return authnContext.getTenantIds();
}
+ public String getCurrentTenantId() {
+ return authnContext.getCurrentTenantId();
+ }
+
+ public String getCurrentTenantName() {
+ return authnContext.getCurrentTenantName();
+ }
+
/**
* getTenants returns tenants associated with user
* @see CSpaceTenant
* limitations under the License.
.
*/
-
package org.collectionspace.authentication.spi;
import javax.security.auth.Subject;
* @return
*/
public abstract String getUserId();
-
+
/**
* getTenantIds get tenant ids from the tenant context associated with the
* security context
*/
public abstract String[] getTenantIds();
+ /**
+ * getCurrentTenantId get id of the tenant associated with the authenticated user
+ * @return
+ */
+ public abstract String getCurrentTenantId();
+
+ /**
+ * getCurrentTenantName get name of the tenant associated with the authenticated user
+ * @return
+ */
+ public abstract String getCurrentTenantName();
/**
* getTenants get tenant context associated with the security context
*/
public abstract CSpaceTenant[] getTenants();
-
/**
* getSubject retrieves security context as Subject
* @see javax.security.auth.Subject
ArrayList<String> tenantList = new ArrayList<String>();
CSpaceTenant[] tenants = getTenants();
- for(CSpaceTenant tenant : tenants) {
+ for (CSpaceTenant tenant : tenants) {
tenantList.add(tenant.getId());
}
return tenantList.toArray(new String[0]);
}
+ @Override
+ public String getCurrentTenantId() {
+ //FIXME assumption in 1.0: each user is associated with a single tenant
+ String[] tenantIds = getTenantIds();
+ if (tenantIds.length < 1) {
+ throw new IllegalStateException("No tenant associated with user=" + getUserId());
+ }
+ return getTenantIds()[0];
+ }
+
public CSpaceTenant[] getTenants() {
List<CSpaceTenant> tenants = new ArrayList<CSpaceTenant>();
Subject caller = getSubject();
return tenants.toArray(new CSpaceTenant[0]);
}
+ @Override
+ public String getCurrentTenantName() {
+ //FIXME assumption in 1.0: each user is associated with a single tenant
+ CSpaceTenant[] tenants = getTenants();
+ if (tenants.length < 1) {
+ throw new IllegalStateException("No tenant associated with user=" + getUserId());
+ }
+ return getTenants()[0].getName();
+ }
+
public Subject getSubject() {
Subject caller = null;
//if Spring was not used....
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.collectionspace.services</groupId>
+ <artifactId>org.collectionspace.services.authentication.service</artifactId>
+ <version>${project.version}</version>
+ <scope>provided</scope>
+ </dependency>
<dependency>
<groupId>org.collectionspace.services</groupId>
<artifactId>org.collectionspace.services.authorization.jaxb</artifactId>
</plugin>
</plugins>
</build>
-</project>
\ No newline at end of file
+</project>
}
/**
- * addPermissions add permissions from given permission configuration
+ * addUriPermissions add permissions from given permission configuration
+ * with assumption that resource is of type URI
* @param permission configuration
*/
//FIXME this method should be in the restful web service resource of authz
- public void addPermissions(Permission perm,
+ public void addUriPermissions(Permission perm,
PermissionRole permRole) throws PermissionException {
List<String> principals = new ArrayList<String>();
if (!perm.getCsid().equals(permRole.getPermissions().get(0).getPermissionId())) {
}
List<PermissionAction> permActions = perm.getActions();
for (PermissionAction permAction : permActions) {
- URIResourceImpl uriRes = new URIResourceImpl(perm.getResourceName(),
+ URIResourceImpl uriRes = new URIResourceImpl(perm.getTenantId(),
+ perm.getResourceName(),
permAction.getName());
addPermission(uriRes, principals.toArray(new String[0]));
}
*/
public boolean isAccessAllowed(CSpaceResource res) {
CSpaceAction action = res.getAction();
- return isAccessAllowed(res, action);
- }
-
- /**
- * isAccessAllowed check if authenticated principal is allowed to access
- * given resource per given permission
- * @param res
- * @param perm
- * @return
- */
- public boolean isAccessAllowed(CSpaceResource res, CSpaceAction action) {
return provider.getPermissionEvaluator().hasPermission(res, action);
}
}
OBJECT,
ATTRIBUTE
}
+
+ /**
+ * getId get tenant-qualified id of this resource
+ * @return
+ */
public String getId();
+ /**
+ * getType get type of the resource
+ */
public TYPE getType();
+ /**
+ * getTenantId get the id of the tenant to which this resource is associated
+ * @return
+ */
+ public String getTenantId();
+
/**
* getAction is a conveneniece method to get corresponding action to be invoked
* on the resource for which permission is sought
*/
package org.collectionspace.services.authorization;
+import org.collectionspace.authentication.AuthN;
+
/**
* CSpaceResourceImpl abstract resource implementation
* @author
*/
public abstract class CSpaceResourceImpl implements CSpaceResource {
+ final protected static String SEPARATOR_HASH = "#";
+ final protected static String SEPARATOR_COLON = ":";
private String id;
private TYPE type;
+ private CSpaceAction action;
+ private String tenantId;
+
+ private CSpaceResourceImpl() {
+ }
- public CSpaceResourceImpl() {
+ /**
+ * constructor that uses logged in user's tenant context to associate resource with
+ * @param id
+ * @param action
+ * @param type
+ */
+ public CSpaceResourceImpl(String id, CSpaceAction action, TYPE type) {
+ setup(id, action, type);
+ tenantId = AuthN.get().getCurrentTenantId();
}
- public CSpaceResourceImpl(String id, TYPE type) {
- if (id == null || id.isEmpty() || type == null) {
- throw new IllegalArgumentException("id and/or type cannot be null or empty");
+ /**
+ * constructor that uses given tenant id to associate the resource with
+ * @param tenantId
+ * @param id
+ * @param action
+ * @param type
+ */
+ public CSpaceResourceImpl(String tenantId, String id, CSpaceAction action, TYPE type) {
+ setup(id, action, type);
+ if (tenantId == null) {
+ throw new IllegalArgumentException("tenantId cannot be null");
+ }
+ this.tenantId = tenantId;
+ }
+
+ private void setup(String id, CSpaceAction action, TYPE type) {
+ if (id == null || id.isEmpty()) {
+ throw new IllegalArgumentException("id cannot be null or empty");
}
this.id = id;
+ if (type == null) {
+ throw new IllegalArgumentException("type cannot be null");
+ }
+ this.action = action;
+ if (action == null) {
+ throw new IllegalArgumentException("action cannot be null");
+ }
this.type = type;
}
@Override
public String getId() {
- return id;
+ //tenant-qualified id
+ return tenantId + SEPARATOR_COLON + id;
}
@Override
}
@Override
- public abstract CSpaceAction getAction();
+ public String getTenantId() {
+ return tenantId;
+ }
+
+ /**
+ * getAction a convenience method to get action invoked on the resource
+ */
+ @Override
+ public CSpaceAction getAction() {
+ return action;
+ }
@Override
public String toString() {
builder.append(id);
builder.append(", type=");
builder.append(type);
+ builder.append(", tenantId=");
+ builder.append(tenantId);
+ builder.append(", action=");
+ builder.append(action.toString());
builder.append("]");
return builder.toString();
}
-
-
}
* https://source.collectionspace.org/collection-space/LICENSE.txt
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *//**
- * This document is a part of the source code and related artifacts
- * for CollectionSpace, an open source collections management system
- * for museums and related institutions:
-
- * http://www.collectionspace.org
- * http://wiki.collectionspace.org
-
- * Copyright 2009 University of California at Berkeley
-
- * Licensed under the Educational Community License (ECL), Version 2.0.
- * You may not use this file except in compliance with this License.
-
- * You may obtain a copy of the ECL 2.0 License at
-
- * https://source.collectionspace.org/collection-space/LICENSE.txt
-
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
private String uri;
private String method;
- private CSpaceAction action;
/**
* constructor that is usually called from service runtime
+ * uses current tenant id from the context
* @param uri
* @param method an http method
*/
public URIResourceImpl(String uri, String method) {
- super(getParent(uri) + "#" + getAction(method).toString(), TYPE.URI);
- action = getAction(method);
+ super(buildId(getParent(uri), getAction(method)),
+ getAction(method), TYPE.URI);
+ this.uri = uri;
+ this.method = method;
+ }
+
+ /**
+ * constructor that is usually called from service runtime
+ * @param tenantId id of the tenant to which this resource is associated
+ * @param uri
+ * @param method an http method
+ */
+ public URIResourceImpl(String tenantId, String uri, String method) {
+ super(tenantId, buildId(getParent(uri), getAction(method)),
+ getAction(method), TYPE.URI);
this.uri = uri;
this.method = method;
}
/**
* constructor that is usually called from administrative interface
+ * uses current tenant id from the context
* @param resourceName
* @param actionType
*/
public URIResourceImpl(String resourceName, ActionType actionType) {
//FIXME more validation might be needed
- super(resourceName + "#" + getAction(actionType).toString(), TYPE.URI);
- action = getAction(actionType);
+ super(buildId(resourceName, getAction(actionType)),
+ getAction(actionType), TYPE.URI);
}
/**
- * @return the uri
+ * constructor that is usually called from administrative interface
+ * @param tenantId id of the tenant to which this resource is associated
+ * @param resourceName
+ * @param actionType
*/
- public String getUri() {
- return uri;
+ public URIResourceImpl(String tenantId, String resourceName, ActionType actionType) {
+ super(tenantId, buildId(resourceName, getAction(actionType)),
+ getAction(actionType), TYPE.URI);
}
/**
- * @param uri the uri to set
+ * @return the uri
*/
- public void setUri(String uri) {
- this.uri = uri;
+ public String getUri() {
+ return uri;
}
/**
return method;
}
- /**
- * @param method the method to set
- */
- public void setMethod(String method) {
- this.method = method;
- }
-
- /**
- * getAction a convenience method to get action invoked on the resource
- */
- @Override
- public CSpaceAction getAction() {
- return action;
+ private static String buildId(String resourceName, CSpaceAction action) {
+ return resourceName + SEPARATOR_HASH + action.toString();
}
private static String getParent(String uri) {
public String toString() {
StringBuilder builder = new StringBuilder();
builder.append("URIResourceImpl [");
- builder.append("action=");
- builder.append(action);
builder.append(", method=");
builder.append(method);
builder.append(", uri=");
builder.append("]");
return builder.toString() + " " + super.toString();
}
-
-
}
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
- *//**
- * This document is a part of the source code and related artifacts
- * for CollectionSpace, an open source collections management system
- * for museums and related institutions:
-
- * http://www.collectionspace.org
- * http://wiki.collectionspace.org
-
- * Copyright 2009 University of California at Berkeley
-
- * Licensed under the Educational Community License (ECL), Version 2.0.
- * You may not use this file except in compliance with this License.
-
- * You may obtain a copy of the ECL 2.0 License at
-
- * https://source.collectionspace.org/collection-space/LICENSE.txt
-
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * To change this template, choose Tools | Templates
- * and open the template in the editor.
*/
package org.collectionspace.services.authorization.spring;
}
static ObjectIdentity mapResource(CSpaceResource res) {
- return new ObjectIdentityImpl(res.getType().toString(), Long.valueOf(res.getId().hashCode()));
+ return new ObjectIdentityImpl(res.getType().toString(),
+ Long.valueOf(res.getId().hashCode()));
}
static Sid[] mapPrincipal(String[] principals) {
perm.setCsid(id);
perm.setResourceName(resourceName);
perm.setEffect(EffectType.PERMIT);
-
+ perm.setTenantId("1");
ArrayList<PermissionAction> pas = new ArrayList<PermissionAction>();
perm.setActions(pas);
rv2.setRoleId("2");
roleValues.add(rv2);
pr.setRoles(roleValues);
-
+
return pr;
}
* https://source.collectionspace.org/collection-space/LICENSE.txt
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *//**
- * This document is a part of the source code and related artifacts
- * for CollectionSpace, an open source collections management system
- * for museums and related institutions:
-
- * http://www.collectionspace.org
- * http://wiki.collectionspace.org
-
- * Copyright 2009 University of California at Berkeley
-
- * Licensed under the Educational Community License (ECL), Version 2.0.
- * You may not use this file except in compliance with this License.
-
- * You may obtain a copy of the ECL 2.0 License at
-
- * https://source.collectionspace.org/collection-space/LICENSE.txt
-
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
}
for (PermissionRole pr : pcrList.getPermissionRoles()) {
if (pr.getPermissions().get(0).getPermissionId().equals(p.getCsid())) {
- authZ.addPermissions(p, pr);
+ authZ.addUriPermissions(p, pr);
}
}
}
<name>DELETE</name>
</action>
<effect>PERMIT</effect>
+ <tenant_id>1</tenant_id>
</permission>
<permission csid="2">
<resourceName>collectionobjects</resourceName>
<name>DELETE</name>
</action>
<effect>PERMIT</effect>
+ <tenant_id>1</tenant_id>
</permission>
</ns2:permissions_list>
final Logger logger = LoggerFactory.getLogger(SecurityContextImpl.class);
private String userId;
- private CSpaceTenant[] tenants = new CSpaceTenant[0];
- private String[] tenantIds = new String[0];
+ private String currentTenantName;
+ private String currentTenantId;
public SecurityContextImpl() {
userId = AuthN.get().getUserId();
- tenantIds = AuthN.get().getTenantIds();
- tenants = AuthN.get().getTenants();
+ currentTenantId = AuthN.get().getCurrentTenantId();
+ currentTenantName = AuthN.get().getCurrentTenantName();
}
@Override
@Override
public String getCurrentTenantId() {
- return tenantIds[0];
+ return currentTenantId;
}
@Override
public String getCurrentTenantName() {
- return tenants[0].getName();
+ return currentTenantName;
}
}
projects / tmp / jakarta-migration.git / commitdiff