Examples of org.wso2.carbon.user.api.AuthorizationManager

• org.wso2.eventing.SubscriptionData

     * @throws MessageBoxException - if fails to deny permissions
     */
    public void denyAllPermissionsToUser(String messageBoxId, String user)
            throws MessageBoxException {
        try {
            AuthorizationManager authorizationManager = Utils.getUserRelam().getAuthorizationManager();

            String messageBoxPath = MessageBoxConstants.MB_MESSAGE_BOX_STORAGE_PATH + "/" +
                                    messageBoxId;
            authorizationManager.denyUser(user, messageBoxPath,
                                          MessageBoxConstants.SQS_OPERATION_DELETE_MESSAGE);
            authorizationManager.denyUser(user, messageBoxPath,
                                          MessageBoxConstants.SQS_OPERATION_CHANGE_MESSAGE_VISIBILITY);
            authorizationManager.denyUser(user, messageBoxPath,
                                          MessageBoxConstants.SQS_OPERATION_GET_QUEUE_ATTRIBUTES);
            authorizationManager.denyUser(user, messageBoxPath,
                                          MessageBoxConstants.SQS_OPERATION_RECEIVE_MESSAGE);
            authorizationManager.denyUser(user, messageBoxPath,
                                          MessageBoxConstants.SQS_OPERATION_SEND_MESSAGE);

        } catch (UserStoreException e) {
            String error = "Failed to deny permissions to user" + user + " for message box " + messageBoxId;
            log.error(error);

     * @throws MessageBoxException if fails to clear authorizations
     */
    public void removePermission(String messageBoxId, PermissionLabel permissionLabel)
            throws MessageBoxException {
        try {
            AuthorizationManager authorizationManager = Utils.getUserRelam().getAuthorizationManager();

            String messageBoxPath = MessageBoxConstants.MB_MESSAGE_BOX_STORAGE_PATH + "/" +
                                    messageBoxId;

            for (String sharedUser : permissionLabel.getSharedUsers()) {
                for (String operation : permissionLabel.getOperations()) {
                    authorizationManager.clearUserAuthorization(sharedUser, messageBoxPath, operation);
                }
            }
        } catch (UserStoreException e) {
            String error = "Failed to clear permissions authorized for " + messageBoxId +
                           " with permission label " + permissionLabel.getLabelName();

        try {
            CassandraAdminComponentManager adminComponentManager = CassandraAdminComponentManager.getInstance();
            UserRealm userRealm = adminComponentManager.getRealmForCurrentTenant();
            //TODO ask the best way from security team
            AuthorizationManager authorizationManager = userRealm.getAuthorizationManager();
            authorizationManager.clearRoleAuthorization(role, path, ACTION_WRITE);
            authorizationManager.clearRoleAuthorization(role, path, ACTION_READ);
            authorizationManager.authorizeRole(role, path, ACTION_WRITE);
            authorizationManager.authorizeRole(role, path, ACTION_READ);
            return true;
        } catch (UserStoreException e) {
            throw new CassandraServerManagementException("Error during sharing a resource at path :" + path + " and" +
                    " for role :" + role, e, log);
        }

        try {
            CassandraAdminComponentManager adminComponentManager = CassandraAdminComponentManager.getInstance();
            UserRealm userRealm = adminComponentManager.getRealmForCurrentTenant();
            //TODO ask the best way from security team
            AuthorizationManager authorizationManager = userRealm.getAuthorizationManager();
            authorizationManager.clearRoleAuthorization(role, path, ACTION_WRITE);
            authorizationManager.clearRoleAuthorization(role, path, ACTION_READ);
            return true;
        } catch (UserStoreException e) {
            throw new CassandraServerManagementException("Error during clear sharing a resource at path :" + path + " and" +
                    " for role :" + role, e, log);
        }

        try {
            //TODO - get the realm for a special user that can be used to authorize other users - security team - already talked but need to implement
            UserRealm userRealm =
                    CassandraServerComponentManager.getInstance().getRealmForTenant(authenticatedUser.domainName);
            UserStoreManager userStoreManager = userRealm.getUserStoreManager();
            AuthorizationManager authorizationManager = userRealm.getAuthorizationManager();

            String tenantLessUsername = UserCoreUtil.getTenantLessUsername(authenticatedUser.username);

            switch (action) {
                case ADD: {

            // authorize using permissionString given as annotation in the service class
            String permissionString = authorizationActionMap.get(targetMethod.getName());

            // get the authorization manager for this tenant..
            UserRealm userRealm = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm();
            AuthorizationManager authorizationManager = userRealm.getAuthorizationManager();

            boolean isAuthorized = isAuthorized(authorizationManager, userName, permissionString, ACTION_ON_RESOURCE);
            return isAuthorized;

    }

        }

        public void run() {
            try {
                MessageContext msgCtx = ((Axis2MessageContext) synCtx).getAxis2MessageContext();
                Event<MessageContext> event = new Event(msgCtx);
                subscriptions = subscriptionManager.getMatchingSubscriptions(event);
            } catch (EventException e) {
                handleException("Matching subscriptions fetching error", e);
            }

     * @throws EventException event
     */
    private void processGetStatusRequest(MessageContext mc,
                                         ResponseMessageBuilder messageBuilder)
            throws AxisFault, EventException {
        Subscription subscription =
                SubscriptionMessageBuilder.createGetStatusMessage(mc);
        if (log.isDebugEnabled()) {
            log.debug("GetStatus request recived for SynapseSubscription ID : " +
                    subscription.getId());
        }
        subscription = subscriptionManager.getSubscription(subscription.getId());
        if (subscription != null) {
            if (log.isDebugEnabled()) {
                log.debug("Sending GetStatus responce for SynapseSubscription ID : " +
                        subscription.getId());
            }
            //send the responce
            SOAPEnvelope soapEnvelope = messageBuilder.genGetStatusResponse(subscription);
            dispatchResponse(soapEnvelope, EventingConstants.WSE_GET_STATUS_RESPONSE,
                    mc, false);

            // Adding static subscriptions
            List<Subscription> staticSubscriptionList =
                    eventSource.getSubscriptionManager().getStaticSubscriptions();
            for (Iterator<Subscription> iterator = staticSubscriptionList.iterator();
                 iterator.hasNext();) {
                Subscription staticSubscription = iterator.next();
                OMElement staticSubElem =
                        fac.createOMElement("subscription", XMLConfigConstants.SYNAPSE_OMNAMESPACE);
                staticSubElem.addAttribute(
                        fac.createOMAttribute("id", nullNS, staticSubscription.getId()));
                OMElement filterElem =
                        fac.createOMElement("filter", XMLConfigConstants.SYNAPSE_OMNAMESPACE);
                filterElem.addAttribute(fac.createOMAttribute("source", nullNS,
                        (String) staticSubscription.getFilterValue()));
                filterElem.addAttribute(fac.createOMAttribute("dialect", nullNS,
                        (String) staticSubscription.getFilterDialect()));
                staticSubElem.addChild(filterElem);
                OMElement endpointElem =
                        fac.createOMElement("endpoint", XMLConfigConstants.SYNAPSE_OMNAMESPACE);
                OMElement addressElem =
                        fac.createOMElement("address", XMLConfigConstants.SYNAPSE_OMNAMESPACE);
                addressElem.addAttribute(
                        fac.createOMAttribute("uri", nullNS, staticSubscription.getEndpointUrl()));
                endpointElem.addChild(addressElem);
                staticSubElem.addChild(endpointElem);
                if (staticSubscription.getExpires() != null) {
                    OMElement expiresElem =
                            fac.createOMElement("expires", XMLConfigConstants.SYNAPSE_OMNAMESPACE);
                    fac.createOMText(expiresElem,
                            ConverterUtil.convertToString(staticSubscription.getExpires()));
                    staticSubElem.addChild(expiresElem);
                }
                evenSourceElem.addChild(staticSubElem);
            }

    public SynapseSubscription() {
        this.setId(UIDGenerator.generateURNString());
        this.setDeliveryMode(EventingConstants.WSE_DEFAULT_DELIVERY_MODE);
        SubscriptionData subscriptionData = new SubscriptionData();
        subscriptionData.setProperty(SynapseEventingConstants.STATIC_ENTRY, "false");
        this.setSubscriptionData(subscriptionData);
    }