[SYNCOPE-120] Using Entitlement constants in authorization annotations
Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/8f1a9f5e Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/8f1a9f5e Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/8f1a9f5e Branch: refs/heads/master Commit: 8f1a9f5e5f5491f4b2f90a24b52dc5a052a6e9ea Parents: eb9ea2a Author: Francesco Chicchiriccò <ilgro...@apache.org> Authored: Tue Apr 21 15:02:23 2015 +0200 Committer: Francesco Chicchiriccò <ilgro...@apache.org> Committed: Tue Apr 21 15:02:23 2015 +0200 ---------------------------------------------------------------------- .../syncope/client/lib/SyncopeClient.java | 7 +- .../apache/syncope/common/lib/to/RoleTO.java | 7 +- .../syncope/common/lib/types/Entitlement.java | 279 +++++++++++++------ .../syncope/core/logic/ConfigurationLogic.java | 9 +- .../syncope/core/logic/ConnectorLogic.java | 25 +- .../apache/syncope/core/logic/GroupLogic.java | 26 +- .../apache/syncope/core/logic/LoggerLogic.java | 15 +- .../syncope/core/logic/NotificationLogic.java | 11 +- .../apache/syncope/core/logic/PolicyLogic.java | 15 +- .../apache/syncope/core/logic/RealmLogic.java | 9 +- .../apache/syncope/core/logic/ReportLogic.java | 25 +- .../syncope/core/logic/ResourceLogic.java | 13 +- .../apache/syncope/core/logic/RoleLogic.java | 11 +- .../apache/syncope/core/logic/SchemaLogic.java | 9 +- .../core/logic/SecurityQuestionLogic.java | 9 +- .../apache/syncope/core/logic/TaskLogic.java | 23 +- .../apache/syncope/core/logic/UserLogic.java | 44 +-- .../syncope/core/logic/UserWorkflowLogic.java | 13 +- .../syncope/core/logic/WorkflowLogic.java | 15 +- .../syncope/core/logic/NotificationTest.java | 7 +- .../core/misc/security/AuthContextUtils.java | 11 +- .../misc/security/SyncopeGrantedAuthority.java | 13 +- .../security/SyncopeUserDetailsService.java | 12 +- .../api/dao/search/EntitlementCond.java | 39 --- .../persistence/api/dao/search/SearchCond.java | 33 +-- .../core/persistence/api/entity/Role.java | 3 +- .../jpa/dao/JPASubjectSearchDAO.java | 19 -- .../core/persistence/jpa/entity/JPARole.java | 8 +- .../java/sync/AbstractProvisioningJob.java | 7 +- .../syncope/core/logic/CamelRouteLogic.java | 9 +- .../core/reference/AuthenticationITCase.java | 8 +- .../syncope/fit/core/reference/UserITCase.java | 3 +- .../fit/core/reference/UserSelfITCase.java | 3 +- 33 files changed, 381 insertions(+), 359 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/syncope/blob/8f1a9f5e/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClient.java ---------------------------------------------------------------------- diff --git a/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClient.java b/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClient.java index 4949740..9aa5990 100644 --- a/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClient.java +++ b/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClient.java @@ -34,7 +34,6 @@ import org.apache.syncope.common.lib.search.OrderByClauseBuilder; import org.apache.syncope.common.lib.search.GroupFiqlSearchConditionBuilder; import org.apache.syncope.common.lib.search.UserFiqlSearchConditionBuilder; import org.apache.syncope.common.lib.to.UserTO; -import org.apache.syncope.common.lib.types.Entitlement; import org.apache.syncope.common.rest.api.Preference; import org.apache.syncope.common.rest.api.RESTHeaders; import org.apache.syncope.common.rest.api.service.UserSelfService; @@ -109,7 +108,7 @@ public class SyncopeClient { } @SuppressWarnings("unchecked") - public Pair<Map<Entitlement, Set<String>>, UserTO> self() { + public Pair<Map<String, Set<String>>, UserTO> self() { // Explicitly disable header value split because it interferes with JSON deserialization below UserSelfService serviceInstance = getService(UserSelfService.class); WebClient.getConfig(WebClient.client(serviceInstance)). @@ -125,9 +124,9 @@ public class SyncopeClient { try { return new ImmutablePair<>( - (Map<Entitlement, Set<String>>) new ObjectMapper().readValue( + (Map<String, Set<String>>) new ObjectMapper().readValue( response.getHeaderString(RESTHeaders.OWNED_ENTITLEMENTS), - new TypeReference<HashMap<Entitlement, Set<String>>>() { + new TypeReference<HashMap<String, Set<String>>>() { }), response.readEntity(UserTO.class)); } catch (IOException e) { http://git-wip-us.apache.org/repos/asf/syncope/blob/8f1a9f5e/common/lib/src/main/java/org/apache/syncope/common/lib/to/RoleTO.java ---------------------------------------------------------------------- diff --git a/common/lib/src/main/java/org/apache/syncope/common/lib/to/RoleTO.java b/common/lib/src/main/java/org/apache/syncope/common/lib/to/RoleTO.java index d78ea80..95ef20d 100644 --- a/common/lib/src/main/java/org/apache/syncope/common/lib/to/RoleTO.java +++ b/common/lib/src/main/java/org/apache/syncope/common/lib/to/RoleTO.java @@ -20,7 +20,7 @@ package org.apache.syncope.common.lib.to; import com.fasterxml.jackson.annotation.JsonProperty; import java.util.ArrayList; -import java.util.EnumSet; +import java.util.HashSet; import java.util.List; import java.util.Set; import javax.xml.bind.annotation.XmlElement; @@ -28,7 +28,6 @@ import javax.xml.bind.annotation.XmlElementWrapper; import javax.xml.bind.annotation.XmlRootElement; import javax.xml.bind.annotation.XmlType; import org.apache.syncope.common.lib.AbstractBaseBean; -import org.apache.syncope.common.lib.types.Entitlement; @XmlRootElement(name = "role") @XmlType @@ -40,7 +39,7 @@ public class RoleTO extends AbstractBaseBean { private String name; - private final Set<Entitlement> entitlements = EnumSet.noneOf(Entitlement.class); + private final Set<String> entitlements = new HashSet<>(); private final List<String> realms = new ArrayList<>(); @@ -63,7 +62,7 @@ public class RoleTO extends AbstractBaseBean { @XmlElementWrapper(name = "entitlements") @XmlElement(name = "entitlement") @JsonProperty("entitlements") - public Set<Entitlement> getEntitlements() { + public Set<String> getEntitlements() { return entitlements; } http://git-wip-us.apache.org/repos/asf/syncope/blob/8f1a9f5e/common/lib/src/main/java/org/apache/syncope/common/lib/types/Entitlement.java ---------------------------------------------------------------------- diff --git a/common/lib/src/main/java/org/apache/syncope/common/lib/types/Entitlement.java b/common/lib/src/main/java/org/apache/syncope/common/lib/types/Entitlement.java index 1712b74..e5329a7 100644 --- a/common/lib/src/main/java/org/apache/syncope/common/lib/types/Entitlement.java +++ b/common/lib/src/main/java/org/apache/syncope/common/lib/types/Entitlement.java @@ -18,91 +18,198 @@ */ package org.apache.syncope.common.lib.types; -public enum Entitlement { - - ANONYMOUS, - REALM_LIST, - REALM_CREATE, - REALM_UPDATE, - REALM_DELETE, - ROLE_LIST, - ROLE_CREATE, - ROLE_READ, - ROLE_UPDATE, - ROLE_DELETE, - SCHEMA_LIST, - SCHEMA_CREATE, - SCHEMA_READ, - SCHEMA_UPDATE, - SCHEMA_DELETE, - USER_SEARCH, - USER_LIST, - USER_CREATE, - USER_READ, - USER_UPDATE, - USER_DELETE, - USER_VIEW, - GROUP_SEARCH, - GROUP_CREATE, - GROUP_READ, - GROUP_UPDATE, - GROUP_DELETE, - RESOURCE_LIST, - RESOURCE_CREATE, - RESOURCE_READ, - RESOURCE_UPDATE, - RESOURCE_DELETE, - RESOURCE_GETCONNECTOROBJECT, - CONNECTOR_LIST, - CONNECTOR_CREATE, - CONNECTOR_READ, - CONNECTOR_UPDATE, - CONNECTOR_DELETE, - CONNECTOR_RELOAD, - CONFIGURATION_EXPORT, - CONFIGURATION_LIST, - CONFIGURATION_SET, - CONFIGURATION_DELETE, - TASK_LIST, - TASK_CREATE, - TASK_READ, - TASK_UPDATE, - TASK_DELETE, - TASK_EXECUTE, - POLICY_LIST, - POLICY_CREATE, - POLICY_READ, - POLICY_UPDATE, - POLICY_DELETE, - WORKFLOW_DEF_READ, - WORKFLOW_DEF_UPDATE, - WORKFLOW_TASK_LIST, - WORKFLOW_FORM_LIST, - WORKFLOW_FORM_READ, - WORKFLOW_FORM_CLAIM, - WORKFLOW_FORM_SUBMIT, - NOTIFICATION_LIST, - NOTIFICATION_CREATE, - NOTIFICATION_READ, - NOTIFICATION_UPDATE, - NOTIFICATION_DELETE, - REPORT_LIST, - REPORT_READ, - REPORT_CREATE, - REPORT_UPDATE, - REPORT_DELETE, - REPORT_EXECUTE, - LOG_LIST, - LOG_SET_LEVEL, - LOG_DELETE, - AUDIT_LIST, - AUDIT_ENABLE, - AUDIT_DISABLE, - SECURITY_QUESTION_CREATE, - SECURITY_QUESTION_UPDATE, - SECURITY_QUESTION_DELETE, - ROUTE_READ, - ROUTE_LIST, - ROUTE_UPDATE; +import java.lang.reflect.Field; +import java.lang.reflect.Modifier; +import java.util.Collections; +import java.util.HashSet; +import java.util.Set; +public final class Entitlement { + + public static final String ANONYMOUS = "ANONYMOUS"; + + public static final String REALM_LIST = "REALM_LIST"; + + public static final String REALM_CREATE = "REALM_CREATE"; + + public static final String REALM_UPDATE = "REALM_UPDATE"; + + public static final String REALM_DELETE = "REALM_DELETE"; + + public static final String ROLE_LIST = "ROLE_LIST"; + + public static final String ROLE_CREATE = "ROLE_CREATE"; + + public static final String ROLE_READ = "ROLE_READ"; + + public static final String ROLE_UPDATE = "ROLE_UPDATE"; + + public static final String ROLE_DELETE = "ROLE_DELETE"; + + public static final String SCHEMA_LIST = "SCHEMA_LIST"; + + public static final String SCHEMA_CREATE = "SCHEMA_CREATE"; + + public static final String SCHEMA_READ = "SCHEMA_READ"; + + public static final String SCHEMA_UPDATE = "SCHEMA_UPDATE"; + + public static final String SCHEMA_DELETE = "SCHEMA_DELETE"; + + public static final String USER_SEARCH = "USER_SEARCH"; + + public static final String USER_LIST = "USER_LIST"; + + public static final String USER_CREATE = "USER_CREATE"; + + public static final String USER_READ = "USER_READ"; + + public static final String USER_UPDATE = "USER_UPDATE"; + + public static final String USER_DELETE = "USER_DELETE"; + + public static final String USER_VIEW = "USER_VIEW"; + + public static final String GROUP_SEARCH = "GROUP_SEARCH"; + + public static final String GROUP_CREATE = "GROUP_CREATE"; + + public static final String GROUP_READ = "GROUP_READ"; + + public static final String GROUP_UPDATE = "GROUP_UPDATE"; + + public static final String GROUP_DELETE = "GROUP_DELETE"; + + public static final String RESOURCE_LIST = "RESOURCE_LIST"; + + public static final String RESOURCE_CREATE = "RESOURCE_CREATE"; + + public static final String RESOURCE_READ = "RESOURCE_READ"; + + public static final String RESOURCE_UPDATE = "RESOURCE_UPDATE"; + + public static final String RESOURCE_DELETE = "RESOURCE_DELETE"; + + public static final String RESOURCE_GETCONNECTOROBJECT = "RESOURCE_GETCONNECTOROBJECT"; + + public static final String CONNECTOR_LIST = "CONNECTOR_LIST"; + + public static final String CONNECTOR_CREATE = "CONNECTOR_CREATE"; + + public static final String CONNECTOR_READ = "CONNECTOR_READ"; + + public static final String CONNECTOR_UPDATE = "CONNECTOR_UPDATE"; + + public static final String CONNECTOR_DELETE = "CONNECTOR_DELETE"; + + public static final String CONNECTOR_RELOAD = "CONNECTOR_RELOAD"; + + public static final String CONFIGURATION_EXPORT = "CONFIGURATION_EXPORT"; + + public static final String CONFIGURATION_LIST = "CONFIGURATION_LIST"; + + public static final String CONFIGURATION_SET = "CONFIGURATION_SET"; + + public static final String CONFIGURATION_DELETE = "CONFIGURATION_DELETE"; + + public static final String TASK_LIST = "TASK_LIST"; + + public static final String TASK_CREATE = "TASK_CREATE"; + + public static final String TASK_READ = "TASK_READ"; + + public static final String TASK_UPDATE = "TASK_UPDATE"; + + public static final String TASK_DELETE = "TASK_DELETE"; + + public static final String TASK_EXECUTE = "TASK_EXECUTE"; + + public static final String POLICY_LIST = "POLICY_LIST"; + + public static final String POLICY_CREATE = "POLICY_CREATE"; + + public static final String POLICY_READ = "POLICY_READ"; + + public static final String POLICY_UPDATE = "POLICY_UPDATE"; + + public static final String POLICY_DELETE = "POLICY_DELETE"; + + public static final String WORKFLOW_DEF_READ = "WORKFLOW_DEF_READ"; + + public static final String WORKFLOW_DEF_UPDATE = "WORKFLOW_DEF_UPDATE"; + + public static final String WORKFLOW_TASK_LIST = "WORKFLOW_TASK_LIST"; + + public static final String WORKFLOW_FORM_LIST = "WORKFLOW_FORM_LIST"; + + public static final String WORKFLOW_FORM_READ = "WORKFLOW_FORM_READ"; + + public static final String WORKFLOW_FORM_CLAIM = "WORKFLOW_FORM_CLAIM"; + + public static final String WORKFLOW_FORM_SUBMIT = "WORKFLOW_FORM_SUBMIT"; + + public static final String NOTIFICATION_LIST = "NOTIFICATION_LIST"; + + public static final String NOTIFICATION_CREATE = "NOTIFICATION_CREATE"; + + public static final String NOTIFICATION_READ = "NOTIFICATION_READ"; + + public static final String NOTIFICATION_UPDATE = "NOTIFICATION_UPDATE"; + + public static final String NOTIFICATION_DELETE = "NOTIFICATION_DELETE"; + + public static final String REPORT_LIST = "REPORT_LIST"; + + public static final String REPORT_READ = "REPORT_READ"; + + public static final String REPORT_CREATE = "REPORT_CREATE"; + + public static final String REPORT_UPDATE = "REPORT_UPDATE"; + + public static final String REPORT_DELETE = "REPORT_DELETE"; + + public static final String REPORT_EXECUTE = "REPORT_EXECUTE"; + + public static final String LOG_LIST = "LOG_LIST"; + + public static final String LOG_SET_LEVEL = "LOG_SET_LEVEL"; + + public static final String LOG_DELETE = "LOG_DELETE"; + + public static final String AUDIT_LIST = "AUDIT_LIST"; + + public static final String AUDIT_ENABLE = "AUDIT_ENABLE"; + + public static final String AUDIT_DISABLE = "AUDIT_DISABLE"; + + public static final String SECURITY_QUESTION_CREATE = "SECURITY_QUESTION_CREATE"; + + public static final String SECURITY_QUESTION_UPDATE = "SECURITY_QUESTION_UPDATE"; + + public static final String SECURITY_QUESTION_DELETE = "SECURITY_QUESTION_DELETE"; + + public static final String ROUTE_READ = "ROUTE_READ"; + + public static final String ROUTE_LIST = "ROUTE_LIST"; + + public static final String ROUTE_UPDATE = "ROUTE_UPDATE"; + + private static Set<String> VALUES = new HashSet<>(); + + static { + for (Field field : Entitlement.class.getDeclaredFields()) { + if (Modifier.isStatic(field.getModifiers()) && String.class.equals(field.getType())) { + VALUES.add(field.getName()); + } + } + VALUES = Collections.unmodifiableSet(VALUES); + } + + public static Set<String> values() { + return VALUES; + } + + private Entitlement() { + // private constructor for static utility class + } } http://git-wip-us.apache.org/repos/asf/syncope/blob/8f1a9f5e/core/logic/src/main/java/org/apache/syncope/core/logic/ConfigurationLogic.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/ConfigurationLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/ConfigurationLogic.java index 17e1a7e..ef95aaa 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/ConfigurationLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/ConfigurationLogic.java @@ -22,6 +22,7 @@ import java.io.OutputStream; import java.lang.reflect.Method; import org.apache.syncope.common.lib.to.AttrTO; import org.apache.syncope.common.lib.to.ConfTO; +import org.apache.syncope.common.lib.types.Entitlement; import org.apache.syncope.core.persistence.api.content.ContentExporter; import org.apache.syncope.core.persistence.api.dao.ConfDAO; import org.apache.syncope.core.persistence.api.dao.NotFoundException; @@ -57,12 +58,12 @@ public class ConfigurationLogic extends AbstractTransactionalLogic<ConfTO> { @Autowired private GroupWorkflowAdapter gwfAdapter; - @PreAuthorize("hasRole('CONFIGURATION_DELETE')") + @PreAuthorize("hasRole('" + Entitlement.CONFIGURATION_DELETE + "')") public void delete(final String key) { confDAO.delete(key); } - @PreAuthorize("hasRole('CONFIGURATION_LIST')") + @PreAuthorize("hasRole('" + Entitlement.CONFIGURATION_LIST + "')") public ConfTO list() { return binder.getConfTO(confDAO.get()); } @@ -87,12 +88,12 @@ public class ConfigurationLogic extends AbstractTransactionalLogic<ConfTO> { return result; } - @PreAuthorize("hasRole('CONFIGURATION_SET')") + @PreAuthorize("hasRole('" + Entitlement.CONFIGURATION_SET + "')") public void set(final AttrTO value) { confDAO.save(binder.getAttribute(value)); } - @PreAuthorize("hasRole('CONFIGURATION_EXPORT')") + @PreAuthorize("hasRole('" + Entitlement.CONFIGURATION_EXPORT + "')") @Transactional(readOnly = true) public void export(final OutputStream os) { try { http://git-wip-us.apache.org/repos/asf/syncope/blob/8f1a9f5e/core/logic/src/main/java/org/apache/syncope/core/logic/ConnectorLogic.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/ConnectorLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/ConnectorLogic.java index 23c60cc..b1d1ddf 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/ConnectorLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/ConnectorLogic.java @@ -35,6 +35,7 @@ import org.apache.syncope.common.lib.to.ConnInstanceTO; import org.apache.syncope.common.lib.types.ClientExceptionType; import org.apache.syncope.common.lib.types.ConnConfProperty; import org.apache.syncope.common.lib.CollectionUtils2; +import org.apache.syncope.common.lib.types.Entitlement; import org.apache.syncope.core.persistence.api.dao.ConnInstanceDAO; import org.apache.syncope.core.persistence.api.dao.ExternalResourceDAO; import org.apache.syncope.core.persistence.api.dao.NotFoundException; @@ -73,7 +74,7 @@ public class ConnectorLogic extends AbstractTransactionalLogic<ConnInstanceTO> { @Autowired private ConnectorFactory connFactory; - @PreAuthorize("hasRole('CONNECTOR_CREATE')") + @PreAuthorize("hasRole('" + Entitlement.CONNECTOR_CREATE + "')") public ConnInstanceTO create(final ConnInstanceTO connInstanceTO) { ConnInstance connInstance = binder.getConnInstance(connInstanceTO); try { @@ -89,7 +90,7 @@ public class ConnectorLogic extends AbstractTransactionalLogic<ConnInstanceTO> { return binder.getConnInstanceTO(connInstance); } - @PreAuthorize("hasRole('CONNECTOR_UPDATE')") + @PreAuthorize("hasRole('" + Entitlement.CONNECTOR_UPDATE + "')") public ConnInstanceTO update(final ConnInstanceTO connInstanceTO) { ConnInstance connInstance = binder.updateConnInstance(connInstanceTO.getKey(), connInstanceTO); try { @@ -105,7 +106,7 @@ public class ConnectorLogic extends AbstractTransactionalLogic<ConnInstanceTO> { return binder.getConnInstanceTO(connInstance); } - @PreAuthorize("hasRole('CONNECTOR_DELETE')") + @PreAuthorize("hasRole('" + Entitlement.CONNECTOR_DELETE + "')") public ConnInstanceTO delete(final Long connInstanceId) { ConnInstance connInstance = connInstanceDAO.find(connInstanceId); if (connInstance == null) { @@ -128,7 +129,7 @@ public class ConnectorLogic extends AbstractTransactionalLogic<ConnInstanceTO> { return connToDelete; } - @PreAuthorize("hasRole('CONNECTOR_LIST')") + @PreAuthorize("hasRole('" + Entitlement.CONNECTOR_LIST + "')") @Transactional(readOnly = true) public List<ConnInstanceTO> list(final String lang) { if (StringUtils.isBlank(lang)) { @@ -153,7 +154,7 @@ public class ConnectorLogic extends AbstractTransactionalLogic<ConnInstanceTO> { }, PredicateUtils.notNullPredicate(), new ArrayList<ConnInstanceTO>()); } - @PreAuthorize("hasRole('CONNECTOR_READ')") + @PreAuthorize("hasRole('" + Entitlement.CONNECTOR_READ + "')") @Transactional(readOnly = true) public ConnInstanceTO read(final Long connInstanceId) { ConnInstance connInstance = connInstanceDAO.find(connInstanceId); @@ -164,7 +165,7 @@ public class ConnectorLogic extends AbstractTransactionalLogic<ConnInstanceTO> { return binder.getConnInstanceTO(connInstance); } - @PreAuthorize("hasRole('CONNECTOR_READ')") + @PreAuthorize("hasRole('" + Entitlement.CONNECTOR_READ + "')") @Transactional(readOnly = true) public List<ConnBundleTO> getBundles(final String lang) { if (StringUtils.isBlank(lang)) { @@ -199,7 +200,7 @@ public class ConnectorLogic extends AbstractTransactionalLogic<ConnInstanceTO> { return connectorBundleTOs; } - @PreAuthorize("hasRole('CONNECTOR_READ')") + @PreAuthorize("hasRole('" + Entitlement.CONNECTOR_READ + "')") @Transactional(readOnly = true) public List<String> getSchemaNames(final ConnInstanceTO connInstanceTO, final boolean includeSpecial) { ConnInstance connInstance = connInstanceDAO.find(connInstanceTO.getKey()); @@ -217,7 +218,7 @@ public class ConnectorLogic extends AbstractTransactionalLogic<ConnInstanceTO> { return new ArrayList<>(connFactory.createConnector(connInstance, conf).getSchemaNames(includeSpecial)); } - @PreAuthorize("hasRole('CONNECTOR_READ')") + @PreAuthorize("hasRole('" + Entitlement.CONNECTOR_READ + "')") @Transactional(readOnly = true) public List<String> getSupportedObjectClasses(final ConnInstanceTO connInstanceTO) { ConnInstance connInstance = connInstanceDAO.find(connInstanceTO.getKey()); @@ -242,7 +243,7 @@ public class ConnectorLogic extends AbstractTransactionalLogic<ConnInstanceTO> { return result; } - @PreAuthorize("hasRole('CONNECTOR_READ')") + @PreAuthorize("hasRole('" + Entitlement.CONNECTOR_READ + "')") @Transactional(readOnly = true) public List<ConnConfProperty> getConfigurationProperties(final Long connInstanceId) { @@ -254,7 +255,7 @@ public class ConnectorLogic extends AbstractTransactionalLogic<ConnInstanceTO> { return new ArrayList<ConnConfProperty>(connInstance.getConfiguration()); } - @PreAuthorize("hasRole('CONNECTOR_READ')") + @PreAuthorize("hasRole('" + Entitlement.CONNECTOR_READ + "')") @Transactional(readOnly = true) public boolean check(final ConnInstanceTO connInstanceTO) { final Connector connector = connFactory.createConnector( @@ -272,7 +273,7 @@ public class ConnectorLogic extends AbstractTransactionalLogic<ConnInstanceTO> { return result; } - @PreAuthorize("hasRole('CONNECTOR_READ')") + @PreAuthorize("hasRole('" + Entitlement.CONNECTOR_READ + "')") @Transactional(readOnly = true) public ConnInstanceTO readByResource(final String resourceName) { ExternalResource resource = resourceDAO.find(resourceName); @@ -282,7 +283,7 @@ public class ConnectorLogic extends AbstractTransactionalLogic<ConnInstanceTO> { return binder.getConnInstanceTO(connFactory.getConnector(resource).getActiveConnInstance()); } - @PreAuthorize("hasRole('CONNECTOR_RELOAD')") + @PreAuthorize("hasRole('" + Entitlement.CONNECTOR_RELOAD + "')") @Transactional(readOnly = true) public void reload() { connFactory.unload(); http://git-wip-us.apache.org/repos/asf/syncope/blob/8f1a9f5e/core/logic/src/main/java/org/apache/syncope/core/logic/GroupLogic.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/GroupLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/GroupLogic.java index bbbca1b..2f7840c 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/GroupLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/GroupLogic.java @@ -92,14 +92,14 @@ public class GroupLogic extends AbstractSubjectLogic<GroupTO, GroupMod> { @Autowired protected GroupProvisioningManager provisioningManager; - @PreAuthorize("hasRole('GROUP_READ')") + @PreAuthorize("hasRole('" + Entitlement.GROUP_READ + "')") @Transactional(readOnly = true) @Override public GroupTO read(final Long groupKey) { return binder.getGroupTO(groupKey); } - @PreAuthorize("isAuthenticated() and not(hasRole('ANONYMOUS'))") + @PreAuthorize("isAuthenticated() and not(hasRole('" + Entitlement.ANONYMOUS + "'))") @Transactional(readOnly = true) public List<GroupTO> own() { return CollectionUtils.collect( @@ -138,7 +138,7 @@ public class GroupLogic extends AbstractSubjectLogic<GroupTO, GroupMod> { }, new ArrayList<GroupTO>()); } - @PreAuthorize("hasRole('GROUP_SEARCH')") + @PreAuthorize("hasRole('" + Entitlement.GROUP_SEARCH + "')") @Transactional(readOnly = true, rollbackFor = { Throwable.class }) @Override public int searchCount(final SearchCond searchCondition, final List<String> realms) { @@ -147,7 +147,7 @@ public class GroupLogic extends AbstractSubjectLogic<GroupTO, GroupMod> { searchCondition, SubjectType.GROUP); } - @PreAuthorize("hasRole('GROUP_SEARCH')") + @PreAuthorize("hasRole('" + Entitlement.GROUP_SEARCH + "')") @Transactional(readOnly = true, rollbackFor = { Throwable.class }) @Override public List<GroupTO> search(final SearchCond searchCondition, final int page, final int size, @@ -165,7 +165,7 @@ public class GroupLogic extends AbstractSubjectLogic<GroupTO, GroupMod> { }, new ArrayList<GroupTO>()); } - @PreAuthorize("hasRole('GROUP_CREATE')") + @PreAuthorize("hasRole('" + Entitlement.GROUP_CREATE + "')") public GroupTO create(final GroupTO groupTO) { if (groupTO.getRealm() == null) { SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.InvalidRealm); @@ -191,7 +191,7 @@ public class GroupLogic extends AbstractSubjectLogic<GroupTO, GroupMod> { return savedTO; } - @PreAuthorize("hasRole('GROUP_UPDATE')") + @PreAuthorize("hasRole('" + Entitlement.GROUP_UPDATE + "')") @Override public GroupTO update(final GroupMod groupMod) { Group group = groupDAO.authFetch(groupMod.getKey()); @@ -216,7 +216,7 @@ public class GroupLogic extends AbstractSubjectLogic<GroupTO, GroupMod> { return updatedTO; } - @PreAuthorize("hasRole('GROUP_DELETE')") + @PreAuthorize("hasRole('" + Entitlement.GROUP_DELETE + "')") @Override public GroupTO delete(final Long groupKey) { Group group = groupDAO.authFetch(groupKey); @@ -253,7 +253,7 @@ public class GroupLogic extends AbstractSubjectLogic<GroupTO, GroupMod> { return groupTO; } - @PreAuthorize("hasRole('GROUP_UPDATE')") + @PreAuthorize("hasRole('" + Entitlement.GROUP_UPDATE + "')") @Transactional(rollbackFor = { Throwable.class }) @Override public GroupTO unlink(final Long groupKey, final Collection<String> resources) { @@ -265,7 +265,7 @@ public class GroupLogic extends AbstractSubjectLogic<GroupTO, GroupMod> { return binder.getGroupTO(updatedResult); } - @PreAuthorize("hasRole('GROUP_UPDATE')") + @PreAuthorize("hasRole('" + Entitlement.GROUP_UPDATE + "')") @Transactional(rollbackFor = { Throwable.class }) @Override public GroupTO link(final Long groupKey, final Collection<String> resources) { @@ -275,7 +275,7 @@ public class GroupLogic extends AbstractSubjectLogic<GroupTO, GroupMod> { return binder.getGroupTO(provisioningManager.link(groupMod)); } - @PreAuthorize("hasRole('GROUP_UPDATE')") + @PreAuthorize("hasRole('" + Entitlement.GROUP_UPDATE + "')") @Transactional(rollbackFor = { Throwable.class }) @Override public GroupTO unassign(final Long groupKey, final Collection<String> resources) { @@ -285,7 +285,7 @@ public class GroupLogic extends AbstractSubjectLogic<GroupTO, GroupMod> { return update(groupMod); } - @PreAuthorize("hasRole('GROUP_UPDATE')") + @PreAuthorize("hasRole('" + Entitlement.GROUP_UPDATE + "')") @Transactional(rollbackFor = { Throwable.class }) @Override public GroupTO assign( @@ -297,7 +297,7 @@ public class GroupLogic extends AbstractSubjectLogic<GroupTO, GroupMod> { return update(userMod); } - @PreAuthorize("hasRole('GROUP_UPDATE')") + @PreAuthorize("hasRole('" + Entitlement.GROUP_UPDATE + "')") @Transactional(rollbackFor = { Throwable.class }) @Override public GroupTO deprovision(final Long groupKey, final Collection<String> resources) { @@ -310,7 +310,7 @@ public class GroupLogic extends AbstractSubjectLogic<GroupTO, GroupMod> { return updatedTO; } - @PreAuthorize("hasRole('GROUP_UPDATE')") + @PreAuthorize("hasRole('" + Entitlement.GROUP_UPDATE + "')") @Transactional(rollbackFor = { Throwable.class }) @Override public GroupTO provision( http://git-wip-us.apache.org/repos/asf/syncope/blob/8f1a9f5e/core/logic/src/main/java/org/apache/syncope/core/logic/LoggerLogic.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/LoggerLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/LoggerLogic.java index a315bb4..ab5389b 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/LoggerLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/LoggerLogic.java @@ -48,6 +48,7 @@ import org.apache.syncope.common.lib.types.ResourceOperation; import org.apache.syncope.common.lib.types.TaskType; import org.apache.syncope.common.lib.types.UnmatchingRule; import org.apache.syncope.common.lib.CollectionUtils2; +import org.apache.syncope.common.lib.types.Entitlement; import org.apache.syncope.core.persistence.api.dao.ExternalResourceDAO; import org.apache.syncope.core.persistence.api.dao.LoggerDAO; import org.apache.syncope.core.persistence.api.dao.NotFoundException; @@ -98,13 +99,13 @@ public class LoggerLogic extends AbstractTransactionalLogic<LoggerTO> { }, new ArrayList<LoggerTO>()); } - @PreAuthorize("hasRole('LOG_LIST')") + @PreAuthorize("hasRole('" + Entitlement.LOG_LIST + "')") @Transactional(readOnly = true) public List<LoggerTO> listLogs() { return list(LoggerType.LOG); } - @PreAuthorize("hasRole('AUDIT_LIST')") + @PreAuthorize("hasRole('" + Entitlement.AUDIT_LIST + "')") @Transactional(readOnly = true) public List<AuditLoggerName> listAudits() { return CollectionUtils2.collect(list(LoggerType.AUDIT), new Transformer<LoggerTO, AuditLoggerName>() { @@ -162,12 +163,12 @@ public class LoggerLogic extends AbstractTransactionalLogic<LoggerTO> { return result; } - @PreAuthorize("hasRole('LOG_SET_LEVEL')") + @PreAuthorize("hasRole('" + Entitlement.LOG_SET_LEVEL + "')") public LoggerTO setLogLevel(final String name, final Level level) { return setLevel(name, level, LoggerType.LOG); } - @PreAuthorize("hasRole('AUDIT_ENABLE')") + @PreAuthorize("hasRole('" + Entitlement.AUDIT_ENABLE + "')") public void enableAudit(final AuditLoggerName auditLoggerName) { try { setLevel(auditLoggerName.toLoggerName(), Level.DEBUG, LoggerType.AUDIT); @@ -202,12 +203,12 @@ public class LoggerLogic extends AbstractTransactionalLogic<LoggerTO> { return loggerToDelete; } - @PreAuthorize("hasRole('LOG_DELETE')") + @PreAuthorize("hasRole('" + Entitlement.LOG_DELETE + "')") public LoggerTO deleteLog(final String name) throws NotFoundException { return delete(name, LoggerType.LOG); } - @PreAuthorize("hasRole('AUDIT_DISABLE')") + @PreAuthorize("hasRole('" + Entitlement.AUDIT_DISABLE + "')") public void disableAudit(final AuditLoggerName auditLoggerName) { try { delete(auditLoggerName.toLoggerName(), LoggerType.AUDIT); @@ -220,7 +221,7 @@ public class LoggerLogic extends AbstractTransactionalLogic<LoggerTO> { } } - @PreAuthorize("hasRole('AUDIT_LIST') or hasRole('NOTIFICATION_LIST')") + @PreAuthorize("hasRole('" + Entitlement.AUDIT_LIST + "') or hasRole('" + Entitlement.NOTIFICATION_LIST + "')") public List<EventCategoryTO> listAuditEvents() { // use set to avoid duplications or null elements Set<EventCategoryTO> events = new HashSet<>(); http://git-wip-us.apache.org/repos/asf/syncope/blob/8f1a9f5e/core/logic/src/main/java/org/apache/syncope/core/logic/NotificationLogic.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/NotificationLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/NotificationLogic.java index c7ad949..cb1f041 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/NotificationLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/NotificationLogic.java @@ -25,6 +25,7 @@ import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.collections4.Transformer; import org.apache.commons.lang3.ArrayUtils; import org.apache.syncope.common.lib.to.NotificationTO; +import org.apache.syncope.common.lib.types.Entitlement; import org.apache.syncope.core.persistence.api.dao.NotFoundException; import org.apache.syncope.core.persistence.api.dao.NotificationDAO; import org.apache.syncope.core.persistence.api.entity.Notification; @@ -42,7 +43,7 @@ public class NotificationLogic extends AbstractTransactionalLogic<NotificationTO @Autowired private NotificationDataBinder binder; - @PreAuthorize("hasRole('NOTIFICATION_READ')") + @PreAuthorize("hasRole('" + Entitlement.NOTIFICATION_READ + "')") public NotificationTO read(final Long notificationKey) { Notification notification = notificationDAO.find(notificationKey); if (notification == null) { @@ -54,7 +55,7 @@ public class NotificationLogic extends AbstractTransactionalLogic<NotificationTO return binder.getNotificationTO(notification); } - @PreAuthorize("hasRole('NOTIFICATION_LIST')") + @PreAuthorize("hasRole('" + Entitlement.NOTIFICATION_LIST + "')") public List<NotificationTO> list() { return CollectionUtils.collect(notificationDAO.findAll(), new Transformer<Notification, NotificationTO>() { @@ -65,12 +66,12 @@ public class NotificationLogic extends AbstractTransactionalLogic<NotificationTO }, new ArrayList<NotificationTO>()); } - @PreAuthorize("hasRole('NOTIFICATION_CREATE')") + @PreAuthorize("hasRole('" + Entitlement.NOTIFICATION_CREATE + "')") public NotificationTO create(final NotificationTO notificationTO) { return binder.getNotificationTO(notificationDAO.save(binder.create(notificationTO))); } - @PreAuthorize("hasRole('NOTIFICATION_UPDATE')") + @PreAuthorize("hasRole('" + Entitlement.NOTIFICATION_UPDATE + "')") public NotificationTO update(final NotificationTO notificationTO) { Notification notification = notificationDAO.find(notificationTO.getKey()); if (notification == null) { @@ -84,7 +85,7 @@ public class NotificationLogic extends AbstractTransactionalLogic<NotificationTO return binder.getNotificationTO(notification); } - @PreAuthorize("hasRole('NOTIFICATION_DELETE')") + @PreAuthorize("hasRole('" + Entitlement.NOTIFICATION_DELETE + "')") public NotificationTO delete(final Long notificationKey) { Notification notification = notificationDAO.find(notificationKey); if (notification == null) { http://git-wip-us.apache.org/repos/asf/syncope/blob/8f1a9f5e/core/logic/src/main/java/org/apache/syncope/core/logic/PolicyLogic.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/PolicyLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/PolicyLogic.java index 92be74b..80409aa 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/PolicyLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/PolicyLogic.java @@ -28,6 +28,7 @@ import org.apache.syncope.common.lib.to.AbstractPolicyTO; import org.apache.syncope.common.lib.to.AccountPolicyTO; import org.apache.syncope.common.lib.to.PasswordPolicyTO; import org.apache.syncope.common.lib.to.SyncPolicyTO; +import org.apache.syncope.common.lib.types.Entitlement; import org.apache.syncope.common.lib.types.PolicyType; import org.apache.syncope.core.persistence.api.dao.NotFoundException; import org.apache.syncope.core.persistence.api.dao.PolicyDAO; @@ -49,7 +50,7 @@ public class PolicyLogic extends AbstractTransactionalLogic<AbstractPolicyTO> { @Autowired private PolicyDataBinder binder; - @PreAuthorize("hasRole('POLICY_CREATE')") + @PreAuthorize("hasRole('" + Entitlement.POLICY_CREATE + "')") public <T extends AbstractPolicyTO> T create(final T policyTO) { return binder.getPolicyTO(policyDAO.save(binder.getPolicy(null, policyTO))); } @@ -60,7 +61,7 @@ public class PolicyLogic extends AbstractTransactionalLogic<AbstractPolicyTO> { return binder.getPolicyTO(savedPolicy); } - @PreAuthorize("hasRole('POLICY_UPDATE')") + @PreAuthorize("hasRole('" + Entitlement.POLICY_UPDATE + "')") public PasswordPolicyTO update(final PasswordPolicyTO policyTO) { Policy policy = policyDAO.find(policyTO.getKey()); if (!(policy instanceof PasswordPolicy)) { @@ -70,7 +71,7 @@ public class PolicyLogic extends AbstractTransactionalLogic<AbstractPolicyTO> { return update(policyTO, policy); } - @PreAuthorize("hasRole('POLICY_UPDATE')") + @PreAuthorize("hasRole('" + Entitlement.POLICY_UPDATE + "')") public AccountPolicyTO update(final AccountPolicyTO policyTO) { Policy policy = policyDAO.find(policyTO.getKey()); if (!(policy instanceof AccountPolicy)) { @@ -80,7 +81,7 @@ public class PolicyLogic extends AbstractTransactionalLogic<AbstractPolicyTO> { return update(policyTO, policy); } - @PreAuthorize("hasRole('POLICY_UPDATE')") + @PreAuthorize("hasRole('" + Entitlement.POLICY_UPDATE + "')") public SyncPolicyTO update(final SyncPolicyTO policyTO) { Policy policy = policyDAO.find(policyTO.getKey()); if (!(policy instanceof SyncPolicy)) { @@ -90,7 +91,7 @@ public class PolicyLogic extends AbstractTransactionalLogic<AbstractPolicyTO> { return update(policyTO, policy); } - @PreAuthorize("hasRole('POLICY_LIST')") + @PreAuthorize("hasRole('" + Entitlement.POLICY_LIST + "')") public <T extends AbstractPolicyTO> List<T> list(final PolicyType type) { return CollectionUtils.collect(policyDAO.find(type), new Transformer<Policy, T>() { @@ -101,7 +102,7 @@ public class PolicyLogic extends AbstractTransactionalLogic<AbstractPolicyTO> { }, new ArrayList<T>()); } - @PreAuthorize("hasRole('POLICY_READ')") + @PreAuthorize("hasRole('" + Entitlement.POLICY_READ + "')") public <T extends AbstractPolicyTO> T read(final Long id) { Policy policy = policyDAO.find(id); if (policy == null) { @@ -111,7 +112,7 @@ public class PolicyLogic extends AbstractTransactionalLogic<AbstractPolicyTO> { return binder.getPolicyTO(policy); } - @PreAuthorize("hasRole('POLICY_DELETE')") + @PreAuthorize("hasRole('" + Entitlement.POLICY_DELETE + "')") public <T extends AbstractPolicyTO> T delete(final Long id) { Policy policy = policyDAO.find(id); if (policy == null) { http://git-wip-us.apache.org/repos/asf/syncope/blob/8f1a9f5e/core/logic/src/main/java/org/apache/syncope/core/logic/RealmLogic.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/RealmLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/RealmLogic.java index 1b4e857..6d4b02c 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/RealmLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/RealmLogic.java @@ -25,6 +25,7 @@ import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.collections4.Transformer; import org.apache.commons.lang3.ArrayUtils; import org.apache.syncope.common.lib.to.RealmTO; +import org.apache.syncope.common.lib.types.Entitlement; import org.apache.syncope.core.persistence.api.dao.NotFoundException; import org.apache.syncope.core.persistence.api.dao.RealmDAO; import org.apache.syncope.core.persistence.api.entity.Realm; @@ -42,7 +43,7 @@ public class RealmLogic extends AbstractTransactionalLogic<RealmTO> { @Autowired private RealmDataBinder binder; - @PreAuthorize("hasRole('REALM_LIST')") + @PreAuthorize("hasRole('" + Entitlement.REALM_LIST + "')") public List<RealmTO> list(final String fullPath) { Realm realm = realmDAO.find(fullPath); if (realm == null) { @@ -60,12 +61,12 @@ public class RealmLogic extends AbstractTransactionalLogic<RealmTO> { }, new ArrayList<RealmTO>()); } - @PreAuthorize("hasRole('REALM_CREATE')") + @PreAuthorize("hasRole('" + Entitlement.REALM_CREATE + "')") public RealmTO create(final String parentPath, final RealmTO realmTO) { return binder.getRealmTO(realmDAO.save(binder.create(parentPath, realmTO))); } - @PreAuthorize("hasRole('REALM_UPDATE')") + @PreAuthorize("hasRole('" + Entitlement.REALM_UPDATE + "')") public RealmTO update(final RealmTO realmTO) { Realm realm = realmDAO.find(realmTO.getFullPath()); if (realm == null) { @@ -80,7 +81,7 @@ public class RealmLogic extends AbstractTransactionalLogic<RealmTO> { return binder.getRealmTO(realm); } - @PreAuthorize("hasRole('REALM_DELETE')") + @PreAuthorize("hasRole('" + Entitlement.REALM_DELETE + "')") public RealmTO delete(final String fullPath) { Realm realm = realmDAO.find(fullPath); if (realm == null) { http://git-wip-us.apache.org/repos/asf/syncope/blob/8f1a9f5e/core/logic/src/main/java/org/apache/syncope/core/logic/ReportLogic.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/ReportLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/ReportLogic.java index 1af1929..fb92b3e 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/ReportLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/ReportLogic.java @@ -63,6 +63,7 @@ import org.apache.syncope.core.logic.report.Reportlet; import org.apache.syncope.core.logic.report.ReportletConfClass; import org.apache.syncope.core.logic.report.TextSerializer; import org.apache.syncope.common.lib.CollectionUtils2; +import org.apache.syncope.common.lib.types.Entitlement; import org.apache.xmlgraphics.util.MimeConstants; import org.quartz.JobKey; import org.quartz.Scheduler; @@ -97,7 +98,7 @@ public class ReportLogic extends AbstractTransactionalLogic<ReportTO> { @Autowired private ImplementationClassNamesLoader classNamesLoader; - @PreAuthorize("hasRole('REPORT_CREATE')") + @PreAuthorize("hasRole('" + Entitlement.REPORT_CREATE + "')") public ReportTO create(final ReportTO reportTO) { Report report = entityFactory.newEntity(Report.class); binder.getReport(report, reportTO); @@ -116,7 +117,7 @@ public class ReportLogic extends AbstractTransactionalLogic<ReportTO> { return binder.getReportTO(report); } - @PreAuthorize("hasRole('REPORT_UPDATE')") + @PreAuthorize("hasRole('" + Entitlement.REPORT_UPDATE + "')") public ReportTO update(final ReportTO reportTO) { Report report = reportDAO.find(reportTO.getKey()); if (report == null) { @@ -139,12 +140,12 @@ public class ReportLogic extends AbstractTransactionalLogic<ReportTO> { return binder.getReportTO(report); } - @PreAuthorize("hasRole('REPORT_LIST')") + @PreAuthorize("hasRole('" + Entitlement.REPORT_LIST + "')") public int count() { return reportDAO.count(); } - @PreAuthorize("hasRole('REPORT_LIST')") + @PreAuthorize("hasRole('" + Entitlement.REPORT_LIST + "')") public List<ReportTO> list(final int page, final int size, final List<OrderByClause> orderByClauses) { return CollectionUtils.collect(reportDAO.findAll(page, size, orderByClauses), new Transformer<Report, ReportTO>() { @@ -191,7 +192,7 @@ public class ReportLogic extends AbstractTransactionalLogic<ReportTO> { PredicateUtils.notNullPredicate(), new HashSet<Class<Reportlet>>()); } - @PreAuthorize("hasRole('REPORT_LIST')") + @PreAuthorize("hasRole('" + Entitlement.REPORT_LIST + "')") public Set<String> getReportletConfClasses() { return CollectionUtils2.collect(getAllReportletClasses(), new Transformer<Class<Reportlet>, String>() { @@ -216,7 +217,7 @@ public class ReportLogic extends AbstractTransactionalLogic<ReportTO> { return result; } - @PreAuthorize("hasRole('REPORT_READ')") + @PreAuthorize("hasRole('" + Entitlement.REPORT_READ + "')") public ReportTO read(final Long reportKey) { Report report = reportDAO.find(reportKey); if (report == null) { @@ -225,7 +226,7 @@ public class ReportLogic extends AbstractTransactionalLogic<ReportTO> { return binder.getReportTO(report); } - @PreAuthorize("hasRole('REPORT_READ')") + @PreAuthorize("hasRole('" + Entitlement.REPORT_READ + "')") @Transactional(readOnly = true) public ReportExecTO readExecution(final Long executionKey) { ReportExec reportExec = reportExecDAO.find(executionKey); @@ -235,7 +236,7 @@ public class ReportLogic extends AbstractTransactionalLogic<ReportTO> { return binder.getReportExecTO(reportExec); } - @PreAuthorize("hasRole('REPORT_READ')") + @PreAuthorize("hasRole('" + Entitlement.REPORT_READ + "')") public void exportExecutionResult(final OutputStream os, final ReportExec reportExec, final ReportExecExportFormat format) { @@ -301,7 +302,7 @@ public class ReportLogic extends AbstractTransactionalLogic<ReportTO> { } } - @PreAuthorize("hasRole('REPORT_READ')") + @PreAuthorize("hasRole('" + Entitlement.REPORT_READ + "')") public ReportExec getAndCheckReportExec(final Long executionKey) { ReportExec reportExec = reportExecDAO.find(executionKey); if (reportExec == null) { @@ -317,7 +318,7 @@ public class ReportLogic extends AbstractTransactionalLogic<ReportTO> { return reportExec; } - @PreAuthorize("hasRole('REPORT_EXECUTE')") + @PreAuthorize("hasRole('" + Entitlement.REPORT_EXECUTE + "')") public ReportExecTO execute(final Long reportKey) { Report report = reportDAO.find(reportKey); if (report == null) { @@ -346,7 +347,7 @@ public class ReportLogic extends AbstractTransactionalLogic<ReportTO> { return result; } - @PreAuthorize("hasRole('REPORT_DELETE')") + @PreAuthorize("hasRole('" + Entitlement.REPORT_DELETE + "')") public ReportTO delete(final Long reportKey) { Report report = reportDAO.find(reportKey); if (report == null) { @@ -359,7 +360,7 @@ public class ReportLogic extends AbstractTransactionalLogic<ReportTO> { return deletedReport; } - @PreAuthorize("hasRole('REPORT_DELETE')") + @PreAuthorize("hasRole('" + Entitlement.REPORT_DELETE + "')") public ReportExecTO deleteExecution(final Long executionKey) { ReportExec reportExec = reportExecDAO.find(executionKey); if (reportExec == null) { http://git-wip-us.apache.org/repos/asf/syncope/blob/8f1a9f5e/core/logic/src/main/java/org/apache/syncope/core/logic/ResourceLogic.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/ResourceLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/ResourceLogic.java index 3148d19..4d31e8d 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/ResourceLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/ResourceLogic.java @@ -30,6 +30,7 @@ import org.apache.syncope.common.lib.SyncopeClientException; import org.apache.syncope.common.lib.to.ConnObjectTO; import org.apache.syncope.common.lib.to.ResourceTO; import org.apache.syncope.common.lib.types.ClientExceptionType; +import org.apache.syncope.common.lib.types.Entitlement; import org.apache.syncope.common.lib.types.MappingPurpose; import org.apache.syncope.common.lib.types.SubjectType; import org.apache.syncope.core.persistence.api.dao.DuplicateException; @@ -83,7 +84,7 @@ public class ResourceLogic extends AbstractTransactionalLogic<ResourceTO> { @Autowired private AttributableUtilsFactory attrUtilsFactory; - @PreAuthorize("hasRole('RESOURCE_CREATE')") + @PreAuthorize("hasRole('" + Entitlement.RESOURCE_CREATE + "')") public ResourceTO create(final ResourceTO resourceTO) { if (StringUtils.isBlank(resourceTO.getKey())) { SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.RequiredValuesMissing); @@ -109,7 +110,7 @@ public class ResourceLogic extends AbstractTransactionalLogic<ResourceTO> { return binder.getResourceTO(resource); } - @PreAuthorize("hasRole('RESOURCE_UPDATE')") + @PreAuthorize("hasRole('" + Entitlement.RESOURCE_UPDATE + "')") public ResourceTO update(final ResourceTO resourceTO) { ExternalResource resource = resourceDAO.find(resourceTO.getKey()); if (resource == null) { @@ -130,7 +131,7 @@ public class ResourceLogic extends AbstractTransactionalLogic<ResourceTO> { return binder.getResourceTO(resource); } - @PreAuthorize("hasRole('RESOURCE_DELETE')") + @PreAuthorize("hasRole('" + Entitlement.RESOURCE_DELETE + "')") public ResourceTO delete(final String resourceName) { ExternalResource resource = resourceDAO.find(resourceName); if (resource == null) { @@ -144,7 +145,7 @@ public class ResourceLogic extends AbstractTransactionalLogic<ResourceTO> { return resourceToDelete; } - @PreAuthorize("hasRole('RESOURCE_READ')") + @PreAuthorize("hasRole('" + Entitlement.RESOURCE_READ + "')") @Transactional(readOnly = true) public ResourceTO read(final String resourceName) { ExternalResource resource = resourceDAO.find(resourceName); @@ -167,7 +168,7 @@ public class ResourceLogic extends AbstractTransactionalLogic<ResourceTO> { }, new ArrayList<ResourceTO>()); } - @PreAuthorize("hasRole('RESOURCE_GETCONNECTOROBJECT')") + @PreAuthorize("hasRole('" + Entitlement.RESOURCE_GETCONNECTOROBJECT + "')") @Transactional(readOnly = true) public ConnObjectTO getConnectorObject(final String resourceName, final SubjectType type, final Long id) { ExternalResource resource = resourceDAO.find(resourceName); @@ -213,7 +214,7 @@ public class ResourceLogic extends AbstractTransactionalLogic<ResourceTO> { return connObjectUtils.getConnObjectTO(connectorObject); } - @PreAuthorize("hasRole('CONNECTOR_READ')") + @PreAuthorize("hasRole('" + Entitlement.CONNECTOR_READ + "')") @Transactional(readOnly = true) public boolean check(final ResourceTO resourceTO) { final ConnInstance connInstance = binder.getConnInstance(resourceTO); http://git-wip-us.apache.org/repos/asf/syncope/blob/8f1a9f5e/core/logic/src/main/java/org/apache/syncope/core/logic/RoleLogic.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/RoleLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/RoleLogic.java index 668d263..cfe2c5b 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/RoleLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/RoleLogic.java @@ -25,6 +25,7 @@ import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.collections4.Transformer; import org.apache.commons.lang3.ArrayUtils; import org.apache.syncope.common.lib.to.RoleTO; +import org.apache.syncope.common.lib.types.Entitlement; import org.apache.syncope.core.persistence.api.dao.NotFoundException; import org.apache.syncope.core.persistence.api.dao.RoleDAO; import org.apache.syncope.core.persistence.api.entity.Role; @@ -42,7 +43,7 @@ public class RoleLogic extends AbstractTransactionalLogic<RoleTO> { @Autowired private RoleDAO roleDAO; - @PreAuthorize("hasRole('ROLE_READ')") + @PreAuthorize("hasRole('" + Entitlement.ROLE_READ + "')") public RoleTO read(final Long roleKey) { Role role = roleDAO.find(roleKey); if (role == null) { @@ -54,7 +55,7 @@ public class RoleLogic extends AbstractTransactionalLogic<RoleTO> { return binder.getRoleTO(role); } - @PreAuthorize("hasRole('ROLE_LIST')") + @PreAuthorize("hasRole('" + Entitlement.ROLE_LIST + "')") public List<RoleTO> list() { return CollectionUtils.collect(roleDAO.findAll(), new Transformer<Role, RoleTO>() { @@ -65,12 +66,12 @@ public class RoleLogic extends AbstractTransactionalLogic<RoleTO> { }, new ArrayList<RoleTO>()); } - @PreAuthorize("hasRole('ROLE_CREATE')") + @PreAuthorize("hasRole('" + Entitlement.ROLE_CREATE + "')") public RoleTO create(final RoleTO roleTO) { return binder.getRoleTO(roleDAO.save(binder.create(roleTO))); } - @PreAuthorize("hasRole('ROLE_UPDATE')") + @PreAuthorize("hasRole('" + Entitlement.ROLE_UPDATE + "')") public RoleTO update(final RoleTO roleTO) { Role role = roleDAO.find(roleTO.getKey()); if (role == null) { @@ -84,7 +85,7 @@ public class RoleLogic extends AbstractTransactionalLogic<RoleTO> { return binder.getRoleTO(role); } - @PreAuthorize("hasRole('ROLE_DELETE')") + @PreAuthorize("hasRole('" + Entitlement.ROLE_DELETE + "')") public RoleTO delete(final Long roleKey) { Role role = roleDAO.find(roleKey); if (role == null) { http://git-wip-us.apache.org/repos/asf/syncope/blob/8f1a9f5e/core/logic/src/main/java/org/apache/syncope/core/logic/SchemaLogic.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/SchemaLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/SchemaLogic.java index 1ced7a0..a9c509c 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/SchemaLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/SchemaLogic.java @@ -32,6 +32,7 @@ import org.apache.syncope.common.lib.to.PlainSchemaTO; import org.apache.syncope.common.lib.to.VirSchemaTO; import org.apache.syncope.common.lib.types.AttributableType; import org.apache.syncope.common.lib.types.ClientExceptionType; +import org.apache.syncope.common.lib.types.Entitlement; import org.apache.syncope.common.lib.types.SchemaType; import org.apache.syncope.core.persistence.api.dao.DerSchemaDAO; import org.apache.syncope.core.persistence.api.dao.DuplicateException; @@ -89,7 +90,7 @@ public class SchemaLogic extends AbstractTransactionalLogic<AbstractSchemaTO> { return found; } - @PreAuthorize("hasRole('SCHEMA_CREATE')") + @PreAuthorize("hasRole('" + Entitlement.SCHEMA_CREATE + "')") @SuppressWarnings("unchecked") public <T extends AbstractSchemaTO> T create( final AttributableType attrType, final SchemaType schemaType, final T schemaTO) { @@ -132,7 +133,7 @@ public class SchemaLogic extends AbstractTransactionalLogic<AbstractSchemaTO> { return created; } - @PreAuthorize("hasRole('SCHEMA_DELETE')") + @PreAuthorize("hasRole('" + Entitlement.SCHEMA_DELETE + "')") public void delete(final AttributableType attrType, final SchemaType schemaType, final String schemaName) { final AttributableUtils attrUtils = attrUtilsFactory.getInstance(attrType); @@ -199,7 +200,7 @@ public class SchemaLogic extends AbstractTransactionalLogic<AbstractSchemaTO> { return result; } - @PreAuthorize("hasRole('SCHEMA_READ')") + @PreAuthorize("hasRole('" + Entitlement.SCHEMA_READ + "')") @SuppressWarnings("unchecked") public <T extends AbstractSchemaTO> T read( final AttributableType attrType, final SchemaType schemaType, final String schemaName) { @@ -239,7 +240,7 @@ public class SchemaLogic extends AbstractTransactionalLogic<AbstractSchemaTO> { return read; } - @PreAuthorize("hasRole('SCHEMA_UPDATE')") + @PreAuthorize("hasRole('" + Entitlement.SCHEMA_UPDATE + "')") public <T extends AbstractSchemaTO> void update( final AttributableType attrType, final SchemaType schemaType, final T schemaTO) { http://git-wip-us.apache.org/repos/asf/syncope/blob/8f1a9f5e/core/logic/src/main/java/org/apache/syncope/core/logic/SecurityQuestionLogic.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/SecurityQuestionLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/SecurityQuestionLogic.java index 6963dbe..8004c52 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/SecurityQuestionLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/SecurityQuestionLogic.java @@ -25,6 +25,7 @@ import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.collections4.Transformer; import org.apache.commons.lang3.ArrayUtils; import org.apache.syncope.common.lib.to.SecurityQuestionTO; +import org.apache.syncope.common.lib.types.Entitlement; import org.apache.syncope.core.persistence.api.dao.NotFoundException; import org.apache.syncope.core.persistence.api.dao.SecurityQuestionDAO; import org.apache.syncope.core.persistence.api.dao.UserDAO; @@ -71,12 +72,12 @@ public class SecurityQuestionLogic extends AbstractTransactionalLogic<SecurityQu return binder.getSecurityQuestionTO(securityQuestion); } - @PreAuthorize("hasRole('SECURITY_QUESTION_CREATE')") + @PreAuthorize("hasRole('" + Entitlement.SECURITY_QUESTION_CREATE + "')") public SecurityQuestionTO create(final SecurityQuestionTO securityQuestionTO) { return binder.getSecurityQuestionTO(securityQuestionDAO.save(binder.create(securityQuestionTO))); } - @PreAuthorize("hasRole('SECURITY_QUESTION_UPDATE')") + @PreAuthorize("hasRole('" + Entitlement.SECURITY_QUESTION_UPDATE + "')") public SecurityQuestionTO update(final SecurityQuestionTO securityQuestionTO) { SecurityQuestion securityQuestion = securityQuestionDAO.find(securityQuestionTO.getKey()); if (securityQuestion == null) { @@ -91,7 +92,7 @@ public class SecurityQuestionLogic extends AbstractTransactionalLogic<SecurityQu return binder.getSecurityQuestionTO(securityQuestion); } - @PreAuthorize("hasRole('SECURITY_QUESTION_DELETE')") + @PreAuthorize("hasRole('" + Entitlement.SECURITY_QUESTION_DELETE + "')") public SecurityQuestionTO delete(final Long securityQuestionId) { SecurityQuestion securityQuestion = securityQuestionDAO.find(securityQuestionId); if (securityQuestion == null) { @@ -105,7 +106,7 @@ public class SecurityQuestionLogic extends AbstractTransactionalLogic<SecurityQu return deleted; } - @PreAuthorize("isAnonymous() or hasRole('ANONYMOUS')") + @PreAuthorize("isAnonymous() or hasRole('" + Entitlement.ANONYMOUS + "')") public SecurityQuestionTO read(final String username) { if (username == null) { throw new NotFoundException("Null username"); http://git-wip-us.apache.org/repos/asf/syncope/blob/8f1a9f5e/core/logic/src/main/java/org/apache/syncope/core/logic/TaskLogic.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/TaskLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/TaskLogic.java index 168e306..7a64aff 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/TaskLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/TaskLogic.java @@ -31,6 +31,7 @@ import org.apache.syncope.common.lib.to.SchedTaskTO; import org.apache.syncope.common.lib.to.SyncTaskTO; import org.apache.syncope.common.lib.to.TaskExecTO; import org.apache.syncope.common.lib.types.ClientExceptionType; +import org.apache.syncope.common.lib.types.Entitlement; import org.apache.syncope.common.lib.types.PropagationMode; import org.apache.syncope.common.lib.types.PropagationTaskExecStatus; import org.apache.syncope.common.lib.types.TaskType; @@ -86,7 +87,7 @@ public class TaskLogic extends AbstractTransactionalLogic<AbstractTaskTO> { @Autowired private TaskUtilsFactory taskUtilsFactory; - @PreAuthorize("hasRole('TASK_CREATE')") + @PreAuthorize("hasRole('" + Entitlement.TASK_CREATE + "')") public <T extends SchedTaskTO> T createSchedTask(final T taskTO) { TaskUtils taskUtils = taskUtilsFactory.getInstance(taskTO); @@ -106,12 +107,12 @@ public class TaskLogic extends AbstractTransactionalLogic<AbstractTaskTO> { return binder.getTaskTO(task, taskUtils); } - @PreAuthorize("hasRole('TASK_UPDATE')") + @PreAuthorize("hasRole('" + Entitlement.TASK_UPDATE + "')") public SyncTaskTO updateSync(final SyncTaskTO taskTO) { return updateSched(taskTO); } - @PreAuthorize("hasRole('TASK_UPDATE')") + @PreAuthorize("hasRole('" + Entitlement.TASK_UPDATE + "')") public <T extends SchedTaskTO> T updateSched(final SchedTaskTO taskTO) { SchedTask task = taskDAO.find(taskTO.getKey()); if (task == null) { @@ -136,12 +137,12 @@ public class TaskLogic extends AbstractTransactionalLogic<AbstractTaskTO> { return binder.getTaskTO(task, taskUtils); } - @PreAuthorize("hasRole('TASK_LIST')") + @PreAuthorize("hasRole('" + Entitlement.TASK_LIST + "')") public int count(final TaskType taskType) { return taskDAO.count(taskType); } - @PreAuthorize("hasRole('TASK_LIST')") + @PreAuthorize("hasRole('" + Entitlement.TASK_LIST + "')") @SuppressWarnings("unchecked") public <T extends AbstractTaskTO> List<T> list(final TaskType taskType, final int page, final int size, final List<OrderByClause> orderByClauses) { @@ -158,7 +159,7 @@ public class TaskLogic extends AbstractTransactionalLogic<AbstractTaskTO> { }, new ArrayList<T>()); } - @PreAuthorize("hasRole('TASK_READ')") + @PreAuthorize("hasRole('" + Entitlement.TASK_READ + "')") public <T extends AbstractTaskTO> T read(final Long taskId) { Task task = taskDAO.find(taskId); if (task == null) { @@ -167,7 +168,7 @@ public class TaskLogic extends AbstractTransactionalLogic<AbstractTaskTO> { return binder.getTaskTO(task, taskUtilsFactory.getInstance(task)); } - @PreAuthorize("hasRole('TASK_READ')") + @PreAuthorize("hasRole('" + Entitlement.TASK_READ + "')") public TaskExecTO readExecution(final Long executionId) { TaskExec taskExec = taskExecDAO.find(executionId); if (taskExec == null) { @@ -176,7 +177,7 @@ public class TaskLogic extends AbstractTransactionalLogic<AbstractTaskTO> { return binder.getTaskExecTO(taskExec); } - @PreAuthorize("hasRole('TASK_EXECUTE')") + @PreAuthorize("hasRole('" + Entitlement.TASK_EXECUTE + "')") public TaskExecTO execute(final Long taskId, final boolean dryRun) { Task task = taskDAO.find(taskId); if (task == null) { @@ -230,7 +231,7 @@ public class TaskLogic extends AbstractTransactionalLogic<AbstractTaskTO> { return result; } - @PreAuthorize("hasRole('TASK_READ')") + @PreAuthorize("hasRole('" + Entitlement.TASK_READ + "')") public TaskExecTO report(final Long executionId, final PropagationTaskExecStatus status, final String message) { TaskExec exec = taskExecDAO.find(executionId); if (exec == null) { @@ -272,7 +273,7 @@ public class TaskLogic extends AbstractTransactionalLogic<AbstractTaskTO> { return binder.getTaskExecTO(taskExecDAO.save(exec)); } - @PreAuthorize("hasRole('TASK_DELETE')") + @PreAuthorize("hasRole('" + Entitlement.TASK_DELETE + "')") public <T extends AbstractTaskTO> T delete(final Long taskId) { Task task = taskDAO.find(taskId); if (task == null) { @@ -293,7 +294,7 @@ public class TaskLogic extends AbstractTransactionalLogic<AbstractTaskTO> { return taskToDelete; } - @PreAuthorize("hasRole('TASK_DELETE')") + @PreAuthorize("hasRole('" + Entitlement.TASK_DELETE + "')") public TaskExecTO deleteExecution(final Long executionId) { TaskExec taskExec = taskExecDAO.find(executionId); if (taskExec == null) { http://git-wip-us.apache.org/repos/asf/syncope/blob/8f1a9f5e/core/logic/src/main/java/org/apache/syncope/core/logic/UserLogic.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/UserLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/UserLogic.java index 4929d62..a261cd3 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/UserLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/UserLogic.java @@ -100,17 +100,17 @@ public class UserLogic extends AbstractSubjectLogic<UserTO, UserMod> { @Autowired protected SyncopeLogic syncopeLogic; - @PreAuthorize("hasRole('USER_READ')") + @PreAuthorize("hasRole('" + Entitlement.USER_READ + "')") public String getUsername(final Long key) { return binder.getUserTO(key).getUsername(); } - @PreAuthorize("hasRole('USER_READ')") + @PreAuthorize("hasRole('" + Entitlement.USER_READ + "')") public Long getKey(final String username) { return binder.getUserTO(username).getKey(); } - @PreAuthorize("hasRole('USER_LIST')") + @PreAuthorize("hasRole('" + Entitlement.USER_LIST + "')") @Transactional(readOnly = true, rollbackFor = { Throwable.class }) @Override public int count(final List<String> realms) { @@ -118,7 +118,7 @@ public class UserLogic extends AbstractSubjectLogic<UserTO, UserMod> { getEffectiveRealms(AuthContextUtils.getAuthorizations().get(Entitlement.USER_LIST), realms)); } - @PreAuthorize("hasRole('USER_LIST')") + @PreAuthorize("hasRole('" + Entitlement.USER_LIST + "')") @Transactional(readOnly = true, rollbackFor = { Throwable.class }) @Override public List<UserTO> list( @@ -144,14 +144,14 @@ public class UserLogic extends AbstractSubjectLogic<UserTO, UserMod> { binder.getAuthenticatedUserTO()); } - @PreAuthorize("hasRole('USER_READ')") + @PreAuthorize("hasRole('" + Entitlement.USER_READ + "')") @Transactional(readOnly = true) @Override public UserTO read(final Long key) { return binder.getUserTO(key); } - @PreAuthorize("hasRole('USER_SEARCH')") + @PreAuthorize("hasRole('" + Entitlement.USER_SEARCH + "')") @Transactional(readOnly = true, rollbackFor = { Throwable.class }) @Override public int searchCount(final SearchCond searchCondition, final List<String> realms) { @@ -160,7 +160,7 @@ public class UserLogic extends AbstractSubjectLogic<UserTO, UserMod> { searchCondition, SubjectType.USER); } - @PreAuthorize("hasRole('USER_SEARCH')") + @PreAuthorize("hasRole('" + Entitlement.USER_SEARCH + "')") @Transactional(readOnly = true, rollbackFor = { Throwable.class }) @Override public List<UserTO> search(final SearchCond searchCondition, final int page, final int size, @@ -178,12 +178,12 @@ public class UserLogic extends AbstractSubjectLogic<UserTO, UserMod> { }, new ArrayList<UserTO>()); } - @PreAuthorize("isAnonymous() or hasRole('ANONYMOUS')") + @PreAuthorize("isAnonymous() or hasRole('" + Entitlement.ANONYMOUS + "')") public UserTO createSelf(final UserTO userTO, final boolean storePassword) { return doCreate(userTO, storePassword); } - @PreAuthorize("hasRole('USER_CREATE')") + @PreAuthorize("hasRole('" + Entitlement.USER_CREATE + "')") public UserTO create(final UserTO userTO, final boolean storePassword) { if (userTO.getRealm() == null) { SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.InvalidRealm); @@ -211,7 +211,7 @@ public class UserLogic extends AbstractSubjectLogic<UserTO, UserMod> { return savedTO; } - @PreAuthorize("isAuthenticated() and not(hasRole('ANONYMOUS'))") + @PreAuthorize("isAuthenticated() and not(hasRole('" + Entitlement.ANONYMOUS + "'))") public UserTO updateSelf(final UserMod userMod) { UserTO userTO = binder.getAuthenticatedUserTO(); @@ -222,7 +222,7 @@ public class UserLogic extends AbstractSubjectLogic<UserTO, UserMod> { return update(userMod); } - @PreAuthorize("hasRole('USER_UPDATE')") + @PreAuthorize("hasRole('" + Entitlement.USER_UPDATE + "')") @Override public UserTO update(final UserMod userMod) { // AttributableMod transformation (if configured) @@ -274,7 +274,7 @@ public class UserLogic extends AbstractSubjectLogic<UserTO, UserMod> { return updated; } - @PreAuthorize("hasRole('USER_UPDATE')") + @PreAuthorize("hasRole('" + Entitlement.USER_UPDATE + "')") @Transactional(rollbackFor = { Throwable.class }) public UserTO status(final StatusMod statusMod) { User user = userDAO.authFetch(statusMod.getKey()); @@ -285,7 +285,7 @@ public class UserLogic extends AbstractSubjectLogic<UserTO, UserMod> { return savedTO; } - @PreAuthorize("isAnonymous() or hasRole('ANONYMOUS')") + @PreAuthorize("isAnonymous() or hasRole('" + Entitlement.ANONYMOUS + "')") @Transactional public void requestPasswordReset(final String username, final String securityAnswer) { if (username == null) { @@ -306,7 +306,7 @@ public class UserLogic extends AbstractSubjectLogic<UserTO, UserMod> { provisioningManager.requestPasswordReset(user.getKey()); } - @PreAuthorize("isAnonymous() or hasRole('ANONYMOUS')") + @PreAuthorize("isAnonymous() or hasRole('" + Entitlement.ANONYMOUS + "')") @Transactional public void confirmPasswordReset(final String token, final String password) { User user = userDAO.findByToken(token); @@ -316,14 +316,14 @@ public class UserLogic extends AbstractSubjectLogic<UserTO, UserMod> { provisioningManager.confirmPasswordReset(user, token, password); } - @PreAuthorize("isAuthenticated() and not(hasRole('ANONYMOUS'))") + @PreAuthorize("isAuthenticated() and not(hasRole('" + Entitlement.ANONYMOUS + "'))") public UserTO deleteSelf() { UserTO userTO = binder.getAuthenticatedUserTO(); return delete(userTO.getKey()); } - @PreAuthorize("hasRole('USER_DELETE')") + @PreAuthorize("hasRole('" + Entitlement.USER_DELETE + "')") @Override public UserTO delete(final Long key) { List<Group> ownedGroups = groupDAO.findOwnedByUser(key); @@ -354,7 +354,7 @@ public class UserLogic extends AbstractSubjectLogic<UserTO, UserMod> { return deletedTO; } - @PreAuthorize("hasRole('USER_UPDATE')") + @PreAuthorize("hasRole('" + Entitlement.USER_UPDATE + "')") @Transactional(rollbackFor = { Throwable.class }) @Override public UserTO unlink(final Long key, final Collection<String> resources) { @@ -366,7 +366,7 @@ public class UserLogic extends AbstractSubjectLogic<UserTO, UserMod> { return binder.getUserTO(updatedId); } - @PreAuthorize("hasRole('USER_UPDATE')") + @PreAuthorize("hasRole('" + Entitlement.USER_UPDATE + "')") @Transactional(rollbackFor = { Throwable.class }) @Override public UserTO link(final Long key, final Collection<String> resources) { @@ -376,7 +376,7 @@ public class UserLogic extends AbstractSubjectLogic<UserTO, UserMod> { return binder.getUserTO(provisioningManager.link(userMod)); } - @PreAuthorize("hasRole('USER_UPDATE')") + @PreAuthorize("hasRole('" + Entitlement.USER_UPDATE + "')") @Transactional(rollbackFor = { Throwable.class }) @Override public UserTO unassign(final Long key, final Collection<String> resources) { @@ -386,7 +386,7 @@ public class UserLogic extends AbstractSubjectLogic<UserTO, UserMod> { return update(userMod); } - @PreAuthorize("hasRole('USER_UPDATE')") + @PreAuthorize("hasRole('" + Entitlement.USER_UPDATE + "')") @Transactional(rollbackFor = { Throwable.class }) @Override public UserTO assign( @@ -410,7 +410,7 @@ public class UserLogic extends AbstractSubjectLogic<UserTO, UserMod> { return update(userMod); } - @PreAuthorize("hasRole('USER_UPDATE')") + @PreAuthorize("hasRole('" + Entitlement.USER_UPDATE + "')") @Transactional(rollbackFor = { Throwable.class }) @Override public UserTO deprovision(final Long key, final Collection<String> resources) { @@ -423,7 +423,7 @@ public class UserLogic extends AbstractSubjectLogic<UserTO, UserMod> { return updatedUserTO; } - @PreAuthorize("hasRole('USER_UPDATE')") + @PreAuthorize("hasRole('" + Entitlement.USER_UPDATE + "')") @Transactional(readOnly = true) @Override public UserTO provision( http://git-wip-us.apache.org/repos/asf/syncope/blob/8f1a9f5e/core/logic/src/main/java/org/apache/syncope/core/logic/UserWorkflowLogic.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/UserWorkflowLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/UserWorkflowLogic.java index 69c95f0..d1a1657 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/UserWorkflowLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/UserWorkflowLogic.java @@ -26,6 +26,7 @@ import org.apache.syncope.common.lib.mod.AbstractAttributableMod; import org.apache.syncope.common.lib.mod.UserMod; import org.apache.syncope.common.lib.to.UserTO; import org.apache.syncope.common.lib.to.WorkflowFormTO; +import org.apache.syncope.common.lib.types.Entitlement; import org.apache.syncope.core.persistence.api.dao.UserDAO; import org.apache.syncope.core.persistence.api.entity.task.PropagationTask; import org.apache.syncope.core.persistence.api.entity.user.User; @@ -57,13 +58,13 @@ public class UserWorkflowLogic extends AbstractTransactionalLogic<WorkflowFormTO @Autowired private UserDAO userDAO; - @PreAuthorize("hasRole('WORKFLOW_FORM_CLAIM')") + @PreAuthorize("hasRole('" + Entitlement.WORKFLOW_FORM_CLAIM + "')") @Transactional(rollbackFor = { Throwable.class }) public WorkflowFormTO claimForm(final String taskId) { return uwfAdapter.claimForm(taskId); } - @PreAuthorize("hasRole('USER_UPDATE')") + @PreAuthorize("hasRole('" + Entitlement.USER_UPDATE + "')") public UserTO executeWorkflowTask(final UserTO userTO, final String taskId) { WorkflowResult<Long> updated = uwfAdapter.execute(userTO, taskId); @@ -80,27 +81,27 @@ public class UserWorkflowLogic extends AbstractTransactionalLogic<WorkflowFormTO return binder.getUserTO(updated.getResult()); } - @PreAuthorize("hasRole('WORKFLOW_FORM_READ') and hasRole('USER_READ')") + @PreAuthorize("hasRole('" + Entitlement.WORKFLOW_FORM_READ + "') and hasRole('" + Entitlement.USER_READ + "')") @Transactional(rollbackFor = { Throwable.class }) public WorkflowFormTO getFormForUser(final Long key) { User user = userDAO.authFetch(key); return uwfAdapter.getForm(user.getWorkflowId()); } - @PreAuthorize("hasRole('WORKFLOW_FORM_LIST')") + @PreAuthorize("hasRole('" + Entitlement.WORKFLOW_FORM_LIST + "')") @Transactional(rollbackFor = { Throwable.class }) public List<WorkflowFormTO> getForms() { return uwfAdapter.getForms(); } - @PreAuthorize("hasRole('WORKFLOW_FORM_READ') and hasRole('USER_READ')") + @PreAuthorize("hasRole('" + Entitlement.WORKFLOW_FORM_READ + "') and hasRole('" + Entitlement.USER_READ + "')") @Transactional(rollbackFor = { Throwable.class }) public List<WorkflowFormTO> getForms(final Long key, final String formName) { User user = userDAO.authFetch(key); return uwfAdapter.getForms(user.getWorkflowId(), formName); } - @PreAuthorize("hasRole('WORKFLOW_FORM_SUBMIT')") + @PreAuthorize("hasRole('" + Entitlement.WORKFLOW_FORM_SUBMIT + "')") @Transactional(rollbackFor = { Throwable.class }) public UserTO submitForm(final WorkflowFormTO form) { WorkflowResult<? extends AbstractAttributableMod> updated = uwfAdapter.submitForm(form); http://git-wip-us.apache.org/repos/asf/syncope/blob/8f1a9f5e/core/logic/src/main/java/org/apache/syncope/core/logic/WorkflowLogic.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/WorkflowLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/WorkflowLogic.java index c64ad84..d31500c 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/WorkflowLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/WorkflowLogic.java @@ -22,6 +22,7 @@ import java.io.OutputStream; import java.lang.reflect.Method; import javax.ws.rs.core.MediaType; import org.apache.syncope.common.lib.AbstractBaseBean; +import org.apache.syncope.common.lib.types.Entitlement; import org.apache.syncope.core.workflow.api.GroupWorkflowAdapter; import org.apache.syncope.core.workflow.api.UserWorkflowAdapter; import org.apache.syncope.core.workflow.api.WorkflowAdapter; @@ -54,7 +55,7 @@ public class WorkflowLogic extends AbstractTransactionalLogic<AbstractBaseBean> : WorkflowDefinitionFormat.XML; } - @PreAuthorize("hasRole('WORKFLOW_DEF_READ')") + @PreAuthorize("hasRole('" + Entitlement.WORKFLOW_DEF_READ + "')") @Transactional(readOnly = true) public void exportUserDefinition(final MediaType format, final OutputStream os) throws WorkflowException { @@ -62,7 +63,7 @@ public class WorkflowLogic extends AbstractTransactionalLogic<AbstractBaseBean> exportDefinition(uwfAdapter, getFormat(format), os); } - @PreAuthorize("hasRole('WORKFLOW_DEF_READ')") + @PreAuthorize("hasRole('" + Entitlement.WORKFLOW_DEF_READ + "')") @Transactional(readOnly = true) public void exportGroupDefinition(final MediaType format, final OutputStream os) throws WorkflowException { @@ -72,11 +73,11 @@ public class WorkflowLogic extends AbstractTransactionalLogic<AbstractBaseBean> private void exportDiagram(final WorkflowAdapter adapter, final OutputStream os) throws WorkflowException { - + adapter.exportDiagram(os); } - @PreAuthorize("hasRole('WORKFLOW_DEF_READ')") + @PreAuthorize("hasRole('" + Entitlement.WORKFLOW_DEF_READ + "')") @Transactional(readOnly = true) public void exportUserDiagram(final OutputStream os) throws WorkflowException { @@ -84,7 +85,7 @@ public class WorkflowLogic extends AbstractTransactionalLogic<AbstractBaseBean> exportDiagram(uwfAdapter, os); } - @PreAuthorize("hasRole('WORKFLOW_DEF_READ')") + @PreAuthorize("hasRole('" + Entitlement.WORKFLOW_DEF_READ + "')") @Transactional(readOnly = true) public void exportGroupDiagram(final OutputStream os) throws WorkflowException { @@ -98,12 +99,12 @@ public class WorkflowLogic extends AbstractTransactionalLogic<AbstractBaseBean> adapter.importDefinition(format, definition); } - @PreAuthorize("hasRole('WORKFLOW_DEF_UPDATE')") + @PreAuthorize("hasRole('" + Entitlement.WORKFLOW_DEF_UPDATE + "')") public void importUserDefinition(final MediaType format, final String definition) { importDefinition(uwfAdapter, getFormat(format), definition); } - @PreAuthorize("hasRole('WORKFLOW_DEF_UPDATE')") + @PreAuthorize("hasRole('" + Entitlement.WORKFLOW_DEF_UPDATE + "')") public void importGroupDefinition(final MediaType format, final String definition) { importDefinition(gwfAdapter, getFormat(format), definition); } http://git-wip-us.apache.org/repos/asf/syncope/blob/8f1a9f5e/core/logic/src/test/java/org/apache/syncope/core/logic/NotificationTest.java ---------------------------------------------------------------------- diff --git a/core/logic/src/test/java/org/apache/syncope/core/logic/NotificationTest.java b/core/logic/src/test/java/org/apache/syncope/core/logic/NotificationTest.java index 47ea2a9..736d1d3 100644 --- a/core/logic/src/test/java/org/apache/syncope/core/logic/NotificationTest.java +++ b/core/logic/src/test/java/org/apache/syncope/core/logic/NotificationTest.java @@ -26,7 +26,6 @@ import com.icegreen.greenmail.util.GreenMail; import com.icegreen.greenmail.util.ServerSetup; import java.text.SimpleDateFormat; import java.util.ArrayList; -import java.util.Arrays; import java.util.Date; import java.util.List; import java.util.Random; @@ -209,11 +208,11 @@ public class NotificationTest { @Before public void setupSecurity() { - List<GrantedAuthority> authorities = CollectionUtils.collect(Arrays.asList(Entitlement.values()), - new Transformer<Entitlement, GrantedAuthority>() { + List<GrantedAuthority> authorities = CollectionUtils.collect(Entitlement.values(), + new Transformer<String, GrantedAuthority>() { @Override - public GrantedAuthority transform(final Entitlement entitlement) { + public GrantedAuthority transform(final String entitlement) { return new SyncopeGrantedAuthority(entitlement, SyncopeConstants.ROOT_REALM); } }, new ArrayList<GrantedAuthority>()); http://git-wip-us.apache.org/repos/asf/syncope/blob/8f1a9f5e/core/misc/src/main/java/org/apache/syncope/core/misc/security/AuthContextUtils.java ---------------------------------------------------------------------- diff --git a/core/misc/src/main/java/org/apache/syncope/core/misc/security/AuthContextUtils.java b/core/misc/src/main/java/org/apache/syncope/core/misc/security/AuthContextUtils.java index 2bdf45a..6eebf01 100644 --- a/core/misc/src/main/java/org/apache/syncope/core/misc/security/AuthContextUtils.java +++ b/core/misc/src/main/java/org/apache/syncope/core/misc/security/AuthContextUtils.java @@ -18,12 +18,11 @@ */ package org.apache.syncope.core.misc.security; -import java.util.EnumMap; +import java.util.HashMap; import java.util.Map; import java.util.Set; import org.apache.commons.collections4.MapUtils; import org.apache.syncope.common.lib.SyncopeConstants; -import org.apache.syncope.common.lib.types.Entitlement; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; @@ -47,16 +46,16 @@ public final class AuthContextUtils { SecurityContextHolder.getContext().setAuthentication(newAuth); } - public static Map<Entitlement, Set<String>> getAuthorizations() { - Map<Entitlement, Set<String>> result = null; + public static Map<String, Set<String>> getAuthorizations() { + Map<String, Set<String>> result = null; final SecurityContext ctx = SecurityContextHolder.getContext(); if (ctx != null && ctx.getAuthentication() != null && ctx.getAuthentication().getAuthorities() != null) { - result = new EnumMap<>(Entitlement.class); + result = new HashMap<>(); for (GrantedAuthority authority : ctx.getAuthentication().getAuthorities()) { if (authority instanceof SyncopeGrantedAuthority) { result.put( - SyncopeGrantedAuthority.class.cast(authority).getEntitlement(), + SyncopeGrantedAuthority.class.cast(authority).getAuthority(), SyncopeGrantedAuthority.class.cast(authority).getRealms()); } } http://git-wip-us.apache.org/repos/asf/syncope/blob/8f1a9f5e/core/misc/src/main/java/org/apache/syncope/core/misc/security/SyncopeGrantedAuthority.java ---------------------------------------------------------------------- diff --git a/core/misc/src/main/java/org/apache/syncope/core/misc/security/SyncopeGrantedAuthority.java b/core/misc/src/main/java/org/apache/syncope/core/misc/security/SyncopeGrantedAuthority.java index 860224e..78dccc4 100644 --- a/core/misc/src/main/java/org/apache/syncope/core/misc/security/SyncopeGrantedAuthority.java +++ b/core/misc/src/main/java/org/apache/syncope/core/misc/security/SyncopeGrantedAuthority.java @@ -25,7 +25,6 @@ import java.util.Set; import org.apache.commons.collections4.Closure; import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.collections4.SetUtils; -import org.apache.syncope.common.lib.types.Entitlement; import org.apache.syncope.core.misc.RealmUtils; import org.springframework.security.core.GrantedAuthority; @@ -33,15 +32,15 @@ public class SyncopeGrantedAuthority implements GrantedAuthority { private static final long serialVersionUID = -5647624636011919735L; - private final Entitlement entitlement; + private final String entitlement; private final Set<String> realms = SetUtils.orderedSet(new HashSet<String>()); - public SyncopeGrantedAuthority(final Entitlement entitlement) { + public SyncopeGrantedAuthority(final String entitlement) { this.entitlement = entitlement; } - public SyncopeGrantedAuthority(final Entitlement entitlement, final String realm) { + public SyncopeGrantedAuthority(final String entitlement, final String realm) { this.entitlement = entitlement; this.realms.add(realm); } @@ -60,17 +59,13 @@ public class SyncopeGrantedAuthority implements GrantedAuthority { }); } - public Entitlement getEntitlement() { - return entitlement; - } - public Set<String> getRealms() { return Collections.unmodifiableSet(realms); } @Override public String getAuthority() { - return entitlement.name(); + return entitlement; } }
