Examples of org.wso2.carbon.user.core.AuthorizationManager

org.wso2.carbon.user.core.AuthorizationManager

            String userName = userRegistry.getUserName();
            versionsBean.setLoggedIn(!RegistryConstants.ANONYMOUS_USER.equals(userName));


            ResourcePath resourcePath = new ResourcePath(path);
            try {
                AuthorizationManager authorizer = userRegistry.getUserRealm().getAuthorizationManager();
                boolean putAllowed = authorizer.
                        isUserAuthorized(userName, resourcePath.getPath(), ActionConstants.PUT);
                versionsBean.setPutAllowed(putAllowed);


            } catch (UserStoreException e) {

View Full Code Here

    private static PermissionEntry[] getUserPermissions(UserRealm userRealm, String path)
            throws UserStoreException {


        Map <String, PermissionEntry> userPermissionMap = new HashMap <String, PermissionEntry>();


        AuthorizationManager authorizer = userRealm.getAuthorizationManager();


        RealmConfiguration realmConfig = userRealm.getRealmConfiguration();
        String systemUserName = CarbonConstants.REGISTRY_SYSTEM_USERNAME;
        String adminUserName = realmConfig.getAdminUserName();
        String[] raUsers = authorizer.getExplicitlyAllowedUsersForResource(path, ActionConstants.GET);
        for (String raUser : raUsers) {
            if (raUser.equals(systemUserName) || raUser.equals(adminUserName)) {
                continue;
            }
            if (userPermissionMap.containsKey(raUser)) {
                PermissionEntry permission = userPermissionMap.get(raUser);
                permission.setReadAllow(true);
            } else {
                PermissionEntry permission = new PermissionEntry();
                permission.setUserName(raUser);
                permission.setReadAllow(true);
                userPermissionMap.put(raUser, permission);
            }
        }


        String[] rdUsers = authorizer.getExplicitlyDeniedUsersForResource(path, ActionConstants.GET);
        for (String rdUser : rdUsers) {
            if (rdUser.equals(systemUserName) || rdUser.equals(adminUserName)) {
                continue;
            }
            if (userPermissionMap.containsKey(rdUser)) {
                PermissionEntry permission = userPermissionMap.get(rdUser);
                permission.setReadDeny(true);
            } else {
                PermissionEntry permission = new PermissionEntry();
                permission.setUserName(rdUser);
                permission.setReadDeny(true);
                userPermissionMap.put(rdUser, permission);
            }
        }


        String[] waUsers = authorizer.getExplicitlyAllowedUsersForResource(path, ActionConstants.PUT);
        for (String waUser : waUsers) {
            if (waUser.equals(systemUserName) || waUser.equals(adminUserName)) {
                continue;
            }
            if (userPermissionMap.containsKey(waUser)) {
                PermissionEntry permission = userPermissionMap.get(waUser);
                permission.setWriteAllow(true);
            } else {
                PermissionEntry permission = new PermissionEntry();
                permission.setUserName(waUser);
                permission.setWriteAllow(true);
                userPermissionMap.put(waUser, permission);
            }
        }
        
        String[] wdUsers = authorizer.getExplicitlyDeniedUsersForResource(path, ActionConstants.PUT);
        for (String wdUser : wdUsers) {
            if (wdUser.equals(systemUserName) || wdUser.equals(adminUserName)) {
                continue;
            }
            if (userPermissionMap.containsKey(wdUser)) {
                PermissionEntry permission = userPermissionMap.get(wdUser);
                permission.setWriteDeny(true);
            } else {
                PermissionEntry permission = new PermissionEntry();
                permission.setUserName(wdUser);
                permission.setWriteDeny(true);
                userPermissionMap.put(wdUser, permission);
            }
        }


        String[] daUsers = authorizer.getExplicitlyAllowedUsersForResource(path, ActionConstants.DELETE);
        for (String daUser : daUsers) {
            if (daUser.equals(systemUserName) || daUser.equals(adminUserName)) {
                continue;
            }
            if (userPermissionMap.containsKey(daUser)) {
                PermissionEntry permission = userPermissionMap.get(daUser);
                permission.setDeleteAllow(true);
            } else {
                PermissionEntry permission = new PermissionEntry();
                permission.setUserName(daUser);
                permission.setDeleteAllow(true);
                userPermissionMap.put(daUser, permission);
            }
        }


        String[] ddUsers = authorizer.getExplicitlyDeniedUsersForResource(path, ActionConstants.DELETE);
        for (String ddUser : ddUsers) {
            if (ddUser.equals(systemUserName) || ddUser.equals(adminUserName)) {
                continue;
            }
            if (userPermissionMap.containsKey(ddUser)) {
                PermissionEntry permission = userPermissionMap.get(ddUser);
                permission.setDeleteDeny(true);
            } else {
                PermissionEntry permission = new PermissionEntry();
                permission.setUserName(ddUser);
                permission.setDeleteDeny(true);
                userPermissionMap.put(ddUser, permission);
            }
        }




        String[] aaUsers = authorizer.
                getExplicitlyAllowedUsersForResource(path, AccessControlConstants.AUTHORIZE);
        for (String aaUser : aaUsers) {
            if (aaUser.equals(systemUserName) || aaUser.equals(adminUserName)) {
                continue;
            }
            if (userPermissionMap.containsKey(aaUser)) {
                PermissionEntry permission = userPermissionMap.get(aaUser);
                permission.setAuthorizeAllow(true);
            } else {
                PermissionEntry permission = new PermissionEntry();
                permission.setUserName(aaUser);
                permission.setAuthorizeAllow(true);
                userPermissionMap.put(aaUser, permission);
            }
        }
        String[] adUsers = authorizer.
                getExplicitlyDeniedUsersForResource(path, AccessControlConstants.AUTHORIZE);
        for (String adUser : adUsers) {
            if (adUser.equals(systemUserName) || adUser.equals(adminUserName)) {
                continue;
            }

View Full Code Here

    private static PermissionEntry[] getRolePermissions(UserRealm userRealm, String path)
            throws UserStoreException {


        Map <String, PermissionEntry> rolePermissionMap = new HashMap <String, PermissionEntry> ();


        AuthorizationManager authorizer = userRealm.getAuthorizationManager();
        RealmConfiguration realmConfig = userRealm.getRealmConfiguration();
        String adminRoleName = realmConfig.getAdminRoleName();


        String[] raRoles = authorizer.getAllowedRolesForResource(path, ActionConstants.GET);
        for (String raRole : raRoles) {
            if (raRole.equals(adminRoleName)) {
                continue;
            }
            if (rolePermissionMap.containsKey(raRole)) {
                PermissionEntry permission = rolePermissionMap.get(raRole);
                permission.setReadAllow(true);
            } else {
                PermissionEntry permission = new PermissionEntry();
                permission.setUserName(raRole);
                permission.setReadAllow(true);
                rolePermissionMap.put(raRole, permission);
            }
        }


        String[] rdRoles = authorizer.getDeniedRolesForResource(path, ActionConstants.GET);
        for (String rdRole : rdRoles) {
            if (rolePermissionMap.containsKey(rdRole)) {
                PermissionEntry permission = rolePermissionMap.get(rdRole);
                permission.setReadDeny(true);
            } else {
                PermissionEntry permission = new PermissionEntry();
                permission.setUserName(rdRole);
                permission.setReadDeny(true);
                rolePermissionMap.put(rdRole, permission);
            }
        }




        String[] waRoles = authorizer.getAllowedRolesForResource(path, ActionConstants.PUT);
        for (String waRole : waRoles) {
            if (waRole.equals(adminRoleName)) {
                continue;
            }
            if (rolePermissionMap.containsKey(waRole)) {
                PermissionEntry permission = rolePermissionMap.get(waRole);
                permission.setWriteAllow(true);
            } else {
                PermissionEntry permission = new PermissionEntry();
                permission.setUserName(waRole);
                permission.setWriteAllow(true);
                rolePermissionMap.put(waRole, permission);
            }
        }


        String[] wdRoles = authorizer.getDeniedRolesForResource(path, ActionConstants.PUT);
        for (String wdRole : wdRoles) {
            if (rolePermissionMap.containsKey(wdRole)) {
                PermissionEntry permission = rolePermissionMap.get(wdRole);
                permission.setWriteDeny(true);
            } else {
                PermissionEntry permission = new PermissionEntry();
                permission.setUserName(wdRole);
                permission.setWriteDeny(true);
                rolePermissionMap.put(wdRole, permission);
            }
        }
        
        String[] daRoles = authorizer.getAllowedRolesForResource(path, ActionConstants.DELETE);
        for (String daRole : daRoles) {
            if (daRole.equals(adminRoleName)) {
                continue;
            }
            if (rolePermissionMap.containsKey(daRole)) {
                PermissionEntry permission = rolePermissionMap.get(daRole);
                permission.setDeleteAllow(true);
            } else {
                PermissionEntry permission = new PermissionEntry();
                permission.setUserName(daRole);
                permission.setDeleteAllow(true);
                rolePermissionMap.put(daRole, permission);
            }
        }
        
        String[] ddRoles = authorizer.getDeniedRolesForResource(path, ActionConstants.DELETE);
        for (String ddRole : ddRoles) {
            if (rolePermissionMap.containsKey(ddRole)) {
                PermissionEntry permission = rolePermissionMap.get(ddRole);
                permission.setDeleteDeny(true);
            } else {
                PermissionEntry permission = new PermissionEntry();
                permission.setUserName(ddRole);
                permission.setDeleteDeny(true);
                rolePermissionMap.put(ddRole, permission);
            }
        }




        String[] aaRoles = authorizer.
                getAllowedRolesForResource(path, AccessControlConstants.AUTHORIZE);
        for (String aaRole : aaRoles) {
            if (aaRole.equals(adminRoleName)) {
                continue;
            }
            if (rolePermissionMap.containsKey(aaRole)) {
                PermissionEntry permission = rolePermissionMap.get(aaRole);
                permission.setAuthorizeAllow(true);
            } else {
                PermissionEntry permission = new PermissionEntry();
                permission.setUserName(aaRole);
                permission.setAuthorizeAllow(true);
                rolePermissionMap.put(aaRole, permission);
            }
        }
        
        String[] adRoles = authorizer.
                getDeniedRolesForResource(path, AccessControlConstants.AUTHORIZE);
        for (String adRole : adRoles) {
            if (rolePermissionMap.containsKey(adRole)) {
                PermissionEntry permission = rolePermissionMap.get(adRole);
                permission.setAuthorizeDeny(true);

View Full Code Here

        try {
            UserRealm realm =
                              (UserRealm) TenantMgtCoreServiceComponent.getRealmService().
                                                                        getTenantUserRealm(tenantId);
            String adminRole = realm.getRealmConfiguration().getAdminRoleName();
            AuthorizationManager authMan = realm.getAuthorizationManager();
            // Authorize the admin role, if not authorized yet.
            if (!authMan.isRoleAuthorized(adminRole,
                                          CarbonConstants.UI_ADMIN_PERMISSION_COLLECTION,
                                          UserMgtConstants.EXECUTE_ACTION)) {
                authMan.authorizeRole(adminRole, CarbonConstants.UI_ADMIN_PERMISSION_COLLECTION,
                                      UserMgtConstants.EXECUTE_ACTION);
            }
        } catch (UserStoreException e) {
            String msg = "Error in authorizing the admin role.";
            log.error(msg, e);

View Full Code Here

        if (userRealm == null) {
            return;
        }


        try {
            AuthorizationManager accessControlAdmin = userRealm.getAuthorizationManager();
            String everyoneRole = CarbonConstants.REGISTRY_ANONNYMOUS_ROLE_NAME;


            accessControlAdmin.authorizeRole(everyoneRole, path, ActionConstants.GET);
            accessControlAdmin.denyRole(everyoneRole, path, ActionConstants.PUT);
            accessControlAdmin.denyRole(everyoneRole, path, ActionConstants.DELETE);
            accessControlAdmin.denyRole(everyoneRole, path, AccessControlConstants.AUTHORIZE);


        } catch (UserStoreException e) {
            String msg = "Could not set authorizations for the " + path + ".";
            log.error(msg, e);
            throw new RegistryException(msg);

View Full Code Here

        if (userRealm == null) {
            return;
        }


        try {
            AuthorizationManager accessControlAdmin = userRealm.getAuthorizationManager();
            RealmConfiguration realmConfig;
            try {
                realmConfig = userRealm.getRealmConfiguration();
            } catch (UserStoreException e) {
                String msg = "Failed to retrieve realm configuration.";
                log.error(msg, e);
                throw new RegistryException(msg, e);
            }


            String everyoneRole = realmConfig.getEveryOneRoleName();


            accessControlAdmin.denyRole(everyoneRole, path, ActionConstants.GET);
            accessControlAdmin.denyRole(everyoneRole, path, ActionConstants.PUT);
            accessControlAdmin.denyRole(everyoneRole, path, ActionConstants.DELETE);
            accessControlAdmin.denyRole(everyoneRole, path, AccessControlConstants.AUTHORIZE);


        } catch (UserStoreException e) {
            String msg = "Could not clear authorizations for the " + path + ".";
            log.error(msg, e);
            throw new RegistryException(msg);

View Full Code Here

            Permission[] permisions = new Permission[] { new Permission("high security", "read")};
            userStoreManager.addRole("tracker_role", new String[] {"tracker"}, permisions);
        }
        userStoreManager.updateCredentialByAdmin("tracker", "tracker123");
        // do some authorizations
        AuthorizationManager authManager = realm.getAuthorizationManager();
        authManager.authorizeRole("tracker_role", "tracker_obj", "read");
    }

View Full Code Here

            versionPath = path.getPath();
        }
        bean.setPathWithVersion(versionPath);


        String userName = registry.getUserName();
        AuthorizationManager authorizer = registry.getUserRealm().getAuthorizationManager();
        boolean putAllowed = authorizer.
                isUserAuthorized(userName, path.getPath(), ActionConstants.PUT);
        bean.setPutAllowed(putAllowed);


        return bean;
    }

View Full Code Here

            broker.getSubscriptionManager().deleteSecureTopic(topicName);
            
//            UserRegistry systemRegistry = EventBrokerServiceComponent.getConfigurationRegistry();
//            
            UserRealm userRealm = AdminServicesUtil.getUserRealm();
            AuthorizationManager authorizationManager = userRealm.getAuthorizationManager();
//            
//            //make sure storage location is available
//            if(!systemRegistry.resourceExists(SECURE_TOPIC_STORAGE)){
//                Resource resource = systemRegistry.newCollection();
//                systemRegistry.put(SECURE_TOPIC_STORAGE, resource);
//            }
//            
//            String topicPath = getSecureTopicRegistryPath(topicName);
//            if(systemRegistry.resourceExists(topicPath)){
//                Resource resource = systemRegistry.get(topicPath);
//                String owner = resource.getProperty(TOPIC_OWNER);
//                if(!owner.equals(getLoggedInUserName())){
//                    throw new AxisFault("Permission denied " +getLoggedInUserName() + " cannot access "+ topicName);
//                }
                
                String permissionPath = getSecureTopicPermissionPath(topicName);
                //now we remove permissions associated with the topic
                String[] allowedUsersForResource = authorizationManager.getExplicitlyAllowedUsersForResource(permissionPath, AUTH_WRITE_ACTION);
                String[] allowedRolesForResource = authorizationManager.getAllowedRolesForResource(permissionPath, AUTH_WRITE_ACTION);
                revokeATopic(topicName, allowedUsersForResource, allowedRolesForResource);
//                systemRegistry.delete(topicPath);
//            }else{
//                throw new AxisFault("A secure topic "+ topicPath + " does not exists");
//            }

View Full Code Here

            }


            
            UserRealm userRealm = AdminServicesUtil.getUserRealm();
            //UserRealm userRealm = getUserRegistry().getUserRealm();
            AuthorizationManager authorizationManager = userRealm
                    .getAuthorizationManager();


            String path = getSecureTopicPermissionPath(topicName);
            if (accessibleUsers != null) {
                for (String accessibleUser : accessibleUsers) {
                    authorizationManager.authorizeUser(accessibleUser,path, AUTH_WRITE_ACTION);
                    System.out.println("authorize "+ accessibleUser + " for "+ path);
                }
            }


            if (acessibleRoles != null) {
                for (String acessibleRole : acessibleRoles) {
                    authorizationManager.authorizeRole(acessibleRole,
                            path, AUTH_WRITE_ACTION);
                }
            }
            log.info("share the topic "+topicName + " with "+ Arrays.toString(accessibleUsers) + ((acessibleRoles != null)?acessibleRoles:""));
            return "Sucess";

View Full Code Here

0 1 2 3 4 5 6 7 8 9

TOP

Related Classes of org.wso2.carbon.user.core.AuthorizationManager

com.hazelcast.config.Config

com.hazelcast.config.GroupConfig

com.hazelcast.config.NetworkConfig

com.icegreen.greenmail.util.GreenMail

org.apache.axiom.om.OMElement

org.apache.axis2.client.Options

org.apache.axis2.client.ServiceClient

org.apache.axis2.clustering.ClusteringFault

org.apache.axis2.description.Parameter

org.apache.commons.collections.bidimap.TreeBidiMap

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.