* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.collectionspace.services.authorization.generator;
+package org.collectionspace.services.authorization.importer;
import java.io.File;
import org.slf4j.Logger;
import java.util.UUID;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.Marshaller;
+import org.collectionspace.services.authorization.AccountRole;
import org.collectionspace.services.authorization.ActionType;
import org.collectionspace.services.authorization.Permission;
import org.collectionspace.services.authorization.EffectType;
import org.collectionspace.services.authorization.PermissionValue;
import org.collectionspace.services.authorization.PermissionsList;
import org.collectionspace.services.authorization.PermissionsRolesList;
+import org.collectionspace.services.authorization.Role;
import org.collectionspace.services.authorization.RoleValue;
import org.collectionspace.services.authorization.SubjectType;
import org.collectionspace.services.common.config.TenantBindingConfigReaderImpl;
import org.collectionspace.services.common.tenant.TenantBindingType;
/**
- *
+ * AuthorizationGen generates authorizations (permissions and roles)
+ * for tenant services
* @author
*/
public class AuthorizationGen {
private Hashtable<String, TenantBindingType> tenantBindings =
new Hashtable<String, TenantBindingType>();
- public void initialize(String tenantBindingFile) throws Exception {
+ public void initialize(String tenantBindingFileName) throws Exception {
TenantBindingConfigReaderImpl tenantBindingConfigReader =
new TenantBindingConfigReaderImpl(null);
- tenantBindingConfigReader.read(tenantBindingFile);
+ tenantBindingConfigReader.read(tenantBindingFileName);
tenantBindings = tenantBindingConfigReader.getTenantBindings();
+ if (logger.isDebugEnabled()) {
+ logger.debug("initialized with tenant bindings from " + tenantBindingFileName);
+ }
}
+
public void createDefaultServicePermissions() {
for (String tenantId : tenantBindings.keySet()) {
List<Permission> perms = createDefaultServicePermissions(tenantId);
}
+
private Permission buildCommonPermission(String tenantId, String resourceName) {
String id = UUID.randomUUID().toString();
Permission perm = new Permission();
pcList.setPermissions(permList);
toFile(pcList, PermissionsList.class,
fileName);
- logger.info("exported permissions to " + fileName);
+ if (logger.isDebugEnabled()) {
+ logger.debug("exported permissions to " + fileName);
+ }
}
public void exportPermissionRoles(String fileName) {
psrsl.setPermissionRoles(permRoleList);
toFile(psrsl, PermissionsRolesList.class,
fileName);
- logger.info("exported permissions-roles to " + fileName);
+ if (logger.isDebugEnabled()) {
+ logger.debug("exported permissions-roles to " + fileName);
+ }
}
private void toFile(Object o, Class jaxbClass, String fileName) {
--- /dev/null
+/**
+ * This document is a part of the source code and related artifacts
+ * for CollectionSpace, an open source collections management system
+ * for museums and related institutions:
+
+ * http://www.collectionspace.org
+ * http://wiki.collectionspace.org
+
+ * Copyright 2009 University of California at Berkeley
+
+ * Licensed under the Educational Community License (ECL), Version 2.0.
+ * You may not use this file except in compliance with this License.
+
+ * You may obtain a copy of the ECL 2.0 License at
+
+ * https://source.collectionspace.org/collection-space/LICENSE.txt
+
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.collectionspace.services.authorization.importer;
+
+import java.io.FileInputStream;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.List;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.Unmarshaller;
+import org.collectionspace.services.authorization.ActionType;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.collectionspace.services.authorization.AuthZ;
+import org.collectionspace.services.authorization.CSpaceAction;
+import org.collectionspace.services.authorization.Permission;
+import org.collectionspace.services.authorization.PermissionAction;
+import org.collectionspace.services.authorization.PermissionException;
+import org.collectionspace.services.authorization.PermissionRole;
+import org.collectionspace.services.authorization.PermissionsList;
+import org.collectionspace.services.authorization.PermissionsRolesList;
+import org.collectionspace.services.authorization.RoleValue;
+import org.collectionspace.services.authorization.URIResourceImpl;
+
+/**
+ * AuthorizationSeed seeds authorizations (permission, role) into authz provider database
+ * @author
+ */
+public class AuthorizationSeed {
+
+ final Logger logger = LoggerFactory.getLogger(AuthorizationSeed.class);
+
+
+ /**
+ * seedPermissions seed permissions from given files
+ * @param permFileName permisison file name
+ * @param permRoleFileName permission role file name
+ * @throws Exception
+ */
+ public void seedPermissions(String permFileName, String permRoleFileName) throws Exception {
+ PermissionsList permList =
+ (PermissionsList) fromFile(PermissionsList.class,
+ permFileName);
+ if (logger.isDebugEnabled()) {
+ logger.debug("read permissions from " + permFileName);
+ }
+ PermissionsRolesList permRoleList =
+ (PermissionsRolesList) fromFile(PermissionsRolesList.class,
+ permRoleFileName);
+ if (logger.isDebugEnabled()) {
+ logger.debug("read permissions-roles from " + permRoleFileName);
+ }
+
+ seedPermissions(permList, permRoleList);
+ }
+
+ /**
+ * seedPermissions seed permissions from given permisison and permission role lists
+ * @param permList
+ * @param permRoleList
+ * @throws Exception
+ */
+ public void seedPermissions(PermissionsList permList, PermissionsRolesList permRoleList)
+ throws Exception {
+ for (Permission p : permList.getPermissions()) {
+ if (logger.isDebugEnabled()) {
+ logger.debug("adding permission for res=" + p.getResourceName());
+ }
+ for (PermissionRole pr : permRoleList.getPermissionRoles()) {
+ if (pr.getPermissions().get(0).getPermissionId().equals(p.getCsid())) {
+ addPermissionsForUri(p, pr);
+ }
+ }
+ }
+ }
+
+ /**
+ * addPermissionsForUri add permissions from given permission configuration
+ * with assumption that resource is of type URI
+ * @param permission configuration
+ */
+ private void addPermissionsForUri(Permission perm,
+ PermissionRole permRole) throws PermissionException {
+ List<String> principals = new ArrayList<String>();
+ if (!perm.getCsid().equals(permRole.getPermissions().get(0).getPermissionId())) {
+ throw new IllegalArgumentException("permission ids do not"
+ + " match for role=" + permRole.getRoles().get(0).getRoleName()
+ + " with permissionId=" + permRole.getPermissions().get(0).getPermissionId()
+ + " for permission with csid=" + perm.getCsid());
+ }
+ for (RoleValue roleValue : permRole.getRoles()) {
+ principals.add(roleValue.getRoleName());
+ }
+ List<PermissionAction> permActions = perm.getActions();
+ for (PermissionAction permAction : permActions) {
+ CSpaceAction action = getAction(permAction.getName());
+ URIResourceImpl uriRes = new URIResourceImpl(perm.getTenantId(),
+ perm.getResourceName(), action);
+ AuthZ.get().addPermissions(uriRes, principals.toArray(new String[0]));
+ }
+ }
+
+ /**
+ * getAction is a convenience method to get corresponding action for
+ * given ActionType
+ * @param action
+ * @return
+ */
+ private CSpaceAction getAction(ActionType action) {
+ if (ActionType.CREATE.equals(action)) {
+ return CSpaceAction.CREATE;
+ } else if (ActionType.READ.equals(action)) {
+ return CSpaceAction.READ;
+ } else if (ActionType.UPDATE.equals(action)) {
+ return CSpaceAction.UPDATE;
+ } else if (ActionType.DELETE.equals(action)) {
+ return CSpaceAction.DELETE;
+ } else if (ActionType.SEARCH.equals(action)) {
+ return CSpaceAction.SEARCH;
+ } else if (ActionType.ADMIN.equals(action)) {
+ return CSpaceAction.ADMIN;
+ } else if (ActionType.START.equals(action)) {
+ return CSpaceAction.START;
+ } else if (ActionType.STOP.equals(action)) {
+ return CSpaceAction.STOP;
+ }
+ throw new IllegalArgumentException("action = " + action.toString());
+ }
+
+ static Object fromFile(Class jaxbClass, String fileName) throws Exception {
+ InputStream is = new FileInputStream(fileName);
+ try {
+ JAXBContext context = JAXBContext.newInstance(jaxbClass);
+ Unmarshaller unmarshaller = context.createUnmarshaller();
+ //note: setting schema to null will turn validator off
+ unmarshaller.setSchema(null);
+ return jaxbClass.cast(unmarshaller.unmarshal(is));
+ } finally {
+ if (is != null) {
+ try {
+ is.close();
+ } catch (Exception e) {
+ }
+ }
+ }
+ }
+}
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>d517250a-91a8-4b19-b1a4-75ad56d3012a</permissionId>
+ <permissionId>05afcbb5-42f2-4d93-a2c8-aaaed450c306</permissionId>
<resourceName>collectionobjects</resourceName>
</permission>
<role>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>eb155cad-cfac-4bcd-bdb3-34c8406bb6c7</permissionId>
+ <permissionId>4891efb7-91c8-45f8-920e-ffc86e17b3da</permissionId>
<resourceName>intakes</resourceName>
</permission>
<role>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>04383c28-f9d0-4628-bd8d-90c07963630d</permissionId>
+ <permissionId>20e8c44d-103c-4b1d-bee0-80e13c02d472</permissionId>
<resourceName>loansin</resourceName>
</permission>
<role>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>1280b13b-0e02-4c11-955d-5151ac15cb16</permissionId>
+ <permissionId>544cfaee-455f-4daa-a037-c4b0907bbf20</permissionId>
<resourceName>loansout</resourceName>
</permission>
<role>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>86ed3672-c338-4537-893d-69bbef22ea7e</permissionId>
+ <permissionId>f16f4cd8-62ba-4a43-932f-38521f0fa18d</permissionId>
<resourceName>movements</resourceName>
</permission>
<role>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>293a5a00-e2ca-49f9-9f52-6cefbceae1a7</permissionId>
+ <permissionId>a20baf6b-d476-4106-a836-1b600bf669f8</permissionId>
<resourceName>vocabularies</resourceName>
</permission>
<role>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>1c1152e4-2e7b-4744-bf86-8c47f62f6b2a</permissionId>
+ <permissionId>779a0b7e-27eb-4621-8920-588c296e12ee</permissionId>
<resourceName>vocabularyitems</resourceName>
</permission>
<role>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>29e217f7-d1a0-463b-9f3e-1804be23f127</permissionId>
+ <permissionId>2d873988-7339-42ad-b432-ebb77df34910</permissionId>
<resourceName>orgauthorities</resourceName>
</permission>
<role>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>34197256-031f-4218-bb8d-c02a9d202986</permissionId>
+ <permissionId>d0623091-4e67-45ae-8aff-8e91d51cf49a</permissionId>
<resourceName>organizations</resourceName>
</permission>
<role>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>d327da0e-da21-4716-a01c-47ad828ec2b4</permissionId>
+ <permissionId>3d4824f9-1f98-436d-a7bb-3a24e972e8e4</permissionId>
<resourceName>personauthorities</resourceName>
</permission>
<role>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>d2746267-4ade-4e12-8dc4-11ee151c7f2e</permissionId>
+ <permissionId>d5119e61-b858-413c-a756-8effa0b390b4</permissionId>
<resourceName>persons</resourceName>
</permission>
<role>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>5dcbce71-bc19-4da0-8072-d994c8854007</permissionId>
+ <permissionId>467a5287-f758-4300-9cb4-ed3a1ad36aee</permissionId>
<resourceName>acquisitions</resourceName>
</permission>
<role>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>a2cd134f-c418-4c9c-8a85-bb530a97cea8</permissionId>
+ <permissionId>0745fb96-cf8d-4cfa-93ed-9b3d078e206e</permissionId>
<resourceName>relations</resourceName>
</permission>
<role>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>bfd8768d-64bc-47b7-9193-edfb5fc17884</permissionId>
+ <permissionId>cc931e6c-dde9-41fa-be84-ae14329f6845</permissionId>
<resourceName>accounts</resourceName>
</permission>
<role>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>eb77d422-5019-470f-9670-b62bcd8eb9be</permissionId>
+ <permissionId>abfdb597-6432-42d8-9b82-93d520c5275a</permissionId>
<resourceName>dimensions</resourceName>
</permission>
<role>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>c66becf5-0670-4e6f-83be-283ca28b9220</permissionId>
+ <permissionId>766015d1-5fff-4bc7-ba1c-1d17b71a47fe</permissionId>
<resourceName>contacts</resourceName>
</permission>
<role>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>9ce72e7a-dded-4b92-b0c1-3333e117a152</permissionId>
+ <permissionId>f3269b91-2a01-4ddc-9f50-b29ddd1775ee</permissionId>
<resourceName>authorization/roles</resourceName>
</permission>
<role>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>407df950-207a-4490-a122-61ab43984956</permissionId>
+ <permissionId>a00b8aa8-8965-4d8f-811f-51962310336a</permissionId>
<resourceName>authorization/permissions</resourceName>
</permission>
<role>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>5e16a57f-8c6d-4c93-b167-85c2c7881f02</permissionId>
+ <permissionId>983be9bf-f016-4673-8ada-ace546dd3254</permissionId>
<resourceName>authorization/permroles</resourceName>
</permission>
<role>
<permissionRole>
<subject>ROLE</subject>
<permission>
- <permissionId>d1a3663a-645b-4ac4-86b8-c6ecd05e1e12</permissionId>
+ <permissionId>1e73718d-c646-485a-a017-eb17eeb3aba2</permissionId>
<resourceName>accounts/accountroles</resourceName>
</permission>
<role>
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ns2:permissions_list xmlns:ns2="http://collectionspace.org/services/authorization">
- <permission csid="d517250a-91a8-4b19-b1a4-75ad56d3012a">
+ <permission csid="05afcbb5-42f2-4d93-a2c8-aaaed450c306">
<resourceName>collectionobjects</resourceName>
<action>
<name>CREATE</name>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
</permission>
- <permission csid="eb155cad-cfac-4bcd-bdb3-34c8406bb6c7">
+ <permission csid="4891efb7-91c8-45f8-920e-ffc86e17b3da">
<resourceName>intakes</resourceName>
<action>
<name>CREATE</name>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
</permission>
- <permission csid="04383c28-f9d0-4628-bd8d-90c07963630d">
+ <permission csid="20e8c44d-103c-4b1d-bee0-80e13c02d472">
<resourceName>loansin</resourceName>
<action>
<name>CREATE</name>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
</permission>
- <permission csid="1280b13b-0e02-4c11-955d-5151ac15cb16">
+ <permission csid="544cfaee-455f-4daa-a037-c4b0907bbf20">
<resourceName>loansout</resourceName>
<action>
<name>CREATE</name>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
</permission>
- <permission csid="86ed3672-c338-4537-893d-69bbef22ea7e">
+ <permission csid="f16f4cd8-62ba-4a43-932f-38521f0fa18d">
<resourceName>movements</resourceName>
<action>
<name>CREATE</name>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
</permission>
- <permission csid="293a5a00-e2ca-49f9-9f52-6cefbceae1a7">
+ <permission csid="a20baf6b-d476-4106-a836-1b600bf669f8">
<resourceName>vocabularies</resourceName>
<action>
<name>CREATE</name>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
</permission>
- <permission csid="1c1152e4-2e7b-4744-bf86-8c47f62f6b2a">
+ <permission csid="779a0b7e-27eb-4621-8920-588c296e12ee">
<resourceName>vocabularyitems</resourceName>
<action>
<name>CREATE</name>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
</permission>
- <permission csid="29e217f7-d1a0-463b-9f3e-1804be23f127">
+ <permission csid="2d873988-7339-42ad-b432-ebb77df34910">
<resourceName>orgauthorities</resourceName>
<action>
<name>CREATE</name>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
</permission>
- <permission csid="34197256-031f-4218-bb8d-c02a9d202986">
+ <permission csid="d0623091-4e67-45ae-8aff-8e91d51cf49a">
<resourceName>organizations</resourceName>
<action>
<name>CREATE</name>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
</permission>
- <permission csid="d327da0e-da21-4716-a01c-47ad828ec2b4">
+ <permission csid="3d4824f9-1f98-436d-a7bb-3a24e972e8e4">
<resourceName>personauthorities</resourceName>
<action>
<name>CREATE</name>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
</permission>
- <permission csid="d2746267-4ade-4e12-8dc4-11ee151c7f2e">
+ <permission csid="d5119e61-b858-413c-a756-8effa0b390b4">
<resourceName>persons</resourceName>
<action>
<name>CREATE</name>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
</permission>
- <permission csid="5dcbce71-bc19-4da0-8072-d994c8854007">
+ <permission csid="467a5287-f758-4300-9cb4-ed3a1ad36aee">
<resourceName>acquisitions</resourceName>
<action>
<name>CREATE</name>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
</permission>
- <permission csid="a2cd134f-c418-4c9c-8a85-bb530a97cea8">
+ <permission csid="0745fb96-cf8d-4cfa-93ed-9b3d078e206e">
<resourceName>relations</resourceName>
<action>
<name>CREATE</name>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
</permission>
- <permission csid="bfd8768d-64bc-47b7-9193-edfb5fc17884">
+ <permission csid="cc931e6c-dde9-41fa-be84-ae14329f6845">
<resourceName>accounts</resourceName>
<action>
<name>CREATE</name>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
</permission>
- <permission csid="eb77d422-5019-470f-9670-b62bcd8eb9be">
+ <permission csid="abfdb597-6432-42d8-9b82-93d520c5275a">
<resourceName>dimensions</resourceName>
<action>
<name>CREATE</name>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
</permission>
- <permission csid="c66becf5-0670-4e6f-83be-283ca28b9220">
+ <permission csid="766015d1-5fff-4bc7-ba1c-1d17b71a47fe">
<resourceName>contacts</resourceName>
<action>
<name>CREATE</name>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
</permission>
- <permission csid="9ce72e7a-dded-4b92-b0c1-3333e117a152">
+ <permission csid="f3269b91-2a01-4ddc-9f50-b29ddd1775ee">
<resourceName>authorization/roles</resourceName>
<action>
<name>CREATE</name>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
</permission>
- <permission csid="407df950-207a-4490-a122-61ab43984956">
+ <permission csid="a00b8aa8-8965-4d8f-811f-51962310336a">
<resourceName>authorization/permissions</resourceName>
<action>
<name>CREATE</name>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
</permission>
- <permission csid="5e16a57f-8c6d-4c93-b167-85c2c7881f02">
+ <permission csid="983be9bf-f016-4673-8ada-ace546dd3254">
<resourceName>authorization/permroles</resourceName>
<action>
<name>CREATE</name>
<effect>PERMIT</effect>
<tenant_id>1</tenant_id>
</permission>
- <permission csid="d1a3663a-645b-4ac4-86b8-c6ecd05e1e12">
+ <permission csid="1e73718d-c646-485a-a017-eb17eeb3aba2">
<resourceName>accounts/accountroles</resourceName>
<action>
<name>CREATE</name>
}
- static Object fromFile(Class jaxbClass, String fileName) throws Exception {
- InputStream is = new FileInputStream(fileName);
- try {
- JAXBContext context = JAXBContext.newInstance(jaxbClass);
- Unmarshaller unmarshaller = context.createUnmarshaller();
- //note: setting schema to null will turn validator off
- unmarshaller.setSchema(null);
- return jaxbClass.cast(unmarshaller.unmarshal(is));
- } finally {
- if (is != null) {
- try {
- is.close();
- } catch (Exception e) {
- }
- }
- }
- }
-
@Test(dataProvider = "testName", dataProviderClass = AbstractAuthorizationTestImpl.class)
public void test(String testName) {
*/
package org.collectionspace.services.authorization.importer;
-//import java.util.ArrayList;
-//import java.util.List;
import java.io.File;
-import org.collectionspace.services.authorization.generator.AuthorizationGen;
-import java.util.ArrayList;
-import java.util.List;
-import org.collectionspace.services.authorization.ActionType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-//import org.collectionspace.services.client.test.BaseServiceTest;
-import org.collectionspace.services.authorization.AuthZ;
-import org.collectionspace.services.authorization.CSpaceAction;
-import org.collectionspace.services.authorization.Permission;
-import org.collectionspace.services.authorization.PermissionAction;
-import org.collectionspace.services.authorization.PermissionException;
-import org.collectionspace.services.authorization.PermissionRole;
-import org.collectionspace.services.authorization.PermissionsList;
-import org.collectionspace.services.authorization.PermissionsRolesList;
-import org.collectionspace.services.authorization.RoleValue;
-import org.collectionspace.services.authorization.URIResourceImpl;
import org.springframework.transaction.TransactionStatus;
import org.testng.annotations.BeforeClass;
@BeforeClass(alwaysRun = true)
public void seedData() {
setup();
- TransactionStatus status = beginTransaction("seedData");
+ TransactionStatus status = null;
try {
AuthorizationGen authzGen = new AuthorizationGen();
String tenantBindingFile = getTenantBindingFile();
String exportDir = getExportDir();
authzGen.exportPermissions(exportDir + PERMISSION_FILE);
authzGen.exportPermissionRoles(exportDir + PERMISSION_ROLE_FILE);
- seedRoles();
- seedPermissions();
+ if (logger.isDebugEnabled()) {
+ logger.debug("authroization generation completed ");
+ }
+ status = beginTransaction("seedData");
+ AuthorizationSeed authzSeed = new AuthorizationSeed();
+ String importDir = getImportDir();
+ authzSeed.seedPermissions(importDir + PERMISSION_FILE,
+ importDir + PERMISSION_ROLE_FILE);
+ if (logger.isDebugEnabled()) {
+ logger.debug("authroization seeding completed ");
+ }
} catch (Exception ex) {
- rollbackTransaction(status);
- ex.printStackTrace();
- throw new RuntimeException(ex);
- }
- commitTransaction(status);
- }
-
- public void seedRoles() throws Exception {
- //Should this test really be empty?
- }
-
- public void seedPermissions() throws Exception {
- String importDir = getImportDir();
- PermissionsList pcList =
- (PermissionsList) fromFile(PermissionsList.class,
- importDir + PERMISSION_FILE);
- logger.info("read permissions from "
- + importDir + PERMISSION_FILE);
- PermissionsRolesList pcrList =
- (PermissionsRolesList) fromFile(PermissionsRolesList.class,
- importDir + PERMISSION_ROLE_FILE);
- logger.info("read permissions-roles from "
- + importDir + PERMISSION_ROLE_FILE);
- AuthZ authZ = AuthZ.get();
- for (Permission p : pcList.getPermissions()) {
+ if (status != null) {
+ rollbackTransaction(status);
+ }
if (logger.isDebugEnabled()) {
- logger.debug("adding permission for res=" + p.getResourceName());
+ ex.printStackTrace();
}
- for (PermissionRole pr : pcrList.getPermissionRoles()) {
- if (pr.getPermissions().get(0).getPermissionId().equals(p.getCsid())) {
- addPermissionsForUri(p, pr);
- }
+ throw new RuntimeException(ex);
+ } finally {
+ if (status != null) {
+ commitTransaction(status);
}
}
}
- /**
- * addPermissionsForUri add permissions from given permission configuration
- * with assumption that resource is of type URI
- * @param permission configuration
- */
- //FIXME this method should be in the restful web service resource of authz
- private void addPermissionsForUri(Permission perm,
- PermissionRole permRole) throws PermissionException {
- List<String> principals = new ArrayList<String>();
- if (!perm.getCsid().equals(permRole.getPermissions().get(0).getPermissionId())) {
- throw new IllegalArgumentException("permission ids do not"
- + " match for role=" + permRole.getRoles().get(0).getRoleName()
- + " with permissionId=" + permRole.getPermissions().get(0).getPermissionId()
- + " for permission with csid=" + perm.getCsid());
- }
- for (RoleValue roleValue : permRole.getRoles()) {
- principals.add(roleValue.getRoleName());
- }
- List<PermissionAction> permActions = perm.getActions();
- for (PermissionAction permAction : permActions) {
- CSpaceAction action = getAction(permAction.getName());
- URIResourceImpl uriRes = new URIResourceImpl(perm.getTenantId(),
- perm.getResourceName(), action);
- AuthZ.get().addPermissions(uriRes, principals.toArray(new String[0]));
- }
- }
-
- /**
- * getAction is a convenience method to get corresponding action for
- * given ActionType
- * @param action
- * @return
- */
- private CSpaceAction getAction(ActionType action) {
- if (ActionType.CREATE.equals(action)) {
- return CSpaceAction.CREATE;
- } else if (ActionType.READ.equals(action)) {
- return CSpaceAction.READ;
- } else if (ActionType.UPDATE.equals(action)) {
- return CSpaceAction.UPDATE;
- } else if (ActionType.DELETE.equals(action)) {
- return CSpaceAction.DELETE;
- } else if (ActionType.SEARCH.equals(action)) {
- return CSpaceAction.SEARCH;
- } else if (ActionType.ADMIN.equals(action)) {
- return CSpaceAction.ADMIN;
- } else if (ActionType.START.equals(action)) {
- return CSpaceAction.START;
- } else if (ActionType.STOP.equals(action)) {
- return CSpaceAction.STOP;
- }
- throw new IllegalArgumentException("action = " + action.toString());
- }
-
private String getTenantBindingFile() {
String tenantBindingFile = System.getProperty("tenantbindings");
if (tenantBindingFile == null || tenantBindingFile.isEmpty()) {
projects / tmp / jakarta-migration.git / commitdiff