public void removeUserCredentials( UserCredentials userCredentials ) { members.remove( userCredentials ); userCredentials.getUserAuthorityGroups().remove( this ); }
protected void injectSecurityContext( User user ) { List<GrantedAuthority> grantedAuthorities = user.getUserCredentials().getAllAuthorities() .stream().map( SimpleGrantedAuthority::new ).collect( Collectors.toList() ); UserDetails userDetails = new org.springframework.security.core.userdetails.User( user.getUserCredentials().getUsername(), user.getUserCredentials().getPassword(), grantedAuthorities ); Authentication authentication = new UsernamePasswordAuthenticationToken( userDetails, "", grantedAuthorities ); SecurityContext context = SecurityContextHolder.createEmptyContext(); context.setAuthentication( authentication ); SecurityContextHolder.setContext( context ); }
/** * Tests whether the user has the given authority. Returns true in any case * if the user has the ALL authority. */ public boolean isAuthorized( String auth ) { return userCredentials != null && userCredentials.isAuthorized( auth ); }
public static UserCredentials createUserCredentials( char uniqueCharacter, User user ) { UserCredentials credentials = new UserCredentials(); credentials.setName( "UserCredentials" + uniqueCharacter ); credentials.setUsername( "Username" + uniqueCharacter ); credentials.setPassword( "Password" + uniqueCharacter ); credentials.setUserInfo( user ); user.setUserCredentials( credentials ); return credentials; }
@Override public boolean isLastSuperUser( UserCredentials userCredentials ) { if ( !userCredentials.isSuper() ) { return false; // Cannot be last if not super user } Collection<UserCredentials> users = userCredentialsStore.getAll(); for ( UserCredentials user : users ) { if ( user.isSuper() && !user.equals( userCredentials ) ) { return false; } } return true; }
public static UserInfo fromUser( User user ) { if ( user == null ) { return null; } UserCredentials credentials = user.getUserCredentials(); return new UserInfo( credentials.getId(), credentials.getUsername(), credentials.getAllAuthorities() ); }
protected User createUser( String username, String... authorities ) { Assert.notNull( userService, "UserService must be injected in test" ); String password = "district"; UserAuthorityGroup userAuthorityGroup = new UserAuthorityGroup(); userAuthorityGroup.setCode( username ); userAuthorityGroup.setName( username ); userAuthorityGroup.setDescription( username ); userAuthorityGroup.setAuthorities( Sets.newHashSet( authorities ) ); userService.addUserAuthorityGroup( userAuthorityGroup ); User user = new User(); user.setCode( username ); user.setFirstName( username ); user.setSurname( username ); userService.addUser( user ); UserCredentials userCredentials = new UserCredentials(); userCredentials.setCode( username ); userCredentials.setUser( user ); userCredentials.setUserInfo( user ); userCredentials.setUsername( username ); userCredentials.getUserAuthorityGroups().add( userAuthorityGroup ); userService.encodeAndSetPassword( userCredentials, password ); userService.addUserCredentials( userCredentials ); user.setUserCredentials( userCredentials ); userService.updateUser( user ); return user; }
public MockCurrentUserService( boolean superUserFlag, Set<OrganisationUnit> organisationUnits, Set<OrganisationUnit> dataViewOrganisationUnits, String... auths ) { UserAuthorityGroup userRole = new UserAuthorityGroup(); userRole.setAutoFields(); userRole.getAuthorities().addAll( Arrays.asList( auths ) ); this.superUserFlag = superUserFlag; UserCredentials credentials = new UserCredentials(); credentials.setUsername( "currentUser" ); credentials.getUserAuthorityGroups().add( userRole ); credentials.setAutoFields(); User user = new User(); user.setFirstName( "Current" ); user.setSurname( "User" ); user.setOrganisationUnits( organisationUnits ); user.setDataViewOrganisationUnits( dataViewOrganisationUnits ); user.setUserCredentials( credentials ); user.setAutoFields(); credentials.setUserInfo( user ); this.currentUser = user; }
user.getUserCredentials().getUserAuthorityGroups().add( userAuthorityGroup ); userService.addUser( user ); user.getUserCredentials().setUserInfo( user ); userService.addUserCredentials( user.getUserCredentials() ); user.getUserCredentials().getUsername(), user.getUserCredentials().getPassword(), grantedAuths );
List<UserAuthorityGroup> roles = userAuthorityGroupStore.getByUid( user.getUserCredentials().getUserAuthorityGroups().stream().map( r -> r.getUid() ).collect( Collectors.toList() ) ); if ( !currentUser.getUserCredentials().canIssueUserRole( ur, canGrantOwnUserAuthorityGroups ) ) boolean canAdd = currentUser.getUserCredentials().isAuthorized( UserGroup.AUTH_USER_ADD ); boolean canAddInGroup = currentUser.getUserCredentials().isAuthorized( UserGroup.AUTH_USER_ADD_IN_GROUP );
/** * Tests whether this user credentials has any of the authorities in the * given set. * * @param auths the authorities to compare with. * @return true or false. */ public boolean hasAnyAuthority( Collection<String> auths ) { Set<String> all = new HashSet<>( getAllAuthorities() ); return all.removeAll( auths ); }
@Override public void encodeAndSetPassword( UserCredentials userCredentials, String rawPassword ) { if ( StringUtils.isEmpty( rawPassword ) && !userCredentials.isExternalAuth() ) { return; // Leave unchanged if internal authentication and no password supplied } if ( userCredentials.isExternalAuth() ) { userCredentials.setPassword( UserService.PW_NO_INTERNAL_LOGIN ); return; // Set unusable, not-encoded password if external authentication } boolean isNewPassword = StringUtils.isBlank( userCredentials.getPassword() ) || !passwordManager.matches( rawPassword, userCredentials.getPassword() ); if ( isNewPassword ) { userCredentials.setPasswordLastUpdated( new Date() ); } // Encode and set password userCredentials.setPassword( passwordManager.encode( rawPassword ) ); userCredentials.getPreviousPasswords().add( passwordManager.encode( rawPassword ) ); }
if ( !userCredentials.isSuper() && !userCredentials.isAuthorized( "F_TRACKED_ENTITY_INSTANCE_SEARCH_IN_ALL_ORGUNITS" ) ) if ( pr != null && !userCredentials.isSuper() && !aclService.canDataRead( user, pr ) ) if ( ps != null && !userCredentials.isSuper() && !aclService.canDataRead( user, ps ) ) if ( attributeOptionCombo != null && !userCredentials.isSuper() && !aclService.canDataRead( user, attributeOptionCombo ) )
boolean enabled = !credentials.isDisabled(); boolean credentialsNonExpired = userService.credentialsNonExpired( credentials ); boolean accountNonLocked = !securityService.isLocked( credentials.getUsername() ); return new User( credentials.getUsername(), credentials.getPassword(), enabled, true, credentialsNonExpired, accountNonLocked, SecurityUtils.getGrantedAuthorities( credentials ) );
Set<String> auths = params.getUser().getUserCredentials().getAllAuthorities(); Collection<Integer> roles = IdentifiableObjectUtils.getIdentifiers( params.getUser().getUserCredentials().getUserAuthorityGroups() );
/** * Can the user read from this CategoryOptionGroupSet (COGS)? * <p> * If the COGS is null, then the user must have no dimension constraints. * (In other words, the user must be able to read across all category * option groups.) * <p> * If the COGS is not null, then the user must be able to read at least * one category option group from the category option group set. * * @param cogs The category option group set to test * @return true if user can read at least one category option group. */ private boolean canReadCOGS( User user, CategoryOptionGroupSet cogs ) { if ( cogs == null ) { UserCredentials userCredentials = user.getUserCredentials(); return CollectionUtils.isEmpty( userCredentials.getCogsDimensionConstraints() ) && CollectionUtils.isEmpty( userCredentials.getCatDimensionConstraints() ); } return !CollectionUtils.isEmpty( categoryService.getCategoryOptionGroups( cogs ) ); }
Map<String, Object> userCredentialsReferenceMap = userCredentialsReferences.get( userCredentials.getUid() ); userCredentials.setUser( (User) userCredentialsReferenceMap.get( "user" ) ); userCredentials.setUserInfo( user );
@Override public String allowDeleteUserAuthorityGroup( UserAuthorityGroup authorityGroup ) { for ( UserCredentials credentials : authorityGroup.getMembers() ) { for ( UserAuthorityGroup role : credentials.getUserAuthorityGroups() ) { if ( role.equals( authorityGroup ) ) { return credentials.getName(); } } } return null; } }
@Override public void postUpdate( IdentifiableObject persistedObject, ObjectBundle bundle ) { if ( !User.class.isInstance( persistedObject ) || !bundle.hasExtras( persistedObject, "uc" ) ) return; User user = (User) persistedObject; final UserCredentials userCredentials = (UserCredentials) bundle.getExtras( persistedObject, "uc" ); final UserCredentials persistedUserCredentials = bundle.getPreheat().get( bundle.getPreheatIdentifier(), UserCredentials.class, user ); if ( !StringUtils.isEmpty( userCredentials.getPassword() ) ) { userService.encodeAndSetPassword( persistedUserCredentials, userCredentials.getPassword() ); } mergeService.merge( new MergeParams<>( userCredentials, persistedUserCredentials ).setMergeMode( bundle.getMergeMode() ) ); preheatService.connectReferences( persistedUserCredentials, bundle.getPreheat(), bundle.getPreheatIdentifier() ); persistedUserCredentials.setUserInfo( user ); user.setUserCredentials( persistedUserCredentials ); sessionFactory.getCurrentSession().update( user.getUserCredentials() ); bundle.removeExtras( persistedObject, "uc" ); }
@Override public boolean canRestore( UserCredentials credentials, String token, RestoreType restoreType ) { String logPrefix = "Restore user: " + credentials.getUid() + ", username: " + credentials.getUsername() + " "; String errorMessage = verifyRestore( credentials, token, restoreType ); if ( errorMessage != null ) { log.info( logPrefix + "Failed to verify restore: " + errorMessage ); return false; } log.info( logPrefix + " success" ); return true; }