com.oberasoftware.jasdb.api.security.UserSession.getUser java code examples

Add the Codota plugin to your IDE and get smart completions

private void myMethod () {
 FileOutputStream f =File file;new FileOutputStream(file)
String name;new FileOutputStream(name)
File file;new FileOutputStream(file, true)
Smart code suggestions by Tabnine
}

private boolean checkGrantHierarchy(String objectName, UserSession userSession, AccessMode objectMode) throws JasDBStorageException {
  String userName = userSession.getUser().getUsername();
  LOG.debug("Checking grant hierarchy for: {} for user: {}", objectName, userName);
  //check root read access
  StringBuilder currentPath = new StringBuilder();
  currentPath.append(Constants.OBJECT_SEPARATOR);
  AccessMode grantedMode = getGrantedMode(currentPath.toString(), userSession);
  LOG.debug("Root access mode: {} for user: {}", grantedMode, userName);
  grantedMode = grantedMode == null ? AccessMode.NONE : grantedMode;
  String[] pathElements = objectName.replaceFirst(Constants.OBJECT_SEPARATOR, "").split(Constants.OBJECT_SEPARATOR);
  for(String pathElement : pathElements) {
    currentPath.append(pathElement);
    AccessMode mode = getGrantedMode(currentPath.toString(), userSession);
    if(mode != null) {
      grantedMode = mode;
      if(mode == AccessMode.NONE) {
        break;
      }
    }
    currentPath.append(Constants.OBJECT_SEPARATOR);
  }
  LOG.debug("Grant level: {} for path: {}", grantedMode, currentPath.toString());
  boolean granted = grantedMode != null ? grantedMode.getRank() >= objectMode.getRank() : false;
  return granted;
}

private AccessMode getGrantedMode(String objectName, UserSession userSession) throws JasDBStorageException {
  StatRecord getGrantRecord = StatisticsMonitor.createRecord("auth:grant:check");
  try {
    String username = userSession.getUser().getUsername();
    if(cachedGrants.containsKey(objectName)) {
      return verifyGrantMode(cachedGrants.get(objectName), username);
    } else {
      GrantObject objectGrantObject = getMutableGrantObject(userSession, objectName);
      if(objectGrantObject != null) {
        cachedGrants.put(objectName, objectGrantObject);
        return verifyGrantMode(objectGrantObject, username);
      } else {
        return null;
      }
    }
  } finally {
    getGrantRecord.stop();
  }
}

private void checkToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
  try {
    String token = httpServletRequest.getHeader("oauth_token");
    String sessionId = httpServletRequest.getHeader("sessionid");
    LOG.debug("Token: {} for session: {}", token, sessionId);
    if(StringUtils.stringNotEmpty(token) && StringUtils.stringNotEmpty(sessionId)) {
      UserSession session = sessionManager.getSession(sessionId);
      if(session != null) {
        CryptoEngine cryptoEngine = CryptoFactory.getEngine();
        String expectedTokenHash = cryptoEngine.hash(sessionId, token);
        if (expectedTokenHash.equals(session.getAccessToken())) {
          httpServletRequest.setAttribute("session", new UserSessionImpl(sessionId, token, session.getEncryptedContentKey(), session.getUser()));
          filterChain.doFilter(httpServletRequest, httpServletResponse);
        } else {
          handleErrorResponse(httpServletResponse, UNAUTHORIZED_CODE, "Invalid token");
        }
      } else {
        handleErrorResponse(httpServletResponse, UNAUTHORIZED_CODE, "Invalid token");
      }
    } else {
      handleErrorResponse(httpServletResponse, UNAUTHORIZED_CODE, "No token");
    }
  } catch(JasDBStorageException e) {
    LOG.error("Unknown error happened when processing token", e);
    handleErrorResponse(httpServletResponse, 500, "Unknown error");
  }
}

@Override
public void authorize(UserSession userSession, String object, AccessMode mode) throws JasDBStorageException {
  StatRecord authRecord = StatisticsMonitor.createRecord("auth:object");
  try {
    if(userSession != null) {
      String userName = userSession.getUser().getUsername();
      boolean granted = checkGrantHierarchy(object, userSession, mode);
      LOG.debug("User: {} is privileged: {} on object: {}", userName, granted, object);
      if(!granted) {
        throw new JasDBSecurityException("User: " + userName + " has insufficient privileges on object: " + object);
      }
    } else {
      throw new JasDBSecurityException("Unable to authorize user, no session");
    }
  } finally {
    authRecord.stop();
  }
}

public SecureUserSession(UserSession userSession) {
  this.sessionId = userSession.getSessionId();
  this.user = userSession.getUser();
  this.encryptedContentKey = userSession.getEncryptedContentKey();
  try {
    CryptoEngine cryptoEngine = CryptoFactory.getEngine();
    accessTokenHash = cryptoEngine.hash(sessionId, userSession.getAccessToken());
  } catch(JasDBSecurityException e) {
    throw new RuntimeJasDBException("Unable to hash token", e);
  }
}

@Override
public User addUser(UserSession currentSession, String userName, String allowedHost, String password) throws JasDBStorageException {
  authorize(currentSession, "/Users", AccessMode.WRITE);
  User currentUser = currentSession.getUser();
  CryptoEngine cryptoEngine = CryptoFactory.getEngine();
  String contentKey = cryptoEngine.decrypt(currentUser.getPasswordSalt(), currentSession.getAccessToken(), currentSession.getEncryptedContentKey());
  return credentialsProvider.addUser(userName, allowedHost, contentKey, password);
}

private GrantObject decrypt(UserSession session, EncryptedGrants encryptedGrants) throws JasDBStorageException {
  CryptoEngine contentCryptoEngine = CryptoFactory.getEngine();
  String contentKey = contentCryptoEngine.decrypt(session.getUser().getPasswordSalt(), session.getAccessToken(), session.getEncryptedContentKey());
  CryptoEngine cryptoEngine = CryptoFactory.getEngine(encryptedGrants.getEncryptionEngine());
  String decryptedData = cryptoEngine.decrypt(encryptedGrants.getSalt(), contentKey, encryptedGrants.getEncryptedData());
  return GrantObjectMeta.fromEntity(SimpleEntity.fromJson(decryptedData));
}

private EncryptedGrants encryptGrants(GrantObject grantObject, UserSession userSession) throws JasDBStorageException {
  CryptoEngine cryptoEngine = CryptoFactory.getEngine();
  String contentKey = CryptoFactory.getEngine().decrypt(userSession.getUser().getPasswordSalt(), userSession.getAccessToken(), userSession.getEncryptedContentKey());
  String salt = cryptoEngine.generateSalt();
  String unencryptedData = SimpleEntity.toJson(GrantObjectMeta.toEntity(grantObject));
  String encryptedData = cryptoEngine.encrypt(salt, contentKey, unencryptedData);
  return new EncryptedGrants(grantObject.getObjectName(), encryptedData, salt, cryptoEngine.getDescriptor());
}

Popular methods of UserSession

Popular in Java

Start an intent from android
scheduleAtFixedRate (Timer)
runOnUiThread (Activity)
getExternalFilesDir (Context)
BorderLayout (java.awt)
A border layout lays out a container, arranging and resizing its components to fit in five regions:
BigInteger (java.math)
An immutable arbitrary-precision signed integer.FAST CRYPTOGRAPHY This implementation is efficient f
Locale (java.util)
Locale represents a language/country/variant combination. Locales are used to alter the presentatio
ResourceBundle (java.util)
ResourceBundle is an abstract class which is the superclass of classes which provide Locale-specifi
JList (javax.swing)
Logger (org.apache.log4j)
This is the central class in the log4j package. Most logging operations, except configuration, are d
Top 15 Vim Plugins

How to use getUsermethodin com.oberasoftware.jasdb.api.security.UserSession

Best Java code snippets using com.oberasoftware.jasdb.api.security.UserSession.getUser (Showing top 8 results out of 315)

How to use
getUser
method
in
com.oberasoftware.jasdb.api.security.UserSession