Skip to content

Commit

Permalink
fix shiro configuration - fix
Browse files Browse the repository at this point in the history 
Signed-off-by: riccardomodanese <riccardo.modanese@eurotech.com>
  • Loading branch information
@riccardomodanese @Coduz
riccardomodanese authored and Coduz committed Mar 24, 2020
1 parent edf1acc commit 9b5013c
Show file tree
Hide file tree
Showing 2 changed files with 40 additions and 17 deletions.
52 changes: 38 additions & 14 deletions ...-core/src/main/java/org/eclipse/kapua/broker/core/security/EnhModularRealmAuthorizer.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,10 @@
*******************************************************************************/
package org.eclipse.kapua.broker.core.security;

import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import java.util.stream.Collectors;

import org.apache.commons.collections.CollectionUtils;
import org.apache.shiro.authz.Authorizer;
Expand Down Expand Up @@ -44,27 +46,49 @@ public EnhModularRealmAuthorizer(Collection<Realm> realms) {
@Override
public boolean[] isPermitted(PrincipalCollection principals, List<Permission> permissions) {
assertRealmsConfigured();
if (CollectionUtils.isEmpty(permissions)) {
//return the first realm result
//the multiple realms case with aggregator should be handled or do we still have just one realm?
for (Realm realm : getRealms()) {
return ((Authorizer) realm).isPermitted(principals, permissions);
if (!CollectionUtils.isEmpty(permissions)) {
if (getRealms()!=null && getRealms().size()==1) {
return checkSingleRealm(principals, permissions);
}
else {
return checkMultipleRealms(principals, permissions);
}
}
return new boolean[0];
return new boolean[permissions.size()];
}

@Override
public boolean[] isPermitted(PrincipalCollection principals, String... permissions) {
assertRealmsConfigured();
if (permissions != null && permissions.length>0) {
//return the first realm result
//the multiple realms case with aggregator should be handled or do we still have just one realm?
for (Realm realm : getRealms()) {
return ((Authorizer) realm).isPermitted(principals, permissions);
}
return isPermitted(principals, Arrays.asList(permissions).stream()
.map(permission -> getPermissionResolver().resolvePermission(permission))
.collect(Collectors.toList()));
}

private boolean[] checkSingleRealm(PrincipalCollection principals, List<Permission> permissions) {
Realm realm = getRealms().iterator().next();
if (realm instanceof Authorizer) {
return ((Authorizer) getRealms().iterator().next()).isPermitted(principals, permissions);
}
else {
return new boolean[permissions.size()];
}
return new boolean[0];
}

private boolean[] checkMultipleRealms(PrincipalCollection principals, List<Permission> permissions) {
boolean[] results = new boolean[permissions.size()];
for (Realm realm : getRealms()) {
if (realm instanceof Authorizer) {
boolean allTrue = true;
boolean[] resultTmp = ((Authorizer) realm).isPermitted(principals, permissions);
for (int j=0; j<permissions.size(); j++) {
results[j] = results[j] || resultTmp[j];
allTrue = allTrue && results[j];
}
if (allTrue) {
break;
}
}
}
return results;
}
}
5 changes: 2 additions & 3 deletions ...src/main/java/org/eclipse/kapua/service/authorization/shiro/AuthorizationServiceImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
*******************************************************************************/
package org.eclipse.kapua.service.authorization.shiro;

import java.util.Arrays;
import java.util.List;
import java.util.stream.Collectors;

Expand Down Expand Up @@ -41,9 +42,7 @@ public boolean[] isPermitted(List<Permission> permissions) throws KapuaException
}
if (session.isTrustedMode()) {
boolean[] returnedPermissions = new boolean[permissions.size()];
for (int i=0; i<permissions.size(); i++) {
returnedPermissions[i] = true;
}
Arrays.fill(returnedPermissions, true);
return returnedPermissions;
}
else {
Expand Down

0 comments on commit 9b5013c

Please sign in to comment.