/**
   * Check if the current user is allowed to access the requested resource.
   *
   * @param httpRequest
   * @throws AccessDeniedException If the request is not allowed considering the resource
   *     permissions.
   */
  public boolean isAllowed(HttpServletRequest httpRequest) throws AccessDeniedException {
    final String requestURI = httpRequest.getRequestURI();

    Set<Entry<String, String[]>> entrySet = this.roleProtectedResources.entrySet();

    for (Entry<String, String[]> entry : entrySet) {
      if (matches(entry.getKey(), requestURI)) {
        Identity identity = getIdentity();

        if (!identity.isLoggedIn()) {
          return false;
        } else {

          String[] roles = entry.getValue();

          for (String roleName : roles) {
            IdentityManager identityManager = getIdentityManager();

            Role role = BasicModel.getRole(identityManager, roleName.trim());

            if (role == null) {
              throw new IllegalStateException(
                  "The specified role does not exists [" + role + "]. Check your configuration.");
            }

            if (!BasicModel.hasRole(getRelationshipManager(), identity.getAccount(), role)) {
              return false;
            }
          }
        }
      }
    }

    return true;
  }
  @Test
  public void testRemove() throws Exception {
    IdentityManager identityManager = getIdentityManager();

    Agent someAgent = createIdentityType();
    Agent anotherAgent = createAgent("someAnotherAgent");

    identityManager.remove(someAgent);

    Agent removedUserInstance = getAgent(someAgent.getLoginName());

    assertNull(removedUserInstance);

    anotherAgent = getAgent(anotherAgent.getLoginName());

    assertNotNull(anotherAgent);

    Role role = createRole("role");
    Group group = createGroup("group", null);

    RelationshipManager relationshipManager = getPartitionManager().createRelationshipManager();

    BasicModel.grantRole(relationshipManager, anotherAgent, role);
    BasicModel.addToGroup(relationshipManager, anotherAgent, group);

    RelationshipQuery<?> relationshipQuery =
        relationshipManager.createRelationshipQuery(Grant.class);

    relationshipQuery.setParameter(Grant.ASSIGNEE, anotherAgent);

    assertFalse(relationshipQuery.getResultList().isEmpty());

    relationshipQuery = relationshipManager.createRelationshipQuery(GroupMembership.class);

    relationshipQuery.setParameter(GroupMembership.MEMBER, anotherAgent);

    assertFalse(relationshipQuery.getResultList().isEmpty());

    identityManager.remove(anotherAgent);

    relationshipQuery = relationshipManager.createRelationshipQuery(Grant.class);

    relationshipQuery.setParameter(Grant.ASSIGNEE, anotherAgent);

    assertTrue(relationshipQuery.getResultList().isEmpty());

    relationshipQuery = relationshipManager.createRelationshipQuery(GroupMembership.class);

    relationshipQuery.setParameter(GroupMembership.MEMBER, anotherAgent);

    assertTrue(relationshipQuery.getResultList().isEmpty());
  }
  public boolean isAdmin() {
    if (isUserLoggedIn()) {
      IdentityManager identityManager = getIdentityManager();
      RelationshipManager relationshipManager = getRelationshipManager();

      return BasicModel.hasRole(
          relationshipManager,
          identity.getAccount(),
          BasicModel.getRole(identityManager, "Administrator"));
    }

    return false;
  }
  /** Loads some users during the <b>first</b> construction. */
  @PostConstruct
  public void create() {

    this.identityManager = partitionManager.createIdentityManager();
    this.relationshipManager = partitionManager.createRelationshipManager();

    final String DEFAULT_PASSWORD = "******";
    final String DEFAULT_DEVELOPER = "developer";
    final String DEFAULT_ADMIN = "admin";

    User developerUser = BasicModel.getUser(identityManager, DEFAULT_DEVELOPER);

    // We only create the Developer user, if there is none;
    // if present, there is also no need to add the same 'Developer' user again.
    if (developerUser == null) {
      developerUser = new User(DEFAULT_DEVELOPER);
      identityManager.add(developerUser);

      Calendar calendar = expirationDate();
      Password password = new Password(DEFAULT_PASSWORD.toCharArray());

      identityManager.updateCredential(developerUser, password, new Date(), calendar.getTime());

      Role roleDeveloper = new Role(UserRoles.DEVELOPER);

      identityManager.add(roleDeveloper);

      grantRoles(developerUser, roleDeveloper);
    }

    // Temp hack to add user with admin rights
    User adminUser = BasicModel.getUser(identityManager, DEFAULT_ADMIN);

    // We only create the Admin user, if there is none;
    // if present, there is also no need to apply the same 'Admin' user again.
    if (adminUser == null) {
      adminUser = new User(DEFAULT_ADMIN);
      identityManager.add(adminUser);

      Calendar calendar = expirationDate();
      Password password = new Password(DEFAULT_PASSWORD.toCharArray());

      identityManager.updateCredential(adminUser, password, new Date(), calendar.getTime());

      Role roleAdmin = new Role(UserRoles.ADMIN);

      identityManager.add(roleAdmin);

      grantRoles(adminUser, roleAdmin);
    }
  }
  @Override
  public void updateCredential(UserCredentialModel cred) {
    if (!provider.getSupportedCredentialTypes(delegate).contains(cred.getType())) {
      delegate.updateCredential(cred);
      return;
    }
    IdentityManager identityManager = provider.getIdentityManager();

    try {
      User picketlinkUser = BasicModel.getUser(identityManager, getUsername());
      if (picketlinkUser == null) {
        logger.debugf("User '%s' doesn't exists. Skip password update", getUsername());
        throw new IllegalStateException("User doesn't exist in LDAP storage");
      }
      if (cred.getType().equals(UserCredentialModel.PASSWORD)) {
        identityManager.updateCredential(
            picketlinkUser, new Password(cred.getValue().toCharArray()));
      } else if (cred.getType().equals(UserCredentialModel.TOTP)) {
        TOTPCredential credential = new TOTPCredential(cred.getValue());
        credential.setDevice(cred.getDevice());
        identityManager.updateCredential(picketlinkUser, credential);
      }
    } catch (IdentityManagementException ie) {
      throw new ModelException(ie);
    }
  }
  public boolean hasRole(String roleName) {
    Account account = getIdentity().getAccount();
    Role role = getRole(this.identityManager.get(), roleName);

    if (role == null) return false;

    return BasicModel.hasRole(this.relationshipManager.get(), account, role);
  }
Example #7
0
 public static boolean removeUser(PartitionManager partitionManager, String username) {
   IdentityManager idmManager = getIdentityManager(partitionManager);
   User picketlinkUser = BasicModel.getUser(idmManager, username);
   if (picketlinkUser == null) {
     return false;
   }
   idmManager.remove(picketlinkUser);
   return true;
 }
Example #8
0
 public static User updateUser(
     PartitionManager partitionManager,
     String username,
     String firstName,
     String lastName,
     String email) {
   IdentityManager idmManager = getIdentityManager(partitionManager);
   User picketlinkUser = BasicModel.getUser(idmManager, username);
   picketlinkUser.setFirstName(firstName);
   picketlinkUser.setLastName(lastName);
   picketlinkUser.setEmail(email);
   idmManager.update(picketlinkUser);
   return picketlinkUser;
 }
  @Override
  public void setFirstName(String first) {
    IdentityManager identityManager = provider.getIdentityManager();

    try {
      User picketlinkUser = BasicModel.getUser(identityManager, delegate.getUsername());
      if (picketlinkUser == null) {
        throw new IllegalStateException("User not found in LDAP storage!");
      }
      picketlinkUser.setFirstName(first);
      identityManager.update(picketlinkUser);
    } catch (IdentityManagementException ie) {
      throw new ModelException(ie);
    }
    delegate.setFirstName(first);
  }
Example #10
0
  public static User addUser(
      PartitionManager partitionManager,
      String username,
      String firstName,
      String lastName,
      String email) {
    IdentityManager identityManager = getIdentityManager(partitionManager);

    if (BasicModel.getUser(identityManager, username) != null) {
      throw new ModelDuplicateException("User with same username already exists");
    }
    if (getUserByEmail(identityManager, email) != null) {
      throw new ModelDuplicateException("User with same email already exists");
    }

    User picketlinkUser = new User(username);
    picketlinkUser.setFirstName(firstName);
    picketlinkUser.setLastName(lastName);
    picketlinkUser.setEmail(email);
    picketlinkUser.setAttribute(
        new Attribute("fullName", getFullName(username, firstName, lastName)));
    identityManager.add(picketlinkUser);
    return picketlinkUser;
  }
 private void grantRoles(User user, Role role) {
   BasicModel.grantRole(relationshipManager, user, role);
 }
Example #12
0
 public static User getUser(PartitionManager partitionManager, String username) {
   IdentityManager idmManager = getIdentityManager(partitionManager);
   return BasicModel.getUser(idmManager, username);
 }