private void addToken(UriBuilder ub) { if (EnvironmentContext.getCurrent().getSubject().getToken() != null) { ub.queryParam("token", EnvironmentContext.getCurrent().getSubject().getToken()); } } }
private static String getCurrentUserId() { return EnvironmentContext.getCurrent().getSubject().getUserId(); }
@Override public void checkPermissions(String id, AccountOperation operation) throws ForbiddenException { // ignore action because user should be able to do anything in his personal account if (!EnvironmentContext.getCurrent().getSubject().getUserId().equals(id)) { throw new ForbiddenException("User is not authorized to use specified account"); } }
@Override public String getToken(String workspaceId) throws MachineTokenException { final Subject subject = EnvironmentContext.getCurrent().getSubject(); if (subject.isAnonymous()) { throw new IllegalStateException( format( "Unable to get machine token of the workspace '%s' " + "because it does not exist for an anonymous user.", workspaceId)); } return getToken(subject.getUserId(), workspaceId); }
@Override public final void doFilter( ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException { final HttpServletRequest httpRequest = (HttpServletRequest) request; Subject subject = new SubjectImpl("che", "che", "dummy_token", false); HttpSession session = httpRequest.getSession(); session.setAttribute("codenvy_user", subject); final EnvironmentContext environmentContext = EnvironmentContext.getCurrent(); try { environmentContext.setSubject(subject); filterChain.doFilter(addUserInRequest(httpRequest, subject), response); } finally { EnvironmentContext.reset(); } }
@OnMessage public void onMessage(String messagePart, boolean last, Session session) { try { EnvironmentContext.getCurrent() .setSubject((Subject) session.getUserProperties().get("che_subject")); StringBuffer buffer = sessionMessagesBuffer.get(session); buffer.append(messagePart); if (last) { try { onMessage(buffer.toString(), session); } finally { buffer.setLength(0); } } } finally { EnvironmentContext.reset(); } }
@Override public HttpJsonRequest fromUrl(@NotNull String url) { return super.fromUrl(url) .setAuthorizationHeader( "Bearer " + EnvironmentContext.getCurrent().getSubject().getToken()); }
@Override public HttpJsonRequest fromLink(@NotNull Link link) { return super.fromLink(link) .setAuthorizationHeader( "Bearer " + EnvironmentContext.getCurrent().getSubject().getToken()); } }
@Override protected void filter(GenericResourceMethod genericMethodResource, Object[] arguments) throws ForbiddenException { if (!(EnvironmentContext.getCurrent().getSubject() instanceof MachineTokenAuthorizedSubject)) { return; } if (!allowedMethodsByPath .get(genericMethodResource.getParentResource().getPathValue().getPath()) .contains(genericMethodResource.getMethod().getName())) { throw new ForbiddenException("This operation cannot be performed using machine token."); } } }
@Override public HttpProbeConfig get(String workspaceId, Server server) throws InternalInfrastructureException { return get(EnvironmentContext.getCurrent().getSubject().getUserId(), workspaceId, server); }
private String sessionUserNameOrUndefined() { final Subject subject = EnvironmentContext.getCurrent().getSubject(); if (!subject.isAnonymous()) { return subject.getUserName(); } return "undefined"; }
private String sessionUserNameOr(String nameIfNoUser) { final Subject subject = EnvironmentContext.getCurrent().getSubject(); if (!subject.isAnonymous()) { return subject.getUserName(); } return nameIfNoUser; }
@Override public HttpProbeConfig get(String workspaceId, Server server) throws InternalInfrastructureException { return get(EnvironmentContext.getCurrent().getSubject().getUserId(), workspaceId, server); }
@Override public ProfileImpl getById(String userId) throws NotFoundException, ServerException { requireNonNull(userId, "Required non-null id"); String currentUserId = EnvironmentContext.getCurrent().getSubject().getUserId(); if (!userId.equals(currentUserId)) { throw new ServerException( "It's not allowed to get foreign profile on current configured storage."); } // Retrieving own profile Map<String, String> keycloakUserAttributes = keycloakProfileRetriever.retrieveKeycloakAttributes(); return new ProfileImpl(userId, mapAttributes(keycloakUserAttributes)); }
@Override public void check(String methodName, Map<String, String> scope) throws ForbiddenException { String workspaceId = scope.get("workspaceId"); if (workspaceId == null) { throw new ForbiddenException("Workspace id must be specified in scope"); } Subject currentSubject = EnvironmentContext.getCurrent().getSubject(); if (!currentSubject.hasPermission(WorkspaceDomain.DOMAIN_ID, workspaceId, WorkspaceDomain.RUN) && !currentSubject.hasPermission( WorkspaceDomain.DOMAIN_ID, workspaceId, WorkspaceDomain.USE)) { throw new ForbiddenException( "The current user doesn't have permissions to listen to the specified workspace events"); } } }
@Override public User validateToken(String token) throws ConflictException { final Subject subject = EnvironmentContext.getCurrent().getSubject(); return new UserImpl(subject.getUserId(), "", subject.getUserName()); } }
@Override public void invalidateToken(String oauthProvider) throws NotFoundException, UnauthorizedException, ServerException { OAuthAuthenticator oauth = getAuthenticator(oauthProvider); final Subject subject = EnvironmentContext.getCurrent().getSubject(); try { if (!oauth.invalidateToken(subject.getUserId())) { throw new UnauthorizedException( "OAuth token for user " + subject.getUserId() + " was not found"); } } catch (IOException e) { throw new ServerException(e.getMessage()); } }
@Override public void onEvent(WorkspaceCreatedEvent event) { try { workerDao.store( new WorkerImpl( event.getWorkspace().getId(), EnvironmentContext.getCurrent().getSubject().getUserId(), new ArrayList<>(new WorkspaceDomain().getAllowedActions()))); } catch (ServerException e) { LOG.error( "Can't add creator's permissions for workspace with id '" + event.getWorkspace().getId() + "'", e); } } }
@Override public OAuthToken getToken(String oauthProvider) throws NotFoundException, UnauthorizedException, ServerException { OAuthAuthenticator provider = getAuthenticator(oauthProvider); final Subject subject = EnvironmentContext.getCurrent().getSubject(); try { OAuthToken token = provider.getToken(subject.getUserId()); if (token == null) { token = provider.getToken(subject.getUserName()); } if (token != null) { return token; } throw new UnauthorizedException( "OAuth token for user " + subject.getUserId() + " was not found"); } catch (IOException e) { throw new ServerException(e.getLocalizedMessage(), e); } }
@Override public void onCascadeEvent(StackPersistedEvent event) throws Exception { final Subject subject = EnvironmentContext.getCurrent().getSubject(); if (!subject.isAnonymous()) { permissionsManager.storePermission( new StackPermissionsImpl( subject.getUserId(), event.getStack().getId(), StackDomain.getActions())); } }