public EnvironmentContext(EnvironmentContext other) { setSubject(other.getSubject()); }
private static String getCurrentUserId() { return EnvironmentContext.getCurrent().getSubject().getUserId(); }
@Override public final void doFilter( ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException { final HttpServletRequest httpRequest = (HttpServletRequest) request; Subject subject = new SubjectImpl("che", "che", "dummy_token", false); HttpSession session = httpRequest.getSession(); session.setAttribute("codenvy_user", subject); final EnvironmentContext environmentContext = EnvironmentContext.getCurrent(); try { environmentContext.setSubject(subject); filterChain.doFilter(addUserInRequest(httpRequest, subject), response); } finally { EnvironmentContext.reset(); } }
private void addToken(UriBuilder ub) { if (EnvironmentContext.getCurrent().getSubject().getToken() != null) { ub.queryParam("token", EnvironmentContext.getCurrent().getSubject().getToken()); } } }
@OnMessage public void onMessage(String messagePart, boolean last, Session session) { try { EnvironmentContext.getCurrent() .setSubject((Subject) session.getUserProperties().get("che_subject")); StringBuffer buffer = sessionMessagesBuffer.get(session); buffer.append(messagePart); if (last) { try { onMessage(buffer.toString(), session); } finally { buffer.setLength(0); } } } finally { EnvironmentContext.reset(); } }
private String sessionUserNameOrUndefined() { final Subject subject = EnvironmentContext.getCurrent().getSubject(); if (!subject.isAnonymous()) { return subject.getUserName(); } return "undefined"; }
private String sessionUserNameOr(String nameIfNoUser) { final Subject subject = EnvironmentContext.getCurrent().getSubject(); if (!subject.isAnonymous()) { return subject.getUserName(); } return nameIfNoUser; }
@Override public HttpProbeConfig get(String workspaceId, Server server) throws InternalInfrastructureException { return get(EnvironmentContext.getCurrent().getSubject().getUserId(), workspaceId, server); }
@Override public HttpProbeConfig get(String workspaceId, Server server) throws InternalInfrastructureException { return get(EnvironmentContext.getCurrent().getSubject().getUserId(), workspaceId, server); }
@Override public void checkPermissions(String id, AccountOperation operation) throws ForbiddenException { // ignore action because user should be able to do anything in his personal account if (!EnvironmentContext.getCurrent().getSubject().getUserId().equals(id)) { throw new ForbiddenException("User is not authorized to use specified account"); } }
@Override public User validateToken(String token) throws ConflictException { final Subject subject = EnvironmentContext.getCurrent().getSubject(); return new UserImpl(subject.getUserId(), "", subject.getUserName()); } }
@Override public String getToken(String workspaceId) throws MachineTokenException { final Subject subject = EnvironmentContext.getCurrent().getSubject(); if (subject.isAnonymous()) { throw new IllegalStateException( format( "Unable to get machine token of the workspace '%s' " + "because it does not exist for an anonymous user.", workspaceId)); } return getToken(subject.getUserId(), workspaceId); }
@Override public HttpJsonRequest fromUrl(@NotNull String url) { return super.fromUrl(url) .setAuthorizationHeader( "Bearer " + EnvironmentContext.getCurrent().getSubject().getToken()); }
@Override public HttpJsonRequest fromLink(@NotNull Link link) { return super.fromLink(link) .setAuthorizationHeader( "Bearer " + EnvironmentContext.getCurrent().getSubject().getToken()); } }
private WorkspaceImpl getByKey(String key) throws NotFoundException, ServerException { int lastColonIndex = key.indexOf(":"); int lastSlashIndex = key.lastIndexOf("/"); if (lastSlashIndex == -1 && lastColonIndex == -1) { // key is id return workspaceDao.get(key); } final String namespace; final String wsName; if (lastColonIndex == 0) { // no namespace, use current user namespace namespace = EnvironmentContext.getCurrent().getSubject().getUserName(); wsName = key.substring(1); } else if (lastColonIndex > 0) { wsName = key.substring(lastColonIndex + 1); namespace = key.substring(0, lastColonIndex); } else { namespace = key.substring(0, lastSlashIndex); wsName = key.substring(lastSlashIndex + 1); } return workspaceDao.get(wsName, namespace); } }
@Override public void check(String methodName, Map<String, String> scope) throws ForbiddenException { String workspaceId = scope.get("workspaceId"); if (workspaceId == null) { throw new ForbiddenException("Workspace id must be specified in scope"); } Subject currentSubject = EnvironmentContext.getCurrent().getSubject(); if (!currentSubject.hasPermission(WorkspaceDomain.DOMAIN_ID, workspaceId, WorkspaceDomain.RUN) && !currentSubject.hasPermission( WorkspaceDomain.DOMAIN_ID, workspaceId, WorkspaceDomain.USE)) { throw new ForbiddenException( "The current user doesn't have permissions to listen to the specified workspace events"); } } }
@Override protected void filter(GenericResourceMethod resource, Object[] args) throws ApiException { switch (resource.getMethod().getName()) { // Public methods case "getInstaller": case "getVersions": case "getInstallers": case "getOrderedInstallers": break; case "add": case "remove": case "update": EnvironmentContext.getCurrent() .getSubject() .checkPermission(SystemDomain.DOMAIN_ID, null, SystemDomain.MANAGE_SYSTEM_ACTION); break; default: throw new ForbiddenException("The user does not have permission to perform this operation"); } } }
@Override protected void filter(GenericResourceMethod genericMethodResource, Object[] arguments) throws ForbiddenException { if (!(EnvironmentContext.getCurrent().getSubject() instanceof MachineTokenAuthorizedSubject)) { return; } if (!allowedMethodsByPath .get(genericMethodResource.getParentResource().getPathValue().getPath()) .contains(genericMethodResource.getMethod().getName())) { throw new ForbiddenException("This operation cannot be performed using machine token."); } } }
@Override public ProfileImpl getById(String userId) throws NotFoundException, ServerException { requireNonNull(userId, "Required non-null id"); String currentUserId = EnvironmentContext.getCurrent().getSubject().getUserId(); if (!userId.equals(currentUserId)) { throw new ServerException( "It's not allowed to get foreign profile on current configured storage."); } // Retrieving own profile Map<String, String> keycloakUserAttributes = keycloakProfileRetriever.retrieveKeycloakAttributes(); return new ProfileImpl(userId, mapAttributes(keycloakUserAttributes)); }
@Override public void onCascadeEvent(StackPersistedEvent event) throws Exception { final Subject subject = EnvironmentContext.getCurrent().getSubject(); if (!subject.isAnonymous()) { permissionsManager.storePermission( new StackPermissionsImpl( subject.getUserId(), event.getStack().getId(), StackDomain.getActions())); } }