private void removePermission(UserRealm user, String role, String target, String rule) throws UserStoreException { if ((role == null) || (target == null) || (rule == null)) { return; } user.getAuthorizationManager().denyRole(role, target, rule); if (log.isDebugEnabled()) { log.debug("Permission: " + rule + " REMOVED from role: " + role + " for " + target); } }
private void addPermission(UserRealm user, String role, String target, String rule) throws UserStoreException { //Do nothing if either the role,target or rule is empty if ((role == null) || (target == null) || (rule == null)) { return; } user.getAuthorizationManager().authorizeRole(role, target, rule); if (log.isDebugEnabled()) { log.debug("Permission " + rule + " ADDED to role: " + role + " for " + target); } }
private static boolean isUserAuthorizedToConfigureProfile(UserRealm realm, String currentUserName, String targetUser, String permission) throws UserStoreException { boolean isAuthrized = false; if (currentUserName == null) { //do nothing } else if (currentUserName.equals(targetUser)) { isAuthrized = true; } else { AuthorizationManager authorizer = realm.getAuthorizationManager(); isAuthrized = authorizer.isUserAuthorized(currentUserName, CarbonConstants.UI_ADMIN_PERMISSION_COLLECTION + permission, "ui.execute"); } return isAuthrized; }
public static boolean isUserAuthorizedToConfigureProfile(UserRealm realm, String currentUserName, String targetUser) throws UserStoreException { boolean isAuthrized = false; if (currentUserName == null) { //do nothing } else if (currentUserName.equals(targetUser)) { isAuthrized = true; } else { AuthorizationManager authorizer = realm.getAuthorizationManager(); isAuthrized = authorizer.isUserAuthorized(currentUserName, CarbonConstants.UI_ADMIN_PERMISSION_COLLECTION + "/manage/identity/usermgt/profiles", "ui.execute"); } return isAuthrized; }
public static boolean isUserAuthorizedToConfigureProfile(UserRealm realm, String currentUserName, String targetUser) throws UserStoreException { boolean isAuthrized = false; if (currentUserName == null) { //do nothing } else if (currentUserName.equals(targetUser)) { isAuthrized = true; } else { AuthorizationManager authorizer = realm.getAuthorizationManager(); isAuthrized = authorizer.isUserAuthorized(currentUserName, CarbonConstants.UI_ADMIN_PERMISSION_COLLECTION + "/manage/identity/usermgt/profiles", "ui.execute"); } return isAuthrized; }
private static boolean isUserAuthorizedToConfigureProfile(UserRealm realm, String currentUserName, String targetUser, String permission) throws UserStoreException { boolean isAuthrized = false; if (currentUserName == null) { //do nothing } else if (currentUserName.equals(targetUser)) { isAuthrized = true; } else { AuthorizationManager authorizer = realm.getAuthorizationManager(); isAuthrized = authorizer.isUserAuthorized(currentUserName, CarbonConstants.UI_ADMIN_PERMISSION_COLLECTION + permission, "ui.execute"); } return isAuthrized; }
private void removeAuthorization (UserRealm userRealm, String serviceGroupId, String serviceName) throws UserStoreException { AuthorizationManager manager = userRealm.getAuthorizationManager(); String resourceName = serviceGroupId + "/" + serviceName; String[] roles = manager. getAllowedRolesForResource(resourceName, UserCoreConstants.INVOKE_SERVICE_PERMISSION); if (roles != null) { for (String role : roles) { manager.clearRoleAuthorization(role, resourceName, UserCoreConstants.INVOKE_SERVICE_PERMISSION); } } }
private void removeAuthorization (UserRealm userRealm, String serviceGroupId, String serviceName) throws UserStoreException { AuthorizationManager manager = userRealm.getAuthorizationManager(); String resourceName = serviceGroupId + "/" + serviceName; String[] roles = manager. getAllowedRolesForResource(resourceName, UserCoreConstants.INVOKE_SERVICE_PERMISSION); if (roles != null) { for (String role : roles) { manager.clearRoleAuthorization(role, resourceName, UserCoreConstants.INVOKE_SERVICE_PERMISSION); } } }
private void removeAuthorization (UserRealm userRealm, String serviceGroupId, String serviceName) throws UserStoreException { AuthorizationManager manager = userRealm.getAuthorizationManager(); String resourceName = serviceGroupId + "/" + serviceName; String[] roles = manager. getAllowedRolesForResource(resourceName, UserCoreConstants.INVOKE_SERVICE_PERMISSION); if (roles != null) { for (String role : roles) { manager.clearRoleAuthorization(role, resourceName, UserCoreConstants.INVOKE_SERVICE_PERMISSION); } } }
public boolean hasPermission(String s, String s1) throws RepositoryException { //s-absPAth ,s1-action boolean hasPer = false; try { hasPer = userRegistry.getUserRealm().getAuthorizationManager().isUserAuthorized(this.getUserID(), s, s1); } catch (UserStoreException e) { String msg = "failed to resolve the path of the given node " + this; log.debug(msg); throw new RepositoryException(msg, e); } return hasPer; }
private AuthorizationManager getAuthorizationManager() throws UserStoreException { try { UserRealm realm = super.getUserRealm(); if (realm == null) { throw new UserStoreException(NULL_REALM_MESSAGE); } return realm.getAuthorizationManager(); } catch (Exception e) { throw new UserStoreException(e); } }
public static boolean isPutAllowed( String userName, String resourcePath, UserRegistry userRegistry) throws RegistryException { boolean putAllowed = false; UserRealm userRealm = userRegistry.getUserRealm(); try { if (userRealm.getAuthorizationManager().isUserAuthorized( userName, resourcePath, ActionConstants.PUT)) { putAllowed = true; } } catch (UserStoreException e) { String msg = "Could not the permission details for the user: " + userName + " for the resource: " + resourcePath + ". Caused by: " + e.getMessage(); throw new RegistryException(msg); } return putAllowed; }
public static boolean isGetAllowed( String userName, String resourcePath, UserRegistry userRegistry) throws RegistryException { boolean putAllowed = false; UserRealm userRealm = userRegistry.getUserRealm(); try { if (userRealm.getAuthorizationManager().isUserAuthorized( userName, resourcePath, ActionConstants.GET)) { putAllowed = true; } } catch (UserStoreException e) { String msg = "Could not the permission details for the user: " + userName + " for the resource: " + resourcePath + ". Caused by: " + e.getMessage(); throw new RegistryException(msg); } return putAllowed; } public static boolean isAuthorizeAllowed(
public EvaluationResult evaluate(List<Evaluatable> inputs, EvaluationCtx context) { AttributeValue[] argValues = new AttributeValue[inputs.size()]; EvaluationResult result = evalArgs(inputs, context, argValues); if (result != null) { return result; } switch (getFunctionId()) { case ID_EVAL_PERMISSION_TREE: String resource = ((StringAttribute) argValues[0]).getValue().trim(); String subject = ((StringAttribute) argValues[1]).getValue().trim(); boolean isAuthorised = false; try { isAuthorised = EntitlementServiceComponent.getRealmservice().getBootstrapRealm(). getAuthorizationManager().isUserAuthorized(subject, resource, "ui.execute"); } catch (UserStoreException e) { log.error("Error while authorising" + subject + " to perform ui.execute on " + resource, e); } result = new EvaluationResult(BooleanAttribute.getInstance(isAuthorised)); break; } return result; } }
public static boolean isDeleteAllowed( String userName, String resourcePath, UserRegistry userRegistry) throws RegistryException { boolean putAllowed = false; UserRealm userRealm = userRegistry.getUserRealm(); try { if (userRealm.getAuthorizationManager().isUserAuthorized( userName, resourcePath, ActionConstants.DELETE)) { putAllowed = true; } } catch (UserStoreException e) { String msg = "Could not the permission details for the user: " + userName + " for the resource: " + resourcePath + ". Caused by: " + e.getMessage(); throw new RegistryException(msg); } return putAllowed; } public static boolean isGetAllowed(
public static boolean isAuthorizeAllowed( String userName, String resourcePath, UserRegistry userRegistry) throws RegistryException { boolean putAllowed = false; UserRealm userRealm = userRegistry.getUserRealm(); try { if (userRealm.getAuthorizationManager().isUserAuthorized( userName, resourcePath, AccessControlConstants.AUTHORIZE)) { putAllowed = true; } } catch (UserStoreException e) { String msg = "Could not the permission details for the user: " + userName + " for the resource: " + resourcePath + ". Caused by: " + e.getMessage(); throw new RegistryException(msg); } return putAllowed; } }
private boolean isAuthorized(UserRegistry registry, String resourcePath, String action) throws RegistryException { UserRealm userRealm = registry.getUserRealm(); String userName = getLoggedInUserName(); try { if (!userRealm.getAuthorizationManager().isUserAuthorized(userName, resourcePath, action)) { return false; } } catch (UserStoreException e) { throw new RegistryException("Error while authorizing " + resourcePath + " with user " + userName + ":" + e.getMessage(), e); } return true; }
public static boolean isAuthorized(UserRegistry registry, String resourcePath, String action) throws RegistryException{ UserRealm userRealm = registry.getUserRealm(); String userName = registry.getUserName(); try { if (!userRealm.getAuthorizationManager().isUserAuthorized(userName, resourcePath, action)) { return false; } } catch (UserStoreException e) { throw new RegistryException("Error at Authorizing " + resourcePath + " with user " + userName + ":" + e.getMessage(), e); } return true; }
private boolean isAuthorized(UserRegistry registry, String resourcePath, String action) throws RegistryException{ UserRealm userRealm = registry.getUserRealm(); String userName = getLoggedInUserName(); try { if (!userRealm.getAuthorizationManager().isUserAuthorized(userName, resourcePath, action)) { return false; } } catch (UserStoreException e) { throw new RegistryException("Error at Authorizing " + resourcePath + " with user " + userName + ":" + e.getMessage(), e); } return true; }
public static void updateRoleUIPermission(String roleName, String[] rawPermissions) throws UserAdminException { try { String[] optimizedList = UserCoreUtil.optimizePermissions(rawPermissions); UserRealm realm = AdminServicesUtil.getUserRealm(); AuthorizationManager authMan = realm.getAuthorizationManager(); authMan.clearRoleActionOnAllResources(roleName, UserMgtConstants.EXECUTE_ACTION); for (String path : optimizedList) { authMan.authorizeRole(roleName, path, UserMgtConstants.EXECUTE_ACTION); } } catch (UserStoreException e) { // not logging already logged throw new UserAdminException(e.getMessage(), e); } catch (CarbonException e) { throw new UserAdminException(e.getMessage(), e); } }