Examples of AuthorizationService

com.ibm.sbt.services.client.smartcloud.bss.AuthorizationService
Use authorizaton services to manage roles. @author mwallace
org.apache.ldap.server.authz.AuthorizationService
An {@link org.apache.ldap.server.interceptor.Interceptor} that controls access to {@link BackingStore}operations. If a user tries to perform any operations that requires permission he or she doesn't have, {@link NamingException} will bethrown and therefore the current invocation chain will terminate. @author Apache Directory Project @version $Rev: 159260 $, $Date: 2005-03-28 12:15:52 -0500 (Mon, 28 Mar 2005) $
org.apache.oozie.service.AuthorizationService
The authorization service provides all authorization checks.
org.camunda.bpm.engine.AuthorizationService
onfigure auth authorizationService.saveAuthorization(auth); The authorization object can be configured either for a user or a group:
```
 auth.setUserId("john"); -OR- auth.setGroupId("management"); 
```
and a resource:
```
 auth.setResource("processDefinition"); auth.setResourceId("2313"); 
```
finally the permissions to access that resource can be assigned:
```
 auth.addPermission(Permissions.READ); 
```
and the authorization object is saved:
```
 authorizationService.saveAuthorization(auth); 
```
As a result, the given user or group will have permission to READ the referenced process definition.
@author Daniel Meyer @since 7.0
org.glassfish.security.services.api.authorization.AuthorizationService
The AuthorizationService interface provides methods that allow server and container to determine whether access should be allowed to a particular resource. It is intended for internal use, not for use by applications.
org.jasig.portal.services.AuthorizationService
@author Bernie Durfee, bdurfee@interactivebusiness.com @author Dan Ellentuck @version $Revision: 19776 $
org.jbpm.security.AuthorizationService

Examples of org.apache.oozie.service.AuthorizationService

     * @param request the HttpServletRequest
     * @throws XServletException the x servlet exception
     */
    private void authorizeRequest(HttpServletRequest request) throws XServletException {
        try {
            AuthorizationService auth = Services.get().get(AuthorizationService.class);
            auth.authorizeForAdmin(getUser(request), true);
        }
        catch (AuthorizationException ex) {
            throw new XServletException(HttpServletResponse.SC_UNAUTHORIZED, ex);
        }
    }

View Full Code Here

Examples of org.apache.oozie.service.AuthorizationService

    protected void doPut(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        String jobId = getResourceName(request);
        request.setAttribute(AUDIT_PARAM, jobId);
        request.setAttribute(AUDIT_OPERATION, request.getParameter(RestConstants.ACTION_PARAM));
        try {
            AuthorizationService auth = Services.get().get(AuthorizationService.class);
            auth.authorizeForJob(getUser(request), jobId, true);
        }
        catch (AuthorizationException ex) {
            throw new XServletException(HttpServletResponse.SC_UNAUTHORIZED, ex);
        }

View Full Code Here

Examples of org.apache.oozie.service.AuthorizationService

        String acl = ConfigUtils.getWithDeprecatedCheck(conf, OozieClient.GROUP_NAME, OozieClient.JOB_ACL, null);
        try {
            if (user == null) {
                throw new XServletException(HttpServletResponse.SC_BAD_REQUEST, ErrorCode.E0401, OozieClient.USER_NAME);
            }
            AuthorizationService auth = Services.get().get(AuthorizationService.class);


            if (acl != null){
               conf.set(OozieClient.GROUP_NAME, acl);
            }
            else if (acl == null && auth.useDefaultGroupAsAcl()) {
                acl = auth.getDefaultGroup(user);
                conf.set(OozieClient.GROUP_NAME, acl);
            }
            XLog.Info.get().setParameter(XLogService.GROUP, acl);
            String wfPath = conf.get(OozieClient.APP_PATH);
            String coordPath = conf.get(OozieClient.COORDINATOR_APP_PATH);
            String bundlePath = conf.get(OozieClient.BUNDLE_APP_PATH);


            if (wfPath == null && coordPath == null && bundlePath == null) {
                String[] libPaths = conf.getStrings(XOozieClient.LIBPATH);
                if (libPaths != null && libPaths.length > 0 && libPaths[0].trim().length() > 0) {
                    conf.set(OozieClient.APP_PATH, libPaths[0].trim());
                    wfPath = libPaths[0].trim();
                }
                else {
                    throw new XServletException(HttpServletResponse.SC_BAD_REQUEST, ErrorCode.E0405);
                }
            }
            ServletUtilities.ValidateAppPath(wfPath, coordPath, bundlePath);


            if (wfPath != null) {
                auth.authorizeForApp(user, acl, wfPath, "workflow.xml", conf);
            }
            else if (coordPath != null){
                auth.authorizeForApp(user, acl, coordPath, "coordinator.xml", conf);
            }
            else if (bundlePath != null){
                auth.authorizeForApp(user, acl, bundlePath, "bundle.xml", conf);
            }
        }
        catch (AuthorizationException ex) {
            XLog.getLog(BaseJobServlet.class).info("AuthorizationException ", ex);
            throw new XServletException(HttpServletResponse.SC_UNAUTHORIZED, ex);

View Full Code Here

Examples of org.apache.oozie.service.AuthorizationService

        String show = request.getParameter(RestConstants.JOB_SHOW_PARAM);
        String timeZoneId = request.getParameter(RestConstants.TIME_ZONE_PARAM) == null
                ? "GMT" : request.getParameter(RestConstants.TIME_ZONE_PARAM);


        try {
            AuthorizationService auth = Services.get().get(AuthorizationService.class);
            auth.authorizeForJob(getUser(request), jobId, false);
        }
        catch (AuthorizationException ex) {
            throw new XServletException(HttpServletResponse.SC_UNAUTHORIZED, ex);
        }

View Full Code Here

Examples of org.camunda.bpm.engine.AuthorizationService

  }


  protected boolean isAuthorized(Permission permission, Resource resource, String resourceId) {


    final IdentityService identityService = processEngine.getIdentityService();
    final AuthorizationService authorizationService = processEngine.getAuthorizationService();


    Authentication authentication = identityService.getCurrentAuthentication();
    if(authentication == null) {
      return true;


    } else {
      return authorizationService
         .isUserAuthorized(authentication.getUserId(), authentication.getGroupIds(), permission, resource, resourceId);
    }
  }

View Full Code Here

Examples of org.camunda.bpm.engine.AuthorizationService

      Group managementGroup = identityService.newGroup("management");
      managementGroup.setName("Management");
      managementGroup.setType("WORKFLOW");
      identityService.saveGroup(managementGroup);


      final AuthorizationService authorizationService = engine.getAuthorizationService();


      // create group
      if(identityService.createGroupQuery().groupId(Groups.CAMUNDA_ADMIN).count() == 0) {
        Group camundaAdminGroup = identityService.newGroup(Groups.CAMUNDA_ADMIN);
        camundaAdminGroup.setName("camunda BPM Administrators");
        camundaAdminGroup.setType(Groups.GROUP_TYPE_SYSTEM);
        identityService.saveGroup(camundaAdminGroup);
      }


      // create ADMIN authorizations on all built-in resources
      for (Resource resource : Resources.values()) {
        if(authorizationService.createAuthorizationQuery().groupIdIn(Groups.CAMUNDA_ADMIN).resourceType(resource).resourceId(ANY).count() == 0) {
          AuthorizationEntity userAdminAuth = new AuthorizationEntity(AUTH_TYPE_GRANT);
          userAdminAuth.setGroupId(Groups.CAMUNDA_ADMIN);
          userAdminAuth.setResource(resource);
          userAdminAuth.setResourceId(ANY);
          userAdminAuth.addPermission(ALL);
          authorizationService.saveAuthorization(userAdminAuth);
        }
      }


      identityService.createMembership("demo", "sales");
      identityService.createMembership("demo", "accounting");
      identityService.createMembership("demo", "management");
      identityService.createMembership("demo", "camunda-admin");


      identityService.createMembership("john", "sales");
      identityService.createMembership("mary", "accounting");
      identityService.createMembership("peter", "management");




      // authorize groups for tasklist only:


      Authorization salesTasklistAuth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
      salesTasklistAuth.setGroupId("sales");
      salesTasklistAuth.addPermission(ACCESS);
      salesTasklistAuth.setResourceId("tasklist");
      salesTasklistAuth.setResource(APPLICATION);
      authorizationService.saveAuthorization(salesTasklistAuth);


      Authorization accountingTasklistAuth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
      accountingTasklistAuth.setGroupId("accounting");
      accountingTasklistAuth.addPermission(ACCESS);
      accountingTasklistAuth.setResourceId("tasklist");
      accountingTasklistAuth.setResource(APPLICATION);
      authorizationService.saveAuthorization(accountingTasklistAuth);


      Authorization managementTasklistAuth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
      managementTasklistAuth.setGroupId("management");
      managementTasklistAuth.addPermission(ACCESS);
      managementTasklistAuth.setResourceId("tasklist");
      managementTasklistAuth.setResource(APPLICATION);
      authorizationService.saveAuthorization(managementTasklistAuth);


      Authorization salesDemoAuth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
      salesDemoAuth.setGroupId("sales");
      salesDemoAuth.setResource(USER);
      salesDemoAuth.setResourceId("demo");
      salesDemoAuth.addPermission(READ);
      authorizationService.saveAuthorization(salesDemoAuth);


      Authorization salesJohnAuth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
      salesJohnAuth.setGroupId("sales");
      salesJohnAuth.setResource(USER);
      salesJohnAuth.setResourceId("john");
      salesJohnAuth.addPermission(READ);
      authorizationService.saveAuthorization(salesJohnAuth);


      Authorization manDemoAuth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
      manDemoAuth.setGroupId("management");
      manDemoAuth.setResource(USER);
      manDemoAuth.setResourceId("demo");
      manDemoAuth.addPermission(READ);
      authorizationService.saveAuthorization(manDemoAuth);


      Authorization manPeterAuth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
      manPeterAuth.setGroupId("management");
      manPeterAuth.setResource(USER);
      manPeterAuth.setResourceId("peter");
      manPeterAuth.addPermission(READ);
      authorizationService.saveAuthorization(manPeterAuth);


      Authorization accDemoAuth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
      accDemoAuth.setGroupId("accounting");
      accDemoAuth.setResource(USER);
      accDemoAuth.setResourceId("demo");
      accDemoAuth.addPermission(READ);
      authorizationService.saveAuthorization(accDemoAuth);


      Authorization accMaryAuth = authorizationService.createNewAuthorization(AUTH_TYPE_GRANT);
      accMaryAuth.setGroupId("accounting");
      accMaryAuth.setResource(USER);
      accMaryAuth.setResourceId("mary");
      accMaryAuth.addPermission(READ);
      authorizationService.saveAuthorization(accMaryAuth);


      // create default filters


      FilterService filterService = engine.getFilterService();


      Map<String, Object> filterProperties = new HashMap<String, Object>();
      filterProperties.put("description", "Tasks assigned to me");
      filterProperties.put("priority", -10);
      addVariables(filterProperties);
      TaskService taskService = engine.getTaskService();
      TaskQuery query = taskService.createTaskQuery().taskAssigneeExpression("${currentUser()}");
      Filter myTasksFilter = filterService.newTaskFilter().setName("My Tasks").setProperties(filterProperties).setOwner("demo").setQuery(query);
      filterService.saveFilter(myTasksFilter);


      filterProperties.clear();
      filterProperties.put("description", "Tasks assigned to my Groups");
      filterProperties.put("priority", -5);
      addVariables(filterProperties);
      query = taskService.createTaskQuery().taskCandidateGroupInExpression("${currentUserGroups()}").taskUnassigned();
      Filter groupTasksFilter = filterService.newTaskFilter().setName("My Group Tasks").setProperties(filterProperties).setOwner("demo").setQuery(query);
      filterService.saveFilter(groupTasksFilter);


      // global read authorizations for these filters


      Authorization globalMyTaskFilterRead = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GLOBAL);
      globalMyTaskFilterRead.setResource(FILTER);
      globalMyTaskFilterRead.setResourceId(myTasksFilter.getId());
      globalMyTaskFilterRead.addPermission(READ);
      authorizationService.saveAuthorization(globalMyTaskFilterRead);


      Authorization globalGroupFilterRead = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GLOBAL);
      globalGroupFilterRead.setResource(FILTER);
      globalGroupFilterRead.setResourceId(groupTasksFilter.getId());
      globalGroupFilterRead.addPermission(READ);
      authorizationService.saveAuthorization(globalGroupFilterRead);


      // management filter


      filterProperties.clear();
      filterProperties.put("description", "Tasks for Group Accounting");
      filterProperties.put("priority", -5);
      addVariables(filterProperties);
      query = taskService.createTaskQuery().taskCandidateGroupIn(Arrays.asList("accounting")).taskUnassigned();
      Filter candidateGroupTasksFilter = filterService.newTaskFilter().setName("Accounting").setProperties(filterProperties).setOwner("demo").setQuery(query);
      filterService.saveFilter(candidateGroupTasksFilter);


      Authorization managementGroupFilterRead = authorizationService.createNewAuthorization(Authorization.AUTH_TYPE_GRANT);
      managementGroupFilterRead.setResource(FILTER);
      managementGroupFilterRead.setResourceId(candidateGroupTasksFilter.getId());
      managementGroupFilterRead.addPermission(READ);
      managementGroupFilterRead.setGroupId("accounting");
      authorizationService.saveAuthorization(managementGroupFilterRead);


      // john's tasks


      filterProperties.clear();
      filterProperties.put("description", "Tasks assigned to John");

View Full Code Here

Examples of org.camunda.bpm.engine.AuthorizationService

  public void postProcessEngineBuild(ProcessEngine processEngine) {
    if(!authorizationEnabled) {
      return;
    }


    final AuthorizationService authorizationService = processEngine.getAuthorizationService();


    if(administratorGroupName != null && administratorGroupName.length()>0) {
      // create ADMIN authorizations on all built-in resources for configured group
      for (Resource resource : Resources.values()) {
        if(authorizationService.createAuthorizationQuery().groupIdIn(administratorGroupName).resourceType(resource).resourceId(ANY).count() == 0) {
          AuthorizationEntity adminGroupAuth = new AuthorizationEntity(AUTH_TYPE_GRANT);
          adminGroupAuth.setGroupId(administratorGroupName);
          adminGroupAuth.setResource(resource);
          adminGroupAuth.setResourceId(ANY);
          adminGroupAuth.addPermission(ALL);
          authorizationService.saveAuthorization(adminGroupAuth);
          LOG.log(Level.INFO, "GRANT group {0} ALL permissions on resource {1}.", new String[]{administratorGroupName, resource.resourceName()});


        }
      }
    }


    if(administratorUserName != null && administratorUserName.length()>0) {
      // create ADMIN authorizations on all built-in resources for configured user
      for (Resource resource : Resources.values()) {
        if(authorizationService.createAuthorizationQuery().userIdIn(administratorUserName).resourceType(resource).resourceId(ANY).count() == 0) {
          AuthorizationEntity adminUserAuth = new AuthorizationEntity(AUTH_TYPE_GRANT);
          adminUserAuth.setUserId(administratorUserName);
          adminUserAuth.setResource(resource);
          adminUserAuth.setResourceId(ANY);
          adminUserAuth.addPermission(ALL);
          authorizationService.saveAuthorization(adminUserAuth);
          LOG.log(Level.INFO, "GRANT user {0} ALL permissions on resource {1}.", new String[]{administratorUserName, resource.resourceName()});
        }
      }
    }

View Full Code Here

Examples of org.camunda.bpm.engine.AuthorizationService

    final Authentication currentAuthentication = processEngine.getIdentityService().getCurrentAuthentication();
    if(currentAuthentication == null) {
      throw new InvalidRequestException(Status.UNAUTHORIZED, "You must be authenticated in order to use this resource.");
    }


    final AuthorizationService authorizationService = processEngine.getAuthorizationService();


    // create new authorization dto implementing both Permission and Resource
    AuthorizationUtil authorizationUtil = new AuthorizationUtil(resourceName, resourceType, permissionName);


    boolean isUserAuthorized = false;
    if(resourceId == null || Authorization.ANY.equals(resourceId)) {
      isUserAuthorized = authorizationService.isUserAuthorized(currentAuthentication.getUserId(), currentAuthentication.getGroupIds(), authorizationUtil, authorizationUtil);


    } else {
      isUserAuthorized = authorizationService.isUserAuthorized(currentAuthentication.getUserId(), currentAuthentication.getGroupIds(), authorizationUtil, authorizationUtil, resourceId);


    }


    return new AuthorizationCheckResultDto(isUserAuthorized, authorizationUtil, resourceId);
  }

View Full Code Here

Examples of org.camunda.bpm.engine.AuthorizationService

    long count = query.count();
    return new CountResultDto(count);
  }


  public AuthorizationDto createAuthorization(UriInfo context, AuthorizationCreateDto dto) {
    final AuthorizationService authorizationService = processEngine.getAuthorizationService();


    Authorization newAuthorization = authorizationService.createNewAuthorization(dto.getType());
    AuthorizationCreateDto.update(dto, newAuthorization);


    newAuthorization = authorizationService.saveAuthorization(newAuthorization);


    return getAuthorization(newAuthorization.getId()).getAuthorization(context);
  }

View Full Code Here

Examples of org.glassfish.security.services.api.authorization.AuthorizationService

     * @param action the action being attempted by the subject on the resource
     * @return true if the subject is allowed to perform the action, false otherwise
     * @throws URISyntaxException
     */
    public static boolean isAuthorized(final ServiceLocator habitat, final Subject subject, final String resource, final String action) throws URISyntaxException {
        final AuthorizationService authorizationSvc =
            AccessController.doPrivileged(
                    new PrivilegedLookup<AuthorizationService>(habitat, AuthorizationService.class));
        return authorizationSvc.isAuthorized(subject, new URI("admin", resource, null), action);
    }

View Full Code Here

0 1 2 3 4 5

TOP

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.