@Override public void addUser(String username, String allowedHost, String password) throws JasDBStorageException { validateSession(); userManager.addUser(session, username, allowedHost, password); }
@Override public void deleteUser(String username) throws JasDBStorageException { validateSession(); userManager.deleteUser(session, username); }
@Override public List<String> getUsers() throws JasDBStorageException { return userManager.getUsers(session); }
@Override public void revoke(String username, String object) throws JasDBStorageException { validateSession(); userManager.revoke(session, object, username); }
@Override public void grant(String username, String object, AccessMode mode) throws JasDBStorageException { validateSession(); userManager.grantUser(session, object, username, mode); }
@Override public UserSession startSession(Credentials credentials) throws JasDBStorageException { User user = userManager.authenticate(credentials); String sessionId = UUID.randomUUID().toString(); String token = UUID.randomUUID().toString(); CryptoEngine userEncryptionEngine = CryptoFactory.getEngine(user.getEncryptionEngine()); String encryptedContentKey = user.getEncryptedContentKey(); String contentKey = userEncryptionEngine.decrypt(user.getPasswordSalt(), credentials.getPassword(), encryptedContentKey); encryptedContentKey = userEncryptionEngine.encrypt(user.getPasswordSalt(), token, contentKey); UserSession session = new UserSessionImpl(sessionId, token, encryptedContentKey, user); userManager.authorize(session, "/", AccessMode.CONNECT); secureUserSessionMap.put(sessionId, new SecureUserSession(session)); return session; }
@Around("execution(* com.oberasoftware.jasdb.engine.StorageService.removeEntity(..)) && args(context, entity) && target(storageService)") public void removeEntity(ProceedingJoinPoint jp, RequestContext context, SimpleEntity entity, StorageService storageService) throws Throwable { if(securityEnabled) { LOG.debug("Remove aspect invoked with context: {}", context); userManager.authorize(context.getUserSession(), getObjectName(storageService), AccessMode.DELETE); LOG.debug("Authorization done on remove of: {}, proceeding for context: {}", entity, context); } jp.proceed(); }
private RestEntity loadAllGrantObjects(RequestContext context) throws RestException { try { List<GrantObject> grantObjects = userManager.getGrantObjects(context.getUserSession()); List<RestGrantObject> restGrantObjects = new ArrayList<>(); for(GrantObject grantObject : grantObjects) { restGrantObjects.add(GrantModelMapper.map(grantObject)); } return new RestGrantObjectCollection(restGrantObjects); } catch(JasDBStorageException e) { throw new RestException("Unable to load grant objects", e); } }
private RestEntity loadSpecificGrantObject(RequestContext context, String object) throws RestException { try { GrantObject grantObject = userManager.getGrantObject(context.getUserSession(), object); return GrantModelMapper.map(grantObject); } catch(JasDBStorageException e) { throw new RestException("Unable to load grant objects", e); } }
@RequestMapping(value = "/Grants({grantId})", produces = "application/json", method = DELETE) public RestEntity removeEntry(@RequestBody RestGrant grant, HttpServletRequest request) throws RestException { if(StringUtils.stringNotEmpty(grant.getObjectName()) && StringUtils.stringNotEmpty(grant.getUsername())) { try { RequestContext requestContext = getRequestContext(request); userManager.revoke(requestContext.getUserSession(), grant.getObjectName(), grant.getUsername()); return null; } catch(JasDBStorageException e) { throw new RestException("Unable to revoke grant", e); } } else { throw new RestException("Cannot remove without user and object specified"); } } }
@RequestMapping(value = "/Grants", consumes = "application/json", produces = "application/json", method = POST) public RestEntity writeEntry(@RequestBody RestGrant grant, HttpServletRequest request) throws RestException { RequestContext requestContext = getRequestContext(request); if(requestContext.isSecure()) { if(StringUtils.stringNotEmpty(grant.getObjectName()) && StringUtils.stringNotEmpty(grant.getUsername())) { try { userManager.grantUser(requestContext.getUserSession(), grant.getObjectName(), grant.getUsername(), grant.getMode()); return loadSpecificGrantObject(requestContext, grant.getObjectName()); } catch(JasDBStorageException e) { throw new RestException("Unable to grant", e); } } else { throw new RestException("Incomplete grant details"); } } else { throw new RestException("Unable to create grant, unsecure connection"); } }
@Around("execution(* com.oberasoftware.jasdb.engine.StorageService.removeEntity(..)) && args(context, internalId) && target(storageService)") public void removeEntity(ProceedingJoinPoint jp, RequestContext context, String internalId, StorageService storageService) throws Throwable { if(securityEnabled) { LOG.debug("Remove aspect invoked with context: {}", context); userManager.authorize(context.getUserSession(), getObjectName(storageService), AccessMode.DELETE); LOG.debug("Authorization done on remove of: {}, proceeding for context: {}", internalId, context); } jp.proceed(); }
private RestEntity loadUserList(RequestContext context) throws RestException { try { List<String> userList = userManager.getUsers(context.getUserSession()); return new RestUserList(userList); } catch(JasDBStorageException e) { throw new RestException("Unable to load user list", e); } }
@RequestMapping(value = "/Users", produces = "application/json", consumes = "application/json", method = POST) public RestEntity writeEntry(@RequestBody RestUser user, HttpServletRequest request) throws RestException { RequestContext requestContext = ControllerUtil.getRequestContext(request); if(requestContext.isSecure()) { if(StringUtils.stringNotEmpty(user.getUsername()) && StringUtils.stringNotEmpty(user.getAllowedHost()) && StringUtils.stringNotEmpty(user.getPassword())) { try { userManager.addUser(requestContext.getUserSession(), user.getUsername(), user.getAllowedHost(), user.getPassword()); return new RestUser(user.getUsername(), user.getAllowedHost(), null); } catch(JasDBStorageException e) { LOG.error("", e); throw new RestException("Unable to create user", e); } } else { throw new RestException("Incomplete user details"); } } else { throw new RestException("Unable to create user, unsecure connection"); } }
@RequestMapping(value = "/Users({userId})", produces = "application/json", consumes = "application/json", method = DELETE) public RestEntity removeEntry(@PathVariable String userId, HttpServletRequest request) throws RestException { if (StringUtils.stringNotEmpty(userId)) { try { RequestContext requestContext = ControllerUtil.getRequestContext(request); userManager.deleteUser(requestContext.getUserSession(), userId); return null; } catch (JasDBStorageException e) { throw new RestException("Unable to remove user", e); } } else { throw new RestException("Unable to delete user, no id specified"); } } }
@Around("execution(* com.oberasoftware.jasdb.engine.StorageService.insertEntity(..)) && args(context, entity) && target(storageService)") public void insertEntity(ProceedingJoinPoint jp, RequestContext context, SimpleEntity entity, StorageService storageService) throws Throwable { if(securityEnabled) { LOG.debug("Insert aspect invoked with context: {}", context); userManager.authorize(context.getUserSession(), getObjectName(storageService), AccessMode.WRITE); LOG.debug("Authorization done on insert of: {}, proceeding for context: {}", entity, context); } jp.proceed(); }
@Around("execution(* com.oberasoftware.jasdb.engine.StorageService.updateEntity(..)) && args(context, entity) && target(storageService)") public void updateEntity(ProceedingJoinPoint jp, RequestContext context, SimpleEntity entity, StorageService storageService) throws Throwable { if(securityEnabled) { LOG.debug("Update aspect invoked with context: {}", context); userManager.authorize(context.getUserSession(), getObjectName(storageService), AccessMode.UPDATE); LOG.debug("Authorization done on update of: {}, proceeding for context: {}", entity, context); } jp.proceed(); }
private Object doReadCheck(RequestContext requestContext, StorageService storageService, ProceedingJoinPoint jp) throws Throwable { if(securityEnabled) { LOG.debug("Read aspect invoked with context: {}", requestContext); userManager.authorize(requestContext.getUserSession(), getObjectName(storageService), AccessMode.READ); LOG.debug("Authorization done on find operation, proceeding for context: {}", requestContext); } return jp.proceed(); } }