remove caching from user entities
Signed-off-by: Ralf Mollik <ramollik@compex-commerce.com>
diff --git a/org.eclipse.osbp.authentication.feature/feature.xml b/org.eclipse.osbp.authentication.feature/feature.xml
index 793a2e1..a7ce4d8 100644
--- a/org.eclipse.osbp.authentication.feature/feature.xml
+++ b/org.eclipse.osbp.authentication.feature/feature.xml
@@ -17,7 +17,7 @@
label="%featureName"
version="0.9.0.qualifier"
provider-name="%providerName"
- plugin="org.eclipse.osbp.authentication">
+ plugin="org.eclipse.osbp.license">
<description>
%description
diff --git a/org.eclipse.osbp.authentication/src-gen/org/eclipse/osbp/authentication/account/dtos/mapper/UserAccountDtoMapper.java b/org.eclipse.osbp.authentication/src-gen/org/eclipse/osbp/authentication/account/dtos/mapper/UserAccountDtoMapper.java
index ae6da79..c6373f4 100644
--- a/org.eclipse.osbp.authentication/src-gen/org/eclipse/osbp/authentication/account/dtos/mapper/UserAccountDtoMapper.java
+++ b/org.eclipse.osbp.authentication/src-gen/org/eclipse/osbp/authentication/account/dtos/mapper/UserAccountDtoMapper.java
@@ -766,7 +766,7 @@
// if entities are being removed, then they are passed to the
// #internalRemoveFromChilds method of the parent entity. So they are
// removed directly from the list of entities.
- childsList.mapToEntity(mapper,
+ if ( childsList != null ) childsList.mapToEntity(mapper,
parentEntity::addToUserAccountFilter,
parentEntity::internalRemoveFromUserAccountFilter);
return null;
diff --git a/org.eclipse.osbp.authentication/src-gen/org/eclipse/osbp/authentication/account/dtos/service/UserAccountDtoService.java b/org.eclipse.osbp.authentication/src-gen/org/eclipse/osbp/authentication/account/dtos/service/UserAccountDtoService.java
index d0d10ba..2251636 100644
--- a/org.eclipse.osbp.authentication/src-gen/org/eclipse/osbp/authentication/account/dtos/service/UserAccountDtoService.java
+++ b/org.eclipse.osbp.authentication/src-gen/org/eclipse/osbp/authentication/account/dtos/service/UserAccountDtoService.java
@@ -2,10 +2,10 @@
import org.eclipse.osbp.authentication.account.dtos.UserAccountDto;
import org.eclipse.osbp.authentication.account.entities.UserAccount;
-import org.eclipse.osbp.dsl.dto.lib.services.impl.AbstractDTOServiceWithMutablePersistence;
+import org.eclipse.osbp.dsl.dto.lib.services.impl.AbstractDTOService;
@SuppressWarnings("all")
-public class UserAccountDtoService extends AbstractDTOServiceWithMutablePersistence<UserAccountDto, UserAccount> {
+public class UserAccountDtoService extends AbstractDTOService<UserAccountDto, UserAccount> {
public UserAccountDtoService() {
// set the default persistence ID
setPersistenceId("authentication");
diff --git a/org.eclipse.osbp.authentication/src-gen/org/eclipse/osbp/authentication/account/dtos/service/UserAccountFilterDtoService.java b/org.eclipse.osbp.authentication/src-gen/org/eclipse/osbp/authentication/account/dtos/service/UserAccountFilterDtoService.java
index 4ad69e1..038e4c0 100644
--- a/org.eclipse.osbp.authentication/src-gen/org/eclipse/osbp/authentication/account/dtos/service/UserAccountFilterDtoService.java
+++ b/org.eclipse.osbp.authentication/src-gen/org/eclipse/osbp/authentication/account/dtos/service/UserAccountFilterDtoService.java
@@ -2,10 +2,10 @@
import org.eclipse.osbp.authentication.account.dtos.UserAccountFilterDto;
import org.eclipse.osbp.authentication.account.entities.UserAccountFilter;
-import org.eclipse.osbp.dsl.dto.lib.services.impl.AbstractDTOServiceWithMutablePersistence;
+import org.eclipse.osbp.dsl.dto.lib.services.impl.AbstractDTOService;
@SuppressWarnings("all")
-public class UserAccountFilterDtoService extends AbstractDTOServiceWithMutablePersistence<UserAccountFilterDto, UserAccountFilter> {
+public class UserAccountFilterDtoService extends AbstractDTOService<UserAccountFilterDto, UserAccountFilter> {
public UserAccountFilterDtoService() {
// set the default persistence ID
setPersistenceId("authentication");
diff --git a/org.eclipse.osbp.authentication/src-gen/org/eclipse/osbp/authentication/account/entities/UserAccount.java b/org.eclipse.osbp.authentication/src-gen/org/eclipse/osbp/authentication/account/entities/UserAccount.java
index a8bf418..c009970 100644
--- a/org.eclipse.osbp.authentication/src-gen/org/eclipse/osbp/authentication/account/entities/UserAccount.java
+++ b/org.eclipse.osbp.authentication/src-gen/org/eclipse/osbp/authentication/account/entities/UserAccount.java
@@ -4,6 +4,7 @@
import java.util.Collections;
import java.util.List;
import javax.persistence.Basic;
+import javax.persistence.Cacheable;
import javax.persistence.Column;
import javax.persistence.DiscriminatorValue;
import javax.persistence.Entity;
@@ -28,8 +29,9 @@
import org.eclipse.osbp.runtime.common.annotations.UniqueEntry;
import org.eclipse.osbp.runtime.common.validation.InfoSeverity;
+@Cacheable(false)
@Entity
-@Table(name = "USER_ACCOUNT", indexes = @Index(name = "INDEX_USER_NAME", columnList = "USER_NAME"))
+@Table(name = "USER_ACCOUNT", indexes = @Index(name = "USER_ACCOUNTINDEX_USER_NAME", unique = true, columnList = "USER_NAME"))
@DiscriminatorValue(value = "USER_ACCOUNT")
@SuppressWarnings("all")
public class UserAccount implements IEntity {
@@ -594,7 +596,7 @@
return;
}
- internalGetUserAccountFilter().add(userAccountFilter);
+ internalGetUserAccountFilter().add(userAccountFilter);
}
/**
diff --git a/org.eclipse.osbp.authentication/src/account.entity b/org.eclipse.osbp.authentication/src/account.entity
index bd63e0a..56e7c5d 100644
--- a/org.eclipse.osbp.authentication/src/account.entity
+++ b/org.eclipse.osbp.authentication/src/account.entity
@@ -22,7 +22,7 @@
import ns org.eclipse.osbp.authentication.account.datatypes.int
package org.eclipse.osbp.authentication.account.entities {
-
+ @Cacheable(false) // disable caching for userdata to allow manipulation of user data via SQL tools
entity UserAccount {
persistenceUnit "authentication"
uuid String id
@@ -57,7 +57,7 @@
failedAttempt = 00
}
}
- index indexUserName {
+ unique index indexUserName {
userName
}
}
diff --git a/org.eclipse.osbp.authentication/src/org/eclipse/osbp/authentication/Activator.java b/org.eclipse.osbp.authentication/src/org/eclipse/osbp/authentication/Activator.java
index 555cfb8..20253e4 100644
--- a/org.eclipse.osbp.authentication/src/org/eclipse/osbp/authentication/Activator.java
+++ b/org.eclipse.osbp.authentication/src/org/eclipse/osbp/authentication/Activator.java
@@ -14,20 +14,36 @@
*/
package org.eclipse.osbp.authentication;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.eclipse.osbp.authentication.account.entities.UserAccount;
import org.eclipse.osbp.gitinfo.Loginfo;
+import org.eclipse.osbp.runtime.common.event.EventDispatcherEvent;
+import org.eclipse.osbp.runtime.common.event.IEventDispatcher;
+import org.eclipse.osbp.runtime.common.event.EventDispatcherEvent.EventDispatcherCommand;
+import org.eclipse.osbp.ui.api.complexdatacontainer.IComplexDataContainerChangedListener;
import org.osgi.framework.BundleActivator;
import org.osgi.framework.BundleContext;
+import org.osgi.framework.ServiceReference;
+import org.osgi.util.tracker.ServiceTracker;
-// TODO: Auto-generated Javadoc
/**
* The Class Activator.
*
*/
-public class Activator implements BundleActivator {
+public class Activator implements BundleActivator, IEventDispatcher.Receiver {
/** The context. */
private static BundleContext context;
+ private IEventDispatcher eventDispatcher;
+
+ private ServiceTracker<IEventDispatcher, IEventDispatcher> eventDispatcherTracker;
+
+ /** The listeners which are listening for changed complex data changes. */
+ public static final List<IComplexDataContainerChangedListener> userAccountChangedListeners = new ArrayList<>();
+
/**
* Gets the context.
*
@@ -48,6 +64,26 @@
Loginfo li = new Loginfo();
li.print(Activator.class.getCanonicalName(), Activator.class.getClassLoader());
Activator.context = bundleContext;
+ eventDispatcherTracker = new ServiceTracker<IEventDispatcher, IEventDispatcher>(context, IEventDispatcher.class,
+ null) {
+ @Override
+ public IEventDispatcher addingService(ServiceReference<IEventDispatcher> reference) {
+ eventDispatcher = context.getService(reference);
+ if (eventDispatcher != null) {
+ eventDispatcher.addEventReceiver(Activator.this);
+ }
+
+ return null;
+ }
+
+ @Override
+ public void removedService(ServiceReference<IEventDispatcher> reference, IEventDispatcher service) {
+ eventDispatcher.removeEventReceiver(Activator.this);
+ eventDispatcher = null;
+ super.removedService(reference, service);
+ }
+ };
+ eventDispatcherTracker.open();
}
/*
@@ -57,7 +93,23 @@
* org.osgi.framework.BundleActivator#stop(org.osgi.framework.BundleContext)
*/
public void stop(BundleContext bundleContext) throws Exception {
+ if (eventDispatcherTracker != null) {
+ eventDispatcher.removeEventReceiver(this);
+ eventDispatcher = null;
+ eventDispatcherTracker.close();
+ }
Activator.context = null;
}
+ @Override
+ public void receiveEvent(EventDispatcherEvent event) {
+ if ((event.getCommand() == EventDispatcherCommand.REFRESH
+ || event.getCommand() == EventDispatcherCommand.DELETE)
+ && event.getTopic().equals(UserAccount.class.getName())) {
+ for (IComplexDataContainerChangedListener container : userAccountChangedListeners) {
+ container.complexDataContainerChanged();
+ }
+ }
+ }
+
}
diff --git a/org.eclipse.osbp.authentication/src/org/eclipse/osbp/authentication/providerimpl/UserAccessService.java b/org.eclipse.osbp.authentication/src/org/eclipse/osbp/authentication/providerimpl/UserAccessService.java
index 777f355..c01b086 100644
--- a/org.eclipse.osbp.authentication/src/org/eclipse/osbp/authentication/providerimpl/UserAccessService.java
+++ b/org.eclipse.osbp.authentication/src/org/eclipse/osbp/authentication/providerimpl/UserAccessService.java
@@ -30,6 +30,7 @@
import java.util.Set;
import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.authc.AccountException;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.credential.DefaultPasswordService;
import org.apache.shiro.authz.AuthorizationInfo;
@@ -40,6 +41,7 @@
import org.apache.shiro.util.ThreadContext;
import org.apache.shiro.web.config.WebIniSecurityManagerFactory;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
+import org.eclipse.osbp.authentication.Activator;
import org.eclipse.osbp.authentication.account.dtos.UserAccountDto;
import org.eclipse.osbp.authentication.account.dtos.UserAccountFilterDto;
import org.eclipse.osbp.authentication.shiro.extensions.StaticRealm;
@@ -52,12 +54,13 @@
import org.eclipse.osbp.dsl.dto.lib.impl.DtoServiceAccess;
import org.eclipse.osbp.jpa.services.Query;
import org.eclipse.osbp.preferences.ProductConfiguration;
-import org.eclipse.osbp.runtime.common.filter.IDTOServiceWithMutablePersistence;
+import org.eclipse.osbp.runtime.common.filter.IDTOService;
import org.eclipse.osbp.ui.api.complexdatacontainer.IComplexDataContainerChangedListener;
import org.eclipse.osbp.ui.api.useraccess.AbstractAuthorization;
import org.eclipse.osbp.ui.api.useraccess.AbstractAuthorization.Action;
import org.eclipse.osbp.ui.api.useraccess.AbstractAuthorization.Group;
import org.eclipse.osbp.ui.api.useraccess.AbstractPosition;
+import org.eclipse.osbp.ui.api.useraccess.IBlipProcessPermissions;
import org.eclipse.osbp.ui.api.useraccess.IOrganizationService;
import org.eclipse.osbp.ui.api.useraccess.IPosition;
import org.eclipse.osbp.ui.api.useraccess.ISubOrganization;
@@ -109,9 +112,6 @@
/** The Constant sOrganizationServices. */
protected static final Map<String, IOrganizationService> sOrganizationServices = new HashMap<>();
- /** The listeners which are listening for changed complex data changes. */
- protected static final Set<IComplexDataContainerChangedListener> complexDataContainerChangedListeners = new HashSet<>();
-
/**
* Gets the organization services.
*
@@ -146,14 +146,13 @@
SecurityUtils.setSecurityManager(sSecurityManager);
LOGGER.debug("{}", "security manager is set");
if (UserProtocol.dtoUserAccountDtoService == null) {
- UserProtocol.dtoUserAccountDtoService = (IDTOServiceWithMutablePersistence<UserAccountDto>) DtoServiceAccess
+ UserProtocol.dtoUserAccountDtoService = (IDTOService<UserAccountDto>) DtoServiceAccess
.getService(UserAccountDto.class);
}
// for password encryption
if (UserProtocol.passwordService == null) {
UserProtocol.passwordService = new DefaultPasswordService();
}
-
}
protected void deactivate() {
@@ -225,7 +224,7 @@
UserFilterMap userFilterMap = null;
AbstractPosition position = null;
String defaultPerspective = null;
- Collection<String> roles = null;
+ List<String> roles = null;
AbstractAuthorization authorization = null;
if (realm instanceof UserAccessAuthorizationRealm) {
user = ((UserAccessAuthorizationRealm) realm).findUserAccount(username);
@@ -233,9 +232,11 @@
position = ((UserAccessAuthorizationRealm) realm).findPositionForUser(username);
defaultPerspective = user.getDefaultPerspective();
authorization = ((UserAccessAuthorizationRealm) realm).findPermissionsForUser(username);
- }
- if (position != null) {
- roles = position.getRoles();
+ if(position != null) {
+ roles = position.getRoles();
+ }
+ } else {
+ throw new AccountException("No valid realm authenticated "+username);
}
setSessionAttribute(AUTHENTICATED_BY_REALM, token.getAuthenticatedByRealm());
setSessionAttribute(USER_KEY, user);
@@ -596,8 +597,8 @@
*/
@SuppressWarnings("unchecked")
@Override
- public Collection<String> getRoles() {
- return (Collection<String>) getSessionAttribute(ROLES_KEY);
+ public List<String> getRoles() {
+ return (List<String>) getSessionAttribute(ROLES_KEY);
}
/*
@@ -705,8 +706,8 @@
AuthenticatingRealm realm = getAuthenticationRealm();
if (realm instanceof UserAccessAuthorizationRealm) {
Set<AbstractPosition> retcode = new HashSet<>();
+ String organizationID = ProductConfiguration.getAuthenticationOrganizationId();
for (Entry<String, IOrganizationService> entrySet : UserAccessService.sOrganizationServices.entrySet()) {
- String organizationID = ProductConfiguration.getAuthenticationOrganizationId();
ISubOrganization organization = entrySet.getValue().getOrganization(organizationID);
if (organization != null) {
for (IPosition position : organization.getPositions()) {
@@ -761,7 +762,7 @@
* (java.lang.String)
*/
@Override
- public Collection<String> findRolesForUser(String username) {
+ public List<String> findRolesForUser(String username) {
AuthenticatingRealm realm = getAuthenticationRealm();
if (realm instanceof UserAccessAuthorizationRealm) {
return ((UserAccessAuthorizationRealm) realm).findRolesForUser(username);
@@ -848,8 +849,8 @@
* getAllUserAccountRoles ()
*/
@Override
- public Map<String, Collection<String>> getAllUserAccountRoles() { // NOSONAR
- Map<String, Collection<String>> userRolesMap = new HashMap<>();
+ public Map<String, List<String>> getAllUserAccountRoles() { // NOSONAR
+ Map<String, List<String>> userRolesMap = new HashMap<>();
List<String> adminRoles = new ArrayList<>();
Query query = new Query();
int size = UserProtocol.getDtoUserAccountDtoService().size(query);
@@ -858,13 +859,11 @@
if (user.getUserName() != null && user.getPosition() != null) {
boolean needsDefault = true;
for (Entry<String, IOrganizationService> entrySet : UserAccessService.sOrganizationServices.entrySet()) {
- // as positions in organigram are not allowed to have spaces
-
String organizationID = ProductConfiguration.getAuthenticationOrganizationId();
ISubOrganization organization = entrySet.getValue().getOrganization(organizationID);
if (organization != null) {
IPosition position = organization.getPositionByLinkAlias(user.getPosition());
- if (position != null && position instanceof AbstractPosition) {
+ if (position instanceof AbstractPosition) {
userRolesMap.put(user.getUserName(), ((AbstractPosition) position).getRoles());
needsDefault = false;
}
@@ -886,7 +885,7 @@
adminRoles.add(IUserAccessService.DEFAULTUSERROLE);
adminRoles.add(IUserAccessService.DEFAULTADMINROLE);
}
- userRolesMap.put(IUserAccessService.ADMINISTRATOR, adminRoles);
+ userRolesMap.put(IUserAccessService.NAME_ADMINISTRATOR, adminRoles);
return userRolesMap;
}
@@ -965,15 +964,15 @@
}
public void addComplexDataContainerChangedListener(IComplexDataContainerChangedListener listener) {
- complexDataContainerChangedListeners.add(listener);
+ Activator.userAccountChangedListeners.add(listener);
}
public void removeComplexDataContainerChangedListener(IComplexDataContainerChangedListener listener) {
- complexDataContainerChangedListeners.remove(listener);
+ Activator.userAccountChangedListeners.remove(listener);
}
public static void triggerComplexDataContainerChangedListeners() {
- for (IComplexDataContainerChangedListener listener : complexDataContainerChangedListeners) {
+ for (IComplexDataContainerChangedListener listener : Activator.userAccountChangedListeners) {
listener.complexDataContainerChanged();
}
}
@@ -1017,5 +1016,16 @@
}
}
}
-
+
+ @Override
+ public IBlipProcessPermissions getBlipProcessPermissions() {
+ String organizationID = ProductConfiguration.getAuthenticationOrganizationId();
+ for (Entry<String, IOrganizationService> entrySet : UserAccessService.sOrganizationServices.entrySet()) {
+ ISubOrganization organization = entrySet.getValue().getOrganization(organizationID);
+ if (organization != null) {
+ return entrySet.getValue().getBlipProcessPermissions();
+ }
+ }
+ return null;
+ }
}
diff --git a/org.eclipse.osbp.authentication/src/org/eclipse/osbp/authentication/providerimpl/UserProtocol.java b/org.eclipse.osbp.authentication/src/org/eclipse/osbp/authentication/providerimpl/UserProtocol.java
index 518aa0d..29fabd3 100644
--- a/org.eclipse.osbp.authentication/src/org/eclipse/osbp/authentication/providerimpl/UserProtocol.java
+++ b/org.eclipse.osbp.authentication/src/org/eclipse/osbp/authentication/providerimpl/UserProtocol.java
@@ -22,12 +22,10 @@
import org.eclipse.osbp.jpa.services.Query;
import org.eclipse.osbp.jpa.services.filters.LCompare;
import org.eclipse.osbp.preferences.ProductConfiguration;
-import org.eclipse.osbp.runtime.common.filter.IDTOServiceWithMutablePersistence;
+import org.eclipse.osbp.runtime.common.filter.IDTOService;
+import org.eclipse.osbp.runtime.common.filter.IDTOService;
import org.eclipse.osbp.ui.api.useraccess.IUserAccessService;
import org.osgi.service.component.ComponentContext;
-import org.osgi.service.component.annotations.Reference;
-import org.osgi.service.component.annotations.ReferenceCardinality;
-import org.osgi.service.component.annotations.ReferencePolicy;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -39,7 +37,7 @@
public class UserProtocol {
/** The dto user account dto service. */
- protected static IDTOServiceWithMutablePersistence<UserAccountDto> dtoUserAccountDtoService = null;
+ protected static IDTOService<UserAccountDto> dtoUserAccountDtoService = null;
/** The Constant LOGGER. */
private static final Logger LOGGER = LoggerFactory.getLogger(UserProtocol.class);
@@ -84,7 +82,7 @@
*
* @return the dto user account dto service
*/
- public static IDTOServiceWithMutablePersistence<UserAccountDto> getDtoUserAccountDtoService() {
+ public static IDTOService<UserAccountDto> getDtoUserAccountDtoService() {
return UserProtocol.dtoUserAccountDtoService;
}
@@ -178,7 +176,7 @@
* @return the int
*/
public int trackFailedLoginAttempt(String username) {
- if (IUserAccessService.ADMINISTRATOR.equals(username)) {
+ if (IUserAccessService.NAME_ADMINISTRATOR.equals(username)) {
return 0;
}
UserAccountDto user = findUserAccount(username);
@@ -200,7 +198,7 @@
* @return true, if is account locked
*/
public boolean isAccountLocked(String username) {
- if (IUserAccessService.ADMINISTRATOR.equals(username)) {
+ if (IUserAccessService.NAME_ADMINISTRATOR.equals(username)) {
return false;
}
UserAccountDto user = findUserAccount(username);
@@ -218,7 +216,7 @@
* @return true, if the account is still not registered
*/
public boolean isAccountNotRegistered(String username) {
- if (IUserAccessService.ADMINISTRATOR.equals(username)) {
+ if (IUserAccessService.NAME_ADMINISTRATOR.equals(username)) {
return false;
}
UserAccountDto user = findUserAccount(username);
@@ -236,7 +234,7 @@
* @return true, if is account enabled
*/
public boolean isAccountEnabled(String username) {
- if (IUserAccessService.ADMINISTRATOR.equals(username)) {
+ if (IUserAccessService.NAME_ADMINISTRATOR.equals(username)) {
return true;
}
UserAccountDto user = findUserAccount(username);
@@ -325,7 +323,7 @@
if(cookie != null) {
hashCode = cookie.hashCode();
}
- LOGGER.debug("fraud detected as an invalid cookie was presented. expected: {} found:",user.getCookieHashCode(), hashCode);
+ LOGGER.debug("fraud detected as an invalid cookie was presented. expected:{} found:{}",user.getCookieHashCode(), hashCode);
return false;
}
} else {
diff --git a/org.eclipse.osbp.authentication/src/org/eclipse/osbp/authentication/shiro/extensions/IUserAccess.java b/org.eclipse.osbp.authentication/src/org/eclipse/osbp/authentication/shiro/extensions/IUserAccess.java
index ba1403b..c7ed899 100644
--- a/org.eclipse.osbp.authentication/src/org/eclipse/osbp/authentication/shiro/extensions/IUserAccess.java
+++ b/org.eclipse.osbp.authentication/src/org/eclipse/osbp/authentication/shiro/extensions/IUserAccess.java
@@ -15,6 +15,7 @@
package org.eclipse.osbp.authentication.shiro.extensions;
import java.util.Collection;
+import java.util.List;
import java.util.Map;
import java.util.Set;
@@ -22,7 +23,6 @@
import org.eclipse.osbp.ui.api.useraccess.AbstractAuthorization;
import org.eclipse.osbp.ui.api.useraccess.AbstractPosition;
-// TODO: Auto-generated Javadoc
/**
* The Interface IUserAccess.
*/
@@ -97,6 +97,13 @@
AbstractAuthorization findPermissionsForUser(String username);
/**
+ * Find permissions for administrator.
+ *
+ * @return the abstract authorization
+ */
+ AbstractAuthorization findPermissionsForAdministrator();
+
+ /**
* Check username uniqueness.
*
* @param username the username
diff --git a/org.eclipse.osbp.authentication/src/org/eclipse/osbp/authentication/shiro/extensions/StaticRealm.java b/org.eclipse.osbp.authentication/src/org/eclipse/osbp/authentication/shiro/extensions/StaticRealm.java
index 0a57353..d3b7ca5 100644
--- a/org.eclipse.osbp.authentication/src/org/eclipse/osbp/authentication/shiro/extensions/StaticRealm.java
+++ b/org.eclipse.osbp.authentication/src/org/eclipse/osbp/authentication/shiro/extensions/StaticRealm.java
@@ -17,11 +17,11 @@
import java.util.Calendar;
import java.util.HashMap;
import java.util.HashSet;
+import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.shiro.authc.AccountException;
-import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.DisabledAccountException;
@@ -32,14 +32,16 @@
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.subject.PrincipalCollection;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
import org.eclipse.osbp.authentication.account.dtos.UserAccountDto;
import org.eclipse.osbp.authentication.providerimpl.AuthenticationInformation;
import org.eclipse.osbp.authentication.providerimpl.AuthorizationInformation;
import org.eclipse.osbp.authentication.shiro.extensionsimpl.UserAccessAuthorizationRealm;
import org.eclipse.osbp.preferences.ProductConfiguration;
+import org.eclipse.osbp.ui.api.useraccess.AbstractAuthorization;
import org.eclipse.osbp.ui.api.useraccess.AbstractPosition;
+import org.eclipse.osbp.ui.api.useraccess.IUserAccessService;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
/**
* The Class StaticRealm.
@@ -49,15 +51,6 @@
/** The Constant LOGGER. */
private static final Logger LOGGER = LoggerFactory.getLogger("realm");
- /** The Constant NAME_ADMINISTRATOR. */
- private static final String NAME_ADMINISTRATOR="Administrator";
-
- /** The Constant PASSWORD_ADMINISTRATOR. */
- private static final String PASSWORD_ADMINISTRATOR="Administrator";
-
- /** The Constant POS_ADMINISTRATOR. */
- private static final String POS_ADMINISTRATOR="Administrator";
-
/** The static token. */
private IPortalAuthenticationToken staticToken = null;
@@ -101,7 +94,7 @@
* @see org.eclipse.osbp.authentication.shiro.extensionsimpl.UserAccessAuthorizationRealm#doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)
*/
@Override
- protected AuthenticationInfo doGetAuthenticationInfo(final AuthenticationToken token) throws AuthenticationException {
+ protected AuthenticationInfo doGetAuthenticationInfo(final AuthenticationToken token) {
staticToken = (IPortalAuthenticationToken)token;
if (!(token instanceof UsernamePasswordToken)) {
throw new IllegalStateException("Token has to be instance of UsernamePasswordToken class");
@@ -142,7 +135,7 @@
*/
@Override
public boolean supports(AuthenticationToken token) {
- return token != null && token instanceof IPortalAuthenticationToken &&
+ return token instanceof IPortalAuthenticationToken &&
getPortalId().equals(((IPortalAuthenticationToken)token).getPortalId());
}
@@ -162,7 +155,7 @@
@Override
public Set<String> getAllUsers() {
Set<String> retcode = new HashSet<>();
- retcode.add(NAME_ADMINISTRATOR);
+ retcode.add(IUserAccessService.NAME_ADMINISTRATOR);
return retcode;
}
@@ -172,7 +165,7 @@
@Override
public Map<String, String> getAllUsersPositions() {
Map<String,String> retcode = new HashMap<>();
- retcode.put(NAME_ADMINISTRATOR, PASSWORD_ADMINISTRATOR);
+ retcode.put(IUserAccessService.NAME_ADMINISTRATOR, IUserAccessService.PASSWORD_ADMINISTRATOR);
return retcode;
}
@@ -181,26 +174,34 @@
*/
@Override
public UserAccountDto findUserAccount(String username) {
- if(!NAME_ADMINISTRATOR.equals(username)) {
+ if(!IUserAccessService.NAME_ADMINISTRATOR.equals(username)) {
return null;
}
UserAccountDto user = new UserAccountDto();
user.setEmail(ProductConfiguration.getAdminEmail());
user.setEnabled(true);
user.setLocked(false);
- user.setPosition(POS_ADMINISTRATOR);
- user.setUserName(NAME_ADMINISTRATOR);
+ user.setPosition(IUserAccessService.POS_ADMINISTRATOR);
+ user.setUserName(IUserAccessService.NAME_ADMINISTRATOR);
user.setPassword(encryptPassword(generatePassword()));
return user;
}
/* (non-Javadoc)
+ * @see org.eclipse.osbp.authentication.shiro.extensionsimpl.UserAccessAuthorizationRealm#findPositionForUser(java.lang.String)
+ */
+ @Override
+ public AbstractPosition findPositionForUser(String username) {
+ return findPositionForPositionName(IUserAccessService.POS_ADMINISTRATOR);
+ }
+
+ /* (non-Javadoc)
* @see org.eclipse.osbp.authentication.shiro.extensionsimpl.UserAccessAuthorizationRealm#findUsersForPosition(java.lang.String)
*/
@Override
public Set<String> findUsersForPosition(String orgNode) {
Set<String> retcode = new HashSet<>();
- retcode.add(NAME_ADMINISTRATOR);
+ retcode.add(IUserAccessService.NAME_ADMINISTRATOR);
return retcode;
}
@@ -211,7 +212,7 @@
*/
private String generatePassword() {
Calendar cal = Calendar.getInstance();
- Integer number = new Integer(cal.get(Calendar.DATE)*100);
+ Integer number = cal.get(Calendar.DATE)*100;
number += cal.get(Calendar.MONTH);
number ++; // month is idiotically 0 based
number += cal.get(Calendar.YEAR);
@@ -228,5 +229,9 @@
private String encryptPassword(String decryptedPassword) {
return staticToken.getUserProtocol().encryptPassword(decryptedPassword);
}
-
+
+ @Override
+ public AbstractAuthorization findPermissionsForAdministrator() {
+ return null;
+ }
}
diff --git a/org.eclipse.osbp.authentication/src/org/eclipse/osbp/authentication/shiro/extensionsimpl/UserAccessAuthorizationRealm.java b/org.eclipse.osbp.authentication/src/org/eclipse/osbp/authentication/shiro/extensionsimpl/UserAccessAuthorizationRealm.java
index d3287d7..3024966 100644
--- a/org.eclipse.osbp.authentication/src/org/eclipse/osbp/authentication/shiro/extensionsimpl/UserAccessAuthorizationRealm.java
+++ b/org.eclipse.osbp.authentication/src/org/eclipse/osbp/authentication/shiro/extensionsimpl/UserAccessAuthorizationRealm.java
@@ -16,7 +16,9 @@
import java.util.Collection;
import java.util.Collections;
+import java.util.List;
+import org.apache.shiro.authc.AccountException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authz.AuthorizationInfo;
@@ -82,16 +84,31 @@
@Override
public AbstractPosition findPositionForPositionName(String positionName) {
if (positionName != null) {
+ String organizationID = ProductConfiguration.getAuthenticationOrganizationId();
+ boolean organizationFound = false;
+ boolean organizationDefined = false;
for (IOrganizationService organizationService : UserAccessService.getOrganizationServices()) {
- String organizationID = ProductConfiguration.getAuthenticationOrganizationId();
+ organizationDefined = !organizationService.getOrganizationNames().isEmpty() || organizationDefined;
ISubOrganization organization = organizationService.getOrganization(organizationID);
if (organization != null) {
+ organizationFound = true;
IPosition position = organization.getPositionByLinkAlias(positionName);
- if (position != null && position instanceof AbstractPosition) {
+ if (position instanceof AbstractPosition) {
return (AbstractPosition) position;
}
}
}
+ // we found an authorizing organization but the role was not inside
+ if(organizationFound) {
+ throw new AccountException("The position "+positionName+" is not supported by the authorizing organization "+organizationID);
+ }
+ // no authorization service present - this probably is a osbp installation
+ if(UserAccessService.getOrganizationServices().isEmpty() || !organizationDefined) {
+ return null;
+ }
+ }
+ if(!UserAccessService.getOrganizationServices().isEmpty()) {
+ throw new AccountException("The user has no position assigned and cannot be authorized therefore");
}
return null;
}
@@ -104,7 +121,7 @@
* (java.lang.String)
*/
@Override
- public Collection<String> findRolesForUser(String username) {
+ public List<String> findRolesForUser(String username) {
AbstractPosition position = findPositionForUser(username);
if (position != null) {
return position.getRoles();
@@ -127,6 +144,11 @@
return null;
}
+ @Override
+ public AbstractAuthorization findPermissionsForAdministrator() {
+ return null;
+ }
+
/*
* (non-Javadoc)
*
