public ACLVoter choose() { Long shareId = cd.getCurrentEventContext().getCurrentShareId(); if (shareId == null || shareId.longValue() < 0) { // ticket:2219 return basic; } else { return sharing; } }
void setup(Ice.Current current) { if (current != null) { cd.setContext(current.ctx); } }
public void disable(String... ids) { if (ids == null || ids.length == 0) { throw new ApiUsageException("Ids should not be empty."); } cd.addAllDisabled(ids); }
public void enable(String... ids) { if (ids == null || ids.length == 0) { cd.clearDisabled(); } cd.removeAllDisabled(ids); }
public Principal principal() { if (principalHolder.size() == 0) { return null; } else { EventContext ec = principalHolder.getCurrentEventContext(); String session = ec.getCurrentSessionUuid(); return new Principal(session); } }
/** * Login method which can be used by the security system to replace the * existing {@link BasicEventContext}. */ public void login(BasicEventContext bec) { if (log.isDebugEnabled()) { log.debug("Logging in :" + bec); } checkDelayedCallContext(bec); list().add(bec); bec.getStats().methodIn(); }
if (msg instanceof ContextMessage.Pop){ cd.logout(); final EventContext curr = cd.getCurrentEventContext(); final boolean readOnly = curr.isReadOnly(); final boolean isClose = false; cd.login(cd.getLast()); // Login with same principal cd.setContext(msg.context); if (!doLogin(readOnly, isClose)) { throw new InternalException("Failed to login on Push: " +
EventContext ec = cd.getCurrentEventContext(); if (ec instanceof BasicSecurityWiring.CloseOnNoSessionContext) { throw new SessionTimeoutException("closing", ec); cd.checkAndInitialize(ec, admin, store); ec = cd.getCurrentEventContext(); // Replace with callContext cd.setValues(exp, sudoer, callGroup, callPerms, isAdmin, adminPrivileges, isReadOnly, shareId); Event event = cd.newEvent(sess, type, tokenHolder); tokenHolder.setToken(event.getGraphHolder()); event.setExperimenterGroup(eventGroup); cd.updateEvent(eventProvider.updateEvent(event)); // TODO use merge
if (p == null && principalHolder.size() == 0) { throw new IllegalStateException("Must provide principal"); } else if (p != null && principalHolder.size() > 0) { throw new IllegalStateException( "Already logged in. Use Executor.submit() and .get()."); this.principalHolder.login(p); this.principalHolder.setContext(callContext); } finally { if (callContext != null) { this.principalHolder.setContext(null); int left = this.principalHolder.logout(); if (left > 0) { log.warn("Logins left: " + left); for (int j = 0; j < left; j++) { this.principalHolder.logout();
/** * Called in the main server (Blitz-0) in order to create a PIXELDATA * {@link EventLog} which will get processed by PixelData-0. */ public void onApplicationEvent(final MissingPyramidMessage mpm) { if (readOnly.isReadOnlyDb()) { log.debug("Ignored: " + mpm); return; } log.info("Received: " + mpm); // #5232. If this is called without an active event, then throw // an exception since a call to Executor should wrap whatever the // invoker is doing. final CurrentDetails cd = executor.getContext().getBean(CurrentDetails.class); if (cd.size() <= 0) { throw new InternalException("Not logged in."); } final EventContext ec = cd.getCurrentEventContext(); if (null == ec.getCurrentUserId()) { throw new InternalException("No user! Must be wrapped by call to Executor?"); } Future<EventLog> future = this.executor.submit(cd.getContext(), new Callable<EventLog>(){ public EventLog call() throws Exception { return makeEvent(ec, mpm); }}); this.executor.get(future); }
final Long currentGroupId = currentUser.getGroup().getId(); final boolean currentGroupNegative = currentGroupId < 0; final IObject[] candidates = em.getLockCandidates(changedObject); throwIfGroupsDontMatch(currentUser.getGroup(), changedObject, linkedDetails.getGroup(), linkedObject); final EventContext ec = currentUser.getCurrentEventContext(); final boolean isOwner = ec.getCurrentUserId().equals(linkedUid); final boolean isOwnerOrSupervisor = currentUser.isOwnerOrSupervisor(linkedObject); final boolean isSupervisor = (!isOwner) && isOwnerOrSupervisor; final boolean isMember = ec.getMemberOfGroupsList().contains(linkedGid); final Permissions p = currentUser.getCurrentEventContext() .getCurrentGroupPermissions(); if (!isOwner && currentUser.isGraphCritical(rv)) { String gname = currentUser.getGroup().getName(); String oname = currentUser.getOwner().getOmeName();
final BasicEventContext bec = currentUser.current(); newDetails.copyWhereUnset(null, currentUser.createDetails()); Permissions groupPerms = currentUser.getCurrentEventContext() .getCurrentGroupPermissions();
public void postProcess(IObject object) { if (object.isLoaded()) { if (object instanceof PermDetails) { object = ((PermDetails) object).getInternalContext(); if (!object.isLoaded()) { return; // EARLY EXIT } } Details details = object.getDetails(); // Sets context values. this.currentUser.applyContext(details, !(object instanceof ExperimenterGroup)); final BasicEventContext c = currentUser.current(); final Permissions p = details.getPermissions(); int allow = allowUpdateOrDelete(c, object, details, // This order must match the ordered of restrictions[] // expected by p.copyRestrictions Scope.LINK, Scope.EDIT, Scope.DELETE, Scope.ANNOTATE); allow = addChgrpChownRestrictionBits(object.getClass(), details, allow); // #9635 - This is not the most efficient solution // But since it's unclear why Permission objects // are currently being shared, the safest solution // is to always produce a copy. Permissions copy = new Permissions(p); copy.copyRestrictions(allow, restrictions(object)); details.setPermissions(copy); // #9635 } }
public void addLog(String action, Class klass, Long id) { cd.addLog(action, klass, id); }
public void onApplicationEvent(ApplicationEvent arg0) { if (arg0 instanceof RegisterServiceCleanupMessage) { RegisterServiceCleanupMessage cleanup = (RegisterServiceCleanupMessage) arg0; cd.addCleanup(cleanup); } }
/** * Simplified factory method which generates all the security primitives * internally. Primarily useful for generated testing instances. * @param sm the session manager * @param sf the session factory * @param cache the session cache * @return a configured security system */ public static BasicSecuritySystem selfConfigure(SessionManager sm, ServiceFactory sf, SessionCache cache) { CurrentDetails cd = new CurrentDetails(cache); SystemTypes st = new SystemTypes(); TokenHolder th = new TokenHolder(); Roles roles = new Roles(); final SessionProvider sessionProvider = new SessionProviderInMemory(roles, new NodeProviderInMemory(""), null); final OmeroInterceptor oi = new OmeroInterceptor(roles, st, new ExtendedMetadata.Impl(), cd, th, new PerSessionStats(cd), new LightAdminPrivileges(roles), null, new HashSet<String>(), new HashSet<String>()); SecurityFilterHolder holder = new SecurityFilterHolder( cd, new OneGroupSecurityFilter(roles), new AllGroupsSecurityFilter(null, roles), new SharingSecurityFilter(roles, null)); BasicSecuritySystem sec = new BasicSecuritySystem(oi, st, cd, sm, sessionProvider, new EventProviderInMemory(), roles, sf, new TokenHolder(), Collections.<SecurityFilter>singletonList(holder), new DefaultPolicyService(), new BasicACLVoter(cd, st, th, holder, sessionProvider, new ReadOnlyStatus(false, false))); return sec; }
void add(String action, Object entity) { if (entity instanceof IObject) { Class klass = entity.getClass(); Long id = ((IObject) entity).getId(); cd.addLog(action, klass, id); } }
public EventContext getEventContext(boolean refresh) { EventContext ec = cd.getCurrentEventContext(); if (refresh) { String uuid = ec.getCurrentSessionUuid(); ec = sessionManager.reload(uuid); } return ec; }
void teardown() { cd.setContext(null); }
public SecurityFilter choose() { final EventContext ec = cd.getCurrentEventContext(); final Long groupId = ec.getCurrentGroupId(); final Long shareId = ec.getCurrentShareId(); if (shareId != null && shareId >= 0) { return share; } else if (groupId < 0) { return allgroups; } else { return onegroup; } }