private String userKey(String userId, ResourceType r) { return String.format("%s:%s:%s:%s", prefix, KEY_PERMISSIONS, userId, r.keySuffix()); }
public String keySuffix() { return this.toString().toLowerCase() + "s"; } }
public static ResourceType parse(@NonNull String pluralOrKey) { if (pluralOrKey.contains(":")) { pluralOrKey = StringUtils.substringAfterLast(pluralOrKey, ":"); } String singular = StringUtils.removeEnd(pluralOrKey, "s"); return ResourceType.valueOf(singular.toUpperCase()); }
private Table<String, ResourceType, Response<Map<String, String>>> getAllFromRedis(Set<String> userIds) { if (userIds.size() == 0) { return HashBasedTable.create(); } try { return redisClientDelegate.withMultiKeyPipeline(p -> { Table<String, ResourceType, Response<Map<String, String>>> responseTable = ArrayTable.create(userIds, new ArrayIterator<>(ResourceType.values())); for (String userId : userIds) { for (ResourceType r : ResourceType.values()) { responseTable.put(userId, r, p.hgetAll(userKey(userId, r))); } } p.sync(); return responseTable; }); } catch (Exception e) { log.error("Storage exception reading all entries.", e); } return null; }
HttpServletResponse response) throws IOException { Authorization a = Authorization.valueOf(authorization.toUpperCase()); ResourceType r = ResourceType.parse(resourceType); Set<Authorization> authorizations = new HashSet<>(0);
private Table<String, ResourceType, Response<Map<String, String>>> getAllFromRedis(Set<String> userIds) { if (userIds.size() == 0) { return HashBasedTable.create(); } try { return redisClientDelegate.withMultiKeyPipeline(p -> { Table<String, ResourceType, Response<Map<String, String>>> responseTable = ArrayTable.create(userIds, new ArrayIterator<>(ResourceType.values())); for (String userId : userIds) { for (ResourceType r : ResourceType.values()) { responseTable.put(userId, r, p.hgetAll(userKey(userId, r))); } } p.sync(); return responseTable; }); } catch (Exception e) { log.error("Storage exception reading all entries.", e); } return null; }
@Override public boolean hasPermission(Authentication authentication, Serializable resourceName, String resourceType, Object authorization) { if (!fiatStatus.isEnabled()) { return true; } if (resourceName == null || resourceType == null || authorization == null) { log.debug("Permission denied due to null argument. resourceName={}, resourceType={}, " + "authorization={}", resourceName, resourceType, authorization); return false; } ResourceType r = ResourceType.parse(resourceType); Authorization a = null; // Service accounts don't have read/write authorizations. if (r != ResourceType.SERVICE_ACCOUNT) { a = Authorization.valueOf(authorization.toString()); } if (r == ResourceType.APPLICATION && StringUtils.isNotEmpty(resourceName.toString())) { resourceName = resourceName.toString(); } UserPermission.View permission = getPermission(getUsername(authentication)); boolean hasPermission = permissionContains(permission, resourceName.toString(), r, a); authorizationFailure.set( hasPermission ? null : new AuthorizationFailure(a, r, resourceName.toString()) ); return hasPermission; }
@Override public RedisPermissionsRepository put(@NonNull UserPermission permission) { Map<ResourceType, Map<String, String>> resourceTypeToRedisValue = new HashMap<>(ResourceType.values().length); .forEach(role -> pipeline.srem(roleKey(role), userId)); for (ResourceType r : ResourceType.values()) { String userResourceKey = userKey(userId, r);
@Override public boolean hasPermission(Authentication authentication, Serializable resourceName, String resourceType, Object authorization) { if (!fiatStatus.isEnabled()) { return true; } if (resourceName == null || resourceType == null || authorization == null) { log.debug("Permission denied due to null argument. resourceName={}, resourceType={}, " + "authorization={}", resourceName, resourceType, authorization); return false; } ResourceType r = ResourceType.parse(resourceType); Authorization a = null; // Service accounts don't have read/write authorizations. if (r != ResourceType.SERVICE_ACCOUNT) { a = Authorization.valueOf(authorization.toString()); } if (r == ResourceType.APPLICATION && StringUtils.isNotEmpty(resourceName.toString())) { resourceName = resourceName.toString(); } UserPermission.View permission = getPermission(getUsername(authentication)); boolean hasPermission = permissionContains(permission, resourceName.toString(), r, a); authorizationFailure.set( hasPermission ? null : new AuthorizationFailure(a, r, resourceName.toString()) ); return hasPermission; }
public String keySuffix() { return this.toString().toLowerCase() + "s"; } }
public static ResourceType parse(@NonNull String pluralOrKey) { if (pluralOrKey.contains(":")) { pluralOrKey = StringUtils.substringAfterLast(pluralOrKey, ":"); } String singular = StringUtils.removeEnd(pluralOrKey, "s"); return ResourceType.valueOf(singular.toUpperCase()); }
private String userKey(String userId, ResourceType r) { return String.format("%s:%s:%s:%s", prefix, KEY_PERMISSIONS, userId, r.keySuffix()); }
@Override public RedisPermissionsRepository put(@NonNull UserPermission permission) { Map<ResourceType, Map<String, String>> resourceTypeToRedisValue = new HashMap<>(ResourceType.values().length); .forEach(role -> pipeline.srem(roleKey(role), userId)); for (ResourceType r : ResourceType.values()) { String userResourceKey = userKey(userId, r);
@Override public void remove(@NonNull String id) { try { redisClientDelegate.withCommandsClient(jedis -> { Map<String, String> userRolesById = jedis.hgetAll(userKey(id, ResourceType.ROLE)); redisClientDelegate.withMultiKeyPipeline(p -> { p.srem(allUsersKey(), id); for (String roleName : userRolesById.keySet()) { p.srem(roleKey(roleName), id); } for (ResourceType r : ResourceType.values()) { p.del(userKey(id, r)); } p.srem(adminKey(), id); p.sync(); }); }); } catch (Exception e) { log.error("Storage exception reading " + id + " entry.", e); } }
@Override public void remove(@NonNull String id) { try { redisClientDelegate.withCommandsClient(jedis -> { Map<String, String> userRolesById = jedis.hgetAll(userKey(id, ResourceType.ROLE)); redisClientDelegate.withMultiKeyPipeline(p -> { p.srem(allUsersKey(), id); for (String roleName : userRolesById.keySet()) { p.srem(roleKey(roleName), id); } for (ResourceType r : ResourceType.values()) { p.del(userKey(id, r)); } p.srem(adminKey(), id); p.sync(); }); }); } catch (Exception e) { log.error("Storage exception reading " + id + " entry.", e); } }
@Override public Optional<UserPermission> get(@NonNull String id) { try { return redisClientDelegate.withMultiKeyPipeline(p -> { RawUserPermission userResponseMap = new RawUserPermission(); RawUserPermission unrestrictedResponseMap = new RawUserPermission(); Response<Boolean> isUserInRepo = p.sismember(allUsersKey(), id); for (ResourceType r : ResourceType.values()) { Response<Map<String, String>> resourceMap = p.hgetAll(userKey(id, r)); userResponseMap.put(r, resourceMap); Response<Map<String, String>> unrestrictedMap = p.hgetAll(unrestrictedUserKey(r)); unrestrictedResponseMap.put(r, unrestrictedMap); } Response<Boolean> admin = p.sismember(adminKey(), id); p.sync(); if (!isUserInRepo.get()) { return Optional.empty(); } userResponseMap.isAdmin = admin.get(); UserPermission unrestrictedUser = getUserPermission(UNRESTRICTED, unrestrictedResponseMap); return Optional.of(getUserPermission(id, userResponseMap).merge(unrestrictedUser)); }); } catch (Exception e) { log.error("Storage exception reading " + id + " entry.", e); } return Optional.empty(); }
@Override public Optional<UserPermission> get(@NonNull String id) { try { return redisClientDelegate.withMultiKeyPipeline(p -> { RawUserPermission userResponseMap = new RawUserPermission(); RawUserPermission unrestrictedResponseMap = new RawUserPermission(); Response<Boolean> isUserInRepo = p.sismember(allUsersKey(), id); for (ResourceType r : ResourceType.values()) { Response<Map<String, String>> resourceMap = p.hgetAll(userKey(id, r)); userResponseMap.put(r, resourceMap); Response<Map<String, String>> unrestrictedMap = p.hgetAll(unrestrictedUserKey(r)); unrestrictedResponseMap.put(r, unrestrictedMap); } Response<Boolean> admin = p.sismember(adminKey(), id); p.sync(); if (!isUserInRepo.get()) { return Optional.empty(); } userResponseMap.isAdmin = admin.get(); UserPermission unrestrictedUser = getUserPermission(UNRESTRICTED, unrestrictedResponseMap); return Optional.of(getUserPermission(id, userResponseMap).merge(unrestrictedUser)); }); } catch (Exception e) { log.error("Storage exception reading " + id + " entry.", e); } return Optional.empty(); }