Package org.wso2.carbon.user.core

Examples of org.wso2.carbon.user.core.AuthorizationManager

114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
            // Set permission for anonymous read. We do it here because it should happen always in order
            // to support mounting a remote registry.

            if (registry != null) {
                AuthorizationManager accessControlAdmin =
                        registry.getUserRealm().getAuthorizationManager();

                if (!accessControlAdmin.isRoleAuthorized(CarbonConstants.REGISTRY_ANONNYMOUS_ROLE_NAME, RegistryConstants.CONFIG_REGISTRY_BASE_PATH +
                        REGISTRY_GADGET_STORAGE_PATH, ActionConstants.GET)) {
                    accessControlAdmin.authorizeRole(CarbonConstants.REGISTRY_ANONNYMOUS_ROLE_NAME, RegistryConstants.CONFIG_REGISTRY_BASE_PATH +
                            REGISTRY_GADGET_STORAGE_PATH, ActionConstants.GET);
                }

                File gadgetsDir = new File(extractedArchiveDir);
                if (gadgetsDir.exists()) {
View Full Code Here
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
                    }

                    // Set permission for anonymous read. We do it here because it should happen always in order
                    // to support mounting a remote registry.
                    UserRegistry userRegistry = getRegistry(tenantId);
                    AuthorizationManager accessControlAdmin =
                            userRegistry.getUserRealm().getAuthorizationManager();

                    if (!accessControlAdmin.isRoleAuthorized(CarbonConstants.REGISTRY_ANONNYMOUS_ROLE_NAME, RegistryConstants.CONFIG_REGISTRY_BASE_PATH +
                            REGISTRY_GADGET_STORAGE_PATH, ActionConstants.GET)) {
                        accessControlAdmin.authorizeRole(CarbonConstants.REGISTRY_ANONNYMOUS_ROLE_NAME, RegistryConstants.CONFIG_REGISTRY_BASE_PATH +
                                REGISTRY_GADGET_STORAGE_PATH, ActionConstants.GET);
                    }

                    // recurse
                    transferDirectoryContentToRegistry(file, registry, rootPath, tenantId);
View Full Code Here
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
         try {
          requestContext.getRegistry().move(resourcePath, newresourcePath);
                if (!newRoles.equals("#") &&
                        requestContext.getRegistry().getRegistryContext() != null) {
                    try {
                        AuthorizationManager authManager = CurrentSession.getUserRealm().getAuthorizationManager();
                        authManager.clearResourceAuthorizations(newresourcePath);
                        String[] roles = newRoles.split(",");
                        for (String role: roles) {
                            String roleName = role.trim();
                            authManager.authorizeRole(roleName, newresourcePath,
                                    ActionConstants.GET);
                            authManager.authorizeRole(roleName, newresourcePath,
                                    ActionConstants.PUT);
                            authManager.authorizeRole(roleName, newresourcePath,
                                    ActionConstants.DELETE);
                        }
                    } catch (UserStoreException e) {
                        throw new RegistryException("Unable to setup roles for resource.", e);
                    }
View Full Code Here
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
            // Creating the default gadget collection resource
            Collection defaultGadgetCollection = registry.newCollection();

            // Set permission for annonymous read
            AuthorizationManager accessControlAdmin =
                    registry.getUserRealm().getAuthorizationManager();
           
            if (!accessControlAdmin.isUserAuthorized(RegistryConstants.ANONYMOUS_USER,
                                             SYSTEM_GADGETS_PATH, ActionConstants.GET))  {
                accessControlAdmin.authorizeUser(RegistryConstants.ANONYMOUS_USER,
                                             SYSTEM_GADGETS_PATH, ActionConstants.GET);
            }
            try {
                registry.beginTransaction();
                registry.put(SYSTEM_GADGETS_PATH, defaultGadgetCollection);
View Full Code Here
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
                    throw new RegistryException(e.getMessage(), e);
                }
            }

            try {
                AuthorizationManager ac = systemRegistry.getUserRealm().getAuthorizationManager();
                RealmConfiguration realmConfig;
                realmConfig = registryContext.getRealmService().getBootstrapRealmConfiguration();
                String systemUserName = CarbonConstants.REGISTRY_SYSTEM_USERNAME;


                ac.clearResourceAuthorizations("/system");

                ac.authorizeUser(systemUserName, "/system", ActionConstants.GET);
                ac.authorizeUser(systemUserName, "/system", ActionConstants.PUT);
                ac.authorizeUser(systemUserName, "/system", ActionConstants.DELETE);
                ac.authorizeUser(systemUserName, "/system", AccessControlConstants.AUTHORIZE);

                String adminUserName = CarbonConstants.REGISTRY_SYSTEM_USERNAME;

                ac.authorizeUser(adminUserName, "/system", ActionConstants.GET);

                String adminRoleName = realmConfig.getAdminRoleName();
                ac.authorizeRole(adminRoleName, "/system", ActionConstants.GET);

                // any user should be able to execute auto generated queries, though the results
                // of such queries are filtered to match current users permission level.
                String everyoneRoleName = realmConfig.getEveryOneRoleName();
                ac.authorizeRole(everyoneRoleName,
                        "/system/queries/advanced", ActionConstants.GET);

            } catch (UserStoreException e) {
                String msg = "Failed to set permissions for the system collection.";
                log.fatal(msg, e);
View Full Code Here
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
        if (userRealm == null) {
            return;
        }

        try {
            AuthorizationManager accessControlAdmin = userRealm.getAuthorizationManager();
            RealmConfiguration realmConfig;
            try {
                realmConfig = userRealm.getRealmConfiguration();
            } catch (UserStoreException e) {
                String msg = "Failed to retrieve realm configuration.";
                log.error(msg, e);
                throw new RegistryException(msg, e);
            }

            String adminRoleName = realmConfig.getAdminRoleName();
            String everyoneRoleName = realmConfig.getEveryOneRoleName();

            accessControlAdmin.authorizeRole(adminRoleName, rootPath,
                    ActionConstants.GET);
            accessControlAdmin.authorizeRole(adminRoleName, rootPath,
                    ActionConstants.PUT);
            accessControlAdmin.authorizeRole(adminRoleName, rootPath,
                    ActionConstants.DELETE);
            accessControlAdmin.authorizeRole(adminRoleName, rootPath,
                    AccessControlConstants.AUTHORIZE);

            accessControlAdmin.authorizeRole(everyoneRoleName, rootPath,
                    ActionConstants.GET);

        } catch (UserStoreException e) {
            String msg = "Could not set authorizations for the root. \nCaused by: "
                    + e.getMessage();
View Full Code Here
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
        try {
            userStoreManager1 = userRealm1.getUserStoreManager();
        } catch (UserStoreException e) {
            throw new RegistryException("Error in retrieving UserStoreManager.");
        }
        AuthorizationManager authorizationManager1;
        try {
            authorizationManager1 = userRealm1.getAuthorizationManager();
        } catch (UserStoreException e) {
            throw new RegistryException("Error in retrieving AuthorizationManager.");
        }

        // adding some users
        try {
            userStoreManager1.addUser("user1t0", "password", null, null, null);
        } catch (UserStoreException e) {
            throw new RegistryException("Error in adding user user1t0.");
        }
        try {
            userStoreManager1.addUser("user2t0", "password", null, null, null);
        } catch (UserStoreException e) {
            throw new RegistryException("Error in adding user user2t0.");
        }
        try {
            userStoreManager1.addUser("user3t0", "password", null, null, null);
        } catch (UserStoreException e) {
            throw new RegistryException("Error in adding user user3t0.");
        }

        // adding more users we are going to add roles with
        try {
            userStoreManager1.addUser("user4t0", "password", null, null, null);
        } catch (UserStoreException e) {
            throw new RegistryException("Error in adding user user4t0.");
        }
        try {
            userStoreManager1.addUser("user5t0", "password", null, null, null);
        } catch (UserStoreException e) {
            throw new RegistryException("Error in adding user user5t0.");
        }
        try {
            userStoreManager1.addUser("user6t0", "password", null, null, null);
        } catch (UserStoreException e) {
            throw new RegistryException("Error in adding user user6t0.");
        }

        // adding some roles
        try {
            userStoreManager1.addRole("role1t0", null, null);
        } catch (UserStoreException e) {
            throw new RegistryException("Error in adding role role1t0.");
        }
        try {
            userStoreManager1.addRole("role2t0", null, null);
        } catch (UserStoreException e) {
            throw new RegistryException("Error in adding role role2t0.");
        }
        try {
            userStoreManager1.addRole("role3t0", null, null);
        } catch (UserStoreException e) {
            throw new RegistryException("Error in adding role role3t0.");
        }
//
//        // now assign authorizations to first set of users.
//        try {
//            authorizationManager1.authorizeUser("user1t0", "/test2", ActionConstants.PUT);
//        } catch (UserStoreException e) {
//            throw new RegistryException("Error in authorizing user1t0.");
//        }
//        try {
//            authorizationManager1.authorizeUser("user2t0", "/test2", ActionConstants.DELETE);
//        } catch (UserStoreException e) {
//            throw new RegistryException("Error in authorizing user2t0.");
//        }
//        try {
//            authorizationManager1.authorizeUser("user2t0", "/test2", "authorize");
//        } catch (UserStoreException e) {
//            throw new RegistryException("Error in authorizing user3t0.");
//        }

        // then assign roles to the second set of users.
        try {
            userStoreManager1.updateRoleListOfUser("user4t0", null, new String[]{"role1t0"});
        } catch (UserStoreException e) {
            throw new RegistryException("Error in adding user user4t0 to role1t0 role.");
        }
        try {
            userStoreManager1.updateRoleListOfUser("user5t0", null, new String[]{"role2t0"});
        } catch (UserStoreException e) {
            throw new RegistryException("Error in adding user user5t0 to role2t0 role.");
        }
        try {
            userStoreManager1.updateRoleListOfUser("user6t0", null, new String[]{"role3t0"});
        } catch (UserStoreException e) {
            throw new RegistryException("Error in adding user user6t0 to role3t0 role.");
        }

        // now giving authorizations to the role.
        try {
            authorizationManager1.authorizeRole("role1t0", "/test2", ActionConstants.PUT);
        } catch (UserStoreException e) {
            throw new RegistryException("Error in authorizing role1t0.");
        }
        try {
            authorizationManager1.authorizeRole("role2t0", "/test2", ActionConstants.DELETE);
        } catch (UserStoreException e) {
            throw new RegistryException("Error in authorizing role2t0.");
        }
        try {
            authorizationManager1.authorizeRole("role3t0", "/test2", "authorize");
        } catch (UserStoreException e) {
            throw new RegistryException("Error in authorizing role3t0.");
        }

        // secondly we will check the user store from tenant 1 and verify no overlaps with tenant 0
        UserRegistry registry2 =
                embeddedRegistryService.getUserRegistry(realmConfig.getAdminUserName(), 1);

        UserRealm userRealm2 = registry2.getUserRealm();
        UserStoreManager userStoreManager2;
        try {
            userStoreManager2 = userRealm2.getUserStoreManager();
        } catch (UserStoreException e) {
            throw new RegistryException("Error in retrieving UserStoreManager.");
        }
        AuthorizationManager authorizationManager2;
        try {
            authorizationManager2 = userRealm2.getAuthorizationManager();
        } catch (UserStoreException e) {
            throw new RegistryException("Error in retrieving AuthorizationManager.");
        }

        String[] users;
        try {
            users = userStoreManager2.listUsers("*", 10);
        } catch (UserStoreException e) {
            throw new RegistryException("Error in retrieving UserStoreManager.");
        }
        // check the existence of the user
        assertFalse("UserStore for tenant1 should not have user1t0",
                Arrays.binarySearch(users, "user1t0") >= 0);
        assertFalse("UserStore for tenant1 should not have user2t0",
                Arrays.binarySearch(users, "user2t0") >= 0);
        assertFalse("UserStore for tenant1 should not have user3t0",
                Arrays.binarySearch(users, "user3t0") >= 0);
        assertFalse("UserStore for tenant1 should not have user4t0",
                Arrays.binarySearch(users, "user4t0") >= 0);
        assertFalse("UserStore for tenant1 should not have user5t0",
                Arrays.binarySearch(users, "user5t0") >= 0);
        assertFalse("UserStore for tenant1 should not have user6t0",
                Arrays.binarySearch(users, "user6t0") >= 0);

        // check the existence of the role
        assertFalse("UserStore for tenant1 should not have role1t0",
                Arrays.binarySearch(users, "role1t0") >= 0);
        assertFalse("UserStore for tenant1 should not have role2t0",
                Arrays.binarySearch(users, "role2t0") >= 0);
        assertFalse("UserStore for tenant1 should not have role3t0",
                Arrays.binarySearch(users, "role3t0") >= 0);

        // check the user authorizations
        assertFalse("UserStore for tenant1 should not have user1t0",
                Arrays.binarySearch(users, "user1t0") >= 0);
        assertFalse("UserStore for tenant1 should not have user2t0",
                Arrays.binarySearch(users, "user2t0") >= 0);
        assertFalse("UserStore for tenant1 should not have user3t0",
                Arrays.binarySearch(users, "user3t0") >= 0);

        // check the authorization of the users.
        try {
            assertFalse("UserStore for tenant1 should not have authorizations for user1t0",
                    authorizationManager2
                            .isUserAuthorized("user1t0", "/test2", ActionConstants.PUT));
            assertFalse("UserStore for tenant1 should not have authorizations for user2t0",
                    authorizationManager2
                            .isUserAuthorized("user2t0", "/test2", ActionConstants.DELETE));
            assertFalse("UserStore for tenant1 should not have authorizations for user3t0",
                    authorizationManager2.isUserAuthorized("user3t0", "/test2", "authorize"));
        } catch (UserStoreException e) {
            throw new RegistryException("Error in checking authorizations.");
        }

        // check the user is added to the role
View Full Code Here
507
508
509
510
511
512
513
514
515
516
517
518
519
520
                String msg = "UI permissions of Admin is not allowed to change";
                log.error(msg);
                throw new UserAdminException(msg);
            }
            String[] optimizedList = UserCoreUtil.optimizePermissions(rawResources);
            AuthorizationManager authMan = realm.getAuthorizationManager();
            authMan.clearRoleActionOnAllResources(roleName, UserMgtConstants.EXECUTE_ACTION);
            for (String path : optimizedList) {
                authMan.authorizeRole(roleName, path, UserMgtConstants.EXECUTE_ACTION);
            }
        } catch (UserStoreException e) {
            log.error(e.getMessage(), e);
            throw new UserAdminException(e.getMessage(), e);
        }
View Full Code Here
41
42
43
44
45
46
47
48
49
50
51
52
53
54
    public static void updateRoleUIPermission(String roleName, String[] rawPermissions)
            throws UserAdminException {
        try {
            String[] optimizedList = UserCoreUtil.optimizePermissions(rawPermissions);
            UserRealm realm = AdminServicesUtil.getUserRealm();
            AuthorizationManager authMan = realm.getAuthorizationManager();
            authMan.clearRoleActionOnAllResources(roleName, UserMgtConstants.EXECUTE_ACTION);
            for (String path : optimizedList) {
                authMan.authorizeRole(roleName, path, UserMgtConstants.EXECUTE_ACTION);
            }
        } catch (UserStoreException e) {
            // not logging already logged
            throw new UserAdminException(e.getMessage(), e);
        } catch (CarbonException e) {
View Full Code Here
81
82
83
84
85
86
87
88
89
90
91
92
93
94
            // realm is taken from the registry rather than realm service to fix
            // chrooted issues
            UserRealm realm = registry.getUserRealm();
            String adminRole = realm.getRealmConfiguration().getAdminRoleName();
            AuthorizationManager authMan = realm.getAuthorizationManager();
            if (!authMan.isRoleAuthorized(adminRole, CarbonConstants.UI_PERMISSION_COLLECTION,
                    UserMgtConstants.EXECUTE_ACTION)) {
                authMan.authorizeRole(adminRole, CarbonConstants.UI_PERMISSION_COLLECTION,
                        UserMgtConstants.EXECUTE_ACTION);
            }
        } catch (Exception e) {
            log.error("While adding management permission :: " + e.getMessage(), e);
            throw new Exception("While adding management permission :: " + e.getMessage(), e);
View Full Code Here
TOP

Related Classes of org.wso2.carbon.user.core.AuthorizationManager

  • com.hazelcast.config.Config
  • com.hazelcast.config.GroupConfig
  • com.hazelcast.config.NetworkConfig
  • com.icegreen.greenmail.util.GreenMail
  • org.apache.axiom.om.OMElement
  • org.apache.axis2.client.Options
  • org.apache.axis2.client.ServiceClient
  • org.apache.axis2.clustering.ClusteringFault
  • org.apache.axis2.description.Parameter
  • org.apache.commons.collections.bidimap.TreeBidiMap
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.