[New] Update existing sessions when modifying roles and users
This commit is contained in:
parent
bd1b7090cb
commit
038dc62d8d
|
@ -570,6 +570,9 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
|
|
||||||
logger.info("Updated user " + newUser.getUsername());
|
logger.info("Updated user " + newUser.getUsername());
|
||||||
|
|
||||||
|
// update any existing sessions for this user
|
||||||
|
updateExistingSessionsForUser(newUser);
|
||||||
|
|
||||||
return newUser.asUserRep();
|
return newUser.asUserRep();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -644,6 +647,9 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
|
|
||||||
logger.info("Added role " + roleName + " to " + newUser.getUsername());
|
logger.info("Added role " + roleName + " to " + newUser.getUsername());
|
||||||
|
|
||||||
|
// update any existing sessions for this user
|
||||||
|
updateExistingSessionsForUser(newUser);
|
||||||
|
|
||||||
return newUser.asUserRep();
|
return newUser.asUserRep();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -685,6 +691,9 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
|
|
||||||
logger.info("Removed role " + roleName + " from " + newUser.getUsername());
|
logger.info("Removed role " + roleName + " from " + newUser.getUsername());
|
||||||
|
|
||||||
|
// update any existing sessions for this user
|
||||||
|
updateExistingSessionsForUser(newUser);
|
||||||
|
|
||||||
return newUser.asUserRep();
|
return newUser.asUserRep();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -882,6 +891,9 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
|
|
||||||
logger.info("Replaced role " + newRole.getName());
|
logger.info("Replaced role " + newRole.getName());
|
||||||
|
|
||||||
|
// update any existing certificates with new role
|
||||||
|
updateExistingSessionsWithNewRole(newRole);
|
||||||
|
|
||||||
return newRole.asRoleRep();
|
return newRole.asRoleRep();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -974,6 +986,9 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
|
|
||||||
logger.info("Added/replaced privilege " + privilegeRep.getName() + " to " + roleName);
|
logger.info("Added/replaced privilege " + privilegeRep.getName() + " to " + roleName);
|
||||||
|
|
||||||
|
// update any existing certificates with new role
|
||||||
|
updateExistingSessionsWithNewRole(newRole);
|
||||||
|
|
||||||
return newRole.asRoleRep();
|
return newRole.asRoleRep();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1017,9 +1032,56 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
|
|
||||||
logger.info("Removed privilege " + privilegeName + " from " + roleName);
|
logger.info("Removed privilege " + privilegeName + " from " + roleName);
|
||||||
|
|
||||||
|
// update any existing certificates with new role
|
||||||
|
updateExistingSessionsWithNewRole(newRole);
|
||||||
|
|
||||||
return newRole.asRoleRep();
|
return newRole.asRoleRep();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Replaces any existing {@link PrivilegeContext} for the given user by updating with the new user object
|
||||||
|
*
|
||||||
|
* @param newUser
|
||||||
|
* the new user to update with
|
||||||
|
*/
|
||||||
|
private void updateExistingSessionsForUser(User newUser) {
|
||||||
|
synchronized (this.privilegeContextMap) {
|
||||||
|
List<PrivilegeContext> ctxs = new ArrayList<>(this.privilegeContextMap.values());
|
||||||
|
for (PrivilegeContext ctx : ctxs) {
|
||||||
|
if (ctx.getUserRep().getUsername().equals(newUser.getUsername())) {
|
||||||
|
Certificate cert = ctx.getCertificate();
|
||||||
|
cert = buildCertificate(cert.getUsage(), newUser, cert.getAuthToken(), cert.getSessionId());
|
||||||
|
PrivilegeContext privilegeContext = buildPrivilegeContext(cert, newUser);
|
||||||
|
this.privilegeContextMap.put(cert.getSessionId(), privilegeContext);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Replaces any existing {@link PrivilegeContext} for users with the given role
|
||||||
|
*
|
||||||
|
* @param role
|
||||||
|
* the role to update with
|
||||||
|
*/
|
||||||
|
private void updateExistingSessionsWithNewRole(Role role) {
|
||||||
|
synchronized (this.privilegeContextMap) {
|
||||||
|
List<PrivilegeContext> ctxs = new ArrayList<>(this.privilegeContextMap.values());
|
||||||
|
for (PrivilegeContext ctx : ctxs) {
|
||||||
|
if (ctx.getUserRep().hasRole(role.getName())) {
|
||||||
|
User user = this.persistenceHandler.getUser(ctx.getUsername());
|
||||||
|
if (user == null)
|
||||||
|
continue;
|
||||||
|
|
||||||
|
Certificate cert = ctx.getCertificate();
|
||||||
|
cert = buildCertificate(cert.getUsage(), user, cert.getAuthToken(), cert.getSessionId());
|
||||||
|
PrivilegeContext privilegeContext = buildPrivilegeContext(cert, user);
|
||||||
|
this.privilegeContextMap.put(cert.getSessionId(), privilegeContext);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void initiateChallengeFor(Usage usage, String username) {
|
public void initiateChallengeFor(Usage usage, String username) {
|
||||||
|
|
||||||
|
@ -1570,7 +1632,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
// validate privilege conflicts
|
// validate privilege conflicts
|
||||||
validatePrivilegeConflicts();
|
validatePrivilegeConflicts();
|
||||||
|
|
||||||
this.privilegeContextMap = Collections.synchronizedMap(new HashMap<String, PrivilegeContext>());
|
this.privilegeContextMap = Collections.synchronizedMap(new HashMap<>());
|
||||||
|
|
||||||
loadSessions();
|
loadSessions();
|
||||||
|
|
||||||
|
|
|
@ -117,6 +117,7 @@ public final class Certificate implements Serializable {
|
||||||
this.propertyMap = Collections.unmodifiableMap(propertyMap);
|
this.propertyMap = Collections.unmodifiableMap(propertyMap);
|
||||||
|
|
||||||
this.userRoles = Collections.unmodifiableSet(userRoles);
|
this.userRoles = Collections.unmodifiableSet(userRoles);
|
||||||
|
this.lastAccess = new Date();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -1,31 +0,0 @@
|
||||||
package li.strolch.service.privilege.roles;
|
|
||||||
|
|
||||||
import li.strolch.agent.api.ComponentContainer;
|
|
||||||
import li.strolch.persistence.api.StrolchTransaction;
|
|
||||||
import li.strolch.service.api.Command;
|
|
||||||
|
|
||||||
public class PrivilageAddOrReplacePrivilegeOnRoleCommand extends Command {
|
|
||||||
|
|
||||||
public PrivilageAddOrReplacePrivilegeOnRoleCommand(ComponentContainer container, StrolchTransaction tx) {
|
|
||||||
super(container, tx);
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public void validate() {
|
|
||||||
// TODO Auto-generated method stub
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public void doCommand() {
|
|
||||||
// TODO Auto-generated method stub
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public void undo() {
|
|
||||||
// TODO Auto-generated method stub
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
Loading…
Reference in New Issue