[New] added getter for EncryptionHandler and return SystemUserAction
This commit is contained in:
parent
bf15669ef2
commit
471cc1f37f
|
@ -72,8 +72,6 @@ import ch.eitchnet.utils.helper.StringHelper;
|
||||||
*/
|
*/
|
||||||
public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
|
|
||||||
///
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* slf4j logger
|
* slf4j logger
|
||||||
*/
|
*/
|
||||||
|
@ -111,6 +109,11 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
|
|
||||||
private PrivilegeConflictResolution privilegeConflictResolution;
|
private PrivilegeConflictResolution privilegeConflictResolution;
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public EncryptionHandler getEncryptionHandler() throws PrivilegeException {
|
||||||
|
return this.encryptionHandler;
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public RoleRep getRole(Certificate certificate, String roleName) {
|
public RoleRep getRole(Certificate certificate, String roleName) {
|
||||||
|
|
||||||
|
@ -487,8 +490,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public UserRep updateUser(Certificate certificate, UserRep userRep) throws AccessDeniedException,
|
public UserRep updateUser(Certificate certificate, UserRep userRep)
|
||||||
PrivilegeException {
|
throws AccessDeniedException, PrivilegeException {
|
||||||
|
|
||||||
// validate user actually has this type of privilege
|
// validate user actually has this type of privilege
|
||||||
PrivilegeContext prvCtx = getPrivilegeContext(certificate);
|
PrivilegeContext prvCtx = getPrivilegeContext(certificate);
|
||||||
|
@ -504,8 +507,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
if (StringHelper.isEmpty(userRep.getFirstname()) && StringHelper.isEmpty(userRep.getLastname())
|
if (StringHelper.isEmpty(userRep.getFirstname()) && StringHelper.isEmpty(userRep.getLastname())
|
||||||
&& userRep.getLocale() == null
|
&& userRep.getLocale() == null
|
||||||
&& (userRep.getProperties() == null || userRep.getProperties().isEmpty())) {
|
&& (userRep.getProperties() == null || userRep.getProperties().isEmpty())) {
|
||||||
throw new PrivilegeException(MessageFormat.format(
|
throw new PrivilegeException(MessageFormat.format("All updateable fields are empty for update of user {0}", //$NON-NLS-1$
|
||||||
"All updateable fields are empty for update of user {0}", userRep.getUsername())); //$NON-NLS-1$
|
userRep.getUsername()));
|
||||||
}
|
}
|
||||||
|
|
||||||
String userId = existingUser.getUserId();
|
String userId = existingUser.getUserId();
|
||||||
|
@ -626,7 +629,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
}
|
}
|
||||||
|
|
||||||
// validate that this user may remove this role from this user
|
// validate that this user may remove this role from this user
|
||||||
prvCtx.validateAction(new SimpleRestrictable(PRIVILEGE_REMOVE_ROLE_FROM_USER, new Tuple(existingUser, roleName)));
|
prvCtx.validateAction(
|
||||||
|
new SimpleRestrictable(PRIVILEGE_REMOVE_ROLE_FROM_USER, new Tuple(existingUser, roleName)));
|
||||||
|
|
||||||
// ignore if user does not have role
|
// ignore if user does not have role
|
||||||
Set<String> currentRoles = existingUser.getRoles();
|
Set<String> currentRoles = existingUser.getRoles();
|
||||||
|
@ -713,8 +717,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
|
|
||||||
// if the user is not setting their own password, then make sure this user may set this user's password
|
// if the user is not setting their own password, then make sure this user may set this user's password
|
||||||
if (!certificate.getUsername().equals(username)) {
|
if (!certificate.getUsername().equals(username)) {
|
||||||
prvCtx.validateAction(new SimpleRestrictable(PRIVILEGE_SET_USER_PASSWORD, new Tuple(existingUser,
|
prvCtx.validateAction(
|
||||||
newUser)));
|
new SimpleRestrictable(PRIVILEGE_SET_USER_PASSWORD, new Tuple(existingUser, newUser)));
|
||||||
}
|
}
|
||||||
|
|
||||||
// delegate user replacement to persistence handler
|
// delegate user replacement to persistence handler
|
||||||
|
@ -987,8 +991,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
this.privilegeContextMap.put(sessionId, privilegeContext);
|
this.privilegeContextMap.put(sessionId, privilegeContext);
|
||||||
|
|
||||||
// log
|
// log
|
||||||
DefaultPrivilegeHandler.logger.info(MessageFormat.format(
|
DefaultPrivilegeHandler.logger
|
||||||
"User {0} authenticated: {1}", username, certificate)); //$NON-NLS-1$
|
.info(MessageFormat.format("User {0} authenticated: {1}", username, certificate)); //$NON-NLS-1$
|
||||||
|
|
||||||
} catch (RuntimeException e) {
|
} catch (RuntimeException e) {
|
||||||
String msg = "User {0} Failed to authenticate: {1}"; //$NON-NLS-1$
|
String msg = "User {0} Failed to authenticate: {1}"; //$NON-NLS-1$
|
||||||
|
@ -1042,8 +1046,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
// validate password
|
// validate password
|
||||||
String pwHash = user.getPassword();
|
String pwHash = user.getPassword();
|
||||||
if (pwHash == null)
|
if (pwHash == null)
|
||||||
throw new AccessDeniedException(MessageFormat.format(
|
throw new AccessDeniedException(
|
||||||
"User {0} has no password and may not login!", username)); //$NON-NLS-1$
|
MessageFormat.format("User {0} has no password and may not login!", username)); //$NON-NLS-1$
|
||||||
if (!pwHash.equals(passwordHash))
|
if (!pwHash.equals(passwordHash))
|
||||||
throw new AccessDeniedException(MessageFormat.format("Password is incorrect for {0}", username)); //$NON-NLS-1$
|
throw new AccessDeniedException(MessageFormat.format("Password is incorrect for {0}", username)); //$NON-NLS-1$
|
||||||
|
|
||||||
|
@ -1418,7 +1422,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void runAsSystem(String systemUsername, SystemUserAction action) throws PrivilegeException {
|
public <T extends SystemUserAction> T runAsSystem(String systemUsername, T action) throws PrivilegeException {
|
||||||
|
|
||||||
if (systemUsername == null)
|
if (systemUsername == null)
|
||||||
throw new PrivilegeException("systemUsername may not be null!"); //$NON-NLS-1$
|
throw new PrivilegeException("systemUsername may not be null!"); //$NON-NLS-1$
|
||||||
|
@ -1448,6 +1452,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
} finally {
|
} finally {
|
||||||
this.privilegeContextMap.remove(sessionId);
|
this.privilegeContextMap.remove(sessionId);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return action;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -223,8 +223,8 @@ public interface PrivilegeHandler {
|
||||||
* @throws PrivilegeException
|
* @throws PrivilegeException
|
||||||
* if there is anything wrong with this certificate
|
* if there is anything wrong with this certificate
|
||||||
*/
|
*/
|
||||||
public UserRep removeUser(Certificate certificate, String username) throws AccessDeniedException,
|
public UserRep removeUser(Certificate certificate, String username)
|
||||||
PrivilegeException;
|
throws AccessDeniedException, PrivilegeException;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Removes the role with the given roleName from the user with the given username
|
* Removes the role with the given roleName from the user with the given username
|
||||||
|
@ -259,8 +259,8 @@ public interface PrivilegeHandler {
|
||||||
* @throws PrivilegeException
|
* @throws PrivilegeException
|
||||||
* if there is anything wrong with this certificate or the role is still in use by a user
|
* if there is anything wrong with this certificate or the role is still in use by a user
|
||||||
*/
|
*/
|
||||||
public RoleRep removeRole(Certificate certificate, String roleName) throws AccessDeniedException,
|
public RoleRep removeRole(Certificate certificate, String roleName)
|
||||||
PrivilegeException;
|
throws AccessDeniedException, PrivilegeException;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Removes the privilege with the given privilegeName from the role with the given roleName
|
* Removes the privilege with the given privilegeName from the role with the given roleName
|
||||||
|
@ -304,8 +304,8 @@ public interface PrivilegeHandler {
|
||||||
* @throws PrivilegeException
|
* @throws PrivilegeException
|
||||||
* if there is anything wrong with this certificate or the user already exists
|
* if there is anything wrong with this certificate or the user already exists
|
||||||
*/
|
*/
|
||||||
public UserRep addUser(Certificate certificate, UserRep userRep, byte[] password) throws AccessDeniedException,
|
public UserRep addUser(Certificate certificate, UserRep userRep, byte[] password)
|
||||||
PrivilegeException;
|
throws AccessDeniedException, PrivilegeException;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* <p>
|
* <p>
|
||||||
|
@ -336,8 +336,8 @@ public interface PrivilegeHandler {
|
||||||
* @throws PrivilegeException
|
* @throws PrivilegeException
|
||||||
* if there is anything wrong with this certificate or if the user does not exist
|
* if there is anything wrong with this certificate or if the user does not exist
|
||||||
*/
|
*/
|
||||||
public UserRep updateUser(Certificate certificate, UserRep userRep) throws AccessDeniedException,
|
public UserRep updateUser(Certificate certificate, UserRep userRep)
|
||||||
PrivilegeException;
|
throws AccessDeniedException, PrivilegeException;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* <p>
|
* <p>
|
||||||
|
@ -363,8 +363,8 @@ public interface PrivilegeHandler {
|
||||||
* @throws PrivilegeException
|
* @throws PrivilegeException
|
||||||
* if there is anything wrong with this certificate or if the user does not exist
|
* if there is anything wrong with this certificate or if the user does not exist
|
||||||
*/
|
*/
|
||||||
public UserRep replaceUser(Certificate certificate, UserRep userRep, byte[] password) throws AccessDeniedException,
|
public UserRep replaceUser(Certificate certificate, UserRep userRep, byte[] password)
|
||||||
PrivilegeException;
|
throws AccessDeniedException, PrivilegeException;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Adds a new role with the information from this {@link RoleRep}
|
* Adds a new role with the information from this {@link RoleRep}
|
||||||
|
@ -394,8 +394,8 @@ public interface PrivilegeHandler {
|
||||||
* @throws PrivilegeException
|
* @throws PrivilegeException
|
||||||
* if there is anything wrong with this certificate or if the role does not exist
|
* if there is anything wrong with this certificate or if the role does not exist
|
||||||
*/
|
*/
|
||||||
public RoleRep replaceRole(Certificate certificate, RoleRep roleRep) throws AccessDeniedException,
|
public RoleRep replaceRole(Certificate certificate, RoleRep roleRep)
|
||||||
PrivilegeException;
|
throws AccessDeniedException, PrivilegeException;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Adds the role with the given roleName to the {@link User} with the given username
|
* Adds the role with the given roleName to the {@link User} with the given username
|
||||||
|
@ -494,8 +494,8 @@ public interface PrivilegeHandler {
|
||||||
* @throws PrivilegeException
|
* @throws PrivilegeException
|
||||||
* if there is anything wrong with this certificate
|
* if there is anything wrong with this certificate
|
||||||
*/
|
*/
|
||||||
public UserRep setUserLocale(Certificate certificate, String username, Locale locale) throws AccessDeniedException,
|
public UserRep setUserLocale(Certificate certificate, String username, Locale locale)
|
||||||
PrivilegeException;
|
throws AccessDeniedException, PrivilegeException;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Authenticates a user by validating that a {@link User} for the given username and password exist and then returns
|
* Authenticates a user by validating that a {@link User} for the given username and password exist and then returns
|
||||||
|
@ -612,10 +612,22 @@ public interface PrivilegeHandler {
|
||||||
* has the state {@link UserState#SYSTEM} and this user must have privilege to perform the concrete implementation
|
* has the state {@link UserState#SYSTEM} and this user must have privilege to perform the concrete implementation
|
||||||
* of the given {@link SystemUserAction} instance
|
* of the given {@link SystemUserAction} instance
|
||||||
*
|
*
|
||||||
|
*
|
||||||
* @param systemUsername
|
* @param systemUsername
|
||||||
* the username of the system user to perform the action as
|
* the username of the system user to perform the action as
|
||||||
* @param action
|
* @param action
|
||||||
* the action to be performed as the system user
|
* the action to be performed as the system user
|
||||||
|
*
|
||||||
|
* @return the action
|
||||||
|
*
|
||||||
|
* @throws PrivilegeException
|
||||||
*/
|
*/
|
||||||
public void runAsSystem(String systemUsername, SystemUserAction action) throws PrivilegeException;
|
public <T extends SystemUserAction> T runAsSystem(String systemUsername, T action) throws PrivilegeException;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns the {@link EncryptionHandler} instance
|
||||||
|
*
|
||||||
|
* @return the {@link EncryptionHandler} instance
|
||||||
|
*/
|
||||||
|
public EncryptionHandler getEncryptionHandler() throws PrivilegeException;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue