http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/logic/src/main/java/org/apache/syncope/core/logic/init/EntitlementAccessor.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/init/EntitlementAccessor.java b/core/logic/src/main/java/org/apache/syncope/core/logic/init/EntitlementAccessor.java new file mode 100644 index 0000000..4596898 --- /dev/null +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/init/EntitlementAccessor.java @@ -0,0 +1,45 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.syncope.core.logic.init; + +import org.apache.syncope.core.misc.EntitlementsHolder; +import org.apache.syncope.core.persistence.api.dao.AnyTypeDAO; +import org.apache.syncope.core.persistence.api.entity.AnyType; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; +import org.springframework.transaction.annotation.Transactional; + +/** + * Domain-sensible (via {@code @Transactional} access to any type data for {@link Entitlement} init. + * + * @see EntitlementLoader + */ +@Component +public class EntitlementAccessor { + + @Autowired + private AnyTypeDAO anyTypeDAO; + + @Transactional(readOnly = true) + public void addEntitlementsForAnyTypes() { + for (AnyType anyType : anyTypeDAO.findAll()) { + EntitlementsHolder.getInstance().addFor(anyType.getKey()); + } + } +}
http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/logic/src/main/java/org/apache/syncope/core/logic/init/EntitlementLoader.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/init/EntitlementLoader.java b/core/logic/src/main/java/org/apache/syncope/core/logic/init/EntitlementLoader.java new file mode 100644 index 0000000..eb0482f --- /dev/null +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/init/EntitlementLoader.java @@ -0,0 +1,60 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.syncope.core.logic.init; + +import java.util.Map; +import javax.sql.DataSource; +import org.apache.syncope.common.lib.types.StandardEntitlement; +import org.apache.syncope.core.misc.EntitlementsHolder; +import org.apache.syncope.core.misc.security.AuthContextUtils; +import org.apache.syncope.core.persistence.api.DomainsHolder; +import org.apache.syncope.core.persistence.api.SyncopeLoader; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +@Component +public class EntitlementLoader implements SyncopeLoader { + + @Autowired + private DomainsHolder domainsHolder; + + @Autowired + private EntitlementAccessor entitlementAccessor; + + @Override + public Integer getPriority() { + return 900; + } + + @Override + public void load() { + EntitlementsHolder.getInstance().init(StandardEntitlement.values()); + + for (Map.Entry<String, DataSource> entry : domainsHolder.getDomains().entrySet()) { + AuthContextUtils.execWithAuthContext(entry.getKey(), new AuthContextUtils.Executable<Void>() { + + @Override + public Void exec() { + entitlementAccessor.addEntitlementsForAnyTypes(); + return null; + } + }); + } + } +} http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/misc/src/main/java/org/apache/syncope/core/misc/EntitlementsHolder.java ---------------------------------------------------------------------- diff --git a/core/misc/src/main/java/org/apache/syncope/core/misc/EntitlementsHolder.java b/core/misc/src/main/java/org/apache/syncope/core/misc/EntitlementsHolder.java new file mode 100644 index 0000000..9c6c00c --- /dev/null +++ b/core/misc/src/main/java/org/apache/syncope/core/misc/EntitlementsHolder.java @@ -0,0 +1,80 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * License); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * AS IS BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.syncope.core.misc; + +import java.util.Collection; +import java.util.Collections; +import java.util.HashSet; +import java.util.Set; + +public final class EntitlementsHolder { + + public enum AnyEntitlement { + SEARCH, + LIST, + CREATE, + READ, + UPDATE, + DELETE; + + } + + private static final Object MONITOR = new Object(); + + private static EntitlementsHolder INSTANCE; + + public static EntitlementsHolder getInstance() { + synchronized (MONITOR) { + if (INSTANCE == null) { + INSTANCE = new EntitlementsHolder(); + } + } + return INSTANCE; + } + + private final Set<String> values = Collections.synchronizedSet(new HashSet<String>()); + + private EntitlementsHolder() { + // private constructor for singleton + } + + public void init(final Collection<String> values) { + this.values.addAll(values); + } + + public String getFor(final String anyTypeKey, final AnyEntitlement operation) { + return anyTypeKey + "_" + operation.name(); + } + + public void addFor(final String anyType) { + for (AnyEntitlement operation : AnyEntitlement.values()) { + this.values.add(getFor(anyType, operation)); + } + } + + public void removeFor(final String anyType) { + for (AnyEntitlement operation : AnyEntitlement.values()) { + this.values.remove(getFor(anyType, operation)); + } + } + + public Set<String> getValues() { + return Collections.unmodifiableSet(values); + } +} http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/misc/src/main/java/org/apache/syncope/core/misc/security/AuthContextUtils.java ---------------------------------------------------------------------- diff --git a/core/misc/src/main/java/org/apache/syncope/core/misc/security/AuthContextUtils.java b/core/misc/src/main/java/org/apache/syncope/core/misc/security/AuthContextUtils.java index 595dda3..e7b9fc0 100644 --- a/core/misc/src/main/java/org/apache/syncope/core/misc/security/AuthContextUtils.java +++ b/core/misc/src/main/java/org/apache/syncope/core/misc/security/AuthContextUtils.java @@ -28,7 +28,7 @@ import org.apache.commons.collections4.MapUtils; import org.apache.commons.collections4.Transformer; import org.apache.commons.lang3.StringUtils; import org.apache.syncope.common.lib.SyncopeConstants; -import org.apache.syncope.common.lib.types.Entitlement; +import org.apache.syncope.core.misc.EntitlementsHolder; import org.apache.syncope.core.misc.spring.ApplicationContextProvider; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; @@ -91,14 +91,14 @@ public final class AuthContextUtils { } private static void setFakeAuth(final String domain) { - List<GrantedAuthority> authorities = CollectionUtils.collect(Entitlement.values(), + List<GrantedAuthority> authorities = CollectionUtils.collect(EntitlementsHolder.getInstance().getValues(), new Transformer<String, GrantedAuthority>() { - @Override - public GrantedAuthority transform(final String entitlement) { - return new SyncopeGrantedAuthority(entitlement, SyncopeConstants.ROOT_REALM); - } - }, new ArrayList<GrantedAuthority>()); + @Override + public GrantedAuthority transform(final String entitlement) { + return new SyncopeGrantedAuthority(entitlement, SyncopeConstants.ROOT_REALM); + } + }, new ArrayList<GrantedAuthority>()); UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken( new User(ApplicationContextProvider.getBeanFactory().getBean("adminUser", String.class), http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/misc/src/main/java/org/apache/syncope/core/misc/security/AuthDataAccessor.java ---------------------------------------------------------------------- diff --git a/core/misc/src/main/java/org/apache/syncope/core/misc/security/AuthDataAccessor.java b/core/misc/src/main/java/org/apache/syncope/core/misc/security/AuthDataAccessor.java index f281fd3..1332404 100644 --- a/core/misc/src/main/java/org/apache/syncope/core/misc/security/AuthDataAccessor.java +++ b/core/misc/src/main/java/org/apache/syncope/core/misc/security/AuthDataAccessor.java @@ -34,8 +34,9 @@ import org.apache.commons.lang3.tuple.ImmutablePair; import org.apache.commons.lang3.tuple.Pair; import org.apache.syncope.common.lib.SyncopeConstants; import org.apache.syncope.common.lib.types.AuditElements; -import org.apache.syncope.common.lib.types.Entitlement; +import org.apache.syncope.common.lib.types.StandardEntitlement; import org.apache.syncope.core.misc.AuditManager; +import org.apache.syncope.core.misc.EntitlementsHolder; import org.apache.syncope.core.misc.utils.MappingUtils; import org.apache.syncope.core.misc.utils.RealmUtils; import org.apache.syncope.core.persistence.api.dao.AnyTypeDAO; @@ -239,9 +240,11 @@ public class AuthDataAccessor { public Set<SyncopeGrantedAuthority> load(final String username) { final Set<SyncopeGrantedAuthority> authorities = new HashSet<>(); if (anonymousUser.equals(username)) { - authorities.add(new SyncopeGrantedAuthority(Entitlement.ANONYMOUS)); + authorities.add(new SyncopeGrantedAuthority(StandardEntitlement.ANONYMOUS)); } else if (adminUser.equals(username)) { - CollectionUtils.collect(Entitlement.values(), new Transformer<String, SyncopeGrantedAuthority>() { + CollectionUtils.collect( + EntitlementsHolder.getInstance().getValues(), + new Transformer<String, SyncopeGrantedAuthority>() { @Override public SyncopeGrantedAuthority transform(final String entitlement) { @@ -255,7 +258,7 @@ public class AuthDataAccessor { } if (user.isMustChangePassword()) { - authorities.add(new SyncopeGrantedAuthority(Entitlement.MUST_CHANGE_PASSWORD)); + authorities.add(new SyncopeGrantedAuthority(StandardEntitlement.MUST_CHANGE_PASSWORD)); } else { // Give entitlements as assigned by roles (with realms, where applicable) - assigned either // statically and dynamically @@ -283,7 +286,9 @@ public class AuthDataAccessor { // Give group entitlements for owned groups for (Group group : groupDAO.findOwnedByUser(user.getKey())) { for (String entitlement : Arrays.asList( - Entitlement.GROUP_READ, Entitlement.GROUP_UPDATE, Entitlement.GROUP_DELETE)) { + StandardEntitlement.GROUP_READ, + StandardEntitlement.GROUP_UPDATE, + StandardEntitlement.GROUP_DELETE)) { SyncopeGrantedAuthority authority = new SyncopeGrantedAuthority(entitlement); authority.addRealm( http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/misc/src/main/java/org/apache/syncope/core/misc/security/MustChangePasswordFilter.java ---------------------------------------------------------------------- diff --git a/core/misc/src/main/java/org/apache/syncope/core/misc/security/MustChangePasswordFilter.java b/core/misc/src/main/java/org/apache/syncope/core/misc/security/MustChangePasswordFilter.java index 3aafb47..95e0116 100644 --- a/core/misc/src/main/java/org/apache/syncope/core/misc/security/MustChangePasswordFilter.java +++ b/core/misc/src/main/java/org/apache/syncope/core/misc/security/MustChangePasswordFilter.java @@ -28,7 +28,7 @@ import javax.servlet.ServletResponse; import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.collections4.Predicate; import org.apache.commons.lang3.ArrayUtils; -import org.apache.syncope.common.lib.types.Entitlement; +import org.apache.syncope.common.lib.types.StandardEntitlement; import org.springframework.security.access.AccessDeniedException; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.context.SecurityContextHolder; @@ -59,11 +59,11 @@ public class MustChangePasswordFilter implements Filter { SecurityContextHolder.getContext().getAuthentication().getAuthorities(), new Predicate<GrantedAuthority>() { - @Override - public boolean evaluate(final GrantedAuthority authority) { - return Entitlement.MUST_CHANGE_PASSWORD.equals(authority.getAuthority()); - } - }); + @Override + public boolean evaluate(final GrantedAuthority authority) { + return StandardEntitlement.MUST_CHANGE_PASSWORD.equals(authority.getAuthority()); + } + }); SecurityContextHolderAwareRequestWrapper wrapper = SecurityContextHolderAwareRequestWrapper.class.cast(request); http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/misc/src/main/java/org/apache/syncope/core/misc/utils/RealmUtils.java ---------------------------------------------------------------------- diff --git a/core/misc/src/main/java/org/apache/syncope/core/misc/utils/RealmUtils.java b/core/misc/src/main/java/org/apache/syncope/core/misc/utils/RealmUtils.java index cddda67..f3c0a46 100644 --- a/core/misc/src/main/java/org/apache/syncope/core/misc/utils/RealmUtils.java +++ b/core/misc/src/main/java/org/apache/syncope/core/misc/utils/RealmUtils.java @@ -48,8 +48,10 @@ public final class RealmUtils { public static Set<String> normalize(final Collection<String> realms) { Set<String> normalized = new HashSet<>(); - for (String realm : realms) { - normalizingAddTo(normalized, realm); + if (realms != null) { + for (String realm : realms) { + normalizingAddTo(normalized, realm); + } } return normalized; http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/AnyObjectDAO.java ---------------------------------------------------------------------- diff --git a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/AnyObjectDAO.java b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/AnyObjectDAO.java index 11d3c8e..32845a2 100644 --- a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/AnyObjectDAO.java +++ b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/AnyObjectDAO.java @@ -20,8 +20,6 @@ package org.apache.syncope.core.persistence.api.dao; import java.util.Collection; import java.util.List; -import java.util.Set; -import org.apache.syncope.core.persistence.api.dao.search.OrderByClause; import org.apache.syncope.core.persistence.api.entity.anyobject.ARelationship; import org.apache.syncope.core.persistence.api.entity.anyobject.AnyObject; import org.apache.syncope.core.persistence.api.entity.group.Group; @@ -30,12 +28,6 @@ import org.apache.syncope.core.persistence.api.entity.user.URelationship; public interface AnyObjectDAO extends AnyDAO<AnyObject> { - List<AnyObject> findAll(String anyTypeName, - Set<String> adminRealms, int page, int itemsPerPage); - - List<AnyObject> findAll(String anyTypeName, - Set<String> adminRealms, int page, int itemsPerPage, List<OrderByClause> orderBy); - List<Group> findDynGroupMemberships(AnyObject anyObject); List<ARelationship> findARelationships(AnyObject anyObject); http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/search/SearchCond.java ---------------------------------------------------------------------- diff --git a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/search/SearchCond.java b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/search/SearchCond.java index 82da594..14641c1 100644 --- a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/search/SearchCond.java +++ b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/search/SearchCond.java @@ -264,6 +264,37 @@ public class SearchCond extends AbstractSearchCond { this.type = type; } + public String hasAnyTypeCond() { + String anyTypeName = null; + + if (type == null) { + return anyTypeName; + } + + switch (type) { + case LEAF: + case NOT_LEAF: + if (anyTypeCond != null) { + anyTypeName = anyTypeCond.getAnyTypeName(); + } + break; + + case AND: + case OR: + if (leftNodeCond != null) { + anyTypeName = leftNodeCond.hasAnyTypeCond(); + } + if (anyTypeName == null && rightNodeCond != null) { + anyTypeName = rightNodeCond.hasAnyTypeCond(); + } + break; + + default: + } + + return anyTypeName; + } + @Override public boolean isValid() { boolean isValid = false; http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/Role.java ---------------------------------------------------------------------- diff --git a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/Role.java b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/Role.java index 432efb1..dba65ae 100644 --- a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/Role.java +++ b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/entity/Role.java @@ -30,9 +30,9 @@ public interface Role extends Entity<Long> { Set<String> getEntitlements(); - boolean addRealm(Realm realm); + boolean add(Realm realm); - boolean removeReam(Realm realm); + boolean remove(Realm realm); List<? extends Realm> getRealms(); http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAAnyObjectDAO.java ---------------------------------------------------------------------- diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAAnyObjectDAO.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAAnyObjectDAO.java index f5d45b9..7a805f1 100644 --- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAAnyObjectDAO.java +++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAAnyObjectDAO.java @@ -20,7 +20,6 @@ package org.apache.syncope.core.persistence.jpa.dao; import java.util.ArrayList; import java.util.Collection; -import java.util.Collections; import java.util.HashSet; import java.util.List; import java.util.Set; @@ -29,14 +28,11 @@ import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.collections4.Predicate; import org.apache.commons.collections4.Transformer; import org.apache.syncope.common.lib.types.AnyTypeKind; -import org.apache.syncope.common.lib.types.Entitlement; +import org.apache.syncope.core.misc.EntitlementsHolder; import org.apache.syncope.core.misc.security.AuthContextUtils; import org.apache.syncope.core.misc.security.DelegatedAdministrationException; import org.apache.syncope.core.persistence.api.dao.AnyObjectDAO; import org.apache.syncope.core.persistence.api.dao.GroupDAO; -import org.apache.syncope.core.persistence.api.dao.search.AnyTypeCond; -import org.apache.syncope.core.persistence.api.dao.search.OrderByClause; -import org.apache.syncope.core.persistence.api.dao.search.SearchCond; import org.apache.syncope.core.persistence.api.entity.AnyUtils; import org.apache.syncope.core.persistence.api.entity.anyobject.AMembership; import org.apache.syncope.core.persistence.api.entity.anyobject.ARelationship; @@ -66,7 +62,8 @@ public class JPAAnyObjectDAO extends AbstractAnyDAO<AnyObject> implements AnyObj @Override protected void securityChecks(final AnyObject anyObject) { - Set<String> authRealms = AuthContextUtils.getAuthorizations().get(Entitlement.ANY_OBJECT_READ); + Set<String> authRealms = AuthContextUtils.getAuthorizations().get(EntitlementsHolder.getInstance(). + getFor(anyObject.getType().getKey(), EntitlementsHolder.AnyEntitlement.READ)); boolean authorized = CollectionUtils.exists(authRealms, new Predicate<String>() { @Override @@ -80,24 +77,6 @@ public class JPAAnyObjectDAO extends AbstractAnyDAO<AnyObject> implements AnyObj } @Override - public final List<AnyObject> findAll(final String anyTypeName, - final Set<String> adminRealms, final int page, final int itemsPerPage) { - - return findAll(anyTypeName, adminRealms, page, itemsPerPage, Collections.<OrderByClause>emptyList()); - } - - @Override - public final List<AnyObject> findAll(final String anyTypeName, - final Set<String> adminRealms, final int page, final int itemsPerPage, final List<OrderByClause> orderBy) { - - AnyTypeCond anyTypeCond = new AnyTypeCond(); - anyTypeCond.setAnyTypeName(anyTypeName); - - return searchDAO.search(adminRealms, SearchCond.getLeafCond(anyTypeCond), page, itemsPerPage, orderBy, - getAnyUtils().getAnyTypeKind()); - } - - @Override public List<ARelationship> findARelationships(final AnyObject anyObject) { TypedQuery<ARelationship> query = entityManager().createQuery( "SELECT e FROM " + JPAARelationship.class.getSimpleName() http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAGroupDAO.java ---------------------------------------------------------------------- diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAGroupDAO.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAGroupDAO.java index 66f7290..e421863 100644 --- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAGroupDAO.java +++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAGroupDAO.java @@ -29,7 +29,6 @@ import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.collections4.Predicate; import org.apache.syncope.common.lib.SyncopeConstants; import org.apache.syncope.common.lib.types.AnyTypeKind; -import org.apache.syncope.common.lib.types.Entitlement; import org.apache.syncope.common.lib.types.ResourceOperation; import org.apache.syncope.core.persistence.api.dao.GroupDAO; import org.apache.syncope.core.persistence.api.dao.UserDAO; @@ -38,6 +37,7 @@ import org.apache.syncope.core.persistence.api.entity.group.Group; import org.apache.syncope.core.persistence.api.entity.user.User; import org.apache.syncope.core.persistence.jpa.entity.group.JPAGroup; import org.apache.syncope.common.lib.types.PropagationByResource; +import org.apache.syncope.common.lib.types.StandardEntitlement; import org.apache.syncope.core.misc.utils.RealmUtils; import org.apache.syncope.core.misc.search.SearchCondConverter; import org.apache.syncope.core.misc.security.AuthContextUtils; @@ -72,7 +72,7 @@ public class JPAGroupDAO extends AbstractAnyDAO<Group> implements GroupDAO { @Override protected void securityChecks(final Group group) { - Set<String> authRealms = AuthContextUtils.getAuthorizations().get(Entitlement.GROUP_READ); + Set<String> authRealms = AuthContextUtils.getAuthorizations().get(StandardEntitlement.GROUP_READ); boolean authorized = CollectionUtils.exists(authRealms, new Predicate<String>() { @Override http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAUserDAO.java ---------------------------------------------------------------------- diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAUserDAO.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAUserDAO.java index b8f2c47..3e5214f 100644 --- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAUserDAO.java +++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAUserDAO.java @@ -34,8 +34,8 @@ import org.apache.commons.lang3.tuple.Pair; import org.apache.syncope.common.lib.policy.AccountRuleConf; import org.apache.syncope.common.lib.policy.PasswordRuleConf; import org.apache.syncope.common.lib.types.AnyTypeKind; -import org.apache.syncope.common.lib.types.Entitlement; import org.apache.syncope.common.lib.types.EntityViolationType; +import org.apache.syncope.common.lib.types.StandardEntitlement; import org.apache.syncope.core.misc.policy.AccountPolicyException; import org.apache.syncope.core.misc.policy.PasswordPolicyException; import org.apache.syncope.core.misc.security.AuthContextUtils; @@ -103,7 +103,7 @@ public class JPAUserDAO extends AbstractAnyDAO<User> implements UserDAO { if (!AuthContextUtils.getUsername().equals(anonymousUser) && !AuthContextUtils.getUsername().equals(user.getUsername())) { - Set<String> authRealms = AuthContextUtils.getAuthorizations().get(Entitlement.USER_READ); + Set<String> authRealms = AuthContextUtils.getAuthorizations().get(StandardEntitlement.USER_READ); boolean authorized = CollectionUtils.exists(authRealms, new Predicate<String>() { @Override http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/JPARole.java ---------------------------------------------------------------------- diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/JPARole.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/JPARole.java index 4969497..529a606 100644 --- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/JPARole.java +++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/JPARole.java @@ -98,13 +98,13 @@ public class JPARole extends AbstractEntity<Long> implements Role { } @Override - public boolean addRealm(final Realm realm) { + public boolean add(final Realm realm) { checkType(realm, JPARealm.class); return realms.add((JPARealm) realm); } @Override - public boolean removeReam(final Realm realm) { + public boolean remove(final Realm realm) { checkType(realm, JPARealm.class); return realms.remove((JPARealm) realm); } http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/AnyObjectTest.java ---------------------------------------------------------------------- diff --git a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/AnyObjectTest.java b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/AnyObjectTest.java index 943a94f..a695e85 100644 --- a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/AnyObjectTest.java +++ b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/AnyObjectTest.java @@ -21,7 +21,6 @@ package org.apache.syncope.core.persistence.jpa.inner; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; -import static org.junit.Assert.assertTrue; import java.util.List; import org.apache.syncope.common.lib.SyncopeConstants; @@ -53,15 +52,6 @@ public class AnyObjectTest extends AbstractTest { } @Test - public void findAllByType() { - List<AnyObject> list = anyObjectDAO.findAll("PRINTER", SyncopeConstants.FULL_ADMIN_REALMS, 1, 100); - assertFalse(list.isEmpty()); - - list = anyObjectDAO.findAll("UNEXISTING", SyncopeConstants.FULL_ADMIN_REALMS, 1, 100); - assertTrue(list.isEmpty()); - } - - @Test public void find() { AnyObject anyObject = anyObjectDAO.find(2L); assertNotNull(anyObject); http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/MultitenancyTest.java ---------------------------------------------------------------------- diff --git a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/MultitenancyTest.java b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/MultitenancyTest.java index 7d1dfea..073b661 100644 --- a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/MultitenancyTest.java +++ b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/MultitenancyTest.java @@ -29,7 +29,7 @@ import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.collections4.Transformer; import org.apache.syncope.common.lib.SyncopeConstants; import org.apache.syncope.common.lib.types.CipherAlgorithm; -import org.apache.syncope.common.lib.types.Entitlement; +import org.apache.syncope.common.lib.types.StandardEntitlement; import org.apache.syncope.core.misc.security.SyncopeAuthenticationDetails; import org.apache.syncope.core.misc.security.SyncopeGrantedAuthority; import org.apache.syncope.core.persistence.api.dao.PlainSchemaDAO; @@ -60,14 +60,14 @@ public class MultitenancyTest extends AbstractTest { @BeforeClass public static void setAuthContext() { - List<GrantedAuthority> authorities = CollectionUtils.collect(Entitlement.values(), + List<GrantedAuthority> authorities = CollectionUtils.collect(StandardEntitlement.values(), new Transformer<String, GrantedAuthority>() { - @Override - public GrantedAuthority transform(final String entitlement) { - return new SyncopeGrantedAuthority(entitlement, SyncopeConstants.ROOT_REALM); - } - }, new ArrayList<GrantedAuthority>()); + @Override + public GrantedAuthority transform(final String entitlement) { + return new SyncopeGrantedAuthority(entitlement, SyncopeConstants.ROOT_REALM); + } + }, new ArrayList<GrantedAuthority>()); UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken( new org.springframework.security.core.userdetails.User( http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/RoleTest.java ---------------------------------------------------------------------- diff --git a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/RoleTest.java b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/RoleTest.java index 2368e38..b57e713 100644 --- a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/RoleTest.java +++ b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/inner/RoleTest.java @@ -25,7 +25,7 @@ import static org.junit.Assert.assertNull; import static org.junit.Assert.assertTrue; import java.util.List; -import org.apache.syncope.common.lib.types.Entitlement; +import org.apache.syncope.common.lib.types.StandardEntitlement; import org.apache.syncope.core.persistence.api.dao.RealmDAO; import org.apache.syncope.core.persistence.api.dao.RoleDAO; import org.apache.syncope.core.persistence.api.entity.Role; @@ -50,7 +50,7 @@ public class RoleTest extends AbstractTest { assertNotNull(role1.getName()); assertFalse(role1.getRealms().isEmpty()); assertFalse(role1.getEntitlements().isEmpty()); - assertTrue(role1.getEntitlements().contains(Entitlement.USER_LIST)); + assertTrue(role1.getEntitlements().contains(StandardEntitlement.USER_LIST)); Role role2 = roleDAO.find(role1.getName()); assertEquals(role1, role2); @@ -70,10 +70,10 @@ public class RoleTest extends AbstractTest { public void save() { Role role = entityFactory.newEntity(Role.class); role.setName("new"); - role.addRealm(realmDAO.getRoot()); - role.addRealm(realmDAO.find("/even/two")); - role.getEntitlements().add(Entitlement.LOG_LIST); - role.getEntitlements().add(Entitlement.LOG_SET_LEVEL); + role.add(realmDAO.getRoot()); + role.add(realmDAO.find("/even/two")); + role.getEntitlements().add(StandardEntitlement.LOG_LIST); + role.getEntitlements().add(StandardEntitlement.LOG_SET_LEVEL); Role actual = roleDAO.save(role); assertNotNull(actual); http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/outer/AnySearchTest.java ---------------------------------------------------------------------- diff --git a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/outer/AnySearchTest.java b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/outer/AnySearchTest.java index 6c59ad0..24a4e7e 100644 --- a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/outer/AnySearchTest.java +++ b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/outer/AnySearchTest.java @@ -27,7 +27,7 @@ import java.util.List; import java.util.Set; import org.apache.syncope.common.lib.SyncopeConstants; import org.apache.syncope.common.lib.types.AnyTypeKind; -import org.apache.syncope.common.lib.types.Entitlement; +import org.apache.syncope.common.lib.types.StandardEntitlement; import org.apache.syncope.core.persistence.api.dao.GroupDAO; import org.apache.syncope.core.persistence.api.dao.RealmDAO; import org.apache.syncope.core.persistence.api.dao.RoleDAO; @@ -86,10 +86,10 @@ public class AnySearchTest extends AbstractTest { // 1. create role with dynamic membership Role role = entityFactory.newEntity(Role.class); role.setName("new"); - role.addRealm(realmDAO.getRoot()); - role.addRealm(realmDAO.find("/even/two")); - role.getEntitlements().add(Entitlement.LOG_LIST); - role.getEntitlements().add(Entitlement.LOG_SET_LEVEL); + role.add(realmDAO.getRoot()); + role.add(realmDAO.find("/even/two")); + role.getEntitlements().add(StandardEntitlement.LOG_LIST); + role.getEntitlements().add(StandardEntitlement.LOG_SET_LEVEL); DynRoleMembership dynMembership = entityFactory.newEntity(DynRoleMembership.class); dynMembership.setFIQLCond("cool==true"); http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/outer/RoleTest.java ---------------------------------------------------------------------- diff --git a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/outer/RoleTest.java b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/outer/RoleTest.java index 2ca08bb..bff367e 100644 --- a/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/outer/RoleTest.java +++ b/core/persistence-jpa/src/test/java/org/apache/syncope/core/persistence/jpa/outer/RoleTest.java @@ -30,7 +30,7 @@ import javax.persistence.TypedQuery; import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.collections4.Transformer; import org.apache.syncope.common.lib.types.AnyTypeKind; -import org.apache.syncope.common.lib.types.Entitlement; +import org.apache.syncope.common.lib.types.StandardEntitlement; import org.apache.syncope.core.persistence.api.dao.AnyTypeClassDAO; import org.apache.syncope.core.persistence.api.dao.PlainSchemaDAO; import org.apache.syncope.core.persistence.api.dao.RealmDAO; @@ -99,10 +99,10 @@ public class RoleTest extends AbstractTest { // 1. create role with dynamic membership Role role = entityFactory.newEntity(Role.class); role.setName("new"); - role.addRealm(realmDAO.getRoot()); - role.addRealm(realmDAO.find("/even/two")); - role.getEntitlements().add(Entitlement.LOG_LIST); - role.getEntitlements().add(Entitlement.LOG_SET_LEVEL); + role.add(realmDAO.getRoot()); + role.add(realmDAO.find("/even/two")); + role.getEntitlements().add(StandardEntitlement.LOG_LIST); + role.getEntitlements().add(StandardEntitlement.LOG_SET_LEVEL); DynRoleMembership dynMembership = entityFactory.newEntity(DynRoleMembership.class); dynMembership.setFIQLCond("cool==true"); @@ -166,10 +166,10 @@ public class RoleTest extends AbstractTest { // 0. create role Role role = entityFactory.newEntity(Role.class); role.setName("new"); - role.addRealm(realmDAO.getRoot()); - role.addRealm(realmDAO.find("/even/two")); - role.getEntitlements().add(Entitlement.LOG_LIST); - role.getEntitlements().add(Entitlement.LOG_SET_LEVEL); + role.add(realmDAO.getRoot()); + role.add(realmDAO.find("/even/two")); + role.getEntitlements().add(StandardEntitlement.LOG_LIST); + role.getEntitlements().add(StandardEntitlement.LOG_SET_LEVEL); role = roleDAO.save(role); assertNotNull(role); http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/RoleDataBinderImpl.java ---------------------------------------------------------------------- diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/RoleDataBinderImpl.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/RoleDataBinderImpl.java index 124bb7f..542b07c 100644 --- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/RoleDataBinderImpl.java +++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/RoleDataBinderImpl.java @@ -86,7 +86,7 @@ public class RoleDataBinderImpl implements RoleDataBinder { if (realm == null) { LOG.debug("Invalid realm full path {}, ignoring", realmFullPath); } else { - role.addRealm(realm); + role.add(realm); } } http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/core/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/AnyObjectServiceImpl.java ---------------------------------------------------------------------- diff --git a/core/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/AnyObjectServiceImpl.java b/core/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/AnyObjectServiceImpl.java index 357db77..0be3f0d 100644 --- a/core/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/AnyObjectServiceImpl.java +++ b/core/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/AnyObjectServiceImpl.java @@ -18,17 +18,17 @@ */ package org.apache.syncope.core.rest.cxf.service; -import org.apache.commons.collections4.CollectionUtils; -import org.apache.commons.collections4.Transformer; import org.apache.commons.lang3.StringUtils; -import org.apache.syncope.common.lib.SyncopeConstants; import org.apache.syncope.common.lib.patch.AnyObjectPatch; +import org.apache.syncope.common.lib.search.AnyObjectFiqlSearchConditionBuilder; import org.apache.syncope.common.lib.to.AnyObjectTO; import org.apache.syncope.common.lib.to.PagedResult; import org.apache.syncope.common.rest.api.beans.AnyListQuery; +import org.apache.syncope.common.rest.api.beans.AnySearchQuery; import org.apache.syncope.common.rest.api.service.AnyObjectService; import org.apache.syncope.core.logic.AbstractAnyLogic; import org.apache.syncope.core.logic.AnyObjectLogic; +import org.apache.syncope.core.persistence.api.entity.AnyType; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; @@ -51,29 +51,25 @@ public class AnyObjectServiceImpl extends AbstractAnyService<AnyObjectTO, AnyObj } @Override + public PagedResult<AnyObjectTO> list(final AnyListQuery listQuery) { + throw new UnsupportedOperationException("Need to specify " + AnyType.class.getSimpleName()); + } + + @Override public PagedResult<AnyObjectTO> list(final String type, final AnyListQuery listQuery) { if (StringUtils.isBlank(type)) { return super.list(listQuery); } - CollectionUtils.transform(listQuery.getRealms(), new Transformer<String, String>() { + AnySearchQuery searchQuery = new AnySearchQuery(); + searchQuery.setFiql(new AnyObjectFiqlSearchConditionBuilder().type(type).query()); + searchQuery.setDetails(listQuery.isDetails()); + searchQuery.setOrderBy(listQuery.getOrderBy()); + searchQuery.setPage(listQuery.getPage()); + searchQuery.setSize(listQuery.getSize()); + searchQuery.setRealms(listQuery.getRealms()); - @Override - public String transform(final String input) { - return StringUtils.prependIfMissing(input, SyncopeConstants.ROOT_REALM); - } - }); - - return buildPagedResult( - logic.list( - type, - listQuery.getPage(), - listQuery.getSize(), - getOrderByClauses(listQuery.getOrderBy()), - listQuery.getRealms(), - listQuery.isDetails()), - listQuery.getPage(), - listQuery.getSize(), - getAnyLogic().count(listQuery.getRealms())); + return search(searchQuery); } + } http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/ext/camel/client-console/src/main/java/org/apache/syncope/client/console/pages/CamelRouteModalPage.java ---------------------------------------------------------------------- diff --git a/ext/camel/client-console/src/main/java/org/apache/syncope/client/console/pages/CamelRouteModalPage.java b/ext/camel/client-console/src/main/java/org/apache/syncope/client/console/pages/CamelRouteModalPage.java index 27b8f91..2e0a7c6 100644 --- a/ext/camel/client-console/src/main/java/org/apache/syncope/client/console/pages/CamelRouteModalPage.java +++ b/ext/camel/client-console/src/main/java/org/apache/syncope/client/console/pages/CamelRouteModalPage.java @@ -24,7 +24,7 @@ import org.apache.syncope.client.console.rest.CamelRouteRestClient; import org.apache.syncope.client.console.wicket.markup.html.bootstrap.dialog.BaseModal; import org.apache.syncope.common.lib.SyncopeClientException; import org.apache.syncope.common.lib.to.CamelRouteTO; -import org.apache.syncope.common.lib.types.Entitlement; +import org.apache.syncope.common.lib.types.CamelEntitlement; import org.apache.wicket.PageReference; import org.apache.wicket.ajax.AjaxRequestTarget; import org.apache.wicket.ajax.markup.html.form.AjaxButton; @@ -84,7 +84,7 @@ public class CamelRouteModalPage extends AbstractModalPanel { }; - MetaDataRoleAuthorizationStrategy.authorize(submit, ENABLE, Entitlement.ROUTE_UPDATE); + MetaDataRoleAuthorizationStrategy.authorize(submit, ENABLE, CamelEntitlement.ROUTE_UPDATE); routeForm.add(submit); this.add(routeForm); http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/ext/camel/client-console/src/main/java/org/apache/syncope/client/console/panels/CamelRoutePanel.java ---------------------------------------------------------------------- diff --git a/ext/camel/client-console/src/main/java/org/apache/syncope/client/console/panels/CamelRoutePanel.java b/ext/camel/client-console/src/main/java/org/apache/syncope/client/console/panels/CamelRoutePanel.java index c1a2d0f..bcd5e7a 100644 --- a/ext/camel/client-console/src/main/java/org/apache/syncope/client/console/panels/CamelRoutePanel.java +++ b/ext/camel/client-console/src/main/java/org/apache/syncope/client/console/panels/CamelRoutePanel.java @@ -27,7 +27,7 @@ import org.apache.syncope.client.console.commons.SortableDataProviderComparator; import org.apache.syncope.client.console.rest.CamelRouteRestClient; import org.apache.syncope.common.lib.to.CamelRouteTO; import org.apache.syncope.common.lib.types.AnyTypeKind; -import org.apache.syncope.common.lib.types.Entitlement; +import org.apache.syncope.common.lib.types.CamelEntitlement; import org.apache.wicket.PageReference; import org.apache.wicket.authroles.authorization.strategies.role.metadata.MetaDataRoleAuthorizationStrategy; import org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow; @@ -119,7 +119,7 @@ public class CamelRoutePanel extends AbstractExtensionPanel { WebMarkupContainer routeContainer = new WebMarkupContainer("camelRoutesContainer"); routeContainer.add(routeTable); routeContainer.setOutputMarkupId(true); - MetaDataRoleAuthorizationStrategy.authorize(routeContainer, ENABLE, Entitlement.ROUTE_LIST); + MetaDataRoleAuthorizationStrategy.authorize(routeContainer, ENABLE, CamelEntitlement.ROUTE_LIST); add(routeContainer); } @@ -129,7 +129,7 @@ public class CamelRoutePanel extends AbstractExtensionPanel { private final SortableDataProviderComparator<CamelRouteTO> comparator; - CamelRouteProvider() { + CamelRouteProvider() { setSort("key", SortOrder.ASCENDING); comparator = new SortableDataProviderComparator<>(this); } @@ -155,8 +155,8 @@ public class CamelRoutePanel extends AbstractExtensionPanel { ? restClient.list(AnyTypeKind.USER).size() : 0) + (restClient.isCamelEnabledFor(AnyTypeKind.GROUP) - ? restClient.list(AnyTypeKind.GROUP).size() - : 0); + ? restClient.list(AnyTypeKind.GROUP).size() + : 0); } @Override http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/ext/camel/common-lib/src/main/java/org/apache/syncope/common/lib/types/CamelEntitlement.java ---------------------------------------------------------------------- diff --git a/ext/camel/common-lib/src/main/java/org/apache/syncope/common/lib/types/CamelEntitlement.java b/ext/camel/common-lib/src/main/java/org/apache/syncope/common/lib/types/CamelEntitlement.java new file mode 100644 index 0000000..f9763a7 --- /dev/null +++ b/ext/camel/common-lib/src/main/java/org/apache/syncope/common/lib/types/CamelEntitlement.java @@ -0,0 +1,54 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.syncope.common.lib.types; + +import java.lang.reflect.Field; +import java.lang.reflect.Modifier; +import java.util.Collections; +import java.util.Set; +import java.util.TreeSet; + +public final class CamelEntitlement { + + public static final String ROUTE_READ = "ROUTE_READ"; + + public static final String ROUTE_LIST = "ROUTE_LIST"; + + public static final String ROUTE_UPDATE = "ROUTE_UPDATE"; + + private static final Set<String> VALUES; + + static { + Set<String> values = new TreeSet<>(); + for (Field field : CamelEntitlement.class.getDeclaredFields()) { + if (Modifier.isStatic(field.getModifiers()) && String.class.equals(field.getType())) { + values.add(field.getName()); + } + } + VALUES = Collections.unmodifiableSet(values); + } + + public static Set<String> values() { + return VALUES; + } + + private CamelEntitlement() { + // private constructor for static utility class + } +} http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/ext/camel/logic/src/main/java/org/apache/syncope/core/logic/CamelRouteLogic.java ---------------------------------------------------------------------- diff --git a/ext/camel/logic/src/main/java/org/apache/syncope/core/logic/CamelRouteLogic.java b/ext/camel/logic/src/main/java/org/apache/syncope/core/logic/CamelRouteLogic.java index ec25e29..ea0767f 100644 --- a/ext/camel/logic/src/main/java/org/apache/syncope/core/logic/CamelRouteLogic.java +++ b/ext/camel/logic/src/main/java/org/apache/syncope/core/logic/CamelRouteLogic.java @@ -24,7 +24,7 @@ import java.util.List; import org.apache.commons.lang3.ArrayUtils; import org.apache.syncope.common.lib.to.CamelRouteTO; import org.apache.syncope.common.lib.types.AnyTypeKind; -import org.apache.syncope.common.lib.types.Entitlement; +import org.apache.syncope.common.lib.types.CamelEntitlement; import org.apache.syncope.core.persistence.api.dao.CamelRouteDAO; import org.apache.syncope.core.persistence.api.dao.NotFoundException; import org.apache.syncope.core.persistence.api.entity.CamelRoute; @@ -47,7 +47,7 @@ public class CamelRouteLogic extends AbstractTransactionalLogic<CamelRouteTO> { @Autowired private SyncopeCamelContext context; - @PreAuthorize("hasRole('" + Entitlement.ROUTE_LIST + "')") + @PreAuthorize("hasRole('" + CamelEntitlement.ROUTE_LIST + "')") @Transactional(readOnly = true) public List<CamelRouteTO> list(final AnyTypeKind anyTypeKind) { List<CamelRouteTO> routes = new ArrayList<>(); @@ -58,7 +58,7 @@ public class CamelRouteLogic extends AbstractTransactionalLogic<CamelRouteTO> { return routes; } - @PreAuthorize("hasRole('" + Entitlement.ROUTE_READ + "')") + @PreAuthorize("hasRole('" + CamelEntitlement.ROUTE_READ + "')") @Transactional(readOnly = true) public CamelRouteTO read(final String key) { CamelRoute route = routeDAO.find(key); @@ -69,7 +69,7 @@ public class CamelRouteLogic extends AbstractTransactionalLogic<CamelRouteTO> { return binder.getRouteTO(route); } - @PreAuthorize("hasRole('" + Entitlement.ROUTE_UPDATE + "')") + @PreAuthorize("hasRole('" + CamelEntitlement.ROUTE_UPDATE + "')") public void update(final CamelRouteTO routeTO) { CamelRoute route = routeDAO.find(routeTO.getKey()); if (route == null) { @@ -82,7 +82,7 @@ public class CamelRouteLogic extends AbstractTransactionalLogic<CamelRouteTO> { context.updateContext(routeTO.getKey()); } - @PreAuthorize("hasRole('" + Entitlement.ROUTE_UPDATE + "')") + @PreAuthorize("hasRole('" + CamelEntitlement.ROUTE_UPDATE + "')") public void restartContext() { context.restartContext(); } http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/ext/camel/logic/src/main/java/org/apache/syncope/core/logic/init/CamelRouteLoader.java ---------------------------------------------------------------------- diff --git a/ext/camel/logic/src/main/java/org/apache/syncope/core/logic/init/CamelRouteLoader.java b/ext/camel/logic/src/main/java/org/apache/syncope/core/logic/init/CamelRouteLoader.java index 4ee6c50..05cf79f 100644 --- a/ext/camel/logic/src/main/java/org/apache/syncope/core/logic/init/CamelRouteLoader.java +++ b/ext/camel/logic/src/main/java/org/apache/syncope/core/logic/init/CamelRouteLoader.java @@ -22,6 +22,8 @@ import java.io.StringWriter; import java.util.Map; import javax.sql.DataSource; import org.apache.syncope.common.lib.types.AnyTypeKind; +import org.apache.syncope.common.lib.types.CamelEntitlement; +import org.apache.syncope.core.misc.EntitlementsHolder; import org.apache.syncope.core.misc.spring.ResourceWithFallbackLoader; import org.apache.syncope.core.persistence.api.DomainsHolder; import org.apache.syncope.core.persistence.api.SyncopeLoader; @@ -59,8 +61,6 @@ public class CamelRouteLoader implements SyncopeLoader { @Autowired private DomainsHolder domainsHolder; - private boolean loaded = false; - @Override public Integer getPriority() { return 1000; @@ -68,19 +68,16 @@ public class CamelRouteLoader implements SyncopeLoader { @Override public void load() { - synchronized (this) { - if (!loaded) { - for (Map.Entry<String, DataSource> entry : domainsHolder.getDomains().entrySet()) { - loadRoutes(entry.getKey(), entry.getValue(), - userRoutesLoader.getResource(), AnyTypeKind.USER); - loadRoutes(entry.getKey(), entry.getValue(), - groupRoutesLoader.getResource(), AnyTypeKind.GROUP); - loadRoutes(entry.getKey(), entry.getValue(), - anyObjectRoutesLoader.getResource(), AnyTypeKind.ANY_OBJECT); - } - loaded = true; - } + for (Map.Entry<String, DataSource> entry : domainsHolder.getDomains().entrySet()) { + loadRoutes(entry.getKey(), entry.getValue(), + userRoutesLoader.getResource(), AnyTypeKind.USER); + loadRoutes(entry.getKey(), entry.getValue(), + groupRoutesLoader.getResource(), AnyTypeKind.GROUP); + loadRoutes(entry.getKey(), entry.getValue(), + anyObjectRoutesLoader.getResource(), AnyTypeKind.ANY_OBJECT); } + + EntitlementsHolder.getInstance().init(CamelEntitlement.values()); } private String nodeToString(final Node content, final DOMImplementationLS domImpl) { http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/AuthenticationITCase.java ---------------------------------------------------------------------- diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/AuthenticationITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/AuthenticationITCase.java index 811b429..a9dda8d 100644 --- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/AuthenticationITCase.java +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/AuthenticationITCase.java @@ -38,10 +38,14 @@ import org.apache.syncope.client.lib.SyncopeClient; import org.apache.syncope.common.lib.SyncopeClientException; import org.apache.syncope.common.lib.SyncopeConstants; import org.apache.syncope.common.lib.patch.DeassociationPatch; +import org.apache.syncope.common.lib.patch.LongPatchItem; import org.apache.syncope.common.lib.patch.PasswordPatch; import org.apache.syncope.common.lib.patch.StatusPatch; import org.apache.syncope.common.lib.patch.StringReplacePatchItem; import org.apache.syncope.common.lib.patch.UserPatch; +import org.apache.syncope.common.lib.to.AnyObjectTO; +import org.apache.syncope.common.lib.to.AnyTypeClassTO; +import org.apache.syncope.common.lib.to.AnyTypeTO; import org.apache.syncope.common.lib.to.BulkActionResult; import org.apache.syncope.common.lib.to.MembershipTO; import org.apache.syncope.common.lib.to.PagedResult; @@ -51,16 +55,20 @@ import org.apache.syncope.common.lib.to.RoleTO; import org.apache.syncope.common.lib.to.UserTO; import org.apache.syncope.common.lib.to.WorkflowFormPropertyTO; import org.apache.syncope.common.lib.to.WorkflowFormTO; +import org.apache.syncope.common.lib.types.AnyTypeKind; import org.apache.syncope.common.lib.types.AttrSchemaType; import org.apache.syncope.common.lib.types.CipherAlgorithm; import org.apache.syncope.common.lib.types.ClientExceptionType; -import org.apache.syncope.common.lib.types.Entitlement; +import org.apache.syncope.common.lib.types.PatchOperation; import org.apache.syncope.common.lib.types.ResourceDeassociationAction; import org.apache.syncope.common.lib.types.SchemaType; +import org.apache.syncope.common.lib.types.StandardEntitlement; import org.apache.syncope.common.lib.types.StatusPatchType; import org.apache.syncope.common.rest.api.RESTHeaders; +import org.apache.syncope.common.rest.api.service.AnyObjectService; import org.apache.syncope.common.rest.api.service.SchemaService; import org.apache.syncope.common.rest.api.service.UserService; +import org.apache.syncope.core.misc.security.DelegatedAdministrationException; import org.apache.syncope.core.misc.security.Encryptor; import org.junit.Assume; import org.junit.FixMethodOrder; @@ -100,19 +108,19 @@ public class AuthenticationITCase extends AbstractITCase { // 2. as anonymous Pair<Map<String, Set<String>>, UserTO> self = clientFactory.create(ANONYMOUS_UNAME, ANONYMOUS_KEY).self(); assertEquals(1, self.getKey().size()); - assertTrue(self.getKey().keySet().contains(Entitlement.ANONYMOUS)); + assertTrue(self.getKey().keySet().contains(StandardEntitlement.ANONYMOUS)); assertEquals(ANONYMOUS_UNAME, self.getValue().getUsername()); // 3. as admin self = adminClient.self(); - assertEquals(Entitlement.values().size(), self.getKey().size()); - assertFalse(self.getKey().keySet().contains(Entitlement.ANONYMOUS)); + assertEquals(syncopeService.info().getEntitlements().size(), self.getKey().size()); + assertFalse(self.getKey().keySet().contains(StandardEntitlement.ANONYMOUS)); assertEquals(ADMIN_UNAME, self.getValue().getUsername()); // 4. as user self = clientFactory.create("bellini", ADMIN_PWD).self(); assertFalse(self.getKey().isEmpty()); - assertFalse(self.getKey().keySet().contains(Entitlement.ANONYMOUS)); + assertFalse(self.getKey().keySet().contains(StandardEntitlement.ANONYMOUS)); assertEquals("bellini", self.getValue().getUsername()); } @@ -202,11 +210,11 @@ public class AuthenticationITCase extends AbstractITCase { Set<Long> matchedUserKeys = CollectionUtils.collect(matchedUsers.getResult(), new Transformer<UserTO, Long>() { - @Override - public Long transform(final UserTO input) { - return input.getKey(); - } - }, new HashSet<Long>()); + @Override + public Long transform(final UserTO input) { + return input.getKey(); + } + }, new HashSet<Long>()); assertTrue(matchedUserKeys.contains(1L)); assertFalse(matchedUserKeys.contains(2L)); assertFalse(matchedUserKeys.contains(5L)); @@ -235,11 +243,11 @@ public class AuthenticationITCase extends AbstractITCase { // 1. create role for full user administration, under realm /even/two RoleTO role = new RoleTO(); role.setName("Delegated user admin"); - role.getEntitlements().add(Entitlement.USER_CREATE); - role.getEntitlements().add(Entitlement.USER_UPDATE); - role.getEntitlements().add(Entitlement.USER_DELETE); - role.getEntitlements().add(Entitlement.USER_LIST); - role.getEntitlements().add(Entitlement.USER_READ); + role.getEntitlements().add(StandardEntitlement.USER_CREATE); + role.getEntitlements().add(StandardEntitlement.USER_UPDATE); + role.getEntitlements().add(StandardEntitlement.USER_DELETE); + role.getEntitlements().add(StandardEntitlement.USER_LIST); + role.getEntitlements().add(StandardEntitlement.USER_READ); role.getRealms().add("/even/two"); roleKey = Long.valueOf(roleService.create(role).getHeaderString(RESTHeaders.RESOURCE_KEY)); @@ -386,6 +394,79 @@ public class AuthenticationITCase extends AbstractITCase { } @Test + public void anyTypeEntitlement() { + final String anyTypeKey = "FOLDER " + getUUIDString(); + + // 1. no entitlement exists (yet) for the any type to be created + assertFalse(CollectionUtils.exists(syncopeService.info().getEntitlements(), new Predicate<String>() { + + @Override + public boolean evaluate(final String entitlement) { + return entitlement.contains(anyTypeKey); + } + })); + + // 2. create plain schema, any type class and any type + PlainSchemaTO path = new PlainSchemaTO(); + path.setKey("path" + getUUIDString()); + path.setType(AttrSchemaType.String); + path = createSchema(SchemaType.PLAIN, path); + + AnyTypeClassTO anyTypeClass = new AnyTypeClassTO(); + anyTypeClass.setKey("folder" + getUUIDString()); + anyTypeClass.getPlainSchemas().add(path.getKey()); + anyTypeClassService.create(anyTypeClass); + + AnyTypeTO anyTypeTO = new AnyTypeTO(); + anyTypeTO.setKey(anyTypeKey); + anyTypeTO.setKind(AnyTypeKind.ANY_OBJECT); + anyTypeTO.getClasses().add(anyTypeClass.getKey()); + anyTypeService.create(anyTypeTO); + + // 2. now entitlement exists for the any type just created + assertTrue(CollectionUtils.exists(syncopeService.info().getEntitlements(), new Predicate<String>() { + + @Override + public boolean evaluate(final String entitlement) { + return entitlement.contains(anyTypeKey); + } + })); + + // 3. attempt to create an instance of the type above: fail because no entitlement was assigned + AnyObjectTO folder = new AnyObjectTO(); + folder.setRealm(SyncopeConstants.ROOT_REALM); + folder.setType(anyTypeKey); + folder.getPlainAttrs().add(attrTO(path.getKey(), "/home")); + + SyncopeClient belliniClient = clientFactory.create("bellini", ADMIN_PWD); + try { + belliniClient.getService(AnyObjectService.class).create(folder); + fail(); + } catch (SyncopeClientException e) { + assertEquals(ClientExceptionType.DelegatedAdministration, e.getType()); + } + + // 4. give create entitlement for the any type just created + RoleTO role = new RoleTO(); + role.setName("role" + getUUIDString()); + role.getRealms().add(SyncopeConstants.ROOT_REALM); + role.getEntitlements().add(anyTypeKey + "_READ"); + role.getEntitlements().add(anyTypeKey + "_CREATE"); + role = createRole(role); + + UserTO bellini = readUser("bellini"); + UserPatch patch = new UserPatch(); + patch.setKey(bellini.getKey()); + patch.getRoles().add(new LongPatchItem.Builder(). + operation(PatchOperation.ADD_REPLACE).value(role.getKey()).build()); + bellini = updateUser(patch).getAny(); + assertTrue(bellini.getRoles().contains(role.getKey())); + + // 5. now the instance of the type above can be created successfully + belliniClient.getService(AnyObjectService.class).create(folder); + } + + @Test public void issueSYNCOPE434() { Assume.assumeTrue(ActivitiDetector.isActivitiEnabledForUsers(syncopeService)); http://git-wip-us.apache.org/repos/asf/syncope/blob/b9fcf293/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/RoleITCase.java ---------------------------------------------------------------------- diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/RoleITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/RoleITCase.java index 81b0796..c745324 100644 --- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/RoleITCase.java +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/reference/RoleITCase.java @@ -30,7 +30,7 @@ import org.apache.syncope.common.lib.SyncopeClientException; import org.apache.syncope.common.lib.SyncopeConstants; import org.apache.syncope.common.lib.to.RoleTO; import org.apache.syncope.common.lib.types.ClientExceptionType; -import org.apache.syncope.common.lib.types.Entitlement; +import org.apache.syncope.common.lib.types.StandardEntitlement; import org.apache.syncope.common.rest.api.service.RoleService; import org.junit.FixMethodOrder; import org.junit.Test; @@ -43,7 +43,7 @@ public class RoleITCase extends AbstractITCase { RoleTO role = new RoleTO(); role.setName(name + getUUIDString()); role.getRealms().add("/even"); - role.getEntitlements().add(Entitlement.LOG_SET_LEVEL); + role.getEntitlements().add(StandardEntitlement.LOG_SET_LEVEL); return role; } @@ -62,44 +62,46 @@ public class RoleITCase extends AbstractITCase { public void read() { RoleTO roleTO = roleService.read(3L); assertNotNull(roleTO); - assertTrue(roleTO.getEntitlements().contains(Entitlement.GROUP_READ)); + assertTrue(roleTO.getEntitlements().contains(StandardEntitlement.GROUP_READ)); } @Test public void create() { RoleTO role = new RoleTO(); - role.setName("new" + getUUIDString()); role.getRealms().add(SyncopeConstants.ROOT_REALM); role.getRealms().add("/even/two"); - role.getEntitlements().add(Entitlement.LOG_LIST); - role.getEntitlements().add(Entitlement.LOG_SET_LEVEL); + role.getEntitlements().add(StandardEntitlement.LOG_LIST); + role.getEntitlements().add(StandardEntitlement.LOG_SET_LEVEL); - Response response = roleService.create(role); + try { + createRole(role); + fail(); + } catch (SyncopeClientException e) { + assertEquals(ClientExceptionType.InvalidRole, e.getType()); + } - RoleTO actual = getObject(response.getLocation(), RoleService.class, RoleTO.class); - assertNotNull(actual); + role.setName("new" + getUUIDString()); + role = createRole(role); + assertNotNull(role); } @Test public void update() { RoleTO role = getSampleRoleTO("update"); - Response response = roleService.create(role); - - RoleTO actual = getObject(response.getLocation(), RoleService.class, RoleTO.class); - assertNotNull(actual); + role = createRole(role); + assertNotNull(role); - role = actual; - assertFalse(role.getEntitlements().contains(Entitlement.WORKFLOW_TASK_LIST)); + assertFalse(role.getEntitlements().contains(StandardEntitlement.WORKFLOW_TASK_LIST)); assertFalse(role.getRealms().contains("/even/two")); - role.getEntitlements().add(Entitlement.WORKFLOW_TASK_LIST); + role.getEntitlements().add(StandardEntitlement.WORKFLOW_TASK_LIST); role.getRealms().add("/even/two"); roleService.update(role); - actual = roleService.read(role.getKey()); - assertTrue(actual.getEntitlements().contains(Entitlement.WORKFLOW_TASK_LIST)); - assertTrue(actual.getRealms().contains("/even/two")); + role = roleService.read(role.getKey()); + assertTrue(role.getEntitlements().contains(StandardEntitlement.WORKFLOW_TASK_LIST)); + assertTrue(role.getRealms().contains("/even/two")); } @Test
