@Override protected boolean securityChecks(final Set<String> effectiveRealms, final String realm, final String key) { boolean authorized = effectiveRealms.stream().anyMatch(ownedRealm -> realm.startsWith(ownedRealm) || ownedRealm.equals(RealmUtils.getGroupOwnerRealm(realm, key))); if (!authorized) { authorized = groupDAO.findDynRealms(key).stream(). anyMatch(dynRealm -> effectiveRealms.contains(dynRealm)); } if (!authorized) { throw new DelegatedAdministrationException(realm, AnyTypeKind.GROUP.name(), key); } return effectiveRealms.stream().anyMatch(new RealmUtils.DynRealmsPredicate()); }
@Override protected void securityChecks(final Group group) { Map<String, Set<String>> authorizations = AuthContextUtils.getAuthorizations(); Set<String> authRealms = authorizations.containsKey(StandardEntitlement.GROUP_READ) ? authorizations.get(StandardEntitlement.GROUP_READ) : Collections.emptySet(); boolean authorized = authRealms.stream().anyMatch(realm -> group.getRealm().getFullPath().startsWith(realm) || realm.equals(RealmUtils.getGroupOwnerRealm(group.getRealm().getFullPath(), group.getKey()))); if (!authorized) { authorized = findDynRealms(group.getKey()).stream(). filter(dynRealm -> authRealms.contains(dynRealm)). count() > 0; } if (authRealms.isEmpty() || !authorized) { throw new DelegatedAdministrationException( group.getRealm().getFullPath(), AnyTypeKind.GROUP.name(), group.getKey()); } }
realms.add(RealmUtils.getGroupOwnerRealm(group.getRealm().getFullPath(), group.getKey()));
realms.add(RealmUtils.getGroupOwnerRealm(group.getRealm().getFullPath(), group.getKey()));