[New] Update existing sessions when modifying roles and users
This commit is contained in:
parent
bd1b7090cb
commit
038dc62d8d
|
|
@ -570,6 +570,9 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
|||
|
||||
logger.info("Updated user " + newUser.getUsername());
|
||||
|
||||
// update any existing sessions for this user
|
||||
updateExistingSessionsForUser(newUser);
|
||||
|
||||
return newUser.asUserRep();
|
||||
}
|
||||
|
||||
|
|
@ -644,6 +647,9 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
|||
|
||||
logger.info("Added role " + roleName + " to " + newUser.getUsername());
|
||||
|
||||
// update any existing sessions for this user
|
||||
updateExistingSessionsForUser(newUser);
|
||||
|
||||
return newUser.asUserRep();
|
||||
}
|
||||
|
||||
|
|
@ -685,6 +691,9 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
|||
|
||||
logger.info("Removed role " + roleName + " from " + newUser.getUsername());
|
||||
|
||||
// update any existing sessions for this user
|
||||
updateExistingSessionsForUser(newUser);
|
||||
|
||||
return newUser.asUserRep();
|
||||
}
|
||||
|
||||
|
|
@ -882,6 +891,9 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
|||
|
||||
logger.info("Replaced role " + newRole.getName());
|
||||
|
||||
// update any existing certificates with new role
|
||||
updateExistingSessionsWithNewRole(newRole);
|
||||
|
||||
return newRole.asRoleRep();
|
||||
}
|
||||
|
||||
|
|
@ -974,6 +986,9 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
|||
|
||||
logger.info("Added/replaced privilege " + privilegeRep.getName() + " to " + roleName);
|
||||
|
||||
// update any existing certificates with new role
|
||||
updateExistingSessionsWithNewRole(newRole);
|
||||
|
||||
return newRole.asRoleRep();
|
||||
}
|
||||
|
||||
|
|
@ -1017,9 +1032,56 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
|||
|
||||
logger.info("Removed privilege " + privilegeName + " from " + roleName);
|
||||
|
||||
// update any existing certificates with new role
|
||||
updateExistingSessionsWithNewRole(newRole);
|
||||
|
||||
return newRole.asRoleRep();
|
||||
}
|
||||
|
||||
/**
|
||||
* Replaces any existing {@link PrivilegeContext} for the given user by updating with the new user object
|
||||
*
|
||||
* @param newUser
|
||||
* the new user to update with
|
||||
*/
|
||||
private void updateExistingSessionsForUser(User newUser) {
|
||||
synchronized (this.privilegeContextMap) {
|
||||
List<PrivilegeContext> ctxs = new ArrayList<>(this.privilegeContextMap.values());
|
||||
for (PrivilegeContext ctx : ctxs) {
|
||||
if (ctx.getUserRep().getUsername().equals(newUser.getUsername())) {
|
||||
Certificate cert = ctx.getCertificate();
|
||||
cert = buildCertificate(cert.getUsage(), newUser, cert.getAuthToken(), cert.getSessionId());
|
||||
PrivilegeContext privilegeContext = buildPrivilegeContext(cert, newUser);
|
||||
this.privilegeContextMap.put(cert.getSessionId(), privilegeContext);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Replaces any existing {@link PrivilegeContext} for users with the given role
|
||||
*
|
||||
* @param role
|
||||
* the role to update with
|
||||
*/
|
||||
private void updateExistingSessionsWithNewRole(Role role) {
|
||||
synchronized (this.privilegeContextMap) {
|
||||
List<PrivilegeContext> ctxs = new ArrayList<>(this.privilegeContextMap.values());
|
||||
for (PrivilegeContext ctx : ctxs) {
|
||||
if (ctx.getUserRep().hasRole(role.getName())) {
|
||||
User user = this.persistenceHandler.getUser(ctx.getUsername());
|
||||
if (user == null)
|
||||
continue;
|
||||
|
||||
Certificate cert = ctx.getCertificate();
|
||||
cert = buildCertificate(cert.getUsage(), user, cert.getAuthToken(), cert.getSessionId());
|
||||
PrivilegeContext privilegeContext = buildPrivilegeContext(cert, user);
|
||||
this.privilegeContextMap.put(cert.getSessionId(), privilegeContext);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public void initiateChallengeFor(Usage usage, String username) {
|
||||
|
||||
|
|
@ -1570,7 +1632,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
|||
// validate privilege conflicts
|
||||
validatePrivilegeConflicts();
|
||||
|
||||
this.privilegeContextMap = Collections.synchronizedMap(new HashMap<String, PrivilegeContext>());
|
||||
this.privilegeContextMap = Collections.synchronizedMap(new HashMap<>());
|
||||
|
||||
loadSessions();
|
||||
|
||||
|
|
|
|||
|
|
@ -117,6 +117,7 @@ public final class Certificate implements Serializable {
|
|||
this.propertyMap = Collections.unmodifiableMap(propertyMap);
|
||||
|
||||
this.userRoles = Collections.unmodifiableSet(userRoles);
|
||||
this.lastAccess = new Date();
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -1,31 +0,0 @@
|
|||
package li.strolch.service.privilege.roles;
|
||||
|
||||
import li.strolch.agent.api.ComponentContainer;
|
||||
import li.strolch.persistence.api.StrolchTransaction;
|
||||
import li.strolch.service.api.Command;
|
||||
|
||||
public class PrivilageAddOrReplacePrivilegeOnRoleCommand extends Command {
|
||||
|
||||
public PrivilageAddOrReplacePrivilegeOnRoleCommand(ComponentContainer container, StrolchTransaction tx) {
|
||||
super(container, tx);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void validate() {
|
||||
// TODO Auto-generated method stub
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public void doCommand() {
|
||||
// TODO Auto-generated method stub
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public void undo() {
|
||||
// TODO Auto-generated method stub
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
Loading…
Reference in New Issue