public AccessPolicy getAccessPolicy(final String resourceIdentifier, final RequestAction action) { if (resourceIdentifier == null) { throw new IllegalArgumentException("Resource Identifier cannot be null"); } final Set<AccessPolicy> resourcePolicies = policiesByResource.get(resourceIdentifier); if (resourcePolicies == null) { return null; } for (AccessPolicy accessPolicy : resourcePolicies) { if (accessPolicy.getAction() == action) { return accessPolicy; } } return null; }
@Override public AccessPolicy getAccessPolicy(String resourceIdentifier, RequestAction action) { return policies.stream() .filter(policy -> policy.getResource().equals(resourceIdentifier) && policy.getAction().equals(action)) .findFirst().orElse(null); }
private AccessPolicy findAccessPolicy(final RequestAction requestAction, final String resource) { return accessPolicyProvider.getAccessPolicies().stream() .filter(policy -> policy.getAction().equals(requestAction) && policy.getResource().equals(resource)) .findFirst() .orElse(null); }
/** * Formats the name of the specified policy. * * @param policy policy * @return formatted name */ private String formatPolicyName(final AccessPolicy policy) { return policy.getAction().toString() + " " + policy.getResource(); }
private void writePolicy(final XMLStreamWriter writer, final AccessPolicy policy) throws XMLStreamException { // sort the users for the policy List<String> policyUsers = new ArrayList<>(policy.getUsers()); Collections.sort(policyUsers); // sort the groups for this policy List<String> policyGroups = new ArrayList<>(policy.getGroups()); Collections.sort(policyGroups); writer.writeStartElement(POLICY_ELEMENT); writer.writeAttribute(IDENTIFIER_ATTR, policy.getIdentifier()); writer.writeAttribute(RESOURCE_ATTR, policy.getResource()); writer.writeAttribute(ACTIONS_ATTR, policy.getAction().name()); for (String policyUser : policyUsers) { writer.writeStartElement(POLICY_USER_ELEMENT); writer.writeAttribute(IDENTIFIER_ATTR, policyUser); writer.writeEndElement(); } for (String policyGroup : policyGroups) { writer.writeStartElement(POLICY_GROUP_ELEMENT); writer.writeAttribute(IDENTIFIER_ATTR, policyGroup); writer.writeEndElement(); } writer.writeEndElement(); }
private void writePolicy(final XMLStreamWriter writer, final AccessPolicy policy) throws XMLStreamException { // sort the users for the policy List<String> policyUsers = new ArrayList<>(policy.getUsers()); Collections.sort(policyUsers); // sort the groups for this policy List<String> policyGroups = new ArrayList<>(policy.getGroups()); Collections.sort(policyGroups); writer.writeStartElement(POLICY_ELEMENT); writer.writeAttribute(IDENTIFIER_ATTR, policy.getIdentifier()); writer.writeAttribute(RESOURCE_ATTR, policy.getResource()); writer.writeAttribute(ACTIONS_ATTR, policy.getAction().name()); for (String policyUser : policyUsers) { writer.writeStartElement(POLICY_USER_ELEMENT); writer.writeAttribute(IDENTIFIER_ATTR, policyUser); writer.writeEndElement(); } for (String policyGroup : policyGroups) { writer.writeStartElement(POLICY_GROUP_ELEMENT); writer.writeAttribute(IDENTIFIER_ATTR, policyGroup); writer.writeEndElement(); } writer.writeEndElement(); }
/** * Initializes the builder with the state of the provided policy. When using this constructor * the identifier field of the builder can not be changed and will result in an IllegalStateException * if attempting to do so. * * @param other the existing access policy to initialize from */ public Builder(final AccessPolicy other) { if (other == null) { throw new IllegalArgumentException("Can not initialize builder with a null access policy"); } this.identifier = other.getIdentifier(); this.resource = other.getResource(); this.action = other.getAction(); this.users.clear(); this.users.addAll(other.getUsers()); this.groups.clear(); this.groups.addAll(other.getGroups()); this.fromPolicy = true; }
/** * Checks if another policy exists with the same resource and action as the given policy. * * @param checkAccessPolicy an access policy being checked * @return true if another access policy exists with the same resource and action, false otherwise */ private static boolean policyExists(final AccessPolicyProvider accessPolicyProvider, final AccessPolicy checkAccessPolicy) { for (AccessPolicy accessPolicy : accessPolicyProvider.getAccessPolicies()) { if (!accessPolicy.getIdentifier().equals(checkAccessPolicy.getIdentifier()) && accessPolicy.getResource().equals(checkAccessPolicy.getResource()) && accessPolicy.getAction().equals(checkAccessPolicy.getAction())) { return true; } } return false; }
@Override public String toString() { return String.format("identifier[%s], resource[%s], users[%s], groups[%s], action[%s]", getIdentifier(), getResource(), getUsers(), getGroups(), getAction()); }
@Override public AccessPolicy updateAccessPolicy(final AccessPolicyDTO accessPolicyDTO) { if (supportsConfigurableAuthorizer()) { final ConfigurableAccessPolicyProvider configurableAccessPolicyProvider = (ConfigurableAccessPolicyProvider) accessPolicyProvider; final AccessPolicy currentAccessPolicy = getAccessPolicy(accessPolicyDTO.getId()); return configurableAccessPolicyProvider.updateAccessPolicy(buildAccessPolicy(currentAccessPolicy.getIdentifier(), currentAccessPolicy.getResource(), currentAccessPolicy.getAction(), accessPolicyDTO)); } else { throw new IllegalStateException(MSG_NON_CONFIGURABLE_POLICIES); } }
final AccessPolicyDTO cloneAccessPolicy = new AccessPolicyDTO(); cloneAccessPolicy.setId(generateId(accessPolicy.getIdentifier(), idGenerationSeed, true)); cloneAccessPolicy.setAction(accessPolicy.getAction().toString()); cloneAccessPolicy.setResource(cloneResource.getIdentifier());
private Policy createJAXBPolicy(final AccessPolicy accessPolicy) { final Policy policy = new Policy(); policy.setIdentifier(accessPolicy.getIdentifier()); policy.setResource(accessPolicy.getResource()); switch (accessPolicy.getAction()) { case READ: policy.setAction(READ_CODE); break; case WRITE: policy.setAction(WRITE_CODE); break; default: break; } transferUsersAndGroups(accessPolicy, policy); return policy; }
public AccessPolicySummaryDTO createAccessPolicySummaryDto(final AccessPolicy accessPolicy, final ComponentReferenceEntity componentReference) { if (accessPolicy == null) { return null; } final AccessPolicySummaryDTO dto = new AccessPolicySummaryDTO(); dto.setId(accessPolicy.getIdentifier()); dto.setResource(accessPolicy.getResource()); dto.setAction(accessPolicy.getAction().toString()); dto.setConfigurable(AuthorizerCapabilityDetection.isAccessPolicyConfigurable(authorizer, accessPolicy)); dto.setComponentReference(componentReference); return dto; }
@Override public void onConfigured(AuthorizerConfigurationContext configurationContext) throws AuthorizerCreationException { baseManagedAuthorizer.onConfigured(configurationContext); final AccessPolicyProvider accessPolicyProvider = baseManagedAuthorizer.getAccessPolicyProvider(); final UserGroupProvider userGroupProvider = accessPolicyProvider.getUserGroupProvider(); // ensure that only one policy per resource-action exists for (AccessPolicy accessPolicy : accessPolicyProvider.getAccessPolicies()) { if (policyExists(accessPolicyProvider, accessPolicy)) { throw new AuthorizerCreationException(String.format("Found multiple policies for '%s' with '%s'.", accessPolicy.getResource(), accessPolicy.getAction())); } } // ensure that only one group exists per identity for (User user : userGroupProvider.getUsers()) { if (tenantExists(userGroupProvider, user.getIdentifier(), user.getIdentity())) { throw new AuthorizerCreationException(String.format("Found multiple users/user groups with identity '%s'.", user.getIdentity())); } } // ensure that only one group exists per identity for (Group group : userGroupProvider.getGroups()) { if (tenantExists(userGroupProvider, group.getIdentifier(), group.getName())) { throw new AuthorizerCreationException(String.format("Found multiple users/user groups with name '%s'.", group.getName())); } } }
public AccessPolicyDTO createAccessPolicyDto(final AccessPolicy accessPolicy, final Set<TenantEntity> userGroups, final Set<TenantEntity> users, final ComponentReferenceEntity componentReference) { if (accessPolicy == null) { return null; } final AccessPolicyDTO dto = new AccessPolicyDTO(); dto.setUserGroups(userGroups); dto.setUsers(users); dto.setId(accessPolicy.getIdentifier()); dto.setResource(accessPolicy.getResource()); dto.setAction(accessPolicy.getAction().toString()); dto.setConfigurable(AuthorizerCapabilityDetection.isAccessPolicyConfigurable(authorizer, accessPolicy)); dto.setComponentReference(componentReference); return dto; }
@Override public AccessPolicy getAccessPolicy(String resourceIdentifier, RequestAction action) { return policies.stream() .filter(policy -> policy.getResource().equals(resourceIdentifier) && policy.getAction().equals(action)) .findFirst().orElse(null); }