Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2025-11-11 07:55:47 +01:00
Code Issues Packages Projects Releases Activity

start implementation of new security system

Browse Source
This commit is contained in:
Sebastian Sdorra
2013-04-30 16:27:08 +02:00
parent c7cc0fabb0
commit 7b00a4e52d
2 changed files with 142 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

151
scm-webapp/src/main/java/sonia/scm/security/DefaultSecuritySystem.java
View File

@@ -33,17 +33,26 @@ package sonia.scm.security;
//~--- non-JDK imports -------------------------------------------------------- //~--- non-JDK imports --------------------------------------------------------
import com.google.common.base.Predicate;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableList.Builder;
import com.google.inject.Inject; import com.google.inject.Inject;
import com.google.inject.Singleton; import com.google.inject.Singleton;
import org.apache.shiro.SecurityUtils; import org.apache.shiro.SecurityUtils;
import org.apache.shiro.subject.PrincipalCollection; import org.apache.shiro.subject.PrincipalCollection;
import sonia.scm.event.ScmEventBus; import sonia.scm.store.ConfigurationEntryStore;
import sonia.scm.store.Store; import sonia.scm.store.ConfigurationEntryStoreFactory;
import sonia.scm.store.StoreFactory;
//~--- JDK imports ------------------------------------------------------------
import java.util.Collections;
import java.util.List;
import java.util.Map.Entry;
/** /**
* TODO add events
* *
* @author Sebastian Sdorra * @author Sebastian Sdorra
* @since 1.31 * @since 1.31
@@ -64,9 +73,73 @@ public class DefaultSecuritySystem implements SecuritySystem
* @param storeFactory * @param storeFactory
*/ */
@Inject @Inject
public DefaultSecuritySystem(StoreFactory storeFactory) public DefaultSecuritySystem(ConfigurationEntryStoreFactory storeFactory)
{ {
store = storeFactory.getStore(SecurityConfiguration.class, NAME); store = storeFactory.getStore(AssignedPermission.class, NAME);
}
//~--- methods --------------------------------------------------------------
/**
* Method description
*
*
* @param permission
*
* @return
*/
@Override
public StoredAssignedPermission addPermission(AssignedPermission permission)
{
assertIsAdmin();
String id = store.put(permission);
return new StoredAssignedPermission(id, permission);
}
/**
* Method description
*
*
* @param permission
*/
@Override
public void deletePermission(StoredAssignedPermission permission)
{
assertIsAdmin();
deletePermission(permission.getId());
}
/**
* Method description
*
*
* @param id
*/
@Override
public void deletePermission(String id)
{
assertIsAdmin();
store.remove(id);
}
/**
* Method description
*
*
* @param permission
*/
@Override
public void modifyPermission(StoredAssignedPermission permission)
{
assertIsAdmin();
synchronized (store)
{
store.remove(permission.getId());
store.put(permission.getId(), new AssignedPermission(permission));
}
} }
//~--- get methods ---------------------------------------------------------- //~--- get methods ----------------------------------------------------------
@@ -78,16 +151,48 @@ public class DefaultSecuritySystem implements SecuritySystem
* @return * @return
*/ */
@Override @Override
public SecurityConfiguration getConfiguration() public List<StoredAssignedPermission> getAllPermissions()
{ {
SecurityConfiguration configuration = store.get(); return getPermissions(null);
if (configuration == null)
{
configuration = new SecurityConfiguration();
} }
return configuration; /**
* Method description
*
*
* @return
*/
@Override
public List<PermissionDescriptor> getAvailablePermissions()
{
// TODO
return Collections.EMPTY_LIST;
}
/**
* Method description
*
*
* @param predicate
*
* @return
*/
@Override
public List<StoredAssignedPermission> getPermissions(
Predicate<AssignedPermission> predicate)
{
Builder<StoredAssignedPermission> permissions = ImmutableList.builder();
for (Entry<String, AssignedPermission> e : store.getAll().entrySet())
{
if ((predicate == null) || predicate.apply(e.getValue()))
{
permissions.add(new StoredAssignedPermission(e.getKey(), e.getValue()));
}
}
return permissions.build();
} }
/** /**
@@ -99,34 +204,24 @@ public class DefaultSecuritySystem implements SecuritySystem
@Override @Override
public PrincipalCollection getSystemAccount() public PrincipalCollection getSystemAccount()
{ {
throw new UnsupportedOperationException("Not supported yet."); // To change body of generated methods, choose Tools | Templates.
// TODO
throw new UnsupportedOperationException("Not supported yet.");
} }
//~--- set methods ---------------------------------------------------------- //~--- methods --------------------------------------------------------------
/** /**
* Method description * Method description
* *
*
* @param newConfiguration
*/ */
@Override private void assertIsAdmin()
public void setConfiguration(SecurityConfiguration newConfiguration)
{ {
SecurityUtils.getSubject().checkRole(Role.ADMIN); SecurityUtils.getSubject().checkRole(Role.ADMIN);
SecurityConfiguration oldConfiguration = store.get();
store.set(newConfiguration);
//J-
ScmEventBus.getInstance().post(
new SecurityConfigurationChangedEvent(oldConfiguration, newConfiguration)
);
//J+
} }
//~--- fields --------------------------------------------------------------- //~--- fields ---------------------------------------------------------------
/** Field description */ /** Field description */
private Store<SecurityConfiguration> store; private final ConfigurationEntryStore<AssignedPermission> store;
} }

39
scm-webapp/src/main/java/sonia/scm/security/ScmRealm.java
View File

@@ -36,6 +36,7 @@ package sonia.scm.security;
//~--- non-JDK imports -------------------------------------------------------- //~--- non-JDK imports --------------------------------------------------------
import com.google.common.base.Joiner; import com.google.common.base.Joiner;
import com.google.common.base.Predicate;
import com.google.common.collect.Lists; import com.google.common.collect.Lists;
import com.google.common.collect.Sets; import com.google.common.collect.Sets;
import com.google.common.eventbus.Subscribe; import com.google.common.eventbus.Subscribe;
@@ -197,23 +198,6 @@ public class ScmRealm extends AuthorizingRealm
} }
} }
/**
* Method description
*
*
* @param event
*/
@Subscribe
public void onEvent(SecurityConfigurationChangedEvent event)
{
if (logger.isDebugEnabled())
{
logger.debug("clear cache, because security configuration has changed");
}
cache.clear();
}
/** /**
* Method description * Method description
* *
@@ -503,7 +487,8 @@ public class ScmRealm extends AuthorizingRealm
* *
* @return * @return
*/ */
private List<String> collectGlobalPermissions(User user, GroupNames groups) private List<String> collectGlobalPermissions(final User user,
final GroupNames groups)
{ {
if (logger.isTraceEnabled()) if (logger.isTraceEnabled())
{ {
@@ -512,12 +497,18 @@ public class ScmRealm extends AuthorizingRealm
List<String> permissions = Lists.newArrayList(); List<String> permissions = Lists.newArrayList();
List<GlobalPermission> globalPermissions = List<StoredAssignedPermission> globalPermissions =
securitySystem.getConfiguration().getGlobalPermissions(); securitySystem.getPermissions(new Predicate<AssignedPermission>()
for (GlobalPermission gp : globalPermissions)
{ {
if (isUserPermission(user, groups, gp))
@Override
public boolean apply(AssignedPermission input)
{
return isUserPermission(user, groups, input);
}
});
for (StoredAssignedPermission gp : globalPermissions)
{ {
if (logger.isTraceEnabled()) if (logger.isTraceEnabled())
{ {
@@ -526,7 +517,7 @@ public class ScmRealm extends AuthorizingRealm
} }
permissions.add(gp.getPermission()); permissions.add(gp.getPermission());
}
} }
return permissions; return permissions;