public boolean isInOneOf(Set<?> allowedPrincipals) { Iterator<?> allowedIter = allowedPrincipals.iterator(); HashSet<?> userPrincipals = new HashSet<Object>(getPrincipals()); while (allowedIter.hasNext()) { Iterator<?> userIter = userPrincipals.iterator(); Object allowedPrincipal = allowedIter.next(); while (userIter.hasNext()) { if (allowedPrincipal.equals(userIter.next())) return true; } } return false; }
public void send(ProducerBrokerExchange producerExchange, Message messageSend) throws Exception { final ConnectionContext context = producerExchange.getConnectionContext(); String userID = context.getUserName(); if (isUseAuthenticatePrincipal()) { SecurityContext securityContext = context.getSecurityContext(); if (securityContext != null) { Set<?> principals = securityContext.getPrincipals(); if (principals != null) { for (Object candidate : principals) { if (candidate instanceof UserPrincipal) { userID = ((UserPrincipal)candidate).getName(); break; } } } } } messageSend.setUserID(userID); super.send(producerExchange, messageSend); }
public boolean isInOneOf(Set<?> allowedPrincipals) { Iterator<?> allowedIter = allowedPrincipals.iterator(); HashSet<?> userPrincipals = new HashSet<Object>(getPrincipals()); while (allowedIter.hasNext()) { Iterator<?> userIter = userPrincipals.iterator(); Object allowedPrincipal = allowedIter.next(); while (userIter.hasNext()) { if (allowedPrincipal.equals(userIter.next())) return true; } } return false; }
public boolean isInOneOf(Set<?> allowedPrincipals) { Iterator<?> allowedIter = allowedPrincipals.iterator(); HashSet<?> userPrincipals = new HashSet<Object>(getPrincipals()); while (allowedIter.hasNext()) { Iterator<?> userIter = userPrincipals.iterator(); Object allowedPrincipal = allowedIter.next(); while (userIter.hasNext()) { if (allowedPrincipal.equals(userIter.next())) return true; } } return false; }
public boolean isInOneOf(Set<?> allowedPrincipals) { Iterator<?> allowedIter = allowedPrincipals.iterator(); HashSet<?> userPrincipals = new HashSet<Object>(getPrincipals()); while (allowedIter.hasNext()) { Iterator<?> userIter = userPrincipals.iterator(); Object allowedPrincipal = allowedIter.next(); while (userIter.hasNext()) { if (allowedPrincipal.equals(userIter.next())) return true; } } return false; }
public boolean isInOneOf(Set<?> allowedPrincipals) { Iterator allowedIter = allowedPrincipals.iterator(); HashSet<?> userPrincipals = new HashSet<Object>(getPrincipals()); while (allowedIter.hasNext()) { Iterator userIter = userPrincipals.iterator(); Object allowedPrincipal = allowedIter.next(); while (userIter.hasNext()) { if (allowedPrincipal.equals(userIter.next())) return true; } } return false; }
public boolean handleUserInRole(boolean addition, URI user, URI role) throws BocaException { for (SecurityContext sec : securityContexts) { if (sec.getUserName().equals(user)) { if (addition) { sec.getPrincipals().add(role.toString()); } else { sec.getPrincipals().remove(role.toString()); } sec.getAuthorizedReadDests().clear(); sec.getAuthorizedWriteDests().clear(); } } return true; }
public boolean handleAci(boolean addition, URI namedGraph, URI acl, URI role, Boolean canRead, Boolean canUpdate, Boolean canDelete, Boolean canInsert, Boolean canRemove, Boolean canChangeAcl) throws BocaException { for (SecurityContext sec : securityContexts) { for (Iterator<String> iter = sec.getPrincipals().iterator(); iter.hasNext();) { String principal = iter.next(); if (principal.equals(role)) { if (canRead) { sec.getAuthorizedReadDests().clear(); sec.getAuthorizedWriteDests().clear(); } } } } return true; }
public Destination addDestination(ConnectionContext context, ActiveMQDestination destination) throws Exception { final SecurityContext securityContext = context.getSecurityContext(); if (securityContext == null) throw new SecurityException("User is not authenticated."); // You don't need to be an admin to create temp destinations. if (!destination.isTemporary() || !((ActiveMQTempDestination) destination).getConnectionId().equals(context.getConnectionId().getValue())) { if (destination.getPhysicalName().equals(Constants.NOTIFICATION_UPDATES_QUEUE) || destination.getPhysicalName().equals(Constants.NOTIFICATION_CONTROL_QUEUE)) { if (!securityContext.getPrincipals().contains(Constants.defaultSystemRole)) { throw new SecurityException("User " + securityContext.getUserName() + " is not authorized to create: " + destination); } } } return super.addDestination(context, destination); }
public void removeDestination(ConnectionContext context, ActiveMQDestination destination, long timeout) throws Exception { final SecurityContext securityContext = context.getSecurityContext(); if (securityContext == null) throw new SecurityException("User is not authenticated."); // You don't need to be an admin to remove temp destinations. if (!destination.isTemporary() || !((ActiveMQTempDestination) destination).getConnectionId().equals(context.getConnectionId().getValue())) { if (destination.getPhysicalName().equals(Constants.NOTIFICATION_UPDATES_QUEUE) || destination.getPhysicalName().equals(Constants.NOTIFICATION_CONTROL_QUEUE)) { if (!securityContext.getPrincipals().contains(Constants.defaultSystemRole)) { throw new SecurityException("User " + securityContext.getUserName() + " is not authorized to remove: " + destination); } } } super.removeDestination(context, destination, timeout); }
public void addProducer(ConnectionContext context, ProducerInfo info) throws Exception { SecurityContext subject = context.getSecurityContext(); if (subject == null) throw new SecurityException("User is not authenticated."); if (info.getDestination() != null) { if (info.getDestination().getPhysicalName().equals(Constants.NOTIFICATION_UPDATES_QUEUE)) { if (!subject.getPrincipals().contains(Constants.defaultSystemRole)) { throw new SecurityException("User " + subject.getUserName() + " is not authorized to write to: " + info.getDestination()); } } else if (info.getDestination().getPhysicalName().equals(Constants.NOTIFICATION_CONTROL_QUEUE)) { } else if (info.getDestination().isTemporary()) { if (!subject.getPrincipals().contains(Constants.defaultSystemRole)) { throw new SecurityException("User " + subject.getUserName() + " is not authorized to write to: " + info.getDestination()); } } subject.getAuthorizedWriteDests().put(info.getDestination(), info.getDestination()); } super.addProducer(context, info); }
public Subscription addConsumer(ConnectionContext context, ConsumerInfo info) throws Exception { final SecurityContext subject = context.getSecurityContext(); if (subject == null) throw new SecurityException("User is not authenticated."); if (info.getDestination().getPhysicalName().equals(Constants.NOTIFICATION_UPDATES_QUEUE)) { if (!subject.getPrincipals().contains(Constants.defaultSystemRole)) { throw new SecurityException("User " + subject.getUserName() + " is not authorized to read from: " + info.getDestination()); } } else if (info.getDestination().getPhysicalName().equals(Constants.NOTIFICATION_CONTROL_QUEUE)) { if (!subject.getPrincipals().contains(Constants.defaultSystemRole)) { throw new SecurityException("User " + subject.getUserName() + " is not authorized to read from: " + info.getDestination()); } } if (info.getDestination().isTemporary() && !((ActiveMQTempDestination) info.getDestination()).getConnectionId().equals(context.getConnectionId().getValue())) { throw new SecurityException("User " + subject.getUserName() + " is not authorized to read from: " + info.getDestination()); } subject.getAuthorizedReadDests().put(info.getDestination(), info.getDestination()); return super.addConsumer(context, info); }
public void send(ConnectionContext context, Message messageSend) throws Exception { SecurityContext subject = context.getSecurityContext(); if (subject == null) throw new SecurityException("User is not authenticated."); if (!subject.getAuthorizedWriteDests().contains(messageSend.getDestination())) { if (messageSend.getDestination().getPhysicalName().equals(Constants.NOTIFICATION_UPDATES_QUEUE)) { if (!subject.getPrincipals().contains(Constants.defaultSystemRole)) { throw new SecurityException("User " + subject.getUserName() + " is not authorized to write to: " + messageSend.getDestination()); } } else if (messageSend.getDestination().getPhysicalName().equals(Constants.NOTIFICATION_CONTROL_QUEUE)) { } subject.getAuthorizedWriteDests().put(messageSend.getDestination(), messageSend.getDestination()); } super.send(context, messageSend); }
public void send(ProducerBrokerExchange producerExchange, Message messageSend) throws Exception { final ConnectionContext context = producerExchange.getConnectionContext(); String userID = context.getUserName(); if (isUseAuthenticatePrincipal()) { SecurityContext securityContext = context.getSecurityContext(); if (securityContext != null) { Set<?> principals = securityContext.getPrincipals(); if (principals != null) { for (Object candidate : principals) { if (candidate instanceof UserPrincipal) { userID = ((UserPrincipal)candidate).getName(); break; } } } } } messageSend.setUserID(userID); super.send(producerExchange, messageSend); }
public void send(ProducerBrokerExchange producerExchange, Message messageSend) throws Exception { final ConnectionContext context = producerExchange.getConnectionContext(); String userID = context.getUserName(); if (isUseAuthenticatePrincipal()) { SecurityContext securityContext = context.getSecurityContext(); if (securityContext != null) { Set<?> principals = securityContext.getPrincipals(); if (principals != null) { for (Object candidate : principals) { if (candidate instanceof UserPrincipal) { userID = ((UserPrincipal)candidate).getName(); break; } } } } } messageSend.setUserID(userID); super.send(producerExchange, messageSend); }
public void send(ProducerBrokerExchange producerExchange, Message messageSend) throws Exception { final ConnectionContext context = producerExchange.getConnectionContext(); String userID = context.getUserName(); if (isUseAuthenticatePrincipal()) { SecurityContext securityContext = context.getSecurityContext(); if (securityContext != null) { Set<?> principals = securityContext.getPrincipals(); if (principals != null) { for (Object candidate : principals) { if (candidate instanceof UserPrincipal) { userID = ((UserPrincipal)candidate).getName(); break; } } } } } messageSend.setUserID(userID); super.send(producerExchange, messageSend); }
public void send(ProducerBrokerExchange producerExchange, Message messageSend) throws Exception { final ConnectionContext context = producerExchange.getConnectionContext(); String userID = context.getUserName(); if (isUseAuthenticatePrincipal()) { SecurityContext securityContext = context.getSecurityContext(); if (securityContext != null) { Set<?> principals = securityContext.getPrincipals(); if (principals != null) { for (Object candidate : principals) { if (candidate instanceof UserPrincipal) { userID = ((UserPrincipal)candidate).getName(); break; } } } } } messageSend.setUserID(userID); super.send(producerExchange, messageSend); }