Exemplo n.º 1
0
  public ResourceState autocreateAce(ResourceResponse createdResourceResponse) {
    ResourceState createdEntries = new DefaultResourceState("createdEntries");

    ResourcePath parentResourcePath = createdResourceResponse.inReplyTo().resourcePath();
    String parentResourceURI = parentResourcePath.toString();
    String createdResourceURI = parentResourceURI + "/" + createdResourceResponse.resource().id();

    List<AutoRuleConfig> autoRules = this.policyConfig.get().getAutoRules();
    autoRules
        .stream()
        .filter(
            (autoRule) -> {
              // We want exact matching (like "/storage/todos"), no support for wildcards for now
              return autoRule.getResourcePath().equals(parentResourceURI);
            })
        .forEach(
            (autoRule) -> {
              ResourceState createdAceState =
                  createACE(
                      createdResourceURI,
                      createdResourceResponse.inReplyTo().requestContext().securityContext(),
                      autoRule);
              createdEntries.addMember(createdAceState);
            });

    return createdEntries;
  }
Exemplo n.º 2
0
  public ResourceState deleteAce(ResourceResponse deletedResourceResponse) {
    ResourceState deletedEntries = new DefaultResourceState("deletedEntries");

    ResourcePath deletedResourcePath = deletedResourceResponse.inReplyTo().resourcePath();

    // Delete all ACE entries for this resource
    DBObject query = new BasicDBObject();
    query.put(ACE_RESOURCE_PATH, deletedResourcePath.toString());
    this.aclCollection.remove(query);

    log.debugf("Deleted ACEs for path: %s", deletedResourcePath);
    return deletedEntries;
  }
Exemplo n.º 3
0
  public AuthzDecision isAuthorized(RequestContext req) {
    RequestType reqType = req.requestType();
    ResourcePath resourcePath = req.resourcePath();
    SecurityContext securityContext = req.securityContext();

    BasicDBObject query = new BasicDBObject();
    query.put(ACE_REALM, securityContext.getRealm());
    query.put(ACE_RESOURCE_PATH, resourcePath.toString());
    query.put(ACE_ACTIONS, reqType.toString());

    // Pass if we find rule for either "userId" or some of his roles
    List<DBObject> userRolesCondition = new LinkedList<>();
    userRolesCondition.add(new BasicDBObject(ACE_USER_ID, securityContext.getSubject()));
    if (securityContext.getRoles() != null) {
      for (String role : securityContext.getRoles()) {
        userRolesCondition.add(new BasicDBObject(ACE_ROLE_NAME, role));
      }
    }
    query.put("$or", userRolesCondition);

    if (log.isTraceEnabled()) {
      log.trace("Sending ACE query: " + query);
    }

    DBCursor results = this.aclCollection.find(query);

    AuthzDecision decision = AuthzDecision.IGNORE;
    for (DBObject result : results) {
      boolean currentDec = (Boolean) result.get(ACE_PERMITTED);

      // For now, always merge. No rule priorities...
      AuthzDecision currentDecision = currentDec ? AuthzDecision.ACCEPT : AuthzDecision.REJECT;
      decision = decision.mergeDecision(currentDecision);

      if (log.isTraceEnabled()) {
        log.trace("Found result: " + result);
      }
    }
    return decision;
  }
Exemplo n.º 4
0
 protected ResourceState resource(String endpoint, Object[] properties, ResourceState... members)
     throws URISyntaxException {
   ResourcePath path = new ResourcePath(endpoint);
   return resource(path.tail().toString(), path.parent().toString(), properties, members);
 }