-
Notifications
You must be signed in to change notification settings - Fork 615
/
DenyStatement.java
45 lines (39 loc) · 1.56 KB
/
DenyStatement.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
package org.infinispan.cli.interpreter.statement;
import org.infinispan.cli.interpreter.logging.Log;
import org.infinispan.cli.interpreter.result.EmptyResult;
import org.infinispan.cli.interpreter.result.Result;
import org.infinispan.cli.interpreter.result.StatementException;
import org.infinispan.cli.interpreter.session.Session;
import org.infinispan.configuration.global.GlobalAuthorizationConfiguration;
import org.infinispan.security.impl.ClusterRoleMapper;
import org.infinispan.util.logging.LogFactory;
/**
*
* DenyStatement removes a role mapping from a user
*
* @author Tristan Tarrant
* @since 7.0
*/
public class DenyStatement implements Statement {
private static final Log log = LogFactory.getLog(DenyStatement.class, Log.class);
private final String principalName;
private final String roleName;
public DenyStatement(String roleName, String principalName) {
this.roleName = roleName;
this.principalName = principalName;
}
@Override
public Result execute(Session session) throws StatementException {
GlobalAuthorizationConfiguration gac =
SecurityActions.getCacheManagerConfiguration(session.getCacheManager()).security().authorization();
if (!gac.enabled()) {
throw log.authorizationNotEnabledOnContainer();
}
if (!(gac.principalRoleMapper() instanceof ClusterRoleMapper)) {
throw log.noClusterPrincipalMapper("DENY");
}
ClusterRoleMapper cpm = (ClusterRoleMapper) gac.principalRoleMapper();
cpm.deny(roleName, principalName);
return EmptyResult.RESULT;
}
}