SecurityPersistenceUtils.java

/*
 * Copyright (c) 2010, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
 *
 * WSO2 Inc. licenses this file to you under the Apache License,
 * Version 2.0 (the "License"); you may not use this file except
 * in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */

package org.wso2.carbon.security.util;

import org.apache.axiom.om.OMAttribute;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.core.Resources;
import org.wso2.carbon.core.persistence.PersistenceDataNotFoundException;
import org.wso2.carbon.core.persistence.PersistenceUtils;
import org.wso2.carbon.core.persistence.file.ServiceGroupFilePersistenceManager;
import org.wso2.carbon.user.core.UserRealm;
import org.wso2.carbon.user.core.UserStoreException;

import java.util.ArrayList;
import java.util.List;

/**
 * @deprecated  Not for public use, has been replaced.
 */
@Deprecated
public class SecurityPersistenceUtils {

    private static Log log = LogFactory.getLog(SecurityPersistenceUtils.class);

    /**
     * @param serviceGroupId      serviceGroupId
     * @param serviceId           serviceId
     * @param realm               realm
     * @param tenantAwareUserName tenantAwareUserName
     * @param permissionType      Probably UserCoreConstants.INVOKE_SERVICE_PERMISSION is all you need for this
     * @param serviceGroupFilePM  serviceGroupFilePM
     * @return false if any of the roles of user does not have permission to access it or no roles assigned for the service.
     * @throws UserStoreException
     * @deprecated do not use this method
     */
    public static boolean isUserAuthorized(
            String serviceGroupId, String serviceId, UserRealm realm, String tenantAwareUserName, String permissionType,
            ServiceGroupFilePersistenceManager serviceGroupFilePM) throws UserStoreException {
        try {
            String[] rolesList = realm.getUserStoreManager().getRoleListOfUser(tenantAwareUserName);

            String serviceXPath = Resources.ServiceProperties.ROOT_XPATH + PersistenceUtils.
                    getXPathAttrPredicate(Resources.NAME, serviceId);
            String rolesPath = serviceXPath +
                    "/" + Resources.SecurityManagement.ROLE_XML_TAG +
                    PersistenceUtils.getXPathAttrPredicate(
                            Resources.Associations.TYPE, permissionType) +
                    "/@" + Resources.SecurityManagement.ROLENAME_XML_ATTR;

            List tmpAllowedRolesAttr = serviceGroupFilePM.getAll(serviceGroupId, rolesPath);
            List<String> allowedRoles = new ArrayList<>(tmpAllowedRolesAttr.size());
            for (Object attr : tmpAllowedRolesAttr) {
                allowedRoles.add(((OMAttribute) attr).getAttributeValue());
            }

            for (String role : rolesList) {
                if (allowedRoles.contains(role)) {
                    return true;
                }
            }
            return false;
        } catch (PersistenceDataNotFoundException e) {
            log.error("Error occurred while reading allowed roles element. Returning false.", e);
            return false;
        }
    }
}