Examples of org.osgi.service.useradmin.Authorization

org.osgi.service.useradmin.Authorization
The {@code Authorization} interface encapsulates an authorization context onwhich bundles can base authorization decisions, where appropriate.
Bundles associate the privilege to access restricted resources or operations with roles. Before granting access to a restricted resource or operation, a bundle will check if the {@code Authorization} object passed to it possessthe required role, by calling its {@code hasRole} method.
Authorization contexts are instantiated by calling the {@link UserAdmin#getAuthorization(User)} method.
Trusting Authorization objects
There are no restrictions regarding the creation of {@code Authorization}objects. Hence, a service must only accept {@code Authorization} objects frombundles that has been authorized to use the service using code based (or Java 2) permissions.
In some cases it is useful to use {@code ServicePermission} to do the codebased access control. A service basing user access control on {@code Authorization} objects passed to it, will then require that a callingbundle has the {@code ServicePermission} to get the service in question. Thisis the most convenient way. The OSGi environment will do the code based permission check when the calling bundle attempts to get the service from the service registry.
Example: A servlet using a service on a user's behalf. The bundle with the servlet must be given the {@code ServicePermission} to get the Http Service.
However, in some cases the code based permission checks need to be more fine-grained. A service might allow all bundles to get it, but require certain code based permissions for some of its methods.
Example: A servlet using a service on a user's behalf, where some service functionality is open to anyone, and some is restricted by code based permissions. When a restricted method is called (e.g., one handing over an {@code Authorization} object), the service explicitly checks that the callingbundle has permission to make the call. @noimplement @author $Id: 4786641d1725f18fb3bc160059d7f8b28e46bbab $

    }


    @Override
    public boolean isUserInRole(String role)
    {
        Authorization authorization = (Authorization) getAttribute(HttpContext.AUTHORIZATION);
        if (authorization != null)
        {
            return authorization.hasRole(role);
        }


        return super.isUserInRole(role);
    }

View Full Code Here

        try {
            Role role = service.getRole(username);
            if (role == null || role.getType() != Role.USER) {
                throw new IllegalArgumentException(username + " is not User name");
            }
            Authorization authorization = service.getAuthorization((User) role);
            Map<String, Object> values = new HashMap<String, Object>();
            String name = authorization.getName();
            values.put(NAME, name);
            Role authRole = service.getRole(name);
            values.put(TYPE, authRole.getType());
            return new CompositeDataSupport(AUTORIZATION_TYPE, values);
        } catch (IllegalArgumentException e) {

View Full Code Here

        try {
            Role role = service.getRole(username);
            if (role == null || role.getType() != Role.USER) {
                throw new IllegalArgumentException(username + " is not User name");
            }
            Authorization authorization = service.getAuthorization((User) role);
            if (authorization != null) {
                return authorization.getRoles();
            } else {
                return new String[0];
            }
        } catch (IllegalArgumentException e) {
            logVisitor.warning("getImpliedRoles error", e);

View Full Code Here

        return tempUsers;
    }


    @Override
    public Group getGroup(User user) {
        Authorization auth = m_useradmin.getAuthorization(user);
        String[] roles = auth.getRoles();
        if (roles != null) {
            for (String role : roles) {
                Role result = m_useradmin.getRole(role);
                if (result.getType() == Role.GROUP) {
                    Group group = (Group) result;

View Full Code Here

        return m_useradmin.getUser("username", username);
    }


    @Override
    public boolean hasRole(User user, String role) {
        Authorization authorization = m_useradmin.getAuthorization(user);
        return authorization.hasRole(role);
    }

View Full Code Here


        loginWindow.center();
    }


    private void initGrid(User user) {
        Authorization auth = m_userAdmin.getAuthorization(user);
        int count = 0;
        for (String role : new String[] { "viewArtifact", "viewFeature", "viewDistribution", "viewTarget" }) {
            if (auth.hasRole(role)) {
                count++;
            }
        }
        m_grid = new GridLayout(count, 4);
        m_grid.setSpacing(true);
        m_grid.setSizeFull();


        m_mainToolbar = createToolbar(user);
    m_grid.addComponent(m_mainToolbar, 0, 0, count - 1, 0);


        m_artifactsPanel = createArtifactsPanel(user);


        m_artifactToolbar = new HorizontalLayout();
        m_artifactToolbar.addComponent(createAddArtifactButton(user));


        CheckBox dynamicCheckBox = new CheckBox("Dynamic Links");
        dynamicCheckBox.setImmediate(true);
        dynamicCheckBox.setValue(Boolean.TRUE);
        dynamicCheckBox.addListener(new Button.ClickListener() {
            public void buttonClick(ClickEvent event) {
                m_dynamicRelations = event.getButton().booleanValue();
            }
        });
        m_artifactToolbar.addComponent(dynamicCheckBox);


        count = 0;
        if (auth.hasRole("viewArtifact")) {
            m_grid.addComponent(m_artifactsPanel, count, 2);
            m_grid.addComponent(m_artifactToolbar, count, 1);
            count++;
        }


        m_featuresPanel = createFeaturesPanel(user);
        m_featureToolbar = createAddFeatureButton(user);


        if (auth.hasRole("viewFeature")) {
            m_grid.addComponent(m_featuresPanel, count, 2);
            m_grid.addComponent(m_featureToolbar, count, 1);
            count++;
        }


        m_distributionsPanel = createDistributionsPanel(user);
        m_distributionToolbar = createAddDistributionButton(user);


        if (auth.hasRole("viewDistribution")) {
            m_grid.addComponent(m_distributionsPanel, count, 2);
            m_grid.addComponent(m_distributionToolbar, count, 1);
            count++;
        }


        m_targetsPanel = createTargetsPanel(user);
        m_targetToolbar = createAddTargetButton(user);


        if (auth.hasRole("viewTarget")) {
            m_grid.addComponent(m_targetsPanel, count, 2);
            m_grid.addComponent(m_targetToolbar, count, 1);
        }


        // Wire up all panels so they have the correct associations...

View Full Code Here

        Role role = userAdmin.getRole(username);
        if (role == null) {
            return null;
        }
        validateRoleType(role, Role.USER);
        Authorization auth = userAdmin.getAuthorization((User) role);
        if (auth == null) {
            return null;
        }


        return new AuthorizationData(auth).toCompositeData();

View Full Code Here

            throw new IOException("User name cannot be null");
        }
        Role role = userAdmin.getRole(username);
        if (role != null) {
            validateRoleType(role, Role.USER);
            Authorization auth = userAdmin.getAuthorization((User) role);
            if (auth != null) {
                return auth.getRoles();
            }
        }
        return null;
    }

View Full Code Here

     * 
     * @throws IOException
     */
    @Test
    public void testGetAuthorization() throws IOException {
        Authorization auth = Mockito.mock(Authorization.class);
        User user = Mockito.mock(User.class);
        Mockito.when(user.getType()).thenReturn(Role.USER);
        Mockito.when(userAdmin.getAuthorization(user)).thenReturn(auth);
        Mockito.when(userAdmin.getRole("role1")).thenReturn(user);
        Mockito.when(auth.getName()).thenReturn("auth1");
        Mockito.when(auth.getRoles()).thenReturn(new String[]{"role1"});
        CompositeData data = mbean.getAuthorization("role1");
        Assert.assertNotNull(data);
        AuthorizationData authData = AuthorizationData.from(data);
        Assert.assertNotNull(authData);
        Assert.assertEquals("auth1", authData.getName());

View Full Code Here

     * @throws IOException
     */
    @Test
    public void testGetImpliedRoles() throws IOException {
        User user1 = Mockito.mock(User.class);
        Authorization auth = Mockito.mock(Authorization.class);
        Mockito.when(user1.getType()).thenReturn(Role.USER);
        Mockito.when(auth.getRoles()).thenReturn(new String[] { "role1" });
        Mockito.when(userAdmin.getRole("role1")).thenReturn(user1);
        Mockito.when(userAdmin.getAuthorization(user1)).thenReturn(auth);
        String[] roles = mbean.getImpliedRoles("role1");
        Assert.assertArrayEquals(new String[] { "role1" }, roles);
    }

View Full Code Here

0 1 2 3

TOP

Related Classes of org.osgi.service.useradmin.Authorization

org.apache.ace.useradmin.ui.editor.impl.UserEditorImpl

org.apache.ace.webui.vaadin.VaadinClient

org.apache.aries.jmx.useradmin.UserAdmin

org.apache.aries.jmx.useradmin.UserAdminTest

org.apache.felix.http.base.internal.handler.ServletHandlerRequest

org.apache.felix.useradmin.impl.UserAdminImplTest

org.knopflerfish.bundle.consoletcp.ConsoleTcp$AcceptThread

org.knopflerfish.bundle.consoletelnet.TelnetSession

org.knowhowlab.osgi.jmx.beans.service.useradmin.UserAdmin

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.