/** * {@inheritDoc} * * @see org.opencastproject.security.api.UserProvider#getOrganization() */ @Override public String getOrganization() { return organization.getId(); }
/** * Constructs an organization from an organization * * @param org * the organization */ public static JaxbOrganization fromOrganization(Organization org) { if (org instanceof JaxbOrganization) return (JaxbOrganization) org; return new JaxbOrganization(org.getId(), org.getName(), org.getServers(), org.getAdminRole(), org.getAnonymousRole(), org.getProperties()); }
private void refresh() { final long now = System.currentTimeMillis(); if (now - lastRefresh > refreshInterval) { byId.clear(); byHost.clear(); for (Organization org : persistence.getOrganizations()) { byId.put(org.getId(), org); // (host, port) for (Map.Entry<String, Integer> server : org.getServers().entrySet()) { byHost.put(tuple(server.getKey(), server.getValue()), org); } } lastRefresh = now; } } }
originalOrganization.getId(), organizationHeader); ((HttpServletResponse) response).sendError(HttpServletResponse.SC_FORBIDDEN); return; requestedOrganization = organizationDirectory.getOrganization(organizationHeader); securityService.setOrganization(requestedOrganization); logger.trace("Switching to organization '{}' from request header {}", requestedOrganization.getId(), ORGANIZATION_HEADER); } catch (NotFoundException e) { logger.trace("Request organization remains '{}'", originalOrganization.getId()); String organizationAdminRole = requestedOrganization.getAdminRole(); if (!originalUser.hasRole(organizationAdminRole) && requestedUser.hasRole(organizationAdminRole)) { logger.warn("An unauthorized request is trying to switch to an admin user, from '{}' to '{}'", String organizationAdminRole = requestedOrganization.getAdminRole(); if (!originalUser.hasRole(organizationAdminRole) && requestedRoles.contains(organizationAdminRole)) { logger.warn("An unauthorized request by user '{}' is trying to gain admin role '{}'", requestedOrganization.getId()); chain.doFilter(httpRequest, response);
/** Get the OAI-PMH server URL of the current organization. */ public static Option<String> oaiPmhServerUrlOfCurrentOrganization(SecurityService secSvc) { return option(secSvc.getOrganization().getProperties().get(ORG_CFG_OAIPMH_SERVER_HOSTURL)); } }
if (user.hasRole(GLOBAL_ADMIN_ROLE) || user.hasRole(org.getAdminRole())) return true;
/** * {@inheritDoc} * * @see org.opencastproject.workingfilerepository.api.WorkingFileRepository#getBaseUri() */ @Override public URI getBaseUri() { if (securityService.getOrganization() != null) { Map<String, String> orgProps = securityService.getOrganization().getProperties(); if (orgProps != null && orgProps.containsKey(OpencastConstants.WFR_URL_ORG_PROPERTY)) { try { return new URI(UrlSupport.concat(orgProps.get(OpencastConstants.WFR_URL_ORG_PROPERTY), servicePath)); } catch (URISyntaxException ex) { logger.warn("Organization working file repository URL not set, fallback to server URL"); } } } return URI.create(UrlSupport.concat(serverUrl, servicePath)); }
/** * Create a system user for the given organization with global and organization local admin role. Get the * <code>systemUserName</code> from the global config where it is stored under {@link #PROPERTY_KEY_SYS_USER}. In an * OSGi environment this is typically done calling * <code>componentContext.getBundleContext().getProperty(PROPERTY_KEY_SYS_USER)</code>. * * @see #createSystemUser(org.osgi.service.component.ComponentContext, org.opencastproject.security.api.Organization) */ public static User createSystemUser(String systemUserName, Organization org) { JaxbOrganization jaxbOrganization = JaxbOrganization.fromOrganization(org); return new JaxbUser(systemUserName, null, jaxbOrganization, new JaxbRole(GLOBAL_ADMIN_ROLE, jaxbOrganization), new JaxbRole(org.getAdminRole(), jaxbOrganization)); }
/** * {@inheritDoc} * * @see org.opencastproject.security.api.UserProvider#getOrganization() */ @Override public String getOrganization() { return organization.getId(); }
tx = em.getTransaction(); tx.begin(); JpaOrganization organizationEntity = getOrganizationEntity(org.getId(), em); if (organizationEntity == null) { JpaOrganization organization = new JpaOrganization(org.getId(), org.getName(), org.getServers(), org.getAdminRole(), org.getAnonymousRole(), org.getProperties()); em.persist(organization); } else { organizationEntity.setName(org.getName()); organizationEntity.setAdminRole(org.getAdminRole()); organizationEntity.setAnonymousRole(org.getAnonymousRole()); for (Map.Entry<String, Integer> servers : org.getServers().entrySet()) { organizationEntity.addServer(servers.getKey(), servers.getValue()); organizationEntity.setServers(org.getServers()); organizationEntity.setProperties(org.getProperties()); em.merge(organizationEntity);
/** * Check if the current user has access to the capture agent with the given id. * @param agentId * The agent id to check. * @throws UnauthorizedException * If the user doesn't have access. */ public static void checkAgentAccess(final SecurityService securityService, final String agentId) throws UnauthorizedException { if (isBlank(agentId)) { return; } final User user = securityService.getUser(); if (user.hasRole(SecurityConstants.GLOBAL_ADMIN_ROLE) || user.hasRole(user.getOrganization().getAdminRole())) { return; } if (!user.hasRole(SecurityUtil.getCaptureAgentRole(agentId))) { throw new UnauthorizedException(user, "schedule"); } }
/** * {@inheritDoc} * * @see java.lang.Object#equals(java.lang.Object) */ @Override public boolean equals(Object obj) { if (!(obj instanceof Organization)) return false; return ((Organization) obj).getId().equals(id); }
@Override public boolean equals(Object obj) { if (!(obj instanceof Organization)) return false; return ((Organization) obj).getId().equals(id); }
/** * {@inheritDoc} * * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, * javax.servlet.FilterChain) */ @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { // Make sure we have an organization Organization org = securityService.getOrganization(); if (org == null) { ((HttpServletResponse) response).sendError(HttpServletResponse.SC_NOT_FOUND); return; } // Get a hold of the security filter for that organization Filter filter = orgSecurityFilters.get(org.getId()); if (filter == null) { ((HttpServletResponse) response).sendError(HttpServletResponse.SC_FORBIDDEN); return; } filter.doFilter(request, response, chain); } }
public SecurityContext(SecurityService sec, Organization org, User user) { if (ne(org, user.getOrganization())) { throw new IllegalArgumentException("User is not a member of organization " + org.getId()); } this.sec = sec; this.user = user; this.org = org; }
@GET @Path("config.json") @Produces(MediaType.APPLICATION_JSON) @RestQuery(name = "configJson", description = "Paella configuration", reponses = { @RestResponse(description = "Returns the paella configuration", responseCode = HttpServletResponse.SC_OK) }, returnDescription = "") public String getMyInfo() throws IOException { // Add the current user's organizational information Organization org = securityService.getOrganization(); File configFile = new File(PathSupport.concat(new String[] { paellaConfigFolder, org.getId(), "config.json" })); return FileUtils.readFileToString(configFile, "UTF-8"); } }
/** * Adds the organization to the list of organizations. * * @param organization * the organization */ public void addOrganization(Organization organization) { boolean contains = persistence.containsOrganization(organization.getId()); if (contains) throw new IllegalStateException("Can not add an organization with id '" + organization.getId() + "' since an organization with that identifier has already been registered"); persistence.storeOrganization(organization); cache.invalidate(); fireOrganizationRegistered(organization); }
this.roles = new HashSet<JaxbRole>(); for (Role role : roles) { if (role.getOrganization() == null || !organization.getId().equals(role.getOrganization().getId())) throw new IllegalArgumentException("Role " + role + " is not from the same organization!");
/** * Constructs a user with the specified username, password, provider and roles. * * @param username * the username * @param password * the password * @param organization * the organization * @param provider * the provider * @param manageable * whether the user is manageable * @param roles * the roles */ public JpaUser(String username, String password, JpaOrganization organization, String provider, boolean manageable, Set<JpaRole> roles) { this(username, password, organization, null, null, provider, manageable); for (Role role : roles) { if (role.getOrganization() == null || !organization.getId().equals(role.getOrganization().getId())) throw new IllegalArgumentException("Role " + role + " is not from the same organization!"); } this.roles = roles; }
/** * Constructs a user with the specified username, name, email, login mechanism, last login date, organization and * roles. * * @param username * the username * @param name * the name * @param email * the email address * @param loginMechanism * the login mechanism * @param lastLogin * the last login date * @param organization * the organization * @param roles * the roles */ public JpaUserReference(String username, String name, String email, String loginMechanism, Date lastLogin, JpaOrganization organization, Set<JpaRole> roles) { this(username, name, email, loginMechanism, lastLogin, organization); for (Role role : roles) { if (role.getOrganization() == null || !organization.getId().equals(role.getOrganization().getId())) throw new IllegalArgumentException("Role " + role + " is not from the same organization!"); } this.roles = roles; }