Package org.wso2.carbon.user.core

Examples of org.wso2.carbon.user.core.AuthorizationManager


                throw new AxisFault("Permission denied " +getLoggedInUserName() + " cannot access "+ topicName);
            }
           
            //UserRealm userRealm = getUserRegistry().getUserRealm();
            UserRealm userRealm = AdminServicesUtil.getUserRealm();
            AuthorizationManager authorizationManager = userRealm
                    .getAuthorizationManager();
           
            String resourceName = getSecureTopicPermissionPath(topicName);
           
            if (accessibleUsers != null) {
                for (String accessibleUser : accessibleUsers) {
                    if(!isSystemDefinedUser(accessibleUser)){
                        authorizationManager.clearUserAuthorization(accessibleUser,resourceName, AUTH_WRITE_ACTION);   
                    }
                }
            }

            if (acessibleRoles != null) {
                for (String acessibleRole : acessibleRoles) {
                    if(!isSystemAllowedRole(acessibleRole)){
                        authorizationManager.clearRoleAuthorization(acessibleRole,resourceName, AUTH_WRITE_ACTION);   
                    }
                }
            }
            return "Sucess";
        } catch (CarbonException e) {
View Full Code Here


    public static void changeRolePermissions(UserRegistry userRegistry,
                                             String resourcePath, String permissionString)
            throws Exception {

        AuthorizationManager accessControlAdmin ;
        UserRealm realm;
        try {
            realm = userRegistry.getUserRealm();
            accessControlAdmin = realm.getAuthorizationManager();

        } catch (Exception e) {
            String msg = "Couldn't get access control admin for changing authorizations. Caused by: " + e.getMessage();
            log.error(msg, e);
            throw new RegistryException(msg, e);
        }

        try {

            String[] rolePermissions = permissionString.split("\\|");

            for (int i = 0; i < rolePermissions.length; i++) {

                String notificationResponse = "The following changes have been made.";
                if (rolePermissions[i].trim().length() == 0) {
                    continue;
                }

                String[] permissions = rolePermissions[i].split(":");
                String permRole = permissions[0];

                RealmConfiguration realmConfig = realm.getRealmConfiguration();
                if (!permRole.equals(realmConfig.getAdminRoleName())) {
                    accessControlAdmin.clearRoleAuthorization(permRole, resourcePath, ActionConstants.GET);
                    accessControlAdmin.clearRoleAuthorization(permRole, resourcePath, ActionConstants.PUT);
                    accessControlAdmin.clearRoleAuthorization(permRole, resourcePath, ActionConstants.DELETE);
                    accessControlAdmin.clearRoleAuthorization(permRole, resourcePath, AccessControlConstants.AUTHORIZE);
                }

                for (int j = 1; j < permissions.length; j++) {
                    String[] permission = permissions[j].split("\\^");

                    String action = permission[0];
                    String checked = permission[1];

                    if (action.equals("ra")) {
                        if (checked.equals("true")) {
                            accessControlAdmin.authorizeRole(permRole, resourcePath, ActionConstants.GET);
                            notificationResponse += " READ: Allowed.";
                        }
                    } else if (action.equals("rd")) {
                        if (checked.equals("true")) {
                            accessControlAdmin.denyRole(permRole, resourcePath, ActionConstants.GET);
                            notificationResponse += " READ: Denied.";
                        }
                    } else if (action.equals("wa")) {
                        if (checked.equals("true")) {
                            accessControlAdmin.authorizeRole(permRole, resourcePath, ActionConstants.PUT);
                            notificationResponse += " WRITE: Allowed.";
                        }
                    } else if (action.equals("wd")) {
                        if (checked.equals("true")) {
                            accessControlAdmin.denyRole(permRole, resourcePath, ActionConstants.PUT);
                            notificationResponse += " WRITE: Denied.";
                        }
                    } else if (action.equals("da")) {
                        if (checked.equals("true")) {
                            accessControlAdmin.authorizeRole(permRole, resourcePath, ActionConstants.DELETE);
                            notificationResponse += " DELETE: Allowed.";
                        }
                    } else if (action.equals("dd")) {
                        if (checked.equals("true")) {
                            accessControlAdmin.denyRole(permRole, resourcePath, ActionConstants.DELETE);
                            notificationResponse += " DELETE: Denied.";
                        }
                    } else if (action.equals("aa")) {
                        if (checked.equals("true")) {
                            accessControlAdmin.authorizeRole(permRole, resourcePath, AccessControlConstants.AUTHORIZE);
                            notificationResponse += " AUTHORIZE: Allowed.";
                        }
                    } else if (action.equals("ad")) {
                        if (checked.equals("true")) {
                            accessControlAdmin.denyRole(permRole, resourcePath, AccessControlConstants.AUTHORIZE);
                            notificationResponse += " AUTHORIZE: Denied.";
                        }
                    }
                }
View Full Code Here

            // Creating the default gadget collection resource
            Collection defaultGadgetCollection = registry.newCollection();

            // Set permission for annonymous read
            AuthorizationManager authorizationManager =
                    ThemePopulatorContext.getUserRealm().getAuthorizationManager();
            authorizationManager.authorizeRole(CarbonConstants.REGISTRY_ANONNYMOUS_ROLE_NAME, RegistryConstants.CONFIG_REGISTRY_BASE_PATH +
                    SYSTEM_DEFAULT_THEMES_PATH, ActionConstants.GET);

            /*authorizationManager.authorizeRole(RegistryConstants.GUESTS_ROLE,
                                             SYSTEM_GADGETS_PATH, ActionConstants.GET);*/

 
View Full Code Here

           }

       }

    public void doAuthorizationStuff() throws Exception {
        AuthorizationManager authMan = realm.getAuthorizationManager();
        UserStoreManager usWriter = realm.getUserStoreManager();

        usWriter.addRole("rolex", new String[] { "saman", "amara" }, null);
        usWriter.addRole("roley", null, null);
        authMan.authorizeRole("rolex", "wall", "write");
        authMan.authorizeRole("roley", "table", "write");
       
        try {
          authMan.authorizeRole(null, "wall", "write");
          fail("Exception at authorizing a role with Null role");
        } catch (Exception e) {
          // exptected error in negative testing
        }
        try {
          authMan.authorizeRole("rollee", null, "write");
          fail("Exception at authorizing a role with Null resourceID");
        } catch (Exception e) {
          // exptected error in negative testing
        }
        try {
          authMan.authorizeRole("rollee","wall",null);
          fail("Exception at authorizing a role with Null action");
        } catch (Exception e) {
          // exptected error in negative testing
        }
        try {
          authMan.authorizeRole("rolleex","wall","run");
          fail("Exception at authorizing a role with Invalid action");
        } catch (Exception e) {
          // exptected error in negative testing
        }

        //***authorize user
        authMan.authorizeUser("sunil", "wall", "read");
        try {
          authMan.authorizeUser(null, "wall", "read");
          fail("Exception at authorizing a user with Null name");
        } catch (Exception e) {
          // exptected error in negative testing
        }
        try {
          authMan.authorizeUser("isuru", null, "read");
          fail("Exception at authorizing a user with Null resourceID");
        } catch (Exception e) {
          // exptected error in negative testing
        }
        try {
          authMan.authorizeUser("isuru","wall",null);
          fail("Exception at authorizing a user with Null action");
        } catch (Exception e) {
          // exptected error in negative testing
        }
        try {
          authMan.authorizeUser("isuru","wall","run");
          fail("Exception at authorizing a user with Invalid action");
        } catch (Exception e) {
          // exptected error in negative testing
        }
       
        assertTrue(authMan.isUserAuthorized("saman", "wall", "write"));
        assertTrue(authMan.isUserAuthorized("sunil", "wall", "read"));
        assertTrue(authMan.isRoleAuthorized("roley", "table", "write"));
        assertFalse(authMan.isRoleAuthorized("roley", "chair", "write"));
        assertFalse(authMan.isUserAuthorized("saman", "wall", "read"));
        assertFalse(authMan.isUserAuthorized("sunil", "wall", "write"));
        assertFalse(authMan.isUserAuthorized("isuru", "wall", "write"));
        try {
          boolean b=authMan.isUserAuthorized("isuru", "wall", "run");
          fail("Exception at check authorization of a user with Invalid action");
        } catch (Exception e) {
          // exptected error in negative testing
        }

        String[] AllowedRolesForResource = authMan.getAllowedRolesForResource("wall", "write");
        assertEquals(1, AllowedRolesForResource.length);
        //assertEquals(2,authMan.getAllowedUsersForResource("wall", "write").length);
        //String[] AllowedUsersForResource = authMan.getAllowedUsersForResource("wall", "read");
        //assertEquals(1, AllowedUsersForResource.length);

        authMan.clearUserAuthorization("sunil", "wall", "read");
        try{
            authMan.clearUserAuthorization("isuru", "wall", "run");
            fail("Exception at clear user authorization");
        }catch(Exception e){

        }
        try{
            authMan.clearUserAuthorization(null, "wall", "run");
            fail("Exception at clear user authorization");
        }catch(Exception e){

        }
        try{
            authMan.clearUserAuthorization("isuru", null, "run");
            fail("Exception at clear user authorization");
        }catch(Exception e){

        }
        try{
            authMan.clearUserAuthorization("isuru","wall", null);
            fail("Exception at clear user authorization");
        }catch(Exception e){

        }

        authMan.clearRoleAuthorization("roley", "table", "write");
         try{
            authMan.clearRoleAuthorization(null, "table", "write");
            fail("Exception at clear role authorization");
        }catch(Exception e){

        }
        try{
            authMan.clearRoleAuthorization("roleee", null, "write");
            fail("Exception at clear role authorization");
        }catch(Exception e){

        }
        try{
            authMan.clearRoleAuthorization("roleee", "table", null);
            fail("Exception at clear role authorization");
        }catch(Exception e){

        }
       
        authMan.clearResourceAuthorizations("wall");
        try{
            authMan.clearResourceAuthorizations(null);
            fail("Exception at clear Resource Authorizations");
        }catch(Exception e){

        }

        assertFalse(authMan.isUserAuthorized("saman", "wall", "write"));
        assertFalse(authMan.isUserAuthorized("sunil", "wall", "read"));
        assertFalse(authMan.isRoleAuthorized("roley", "table", "write"));
    }
View Full Code Here

            throw e;
        }
    }

    private List<String> getUserPermissions(String username, UserRealm realm) throws Exception {
        AuthorizationManager authManager = realm.getAuthorizationManager();
        String[] permissions = authManager.getAllowedUIResourcesForUser(username, RegistryUtils
                .getUnChrootedPath("/"));
        List<String> userPermissions = Arrays.asList(permissions);
        return userPermissions;
    }
View Full Code Here

    public static void update(int tenantId) {
        try {
            initializeRegistry(tenantId);
            RegistryService registryService = dataHolder.getRegistryService();
            AuthorizationManager authzManager = getAuthzManager(tenantId, registryService);
            if (authzManager instanceof JDBCAuthorizationManager) {
                if (log.isDebugEnabled()) {
                    log.debug("Updating  permission cache for tenant: " + tenantId);
                }
                ((JDBCAuthorizationManager) authzManager).populatePermissionTreeFromDB();
View Full Code Here

    }

    private static AuthorizationManager getAuthzManager(int tenantId,
                                                        RegistryService registryService)
            throws UserStoreException, RegistryException {
        AuthorizationManager authznManager =
                ((RegistryRealm) registryService.getUserRealm(tenantId)).
                        getRealm().getAuthorizationManager();
        return authznManager;
    }
View Full Code Here

    }

    public static void remove(int tenantId) {
        try {
            RegistryService registryService = dataHolder.getRegistryService();
            AuthorizationManager authzManager = getAuthzManager(tenantId, registryService);
            if (authzManager instanceof JDBCAuthorizationManager) {
                if (log.isDebugEnabled()) {
                    log.debug("Updating  permission cache for tenant: " + tenantId);
                }
                ((JDBCAuthorizationManager) authzManager).clearPermissionTree();
View Full Code Here

        //wrong users - must pass because we don't know the external users.
        admin.updateUserListOfRole("role2", null, new String[] { "d" });
    }

    public void doAuthorizationStuff() throws Exception {
        AuthorizationManager authMan = realm.getAuthorizationManager();
        UserStoreManager usWriter = realm.getUserStoreManager();

        usWriter.addRole("rolex", new String[] { "saman", "amara" }, null);
        usWriter.addRole("roley", null, null);
        authMan.authorizeRole("rolex", "wall", "write");
        authMan.authorizeRole("roley", "table", "write");
        authMan.authorizeUser("sunil", "wall", "read");

        assertTrue(authMan.isUserAuthorized("saman", "wall", "write"));
        assertTrue(authMan.isUserAuthorized("sunil", "wall", "read"));
        assertTrue(authMan.isRoleAuthorized("roley", "table", "write"));
        assertFalse(authMan.isUserAuthorized("saman", "wall", "read"));
        assertFalse(authMan.isUserAuthorized("sunil", "wall", "write"));

        authMan.clearUserAuthorization("sunil", "wall", "read");
        authMan.clearRoleAuthorization("roley", "table", "write");
        authMan.clearResourceAuthorizations("wall");

        assertFalse(authMan.isUserAuthorized("saman", "wall", "write"));
        assertFalse(authMan.isUserAuthorized("sunil", "wall", "read"));
        assertFalse(authMan.isRoleAuthorized("roley", "table", "write"));
    }
View Full Code Here

        }

    }

    public void doAuthorizationStuff() throws Exception {
        AuthorizationManager authMan = realm.getAuthorizationManager();
        UserStoreManager usWriter = realm.getUserStoreManager();

        usWriter.addRole("rolex", new String[] { "saman", "amara" }, null);
        usWriter.addRole("roley", null, null);
        authMan.authorizeRole("rolex", "wall", "write");
        authMan.authorizeRole("roley", "table", "write");
        authMan.authorizeUser("sunil", "wall", "read");

        assertTrue(authMan.isUserAuthorized("saman", "wall", "write"));
        assertTrue(authMan.isUserAuthorized("sunil", "wall", "read"));
        assertTrue(authMan.isRoleAuthorized("roley", "table", "write"));
        assertFalse(authMan.isUserAuthorized("saman", "wall", "read"));
        assertFalse(authMan.isUserAuthorized("sunil", "wall", "write"));
        assertEquals(1, authMan.getAllowedRolesForResource("wall", "write").length);
        assertEquals(1, authMan.getExplicitlyAllowedUsersForResource("wall", "read").length);

        authMan.denyRole("rolex", "wall", "write");
        assertFalse(authMan.isRoleAuthorized("rolex", "wall", "write"));

        authMan.denyUser("saman", "wall", "read");
        assertFalse(authMan.isUserAuthorized("saman", "wall", "read"));

        assertEquals(1, authMan.getDeniedRolesForResource("wall", "write").length);
        assertEquals(1, authMan.getExplicitlyDeniedUsersForResource("wall", "read").length);

        authMan.clearUserAuthorization("sunil", "wall", "read");
        authMan.clearRoleAuthorization("roley", "table", "write");
        authMan.clearResourceAuthorizations("wall");

        assertFalse(authMan.isUserAuthorized("saman", "wall", "write"));
        assertFalse(authMan.isUserAuthorized("sunil", "wall", "read"));
        assertFalse(authMan.isRoleAuthorized("roley", "table", "write"));
    }
View Full Code Here

TOP

Related Classes of org.wso2.carbon.user.core.AuthorizationManager

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.