private static void audit(final Authorizer authorizer, final AuthorizationRequest request, final AuthorizationResult result) { // audit when... // 1 - the authorizer supports auditing // 2 - the request is an access attempt // 3 - the result is either approved/denied, when resource is not found a subsequent request may be following with the parent resource if (authorizer instanceof AuthorizationAuditor && request.isAccessAttempt() && !Result.ResourceNotFound.equals(result.getResult())) { ((AuthorizationAuditor) authorizer).auditAccessAttempt(request, result); } }
public static boolean isGroupConfigurable(final Authorizer authorizer, final Group group) { if (!isConfigurableUserGroupProvider(authorizer)) { return false; } final ManagedAuthorizer managedAuthorizer = (ManagedAuthorizer) authorizer; final ConfigurableUserGroupProvider configurableUserGroupProvider = (ConfigurableUserGroupProvider) managedAuthorizer.getAccessPolicyProvider().getUserGroupProvider(); return configurableUserGroupProvider.isConfigurable(group); }
public static boolean isConfigurableUserGroupProvider(final Authorizer authorizer) { if (!isManagedAuthorizer(authorizer)) { return false; } final ManagedAuthorizer managedAuthorizer = (ManagedAuthorizer) authorizer; final AccessPolicyProvider accessPolicyProvider = managedAuthorizer.getAccessPolicyProvider(); return accessPolicyProvider.getUserGroupProvider() instanceof ConfigurableUserGroupProvider; }
public AccessPolicySummaryDTO createAccessPolicySummaryDto(final AccessPolicy accessPolicy, final ComponentReferenceEntity componentReference) { if (accessPolicy == null) { return null; } final AccessPolicySummaryDTO dto = new AccessPolicySummaryDTO(); dto.setId(accessPolicy.getIdentifier()); dto.setResource(accessPolicy.getResource()); dto.setAction(accessPolicy.getAction().toString()); dto.setConfigurable(AuthorizerCapabilityDetection.isAccessPolicyConfigurable(authorizer, accessPolicy)); dto.setComponentReference(componentReference); return dto; }
/** * Formats the name of the specified policy. * * @param policy policy * @return formatted name */ private String formatPolicyName(final AccessPolicy policy) { return policy.getAction().toString() + " " + policy.getResource(); }
public static boolean isAccessPolicyConfigurable(final Authorizer authorizer, final AccessPolicy accessPolicy) { if (!isConfigurableAccessPolicyProvider(authorizer)) { return false; } final ManagedAuthorizer managedAuthorizer = (ManagedAuthorizer) authorizer; final ConfigurableAccessPolicyProvider configurableAccessPolicyProvider = (ConfigurableAccessPolicyProvider) managedAuthorizer.getAccessPolicyProvider(); return configurableAccessPolicyProvider.isConfigurable(accessPolicy); }
public static boolean isConfigurableAccessPolicyProvider(final Authorizer authorizer) { if (!isManagedAuthorizer(authorizer)) { return false; } final ManagedAuthorizer managedAuthorizer = (ManagedAuthorizer) authorizer; return managedAuthorizer.getAccessPolicyProvider() instanceof ConfigurableAccessPolicyProvider; }
@Override public void inheritFingerprint(String fingerprint) throws AuthorizationAccessException { if (StringUtils.isBlank(fingerprint)) { return; } final FingerprintHolder fingerprintHolder = parseFingerprint(fingerprint); if (StringUtils.isNotBlank(fingerprintHolder.getPolicyFingerprint()) && accessPolicyProvider instanceof ConfigurableAccessPolicyProvider) { ((ConfigurableAccessPolicyProvider) accessPolicyProvider).inheritFingerprint(fingerprintHolder.getPolicyFingerprint()); } if (StringUtils.isNotBlank(fingerprintHolder.getUserGroupFingerprint()) && userGroupProvider instanceof ConfigurableUserGroupProvider) { ((ConfigurableUserGroupProvider) userGroupProvider).inheritFingerprint(fingerprintHolder.getUserGroupFingerprint()); } }
@Override public void preDestruction() throws AuthorizerDestructionException { try { configurableUserGroupProvider.preDestruction(); } finally { super.preDestruction(); } } }
@Override public User getUserByIdentity(String identity) throws AuthorizationAccessException { User user = configurableUserGroupProvider.getUserByIdentity(identity); if (user == null) { user = super.getUserByIdentity(identity); } return user; }
@Override public AccessPolicy getAccessPolicy(String resourceIdentifier, RequestAction action) throws AuthorizationAccessException { final UsersAndAccessPolicies usersAndAccessPolicies = AbstractPolicyBasedAuthorizer.this.getUsersAndAccessPolicies(); return usersAndAccessPolicies.getAccessPolicy(resourceIdentifier, action); }
@Override public void initialize(UserGroupProviderInitializationContext initializationContext) throws AuthorizerCreationException { userGroupProviderLookup = initializationContext.getUserGroupProviderLookup(); // initialize the CompositeUserGroupProvider super.initialize(initializationContext); }
@Override public String getSafeDescription() { return "Operations for" + resource.getSafeDescription(); } };
@Override public Set<Group> getGroups(String userIdentity) { return userGroupHolder.getGroups(userIdentity); } };
/** * Adds a new group. * * @param group the Group to add * @return the added Group * @throws AuthorizationAccessException if there was an unexpected error performing the operation * @throws IllegalStateException if a group with the same name already exists */ public final synchronized Group addGroup(Group group) throws AuthorizationAccessException { return doAddGroup(group); }
@Override public void preDestruction() throws AuthorizerDestructionException { baseManagedAuthorizer.preDestruction(); } };
/** * Adds the given user. * * @param user the user to add * @return the user that was added * @throws AuthorizationAccessException if there was an unexpected error performing the operation * @throws IllegalStateException if there is already a user with the same identity */ public final synchronized User addUser(User user) throws AuthorizationAccessException { return doAddUser(user); }
public static boolean isUserConfigurable(final Authorizer authorizer, final User user) { if (!isConfigurableUserGroupProvider(authorizer)) { return false; } final ManagedAuthorizer managedAuthorizer = (ManagedAuthorizer) authorizer; final ConfigurableUserGroupProvider configurableUserGroupProvider = (ConfigurableUserGroupProvider) managedAuthorizer.getAccessPolicyProvider().getUserGroupProvider(); return configurableUserGroupProvider.isConfigurable(user); }