package com.thinkbiganalytics.metadata.modeshape.security;
import java.security.Principal;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.jcr.Credentials;
import org.springframework.security.authentication.jaas.JaasGrantedAuthority;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import com.thinkbiganalytics.auth.UsernameAuthenticationToken;
/*-
* #%L
* thinkbig-metadata-modeshape
* %%
* Copyright (C) 2017 ThinkBig Analytics
* %%
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* #L%
*/
import com.thinkbiganalytics.metadata.api.MetadataAccess;
import com.thinkbiganalytics.security.UsernamePrincipal;
/**
* Credentials used to override those derived from the current security context.
*/
public class OverrideCredentials implements Credentials {
private static final long serialVersionUID = 1L;
private final Principal userPrincipal;
private final Set<Principal> rolePrincipals;
private final Authentication authentication;
public OverrideCredentials(Principal userPrincipal, Set<Principal> rolePrincipals) {
super();
this.userPrincipal = userPrincipal;
this.rolePrincipals = Collections.unmodifiableSet(new HashSet<>(rolePrincipals));
Collection<? extends GrantedAuthority> authorities = Stream.concat(Stream.of(this.userPrincipal), this.rolePrincipals.stream())
.map(p -> new JaasGrantedAuthority(p.getName(), p))
.collect(Collectors.toSet());
this.authentication = new UsernameAuthenticationToken(userPrincipal, authorities);
}
public static OverrideCredentials create(Principal... principals) {
return create(Arrays.asList(principals));
}
public static OverrideCredentials create(Iterable<Principal> principals) {
Principal user = null;
Set<Principal> roleSet = new HashSet<>();
for (Principal principal : principals) {
if (user == null && isUser(principal)) {
user = principal;
} else {
roleSet.add(principal);
}
}
if (user == null) {
user = MetadataAccess.ANONYMOUS;
}
if (MetadataAccess.SERVICE.equals(user)) {
roleSet.add(MetadataAccess.ADMIN);
}
return new OverrideCredentials(user, roleSet);
}
private static boolean isUser(Principal principal) {
return principal instanceof UsernamePrincipal; // Others?
}
public Principal getUserPrincipal() {
return userPrincipal;
}
public Set<Principal> getRolePrincipals() {
return rolePrincipals;
}
public Authentication getAuthentication() {
return authentication;
}
}