Strolch
/
strolch
mirror of https://github.com/strolch-li/strolch.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[New] added getter for EncryptionHandler and return SystemUserAction

This commit is contained in:
Robert von Burg 2015-10-08 12:26:31 +02:00
parent bf15669ef2
commit 471cc1f37f
2 changed files with 47 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
src/main/java/ch/eitchnet/privilege/handler/DefaultPrivilegeHandler.java
View File

@ -72,8 +72,6 @@ import ch.eitchnet.utils.helper.StringHelper;
*/ */
public class DefaultPrivilegeHandler implements PrivilegeHandler { public class DefaultPrivilegeHandler implements PrivilegeHandler {
///
/** /**
* slf4j logger * slf4j logger
*/ */
@ -111,6 +109,11 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
private PrivilegeConflictResolution privilegeConflictResolution; private PrivilegeConflictResolution privilegeConflictResolution;
@Override
public EncryptionHandler getEncryptionHandler() throws PrivilegeException {
return this.encryptionHandler;
}
@Override @Override
public RoleRep getRole(Certificate certificate, String roleName) { public RoleRep getRole(Certificate certificate, String roleName) {
@ -487,8 +490,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
} }
@Override @Override
public UserRep updateUser(Certificate certificate, UserRep userRep) throws AccessDeniedException, public UserRep updateUser(Certificate certificate, UserRep userRep)
PrivilegeException { throws AccessDeniedException, PrivilegeException {
// validate user actually has this type of privilege // validate user actually has this type of privilege
PrivilegeContext prvCtx = getPrivilegeContext(certificate); PrivilegeContext prvCtx = getPrivilegeContext(certificate);
@ -504,8 +507,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
if (StringHelper.isEmpty(userRep.getFirstname()) && StringHelper.isEmpty(userRep.getLastname()) if (StringHelper.isEmpty(userRep.getFirstname()) && StringHelper.isEmpty(userRep.getLastname())
&& userRep.getLocale() == null && userRep.getLocale() == null
&& (userRep.getProperties() == null || userRep.getProperties().isEmpty())) { && (userRep.getProperties() == null || userRep.getProperties().isEmpty())) {
throw new PrivilegeException(MessageFormat.format( throw new PrivilegeException(MessageFormat.format("All updateable fields are empty for update of user {0}", //$NON-NLS-1$
"All updateable fields are empty for update of user {0}", userRep.getUsername())); //$NON-NLS-1$ userRep.getUsername()));
} }
String userId = existingUser.getUserId(); String userId = existingUser.getUserId();
@ -626,7 +629,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
} }
// validate that this user may remove this role from this user // validate that this user may remove this role from this user
prvCtx.validateAction(new SimpleRestrictable(PRIVILEGE_REMOVE_ROLE_FROM_USER, new Tuple(existingUser, roleName))); prvCtx.validateAction(
new SimpleRestrictable(PRIVILEGE_REMOVE_ROLE_FROM_USER, new Tuple(existingUser, roleName)));
// ignore if user does not have role // ignore if user does not have role
Set<String> currentRoles = existingUser.getRoles(); Set<String> currentRoles = existingUser.getRoles();
@ -713,8 +717,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
// if the user is not setting their own password, then make sure this user may set this user's password // if the user is not setting their own password, then make sure this user may set this user's password
if (!certificate.getUsername().equals(username)) { if (!certificate.getUsername().equals(username)) {
prvCtx.validateAction(new SimpleRestrictable(PRIVILEGE_SET_USER_PASSWORD, new Tuple(existingUser, prvCtx.validateAction(
newUser))); new SimpleRestrictable(PRIVILEGE_SET_USER_PASSWORD, new Tuple(existingUser, newUser)));
} }
// delegate user replacement to persistence handler // delegate user replacement to persistence handler
@ -987,8 +991,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
this.privilegeContextMap.put(sessionId, privilegeContext); this.privilegeContextMap.put(sessionId, privilegeContext);
// log // log
DefaultPrivilegeHandler.logger.info(MessageFormat.format( DefaultPrivilegeHandler.logger
"User {0} authenticated: {1}", username, certificate)); //$NON-NLS-1$ .info(MessageFormat.format("User {0} authenticated: {1}", username, certificate)); //$NON-NLS-1$
} catch (RuntimeException e) { } catch (RuntimeException e) {
String msg = "User {0} Failed to authenticate: {1}"; //$NON-NLS-1$ String msg = "User {0} Failed to authenticate: {1}"; //$NON-NLS-1$
@ -1042,8 +1046,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
// validate password // validate password
String pwHash = user.getPassword(); String pwHash = user.getPassword();
if (pwHash == null) if (pwHash == null)
throw new AccessDeniedException(MessageFormat.format( throw new AccessDeniedException(
"User {0} has no password and may not login!", username)); //$NON-NLS-1$ MessageFormat.format("User {0} has no password and may not login!", username)); //$NON-NLS-1$
if (!pwHash.equals(passwordHash)) if (!pwHash.equals(passwordHash))
throw new AccessDeniedException(MessageFormat.format("Password is incorrect for {0}", username)); //$NON-NLS-1$ throw new AccessDeniedException(MessageFormat.format("Password is incorrect for {0}", username)); //$NON-NLS-1$
@ -1418,7 +1422,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
} }
@Override @Override
public void runAsSystem(String systemUsername, SystemUserAction action) throws PrivilegeException { public <T extends SystemUserAction> T runAsSystem(String systemUsername, T action) throws PrivilegeException {
if (systemUsername == null) if (systemUsername == null)
throw new PrivilegeException("systemUsername may not be null!"); //$NON-NLS-1$ throw new PrivilegeException("systemUsername may not be null!"); //$NON-NLS-1$
@ -1448,6 +1452,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
} finally { } finally {
this.privilegeContextMap.remove(sessionId); this.privilegeContextMap.remove(sessionId);
} }
return action;
} }
/** /**

42
src/main/java/ch/eitchnet/privilege/handler/PrivilegeHandler.java
View File

@ -223,8 +223,8 @@ public interface PrivilegeHandler {
* @throws PrivilegeException * @throws PrivilegeException
* if there is anything wrong with this certificate * if there is anything wrong with this certificate
*/ */
public UserRep removeUser(Certificate certificate, String username) throws AccessDeniedException, public UserRep removeUser(Certificate certificate, String username)
PrivilegeException; throws AccessDeniedException, PrivilegeException;
/** /**
* Removes the role with the given roleName from the user with the given username * Removes the role with the given roleName from the user with the given username
@ -259,8 +259,8 @@ public interface PrivilegeHandler {
* @throws PrivilegeException * @throws PrivilegeException
* if there is anything wrong with this certificate or the role is still in use by a user * if there is anything wrong with this certificate or the role is still in use by a user
*/ */
public RoleRep removeRole(Certificate certificate, String roleName) throws AccessDeniedException, public RoleRep removeRole(Certificate certificate, String roleName)
PrivilegeException; throws AccessDeniedException, PrivilegeException;
/** /**
* Removes the privilege with the given privilegeName from the role with the given roleName * Removes the privilege with the given privilegeName from the role with the given roleName
@ -304,8 +304,8 @@ public interface PrivilegeHandler {
* @throws PrivilegeException * @throws PrivilegeException
* if there is anything wrong with this certificate or the user already exists * if there is anything wrong with this certificate or the user already exists
*/ */
public UserRep addUser(Certificate certificate, UserRep userRep, byte[] password) throws AccessDeniedException, public UserRep addUser(Certificate certificate, UserRep userRep, byte[] password)
PrivilegeException; throws AccessDeniedException, PrivilegeException;
/** /**
* <p> * <p>
@ -336,8 +336,8 @@ public interface PrivilegeHandler {
* @throws PrivilegeException * @throws PrivilegeException
* if there is anything wrong with this certificate or if the user does not exist * if there is anything wrong with this certificate or if the user does not exist
*/ */
public UserRep updateUser(Certificate certificate, UserRep userRep) throws AccessDeniedException, public UserRep updateUser(Certificate certificate, UserRep userRep)
PrivilegeException; throws AccessDeniedException, PrivilegeException;
/** /**
* <p> * <p>
@ -363,8 +363,8 @@ public interface PrivilegeHandler {
* @throws PrivilegeException * @throws PrivilegeException
* if there is anything wrong with this certificate or if the user does not exist * if there is anything wrong with this certificate or if the user does not exist
*/ */
public UserRep replaceUser(Certificate certificate, UserRep userRep, byte[] password) throws AccessDeniedException, public UserRep replaceUser(Certificate certificate, UserRep userRep, byte[] password)
PrivilegeException; throws AccessDeniedException, PrivilegeException;
/** /**
* Adds a new role with the information from this {@link RoleRep} * Adds a new role with the information from this {@link RoleRep}
@ -394,8 +394,8 @@ public interface PrivilegeHandler {
* @throws PrivilegeException * @throws PrivilegeException
* if there is anything wrong with this certificate or if the role does not exist * if there is anything wrong with this certificate or if the role does not exist
*/ */
public RoleRep replaceRole(Certificate certificate, RoleRep roleRep) throws AccessDeniedException, public RoleRep replaceRole(Certificate certificate, RoleRep roleRep)
PrivilegeException; throws AccessDeniedException, PrivilegeException;
/** /**
* Adds the role with the given roleName to the {@link User} with the given username * Adds the role with the given roleName to the {@link User} with the given username
@ -494,8 +494,8 @@ public interface PrivilegeHandler {
* @throws PrivilegeException * @throws PrivilegeException
* if there is anything wrong with this certificate * if there is anything wrong with this certificate
*/ */
public UserRep setUserLocale(Certificate certificate, String username, Locale locale) throws AccessDeniedException, public UserRep setUserLocale(Certificate certificate, String username, Locale locale)
PrivilegeException; throws AccessDeniedException, PrivilegeException;
/** /**
* Authenticates a user by validating that a {@link User} for the given username and password exist and then returns * Authenticates a user by validating that a {@link User} for the given username and password exist and then returns
@ -612,10 +612,22 @@ public interface PrivilegeHandler {
* has the state {@link UserState#SYSTEM} and this user must have privilege to perform the concrete implementation * has the state {@link UserState#SYSTEM} and this user must have privilege to perform the concrete implementation
* of the given {@link SystemUserAction} instance * of the given {@link SystemUserAction} instance
* *
*
* @param systemUsername * @param systemUsername
* the username of the system user to perform the action as * the username of the system user to perform the action as
* @param action * @param action
* the action to be performed as the system user * the action to be performed as the system user
*
* @return the action
*
* @throws PrivilegeException
*/ */
public void runAsSystem(String systemUsername, SystemUserAction action) throws PrivilegeException; public <T extends SystemUserAction> T runAsSystem(String systemUsername, T action) throws PrivilegeException;
/**
* Returns the {@link EncryptionHandler} instance
*
* @return the {@link EncryptionHandler} instance
*/
public EncryptionHandler getEncryptionHandler() throws PrivilegeException;
} }