Package org.rhq.enterprise.server.authz

Examples of org.rhq.enterprise.server.authz.AuthorizationManagerLocal


     * value="${onf:getResourcePermission()}"/&gt; &lt;c:if test="${resourcePerm.measure}"&gt; ...</code>
     *
     * @return a <code>ResourcePermission</code> object for the resource with the specified id
     */
    public static ResourcePermission getResourcePermission() {
        AuthorizationManagerLocal authorizationManager = LookupUtil.getAuthorizationManager();
        Subject subject = EnterpriseFacesContextUtility.getSubject();
        Resource resource = EnterpriseFacesContextUtility.getResource();
        Set<Permission> resourcePerms = authorizationManager.getImplicitResourcePermissions(subject, resource.getId());
        return new ResourcePermission(resourcePerms);
    }
View Full Code Here


     * @param  groupId a {@link ResourceGroup} id
     *
     * @return a <code>ResourcePermission</code> object for the group with the specified id
     */
    public static ResourcePermission getGroupPermission(int groupId) {
        AuthorizationManagerLocal authorizationManager = LookupUtil.getAuthorizationManager();
        Subject subject = EnterpriseFacesContextUtility.getSubject();
        Set<Permission> groupPerms = authorizationManager.getImplicitGroupPermissions(subject, groupId);
        return new ResourcePermission(groupPerms);
    }
View Full Code Here

     *
     * 
     * @return
     */
    private boolean determineMeasurementManager() {
        AuthorizationManagerLocal authManager = LookupUtil.getAuthorizationManager();

        if (authManager.isInventoryManager(subject)) {
            return true;
        }

        List<Resource> resources = LookupUtil.getResourceGroupManager().findResourcesForAutoGroup(this.subject, this.getParentResource().getId(),
            this.getChildResourceType().getId());
        // Note, authManager does offer a single query solution for this but it has limits and is inefficient, for now let's
        // opt for more round trips on the assumption that the AG size is typically small.         
        for (Resource resource : resources) {
            if (!authManager.hasResourcePermission(subject, Permission.MANAGE_MEASUREMENTS, resource.getId())) {
                return false;
            }
        }

        return true;
View Full Code Here

    public void testResourceCriteriaBounded() throws Exception {
        ArrayList<GroupAvailCounts> gacs = new ArrayList<LargeGroupCriteriaTest.GroupAvailCounts>();
        gacs.add(new GroupAvailCounts(1100, 0, 0, 0)); // purposefully over 1,000, avails don't really matter

        ResourceManagerLocal resourceManager = LookupUtil.getResourceManager();
        AuthorizationManagerLocal authManager = LookupUtil.getAuthorizationManager();

        env = new ArrayList<LargeGroupEnvironment>(gacs.size());

        LargeGroupEnvironment lgeWithTypes = null;
        for (GroupAvailCounts gac : gacs) {
View Full Code Here

        return pageList;
    }

    private void testGroupQueries(ArrayList<GroupAvailCounts> groupAvailCounts) throws Exception {
        ResourceGroupManagerLocal groupManager = LookupUtil.getResourceGroupManager();
        AuthorizationManagerLocal authManager = LookupUtil.getAuthorizationManager();

        env = new ArrayList<LargeGroupEnvironment>(groupAvailCounts.size());

        LargeGroupEnvironment lgeWithTypes = null;
        for (GroupAvailCounts gac : groupAvailCounts) {
            env.add(createLargeGroupWithNormalUserRoleAccessWithInventoryStatus(lgeWithTypes, gac.total, gac.down,
                gac.unknown, gac.disabled, gac.uncommitted, Permission.CONFIGURE_READ));
            lgeWithTypes = env.get(0);
        }

        ResourceGroupCriteria criteria;
        PageList<ResourceGroupComposite> pageList;
        ResourceGroupComposite groupComp;
        long start;

        // test findResourceGroupCompositesByCriteria
        for (int i = 0; i < groupAvailCounts.size(); i++) {
            LargeGroupEnvironment lge = env.get(i);
            GroupAvailCounts gac = groupAvailCounts.get(i);

            SessionTestHelper.simulateLogin(lge.normalSubject);
            criteria = new ResourceGroupCriteria();
            start = System.currentTimeMillis();
            pageList = groupManager.findResourceGroupCompositesByCriteria(lge.normalSubject, criteria);
            System.out.println("findResourceGroupCompositesByCriteria #" + i + "==>"
                + (System.currentTimeMillis() - start) + "ms");
            assert pageList.size() == 1 : "the query should only have selected the one group for our user";
            groupComp = pageList.get(0);
            System.out.println("-->" + groupComp);
            assert groupComp.getExplicitCount() == gac.visibleTotal;
            assert groupComp.getExplicitCount() == groupComp.getImplicitCount(); // we aren't testing recursive groups
            assert groupComp.getExplicitUp() == gac.up;
            assert groupComp.getExplicitDown() == gac.down;
            assert groupComp.getExplicitUnknown() == gac.unknown;
            assert groupComp.getExplicitDisabled() == gac.disabled;

            // mainly to help test when there are uncommitted resources in the group - see BZ 820981
            Resource committed = pickAResourceWithInventoryStatus(lge.platformResource, InventoryStatus.COMMITTED);
            assert true == authManager.hasResourcePermission(lge.normalSubject, Permission.CONFIGURE_READ,
                Collections.singletonList(committed.getId()));
            assert false == authManager.hasResourcePermission(lge.normalSubject, Permission.CONTROL,
                Collections.singletonList(committed.getId())); // we weren't given CONTROL perms on the committed resource
            Resource uncommitted = pickAResourceWithInventoryStatus(lge.platformResource, InventoryStatus.NEW);
            if (uncommitted != null) {
                assert false == authManager.hasResourcePermission(lge.normalSubject, Permission.CONFIGURE_READ,
                    Collections.singletonList(uncommitted.getId())); // no permissions for uncommitted resource
            }
        }

        // test getResourceGroupComposite
View Full Code Here

    @Override
    protected boolean condition() throws JspTagException {
        try {
            HttpServletRequest request = (HttpServletRequest) pageContext.getRequest();
            AuthorizationManagerLocal authorizationManager = LookupUtil.getAuthorizationManager();
            Subject user = WebUtility.getSubject(request);

            if (isSuperuserCheck()) {
                return authorizationManager.isSystemSuperuser(user);
            }

            Permission permission = getPermissionEnum();

            if (user == null) {
                return false; // cannot authorize a non-authenticated user
            }

            Context context = Context.Global;
            int resourceId = getResourceId(request);
            if (resourceId != 0) {
                context = Context.Resource;
            }
            int groupId = getResourceGroupId(request);
            if (groupId != 0) {
                context = Context.Group;
            }

            if (context == Context.Resource) {
                return authorizationManager.hasResourcePermission(user, permission, resourceId);
            } else if (context == Context.Group) {
                return authorizationManager.hasGroupPermission(user, permission, groupId);
            } else if (context == Context.Global) {
                return authorizationManager.hasGlobalPermission(user, permission);
            } else {
                throw new JspTagException("Authorization tag does not yet support the context[" + context + "]");
            }
        } catch (JspTagException jte) {
            throw jte; // pass-through
View Full Code Here

        ResourceManagerLocal resourceManager = LookupUtil.getResourceManager();

        SubjectManagerLocal subjectManager = LookupUtil.getSubjectManager();

        AuthorizationManagerLocal authorizationManager = LookupUtil.getAuthorizationManager();

        Subject rhqadmin = subjectManager.loginUnauthenticated("rhqadmin");
        System.out.println(rhqadmin);
    }
View Full Code Here

TOP

Related Classes of org.rhq.enterprise.server.authz.AuthorizationManagerLocal

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.