), "*"), Activity.EXECUTE); } if (!allowed && resource.getTenantId() != null) { allowed = isAuthorized(String.format(opTemplate, resource.getEndpoint() + "/" + resource.getTenantId(), operation), Activity.EXECUTE) || isAuthorized(String.format(opTemplate, resource.getEndpoint() + "/" + resource.getTenantId(), "*"), Activity.EXECUTE) || isAuthorized(String.format(opTemplate, resource.getEndpoint() + "/*", operation), Activity.EXECUTE) || isAuthorized(String.format(opTemplate, resource.getEndpoint() + "/*", "*"), Activity.EXECUTE); } if (!allowed) { allowed = isAuthorized(String.format(opTemplate, resource.getEndpoint(), operation), Activity.EXECUTE) || isAuthorized(String.format(opTemplate, resource.getEndpoint(), "*"), Activity.EXECUTE) || isAuthorized(String.format(opTemplate, "*", operation), Activity.EXECUTE) || isAuthorized(String.format(opTemplate, "*", "*"), Activity.EXECUTE); } return allowed; }
@Override public boolean isAuthorized(final ResourceIdentifier resource, final String operation) { boolean allowed = false; if (resource.getResourceId() != null) { allowed = isAuthorized(String.format(opTemplate, resource.toString(), operation), Activity.EXECUTE) || isAuthorized(String.format(opTemplate, resource.toString(), "*"), Activity.EXECUTE); } if (!allowed && resource.getTenantId() != null) { allowed = isAuthorized(String.format(opTemplate, resource.getEndpoint() + "/" + resource.getTenantId(), operation), Activity.EXECUTE) || isAuthorized(String.format(opTemplate, resource.getEndpoint() + "/" + resource.getTenantId(), "*"), Activity.EXECUTE) || isAuthorized(String.format(opTemplate, resource.getEndpoint() + "/*", operation), Activity.EXECUTE) || isAuthorized(String.format(opTemplate, resource.getEndpoint() + "/*", "*"), Activity.EXECUTE); } if (!allowed) { allowed = isAuthorized(String.format(opTemplate, resource.getEndpoint(), operation), Activity.EXECUTE) || isAuthorized(String.format(opTemplate, resource.getEndpoint(), "*"), Activity.EXECUTE) || isAuthorized(String.format(opTemplate, "*", operation), Activity.EXECUTE) || isAuthorized(String.format(opTemplate, "*", "*"), Activity.EXECUTE); } return allowed; }