private void addPermission(UserRealm user, String role, String target, String rule) throws UserStoreException { //Do nothing if either the role,target or rule is empty if ((role == null) || (target == null) || (rule == null)) { return; } user.getAuthorizationManager().authorizeRole(role, target, rule); if (log.isDebugEnabled()) { log.debug("Permission " + rule + " ADDED to role: " + role + " for " + target); } }
public void authorizeRole(String roleName, String resourceId, String action) throws UserStoreException { Util.checkAccess(resourceId); getAuthorizationManager().authorizeRole(roleName, resourceId, action); }
if (!authMan.isRoleAuthorized(adminRole, CarbonConstants.UI_PERMISSION_COLLECTION, UserMgtConstants.EXECUTE_ACTION)) { authMan.authorizeRole(adminRole, CarbonConstants.UI_PERMISSION_COLLECTION, UserMgtConstants.EXECUTE_ACTION);
if (!authMan.isRoleAuthorized(adminRole, CarbonConstants.UI_PERMISSION_COLLECTION, UserMgtConstants.EXECUTE_ACTION)) { authMan.authorizeRole(adminRole, CarbonConstants.UI_PERMISSION_COLLECTION, UserMgtConstants.EXECUTE_ACTION);
accessControlAdmin.authorizeRole(permRole, resourcePath, ActionConstants.GET); notificationResponse += " READ: Allowed."; accessControlAdmin.authorizeRole(permRole, resourcePath, ActionConstants.PUT); notificationResponse += " WRITE: Allowed."; accessControlAdmin.authorizeRole(permRole, resourcePath, ActionConstants.DELETE); notificationResponse += " DELETE: Allowed."; accessControlAdmin.authorizeRole(permRole, resourcePath, AccessControlConstants.AUTHORIZE); notificationResponse += " AUTHORIZE: Allowed.";
authMan.clearRoleActionOnAllResources(roleName, UserMgtConstants.EXECUTE_ACTION); for (String path : optimizedList) { authMan.authorizeRole(roleName, path, UserMgtConstants.EXECUTE_ACTION);
userRealm.getAuthorizationManager().authorizeRole(roleToAuthorize, pathToAuthorize, ActionConstants.GET); notificationResponse += " READ: Allowed."; } else { userRealm.getAuthorizationManager().authorizeRole(roleToAuthorize, pathToAuthorize, ActionConstants.PUT); notificationResponse += " WRITE: Allowed."; } else { userRealm.getAuthorizationManager().authorizeRole(roleToAuthorize, pathToAuthorize, ActionConstants.DELETE); notificationResponse += " DELETE: Allowed."; } else { userRealm.getAuthorizationManager().authorizeRole(roleToAuthorize, pathToAuthorize, AccessControlConstants.AUTHORIZE); notificationResponse += " AUTHORIZE: Allowed."; } else {
authMan.authorizeRole(roleName, optimizedList[i], UserMgtConstants.EXECUTE_ACTION); permissions[i] = new Permission(optimizedList[i], UserMgtConstants.EXECUTE_ACTION);
public static void updateRoleUIPermission(String roleName, String[] rawPermissions) throws UserAdminException { try { String[] optimizedList = UserCoreUtil.optimizePermissions(rawPermissions); UserRealm realm = AdminServicesUtil.getUserRealm(); AuthorizationManager authMan = realm.getAuthorizationManager(); authMan.clearRoleActionOnAllResources(roleName, UserMgtConstants.EXECUTE_ACTION); for (String path : optimizedList) { authMan.authorizeRole(roleName, path, UserMgtConstants.EXECUTE_ACTION); } } catch (UserStoreException e) { // not logging already logged throw new UserAdminException(e.getMessage(), e); } catch (CarbonException e) { throw new UserAdminException(e.getMessage(), e); } }
AuthorizationManager acAdmin = realm.getAuthorizationManager(); acAdmin.authorizeRole(value, serviceGroupId + "/" + service.getName(), UserCoreConstants.INVOKE_SERVICE_PERMISSION);
AuthorizationManager acAdmin = realm.getAuthorizationManager(); acAdmin.authorizeRole(value, serviceGroupId + "/" + service.getName(), UserCoreConstants.INVOKE_SERVICE_PERMISSION);
AuthorizationManager acAdmin = realm.getAuthorizationManager(); acAdmin.authorizeRole(value, serviceGroupId + "/" + service.getName(), UserCoreConstants.INVOKE_SERVICE_PERMISSION);
public static void updateRoleUIPermission(String roleName, String[] rawPermissions) throws UserAdminException { Permission[] permissions = null; UserStoreManager userStoreManager = null; try { String[] optimizedList = UserCoreUtil.optimizePermissions(rawPermissions); UserRealm realm = AdminServicesUtil.getUserRealm(); AuthorizationManager authMan = realm.getAuthorizationManager(); authMan.clearRoleActionOnAllResources(roleName, UserMgtConstants.EXECUTE_ACTION); permissions = new Permission[optimizedList.length]; for (int i = 0; i < optimizedList.length; i++) { authMan.authorizeRole(roleName, optimizedList[i], UserMgtConstants.EXECUTE_ACTION); permissions[i] = new Permission(optimizedList[i], UserMgtConstants.EXECUTE_ACTION); } userStoreManager = realm.getUserStoreManager(); handlePostUpdatePermissionsOfRole(roleName, permissions, userStoreManager); } catch (UserStoreException e) { handleOnUpdatePermissionsOfRoleFailure(e.getMessage(), roleName, permissions, userStoreManager); // not logging already logged throw new UserAdminException(e.getMessage(), e); } catch (CarbonException e) { handleOnUpdatePermissionsOfRoleFailure(e.getMessage(), roleName, null, null); throw new UserAdminException(e.getMessage(), e); } }