Permalink
Browse files

Created check for valid roles while setting descendant and assign roles

  • Loading branch information...
1 parent 927a8e6 commit 82f1ce92218ec735f229fa230cb998b600d27413 Himanshu Mishra committed Dec 7, 2012
@@ -19,9 +19,11 @@
import org.intalio.tempo.security.Property;
import org.intalio.tempo.security.authentication.AuthenticationException;
import org.intalio.tempo.security.rbac.RBACAdmin;
+import org.intalio.tempo.security.rbac.RBACConstants;
import org.intalio.tempo.security.rbac.RBACException;
import org.intalio.tempo.security.rbac.RoleNotFoundException;
import org.intalio.tempo.security.rbac.UserNotFoundException;
+import org.intalio.tempo.security.rbac.provider.RBACProvider;
import org.intalio.tempo.security.util.IdentifierUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -42,6 +44,7 @@ public SimpleRBACAdmin(String realm, SimpleSecurityProvider simpleSecurityProvid
@Override
public void addUser(String user, Property[] properties) throws RBACException, RemoteException {
+ checkValidRoles(properties);
OMDocument document = getDocumentElement();
LOG.debug("got document object");
addElement(USER, user, properties, document);
@@ -66,6 +69,7 @@ public void deleteUser(String user) throws RBACException, RemoteException {
@Override
public void addRole(String role, Property[] properties) throws RoleNotFoundException, RBACException, RemoteException {
+ checkValidRoles(properties);
OMDocument document = getDocumentElement();
addElement(ROLE, role, properties, document);
try {
@@ -136,6 +140,7 @@ public void addDescendant(String descendant, Property[] properties, String ascen
@Override
public void setUserProperties(String user, Property[] properties) throws UserNotFoundException, RBACException, RemoteException {
+ checkValidRoles(properties);
boolean passwordExists = false;
SimpleDatabase sd = _securityProvider.getDatabase();
String password = sd.getUser(_realm+"\\"+user).getPassword();
@@ -165,6 +170,7 @@ public void setUserProperties(String user, Property[] properties) throws UserNot
@Override
public void setRoleProperties(String role, Property[] properties) throws RoleNotFoundException, RBACException, RemoteException {
+ checkValidRoles(properties);
OMDocument document = deleteElement(ROLE, role);
addElement(ROLE, role, properties, document);
try {
@@ -263,4 +269,26 @@ private void addElement(String elementName, String elementValue, Property[] elem
}
}
+ private void checkValidRoles(Property[] props) throws RemoteException, RBACException {
+ for (Property prop : props) {
+ if (prop.getName().equals(RBACConstants.PROPERTY_ASSIGN_ROLES)
+ || prop.getName().equals(RBACConstants.PROPERTY_DESCENDANT_ROLE)) {
+ if (!checkRoleExists(prop.getValue().toString()))
+ throw new RBACException("Mentioned role: " + prop.getValue().toString() + " does not exists");
+ }
+ }
+ }
+
+ private boolean checkRoleExists(String role) throws RemoteException, RBACException {
+ boolean exists = true;
+ try {
+ Property[] props = _securityProvider.getRBACProvider(_realm).getQuery().roleProperties(role);
+ if (props == null || props.length == 0) {
+ exists = false;
+ }
+ } catch (RoleNotFoundException e) {
+ exists = false;
+ }
+ return exists;
+ }
}
@@ -47,7 +47,6 @@ public OMElement modifyUser(OMElement requestEl) throws AxisFault {
if (!checkUserExists(user, usersRBACProvider)) {
if (action.equals(RBACAdminConstants.ADD_ACTION)) {
Property[] props = request.getProperties(RBACAdminConstants.DETAILS);
- checkAssignedRoles(props, usersRBACProvider);
usersRBACAdmin.addUser(user, props);
} else if (action.equals(RBACAdminConstants.EDIT_ACTION)
|| action.equals(RBACAdminConstants.DELETE_ACTION)) {
@@ -58,10 +57,7 @@ public OMElement modifyUser(OMElement requestEl) throws AxisFault {
} else {
if (action.equals(RBACAdminConstants.EDIT_ACTION)) {
Property[] props = request.getProperties(RBACAdminConstants.DETAILS);
- synchronized (this) {
- checkAssignedRoles(props, usersRBACProvider);
- usersRBACAdmin.setUserProperties(user, props);
- }
+ usersRBACAdmin.setUserProperties(user, props);
} else if (action.equals(RBACAdminConstants.DELETE_ACTION)) {
usersRBACAdmin.deleteUser(user);
} else if (action.equals(RBACAdminConstants.ADD_ACTION)) {
@@ -385,15 +381,6 @@ private static boolean checkRoleExists(String role, RBACProvider usersRBACProvid
return exists;
}
- private static void checkAssignedRoles(Property[] props, RBACProvider usersRBACProvider) throws RemoteException, RBACException {
- for (Property prop : props) {
- if (prop.getName().equals("assignRole")) {
- if (!checkRoleExists(prop.getValue().toString(), usersRBACProvider))
- throw new RBACException("Assigned role:" + prop.getValue().toString() + " does not exists");
- }
- }
- }
-
private static OMElement elementProperty(String name, String Value) {
OMElement prop = element(RBACAdminConstants.PROPERTY);
prop.addChild(elementText(RBACAdminConstants.NAME, name));

0 comments on commit 82f1ce9

Please sign in to comment.