usergrid-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From snoopd...@apache.org
Subject [10/24] usergrid git commit: Refactor Realm to move principal related logic into Principal class hierarchy, also fixed serialization of AuthC and AuthZ info objects; tests still failing...
Date Wed, 21 Oct 2015 20:36:27 GMT
http://git-wip-us.apache.org/repos/asf/usergrid/blob/64876385/stack/services/src/main/java/org/apache/usergrid/security/shiro/principals/PrincipalIdentifier.java
----------------------------------------------------------------------
diff --git a/stack/services/src/main/java/org/apache/usergrid/security/shiro/principals/PrincipalIdentifier.java
b/stack/services/src/main/java/org/apache/usergrid/security/shiro/principals/PrincipalIdentifier.java
index 6f31c9a..eb89d1e 100644
--- a/stack/services/src/main/java/org/apache/usergrid/security/shiro/principals/PrincipalIdentifier.java
+++ b/stack/services/src/main/java/org/apache/usergrid/security/shiro/principals/PrincipalIdentifier.java
@@ -17,12 +17,34 @@
 package org.apache.usergrid.security.shiro.principals;
 
 
+import org.apache.shiro.authz.AuthorizationInfo;
+import org.apache.shiro.authz.SimpleAuthorizationInfo;
+import org.apache.usergrid.management.ManagementService;
 import org.apache.usergrid.management.UserInfo;
+import org.apache.usergrid.persistence.EntityManager;
+import org.apache.usergrid.persistence.EntityManagerFactory;
+import org.apache.usergrid.persistence.entities.Role;
+import org.apache.usergrid.security.shiro.UsergridAuthorizationInfo;
 import org.apache.usergrid.security.shiro.credentials.AccessTokenCredentials;
+import org.apache.usergrid.security.tokens.TokenInfo;
+import org.apache.usergrid.security.tokens.TokenService;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.Map;
+import java.util.Set;
+import java.util.UUID;
+
+import static org.apache.commons.lang.StringUtils.isBlank;
+import static org.apache.commons.lang.StringUtils.isNotBlank;
+import static org.apache.usergrid.utils.StringUtils.stringOrSubstringAfterFirst;
+import static org.apache.usergrid.utils.StringUtils.stringOrSubstringBeforeFirst;
 
 
 public abstract class PrincipalIdentifier {
 
+    private static final Logger logger = LoggerFactory.getLogger(PrincipalIdentifier.class);
+
     AccessTokenCredentials accessTokenCredentials;
 
 
@@ -49,4 +71,67 @@ public abstract class PrincipalIdentifier {
     public void setAccessTokenCredentials( AccessTokenCredentials accessTokenCredentials
) {
         this.accessTokenCredentials = accessTokenCredentials;
     }
+
+
+    public abstract void grant(
+        UsergridAuthorizationInfo info,
+        EntityManagerFactory emf,
+        ManagementService management,
+        TokenService tokens);
+
+
+    protected void grant( UsergridAuthorizationInfo info, String permission ) {
+        logger.debug( "Principal {} granted permission: {}", this, permission );
+        info.addStringPermission(permission);
+    }
+
+
+    protected void role( UsergridAuthorizationInfo info, String role ) {
+        logger.debug( "Principal {} added to role: {}", this, role );
+        info.addRole(role);
+    }
+
+
+    protected void grant( UsergridAuthorizationInfo info, UUID applicationId,
+                               Set<String> permissions ) {
+        if ( permissions != null ) {
+            for ( String permission : permissions ) {
+                if ( isNotBlank( permission ) ) {
+                    String operations = "*";
+                    if ( permission.indexOf( ':' ) != -1 ) {
+                        operations = stringOrSubstringBeforeFirst( permission, ':' );
+                    }
+                    if ( isBlank( operations ) ) {
+                        operations = "*";
+                    }
+                    permission = stringOrSubstringAfterFirst( permission, ':' );
+                    permission = "applications:" + operations + ":" + applicationId + ":"
+ permission;
+                    grant( info, permission );
+                }
+            }
+        }
+    }
+
+    /** Grant all permissions for the role names on this application */
+    protected void grantAppRoles(
+        UsergridAuthorizationInfo info,
+        EntityManager em, UUID applicationId,
+        TokenInfo token,
+        Set<String> rolenames ) throws Exception {
+
+        Map<String, Role> app_roles = em.getRolesWithTitles( rolenames );
+
+        for ( String rolename : rolenames ) {
+            if ( ( app_roles != null ) && ( token != null ) ) {
+                Role role = app_roles.get( rolename );
+                if ( ( role != null ) && ( role.getInactivity() > 0 ) &&
( token.getInactive() > role
+                    .getInactivity() ) ) {
+                    continue;
+                }
+            }
+            Set<String> permissions = em.getRolePermissions( rolename );
+            grant( info, applicationId, permissions );
+            role( info, "application-role:".concat( applicationId.toString() ).concat( ":"
).concat( rolename ) );
+        }
+    }
 }

http://git-wip-us.apache.org/repos/asf/usergrid/blob/64876385/stack/services/src/main/java/org/apache/usergrid/security/shiro/principals/UserPrincipal.java
----------------------------------------------------------------------
diff --git a/stack/services/src/main/java/org/apache/usergrid/security/shiro/principals/UserPrincipal.java
b/stack/services/src/main/java/org/apache/usergrid/security/shiro/principals/UserPrincipal.java
index 0e39ec9..070211d 100644
--- a/stack/services/src/main/java/org/apache/usergrid/security/shiro/principals/UserPrincipal.java
+++ b/stack/services/src/main/java/org/apache/usergrid/security/shiro/principals/UserPrincipal.java
@@ -24,10 +24,12 @@ import org.apache.usergrid.management.UserInfo;
 
 public abstract class UserPrincipal extends PrincipalIdentifier {
 
-    final UserInfo user;
-    final UUID applicationId;
+    UserInfo user;
+    UUID applicationId;
 
 
+    public UserPrincipal() {}
+
     public UserPrincipal( UUID applicationId, UserInfo user ) {
         this.applicationId = applicationId;
         this.user = user;

http://git-wip-us.apache.org/repos/asf/usergrid/blob/64876385/stack/services/src/main/java/org/apache/usergrid/security/shiro/utils/SubjectUtils.java
----------------------------------------------------------------------
diff --git a/stack/services/src/main/java/org/apache/usergrid/security/shiro/utils/SubjectUtils.java
b/stack/services/src/main/java/org/apache/usergrid/security/shiro/utils/SubjectUtils.java
index b0b10a7..ff420a1 100644
--- a/stack/services/src/main/java/org/apache/usergrid/security/shiro/utils/SubjectUtils.java
+++ b/stack/services/src/main/java/org/apache/usergrid/security/shiro/utils/SubjectUtils.java
@@ -17,9 +17,11 @@
 package org.apache.usergrid.security.shiro.utils;
 
 
+import java.util.Map;
 import java.util.Set;
 import java.util.UUID;
 
+import com.google.common.collect.HashBiMap;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.apache.usergrid.management.ApplicationInfo;
@@ -77,8 +79,9 @@ public class SubjectUtils {
             return null;
         }
         Session session = currentUser.getSession();
-        @SuppressWarnings( "unchecked" ) BiMap<UUID, String> organizations =
-                ( BiMap<UUID, String> ) session.getAttribute( "organizations" );
+        BiMap<UUID, String> organizations = HashBiMap.create();
+        Map map = (Map)session.getAttribute( "organizations" );
+        organizations.putAll(map);
         return organizations;
     }
 
@@ -272,7 +275,11 @@ public class SubjectUtils {
             return null;
         }
         Session session = currentUser.getSession();
-        return ( BiMap<UUID, String> ) session.getAttribute( "applications" );
+
+        BiMap<UUID, String> applications = HashBiMap.create();
+        Map map = (Map)session.getAttribute( "applications" );
+        applications.putAll(map);
+        return applications;
     }
 
 

http://git-wip-us.apache.org/repos/asf/usergrid/blob/64876385/stack/services/src/main/java/org/apache/usergrid/services/AbstractService.java
----------------------------------------------------------------------
diff --git a/stack/services/src/main/java/org/apache/usergrid/services/AbstractService.java
b/stack/services/src/main/java/org/apache/usergrid/services/AbstractService.java
index d032589..e7d4fc4 100644
--- a/stack/services/src/main/java/org/apache/usergrid/services/AbstractService.java
+++ b/stack/services/src/main/java/org/apache/usergrid/services/AbstractService.java
@@ -27,6 +27,7 @@ import java.util.Set;
 import java.util.UUID;
 
 import com.codahale.metrics.Timer;
+import org.apache.usergrid.persistence.cache.CacheFactory;
 import org.apache.usergrid.persistence.core.metrics.MetricsFactory;
 import org.apache.usergrid.persistence.core.metrics.ObservableTimer;
 import org.slf4j.Logger;
@@ -107,6 +108,7 @@ public abstract class AbstractService implements Service {
     private Timer entitiesParallelGetTimer;
     private Timer invokeTimer;
 
+    protected CacheFactory cacheFactory;
 
     public AbstractService() {
 
@@ -124,6 +126,8 @@ public abstract class AbstractService implements Service {
         this.entitiesGetTimer = metricsFactory.getTimer(this.getClass(), "importEntities.get");
         this.entitiesParallelGetTimer = metricsFactory.getTimer( this.getClass(),"importEntitiesP.get"
);
         this.invokeTimer = metricsFactory.getTimer( this.getClass(),"service.invoke" );
+
+        this.cacheFactory = injector.getInstance( CacheFactory.class );
     }
 
 

http://git-wip-us.apache.org/repos/asf/usergrid/blob/64876385/stack/services/src/main/java/org/apache/usergrid/services/guice/ServiceModuleImpl.java
----------------------------------------------------------------------
diff --git a/stack/services/src/main/java/org/apache/usergrid/services/guice/ServiceModuleImpl.java
b/stack/services/src/main/java/org/apache/usergrid/services/guice/ServiceModuleImpl.java
index ef680f0..5ce19e0 100644
--- a/stack/services/src/main/java/org/apache/usergrid/services/guice/ServiceModuleImpl.java
+++ b/stack/services/src/main/java/org/apache/usergrid/services/guice/ServiceModuleImpl.java
@@ -22,8 +22,7 @@ package org.apache.usergrid.services.guice;
 import com.google.inject.AbstractModule;
 import com.google.inject.TypeLiteral;
 import com.google.inject.multibindings.Multibinder;
-import org.apache.shiro.authz.SimpleAuthorizationInfo;
-import org.apache.shiro.subject.SimplePrincipalCollection;
+import org.apache.shiro.authc.SimpleAuthenticationInfo;
 import org.apache.usergrid.corepersistence.ServiceModule;
 import org.apache.usergrid.management.AppInfoMigrationPlugin;
 import org.apache.usergrid.persistence.cache.CacheFactory;
@@ -31,8 +30,8 @@ import org.apache.usergrid.persistence.cache.impl.CacheFactoryImpl;
 import org.apache.usergrid.persistence.cache.impl.ScopedCacheSerialization;
 import org.apache.usergrid.persistence.cache.impl.ScopedCacheSerializationImpl;
 import org.apache.usergrid.persistence.core.migration.data.MigrationPlugin;
-
-import java.util.Map;
+import org.apache.usergrid.security.shiro.UsergridAuthenticationInfo;
+import org.apache.usergrid.security.shiro.UsergridAuthorizationInfo;
 
 
 // <bean id="notificationsQueueListener" class="org.apache.usergrid.services.notifications.QueueListener"
@@ -55,11 +54,18 @@ public class ServiceModuleImpl extends AbstractModule implements ServiceModule
{
         final Multibinder<MigrationPlugin> plugins = Multibinder.newSetBinder( binder(),
MigrationPlugin.class );
         plugins.addBinding().to(AppInfoMigrationPlugin.class);
 
-        bind(    new TypeLiteral<CacheFactory<String, SimpleAuthorizationInfo>>()
{} )
-            .to( new TypeLiteral<CacheFactoryImpl<String, SimpleAuthorizationInfo>>()
{});
+        bind(    new TypeLiteral<CacheFactory<String, UsergridAuthorizationInfo>>()
{} )
+            .to( new TypeLiteral<CacheFactoryImpl<String, UsergridAuthorizationInfo>>()
{});
+
+        bind(    new TypeLiteral<ScopedCacheSerialization<String, UsergridAuthorizationInfo>>()
{})
+            .to(new TypeLiteral<ScopedCacheSerializationImpl<String, UsergridAuthorizationInfo>>()
{
+            });
+
+        bind(    new TypeLiteral<CacheFactory<String, UsergridAuthenticationInfo>>()
{} )
+            .to( new TypeLiteral<CacheFactoryImpl<String, UsergridAuthenticationInfo>>()
{});
 
-        bind(    new TypeLiteral<ScopedCacheSerialization<String, SimpleAuthorizationInfo>>()
{})
-            .to( new TypeLiteral<ScopedCacheSerializationImpl<String, SimpleAuthorizationInfo>>()
{});
+        bind(    new TypeLiteral<ScopedCacheSerialization<String, UsergridAuthenticationInfo>>()
{})
+            .to( new TypeLiteral<ScopedCacheSerializationImpl<String, UsergridAuthenticationInfo>>()
{});
 
     }
 }

http://git-wip-us.apache.org/repos/asf/usergrid/blob/64876385/stack/services/src/main/java/org/apache/usergrid/services/roles/RolesService.java
----------------------------------------------------------------------
diff --git a/stack/services/src/main/java/org/apache/usergrid/services/roles/RolesService.java
b/stack/services/src/main/java/org/apache/usergrid/services/roles/RolesService.java
index 344ea1f..f9b848b 100644
--- a/stack/services/src/main/java/org/apache/usergrid/services/roles/RolesService.java
+++ b/stack/services/src/main/java/org/apache/usergrid/services/roles/RolesService.java
@@ -21,6 +21,8 @@ import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
+import org.apache.usergrid.persistence.cache.CacheScope;
+import org.apache.usergrid.persistence.cache.ScopedCache;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.apache.usergrid.persistence.EntityRef;
@@ -204,13 +206,17 @@ public class RolesService extends AbstractCollectionService {
 
 
     public ServiceResults grantApplicationRolePermission( String roleName, String permission
) throws Exception {
-        em.grantRolePermission( roleName, permission );
+        em.grantRolePermission(roleName, permission);
+        ScopedCache scopedCache = cacheFactory.getScopedCache(new CacheScope(em.getApplication().asId()));
+        scopedCache.invalidate();
         return getApplicationRolePermissions( roleName );
     }
 
 
     public ServiceResults revokeApplicationRolePermission( String roleName, String permission
) throws Exception {
         em.revokeRolePermission( roleName, permission );
+        ScopedCache scopedCache = cacheFactory.getScopedCache(new CacheScope(em.getApplication().asId()));
+        scopedCache.invalidate();
         return getApplicationRolePermissions( roleName );
     }
 

http://git-wip-us.apache.org/repos/asf/usergrid/blob/64876385/stack/services/src/main/java/org/apache/usergrid/services/users/roles/RolesService.java
----------------------------------------------------------------------
diff --git a/stack/services/src/main/java/org/apache/usergrid/services/users/roles/RolesService.java
b/stack/services/src/main/java/org/apache/usergrid/services/users/roles/RolesService.java
index c605482..6da58bf 100644
--- a/stack/services/src/main/java/org/apache/usergrid/services/users/roles/RolesService.java
+++ b/stack/services/src/main/java/org/apache/usergrid/services/users/roles/RolesService.java
@@ -19,6 +19,8 @@ package org.apache.usergrid.services.users.roles;
 
 import java.util.UUID;
 
+import org.apache.usergrid.persistence.cache.CacheScope;
+import org.apache.usergrid.persistence.cache.ScopedCache;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.apache.usergrid.persistence.Entity;
@@ -46,6 +48,8 @@ public class RolesService extends org.apache.usergrid.services.roles.RolesServic
         Entity entity = sm.getService( "/roles" ).getEntity( context.getRequest(), id );
         if ( entity != null ) {
             em.addUserToRole( user.getUuid(), entity.getName() );
+            ScopedCache scopedCache = cacheFactory.getScopedCache(new CacheScope(em.getApplication().asId()));
+            scopedCache.invalidate();
         }
         return new ServiceResults( this, context, Type.COLLECTION, Results.fromRef( entity
), null, null );
     }
@@ -57,6 +61,8 @@ public class RolesService extends org.apache.usergrid.services.roles.RolesServic
         Entity entity = sm.getService( "/roles" ).getEntity( context.getRequest(), name );
         if ( entity != null ) {
             em.addUserToRole( user.getUuid(), entity.getName() );
+            ScopedCache scopedCache = cacheFactory.getScopedCache(new CacheScope(em.getApplication().asId()));
+            scopedCache.invalidate();
         }
         return new ServiceResults( this, context, Type.COLLECTION, Results.fromRef( entity
), null, null );
     }
@@ -68,6 +74,8 @@ public class RolesService extends org.apache.usergrid.services.roles.RolesServic
         ServiceResults results = getItemById( context, id );
         if ( !results.isEmpty() ) {
             em.removeUserFromRole( user.getUuid(), results.getEntity().getName() );
+            ScopedCache scopedCache = cacheFactory.getScopedCache(new CacheScope(em.getApplication().asId()));
+            scopedCache.invalidate();
         }
         return results;
     }
@@ -79,6 +87,8 @@ public class RolesService extends org.apache.usergrid.services.roles.RolesServic
         ServiceResults results = getItemByName( context, name );
         if ( !results.isEmpty() ) {
             em.removeUserFromRole( user.getUuid(), results.getEntity().getName() );
+            ScopedCache scopedCache = cacheFactory.getScopedCache(new CacheScope(em.getApplication().asId()));
+            scopedCache.invalidate();
         }
         return results;
     }


Mime
View raw message