/** @param user */ private void setRuleFilterUserOrRole(Authentication user, RuleFilter ruleFilter) { if (user != null) { GeoFenceConfiguration config = configurationManager.getConfiguration(); if (config.isUseRolesToFilter() && config.getRoles().size() > 0) { String role = "UNKNOWN"; for (GrantedAuthority authority : user.getAuthorities()) { if (config.getRoles().contains(authority.getAuthority())) { role = authority.getAuthority(); } } LOGGER.log(Level.FINE, "Setting role for filter: {0}", new Object[] {role}); ruleFilter.setRole(role); } else { String username = user.getName(); if (username == null || username.isEmpty()) { ruleFilter.setUser(RuleFilter.SpecialFilterType.DEFAULT); } else { LOGGER.log(Level.FINE, "Setting user for filter: {0}", new Object[] {username}); ruleFilter.setUser(username); } } } else { ruleFilter.setUser(RuleFilter.SpecialFilterType.DEFAULT); } }
/** @param user */ private void setRuleFilterUserOrRole(Authentication user, RuleFilter ruleFilter) { if (user != null) { GeoFenceConfiguration config = configurationManager.getConfiguration(); if (config.isUseRolesToFilter() && config.getRoles().size() > 0) { String role = "UNKNOWN"; for (GrantedAuthority authority : user.getAuthorities()) { if (config.getRoles().contains(authority.getAuthority())) { role = authority.getAuthority(); } } LOGGER.log(Level.FINE, "Setting role for filter: {0}", new Object[] {role}); ruleFilter.setRole(role); } else { String username = user.getName(); if (username == null || username.isEmpty()) { ruleFilter.setUser(RuleFilter.SpecialFilterType.DEFAULT); } else { LOGGER.log(Level.FINE, "Setting user for filter: {0}", new Object[] {username}); ruleFilter.setUser(username); } } } else { ruleFilter.setUser(RuleFilter.SpecialFilterType.DEFAULT); } }
/** We expect the user not to be null and not to be admin */ private boolean isWorkspaceAdmin(Authentication user, String workspaceName) { LOGGER.log(Level.FINE, "Getting admin auth for Workspace {0}", workspaceName); // get the request infos RuleFilter ruleFilter = new RuleFilter(RuleFilter.SpecialFilterType.ANY); ruleFilter.setInstance(configurationManager.getConfiguration().getInstanceName()); ruleFilter.setWorkspace(workspaceName); String username = user.getName(); if (username == null || username.isEmpty()) { ruleFilter.setUser(RuleFilter.SpecialFilterType.DEFAULT); } String sourceAddress = retrieveCallerIpAddress(); if (sourceAddress != null) { ruleFilter.setSourceAddress(sourceAddress); } else { LOGGER.log(Level.WARNING, "No source IP address found"); ruleFilter.setSourceAddress(RuleFilter.SpecialFilterType.DEFAULT); } if (LOGGER.isLoggable(Level.FINE)) { LOGGER.log(Level.FINE, "AdminAuth filter: {0}", ruleFilter); } AccessInfo auth = rules.getAdminAuthorization(ruleFilter); LOGGER.log( Level.FINE, "Admin auth for User:{0} Workspace:{1}: {2}", new Object[] {user.getName(), workspaceName, auth.getAdminRights()}); return auth.getAdminRights(); }
/** We expect the user not to be null and not to be admin */ private boolean isWorkspaceAdmin(Authentication user, String workspaceName) { LOGGER.log(Level.FINE, "Getting admin auth for Workspace {0}", workspaceName); // get the request infos RuleFilter ruleFilter = new RuleFilter(RuleFilter.SpecialFilterType.ANY); ruleFilter.setInstance(configurationManager.getConfiguration().getInstanceName()); ruleFilter.setWorkspace(workspaceName); String username = user.getName(); if (username == null || username.isEmpty()) { ruleFilter.setUser(RuleFilter.SpecialFilterType.DEFAULT); } String sourceAddress = retrieveCallerIpAddress(); if (sourceAddress != null) { ruleFilter.setSourceAddress(sourceAddress); } else { LOGGER.log(Level.WARNING, "No source IP address found"); ruleFilter.setSourceAddress(RuleFilter.SpecialFilterType.DEFAULT); } if (LOGGER.isLoggable(Level.FINE)) { LOGGER.log(Level.FINE, "AdminAuth filter: {0}", ruleFilter); } AccessInfo auth = rules.getAdminAuthorization(ruleFilter); LOGGER.log( Level.FINE, "Admin auth for User:{0} Workspace:{1}: {2}", new Object[] {user.getName(), workspaceName, auth.getAdminRights()}); return auth.getAdminRights(); }
@Override public Response delete(String username, boolean cascade) throws ConflictRestEx, NotFoundRestEx, InternalErrorRestEx { try { if ( cascade ) { ruleAdminService.deleteRulesByUser(username); } else { RuleFilter filter = new RuleFilter(SpecialFilterType.ANY); filter.setUser(username); filter.getUser().setIncludeDefault(false); long cnt = ruleAdminService.count(filter); if ( cnt > 0 ) { throw new ConflictRestEx("Existing rules reference the user " + username); } } GSUser user = userAdminService.get(username); // may throw NotFoundServiceEx if ( ! userAdminService.delete(user.getId())) { LOGGER.warn("ILLEGAL STATE -- User not found: " + user); // this should not happen throw new NotFoundRestEx("ILLEGAL STATE -- User not found: " + user); } return Response.status(Status.OK).entity("OK\n").build(); } catch (GeoFenceRestEx ex) { // already handled throw ex; } catch (NotFoundServiceEx ex) { LOGGER.warn("User not found: " + username); throw new NotFoundRestEx("User not found: " +username); } catch (Exception ex) { LOGGER.error(ex.getMessage(), ex); throw new InternalErrorRestEx(ex.getMessage()); } }