PrincipalIdentifier.java example

Explorer
usergrid-master
/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.usergrid.security.shiro.principals;


import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.usergrid.management.ManagementService;
import org.apache.usergrid.management.UserInfo;
import org.apache.usergrid.persistence.EntityManager;
import org.apache.usergrid.persistence.EntityManagerFactory;
import org.apache.usergrid.persistence.entities.Role;
import org.apache.usergrid.security.shiro.UsergridAuthorizationInfo;
import org.apache.usergrid.security.shiro.credentials.AccessTokenCredentials;
import org.apache.usergrid.security.tokens.TokenInfo;
import org.apache.usergrid.security.tokens.TokenService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import java.util.Map;
import java.util.Set;
import java.util.UUID;

import static org.apache.commons.lang.StringUtils.isBlank;
import static org.apache.commons.lang.StringUtils.isNotBlank;
import static org.apache.usergrid.utils.StringUtils.stringOrSubstringAfterFirst;
import static org.apache.usergrid.utils.StringUtils.stringOrSubstringBeforeFirst;


public abstract class PrincipalIdentifier {

    private static final Logger logger = LoggerFactory.getLogger(PrincipalIdentifier.class);

    AccessTokenCredentials accessTokenCredentials;


    public UserInfo getUser() {
        return null;
    }


    public boolean isDisabled() {
        return false;
    }


    public boolean isActivated() {
        return true;
    }


    public AccessTokenCredentials getAccessTokenCredentials() {
        return accessTokenCredentials;
    }


    public void setAccessTokenCredentials( AccessTokenCredentials accessTokenCredentials ) {
        this.accessTokenCredentials = accessTokenCredentials;
    }

    /** Return application UUID or null if none is associated with this prinicipal */

    public abstract UUID getApplicationId();

    public abstract void grant(
        UsergridAuthorizationInfo info,
        EntityManagerFactory emf,
        ManagementService management,
        TokenService tokens);


    protected void grant( UsergridAuthorizationInfo info, String permission ) {
        if (logger.isTraceEnabled()) {
            logger.trace("Principal {} granted permission: {}", this, permission);
        }
        info.addStringPermission(permission);
    }


    protected void role( UsergridAuthorizationInfo info, String role ) {
        if (logger.isTraceEnabled()) {
            logger.trace("Principal {} added to role: {}", this, role);
        }
        info.addRole(role);
    }


    protected void grant( UsergridAuthorizationInfo info, UUID applicationId,
                               Set<String> permissions ) {
        if ( permissions != null ) {
            for ( String permission : permissions ) {
                if ( isNotBlank( permission ) ) {
                    String operations = "*";
                    if ( permission.indexOf( ':' ) != -1 ) {
                        operations = stringOrSubstringBeforeFirst( permission, ':' );
                    }
                    if ( isBlank( operations ) ) {
                        operations = "*";
                    }
                    permission = stringOrSubstringAfterFirst( permission, ':' );
                    permission = "applications:" + operations + ":" + applicationId + ":" + permission;
                    grant( info, permission );
                }
            }
        }
    }

    /** Grant all permissions for the role names on this application */
    protected void grantAppRoles(
        UsergridAuthorizationInfo info,
        EntityManager em, UUID applicationId,
        TokenInfo token,
        Set<String> rolenames ) throws Exception {

        Map<String, Role> app_roles = em.getRolesWithTitles( rolenames );

        for ( String rolename : rolenames ) {
            if ( ( app_roles != null ) && ( token != null ) ) {
                Role role = app_roles.get( rolename );
                if ( ( role != null ) && ( role.getInactivity() > 0 ) && ( token.getInactive() > role
                    .getInactivity() ) ) {
                    continue;
                }
            }
            Set<String> permissions = em.getRolePermissions( rolename );
            grant( info, applicationId, permissions );
            role( info, "application-role:".concat( applicationId.toString() ).concat( ":" ).concat( rolename ) );
        }
    }
}