@Transactional(readOnly = true) @Override public Pair<User, Set<SyncopeGrantedAuthority>> resolve(final JwtClaims jwtClaims) { User user = userDAO.findByUsername(jwtClaims.getSubject()); Set<SyncopeGrantedAuthority> authorities = Collections.emptySet(); if (user != null) { AccessToken accessToken = accessTokenDAO.find(jwtClaims.getTokenId()); if (accessToken != null && accessToken.getAuthorities() != null) { try { authorities = POJOHelper.deserialize( ENCRYPTOR.decode(new String(accessToken.getAuthorities()), CipherAlgorithm.AES), new TypeReference<Set<SyncopeGrantedAuthority>>() { }); } catch (Throwable t) { LOG.error("Could not read stored authorities", t); } } } return Pair.of(user, authorities); } }
@Transactional(readOnly = true) @Override public Pair<User, Set<SyncopeGrantedAuthority>> resolve(final JwtClaims jwtClaims) { User user = userDAO.findByUsername(jwtClaims.getSubject()); Set<SyncopeGrantedAuthority> authorities = Collections.emptySet(); if (user != null) { AccessToken accessToken = accessTokenDAO.find(jwtClaims.getTokenId()); if (accessToken != null && accessToken.getAuthorities() != null) { try { authorities = POJOHelper.deserialize( ENCRYPTOR.decode(new String(accessToken.getAuthorities()), CipherAlgorithm.AES), new TypeReference<Set<SyncopeGrantedAuthority>>() { }); } catch (Throwable t) { LOG.error("Could not read stored authorities", t); } } } return Pair.of(user, authorities); } }
@Override public AnyTypeTO delete(final AnyType anyType) { AnyTypeTO deleted = getAnyTypeTO(anyType); anyTypeDAO.delete(anyType.getKey()); final Set<String> removed = EntitlementsHolder.getInstance().removeFor(deleted.getKey()); if (!adminUser.equals(AuthContextUtils.getUsername())) { AccessToken accessToken = accessTokenDAO.findByOwner(AuthContextUtils.getUsername()); try { Set<SyncopeGrantedAuthority> authorities = new HashSet<>(POJOHelper.deserialize( ENCRYPTOR.decode(new String(accessToken.getAuthorities()), CipherAlgorithm.AES), new TypeReference<Set<SyncopeGrantedAuthority>>() { })); authorities.removeAll(authorities.stream(). filter(authority -> removed.contains(authority.getAuthority())).collect(Collectors.toList())); accessToken.setAuthorities(ENCRYPTOR.encode( POJOHelper.serialize(authorities), CipherAlgorithm.AES). getBytes()); accessTokenDAO.save(accessToken); } catch (Exception e) { LOG.error("Could not fetch or store authorities", e); } } return deleted; }
@Override public AnyType create(final AnyTypeTO anyTypeTO) { AnyType anyType = entityFactory.newEntity(AnyType.class); update(anyType, anyTypeTO); Set<String> added = EntitlementsHolder.getInstance().addFor(anyType.getKey()); if (!adminUser.equals(AuthContextUtils.getUsername())) { AccessToken accessToken = accessTokenDAO.findByOwner(AuthContextUtils.getUsername()); try { Set<SyncopeGrantedAuthority> authorities = new HashSet<>(POJOHelper.deserialize( ENCRYPTOR.decode(new String(accessToken.getAuthorities()), CipherAlgorithm.AES), new TypeReference<Set<SyncopeGrantedAuthority>>() { })); added.forEach(entitlement -> { authorities.add(new SyncopeGrantedAuthority(entitlement, SyncopeConstants.ROOT_REALM)); }); accessToken.setAuthorities(ENCRYPTOR.encode( POJOHelper.serialize(authorities), CipherAlgorithm.AES). getBytes()); accessTokenDAO.save(accessToken); } catch (Exception e) { LOG.error("Could not fetch or store authorities", e); } } return anyType; }