/** * Clear the role authorizations from database * * @param role * @param userName * @throws AppFactoryException */ private void clearRoleAuthorization(String role, String userName) throws AppFactoryException { boolean errorOccurred = false; // get base access urls from appfactory.xml Map<String, String> baseAccessURLs = AppFactoryUtil.getBaseAccessURLs(); if (baseAccessURLs.isEmpty()) { String msg = "Could not find any remote server URLs configured for cloud environments."; log.error(msg); throw new AppFactoryException(msg); } for (Map.Entry entry : baseAccessURLs.entrySet()) { String stage = (String) entry.getKey(); try { // construct remote service url based on base access url String remoteServiceURL = (String) entry.getValue(); if (!remoteServiceURL.endsWith("/")) { remoteServiceURL += "/services/"; } else { remoteServiceURL += "services/"; } // create remote authorization management client and authenticate with mutual auth. RemoteAuthorizationMgtClient authorizationMgtClient = new RemoteAuthorizationMgtClient(remoteServiceURL); AppFactoryUtil.setAuthHeaders( authorizationMgtClient.getStub()._getServiceClient(), userName); try { authorizationMgtClient.clearAllRoleAuthorization(role); } catch (Exception e) { String errorMsg = "Failed to clear authorization for role:" + role + " on stage:" + stage; log.error(errorMsg); if (log.isDebugEnabled()) { log.debug(errorMsg, e); } errorOccurred = true; // continue to other permissions and throw generic exception at the end of flow. } } catch (Exception e) { String errorMsg = "Failed to clear role:" + role + " on stage:" + stage; log.error(errorMsg); if (log.isDebugEnabled()) { log.debug(errorMsg, e); } errorOccurred = true; // continue to other stages and throw generic exception at the end of flow. } } if (errorOccurred) { throw new AppFactoryException("Failed to clear role:" + role); } }
/** * Authorize given role with given set of permissions * * @param role - role name * @param userName - authorized user to authorize roles * @param permissions - set of permissions * @throws AppFactoryException if remote exceptions or user store exceptions occurred. */ private void authorizeRole(String role, String userName, Permission[] permissions) throws AppFactoryException { boolean errorOccurred = false; // get base access urls from appfactory.xml Map<String, String> baseAccessURLs = AppFactoryUtil.getBaseAccessURLs(); if (baseAccessURLs.isEmpty()) { String msg = "Could not find any remote server URLs configured for cloud environments."; log.error(msg); throw new AppFactoryException(msg); } for (Map.Entry entry : baseAccessURLs.entrySet()) { String stage = (String) entry.getKey(); try { // construct remote service url based on base access url String remoteServiceURL = (String) entry.getValue(); // create remote authorization management client and authenticate with mutual auth. RemoteAuthorizationMgtClient authorizationMgtClient = new RemoteAuthorizationMgtClient(remoteServiceURL); AppFactoryUtil.setAuthHeaders( authorizationMgtClient.getStub()._getServiceClient(), userName); for (Permission permission : permissions) { try { authorizationMgtClient.authorizeRole( role, permission.getResourceId(), permission.getAction()); } catch (Exception e) { String errorMsg = "Failed to authorize role:" + role + " ,permission:" + permission.getResourceId() + " ,action:" + permission.getAction() + " on stage:" + stage; log.error(errorMsg, e); errorOccurred = true; // continue to other permissions and throw generic exception at the end of flow. } } } catch (Exception e) { String errorMsg = "Failed to authorize role:" + role + " on stage:" + stage; log.error(errorMsg, e); errorOccurred = true; // continue to other stages and throw generic exception at the end of flow. } } if (errorOccurred) { throw new AppFactoryException("Failed to authorize role:" + role); } }