Package org.infinispan.security.impl

Source Code of org.infinispan.security.impl.AuthorizationHelper

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
package org.infinispan.security.impl;

import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.Principal;
import java.util.Set;

import javax.security.auth.Subject;

import org.infinispan.configuration.cache.AuthorizationConfiguration;
import org.infinispan.configuration.global.GlobalSecurityConfiguration;
import org.infinispan.security.AuthorizationPermission;
import org.infinispan.security.PrincipalRoleMapper;
import org.infinispan.security.Role;
import org.infinispan.util.logging.Log;
import org.infinispan.util.logging.LogFactory;

/**
* AuthorizationHelper. Some utility methods for computing access masks and verifying them against
* permissions
*
* @author Tristan Tarrant
* @since 7.0
*/
public class AuthorizationHelper {
   private static final Log log = LogFactory.getLog(AuthorizationHelper.class);

   public static void checkPermission(Subject subject, int subjectMask, AuthorizationPermission perm) {
      if ((subjectMask & perm.getMask()) != perm.getMask()) {
         if (System.getSecurityManager() == null) {
            throw log.unauthorizedAccess(String.valueOf(subject), perm.toString());
         } else {
            System.getSecurityManager().checkPermission(perm.getSecurityPermission());
         }
      }
   }

   public static void checkPermission(GlobalSecurityConfiguration globalConfiguration,
         AuthorizationConfiguration configuration, AuthorizationPermission perm) {
      if (globalConfiguration.authorization().enabled()) {
         AccessControlContext acc = AccessController.getContext();
         Subject subject = Subject.getSubject(acc);
         int subjectMask = computeSubjectRoleMask(subject, globalConfiguration, configuration);
         checkPermission(subject, subjectMask, perm);
      }
   }

   public static void checkPermission(GlobalSecurityConfiguration globalConfiguration, AuthorizationPermission perm) {
      checkPermission(globalConfiguration, null, perm);
   }

   public static int computeSubjectRoleMask(Subject subject, GlobalSecurityConfiguration globalConfiguration,
         AuthorizationConfiguration configuration) {
      PrincipalRoleMapper roleMapper = globalConfiguration.authorization().principalRoleMapper();
      int mask = 0;
      if (subject != null) {
         for (Principal principal : subject.getPrincipals()) {
            Set<String> roleNames = roleMapper.principalToRoles(principal);
            if (roleNames != null) {
               for (String roleName : roleNames) {
                  // Skip roles not defined for this cache
                  if (configuration != null && !configuration.roles().contains(roleName))
                     continue;
                  Role role = globalConfiguration.authorization().roles().get(roleName);
                  if (role != null) {
                     mask |= role.getMask();
                  }
               }
            }
         }
      }
      return mask;
   }
}
TOP

Related Classes of org.infinispan.security.impl.AuthorizationHelper

  • org.infinispan.manager.DefaultCacheManager
  • org.infinispan.security.PrincipalRoleMapper
  • org.infinispan.security.Role
  • java.security.AccessControlException
  • java.security.AccessControlContext
  • javax.security.auth.Subject
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.