/** * Checks that owner is the user bound to the given sessionId. * Ownership is checked by: * - userData equality to the given object * - username equality to the string representation of ownwer * * @param sessionId * @param owner * @return */ public boolean isOwner(String sessionId, Object owner) { UserSession session = sessions.get(sessionId); if(session != null) { return owner.toString().equals(session.getUser().getId()) || owner.equals(session.getUser()); } return false; }
/** * @param id * @param groupName */ public RESTUserGroup(Long id, String groupName, Set<User> users, String description) { this.id = id; this.groupName = groupName; List<RESTUser> list = new ArrayList<RESTUser>(); for(User u : users){ list.add(new RESTUser(u.getId(), u.getName(), u.getRole(), u.getGroups(), true)); } this.restUsers = new UserList(list); this.description = description; }
@Override public UserList getUserList(SecurityContext sc, String nameLike, Integer page, Integer entries, boolean includeAttributes) throws BadRequestWebEx { nameLike = nameLike.replaceAll("[*]", "%"); try { List<User> userList = userService.getAll(page, entries, nameLike, includeAttributes); Iterator<User> iterator = userList.iterator(); List<RESTUser> restUSERList = new ArrayList<RESTUser>(); while (iterator.hasNext()) { User user = iterator.next(); RESTUser restUser = new RESTUser(user.getId(), user.getName(), user.getRole(), user.getGroups(), false); restUSERList.add(restUser); } return new UserList(restUSERList); } catch (BadRequestServiceEx ex) { throw new BadRequestWebEx(ex.getMessage()); } }
@Override protected Authentication checkToken(String token) { if (userSessionService == null) { return null; } User ud = userSessionService.getUserData(token); if(ud != null) { User user; user = userService.get((Long) ud.getId()); if (user != null) { return createAuthenticationForUser(user); } } return null; }
@Override public UserList getAll(SecurityContext sc, Integer page, Integer entries) throws BadRequestWebEx { try { List<User> userList = userService.getAll(page, entries); Iterator<User> iterator = userList.iterator(); List<RESTUser> restUSERList = new ArrayList<RESTUser>(); while (iterator.hasNext()) { User user = iterator.next(); RESTUser restUser = new RESTUser(user.getId(), user.getName(), user.getRole(), user.getGroups(), false); restUSERList.add(restUser); } return new UserList(restUSERList); } catch (BadRequestServiceEx ex) { throw new BadRequestWebEx(ex.getMessage()); } }
@Override public long update(User user) throws NotFoundServiceEx, BadRequestServiceEx { User orig = userDAO.find(user.getId()); throw new NotFoundServiceEx("User not found " + user.getId()); throw new NotFoundServiceEx("At least one User group not found; review the groups associated to the user you want to insert" + user.getId()); return orig.getId();
/** * @param list * @param includeAttributes * @return List<User> */ private List<User> configUserList(List<User> list, boolean includeAttributes) { List<User> uList = new ArrayList<User>(list.size()); for (User user : list) { User u = new User(); u.setGroups(user.getGroups()); u.setId(user.getId()); u.setName(user.getName()); u.setEnabled(user.isEnabled()); u.setPassword(user.getPassword()); u.setRole(user.getRole()); if (includeAttributes) { u.setAttribute(user.getAttribute()); } uList.add(u); } return uList; }
@Override public User get(SecurityContext sc, long id, boolean includeAttributes) throws NotFoundWebEx { if (id == -1) { if (LOGGER.isDebugEnabled()) { LOGGER.debug("Retriving dummy data !"); } // // return test instance // User user = new User(); user.setName("dummy name"); return user; } User authUser = userService.get(id); if (authUser == null) { throw new NotFoundWebEx("User not found"); } User ret = new User(); ret.setId(authUser.getId()); ret.setName(authUser.getName()); // ret.setPassword(authUser.getPassword()); // NO! password should not be sent out of the server! ret.setRole(authUser.getRole()); ret.setEnabled(authUser.isEnabled()); ret.setGroups(removeReservedGroups(authUser.getGroups())); if (includeAttributes) { ret.setAttribute(authUser.getAttribute()); } return ret; }
throw new BadRequestWebEx("User is null"); if (user.getId() != null) { throw new BadRequestWebEx("Id should be null");
public RESTSecurityRule(SecurityRule rule) { if(rule.getUser() != null) { User ruleUser = rule.getUser(); user = new RESTUser(); user.setId(ruleUser.getId()); user.setName(ruleUser.getName()); } if(rule.getGroup() != null) { UserGroup ruleGroup = rule.getGroup(); group = new RESTUserGroup(); group.setId(ruleGroup.getId()); group.setGroupName(ruleGroup.getGroupName()); } canRead = rule.isCanRead(); canWrite = rule.isCanWrite(); }
@Override public User getAuthUserDetails(SecurityContext sc, boolean includeAttributes) { User authUser = extractAuthUser(sc); User ret = null; try { authUser = userService.get(authUser.getName()); if (authUser != null) { if(authUser.getRole().equals(Role.GUEST)){ throw new NotFoundWebEx("User not found"); } ret = new User(); ret.setId(authUser.getId()); ret.setName(authUser.getName()); // ret.setPassword(authUser.getPassword()); // NO! password should not be sent out of the server! ret.setRole(authUser.getRole()); ret.setGroups(authUser.getGroups()); if (includeAttributes) { ret.setAttribute(authUser.getAttribute()); } } } catch (NotFoundServiceEx e) { throw new NotFoundWebEx("User not found"); } return ret; }