/** * Previously logged in users may no longer have the same access anymore. Refresh all the logged into users. */ public void refresh() { for (Iterator iter = securityContexts.iterator(); iter.hasNext();) { SecurityContext sc = (SecurityContext) iter.next(); sc.getAuthorizedReadDests().clear(); sc.getAuthorizedWriteDests().clear(); } }
/** * Previously logged in users may no longer have the same access anymore. * Refresh all the logged into users. */ public void refresh() { for (Iterator<SecurityContext> iter = securityContexts.iterator(); iter.hasNext();) { SecurityContext sc = iter.next(); sc.getAuthorizedReadDests().clear(); sc.getAuthorizedWriteDests().clear(); } } }
/** * Previously logged in users may no longer have the same access anymore. * Refresh all the logged into users. */ public void refresh() { for (Iterator<SecurityContext> iter = securityContexts.iterator(); iter.hasNext();) { SecurityContext sc = iter.next(); sc.getAuthorizedReadDests().clear(); sc.getAuthorizedWriteDests().clear(); } }
public boolean handleAci(boolean addition, URI namedGraph, URI acl, URI role, Boolean canRead, Boolean canUpdate, Boolean canDelete, Boolean canInsert, Boolean canRemove, Boolean canChangeAcl) throws BocaException { for (SecurityContext sec : securityContexts) { for (Iterator<String> iter = sec.getPrincipals().iterator(); iter.hasNext();) { String principal = iter.next(); if (principal.equals(role)) { if (canRead) { sec.getAuthorizedReadDests().clear(); sec.getAuthorizedWriteDests().clear(); } } } } return true; }
public boolean handleUserInRole(boolean addition, URI user, URI role) throws BocaException { for (SecurityContext sec : securityContexts) { if (sec.getUserName().equals(user)) { if (addition) { sec.getPrincipals().add(role.toString()); } else { sec.getPrincipals().remove(role.toString()); } sec.getAuthorizedReadDests().clear(); sec.getAuthorizedWriteDests().clear(); } } return true; }
public boolean handleUser(boolean addition, URI user, URI defaultRole, URI defaultAclTemplate, String userId,String password) throws BocaException { SecurityContext sc = userSecurityContextMap.get(user.toString()); if (sc != null) { if (!addition) { Set<ConnectionContext> conns = userConnection.get(sc.getUserName()); if (conns != null) { for (Iterator<ConnectionContext> iter = conns.iterator(); iter.hasNext();) { ConnectionContext con = iter.next(); try { ConnectionError cmd = new ConnectionError(); cmd.setException(new Exception("user removed")); con.getConnection().dispatchSync(cmd); } catch (Exception e) { } if (securityContexts.remove(con.getSecurityContext())) { con.setSecurityContext(null); } } } } else { sc.getAuthorizedReadDests().clear(); sc.getAuthorizedWriteDests().clear(); } } return true; }
public Subscription addConsumer(ConnectionContext context, ConsumerInfo info) throws Exception { final SecurityContext subject = context.getSecurityContext(); if (subject == null) throw new SecurityException("User is not authenticated."); if (info.getDestination().getPhysicalName().equals(Constants.NOTIFICATION_UPDATES_QUEUE)) { if (!subject.getPrincipals().contains(Constants.defaultSystemRole)) { throw new SecurityException("User " + subject.getUserName() + " is not authorized to read from: " + info.getDestination()); } } else if (info.getDestination().getPhysicalName().equals(Constants.NOTIFICATION_CONTROL_QUEUE)) { if (!subject.getPrincipals().contains(Constants.defaultSystemRole)) { throw new SecurityException("User " + subject.getUserName() + " is not authorized to read from: " + info.getDestination()); } } if (info.getDestination().isTemporary() && !((ActiveMQTempDestination) info.getDestination()).getConnectionId().equals(context.getConnectionId().getValue())) { throw new SecurityException("User " + subject.getUserName() + " is not authorized to read from: " + info.getDestination()); } subject.getAuthorizedReadDests().put(info.getDestination(), info.getDestination()); return super.addConsumer(context, info); }
throw new SecurityException("User " + subject.getUserName() + " is not authorized to read from: " + info.getDestination()); subject.getAuthorizedReadDests().put(info.getDestination(), info.getDestination());