@Transactional public AccessKey updateAccessKeyFromOAuthGrant(OAuthGrant grant, User user, Date now) { AccessKey existing = find(grant.getAccessKey().getId(), user.getId()); deleteAccessKeyPermissions(existing); if (grant.getAccessType().equals(AccessType.ONLINE)) { Date expirationDate = new Date(now.getTime() + 600000); // the key is valid for 10 minutes existing.setExpirationDate(expirationDate); } else { existing.setExpirationDate(null); } existing.setLabel( String.format( Messages.OAUTH_GRANT_TOKEN_LABEL, grant.getClient().getName(), System.currentTimeMillis())); Set<AccessKeyPermission> permissions = new HashSet<>(); AccessKeyPermission permission = new AccessKeyPermission(); permission.setDomainArray(grant.getClient().getDomain()); permission.setActionsArray(StringUtils.split(grant.getScope(), ' ')); permission.setSubnetsArray(grant.getClient().getSubnet()); permission.setNetworkIds(grant.getNetworkIds()); permissions.add(permission); existing.setPermissions(permissions); AccessKeyProcessor keyProcessor = new AccessKeyProcessor(); String key = keyProcessor.generateKey(); existing.setKey(key); for (AccessKeyPermission current : permissions) { current.setAccessKey(existing); genericDAO.persist(current); } return existing; }
@Transactional public AccessKey create(@NotNull User user, @NotNull AccessKey accessKey) { if (accessKey.getLabel() == null) { throw new IllegalParametersException(Messages.LABEL_IS_REQUIRED); } Optional<AccessKey> akOpt = genericDAO .createNamedQuery( AccessKey.class, "AccessKey.getByUserAndLabel", Optional.<CacheConfig>empty()) .setParameter("userId", user.getId()) .setParameter("label", accessKey.getLabel()) .getResultList() .stream() .findFirst(); if (akOpt.isPresent()) { logger.error("Access key with label {} already exists", accessKey.getLabel()); throw new ActionNotAllowedException(Messages.DUPLICATE_LABEL_FOUND); } if (accessKey.getId() != null) { logger.error("Access key id shouldn't be present in request parameters"); throw new IllegalParametersException(Messages.INVALID_REQUEST_PARAMETERS); } authenticationUtils.validateActions(accessKey); AccessKeyProcessor keyProcessor = new AccessKeyProcessor(); String key = keyProcessor.generateKey(); accessKey.setKey(key); accessKey.setUser(user); genericDAO.persist(accessKey); for (AccessKeyPermission current : accessKey.getPermissions()) { AccessKeyPermission permission = preparePermission(current); permission.setAccessKey(accessKey); genericDAO.persist(permission); } return genericDAO.find(AccessKey.class, accessKey.getId()); }
@Transactional(propagation = Propagation.SUPPORTS) public boolean hasAccessToNetwork(AccessKey accessKey, Network targetNetwork) { Set<AccessKeyPermission> permissions = accessKey.getPermissions(); User user = accessKey.getUser(); boolean hasNullPermission = permissions.stream().anyMatch(perm -> perm.getNetworkIdsAsSet() == null); if (hasNullPermission) { return userService.hasAccessToNetwork(user, targetNetwork); } else { Set<Long> allowedNetworks = permissions .stream() .map(AccessKeyPermission::getNetworkIdsAsSet) .flatMap(Collection::stream) .collect(Collectors.toSet()); user = userService.findUserWithNetworks(user.getId()); return allowedNetworks.contains(targetNetwork.getId()) && (user.isAdmin() || user.getNetworks().contains(targetNetwork)); } }