public static boolean isConfigurableUserGroupProvider(final Authorizer authorizer) { if (!isManagedAuthorizer(authorizer)) { return false; } final ManagedAuthorizer managedAuthorizer = (ManagedAuthorizer) authorizer; final AccessPolicyProvider accessPolicyProvider = managedAuthorizer.getAccessPolicyProvider(); return accessPolicyProvider.getUserGroupProvider() instanceof ConfigurableUserGroupProvider; }
public static boolean isUserConfigurable(final Authorizer authorizer, final User user) { if (!isConfigurableUserGroupProvider(authorizer)) { return false; } final ManagedAuthorizer managedAuthorizer = (ManagedAuthorizer) authorizer; final ConfigurableUserGroupProvider configurableUserGroupProvider = (ConfigurableUserGroupProvider) managedAuthorizer.getAccessPolicyProvider().getUserGroupProvider(); return configurableUserGroupProvider.isConfigurable(user); }
/** * Gets the groups for the user with the specified identity. Returns null if the authorizer is not able to load user groups. * * @param authorizer the authorizer to load the groups from * @param userIdentity the user identity * @return the listing of groups for the user */ public static Set<String> getUserGroups(final Authorizer authorizer, final String userIdentity) { if (authorizer instanceof ManagedAuthorizer) { final ManagedAuthorizer managedAuthorizer = (ManagedAuthorizer) authorizer; final UserGroupProvider userGroupProvider = managedAuthorizer.getAccessPolicyProvider().getUserGroupProvider(); final UserAndGroups userAndGroups = userGroupProvider.getUserAndGroups(userIdentity); final Set<Group> userGroups = userAndGroups.getGroups(); if (userGroups == null || userGroups.isEmpty()) { return Collections.EMPTY_SET; } else { return userAndGroups.getGroups().stream().map(group -> group.getName()).collect(Collectors.toSet()); } } else { return null; } } }
public static boolean isGroupConfigurable(final Authorizer authorizer, final Group group) { if (!isConfigurableUserGroupProvider(authorizer)) { return false; } final ManagedAuthorizer managedAuthorizer = (ManagedAuthorizer) authorizer; final ConfigurableUserGroupProvider configurableUserGroupProvider = (ConfigurableUserGroupProvider) managedAuthorizer.getAccessPolicyProvider().getUserGroupProvider(); return configurableUserGroupProvider.isConfigurable(group); }
userGroupProvider = accessPolicyProvider.getUserGroupProvider();
@Override public void onConfigured(AuthorizerConfigurationContext configurationContext) throws AuthorizerCreationException { final PropertyValue accessPolicyProviderKey = configurationContext.getProperty("Access Policy Provider"); if (!accessPolicyProviderKey.isSet()) { throw new AuthorizerCreationException("The Access Policy Provider must be set."); } accessPolicyProvider = accessPolicyProviderLookup.getAccessPolicyProvider(accessPolicyProviderKey.getValue()); // ensure the desired access policy provider was found if (accessPolicyProvider == null) { throw new AuthorizerCreationException(String.format("Unable to locate configured Access Policy Provider: %s", accessPolicyProviderKey)); } userGroupProvider = accessPolicyProvider.getUserGroupProvider(); // ensure the desired access policy provider has a user group provider if (userGroupProvider == null) { throw new AuthorizerCreationException(String.format("Configured Access Policy Provider %s does not contain a User Group Provider", accessPolicyProviderKey)); } }
@Override public void onConfigured(AuthorizerConfigurationContext configurationContext) throws AuthorizerCreationException { baseManagedAuthorizer.onConfigured(configurationContext); final AccessPolicyProvider accessPolicyProvider = baseManagedAuthorizer.getAccessPolicyProvider(); final UserGroupProvider userGroupProvider = accessPolicyProvider.getUserGroupProvider(); // ensure that only one policy per resource-action exists for (AccessPolicy accessPolicy : accessPolicyProvider.getAccessPolicies()) { if (policyExists(accessPolicyProvider, accessPolicy)) { throw new AuthorizerCreationException(String.format("Found multiple policies for '%s' with '%s'.", accessPolicy.getResource(), accessPolicy.getAction())); } } // ensure that only one group exists per identity for (User user : userGroupProvider.getUsers()) { if (tenantExists(userGroupProvider, user.getIdentifier(), user.getIdentity())) { throw new AuthorizerCreationException(String.format("Found multiple users/user groups with identity '%s'.", user.getIdentity())); } } // ensure that only one group exists per identity for (Group group : userGroupProvider.getGroups()) { if (tenantExists(userGroupProvider, group.getIdentifier(), group.getName())) { throw new AuthorizerCreationException(String.format("Found multiple users/user groups with name '%s'.", group.getName())); } } }