/**
* Clear the role authorizations from database
*
* @param role
* @param userName
* @throws AppFactoryException
*/
private void clearRoleAuthorization(String role, String userName) throws AppFactoryException {
boolean errorOccurred = false;
// get base access urls from appfactory.xml
Map<String, String> baseAccessURLs = AppFactoryUtil.getBaseAccessURLs();
if (baseAccessURLs.isEmpty()) {
String msg = "Could not find any remote server URLs configured for cloud environments.";
log.error(msg);
throw new AppFactoryException(msg);
}
for (Map.Entry entry : baseAccessURLs.entrySet()) {
String stage = (String) entry.getKey();
try {
// construct remote service url based on base access url
String remoteServiceURL = (String) entry.getValue();
if (!remoteServiceURL.endsWith("/")) {
remoteServiceURL += "/services/";
} else {
remoteServiceURL += "services/";
}
// create remote authorization management client and authenticate with mutual auth.
RemoteAuthorizationMgtClient authorizationMgtClient =
new RemoteAuthorizationMgtClient(remoteServiceURL);
AppFactoryUtil.setAuthHeaders(
authorizationMgtClient.getStub()._getServiceClient(), userName);
try {
authorizationMgtClient.clearAllRoleAuthorization(role);
} catch (Exception e) {
String errorMsg = "Failed to clear authorization for role:" + role + " on stage:" + stage;
log.error(errorMsg);
if (log.isDebugEnabled()) {
log.debug(errorMsg, e);
}
errorOccurred = true;
// continue to other permissions and throw generic exception at the end of flow.
}
} catch (Exception e) {
String errorMsg = "Failed to clear role:" + role + " on stage:" + stage;
log.error(errorMsg);
if (log.isDebugEnabled()) {
log.debug(errorMsg, e);
}
errorOccurred = true;
// continue to other stages and throw generic exception at the end of flow.
}
}
if (errorOccurred) {
throw new AppFactoryException("Failed to clear role:" + role);
}
}
/**
* Authorize given role with given set of permissions
*
* @param role - role name
* @param userName - authorized user to authorize roles
* @param permissions - set of permissions
* @throws AppFactoryException if remote exceptions or user store exceptions occurred.
*/
private void authorizeRole(String role, String userName, Permission[] permissions)
throws AppFactoryException {
boolean errorOccurred = false;
// get base access urls from appfactory.xml
Map<String, String> baseAccessURLs = AppFactoryUtil.getBaseAccessURLs();
if (baseAccessURLs.isEmpty()) {
String msg = "Could not find any remote server URLs configured for cloud environments.";
log.error(msg);
throw new AppFactoryException(msg);
}
for (Map.Entry entry : baseAccessURLs.entrySet()) {
String stage = (String) entry.getKey();
try {
// construct remote service url based on base access url
String remoteServiceURL = (String) entry.getValue();
// create remote authorization management client and authenticate with mutual auth.
RemoteAuthorizationMgtClient authorizationMgtClient =
new RemoteAuthorizationMgtClient(remoteServiceURL);
AppFactoryUtil.setAuthHeaders(
authorizationMgtClient.getStub()._getServiceClient(), userName);
for (Permission permission : permissions) {
try {
authorizationMgtClient.authorizeRole(
role, permission.getResourceId(), permission.getAction());
} catch (Exception e) {
String errorMsg =
"Failed to authorize role:"
+ role
+ " ,permission:"
+ permission.getResourceId()
+ " ,action:"
+ permission.getAction()
+ " on stage:"
+ stage;
log.error(errorMsg, e);
errorOccurred = true;
// continue to other permissions and throw generic exception at the end of flow.
}
}
} catch (Exception e) {
String errorMsg = "Failed to authorize role:" + role + " on stage:" + stage;
log.error(errorMsg, e);
errorOccurred = true;
// continue to other stages and throw generic exception at the end of flow.
}
}
if (errorOccurred) {
throw new AppFactoryException("Failed to authorize role:" + role);
}
}
