[Major] Moved privilege management into separate services
- instead of just calling the methods from the REST API, now we call services - this allows auditing who changes which privileges
This commit is contained in:
parent
6bd1ed58ad
commit
bd4291b483
|
@ -1 +1 @@
|
||||||
Subproject commit 2607bbef3fc7df863548820665d8ed133e524c39
|
Subproject commit 4c6434f475dc40e73b54890540eaf943f21e1084
|
|
@ -19,6 +19,7 @@ import static ch.eitchnet.utils.helper.StringHelper.DOT;
|
||||||
import li.strolch.agent.api.ObserverHandler;
|
import li.strolch.agent.api.ObserverHandler;
|
||||||
import li.strolch.model.StrolchModelConstants;
|
import li.strolch.model.StrolchModelConstants;
|
||||||
import li.strolch.persistence.api.PersistenceHandler;
|
import li.strolch.persistence.api.PersistenceHandler;
|
||||||
|
import ch.eitchnet.privilege.handler.PrivilegeHandler;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author Robert von Burg <eitch@eitchnet.ch>
|
* @author Robert von Burg <eitch@eitchnet.ch>
|
||||||
|
@ -58,4 +59,35 @@ public class StrolchConstants {
|
||||||
realmKey += DOT + realmName;
|
realmKey += DOT + realmName;
|
||||||
return realmKey;
|
return realmKey;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Constants used for Privilege management, configuration, etc.
|
||||||
|
*
|
||||||
|
* @author Robert von Burg <eitch@eitchnet.ch>
|
||||||
|
*/
|
||||||
|
public static class StrolchPrivilegeConstants {
|
||||||
|
|
||||||
|
public static final String PRIVILEGE = "Privilege"; //$NON-NLS-1$
|
||||||
|
public static final String CERTIFICATE = "Certificate"; //$NON-NLS-1$
|
||||||
|
public static final String ROLE = "Role"; //$NON-NLS-1$
|
||||||
|
public static final String USER = "User"; //$NON-NLS-1$
|
||||||
|
|
||||||
|
public static final String PRIVILEGE_GET_ROLE = PrivilegeHandler.PRIVILEGE_GET_ROLE;
|
||||||
|
public static final String PRIVILEGE_ADD_ROLE = PrivilegeHandler.PRIVILEGE_ADD_ROLE;
|
||||||
|
public static final String PRIVILEGE_REMOVE_ROLE = PrivilegeHandler.PRIVILEGE_REMOVE_ROLE;
|
||||||
|
public static final String PRIVILEGE_MODIFY_ROLE = PrivilegeHandler.PRIVILEGE_MODIFY_ROLE;
|
||||||
|
|
||||||
|
public static final String PRIVILEGE_GET_USER = PrivilegeHandler.PRIVILEGE_GET_USER;
|
||||||
|
public static final String PRIVILEGE_ADD_USER = PrivilegeHandler.PRIVILEGE_ADD_USER;
|
||||||
|
public static final String PRIVILEGE_REMOVE_USER = PrivilegeHandler.PRIVILEGE_REMOVE_USER;
|
||||||
|
public static final String PRIVILEGE_MODIFY_USER = PrivilegeHandler.PRIVILEGE_MODIFY_USER;
|
||||||
|
public static final String PRIVILEGE_ADD_ROLE_TO_USER = PrivilegeHandler.PRIVILEGE_ADD_ROLE_TO_USER;
|
||||||
|
public static final String PRIVILEGE_REMOVE_ROLE_FROM_USER = PrivilegeHandler.PRIVILEGE_REMOVE_ROLE_FROM_USER;
|
||||||
|
public static final String PRIVILEGE_SET_USER_LOCALE = PrivilegeHandler.PRIVILEGE_SET_USER_LOCALE;
|
||||||
|
public static final String PRIVILEGE_SET_USER_STATE = PrivilegeHandler.PRIVILEGE_SET_USER_STATE;
|
||||||
|
public static final String PRIVILEGE_SET_USER_PASSWORD = PrivilegeHandler.PRIVILEGE_SET_USER_PASSWORD;
|
||||||
|
|
||||||
|
public static final String PRIVILEGE_INVALIDATE_SESSION = "InvalidateSession";
|
||||||
|
public static final String PRIVILEGE_GET_SESSION = "GetSession";
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -27,6 +27,7 @@ import li.strolch.exception.StrolchException;
|
||||||
import li.strolch.model.audit.AccessType;
|
import li.strolch.model.audit.AccessType;
|
||||||
import li.strolch.model.audit.Audit;
|
import li.strolch.model.audit.Audit;
|
||||||
import li.strolch.persistence.api.StrolchTransaction;
|
import li.strolch.persistence.api.StrolchTransaction;
|
||||||
|
import li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants;
|
||||||
import li.strolch.runtime.configuration.ComponentConfiguration;
|
import li.strolch.runtime.configuration.ComponentConfiguration;
|
||||||
import li.strolch.runtime.configuration.RuntimeConfiguration;
|
import li.strolch.runtime.configuration.RuntimeConfiguration;
|
||||||
import ch.eitchnet.privilege.base.AccessDeniedException;
|
import ch.eitchnet.privilege.base.AccessDeniedException;
|
||||||
|
@ -119,7 +120,8 @@ public class DefaultStrolchPrivilegeHandler extends StrolchComponent implements
|
||||||
try (StrolchTransaction tx = realm.openTx(certificate, getClass())) {
|
try (StrolchTransaction tx = realm.openTx(certificate, getClass())) {
|
||||||
tx.setSuppressDoNothingLogging(true);
|
tx.setSuppressDoNothingLogging(true);
|
||||||
tx.setSuppressAudits(true);
|
tx.setSuppressAudits(true);
|
||||||
Audit audit = tx.auditFrom(AccessType.CREATE, PRIVILEGE, CERTIFICATE, username);
|
Audit audit = tx.auditFrom(AccessType.CREATE, StrolchPrivilegeConstants.PRIVILEGE,
|
||||||
|
StrolchPrivilegeConstants.CERTIFICATE, username);
|
||||||
tx.getAuditTrail().add(tx, audit);
|
tx.getAuditTrail().add(tx, audit);
|
||||||
}
|
}
|
||||||
return certificate;
|
return certificate;
|
||||||
|
@ -148,7 +150,8 @@ public class DefaultStrolchPrivilegeHandler extends StrolchComponent implements
|
||||||
try (StrolchTransaction tx = realm.openTx(certificate, getClass())) {
|
try (StrolchTransaction tx = realm.openTx(certificate, getClass())) {
|
||||||
tx.setSuppressDoNothingLogging(true);
|
tx.setSuppressDoNothingLogging(true);
|
||||||
tx.setSuppressAudits(true);
|
tx.setSuppressAudits(true);
|
||||||
Audit audit = tx.auditFrom(AccessType.DELETE, PRIVILEGE, CERTIFICATE, certificate.getUsername());
|
Audit audit = tx.auditFrom(AccessType.DELETE, StrolchPrivilegeConstants.PRIVILEGE,
|
||||||
|
StrolchPrivilegeConstants.CERTIFICATE, certificate.getUsername());
|
||||||
tx.getAuditTrail().add(tx, audit);
|
tx.getAuditTrail().add(tx, audit);
|
||||||
}
|
}
|
||||||
return invalidateSession;
|
return invalidateSession;
|
||||||
|
|
|
@ -25,9 +25,6 @@ import ch.eitchnet.privilege.model.PrivilegeContext;
|
||||||
*/
|
*/
|
||||||
public interface PrivilegeHandler {
|
public interface PrivilegeHandler {
|
||||||
|
|
||||||
public static final String PRIVILEGE = "Privilege"; //$NON-NLS-1$
|
|
||||||
public static final String CERTIFICATE = "Certificate"; //$NON-NLS-1$
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param username
|
* @param username
|
||||||
* @param password
|
* @param password
|
||||||
|
|
|
@ -18,6 +18,7 @@ package li.strolch.service.api;
|
||||||
import java.text.MessageFormat;
|
import java.text.MessageFormat;
|
||||||
|
|
||||||
import li.strolch.agent.api.ComponentContainer;
|
import li.strolch.agent.api.ComponentContainer;
|
||||||
|
import li.strolch.agent.api.StrolchComponent;
|
||||||
import li.strolch.agent.api.StrolchRealm;
|
import li.strolch.agent.api.StrolchRealm;
|
||||||
import li.strolch.exception.StrolchException;
|
import li.strolch.exception.StrolchException;
|
||||||
import li.strolch.persistence.api.StrolchTransaction;
|
import li.strolch.persistence.api.StrolchTransaction;
|
||||||
|
@ -42,6 +43,8 @@ public abstract class AbstractService<T extends ServiceArgument, U extends Servi
|
||||||
private PrivilegeContext privilegeContext;
|
private PrivilegeContext privilegeContext;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
* Called by the {@link ServiceHandler} to set the {@link PrivilegeContext} before this service is performed
|
||||||
|
*
|
||||||
* @param privilegeContext
|
* @param privilegeContext
|
||||||
* the privilegeContext to set
|
* the privilegeContext to set
|
||||||
*/
|
*/
|
||||||
|
@ -51,6 +54,8 @@ public abstract class AbstractService<T extends ServiceArgument, U extends Servi
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
* Return the {@link PrivilegeContext} to perform further privilege authorization validation
|
||||||
|
*
|
||||||
* @return the privilegeContext
|
* @return the privilegeContext
|
||||||
*/
|
*/
|
||||||
public final PrivilegeContext getPrivilegeContext() {
|
public final PrivilegeContext getPrivilegeContext() {
|
||||||
|
@ -58,6 +63,8 @@ public abstract class AbstractService<T extends ServiceArgument, U extends Servi
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
* Returns the {@link Certificate} of the user who is performing this service
|
||||||
|
*
|
||||||
* @return the certificate
|
* @return the certificate
|
||||||
*/
|
*/
|
||||||
protected final Certificate getCertificate() {
|
protected final Certificate getCertificate() {
|
||||||
|
@ -65,6 +72,9 @@ public abstract class AbstractService<T extends ServiceArgument, U extends Servi
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
* Called by the {@link ServiceHandler} to set a reference to the {@link ComponentContainer} to be used during
|
||||||
|
* service execution
|
||||||
|
*
|
||||||
* @param container
|
* @param container
|
||||||
* the container to set
|
* the container to set
|
||||||
*/
|
*/
|
||||||
|
@ -73,6 +83,8 @@ public abstract class AbstractService<T extends ServiceArgument, U extends Servi
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
* Returns the reference to the {@link ComponentContainer}
|
||||||
|
*
|
||||||
* @return the container
|
* @return the container
|
||||||
*/
|
*/
|
||||||
protected final ComponentContainer getContainer() {
|
protected final ComponentContainer getContainer() {
|
||||||
|
@ -80,45 +92,116 @@ public abstract class AbstractService<T extends ServiceArgument, U extends Servi
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
* Returns the reference to the {@link StrolchComponent} with the given name, if it exists. If it does not exist, an
|
||||||
|
* {@link IllegalArgumentException} is thrown
|
||||||
|
*
|
||||||
* @param clazz
|
* @param clazz
|
||||||
* @return
|
*
|
||||||
|
* @return the component with the given name
|
||||||
|
*
|
||||||
|
* @throws IllegalArgumentException
|
||||||
|
* if the component does not exist
|
||||||
*/
|
*/
|
||||||
protected final <V> V getComponent(Class<V> clazz) {
|
protected final <V> V getComponent(Class<V> clazz) {
|
||||||
return this.container.getComponent(clazz);
|
return this.container.getComponent(clazz);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @return
|
* Returns the Strolch {@link RuntimeConfiguration}
|
||||||
|
*
|
||||||
|
* @return the Strolch {@link RuntimeConfiguration}
|
||||||
*/
|
*/
|
||||||
protected final RuntimeConfiguration getRuntimeConfiguration() {
|
protected final RuntimeConfiguration getRuntimeConfiguration() {
|
||||||
return this.container.getAgent().getStrolchConfiguration().getRuntimeConfiguration();
|
return this.container.getAgent().getStrolchConfiguration().getRuntimeConfiguration();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
* Returns the {@link StrolchRealm} with the given name. If the realm does not exist, then a
|
||||||
|
* {@link StrolchException} is thrown
|
||||||
|
*
|
||||||
* @param realm
|
* @param realm
|
||||||
* @return
|
* the name of the {@link StrolchRealm} to return
|
||||||
|
* @return the {@link StrolchRealm} with the given name
|
||||||
|
*
|
||||||
|
* @throws StrolchException
|
||||||
|
* if the {@link StrolchRealm} does not exist with the given name
|
||||||
*/
|
*/
|
||||||
protected final StrolchRealm getRealm(String realm) {
|
protected final StrolchRealm getRealm(String realm) throws StrolchException {
|
||||||
return this.container.getRealm(realm);
|
return this.container.getRealm(realm);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
* Opens a {@link StrolchTransaction} for the given realm, the action for the TX is this implementation's class
|
||||||
|
* name. This transaction should be used in a try-with-resource clause so it is properly closed
|
||||||
|
*
|
||||||
* @param realm
|
* @param realm
|
||||||
* @return
|
* the name of the realm to return
|
||||||
|
*
|
||||||
|
* @return the realm with the given name
|
||||||
|
*
|
||||||
|
* @throws StrolchException
|
||||||
|
* if the {@link StrolchRealm} does not exist with the given name
|
||||||
*/
|
*/
|
||||||
protected final StrolchTransaction openTx(String realm) {
|
protected StrolchTransaction openTx(String realm) throws StrolchException {
|
||||||
return this.container.getRealm(realm).openTx(getCertificate(), getClass());
|
return this.container.getRealm(realm).openTx(getCertificate(), getClass());
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
* Opens a {@link StrolchTransaction} for the given realm. This transaction should be used in a try-with-resource
|
||||||
|
* clause so it is properly closed
|
||||||
|
*
|
||||||
* @param realm
|
* @param realm
|
||||||
|
* the name of the realm to return
|
||||||
* @param action
|
* @param action
|
||||||
* @return
|
* the action to use for the opened TX
|
||||||
|
*
|
||||||
|
* @return the realm with the given name
|
||||||
|
*
|
||||||
|
* @throws StrolchException
|
||||||
|
* if the {@link StrolchRealm} does not exist with the given name
|
||||||
*/
|
*/
|
||||||
protected final StrolchTransaction openTx(String realm, String action) {
|
protected StrolchTransaction openTx(String realm, String action) throws StrolchException {
|
||||||
return this.container.getRealm(realm).openTx(getCertificate(), action);
|
return this.container.getRealm(realm).openTx(getCertificate(), action);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Opens a {@link StrolchTransaction} where the realm retrieved using
|
||||||
|
* {@link ComponentContainer#getRealm(Certificate)}, the action for the TX is this implementation's class name. This
|
||||||
|
* transaction should be used in a try-with-resource clause so it is properly closed
|
||||||
|
*
|
||||||
|
* @return the realm with the given name
|
||||||
|
*
|
||||||
|
* @throws StrolchException
|
||||||
|
* if the {@link StrolchRealm} does not exist with the given name
|
||||||
|
*/
|
||||||
|
protected StrolchTransaction openUserTx() throws StrolchException {
|
||||||
|
return this.container.getRealm(getCertificate()).openTx(getCertificate(), getClass());
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Opens a {@link StrolchTransaction} where the realm retrieved using
|
||||||
|
* {@link ComponentContainer#getRealm(Certificate)}. This transaction should be used in a try-with-resource clause
|
||||||
|
* so it is properly closed
|
||||||
|
*
|
||||||
|
* @param realm
|
||||||
|
* the name of the realm to return
|
||||||
|
* @param action
|
||||||
|
* the action to use for the opened TX
|
||||||
|
*
|
||||||
|
* @return the realm with the given name
|
||||||
|
*
|
||||||
|
* @throws StrolchException
|
||||||
|
* if the {@link StrolchRealm} does not exist with the given name
|
||||||
|
*/
|
||||||
|
protected StrolchTransaction openUserTx(String action) throws StrolchException {
|
||||||
|
return this.container.getRealm(getCertificate()).openTx(getCertificate(), action);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This method is final as it enforces that the argument is valid, and catches all exceptions and enforces that a
|
||||||
|
* service result is returned. A concrete implementation will implement the business logic in
|
||||||
|
* {@link #internalDoService(ServiceArgument)}
|
||||||
|
*/
|
||||||
@Override
|
@Override
|
||||||
public final U doService(T argument) {
|
public final U doService(T argument) {
|
||||||
|
|
||||||
|
@ -155,6 +238,8 @@ public abstract class AbstractService<T extends ServiceArgument, U extends Servi
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
* Returns true if this Service requires an argument
|
||||||
|
*
|
||||||
* @return if true, then an argument must be set to execute the service. If the argument is missing, then the
|
* @return if true, then an argument must be set to execute the service. If the argument is missing, then the
|
||||||
* service execution fails immediately
|
* service execution fails immediately
|
||||||
*/
|
*/
|
||||||
|
@ -166,7 +251,7 @@ public abstract class AbstractService<T extends ServiceArgument, U extends Servi
|
||||||
* This method is called if the service execution fails and an instance of the expected {@link ServiceResult} is
|
* This method is called if the service execution fails and an instance of the expected {@link ServiceResult} is
|
||||||
* required to return to the caller
|
* required to return to the caller
|
||||||
*
|
*
|
||||||
* @return
|
* @return an instance of the {@link ServiceResult} returned by this implementation
|
||||||
*/
|
*/
|
||||||
protected abstract U getResultInstance();
|
protected abstract U getResultInstance();
|
||||||
|
|
||||||
|
@ -175,6 +260,7 @@ public abstract class AbstractService<T extends ServiceArgument, U extends Servi
|
||||||
* done in the {@link #doService(ServiceArgument)} which calls this method
|
* done in the {@link #doService(ServiceArgument)} which calls this method
|
||||||
*
|
*
|
||||||
* @param arg
|
* @param arg
|
||||||
|
* the {@link ServiceArgument} containing the arguments to perform the concrete service
|
||||||
*
|
*
|
||||||
* @return a {@link ServiceResult} which denotes the execution state of this {@link Service}
|
* @return a {@link ServiceResult} which denotes the execution state of this {@link Service}
|
||||||
*
|
*
|
||||||
|
|
|
@ -20,9 +20,20 @@ import java.io.Serializable;
|
||||||
import ch.eitchnet.privilege.model.Restrictable;
|
import ch.eitchnet.privilege.model.Restrictable;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
* Interface for Strolch service's. Service's are the main object in which business logic is implemented in a Strolch
|
||||||
|
* agent.
|
||||||
|
*
|
||||||
* @author Robert von Burg <eitch@eitchnet.ch>
|
* @author Robert von Burg <eitch@eitchnet.ch>
|
||||||
*/
|
*/
|
||||||
public interface Service<T extends ServiceArgument, U extends ServiceResult> extends Serializable, Restrictable {
|
public interface Service<T extends ServiceArgument, U extends ServiceResult> extends Serializable, Restrictable {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Performs the actual service
|
||||||
|
*
|
||||||
|
* @param argument
|
||||||
|
* the argument for the service
|
||||||
|
*
|
||||||
|
* @return the service result
|
||||||
|
*/
|
||||||
public U doService(T argument);
|
public U doService(T argument);
|
||||||
}
|
}
|
||||||
|
|
|
@ -42,7 +42,6 @@ public class ServiceResult implements Serializable {
|
||||||
* @param message
|
* @param message
|
||||||
*/
|
*/
|
||||||
public ServiceResult(ServiceResultState state, String message) {
|
public ServiceResult(ServiceResultState state, String message) {
|
||||||
super();
|
|
||||||
this.state = state;
|
this.state = state;
|
||||||
this.message = message;
|
this.message = message;
|
||||||
}
|
}
|
||||||
|
|
|
@ -15,6 +15,9 @@
|
||||||
*/
|
*/
|
||||||
package li.strolch.rest;
|
package li.strolch.rest;
|
||||||
|
|
||||||
|
import static li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants.PRIVILEGE_GET_SESSION;
|
||||||
|
import static li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants.PRIVILEGE_INVALIDATE_SESSION;
|
||||||
|
|
||||||
import java.text.MessageFormat;
|
import java.text.MessageFormat;
|
||||||
import java.time.Instant;
|
import java.time.Instant;
|
||||||
import java.time.LocalDateTime;
|
import java.time.LocalDateTime;
|
||||||
|
@ -53,8 +56,6 @@ import ch.eitchnet.utils.dbc.DBC;
|
||||||
*/
|
*/
|
||||||
public class DefaultStrolchSessionHandler extends StrolchComponent implements StrolchSessionHandler {
|
public class DefaultStrolchSessionHandler extends StrolchComponent implements StrolchSessionHandler {
|
||||||
|
|
||||||
public static final String PRIVILEGE_INVALIDATE_SESSION = "InvalidateSession";
|
|
||||||
public static final String PRIVILEGE_GET_SESSION = "GetSession";
|
|
||||||
public static final String PARAM_SESSION_TTL_MINUTES = "session.ttl.minutes"; //$NON-NLS-1$
|
public static final String PARAM_SESSION_TTL_MINUTES = "session.ttl.minutes"; //$NON-NLS-1$
|
||||||
|
|
||||||
private static final Logger logger = LoggerFactory.getLogger(DefaultStrolchSessionHandler.class);
|
private static final Logger logger = LoggerFactory.getLogger(DefaultStrolchSessionHandler.class);
|
||||||
|
|
|
@ -42,7 +42,7 @@ public class StrolchRestfulExceptionMapper implements ExceptionMapper<Exception>
|
||||||
sb.append(restrictable.getPrivilegeValue());
|
sb.append(restrictable.getPrivilegeValue());
|
||||||
}
|
}
|
||||||
|
|
||||||
return Response.status(Status.FORBIDDEN).entity(sb.toString()).type(MediaType.TEXT_PLAIN).build();
|
return Response.status(Status.UNAUTHORIZED).entity(sb.toString()).type(MediaType.TEXT_PLAIN).build();
|
||||||
}
|
}
|
||||||
|
|
||||||
return Response.serverError().entity(new Result(ex)).type(MediaType.APPLICATION_JSON).build();
|
return Response.serverError().entity(new Result(ex)).type(MediaType.APPLICATION_JSON).build();
|
||||||
|
|
|
@ -43,6 +43,7 @@ import li.strolch.runtime.privilege.PrivilegeHandler;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
|
import ch.eitchnet.privilege.base.AccessDeniedException;
|
||||||
import ch.eitchnet.privilege.base.PrivilegeException;
|
import ch.eitchnet.privilege.base.PrivilegeException;
|
||||||
import ch.eitchnet.privilege.model.Certificate;
|
import ch.eitchnet.privilege.model.Certificate;
|
||||||
import ch.eitchnet.privilege.model.IPrivilege;
|
import ch.eitchnet.privilege.model.IPrivilege;
|
||||||
|
@ -111,10 +112,14 @@ public class AuthenticationService {
|
||||||
.header(HttpHeaders.AUTHORIZATION, certificate.getAuthToken())//
|
.header(HttpHeaders.AUTHORIZATION, certificate.getAuthToken())//
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
} catch (StrolchException | PrivilegeException e) {
|
} catch (AccessDeniedException e) {
|
||||||
logger.error(e.getMessage(), e);
|
logger.error(e.getMessage(), e);
|
||||||
loginResult.setMsg(MessageFormat.format("Could not log in due to: {0}", e.getMessage())); //$NON-NLS-1$
|
loginResult.setMsg(MessageFormat.format("Could not log in due to: {0}", e.getMessage())); //$NON-NLS-1$
|
||||||
return Response.status(Status.UNAUTHORIZED).entity(loginResult).build();
|
return Response.status(Status.UNAUTHORIZED).entity(loginResult).build();
|
||||||
|
} catch (StrolchException | PrivilegeException e) {
|
||||||
|
logger.error(e.getMessage(), e);
|
||||||
|
loginResult.setMsg(MessageFormat.format("Could not log in due to: {0}", e.getMessage())); //$NON-NLS-1$
|
||||||
|
return Response.status(Status.FORBIDDEN).entity(loginResult).build();
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
logger.error(e.getMessage(), e);
|
logger.error(e.getMessage(), e);
|
||||||
String msg = e.getMessage();
|
String msg = e.getMessage();
|
||||||
|
|
|
@ -36,10 +36,17 @@ import li.strolch.agent.api.ComponentContainer;
|
||||||
import li.strolch.rest.RestfulStrolchComponent;
|
import li.strolch.rest.RestfulStrolchComponent;
|
||||||
import li.strolch.rest.StrolchRestfulConstants;
|
import li.strolch.rest.StrolchRestfulConstants;
|
||||||
import li.strolch.rest.model.Result;
|
import li.strolch.rest.model.Result;
|
||||||
|
import li.strolch.service.api.ServiceHandler;
|
||||||
import org.slf4j.Logger;
|
import li.strolch.service.privilege.roles.PrivilegeAddOrReplacePrivilegeOnRoleArgument;
|
||||||
import org.slf4j.LoggerFactory;
|
import li.strolch.service.privilege.roles.PrivilegeAddOrReplacePrivilegeOnRoleService;
|
||||||
|
import li.strolch.service.privilege.roles.PrivilegeAddRoleService;
|
||||||
|
import li.strolch.service.privilege.roles.PrivilegeRemovePrivilegeFromRoleArgument;
|
||||||
|
import li.strolch.service.privilege.roles.PrivilegeRemovePrivilegeFromRoleService;
|
||||||
|
import li.strolch.service.privilege.roles.PrivilegeRemoveRoleService;
|
||||||
|
import li.strolch.service.privilege.roles.PrivilegeRoleArgument;
|
||||||
|
import li.strolch.service.privilege.roles.PrivilegeRoleNameArgument;
|
||||||
|
import li.strolch.service.privilege.roles.PrivilegeRoleResult;
|
||||||
|
import li.strolch.service.privilege.roles.PrivilegeUpdateRoleService;
|
||||||
import ch.eitchnet.privilege.base.AccessDeniedException;
|
import ch.eitchnet.privilege.base.AccessDeniedException;
|
||||||
import ch.eitchnet.privilege.base.PrivilegeException;
|
import ch.eitchnet.privilege.base.PrivilegeException;
|
||||||
import ch.eitchnet.privilege.handler.PrivilegeHandler;
|
import ch.eitchnet.privilege.handler.PrivilegeHandler;
|
||||||
|
@ -53,8 +60,6 @@ import ch.eitchnet.privilege.model.RoleRep;
|
||||||
@Path("strolch/privilege/roles")
|
@Path("strolch/privilege/roles")
|
||||||
public class PrivilegeRolesService {
|
public class PrivilegeRolesService {
|
||||||
|
|
||||||
private static final Logger logger = LoggerFactory.getLogger(PrivilegeRolesService.class);
|
|
||||||
|
|
||||||
private PrivilegeHandler getPrivilegeHandler(Certificate cert) {
|
private PrivilegeHandler getPrivilegeHandler(Certificate cert) {
|
||||||
ComponentContainer container = RestfulStrolchComponent.getInstance().getContainer();
|
ComponentContainer container = RestfulStrolchComponent.getInstance().getContainer();
|
||||||
return container.getPrivilegeHandler().getPrivilegeHandler(cert);
|
return container.getPrivilegeHandler().getPrivilegeHandler(cert);
|
||||||
|
@ -88,21 +93,14 @@ public class PrivilegeRolesService {
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
public Response addRole(RoleRep newRole, @Context HttpServletRequest request) {
|
public Response addRole(RoleRep newRole, @Context HttpServletRequest request) {
|
||||||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||||
try {
|
|
||||||
|
|
||||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert);
|
ServiceHandler svcHandler = RestfulStrolchComponent.getInstance().getComponent(ServiceHandler.class);
|
||||||
RoleRep role = privilegeHandler.addRole(cert, newRole);
|
PrivilegeAddRoleService svc = new PrivilegeAddRoleService();
|
||||||
return Response.ok(role, MediaType.APPLICATION_JSON).build();
|
PrivilegeRoleArgument arg = new PrivilegeRoleArgument();
|
||||||
|
arg.role = newRole;
|
||||||
|
|
||||||
} catch (AccessDeniedException e) {
|
PrivilegeRoleResult svcResult = svcHandler.doService(cert, svc, arg);
|
||||||
logger.error(e.getMessage(), e);
|
return handleServiceResult(svcResult);
|
||||||
return Response.status(Status.UNAUTHORIZED).entity(new Result(e.getMessage()))
|
|
||||||
.type(MediaType.APPLICATION_JSON).build();
|
|
||||||
} catch (PrivilegeException e) {
|
|
||||||
logger.error(e.getMessage(), e);
|
|
||||||
return Response.status(Status.FORBIDDEN).entity(new Result(e.getMessage()))
|
|
||||||
.type(MediaType.APPLICATION_JSON).build();
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@PUT
|
@PUT
|
||||||
|
@ -112,25 +110,18 @@ public class PrivilegeRolesService {
|
||||||
public Response replaceRole(@PathParam("rolename") String rolename, RoleRep updatedRole,
|
public Response replaceRole(@PathParam("rolename") String rolename, RoleRep updatedRole,
|
||||||
@Context HttpServletRequest request) {
|
@Context HttpServletRequest request) {
|
||||||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||||
try {
|
|
||||||
|
|
||||||
if (!rolename.equals(updatedRole.getName()))
|
if (!rolename.equals(updatedRole.getName()))
|
||||||
return Response.serverError().entity(new Result("Path rolename and data do not have same role name!"))
|
return Response.serverError().entity(new Result("Path rolename and data do not have same role name!"))
|
||||||
.type(MediaType.APPLICATION_JSON).build();
|
.type(MediaType.APPLICATION_JSON).build();
|
||||||
|
|
||||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert);
|
ServiceHandler svcHandler = RestfulStrolchComponent.getInstance().getComponent(ServiceHandler.class);
|
||||||
RoleRep role = privilegeHandler.replaceRole(cert, updatedRole);
|
PrivilegeUpdateRoleService svc = new PrivilegeUpdateRoleService();
|
||||||
return Response.ok(role, MediaType.APPLICATION_JSON).build();
|
PrivilegeRoleArgument arg = new PrivilegeRoleArgument();
|
||||||
|
arg.role = updatedRole;
|
||||||
|
|
||||||
} catch (AccessDeniedException e) {
|
PrivilegeRoleResult svcResult = svcHandler.doService(cert, svc, arg);
|
||||||
logger.error(e.getMessage(), e);
|
return handleServiceResult(svcResult);
|
||||||
return Response.status(Status.UNAUTHORIZED).entity(new Result(e.getMessage()))
|
|
||||||
.type(MediaType.APPLICATION_JSON).build();
|
|
||||||
} catch (PrivilegeException e) {
|
|
||||||
logger.error(e.getMessage(), e);
|
|
||||||
return Response.status(Status.FORBIDDEN).entity(new Result(e.getMessage()))
|
|
||||||
.type(MediaType.APPLICATION_JSON).build();
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@DELETE
|
@DELETE
|
||||||
|
@ -139,21 +130,14 @@ public class PrivilegeRolesService {
|
||||||
@Path("{rolename}")
|
@Path("{rolename}")
|
||||||
public Response removeRole(@PathParam("rolename") String rolename, @Context HttpServletRequest request) {
|
public Response removeRole(@PathParam("rolename") String rolename, @Context HttpServletRequest request) {
|
||||||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||||
try {
|
|
||||||
|
|
||||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert);
|
ServiceHandler svcHandler = RestfulStrolchComponent.getInstance().getComponent(ServiceHandler.class);
|
||||||
RoleRep role = privilegeHandler.removeRole(cert, rolename);
|
PrivilegeRemoveRoleService svc = new PrivilegeRemoveRoleService();
|
||||||
return Response.ok(role, MediaType.APPLICATION_JSON).build();
|
PrivilegeRoleNameArgument arg = new PrivilegeRoleNameArgument();
|
||||||
|
arg.roleName = rolename;
|
||||||
|
|
||||||
} catch (AccessDeniedException e) {
|
PrivilegeRoleResult svcResult = svcHandler.doService(cert, svc, arg);
|
||||||
logger.error(e.getMessage(), e);
|
return handleServiceResult(svcResult);
|
||||||
return Response.status(Status.UNAUTHORIZED).entity(new Result(e.getMessage()))
|
|
||||||
.type(MediaType.APPLICATION_JSON).build();
|
|
||||||
} catch (PrivilegeException e) {
|
|
||||||
logger.error(e.getMessage(), e);
|
|
||||||
return Response.status(Status.FORBIDDEN).entity(new Result(e.getMessage()))
|
|
||||||
.type(MediaType.APPLICATION_JSON).build();
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@PUT
|
@PUT
|
||||||
|
@ -163,21 +147,15 @@ public class PrivilegeRolesService {
|
||||||
public Response addOrReplacePrivilegeOnRole(@PathParam("rolename") String rolename, PrivilegeRep privilegeRep,
|
public Response addOrReplacePrivilegeOnRole(@PathParam("rolename") String rolename, PrivilegeRep privilegeRep,
|
||||||
@Context HttpServletRequest request) {
|
@Context HttpServletRequest request) {
|
||||||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||||
try {
|
|
||||||
|
|
||||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert);
|
ServiceHandler svcHandler = RestfulStrolchComponent.getInstance().getComponent(ServiceHandler.class);
|
||||||
RoleRep updatedRole = privilegeHandler.addOrReplacePrivilegeOnRole(cert, rolename, privilegeRep);
|
PrivilegeAddOrReplacePrivilegeOnRoleService svc = new PrivilegeAddOrReplacePrivilegeOnRoleService();
|
||||||
return Response.ok(updatedRole, MediaType.APPLICATION_JSON).build();
|
PrivilegeAddOrReplacePrivilegeOnRoleArgument arg = new PrivilegeAddOrReplacePrivilegeOnRoleArgument();
|
||||||
|
arg.roleName = rolename;
|
||||||
|
arg.privilegeRep = privilegeRep;
|
||||||
|
|
||||||
} catch (AccessDeniedException e) {
|
PrivilegeRoleResult svcResult = svcHandler.doService(cert, svc, arg);
|
||||||
logger.error(e.getMessage(), e);
|
return handleServiceResult(svcResult);
|
||||||
return Response.status(Status.UNAUTHORIZED).entity(new Result(e.getMessage()))
|
|
||||||
.type(MediaType.APPLICATION_JSON).build();
|
|
||||||
} catch (PrivilegeException e) {
|
|
||||||
logger.error(e.getMessage(), e);
|
|
||||||
return Response.status(Status.FORBIDDEN).entity(new Result(e.getMessage()))
|
|
||||||
.type(MediaType.APPLICATION_JSON).build();
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@DELETE
|
@DELETE
|
||||||
|
@ -187,20 +165,30 @@ public class PrivilegeRolesService {
|
||||||
public Response removePrivilegeFromRole(@PathParam("rolename") String rolename,
|
public Response removePrivilegeFromRole(@PathParam("rolename") String rolename,
|
||||||
@PathParam("privilege") String privilege, @Context HttpServletRequest request) {
|
@PathParam("privilege") String privilege, @Context HttpServletRequest request) {
|
||||||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||||
try {
|
|
||||||
|
|
||||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert);
|
ServiceHandler svcHandler = RestfulStrolchComponent.getInstance().getComponent(ServiceHandler.class);
|
||||||
RoleRep updatedRole = privilegeHandler.removePrivilegeFromRole(cert, rolename, privilege);
|
PrivilegeRemovePrivilegeFromRoleService svc = new PrivilegeRemovePrivilegeFromRoleService();
|
||||||
return Response.ok(updatedRole, MediaType.APPLICATION_JSON).build();
|
PrivilegeRemovePrivilegeFromRoleArgument arg = new PrivilegeRemovePrivilegeFromRoleArgument();
|
||||||
|
arg.roleName = rolename;
|
||||||
|
arg.privilegeName = privilege;
|
||||||
|
|
||||||
} catch (AccessDeniedException e) {
|
PrivilegeRoleResult svcResult = svcHandler.doService(cert, svc, arg);
|
||||||
logger.error(e.getMessage(), e);
|
return handleServiceResult(svcResult);
|
||||||
return Response.status(Status.UNAUTHORIZED).entity(new Result(e.getMessage()))
|
}
|
||||||
.type(MediaType.APPLICATION_JSON).build();
|
|
||||||
} catch (PrivilegeException e) {
|
private Response handleServiceResult(PrivilegeRoleResult svcResult) {
|
||||||
logger.error(e.getMessage(), e);
|
if (svcResult.isOk()) {
|
||||||
return Response.status(Status.FORBIDDEN).entity(new Result(e.getMessage()))
|
return Response.ok(svcResult.getRole(), MediaType.APPLICATION_JSON).build();
|
||||||
|
} else if (svcResult.getThrowable() != null) {
|
||||||
|
Throwable t = svcResult.getThrowable();
|
||||||
|
if (t instanceof AccessDeniedException) {
|
||||||
|
return Response.status(Status.FORBIDDEN).entity(new Result(t.getMessage()))
|
||||||
.type(MediaType.APPLICATION_JSON).build();
|
.type(MediaType.APPLICATION_JSON).build();
|
||||||
|
} else if (t instanceof PrivilegeException) {
|
||||||
|
return Response.status(Status.UNAUTHORIZED).entity(new Result(t.getMessage())).build();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return Response.status(Status.INTERNAL_SERVER_ERROR).entity(new Result(svcResult.getMessage())).build();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -37,12 +37,26 @@ import javax.ws.rs.core.Response.Status;
|
||||||
import li.strolch.agent.api.ComponentContainer;
|
import li.strolch.agent.api.ComponentContainer;
|
||||||
import li.strolch.rest.RestfulStrolchComponent;
|
import li.strolch.rest.RestfulStrolchComponent;
|
||||||
import li.strolch.rest.StrolchRestfulConstants;
|
import li.strolch.rest.StrolchRestfulConstants;
|
||||||
|
import li.strolch.rest.StrolchSessionHandler;
|
||||||
import li.strolch.rest.model.PasswordField;
|
import li.strolch.rest.model.PasswordField;
|
||||||
import li.strolch.rest.model.Result;
|
import li.strolch.rest.model.Result;
|
||||||
|
import li.strolch.service.api.ServiceHandler;
|
||||||
import org.slf4j.Logger;
|
import li.strolch.service.api.ServiceResult;
|
||||||
import org.slf4j.LoggerFactory;
|
import li.strolch.service.privilege.users.PrivilegeAddRoleToUserService;
|
||||||
|
import li.strolch.service.privilege.users.PrivilegeAddUserService;
|
||||||
|
import li.strolch.service.privilege.users.PrivilegeRemoveRoleFromUserService;
|
||||||
|
import li.strolch.service.privilege.users.PrivilegeRemoveUserService;
|
||||||
|
import li.strolch.service.privilege.users.PrivilegeRoleUserNamesArgument;
|
||||||
|
import li.strolch.service.privilege.users.PrivilegeSetUserLocaleArgument;
|
||||||
|
import li.strolch.service.privilege.users.PrivilegeSetUserLocaleService;
|
||||||
|
import li.strolch.service.privilege.users.PrivilegeSetUserPasswordArgument;
|
||||||
|
import li.strolch.service.privilege.users.PrivilegeSetUserPasswordService;
|
||||||
|
import li.strolch.service.privilege.users.PrivilegeSetUserStateArgument;
|
||||||
|
import li.strolch.service.privilege.users.PrivilegeSetUserStateService;
|
||||||
|
import li.strolch.service.privilege.users.PrivilegeUpdateUserService;
|
||||||
|
import li.strolch.service.privilege.users.PrivilegeUserArgument;
|
||||||
|
import li.strolch.service.privilege.users.PrivilegeUserNameArgument;
|
||||||
|
import li.strolch.service.privilege.users.PrivilegeUserResult;
|
||||||
import ch.eitchnet.privilege.base.AccessDeniedException;
|
import ch.eitchnet.privilege.base.AccessDeniedException;
|
||||||
import ch.eitchnet.privilege.base.PrivilegeException;
|
import ch.eitchnet.privilege.base.PrivilegeException;
|
||||||
import ch.eitchnet.privilege.handler.PrivilegeHandler;
|
import ch.eitchnet.privilege.handler.PrivilegeHandler;
|
||||||
|
@ -56,8 +70,6 @@ import ch.eitchnet.privilege.model.UserState;
|
||||||
@Path("strolch/privilege/users")
|
@Path("strolch/privilege/users")
|
||||||
public class PrivilegeUsersService {
|
public class PrivilegeUsersService {
|
||||||
|
|
||||||
private static final Logger logger = LoggerFactory.getLogger(PrivilegeUsersService.class);
|
|
||||||
|
|
||||||
private PrivilegeHandler getPrivilegeHandler(Certificate cert) {
|
private PrivilegeHandler getPrivilegeHandler(Certificate cert) {
|
||||||
ComponentContainer container = RestfulStrolchComponent.getInstance().getContainer();
|
ComponentContainer container = RestfulStrolchComponent.getInstance().getContainer();
|
||||||
return container.getPrivilegeHandler().getPrivilegeHandler(cert);
|
return container.getPrivilegeHandler().getPrivilegeHandler(cert);
|
||||||
|
@ -105,21 +117,14 @@ public class PrivilegeUsersService {
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
public Response addUser(UserRep newUser, @Context HttpServletRequest request) {
|
public Response addUser(UserRep newUser, @Context HttpServletRequest request) {
|
||||||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||||
try {
|
|
||||||
|
|
||||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert);
|
ServiceHandler svcHandler = RestfulStrolchComponent.getInstance().getComponent(ServiceHandler.class);
|
||||||
UserRep user = privilegeHandler.addUser(cert, newUser, null);
|
PrivilegeAddUserService svc = new PrivilegeAddUserService();
|
||||||
return Response.ok(user, MediaType.APPLICATION_JSON).build();
|
PrivilegeUserArgument arg = new PrivilegeUserArgument();
|
||||||
|
arg.user = newUser;
|
||||||
|
|
||||||
} catch (AccessDeniedException e) {
|
PrivilegeUserResult svcResult = svcHandler.doService(cert, svc, arg);
|
||||||
logger.error(e.getMessage(), e);
|
return handleServiceResult(svcResult);
|
||||||
return Response.status(Status.UNAUTHORIZED).entity(new Result(e.getMessage()))
|
|
||||||
.type(MediaType.APPLICATION_JSON).build();
|
|
||||||
} catch (PrivilegeException e) {
|
|
||||||
logger.error(e.getMessage(), e);
|
|
||||||
return Response.status(Status.FORBIDDEN).entity(new Result(e.getMessage()))
|
|
||||||
.type(MediaType.APPLICATION_JSON).build();
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@DELETE
|
@DELETE
|
||||||
|
@ -128,21 +133,14 @@ public class PrivilegeUsersService {
|
||||||
@Path("{username}")
|
@Path("{username}")
|
||||||
public Response removeUser(@PathParam("username") String username, @Context HttpServletRequest request) {
|
public Response removeUser(@PathParam("username") String username, @Context HttpServletRequest request) {
|
||||||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||||
try {
|
|
||||||
|
|
||||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert);
|
ServiceHandler svcHandler = RestfulStrolchComponent.getInstance().getComponent(ServiceHandler.class);
|
||||||
UserRep user = privilegeHandler.removeUser(cert, username);
|
PrivilegeRemoveUserService svc = new PrivilegeRemoveUserService();
|
||||||
return Response.ok(user, MediaType.APPLICATION_JSON).build();
|
PrivilegeUserNameArgument arg = new PrivilegeUserNameArgument();
|
||||||
|
arg.username = username;
|
||||||
|
|
||||||
} catch (AccessDeniedException e) {
|
PrivilegeUserResult svcResult = svcHandler.doService(cert, svc, arg);
|
||||||
logger.error(e.getMessage(), e);
|
return handleServiceResult(svcResult);
|
||||||
return Response.status(Status.UNAUTHORIZED).entity(new Result(e.getMessage()))
|
|
||||||
.type(MediaType.APPLICATION_JSON).build();
|
|
||||||
} catch (PrivilegeException e) {
|
|
||||||
logger.error(e.getMessage(), e);
|
|
||||||
return Response.status(Status.FORBIDDEN).entity(new Result(e.getMessage()))
|
|
||||||
.type(MediaType.APPLICATION_JSON).build();
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@PUT
|
@PUT
|
||||||
|
@ -152,25 +150,14 @@ public class PrivilegeUsersService {
|
||||||
public Response updateUser(@PathParam("username") String username, UserRep updatedFields,
|
public Response updateUser(@PathParam("username") String username, UserRep updatedFields,
|
||||||
@Context HttpServletRequest request) {
|
@Context HttpServletRequest request) {
|
||||||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||||
try {
|
|
||||||
|
|
||||||
if (!username.equals(updatedFields.getUsername()))
|
ServiceHandler svcHandler = RestfulStrolchComponent.getInstance().getComponent(ServiceHandler.class);
|
||||||
return Response.serverError().entity(new Result("Path username and data do not have same username!"))
|
PrivilegeUpdateUserService svc = new PrivilegeUpdateUserService();
|
||||||
.type(MediaType.APPLICATION_JSON).build();
|
PrivilegeUserArgument arg = new PrivilegeUserArgument();
|
||||||
|
arg.user = updatedFields;
|
||||||
|
|
||||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert);
|
PrivilegeUserResult svcResult = svcHandler.doService(cert, svc, arg);
|
||||||
UserRep updatedUser = privilegeHandler.updateUser(cert, updatedFields);
|
return handleServiceResult(svcResult);
|
||||||
return Response.ok(updatedUser, MediaType.APPLICATION_JSON).build();
|
|
||||||
|
|
||||||
} catch (AccessDeniedException e) {
|
|
||||||
logger.error(e.getMessage(), e);
|
|
||||||
return Response.status(Status.UNAUTHORIZED).entity(new Result(e.getMessage()))
|
|
||||||
.type(MediaType.APPLICATION_JSON).build();
|
|
||||||
} catch (PrivilegeException e) {
|
|
||||||
logger.error(e.getMessage(), e);
|
|
||||||
return Response.status(Status.FORBIDDEN).entity(new Result(e.getMessage()))
|
|
||||||
.type(MediaType.APPLICATION_JSON).build();
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@PUT
|
@PUT
|
||||||
|
@ -180,21 +167,15 @@ public class PrivilegeUsersService {
|
||||||
public Response addRoleToUser(@PathParam("username") String username, @PathParam("rolename") String rolename,
|
public Response addRoleToUser(@PathParam("username") String username, @PathParam("rolename") String rolename,
|
||||||
@Context HttpServletRequest request) {
|
@Context HttpServletRequest request) {
|
||||||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||||
try {
|
|
||||||
|
|
||||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert);
|
ServiceHandler svcHandler = RestfulStrolchComponent.getInstance().getComponent(ServiceHandler.class);
|
||||||
UserRep updatedUser = privilegeHandler.addRoleToUser(cert, username, rolename);
|
PrivilegeAddRoleToUserService svc = new PrivilegeAddRoleToUserService();
|
||||||
return Response.ok(updatedUser, MediaType.APPLICATION_JSON).build();
|
PrivilegeRoleUserNamesArgument arg = new PrivilegeRoleUserNamesArgument();
|
||||||
|
arg.username = username;
|
||||||
|
arg.rolename = rolename;
|
||||||
|
|
||||||
} catch (AccessDeniedException e) {
|
PrivilegeUserResult svcResult = svcHandler.doService(cert, svc, arg);
|
||||||
logger.error(e.getMessage(), e);
|
return handleServiceResult(svcResult);
|
||||||
return Response.status(Status.UNAUTHORIZED).entity(new Result(e.getMessage()))
|
|
||||||
.type(MediaType.APPLICATION_JSON).build();
|
|
||||||
} catch (PrivilegeException e) {
|
|
||||||
logger.error(e.getMessage(), e);
|
|
||||||
return Response.status(Status.FORBIDDEN).entity(new Result(e.getMessage()))
|
|
||||||
.type(MediaType.APPLICATION_JSON).build();
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@DELETE
|
@DELETE
|
||||||
|
@ -204,21 +185,15 @@ public class PrivilegeUsersService {
|
||||||
public Response removeRoleFromUser(@PathParam("username") String username, @PathParam("rolename") String rolename,
|
public Response removeRoleFromUser(@PathParam("username") String username, @PathParam("rolename") String rolename,
|
||||||
@Context HttpServletRequest request) {
|
@Context HttpServletRequest request) {
|
||||||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||||
try {
|
|
||||||
|
|
||||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert);
|
ServiceHandler svcHandler = RestfulStrolchComponent.getInstance().getComponent(ServiceHandler.class);
|
||||||
UserRep updatedUser = privilegeHandler.removeRoleFromUser(cert, username, rolename);
|
PrivilegeRemoveRoleFromUserService svc = new PrivilegeRemoveRoleFromUserService();
|
||||||
return Response.ok(updatedUser, MediaType.APPLICATION_JSON).build();
|
PrivilegeRoleUserNamesArgument arg = new PrivilegeRoleUserNamesArgument();
|
||||||
|
arg.username = username;
|
||||||
|
arg.rolename = rolename;
|
||||||
|
|
||||||
} catch (AccessDeniedException e) {
|
PrivilegeUserResult svcResult = svcHandler.doService(cert, svc, arg);
|
||||||
logger.error(e.getMessage(), e);
|
return handleServiceResult(svcResult);
|
||||||
return Response.status(Status.UNAUTHORIZED).entity(new Result(e.getMessage()))
|
|
||||||
.type(MediaType.APPLICATION_JSON).build();
|
|
||||||
} catch (PrivilegeException e) {
|
|
||||||
logger.error(e.getMessage(), e);
|
|
||||||
return Response.status(Status.FORBIDDEN).entity(new Result(e.getMessage()))
|
|
||||||
.type(MediaType.APPLICATION_JSON).build();
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@PUT
|
@PUT
|
||||||
|
@ -227,7 +202,6 @@ public class PrivilegeUsersService {
|
||||||
public Response setUserState(@PathParam("username") String username, @PathParam("state") String state,
|
public Response setUserState(@PathParam("username") String username, @PathParam("state") String state,
|
||||||
@Context HttpServletRequest request) {
|
@Context HttpServletRequest request) {
|
||||||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||||
try {
|
|
||||||
|
|
||||||
UserState userState;
|
UserState userState;
|
||||||
try {
|
try {
|
||||||
|
@ -237,44 +211,30 @@ public class PrivilegeUsersService {
|
||||||
return Response.serverError().entity(new Result(msg)).type(MediaType.APPLICATION_JSON).build();
|
return Response.serverError().entity(new Result(msg)).type(MediaType.APPLICATION_JSON).build();
|
||||||
}
|
}
|
||||||
|
|
||||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert);
|
ServiceHandler svcHandler = RestfulStrolchComponent.getInstance().getComponent(ServiceHandler.class);
|
||||||
UserRep updatedUser = privilegeHandler.setUserState(cert, username, userState);
|
PrivilegeSetUserStateService svc = new PrivilegeSetUserStateService();
|
||||||
return Response.ok(updatedUser, MediaType.APPLICATION_JSON).build();
|
PrivilegeSetUserStateArgument arg = new PrivilegeSetUserStateArgument();
|
||||||
|
arg.username = username;
|
||||||
|
arg.userState = userState;
|
||||||
|
|
||||||
} catch (AccessDeniedException e) {
|
PrivilegeUserResult svcResult = svcHandler.doService(cert, svc, arg);
|
||||||
logger.error(e.getMessage(), e);
|
return handleServiceResult(svcResult);
|
||||||
return Response.status(Status.UNAUTHORIZED).entity(new Result(e.getMessage()))
|
}
|
||||||
.type(MediaType.APPLICATION_JSON).build();
|
|
||||||
} catch (PrivilegeException e) {
|
private Response handleServiceResult(PrivilegeUserResult svcResult) {
|
||||||
logger.error(e.getMessage(), e);
|
if (svcResult.isOk()) {
|
||||||
return Response.status(Status.FORBIDDEN).entity(new Result(e.getMessage()))
|
return Response.ok(svcResult.getUser(), MediaType.APPLICATION_JSON).build();
|
||||||
|
} else if (svcResult.getThrowable() != null) {
|
||||||
|
Throwable t = svcResult.getThrowable();
|
||||||
|
if (t instanceof AccessDeniedException) {
|
||||||
|
return Response.status(Status.FORBIDDEN).entity(new Result(t.getMessage()))
|
||||||
.type(MediaType.APPLICATION_JSON).build();
|
.type(MediaType.APPLICATION_JSON).build();
|
||||||
|
} else if (t instanceof PrivilegeException) {
|
||||||
|
return Response.status(Status.UNAUTHORIZED).entity(new Result(t.getMessage())).build();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@PUT
|
return Response.status(Status.INTERNAL_SERVER_ERROR).entity(new Result(svcResult.getMessage())).build();
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
|
||||||
@Path("{username}/password")
|
|
||||||
public Response setUserPassword(@PathParam("username") String username, PasswordField passwordField,
|
|
||||||
@Context HttpServletRequest request) {
|
|
||||||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
|
||||||
try {
|
|
||||||
|
|
||||||
// if user changing own password, then no need for StrolchPrivilegeAdmin
|
|
||||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert);
|
|
||||||
|
|
||||||
privilegeHandler.setUserPassword(cert, username, passwordField.getPassword().getBytes());
|
|
||||||
return Response.ok(new Result(), MediaType.APPLICATION_JSON).build();
|
|
||||||
|
|
||||||
} catch (AccessDeniedException e) {
|
|
||||||
logger.error(e.getMessage(), e);
|
|
||||||
return Response.status(Status.UNAUTHORIZED).entity(new Result(e.getMessage()))
|
|
||||||
.type(MediaType.APPLICATION_JSON).build();
|
|
||||||
} catch (PrivilegeException e) {
|
|
||||||
logger.error(e.getMessage(), e);
|
|
||||||
return Response.status(Status.FORBIDDEN).entity(new Result(e.getMessage()))
|
|
||||||
.type(MediaType.APPLICATION_JSON).build();
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@PUT
|
@PUT
|
||||||
|
@ -283,7 +243,6 @@ public class PrivilegeUsersService {
|
||||||
public Response setUserLocale(@PathParam("username") String username, @PathParam("locale") String localeS,
|
public Response setUserLocale(@PathParam("username") String username, @PathParam("locale") String localeS,
|
||||||
@Context HttpServletRequest request) {
|
@Context HttpServletRequest request) {
|
||||||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||||
try {
|
|
||||||
|
|
||||||
Locale locale;
|
Locale locale;
|
||||||
try {
|
try {
|
||||||
|
@ -293,20 +252,51 @@ public class PrivilegeUsersService {
|
||||||
return Response.serverError().entity(new Result(msg)).type(MediaType.APPLICATION_JSON).build();
|
return Response.serverError().entity(new Result(msg)).type(MediaType.APPLICATION_JSON).build();
|
||||||
}
|
}
|
||||||
|
|
||||||
// if user changing own locale, then no need for StrolchPrivilegeAdmin
|
ServiceHandler svcHandler = RestfulStrolchComponent.getInstance().getComponent(ServiceHandler.class);
|
||||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert);
|
PrivilegeSetUserLocaleService svc = new PrivilegeSetUserLocaleService();
|
||||||
|
PrivilegeSetUserLocaleArgument arg = new PrivilegeSetUserLocaleArgument();
|
||||||
|
arg.username = username;
|
||||||
|
arg.locale = locale;
|
||||||
|
|
||||||
UserRep updatedUser = privilegeHandler.setUserLocale(cert, username, locale);
|
PrivilegeUserResult svcResult = svcHandler.doService(cert, svc, arg);
|
||||||
return Response.ok(updatedUser, MediaType.APPLICATION_JSON).build();
|
return handleServiceResult(svcResult);
|
||||||
|
}
|
||||||
|
|
||||||
} catch (AccessDeniedException e) {
|
@PUT
|
||||||
logger.error(e.getMessage(), e);
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
return Response.status(Status.UNAUTHORIZED).entity(new Result(e.getMessage()))
|
@Path("{username}/password")
|
||||||
.type(MediaType.APPLICATION_JSON).build();
|
public Response setUserPassword(@PathParam("username") String username, PasswordField passwordField,
|
||||||
} catch (PrivilegeException e) {
|
@Context HttpServletRequest request) {
|
||||||
logger.error(e.getMessage(), e);
|
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||||
return Response.status(Status.FORBIDDEN).entity(new Result(e.getMessage()))
|
|
||||||
|
ServiceHandler svcHandler = RestfulStrolchComponent.getInstance().getComponent(ServiceHandler.class);
|
||||||
|
PrivilegeSetUserPasswordService svc = new PrivilegeSetUserPasswordService();
|
||||||
|
PrivilegeSetUserPasswordArgument arg = new PrivilegeSetUserPasswordArgument();
|
||||||
|
arg.username = username;
|
||||||
|
arg.password = passwordField.getPassword().getBytes();
|
||||||
|
|
||||||
|
ServiceResult svcResult = svcHandler.doService(cert, svc, arg);
|
||||||
|
if (svcResult.isOk()) {
|
||||||
|
|
||||||
|
// if user changes their own password, then invalidate the session
|
||||||
|
if (cert.getUsername().equals(username)) {
|
||||||
|
StrolchSessionHandler sessionHandler = RestfulStrolchComponent.getInstance().getSessionHandler();
|
||||||
|
sessionHandler.invalidate(cert);
|
||||||
|
}
|
||||||
|
|
||||||
|
// TODO invalidate any other sessions for this user
|
||||||
|
|
||||||
|
return Response.ok(new Result(), MediaType.APPLICATION_JSON).build();
|
||||||
|
} else if (svcResult.getThrowable() != null) {
|
||||||
|
Throwable t = svcResult.getThrowable();
|
||||||
|
if (t instanceof AccessDeniedException) {
|
||||||
|
return Response.status(Status.UNAUTHORIZED).entity(new Result(t.getMessage()))
|
||||||
.type(MediaType.APPLICATION_JSON).build();
|
.type(MediaType.APPLICATION_JSON).build();
|
||||||
|
} else if (t instanceof PrivilegeException) {
|
||||||
|
return Response.status(Status.FORBIDDEN).entity(new Result(t.getMessage())).build();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return Response.status(Status.INTERNAL_SERVER_ERROR).entity(new Result(svcResult.getMessage())).build();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -46,7 +46,7 @@ public class AuthenicationRequestFilter implements ContainerRequestFilter {
|
||||||
String sessionId = requestContext.getHeaderString(HttpHeaders.AUTHORIZATION);
|
String sessionId = requestContext.getHeaderString(HttpHeaders.AUTHORIZATION);
|
||||||
if (StringHelper.isEmpty(sessionId)) {
|
if (StringHelper.isEmpty(sessionId)) {
|
||||||
logger.error("No SessionID on request to URL " + requestContext.getUriInfo().getPath());
|
logger.error("No SessionID on request to URL " + requestContext.getUriInfo().getPath());
|
||||||
requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED)
|
requestContext.abortWith(Response.status(Response.Status.FORBIDDEN)
|
||||||
.header(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN).entity("Missing Authorization!").build()); //$NON-NLS-1$
|
.header(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN).entity("Missing Authorization!").build()); //$NON-NLS-1$
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
@ -58,7 +58,7 @@ public class AuthenicationRequestFilter implements ContainerRequestFilter {
|
||||||
requestContext.setProperty(STROLCH_CERTIFICATE, certificate);
|
requestContext.setProperty(STROLCH_CERTIFICATE, certificate);
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
logger.error(e.getMessage(), e);
|
logger.error(e.getMessage(), e);
|
||||||
requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED)
|
requestContext.abortWith(Response.status(Response.Status.FORBIDDEN)
|
||||||
.header(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN)
|
.header(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN)
|
||||||
.entity("User cannot access the resource.").build()); //$NON-NLS-1$
|
.entity("User cannot access the resource.").build()); //$NON-NLS-1$
|
||||||
}
|
}
|
||||||
|
|
|
@ -109,7 +109,7 @@ public class AuthenticationTest extends AbstractRestfulTest {
|
||||||
login.setPassword("blalba");
|
login.setPassword("blalba");
|
||||||
Entity<Login> loginEntity = Entity.entity(login, MediaType.APPLICATION_JSON);
|
Entity<Login> loginEntity = Entity.entity(login, MediaType.APPLICATION_JSON);
|
||||||
Response result = target().path(ROOT_PATH).request(MediaType.APPLICATION_JSON).post(loginEntity);
|
Response result = target().path(ROOT_PATH).request(MediaType.APPLICATION_JSON).post(loginEntity);
|
||||||
assertEquals(Status.UNAUTHORIZED.getStatusCode(), result.getStatus());
|
assertEquals(Status.FORBIDDEN.getStatusCode(), result.getStatus());
|
||||||
LogoutResult logoutResult = result.readEntity(LogoutResult.class);
|
LogoutResult logoutResult = result.readEntity(LogoutResult.class);
|
||||||
assertNotNull(logoutResult);
|
assertNotNull(logoutResult);
|
||||||
assertEquals("Could not log in due to: Authentication credentials are invalid", logoutResult.getMsg());
|
assertEquals("Could not log in due to: Authentication credentials are invalid", logoutResult.getMsg());
|
||||||
|
@ -133,7 +133,7 @@ public class AuthenticationTest extends AbstractRestfulTest {
|
||||||
|
|
||||||
// logout
|
// logout
|
||||||
result = target().path(ROOT_PATH + "/blabla").request(MediaType.APPLICATION_JSON).delete();
|
result = target().path(ROOT_PATH + "/blabla").request(MediaType.APPLICATION_JSON).delete();
|
||||||
assertEquals(Status.UNAUTHORIZED.getStatusCode(), result.getStatus());
|
assertEquals(Status.FORBIDDEN.getStatusCode(), result.getStatus());
|
||||||
LogoutResult logoutResult = result.readEntity(LogoutResult.class);
|
LogoutResult logoutResult = result.readEntity(LogoutResult.class);
|
||||||
assertNotNull(logoutResult);
|
assertNotNull(logoutResult);
|
||||||
assertThat(logoutResult.getMsg(), containsString("No certificate exists for sessionId blabla"));
|
assertThat(logoutResult.getMsg(), containsString("No certificate exists for sessionId blabla"));
|
||||||
|
|
|
@ -0,0 +1,10 @@
|
||||||
|
package li.strolch.service.privilege.roles;
|
||||||
|
|
||||||
|
import ch.eitchnet.privilege.model.PrivilegeRep;
|
||||||
|
import li.strolch.service.api.ServiceArgument;
|
||||||
|
|
||||||
|
public class PrivilegeAddOrReplacePrivilegeOnRoleArgument extends ServiceArgument {
|
||||||
|
private static final long serialVersionUID = 1L;
|
||||||
|
public String roleName;
|
||||||
|
public PrivilegeRep privilegeRep;
|
||||||
|
}
|
|
@ -0,0 +1,66 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2013 Robert von Burg <eitch@eitchnet.ch>
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
package li.strolch.service.privilege.roles;
|
||||||
|
|
||||||
|
import li.strolch.model.audit.AccessType;
|
||||||
|
import li.strolch.model.audit.Audit;
|
||||||
|
import li.strolch.persistence.api.StrolchTransaction;
|
||||||
|
import li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants;
|
||||||
|
import li.strolch.service.api.AbstractService;
|
||||||
|
import ch.eitchnet.privilege.handler.PrivilegeHandler;
|
||||||
|
import ch.eitchnet.privilege.model.RoleRep;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author Robert von Burg <eitch@eitchnet.ch>
|
||||||
|
*/
|
||||||
|
public class PrivilegeAddOrReplacePrivilegeOnRoleService extends
|
||||||
|
AbstractService<PrivilegeAddOrReplacePrivilegeOnRoleArgument, PrivilegeRoleResult> {
|
||||||
|
|
||||||
|
private static final long serialVersionUID = 1L;
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected PrivilegeRoleResult getResultInstance() {
|
||||||
|
return new PrivilegeRoleResult();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected PrivilegeRoleResult internalDoService(PrivilegeAddOrReplacePrivilegeOnRoleArgument arg) throws Exception {
|
||||||
|
|
||||||
|
li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer().getPrivilegeHandler();
|
||||||
|
PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler(getCertificate());
|
||||||
|
|
||||||
|
RoleRep role = privilegeHandler.addOrReplacePrivilegeOnRole(getCertificate(), arg.roleName, arg.privilegeRep);
|
||||||
|
|
||||||
|
try (StrolchTransaction tx = openUserTx(PrivilegeHandler.PRIVILEGE_MODIFY_ROLE)) {
|
||||||
|
tx.setSuppressAudits(true);
|
||||||
|
Audit audit = tx.auditFrom(AccessType.UPDATE, StrolchPrivilegeConstants.PRIVILEGE,
|
||||||
|
StrolchPrivilegeConstants.ROLE, role.getName());
|
||||||
|
tx.getAuditTrail().add(tx, audit);
|
||||||
|
}
|
||||||
|
|
||||||
|
return new PrivilegeRoleResult(role);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String getPrivilegeName() {
|
||||||
|
return StrolchPrivilegeConstants.PRIVILEGE_MODIFY_ROLE;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Object getPrivilegeValue() {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,65 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2013 Robert von Burg <eitch@eitchnet.ch>
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
package li.strolch.service.privilege.roles;
|
||||||
|
|
||||||
|
import li.strolch.model.audit.AccessType;
|
||||||
|
import li.strolch.model.audit.Audit;
|
||||||
|
import li.strolch.persistence.api.StrolchTransaction;
|
||||||
|
import li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants;
|
||||||
|
import li.strolch.service.api.AbstractService;
|
||||||
|
import ch.eitchnet.privilege.handler.PrivilegeHandler;
|
||||||
|
import ch.eitchnet.privilege.model.RoleRep;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author Robert von Burg <eitch@eitchnet.ch>
|
||||||
|
*/
|
||||||
|
public class PrivilegeAddRoleService extends AbstractService<PrivilegeRoleArgument, PrivilegeRoleResult> {
|
||||||
|
|
||||||
|
private static final long serialVersionUID = 1L;
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected PrivilegeRoleResult getResultInstance() {
|
||||||
|
return new PrivilegeRoleResult();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected PrivilegeRoleResult internalDoService(PrivilegeRoleArgument arg) throws Exception {
|
||||||
|
|
||||||
|
li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer().getPrivilegeHandler();
|
||||||
|
PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler(getCertificate());
|
||||||
|
|
||||||
|
RoleRep role = privilegeHandler.addRole(getCertificate(), arg.role);
|
||||||
|
|
||||||
|
try (StrolchTransaction tx = openUserTx(PrivilegeHandler.PRIVILEGE_ADD_ROLE)) {
|
||||||
|
tx.setSuppressAudits(true);
|
||||||
|
Audit audit = tx.auditFrom(AccessType.CREATE, StrolchPrivilegeConstants.PRIVILEGE,
|
||||||
|
StrolchPrivilegeConstants.ROLE, role.getName());
|
||||||
|
tx.getAuditTrail().add(tx, audit);
|
||||||
|
}
|
||||||
|
|
||||||
|
return new PrivilegeRoleResult(role);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String getPrivilegeName() {
|
||||||
|
return StrolchPrivilegeConstants.PRIVILEGE_ADD_ROLE;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Object getPrivilegeValue() {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,9 @@
|
||||||
|
package li.strolch.service.privilege.roles;
|
||||||
|
|
||||||
|
import li.strolch.service.api.ServiceArgument;
|
||||||
|
|
||||||
|
public class PrivilegeRemovePrivilegeFromRoleArgument extends ServiceArgument {
|
||||||
|
private static final long serialVersionUID = 1L;
|
||||||
|
public String roleName;
|
||||||
|
public String privilegeName;
|
||||||
|
}
|
|
@ -0,0 +1,66 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2013 Robert von Burg <eitch@eitchnet.ch>
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
package li.strolch.service.privilege.roles;
|
||||||
|
|
||||||
|
import li.strolch.model.audit.AccessType;
|
||||||
|
import li.strolch.model.audit.Audit;
|
||||||
|
import li.strolch.persistence.api.StrolchTransaction;
|
||||||
|
import li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants;
|
||||||
|
import li.strolch.service.api.AbstractService;
|
||||||
|
import ch.eitchnet.privilege.handler.PrivilegeHandler;
|
||||||
|
import ch.eitchnet.privilege.model.RoleRep;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author Robert von Burg <eitch@eitchnet.ch>
|
||||||
|
*/
|
||||||
|
public class PrivilegeRemovePrivilegeFromRoleService extends
|
||||||
|
AbstractService<PrivilegeRemovePrivilegeFromRoleArgument, PrivilegeRoleResult> {
|
||||||
|
|
||||||
|
private static final long serialVersionUID = 1L;
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected PrivilegeRoleResult getResultInstance() {
|
||||||
|
return new PrivilegeRoleResult();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected PrivilegeRoleResult internalDoService(PrivilegeRemovePrivilegeFromRoleArgument arg) throws Exception {
|
||||||
|
|
||||||
|
li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer().getPrivilegeHandler();
|
||||||
|
PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler(getCertificate());
|
||||||
|
|
||||||
|
RoleRep role = privilegeHandler.removePrivilegeFromRole(getCertificate(), arg.roleName, arg.privilegeName);
|
||||||
|
|
||||||
|
try (StrolchTransaction tx = openUserTx(StrolchPrivilegeConstants.PRIVILEGE_MODIFY_ROLE)) {
|
||||||
|
tx.setSuppressAudits(true);
|
||||||
|
Audit audit = tx.auditFrom(AccessType.UPDATE, StrolchPrivilegeConstants.PRIVILEGE,
|
||||||
|
StrolchPrivilegeConstants.ROLE, role.getName());
|
||||||
|
tx.getAuditTrail().add(tx, audit);
|
||||||
|
}
|
||||||
|
|
||||||
|
return new PrivilegeRoleResult(role);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String getPrivilegeName() {
|
||||||
|
return StrolchPrivilegeConstants.PRIVILEGE_MODIFY_ROLE;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Object getPrivilegeValue() {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,65 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2013 Robert von Burg <eitch@eitchnet.ch>
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
package li.strolch.service.privilege.roles;
|
||||||
|
|
||||||
|
import li.strolch.model.audit.AccessType;
|
||||||
|
import li.strolch.model.audit.Audit;
|
||||||
|
import li.strolch.persistence.api.StrolchTransaction;
|
||||||
|
import li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants;
|
||||||
|
import li.strolch.service.api.AbstractService;
|
||||||
|
import ch.eitchnet.privilege.handler.PrivilegeHandler;
|
||||||
|
import ch.eitchnet.privilege.model.RoleRep;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author Robert von Burg <eitch@eitchnet.ch>
|
||||||
|
*/
|
||||||
|
public class PrivilegeRemoveRoleService extends AbstractService<PrivilegeRoleNameArgument, PrivilegeRoleResult> {
|
||||||
|
|
||||||
|
private static final long serialVersionUID = 1L;
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected PrivilegeRoleResult getResultInstance() {
|
||||||
|
return new PrivilegeRoleResult();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected PrivilegeRoleResult internalDoService(PrivilegeRoleNameArgument arg) throws Exception {
|
||||||
|
|
||||||
|
li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer().getPrivilegeHandler();
|
||||||
|
PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler(getCertificate());
|
||||||
|
|
||||||
|
RoleRep role = privilegeHandler.removeRole(getCertificate(), arg.roleName);
|
||||||
|
|
||||||
|
try (StrolchTransaction tx = openUserTx(PrivilegeHandler.PRIVILEGE_REMOVE_ROLE)) {
|
||||||
|
tx.setSuppressAudits(true);
|
||||||
|
Audit audit = tx.auditFrom(AccessType.DELETE, StrolchPrivilegeConstants.PRIVILEGE,
|
||||||
|
StrolchPrivilegeConstants.ROLE, role.getName());
|
||||||
|
tx.getAuditTrail().add(tx, audit);
|
||||||
|
}
|
||||||
|
|
||||||
|
return new PrivilegeRoleResult(role);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String getPrivilegeName() {
|
||||||
|
return StrolchPrivilegeConstants.PRIVILEGE_REMOVE_ROLE;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Object getPrivilegeValue() {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,9 @@
|
||||||
|
package li.strolch.service.privilege.roles;
|
||||||
|
|
||||||
|
import li.strolch.service.api.ServiceArgument;
|
||||||
|
import ch.eitchnet.privilege.model.RoleRep;
|
||||||
|
|
||||||
|
public class PrivilegeRoleArgument extends ServiceArgument {
|
||||||
|
private static final long serialVersionUID = 1L;
|
||||||
|
public RoleRep role;
|
||||||
|
}
|
|
@ -0,0 +1,8 @@
|
||||||
|
package li.strolch.service.privilege.roles;
|
||||||
|
|
||||||
|
import li.strolch.service.api.ServiceArgument;
|
||||||
|
|
||||||
|
public class PrivilegeRoleNameArgument extends ServiceArgument {
|
||||||
|
private static final long serialVersionUID = 1L;
|
||||||
|
public String roleName;
|
||||||
|
}
|
|
@ -0,0 +1,32 @@
|
||||||
|
package li.strolch.service.privilege.roles;
|
||||||
|
|
||||||
|
import li.strolch.service.api.ServiceResult;
|
||||||
|
import li.strolch.service.api.ServiceResultState;
|
||||||
|
import ch.eitchnet.privilege.model.RoleRep;
|
||||||
|
|
||||||
|
public class PrivilegeRoleResult extends ServiceResult {
|
||||||
|
private static final long serialVersionUID = 1L;
|
||||||
|
|
||||||
|
private RoleRep role;
|
||||||
|
|
||||||
|
public PrivilegeRoleResult() {
|
||||||
|
super();
|
||||||
|
}
|
||||||
|
|
||||||
|
public PrivilegeRoleResult(ServiceResultState state, String message) {
|
||||||
|
super(state, message);
|
||||||
|
}
|
||||||
|
|
||||||
|
public PrivilegeRoleResult(ServiceResultState state) {
|
||||||
|
super(state);
|
||||||
|
}
|
||||||
|
|
||||||
|
public PrivilegeRoleResult(RoleRep role) {
|
||||||
|
setState(ServiceResultState.SUCCESS);
|
||||||
|
this.role = role;
|
||||||
|
}
|
||||||
|
|
||||||
|
public RoleRep getRole() {
|
||||||
|
return role;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,65 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2013 Robert von Burg <eitch@eitchnet.ch>
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
package li.strolch.service.privilege.roles;
|
||||||
|
|
||||||
|
import li.strolch.model.audit.AccessType;
|
||||||
|
import li.strolch.model.audit.Audit;
|
||||||
|
import li.strolch.persistence.api.StrolchTransaction;
|
||||||
|
import li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants;
|
||||||
|
import li.strolch.service.api.AbstractService;
|
||||||
|
import ch.eitchnet.privilege.handler.PrivilegeHandler;
|
||||||
|
import ch.eitchnet.privilege.model.RoleRep;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author Robert von Burg <eitch@eitchnet.ch>
|
||||||
|
*/
|
||||||
|
public class PrivilegeUpdateRoleService extends AbstractService<PrivilegeRoleArgument, PrivilegeRoleResult> {
|
||||||
|
|
||||||
|
private static final long serialVersionUID = 1L;
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected PrivilegeRoleResult getResultInstance() {
|
||||||
|
return new PrivilegeRoleResult();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected PrivilegeRoleResult internalDoService(PrivilegeRoleArgument arg) throws Exception {
|
||||||
|
|
||||||
|
li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer().getPrivilegeHandler();
|
||||||
|
PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler(getCertificate());
|
||||||
|
|
||||||
|
RoleRep role = privilegeHandler.replaceRole(getCertificate(), arg.role);
|
||||||
|
|
||||||
|
try (StrolchTransaction tx = openUserTx(PrivilegeHandler.PRIVILEGE_MODIFY_ROLE)) {
|
||||||
|
tx.setSuppressAudits(true);
|
||||||
|
Audit audit = tx.auditFrom(AccessType.UPDATE, StrolchPrivilegeConstants.PRIVILEGE,
|
||||||
|
StrolchPrivilegeConstants.ROLE, role.getName());
|
||||||
|
tx.getAuditTrail().add(tx, audit);
|
||||||
|
}
|
||||||
|
|
||||||
|
return new PrivilegeRoleResult(role);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String getPrivilegeName() {
|
||||||
|
return StrolchPrivilegeConstants.PRIVILEGE_MODIFY_ROLE;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Object getPrivilegeValue() {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,65 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2013 Robert von Burg <eitch@eitchnet.ch>
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
package li.strolch.service.privilege.users;
|
||||||
|
|
||||||
|
import li.strolch.model.audit.AccessType;
|
||||||
|
import li.strolch.model.audit.Audit;
|
||||||
|
import li.strolch.persistence.api.StrolchTransaction;
|
||||||
|
import li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants;
|
||||||
|
import li.strolch.service.api.AbstractService;
|
||||||
|
import ch.eitchnet.privilege.handler.PrivilegeHandler;
|
||||||
|
import ch.eitchnet.privilege.model.UserRep;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author Robert von Burg <eitch@eitchnet.ch>
|
||||||
|
*/
|
||||||
|
public class PrivilegeAddRoleToUserService extends AbstractService<PrivilegeRoleUserNamesArgument, PrivilegeUserResult> {
|
||||||
|
|
||||||
|
private static final long serialVersionUID = 1L;
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected PrivilegeUserResult getResultInstance() {
|
||||||
|
return new PrivilegeUserResult();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected PrivilegeUserResult internalDoService(PrivilegeRoleUserNamesArgument arg) throws Exception {
|
||||||
|
|
||||||
|
li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer().getPrivilegeHandler();
|
||||||
|
PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler(getCertificate());
|
||||||
|
|
||||||
|
UserRep user = privilegeHandler.addRoleToUser(getCertificate(), arg.username, arg.rolename);
|
||||||
|
|
||||||
|
try (StrolchTransaction tx = openUserTx(PrivilegeHandler.PRIVILEGE_ADD_ROLE_TO_USER)) {
|
||||||
|
tx.setSuppressAudits(true);
|
||||||
|
Audit audit = tx.auditFrom(AccessType.UPDATE, StrolchPrivilegeConstants.PRIVILEGE,
|
||||||
|
StrolchPrivilegeConstants.USER, user.getUsername());
|
||||||
|
tx.getAuditTrail().add(tx, audit);
|
||||||
|
}
|
||||||
|
|
||||||
|
return new PrivilegeUserResult(user);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String getPrivilegeName() {
|
||||||
|
return StrolchPrivilegeConstants.PRIVILEGE_ADD_ROLE_TO_USER;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Object getPrivilegeValue() {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,65 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2013 Robert von Burg <eitch@eitchnet.ch>
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
package li.strolch.service.privilege.users;
|
||||||
|
|
||||||
|
import li.strolch.model.audit.AccessType;
|
||||||
|
import li.strolch.model.audit.Audit;
|
||||||
|
import li.strolch.persistence.api.StrolchTransaction;
|
||||||
|
import li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants;
|
||||||
|
import li.strolch.service.api.AbstractService;
|
||||||
|
import ch.eitchnet.privilege.handler.PrivilegeHandler;
|
||||||
|
import ch.eitchnet.privilege.model.UserRep;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author Robert von Burg <eitch@eitchnet.ch>
|
||||||
|
*/
|
||||||
|
public class PrivilegeAddUserService extends AbstractService<PrivilegeUserArgument, PrivilegeUserResult> {
|
||||||
|
|
||||||
|
private static final long serialVersionUID = 1L;
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected PrivilegeUserResult getResultInstance() {
|
||||||
|
return new PrivilegeUserResult();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected PrivilegeUserResult internalDoService(PrivilegeUserArgument arg) throws Exception {
|
||||||
|
|
||||||
|
li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer().getPrivilegeHandler();
|
||||||
|
PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler(getCertificate());
|
||||||
|
|
||||||
|
UserRep user = privilegeHandler.addUser(getCertificate(), arg.user, null);
|
||||||
|
|
||||||
|
try (StrolchTransaction tx = openUserTx(PrivilegeHandler.PRIVILEGE_ADD_USER)) {
|
||||||
|
tx.setSuppressAudits(true);
|
||||||
|
Audit audit = tx.auditFrom(AccessType.CREATE, StrolchPrivilegeConstants.PRIVILEGE,
|
||||||
|
StrolchPrivilegeConstants.USER, user.getUsername());
|
||||||
|
tx.getAuditTrail().add(tx, audit);
|
||||||
|
}
|
||||||
|
|
||||||
|
return new PrivilegeUserResult(user);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String getPrivilegeName() {
|
||||||
|
return StrolchPrivilegeConstants.PRIVILEGE_ADD_USER;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Object getPrivilegeValue() {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,66 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2013 Robert von Burg <eitch@eitchnet.ch>
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
package li.strolch.service.privilege.users;
|
||||||
|
|
||||||
|
import li.strolch.model.audit.AccessType;
|
||||||
|
import li.strolch.model.audit.Audit;
|
||||||
|
import li.strolch.persistence.api.StrolchTransaction;
|
||||||
|
import li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants;
|
||||||
|
import li.strolch.service.api.AbstractService;
|
||||||
|
import ch.eitchnet.privilege.handler.PrivilegeHandler;
|
||||||
|
import ch.eitchnet.privilege.model.UserRep;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author Robert von Burg <eitch@eitchnet.ch>
|
||||||
|
*/
|
||||||
|
public class PrivilegeRemoveRoleFromUserService extends
|
||||||
|
AbstractService<PrivilegeRoleUserNamesArgument, PrivilegeUserResult> {
|
||||||
|
|
||||||
|
private static final long serialVersionUID = 1L;
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected PrivilegeUserResult getResultInstance() {
|
||||||
|
return new PrivilegeUserResult();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected PrivilegeUserResult internalDoService(PrivilegeRoleUserNamesArgument arg) throws Exception {
|
||||||
|
|
||||||
|
li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer().getPrivilegeHandler();
|
||||||
|
PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler(getCertificate());
|
||||||
|
|
||||||
|
UserRep user = privilegeHandler.removeRoleFromUser(getCertificate(), arg.username, arg.rolename);
|
||||||
|
|
||||||
|
try (StrolchTransaction tx = openUserTx(PrivilegeHandler.PRIVILEGE_REMOVE_ROLE_FROM_USER)) {
|
||||||
|
tx.setSuppressAudits(true);
|
||||||
|
Audit audit = tx.auditFrom(AccessType.UPDATE, StrolchPrivilegeConstants.PRIVILEGE,
|
||||||
|
StrolchPrivilegeConstants.USER, user.getUsername());
|
||||||
|
tx.getAuditTrail().add(tx, audit);
|
||||||
|
}
|
||||||
|
|
||||||
|
return new PrivilegeUserResult(user);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String getPrivilegeName() {
|
||||||
|
return StrolchPrivilegeConstants.PRIVILEGE_REMOVE_ROLE_FROM_USER;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Object getPrivilegeValue() {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,65 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2013 Robert von Burg <eitch@eitchnet.ch>
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
package li.strolch.service.privilege.users;
|
||||||
|
|
||||||
|
import li.strolch.model.audit.AccessType;
|
||||||
|
import li.strolch.model.audit.Audit;
|
||||||
|
import li.strolch.persistence.api.StrolchTransaction;
|
||||||
|
import li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants;
|
||||||
|
import li.strolch.service.api.AbstractService;
|
||||||
|
import ch.eitchnet.privilege.handler.PrivilegeHandler;
|
||||||
|
import ch.eitchnet.privilege.model.UserRep;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author Robert von Burg <eitch@eitchnet.ch>
|
||||||
|
*/
|
||||||
|
public class PrivilegeRemoveUserService extends AbstractService<PrivilegeUserNameArgument, PrivilegeUserResult> {
|
||||||
|
|
||||||
|
private static final long serialVersionUID = 1L;
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected PrivilegeUserResult getResultInstance() {
|
||||||
|
return new PrivilegeUserResult();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected PrivilegeUserResult internalDoService(PrivilegeUserNameArgument arg) throws Exception {
|
||||||
|
|
||||||
|
li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer().getPrivilegeHandler();
|
||||||
|
PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler(getCertificate());
|
||||||
|
|
||||||
|
UserRep user = privilegeHandler.removeUser(getCertificate(), arg.username);
|
||||||
|
|
||||||
|
try (StrolchTransaction tx = openUserTx(PrivilegeHandler.PRIVILEGE_REMOVE_USER)) {
|
||||||
|
tx.setSuppressAudits(true);
|
||||||
|
Audit audit = tx.auditFrom(AccessType.DELETE, StrolchPrivilegeConstants.PRIVILEGE,
|
||||||
|
StrolchPrivilegeConstants.USER, user.getUsername());
|
||||||
|
tx.getAuditTrail().add(tx, audit);
|
||||||
|
}
|
||||||
|
|
||||||
|
return new PrivilegeUserResult(user);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String getPrivilegeName() {
|
||||||
|
return StrolchPrivilegeConstants.PRIVILEGE_REMOVE_USER;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Object getPrivilegeValue() {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,9 @@
|
||||||
|
package li.strolch.service.privilege.users;
|
||||||
|
|
||||||
|
import li.strolch.service.api.ServiceArgument;
|
||||||
|
|
||||||
|
public class PrivilegeRoleUserNamesArgument extends ServiceArgument {
|
||||||
|
private static final long serialVersionUID = 1L;
|
||||||
|
public String username;
|
||||||
|
public String rolename;
|
||||||
|
}
|
|
@ -0,0 +1,11 @@
|
||||||
|
package li.strolch.service.privilege.users;
|
||||||
|
|
||||||
|
import java.util.Locale;
|
||||||
|
|
||||||
|
import li.strolch.service.api.ServiceArgument;
|
||||||
|
|
||||||
|
public class PrivilegeSetUserLocaleArgument extends ServiceArgument {
|
||||||
|
private static final long serialVersionUID = 1L;
|
||||||
|
public String username;
|
||||||
|
public Locale locale;
|
||||||
|
}
|
|
@ -0,0 +1,65 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2013 Robert von Burg <eitch@eitchnet.ch>
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
package li.strolch.service.privilege.users;
|
||||||
|
|
||||||
|
import li.strolch.model.audit.AccessType;
|
||||||
|
import li.strolch.model.audit.Audit;
|
||||||
|
import li.strolch.persistence.api.StrolchTransaction;
|
||||||
|
import li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants;
|
||||||
|
import li.strolch.service.api.AbstractService;
|
||||||
|
import ch.eitchnet.privilege.handler.PrivilegeHandler;
|
||||||
|
import ch.eitchnet.privilege.model.UserRep;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author Robert von Burg <eitch@eitchnet.ch>
|
||||||
|
*/
|
||||||
|
public class PrivilegeSetUserLocaleService extends AbstractService<PrivilegeSetUserLocaleArgument, PrivilegeUserResult> {
|
||||||
|
|
||||||
|
private static final long serialVersionUID = 1L;
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected PrivilegeUserResult getResultInstance() {
|
||||||
|
return new PrivilegeUserResult();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected PrivilegeUserResult internalDoService(PrivilegeSetUserLocaleArgument arg) throws Exception {
|
||||||
|
|
||||||
|
li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer().getPrivilegeHandler();
|
||||||
|
PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler(getCertificate());
|
||||||
|
|
||||||
|
UserRep user = privilegeHandler.setUserLocale(getCertificate(), arg.username, arg.locale);
|
||||||
|
|
||||||
|
try (StrolchTransaction tx = openUserTx(PrivilegeHandler.PRIVILEGE_MODIFY_USER)) {
|
||||||
|
tx.setSuppressAudits(true);
|
||||||
|
Audit audit = tx.auditFrom(AccessType.UPDATE, StrolchPrivilegeConstants.PRIVILEGE,
|
||||||
|
StrolchPrivilegeConstants.USER, user.getUsername());
|
||||||
|
tx.getAuditTrail().add(tx, audit);
|
||||||
|
}
|
||||||
|
|
||||||
|
return new PrivilegeUserResult(user);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String getPrivilegeName() {
|
||||||
|
return StrolchPrivilegeConstants.PRIVILEGE_MODIFY_USER;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Object getPrivilegeValue() {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,9 @@
|
||||||
|
package li.strolch.service.privilege.users;
|
||||||
|
|
||||||
|
import li.strolch.service.api.ServiceArgument;
|
||||||
|
|
||||||
|
public class PrivilegeSetUserPasswordArgument extends ServiceArgument {
|
||||||
|
private static final long serialVersionUID = 1L;
|
||||||
|
public String username;
|
||||||
|
public byte[] password;
|
||||||
|
}
|
|
@ -0,0 +1,65 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2013 Robert von Burg <eitch@eitchnet.ch>
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
package li.strolch.service.privilege.users;
|
||||||
|
|
||||||
|
import li.strolch.model.audit.AccessType;
|
||||||
|
import li.strolch.model.audit.Audit;
|
||||||
|
import li.strolch.persistence.api.StrolchTransaction;
|
||||||
|
import li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants;
|
||||||
|
import li.strolch.service.api.AbstractService;
|
||||||
|
import li.strolch.service.api.ServiceResult;
|
||||||
|
import ch.eitchnet.privilege.handler.PrivilegeHandler;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author Robert von Burg <eitch@eitchnet.ch>
|
||||||
|
*/
|
||||||
|
public class PrivilegeSetUserPasswordService extends AbstractService<PrivilegeSetUserPasswordArgument, ServiceResult> {
|
||||||
|
|
||||||
|
private static final long serialVersionUID = 1L;
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected ServiceResult getResultInstance() {
|
||||||
|
return new ServiceResult();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected ServiceResult internalDoService(PrivilegeSetUserPasswordArgument arg) throws Exception {
|
||||||
|
|
||||||
|
li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer().getPrivilegeHandler();
|
||||||
|
PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler(getCertificate());
|
||||||
|
|
||||||
|
privilegeHandler.setUserPassword(getCertificate(), arg.username, arg.password);
|
||||||
|
|
||||||
|
try (StrolchTransaction tx = openUserTx(PrivilegeHandler.PRIVILEGE_MODIFY_USER)) {
|
||||||
|
tx.setSuppressAudits(true);
|
||||||
|
Audit audit = tx.auditFrom(AccessType.UPDATE, StrolchPrivilegeConstants.PRIVILEGE,
|
||||||
|
StrolchPrivilegeConstants.USER, arg.username);
|
||||||
|
tx.getAuditTrail().add(tx, audit);
|
||||||
|
}
|
||||||
|
|
||||||
|
return ServiceResult.success();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String getPrivilegeName() {
|
||||||
|
return StrolchPrivilegeConstants.PRIVILEGE_MODIFY_USER;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Object getPrivilegeValue() {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,10 @@
|
||||||
|
package li.strolch.service.privilege.users;
|
||||||
|
|
||||||
|
import li.strolch.service.api.ServiceArgument;
|
||||||
|
import ch.eitchnet.privilege.model.UserState;
|
||||||
|
|
||||||
|
public class PrivilegeSetUserStateArgument extends ServiceArgument {
|
||||||
|
private static final long serialVersionUID = 1L;
|
||||||
|
public String username;
|
||||||
|
public UserState userState;
|
||||||
|
}
|
|
@ -0,0 +1,65 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2013 Robert von Burg <eitch@eitchnet.ch>
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
package li.strolch.service.privilege.users;
|
||||||
|
|
||||||
|
import li.strolch.model.audit.AccessType;
|
||||||
|
import li.strolch.model.audit.Audit;
|
||||||
|
import li.strolch.persistence.api.StrolchTransaction;
|
||||||
|
import li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants;
|
||||||
|
import li.strolch.service.api.AbstractService;
|
||||||
|
import ch.eitchnet.privilege.handler.PrivilegeHandler;
|
||||||
|
import ch.eitchnet.privilege.model.UserRep;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author Robert von Burg <eitch@eitchnet.ch>
|
||||||
|
*/
|
||||||
|
public class PrivilegeSetUserStateService extends AbstractService<PrivilegeSetUserStateArgument, PrivilegeUserResult> {
|
||||||
|
|
||||||
|
private static final long serialVersionUID = 1L;
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected PrivilegeUserResult getResultInstance() {
|
||||||
|
return new PrivilegeUserResult();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected PrivilegeUserResult internalDoService(PrivilegeSetUserStateArgument arg) throws Exception {
|
||||||
|
|
||||||
|
li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer().getPrivilegeHandler();
|
||||||
|
PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler(getCertificate());
|
||||||
|
|
||||||
|
UserRep user = privilegeHandler.setUserState(getCertificate(), arg.username, arg.userState);
|
||||||
|
|
||||||
|
try (StrolchTransaction tx = openUserTx(PrivilegeHandler.PRIVILEGE_MODIFY_USER)) {
|
||||||
|
tx.setSuppressAudits(true);
|
||||||
|
Audit audit = tx.auditFrom(AccessType.UPDATE, StrolchPrivilegeConstants.PRIVILEGE,
|
||||||
|
StrolchPrivilegeConstants.USER, user.getUsername());
|
||||||
|
tx.getAuditTrail().add(tx, audit);
|
||||||
|
}
|
||||||
|
|
||||||
|
return new PrivilegeUserResult(user);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String getPrivilegeName() {
|
||||||
|
return StrolchPrivilegeConstants.PRIVILEGE_MODIFY_USER;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Object getPrivilegeValue() {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,65 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2013 Robert von Burg <eitch@eitchnet.ch>
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
package li.strolch.service.privilege.users;
|
||||||
|
|
||||||
|
import li.strolch.model.audit.AccessType;
|
||||||
|
import li.strolch.model.audit.Audit;
|
||||||
|
import li.strolch.persistence.api.StrolchTransaction;
|
||||||
|
import li.strolch.runtime.StrolchConstants.StrolchPrivilegeConstants;
|
||||||
|
import li.strolch.service.api.AbstractService;
|
||||||
|
import ch.eitchnet.privilege.handler.PrivilegeHandler;
|
||||||
|
import ch.eitchnet.privilege.model.UserRep;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author Robert von Burg <eitch@eitchnet.ch>
|
||||||
|
*/
|
||||||
|
public class PrivilegeUpdateUserService extends AbstractService<PrivilegeUserArgument, PrivilegeUserResult> {
|
||||||
|
|
||||||
|
private static final long serialVersionUID = 1L;
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected PrivilegeUserResult getResultInstance() {
|
||||||
|
return new PrivilegeUserResult();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected PrivilegeUserResult internalDoService(PrivilegeUserArgument arg) throws Exception {
|
||||||
|
|
||||||
|
li.strolch.runtime.privilege.PrivilegeHandler strolchPrivilegeHandler = getContainer().getPrivilegeHandler();
|
||||||
|
PrivilegeHandler privilegeHandler = strolchPrivilegeHandler.getPrivilegeHandler(getCertificate());
|
||||||
|
|
||||||
|
UserRep user = privilegeHandler.updateUser(getCertificate(), arg.user);
|
||||||
|
|
||||||
|
try (StrolchTransaction tx = openUserTx(PrivilegeHandler.PRIVILEGE_MODIFY_USER)) {
|
||||||
|
tx.setSuppressAudits(true);
|
||||||
|
Audit audit = tx.auditFrom(AccessType.UPDATE, StrolchPrivilegeConstants.PRIVILEGE,
|
||||||
|
StrolchPrivilegeConstants.USER, user.getUsername());
|
||||||
|
tx.getAuditTrail().add(tx, audit);
|
||||||
|
}
|
||||||
|
|
||||||
|
return new PrivilegeUserResult(user);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String getPrivilegeName() {
|
||||||
|
return StrolchPrivilegeConstants.PRIVILEGE_MODIFY_USER;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Object getPrivilegeValue() {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,9 @@
|
||||||
|
package li.strolch.service.privilege.users;
|
||||||
|
|
||||||
|
import li.strolch.service.api.ServiceArgument;
|
||||||
|
import ch.eitchnet.privilege.model.UserRep;
|
||||||
|
|
||||||
|
public class PrivilegeUserArgument extends ServiceArgument {
|
||||||
|
private static final long serialVersionUID = 1L;
|
||||||
|
public UserRep user;
|
||||||
|
}
|
|
@ -0,0 +1,8 @@
|
||||||
|
package li.strolch.service.privilege.users;
|
||||||
|
|
||||||
|
import li.strolch.service.api.ServiceArgument;
|
||||||
|
|
||||||
|
public class PrivilegeUserNameArgument extends ServiceArgument {
|
||||||
|
private static final long serialVersionUID = 1L;
|
||||||
|
public String username;
|
||||||
|
}
|
|
@ -0,0 +1,32 @@
|
||||||
|
package li.strolch.service.privilege.users;
|
||||||
|
|
||||||
|
import li.strolch.service.api.ServiceResult;
|
||||||
|
import li.strolch.service.api.ServiceResultState;
|
||||||
|
import ch.eitchnet.privilege.model.UserRep;
|
||||||
|
|
||||||
|
public class PrivilegeUserResult extends ServiceResult {
|
||||||
|
private static final long serialVersionUID = 1L;
|
||||||
|
|
||||||
|
private UserRep user;
|
||||||
|
|
||||||
|
public PrivilegeUserResult() {
|
||||||
|
super();
|
||||||
|
}
|
||||||
|
|
||||||
|
public PrivilegeUserResult(ServiceResultState state, String message) {
|
||||||
|
super(state, message);
|
||||||
|
}
|
||||||
|
|
||||||
|
public PrivilegeUserResult(ServiceResultState state) {
|
||||||
|
super(state);
|
||||||
|
}
|
||||||
|
|
||||||
|
public PrivilegeUserResult(UserRep user) {
|
||||||
|
setState(ServiceResultState.SUCCESS);
|
||||||
|
this.user = user;
|
||||||
|
}
|
||||||
|
|
||||||
|
public UserRep getUser() {
|
||||||
|
return user;
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue