jomu/shared
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases 7 Activity

started to introduce permission checks into controller

Browse Source
This commit is contained in:
Joern Muehlencord
2018-11-22 14:53:46 +01:00
parent 8c11d3424e
commit 79c9ab623c
20 changed files with 925 additions and 606 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
account/src/main/java/de/muehlencord/shared/account/business/account/boundary/AccountPermissions.java Normal file
View File

@ -0,0 +1,41 @@
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package de.muehlencord.shared.account.business.account.boundary;
import de.muehlencord.shared.account.util.Permission;
/**
*
* @author Joern Muehlencord <joern at muehlencord.de>
*/
public enum AccountPermissions implements Permission {
ACCOUNT_ADD("account:add", "Allow to create a new account"),
ACCOUNT_EDIT ("account:edit", "Allow to edit an existing account"),
ACCOUNT_DELETE("account:delete", "Allow to delete an existing account"),
ACCOUNT_LOGIN_ADD ("account:login:add", "Allow to create a login for a user"),
ACCOUNT_LOGIN_EDIT ("account:login:edit", "Allow to change a login for a user"),
ACCOUNT_LOGIN_DELETE ("account:login:delete", "Allow to delete a login for a user");
private final String name;
private final String description;
private AccountPermissions(String permissionName, String permissionDesc) {
this.name = permissionName;
this.description = permissionDesc;
}
@Override
public String getName() {
return name;
}
@Override
public String getDescription() {
return description;
}
}

31
account/src/main/java/de/muehlencord/shared/account/business/account/boundary/AccountProducer.java
View File

@ -22,11 +22,15 @@ import java.util.Locale;
import java.util.Map; import java.util.Map;
import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.ConcurrentHashMap;
import javax.annotation.ManagedBean; import javax.annotation.ManagedBean;
import javax.annotation.PostConstruct;
import javax.ejb.EJB; import javax.ejb.EJB;
import javax.enterprise.context.SessionScoped; import javax.enterprise.context.SessionScoped;
import javax.enterprise.inject.Produces; import javax.enterprise.inject.Produces;
import javax.faces.context.FacesContext;
import org.apache.shiro.SecurityUtils; import org.apache.shiro.SecurityUtils;
import org.apache.shiro.subject.Subject; import org.apache.shiro.subject.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/** /**
* *
@ -36,6 +40,7 @@ import org.apache.shiro.subject.Subject;
@SessionScoped @SessionScoped
public class AccountProducer implements Serializable { public class AccountProducer implements Serializable {
private static final Logger LOGGER = LoggerFactory.getLogger(AccountProducer.class);
private static final long serialVersionUID = -3806204732038165311L; private static final long serialVersionUID = -3806204732038165311L;
private final Map<String, Object> objectMap = new ConcurrentHashMap<>(); private final Map<String, Object> objectMap = new ConcurrentHashMap<>();
@ -43,6 +48,24 @@ public class AccountProducer implements Serializable {
AccountControl accountController; AccountControl accountController;
private Account account = null; private Account account = null;
private Locale locale = null;
@PostConstruct
public void init() {
FacesContext currentInstance = FacesContext.getCurrentInstance();
if (currentInstance == null) {
locale = Locale.ENGLISH;
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("Using default locale {}", locale);
}
} else {
locale = currentInstance.getExternalContext().getRequestLocale();
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("Using browser locale {}", locale);
}
}
}
@Produces @Produces
public Account getAccount() { public Account getAccount() {
@ -59,10 +82,12 @@ public class AccountProducer implements Serializable {
accountName = subject.getPrincipal().toString(); accountName = subject.getPrincipal().toString();
} }
account = accountController.getAccountEntity(accountName, true); account = accountController.getAccountEntity(accountName, true);
// TODO introduce locale support to account and switch
// to pre-defined locale if set
} }
return account; return account;
} }
public <T> T getValue(String key, Class<T> clazz) { public <T> T getValue(String key, Class<T> clazz) {
if (objectMap.containsKey(key)) { if (objectMap.containsKey(key)) {
Object obj = objectMap.get(key); Object obj = objectMap.get(key);
@ -82,10 +107,10 @@ public class AccountProducer implements Serializable {
public void setValue(String key, Object obj) { public void setValue(String key, Object obj) {
objectMap.put(key, obj); objectMap.put(key, obj);
} }
@Produces @Produces
public Locale getLocale() { public Locale getLocale() {
return Locale.ENGLISH; // TODO depend lcoale on account or on incoming request return locale;
} }
} }

2
account/src/main/java/de/muehlencord/shared/account/business/account/control/AccountControl.java
View File

@ -6,7 +6,7 @@ import de.muehlencord.shared.account.business.mail.entity.MailException;
import de.muehlencord.shared.account.business.mail.boundary.MailService; import de.muehlencord.shared.account.business.mail.boundary.MailService;
import de.muehlencord.shared.account.business.account.entity.AccountEntity; import de.muehlencord.shared.account.business.account.entity.AccountEntity;
import de.muehlencord.shared.account.business.account.entity.AccountLoginEntity; import de.muehlencord.shared.account.business.account.entity.AccountLoginEntity;
import de.muehlencord.shared.account.business.account.entity.ApplicationRoleEntity; import de.muehlencord.shared.account.business.application.entity.ApplicationRoleEntity;
import de.muehlencord.shared.account.business.application.entity.ApplicationEntity; import de.muehlencord.shared.account.business.application.entity.ApplicationEntity;
import de.muehlencord.shared.account.util.AccountPU; import de.muehlencord.shared.account.util.AccountPU;
import de.muehlencord.shared.account.util.SecurityUtil; import de.muehlencord.shared.account.util.SecurityUtil;

36
account/src/main/java/de/muehlencord/shared/account/business/account/entity/Account.java
View File

@ -1,18 +1,18 @@
/* /*
* To change this license header, choose License Headers in Project Properties. * To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates * To change this template file, choose Tools | Templates
* and open the template in the editor. * and open the template in the editor.
*/ */
package de.muehlencord.shared.account.business.account.entity; package de.muehlencord.shared.account.business.account.entity;
/** /**
* *
* @author Joern Muehlencord <joern at muehlencord.de> * @author Joern Muehlencord <joern at muehlencord.de>
*/ */
public interface Account { public interface Account {
String getUsername(); String getUsername();
String getFirstname(); String getFirstname();
String getLastname(); String getLastname();
} }

3
account/src/main/java/de/muehlencord/shared/account/business/account/entity/AccountEntity.java
View File

@ -1,5 +1,6 @@
package de.muehlencord.shared.account.business.account.entity; package de.muehlencord.shared.account.business.account.entity;
import de.muehlencord.shared.account.business.application.entity.ApplicationRoleEntity;
import de.muehlencord.shared.account.business.config.entity.ConfigEntity; import de.muehlencord.shared.account.business.config.entity.ConfigEntity;
import java.io.Serializable; import java.io.Serializable;
import java.util.ArrayList; import java.util.ArrayList;
@ -123,7 +124,7 @@ public class AccountEntity implements Serializable, Account {
} }
applicationRoleList.add(applicationRole); applicationRoleList.add(applicationRole);
} }
/* **** getter / setter **** */ /* **** getter / setter **** */
public UUID getId() { public UUID getId() {
return id; return id;

41
account/src/main/java/de/muehlencord/shared/account/business/application/boundary/ApplicationPermissions.java Normal file
View File

@ -0,0 +1,41 @@
package de.muehlencord.shared.account.business.application.boundary;
import de.muehlencord.shared.account.util.Permission;
/**
*
* @author Joern Muehlencord <joern at muehlencord.de>
*/
public enum ApplicationPermissions implements Permission {
APP_LISTALL("application:listall", "Allows to list all avaiable applications"),
APP_ADD("application:add", "Allow to add a new application"),
APP_EDIT("application:edit", "Allow to edit an application"),
APP_DELETE("application:delete", "Allow to delete an application"),
PERMISSION_ADD("permission:add", "Allow to add a permission to an application"),
PERMISSION_EDIT("permission:edit", "Allow to edit a permission"),
PERMISSION_DELETE("permmission:delete", "Allow to delete a permission"),
ROLE_ADD("role:add", "Allow to add a role to an application"),
ROLE_EDIT("role:edit", "Allow to edit a role"),
ROLE_DELETE("role:delete", "Allow to delete a role"),
ROLE_PERMISSION_ASSIGN("role:permission:assign", "Allow to assign a permission to role"),
ROLE_PERMISSION_REVOKE("role:permission:revoke", "All ow to revoke a permission from a role");
private final String name;
private final String description;
private ApplicationPermissions(String permissionName, String permissionDesc) {
this.name = permissionName;
this.description = permissionDesc;
}
@Override
public String getName() {
return name;
}
@Override
public String getDescription() {
return description;
}
}

5
account/src/main/java/de/muehlencord/shared/account/business/application/boundary/ApplicationService.java
View File

@ -2,6 +2,8 @@ package de.muehlencord.shared.account.business.application.boundary;
import de.muehlencord.shared.account.business.application.entity.ApplicationEntity; import de.muehlencord.shared.account.business.application.entity.ApplicationEntity;
import de.muehlencord.shared.account.util.AccountPU; import de.muehlencord.shared.account.util.AccountPU;
import de.muehlencord.shared.account.util.AccountSecurityException;
import de.muehlencord.shared.account.util.SecurityUtil;
import java.io.Serializable; import java.io.Serializable;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;
@ -32,7 +34,8 @@ public class ApplicationService implements Serializable {
return em.find(ApplicationEntity.class, id); return em.find(ApplicationEntity.class, id);
} }
public List<ApplicationEntity> getAllApplications() { public List<ApplicationEntity> getAllApplications() throws AccountSecurityException {
SecurityUtil.checkPermission(ApplicationPermissions.APP_LISTALL, ApplicationServiceError.LISTALL_DENIED);
Query query = em.createNamedQuery("ApplicationEntity.findAll"); Query query = em.createNamedQuery("ApplicationEntity.findAll");
List<ApplicationEntity> resultList = query.getResultList(); List<ApplicationEntity> resultList = query.getResultList();
if (resultList == null) { if (resultList == null) {

31
account/src/main/java/de/muehlencord/shared/account/business/application/boundary/ApplicationServiceError.java Normal file
View File

@ -0,0 +1,31 @@
package de.muehlencord.shared.account.business.application.boundary;
import de.muehlencord.shared.account.util.SecurityError;
/**
*
* @author Joern Muehlencord <joern at muehlencord.de>
*/
public enum ApplicationServiceError implements SecurityError {
LISTALL_DENIED("1000", "listall_denied");
private final String errorCode;
private final String messageKey;
private ApplicationServiceError(String errorCode, String messageKey) {
this.errorCode = errorCode;
this.messageKey = messageKey;
}
@Override
public String getErrorCode() {
return errorCode;
}
@Override
public String getMessageKey() {
return messageKey;
}
}

244
account/src/main/java/de/muehlencord/shared/account/business/application/control/ApplicationPermissionControl.java
View File

@ -1,102 +1,142 @@
package de.muehlencord.shared.account.business.application.control; package de.muehlencord.shared.account.business.application.control;
import de.muehlencord.shared.account.business.account.entity.AccountException; import de.muehlencord.shared.account.business.account.entity.AccountException;
import de.muehlencord.shared.account.business.account.entity.ApplicationPermissionEntity; import de.muehlencord.shared.account.business.application.entity.ApplicationEntity;
import de.muehlencord.shared.account.business.application.entity.ApplicationEntity; import de.muehlencord.shared.account.business.application.entity.ApplicationPermissionEntity;
import de.muehlencord.shared.account.util.AccountPU; import de.muehlencord.shared.account.util.AccountPU;
import java.io.Serializable; import de.muehlencord.shared.account.util.Permission;
import javax.ejb.Stateless; import java.io.Serializable;
import javax.persistence.EntityManager; import java.util.ArrayList;
import java.util.List; import java.util.List;
import java.util.ArrayList; import javax.ejb.Stateless;
import javax.inject.Inject; import javax.inject.Inject;
import javax.persistence.OptimisticLockException; import javax.persistence.EntityManager;
import javax.persistence.Query; import javax.persistence.OptimisticLockException;
import javax.transaction.Transactional; import javax.persistence.Query;
import javax.transaction.Transactional;
/** import org.slf4j.Logger;
* import org.slf4j.LoggerFactory;
* @author Joern Muehlencord <joern at muehlencord.de>
*/ /**
@Stateless *
public class ApplicationPermissionControl implements Serializable { * @author Joern Muehlencord <joern at muehlencord.de>
*/
private static final long serialVersionUID = -3761100587901739481L; @Stateless
public class ApplicationPermissionControl implements Serializable {
@Inject
@AccountPU private static final long serialVersionUID = -3761100587901739481L;
EntityManager em; private static final Logger LOGGER = LoggerFactory.getLogger(ApplicationPermissionControl.class);
public List<ApplicationPermissionEntity> getApplicationPermissions(ApplicationEntity app) { @Inject
Query query = em.createNamedQuery("ApplicationPermissionEntity.findAll"); @AccountPU
query.setParameter("application", app); EntityManager em;
List<ApplicationPermissionEntity> permissionList = query.getResultList();
if (permissionList == null) { @Inject
return new ArrayList<>(); ApplicationEntity application;
} else {
return permissionList; public List<ApplicationPermissionEntity> getApplicationPermissions(ApplicationEntity app) {
} Query query = em.createNamedQuery("ApplicationPermissionEntity.findAll");
} query.setParameter("application", app);
List<ApplicationPermissionEntity> permissionList = query.getResultList();
public ApplicationPermissionEntity findPermissionByName(ApplicationEntity application, String permissionName) { if (permissionList == null) {
Query query = em.createNamedQuery("ApplicationPermissionEntity.findByPermissionName"); return new ArrayList<>();
query.setParameter("application", application); } else {
query.setParameter("permissionName", permissionName); return permissionList;
List<ApplicationPermissionEntity> resultList = query.getResultList(); }
if ((resultList == null) || (resultList.isEmpty())) { }
return null;
} else { public ApplicationPermissionEntity findPermissionByName(ApplicationEntity application, String permissionName) {
return resultList.get(0); Query query = em.createNamedQuery("ApplicationPermissionEntity.findByPermissionName");
} query.setParameter("application", application);
} query.setParameter("permissionName", permissionName);
List<ApplicationPermissionEntity> resultList = query.getResultList();
@Transactional if ((resultList == null) || (resultList.isEmpty())) {
public void create(ApplicationEntity application, String name, String description) { return null;
ApplicationPermissionEntity permission = new ApplicationPermissionEntity(application, name, description); } else {
em.persist(permission); return resultList.get(0);
} }
}
@Transactional
public void update(ApplicationPermissionEntity permission) throws AccountException { @Transactional
ApplicationPermissionEntity existing = attach(permission); public void create(ApplicationEntity application, String name, String description) {
em.merge(existing); ApplicationPermissionEntity permission = new ApplicationPermissionEntity(application, name, description);
} em.persist(permission);
}
@Transactional
public void createOrUpdate(ApplicationEntity application, String name, String description) { @Transactional
ApplicationPermissionEntity permission = findByName(application, name); public void update(ApplicationPermissionEntity permission) throws AccountException {
if (permission == null) { ApplicationPermissionEntity existing = attach(permission);
permission = new ApplicationPermissionEntity(name, description); em.merge(existing);
em.persist(permission); }
} else {
permission.setPermissionDescription(description); @Transactional
em.merge(permission); public void createOrUpdate(ApplicationEntity application, String name, String description) {
} ApplicationPermissionEntity permission = findByName(application, name);
} if (permission == null) {
permission = new ApplicationPermissionEntity(name, description);
@Transactional em.persist(permission);
public void delete(ApplicationPermissionEntity permission) throws AccountException { } else {
ApplicationPermissionEntity existingPermission = attach(permission); permission.setPermissionDescription(description);
em.remove(existingPermission); em.merge(permission);
} }
}
public ApplicationPermissionEntity attach(ApplicationPermissionEntity permission) throws AccountException {
try { @Transactional
return em.merge(permission); public void delete(ApplicationPermissionEntity permission) throws AccountException {
} catch (OptimisticLockException ex) { ApplicationPermissionEntity existingPermission = attach(permission);
throw new AccountException("Entity updated / deleted, please reload", true); em.remove(existingPermission);
} }
}
public ApplicationPermissionEntity attach(ApplicationPermissionEntity permission) throws AccountException {
private ApplicationPermissionEntity findByName(ApplicationEntity application, String name) { try {
Query query = em.createNamedQuery("ApplicationPermissionEntity.findByPermissionName"); return em.merge(permission);
query.setParameter("application", application); } catch (OptimisticLockException ex) {
query.setParameter("permissionName", name); throw new AccountException("Entity updated / deleted, please reload", true);
List<ApplicationPermissionEntity> permissions = query.getResultList(); }
if ((permissions == null) || (permissions.isEmpty())) { }
return null;
} else { private ApplicationPermissionEntity findByName(ApplicationEntity application, String name) {
return permissions.get(0); Query query = em.createNamedQuery("ApplicationPermissionEntity.findByPermissionName");
} query.setParameter("application", application);
} query.setParameter("permissionName", name);
} List<ApplicationPermissionEntity> permissions = query.getResultList();
if ((permissions == null) || (permissions.isEmpty())) {
return null;
} else {
return permissions.get(0);
}
}
@Transactional
public void setupPermissions(List<Permission> permissions) {
for (Permission permission : permissions) {
ApplicationPermissionEntity existingPermission = findByName(application, permission.getName());
if (existingPermission == null) {
// permission not available, create it
LOGGER.info("missing permission {} of {}", permission.getName(), application.getApplicationName());
existingPermission = new ApplicationPermissionEntity(permission.getName(), permission.getDescription());
existingPermission.setApplication(application);
em.persist(existingPermission);
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("missing permission {} added to {}", permission.getName(), application.getApplicationName());
}
} else {
if (existingPermission.getPermissionDescription().equals(permission.getDescription())) {
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("Permission {} for {} already exists, skipping", permission.getName(), application.getApplicationName());
}
} else {
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("description of permssion {} for {} differs, resetting to orignal value {}", permission.getName(), application.getApplicationName(), permission.getDescription());
}
existingPermission.setPermissionDescription(permission.getDescription());
em.merge (existingPermission);
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("updated permission description {} for {}", permission.getName(), application.getApplicationName());
}
}
}
}
}
}

341
account/src/main/java/de/muehlencord/shared/account/business/application/control/ApplicationRoleControl.java
View File

@ -1,150 +1,191 @@
/* /*
* To change this license header, choose License Headers in Project Properties. * To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates * To change this template file, choose Tools | Templates
* and open the template in the editor. * and open the template in the editor.
*/ */
package de.muehlencord.shared.account.business.application.control; package de.muehlencord.shared.account.business.application.control;
import de.muehlencord.shared.account.business.account.entity.AccountException; import de.muehlencord.shared.account.business.account.entity.AccountException;
import de.muehlencord.shared.account.business.account.entity.ApplicationPermissionEntity; import de.muehlencord.shared.account.business.application.entity.ApplicationEntity;
import de.muehlencord.shared.account.business.account.entity.ApplicationRoleEntity; import de.muehlencord.shared.account.business.application.entity.ApplicationPermissionEntity;
import de.muehlencord.shared.account.business.application.entity.ApplicationEntity; import de.muehlencord.shared.account.business.application.entity.ApplicationRoleEntity;
import de.muehlencord.shared.account.util.AccountPU; import de.muehlencord.shared.account.util.AccountPU;
import java.io.Serializable; import de.muehlencord.shared.account.util.Permission;
import java.util.ArrayList; import java.io.Serializable;
import java.util.List; import java.util.ArrayList;
import javax.ejb.EJB; import java.util.List;
import javax.ejb.Stateless; import javax.ejb.EJB;
import javax.inject.Inject; import javax.ejb.Stateless;
import javax.persistence.EntityManager; import javax.inject.Inject;
import javax.persistence.OptimisticLockException; import javax.persistence.EntityManager;
import javax.persistence.Query; import javax.persistence.OptimisticLockException;
import javax.transaction.Transactional; import javax.persistence.Query;
import org.slf4j.Logger; import javax.transaction.Transactional;
import org.slf4j.LoggerFactory; import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* /**
* @author Joern Muehlencord <joern at muehlencord.de> *
*/ * @author Joern Muehlencord <joern at muehlencord.de>
@Stateless */
public class ApplicationRoleControl implements Serializable { @Stateless
public class ApplicationRoleControl implements Serializable {
private static final long serialVersionUID = 5962478269550134748L;
private static final Logger LOGGER = LoggerFactory.getLogger(ApplicationRoleControl.class); private static final long serialVersionUID = 5962478269550134748L;
private static final Logger LOGGER = LoggerFactory.getLogger(ApplicationRoleControl.class);
@EJB
ApplicationPermissionControl applicationPermissionControl; @EJB
ApplicationPermissionControl applicationPermissionControl;
@Inject
@AccountPU @Inject
EntityManager em; @AccountPU
EntityManager em;
public List<ApplicationRoleEntity> getAllRoles(ApplicationEntity app) {
Query query = em.createNamedQuery("ApplicationRoleEntity.findAll"); @Inject
query.setParameter("application", app); ApplicationEntity application;
List<ApplicationRoleEntity> roles = query.getResultList(); // TODO requires special role to maintain role for other allication
if (roles == null) { public List<ApplicationRoleEntity> getAllRoles(ApplicationEntity app) {
return new ArrayList<>(); Query query = em.createNamedQuery("ApplicationRoleEntity.findAll");
} else { query.setParameter("application", app);
return roles;
} List<ApplicationRoleEntity> roles = query.getResultList();
} if (roles == null) {
return new ArrayList<>();
@Transactional } else {
public void createOrUpdate(ApplicationEntity application, String name, String description) { return roles;
ApplicationRoleEntity role = findByName(application, name); }
if (role == null) { }
role = new ApplicationRoleEntity(application, name, description);
em.persist(role); @Transactional
} else { // TODO requires special role to maintain role for other allication
role.setRoleDescription(description); public void createOrUpdate(ApplicationEntity app, String name, String description) {
em.merge(role); ApplicationRoleEntity role = findByName(app, name);
} if (role == null) {
} role = new ApplicationRoleEntity(app, name, description);
em.persist(role);
@Transactional } else {
public void create(ApplicationRoleEntity role) { role.setRoleDescription(description);
em.persist(role); em.merge(role);
} }
}
@Transactional
public void update(ApplicationRoleEntity role) { @Transactional
em.merge(role); // TODO requires special role to maintain role for other allication
} public void create(ApplicationRoleEntity role) {
em.persist(role);
@Transactional }
public void delete(ApplicationRoleEntity role) throws AccountException {
ApplicationRoleEntity existingRole = attach(role); @Transactional
em.remove(existingRole); // TODO requires special role to maintain role for other allication
} public void update(ApplicationRoleEntity role) {
em.merge(role);
public ApplicationRoleEntity attach(ApplicationRoleEntity role) throws AccountException { }
try {
return em.merge(role); @Transactional
} catch (OptimisticLockException ex) { // TODO requires special role to maintain role for other allication
throw new AccountException("Entity updated / deleted, please reload", true); public void delete(ApplicationRoleEntity role) throws AccountException {
} ApplicationRoleEntity existingRole = attach(role);
} em.remove(existingRole);
}
public ApplicationRoleEntity findByName(ApplicationEntity application, String name) {
Query query = em.createNamedQuery("ApplicationRoleEntity.findByRoleName"); public ApplicationRoleEntity attach(ApplicationRoleEntity role) throws AccountException {
query.setParameter("application", application); try {
query.setParameter("roleName", name); return em.merge(role);
List<ApplicationRoleEntity> permissions = query.getResultList(); } catch (OptimisticLockException ex) {
if ((permissions == null) || (permissions.isEmpty())) { throw new AccountException("Entity updated / deleted, please reload", true);
return null; }
} else { }
return permissions.get(0);
} public ApplicationRoleEntity findByName(ApplicationEntity application, String name) {
} Query query = em.createNamedQuery("ApplicationRoleEntity.findByRoleName");
query.setParameter("application", application);
public List<ApplicationPermissionEntity> getRolePermissions(ApplicationRoleEntity role) throws AccountException { query.setParameter("roleName", name);
ApplicationRoleEntity existingRole = em.find(ApplicationRoleEntity.class, role.getId()); List<ApplicationRoleEntity> permissions = query.getResultList();
List<ApplicationPermissionEntity> permissions = existingRole.getApplicationPermissionList(); if ((permissions == null) || (permissions.isEmpty())) {
permissions.size(); // force list to load return null;
return permissions; } else {
} return permissions.get(0);
}
public List<ApplicationPermissionEntity> getNotAssignedApplicationPermissions(ApplicationRoleEntity role) { }
try {
List<ApplicationPermissionEntity> rolePermissions = getRolePermissions(role); public List<ApplicationPermissionEntity> getRolePermissions(ApplicationRoleEntity role) throws AccountException {
List<ApplicationPermissionEntity> allPermssions = applicationPermissionControl.getApplicationPermissions(role.getApplication()); ApplicationRoleEntity existingRole = em.find(ApplicationRoleEntity.class, role.getId());
List<ApplicationPermissionEntity> permissions = existingRole.getApplicationPermissionList();
List<ApplicationPermissionEntity> missingPermissions = new ArrayList<>(); permissions.size(); // force list to load
allPermssions.stream().filter((perm) -> (!rolePermissions.contains(perm))).forEachOrdered((perm) -> { return permissions;
missingPermissions.add(perm); }
});
return missingPermissions; public List<ApplicationPermissionEntity> getNotAssignedApplicationPermissions(ApplicationRoleEntity role) {
} catch (AccountException ex) { try {
if (LOGGER.isDebugEnabled()) { List<ApplicationPermissionEntity> rolePermissions = getRolePermissions(role);
LOGGER.debug(ex.toString(), ex); List<ApplicationPermissionEntity> allPermssions = applicationPermissionControl.getApplicationPermissions(role.getApplication());
} else {
LOGGER.debug(ex.toString()); List<ApplicationPermissionEntity> missingPermissions = new ArrayList<>();
} allPermssions.stream().filter((perm) -> (!rolePermissions.contains(perm))).forEachOrdered((perm) -> {
return null; missingPermissions.add(perm);
} });
return missingPermissions;
} } catch (AccountException ex) {
if (LOGGER.isDebugEnabled()) {
@Transactional LOGGER.debug(ex.toString(), ex);
public void addPermission(ApplicationRoleEntity role, ApplicationPermissionEntity permission) throws AccountException { } else {
ApplicationRoleEntity existingRole = attach(role); LOGGER.debug(ex.toString());
if (existingRole.getApplicationPermissionList() == null) { }
existingRole.setApplicationPermissionList(new ArrayList<>()); return null;
} }
existingRole.getApplicationPermissionList().add(permission);
em.merge(role); }
}
@Transactional
@Transactional // TODO requires special role to maintain role for other allication
public void removePermission(ApplicationRoleEntity role, ApplicationPermissionEntity permission) throws AccountException { public void addPermission(ApplicationRoleEntity role, ApplicationPermissionEntity permission) throws AccountException {
ApplicationRoleEntity existingRole = attach(role); ApplicationRoleEntity existingRole = attach(role);
if ((existingRole.getApplicationPermissionList() != null) && (existingRole.getApplicationPermissionList().contains(permission))) { if (existingRole.getApplicationPermissionList() == null) {
existingRole.getApplicationPermissionList().remove(permission); existingRole.setApplicationPermissionList(new ArrayList<>());
} }
em.merge(role); existingRole.getApplicationPermissionList().add(permission);
} em.merge(role);
}
}
@Transactional
// TODO requires special role to maintain role for other allication
public void removePermission(ApplicationRoleEntity role, ApplicationPermissionEntity permission) throws AccountException {
ApplicationRoleEntity existingRole = attach(role);
if ((existingRole.getApplicationPermissionList() != null) && (existingRole.getApplicationPermissionList().contains(permission))) {
existingRole.getApplicationPermissionList().remove(permission);
}
em.merge(role);
}
@Transactional
public void setupRolePermission(List<Permission> permissions, String roleName) throws AccountException {
ApplicationRoleEntity role = findByName(application, roleName);
if (role == null) {
LOGGER.error("A role with name " + roleName + " is not defined for application " + application.getApplicationName());
} else {
for (Permission permission : permissions) {
ApplicationPermissionEntity existingPermission = applicationPermissionControl.findPermissionByName(application, permission.getName());
if (existingPermission == null) {
LOGGER.error("Required permission " + permission.getName() + " of application " + application.getApplicationName() + " does not exist. Ensure to call setupPermissions first");
} else {
if (role.getApplicationPermissionList().contains(existingPermission)) {
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("Permission {} already assigned to role {} of {}, skipping", permission.getName(), roleName, application.getApplicationName());
}
} else {
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("Permission {} not assigned to role {} of {}", permission.getName(), roleName, application.getApplicationName());
}
addPermission(role, existingPermission);
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("Added permission {} to role {} of {}", permission.getName(), roleName, application.getApplicationName());
}
}
}
}
}
}
}

2
account/src/main/java/de/muehlencord/shared/account/business/application/entity/ApplicationEntity.java
View File

@ -1,7 +1,5 @@
package de.muehlencord.shared.account.business.application.entity; package de.muehlencord.shared.account.business.application.entity;
import de.muehlencord.shared.account.business.account.entity.ApplicationPermissionEntity;
import de.muehlencord.shared.account.business.account.entity.ApplicationRoleEntity;
import de.muehlencord.shared.account.business.config.entity.ConfigEntity; import de.muehlencord.shared.account.business.config.entity.ConfigEntity;
import java.io.Serializable; import java.io.Serializable;
import java.util.List; import java.util.List;

316
account/src/main/java/de/muehlencord/shared/account/business/account/entity/ApplicationPermissionEntity.java → account/src/main/java/de/muehlencord/shared/account/business/application/entity/ApplicationPermissionEntity.java
View File

@ -1,158 +1,158 @@
package de.muehlencord.shared.account.business.account.entity; package de.muehlencord.shared.account.business.application.entity;
import de.muehlencord.shared.account.business.application.entity.ApplicationEntity; import de.muehlencord.shared.account.business.application.entity.ApplicationEntity;
import java.io.Serializable; import java.io.Serializable;
import java.util.List; import java.util.List;
import java.util.UUID; import java.util.UUID;
import javax.persistence.Basic; import javax.persistence.Basic;
import javax.persistence.Column; import javax.persistence.Column;
import javax.persistence.Entity; import javax.persistence.Entity;
import javax.persistence.GeneratedValue; import javax.persistence.GeneratedValue;
import javax.persistence.Id; import javax.persistence.Id;
import javax.persistence.JoinColumn; import javax.persistence.JoinColumn;
import javax.persistence.ManyToMany; import javax.persistence.ManyToMany;
import javax.persistence.ManyToOne; import javax.persistence.ManyToOne;
import javax.persistence.NamedQueries; import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery; import javax.persistence.NamedQuery;
import javax.persistence.Table; import javax.persistence.Table;
import javax.validation.constraints.NotNull; import javax.validation.constraints.NotNull;
import javax.validation.constraints.Size; import javax.validation.constraints.Size;
import javax.xml.bind.annotation.XmlRootElement; import javax.xml.bind.annotation.XmlRootElement;
import javax.xml.bind.annotation.XmlTransient; import javax.xml.bind.annotation.XmlTransient;
import org.hibernate.annotations.GenericGenerator; import org.hibernate.annotations.GenericGenerator;
import org.hibernate.annotations.Type; import org.hibernate.annotations.Type;
/** /**
* *
* @author joern.muehlencord * @author joern.muehlencord
*/ */
@Entity @Entity
@Table(name = "application_permission") @Table(name = "application_permission")
@XmlRootElement @XmlRootElement
@NamedQueries({ @NamedQueries({
@NamedQuery(name = "ApplicationPermissionEntity.findAll", query = "SELECT a FROM ApplicationPermissionEntity a WHERE a.application=:application order by a.permissionName"), @NamedQuery(name = "ApplicationPermissionEntity.findAll", query = "SELECT a FROM ApplicationPermissionEntity a WHERE a.application=:application order by a.permissionName"),
@NamedQuery(name = "ApplicationPermissionEntity.findNotAssigned", query = "SELECT a FROM ApplicationPermissionEntity a LEFT OUTER JOIN a.applicationRoles r WHERE a.application=:application AND r NOT IN :permissions"), @NamedQuery(name = "ApplicationPermissionEntity.findNotAssigned", query = "SELECT a FROM ApplicationPermissionEntity a LEFT OUTER JOIN a.applicationRoles r WHERE a.application=:application AND r NOT IN :permissions"),
@NamedQuery(name = "ApplicationPermissionEntity.findByPermissionName", query = "SELECT a FROM ApplicationPermissionEntity a WHERE a.application=:application AND a.permissionName = :permissionName"), @NamedQuery(name = "ApplicationPermissionEntity.findByPermissionName", query = "SELECT a FROM ApplicationPermissionEntity a WHERE a.application=:application AND a.permissionName = :permissionName"),
@NamedQuery(name = "ApplicationPermissionEntity.findByPermissionDescription", query = "SELECT a FROM ApplicationPermissionEntity a WHERE a.application=:application AND a.permissionDescription = :permissionDescription")}) @NamedQuery(name = "ApplicationPermissionEntity.findByPermissionDescription", query = "SELECT a FROM ApplicationPermissionEntity a WHERE a.application=:application AND a.permissionDescription = :permissionDescription")})
public class ApplicationPermissionEntity implements Serializable { public class ApplicationPermissionEntity implements Serializable {
private static final long serialVersionUID = -8985982754544829534L; private static final long serialVersionUID = -8985982754544829534L;
@Id @Id
@Basic(optional = false) @Basic(optional = false)
@NotNull @NotNull
@Column(name = "id") @Column(name = "id")
@GeneratedValue(generator = "uuid2") @GeneratedValue(generator = "uuid2")
@GenericGenerator(name = "uuid2", strategy = "uuid2") @GenericGenerator(name = "uuid2", strategy = "uuid2")
@Type(type = "pg-uuid") @Type(type = "pg-uuid")
private UUID id; private UUID id;
@Basic(optional = false) @Basic(optional = false)
@NotNull @NotNull
@Size(min = 1, max = 80) @Size(min = 1, max = 80)
@Column(name = "permission_name") @Column(name = "permission_name")
private String permissionName; private String permissionName;
@Basic(optional = false) @Basic(optional = false)
@NotNull @NotNull
@Size(min = 1, max = 200) @Size(min = 1, max = 200)
@Column(name = "permission_description") @Column(name = "permission_description")
private String permissionDescription; private String permissionDescription;
@JoinColumn(name = "application", referencedColumnName = "id") @JoinColumn(name = "application", referencedColumnName = "id")
@ManyToOne(optional = false) @ManyToOne(optional = false)
private ApplicationEntity application; private ApplicationEntity application;
@ManyToMany(mappedBy = "applicationPermissionList") @ManyToMany(mappedBy = "applicationPermissionList")
private List<ApplicationRoleEntity> applicationRoles; private List<ApplicationRoleEntity> applicationRoles;
public ApplicationPermissionEntity() { public ApplicationPermissionEntity() {
} }
public ApplicationPermissionEntity(UUID id) { public ApplicationPermissionEntity(UUID id) {
this.id = id; this.id = id;
} }
public ApplicationPermissionEntity(String permissionName, String permissionDescription) { public ApplicationPermissionEntity(String permissionName, String permissionDescription) {
this.id = null; this.id = null;
this.permissionName = permissionName; this.permissionName = permissionName;
this.permissionDescription = permissionDescription; this.permissionDescription = permissionDescription;
} }
public ApplicationPermissionEntity(ApplicationEntity application, String permissionName, String permissionDescription) { public ApplicationPermissionEntity(ApplicationEntity application, String permissionName, String permissionDescription) {
this.id = null; this.id = null;
this.application = application; this.application = application;
this.permissionName = permissionName; this.permissionName = permissionName;
this.permissionDescription = permissionDescription; this.permissionDescription = permissionDescription;
} }
public ApplicationPermissionEntity(UUID id, ApplicationEntity application, String permissionName, String permissionDescription) { public ApplicationPermissionEntity(UUID id, ApplicationEntity application, String permissionName, String permissionDescription) {
this.id = id; this.id = id;
this.application = application; this.application = application;
this.permissionName = permissionName; this.permissionName = permissionName;
this.permissionDescription = permissionDescription; this.permissionDescription = permissionDescription;
} }
public UUID getId() { public UUID getId() {
return id; return id;
} }
public void setId(UUID id) { public void setId(UUID id) {
this.id = id; this.id = id;
} }
public String getPermissionName() { public String getPermissionName() {
return permissionName; return permissionName;
} }
public void setPermissionName(String permissionName) { public void setPermissionName(String permissionName) {
this.permissionName = permissionName; this.permissionName = permissionName;
} }
public String getPermissionDescription() { public String getPermissionDescription() {
return permissionDescription; return permissionDescription;
} }
public void setPermissionDescription(String permissionDescription) { public void setPermissionDescription(String permissionDescription) {
this.permissionDescription = permissionDescription; this.permissionDescription = permissionDescription;
} }
@XmlTransient @XmlTransient
public List<ApplicationRoleEntity> getApplicationRoles() { public List<ApplicationRoleEntity> getApplicationRoles() {
return applicationRoles; return applicationRoles;
} }
public void setApplicationRoles(List<ApplicationRoleEntity> applicationRoles) { public void setApplicationRoles(List<ApplicationRoleEntity> applicationRoles) {
this.applicationRoles = applicationRoles; this.applicationRoles = applicationRoles;
} }
@Override @Override
public int hashCode() { public int hashCode() {
int hash = 0; int hash = 0;
hash += (id != null ? id.hashCode() : 0); hash += (id != null ? id.hashCode() : 0);
return hash; return hash;
} }
@Override @Override
public boolean equals(Object object) { public boolean equals(Object object) {
// TODO: Warning - this method won't work in the case the id fields are not set // TODO: Warning - this method won't work in the case the id fields are not set
if (!(object instanceof ApplicationPermissionEntity)) { if (!(object instanceof ApplicationPermissionEntity)) {
return false; return false;
} }
ApplicationPermissionEntity other = (ApplicationPermissionEntity) object; ApplicationPermissionEntity other = (ApplicationPermissionEntity) object;
if ((this.id == null && other.id != null) || (this.id != null && !this.id.equals(other.id))) { if ((this.id == null && other.id != null) || (this.id != null && !this.id.equals(other.id))) {
return false; return false;
} }
return true; return true;
} }
@Override @Override
public String toString() { public String toString() {
return "de.muehlencord.shared.account.entity.ApplicationPermission[ id=" + id + " ]"; return "de.muehlencord.shared.account.entity.ApplicationPermission[ id=" + id + " ]";
} }
public ApplicationEntity getApplication() { public ApplicationEntity getApplication() {
return application; return application;
} }
public void setApplication(ApplicationEntity application) { public void setApplication(ApplicationEntity application) {
this.application = application; this.application = application;
} }
} }

341
account/src/main/java/de/muehlencord/shared/account/business/account/entity/ApplicationRoleEntity.java → account/src/main/java/de/muehlencord/shared/account/business/application/entity/ApplicationRoleEntity.java
View File

@ -1,170 +1,171 @@
package de.muehlencord.shared.account.business.account.entity; package de.muehlencord.shared.account.business.application.entity;
import de.muehlencord.shared.account.business.application.entity.ApplicationEntity; import de.muehlencord.shared.account.business.account.entity.AccountEntity;
import java.io.Serializable; import de.muehlencord.shared.account.business.application.entity.ApplicationEntity;
import java.util.List; import java.io.Serializable;
import java.util.UUID; import java.util.List;
import javax.persistence.Basic; import java.util.UUID;
import javax.persistence.Column; import javax.persistence.Basic;
import javax.persistence.Entity; import javax.persistence.Column;
import javax.persistence.GeneratedValue; import javax.persistence.Entity;
import javax.persistence.Id; import javax.persistence.GeneratedValue;
import javax.persistence.JoinColumn; import javax.persistence.Id;
import javax.persistence.JoinTable; import javax.persistence.JoinColumn;
import javax.persistence.ManyToMany; import javax.persistence.JoinTable;
import javax.persistence.ManyToOne; import javax.persistence.ManyToMany;
import javax.persistence.NamedQueries; import javax.persistence.ManyToOne;
import javax.persistence.NamedQuery; import javax.persistence.NamedQueries;
import javax.persistence.Table; import javax.persistence.NamedQuery;
import javax.validation.constraints.NotNull; import javax.persistence.Table;
import javax.validation.constraints.Size; import javax.validation.constraints.NotNull;
import javax.xml.bind.annotation.XmlRootElement; import javax.validation.constraints.Size;
import javax.xml.bind.annotation.XmlTransient; import javax.xml.bind.annotation.XmlRootElement;
import org.hibernate.annotations.GenericGenerator; import javax.xml.bind.annotation.XmlTransient;
import org.hibernate.annotations.Type; import org.hibernate.annotations.GenericGenerator;
import org.hibernate.annotations.Type;
/**
* /**
* @author joern.muehlencord *
*/ * @author joern.muehlencord
@Entity */
@Table(name = "application_role") @Entity
@XmlRootElement @Table(name = "application_role")
@NamedQueries({ @XmlRootElement
@NamedQuery(name = "ApplicationRoleEntity.findAll", query = "SELECT a FROM ApplicationRoleEntity a WHERE a.application = :application ORDER BY a.roleName"), @NamedQueries({
@NamedQuery(name = "ApplicationRoleEntity.findByRoleName", query = "SELECT a FROM ApplicationRoleEntity a WHERE a.application = :application AND a.roleName = :roleName"), @NamedQuery(name = "ApplicationRoleEntity.findAll", query = "SELECT a FROM ApplicationRoleEntity a WHERE a.application = :application ORDER BY a.roleName"),
@NamedQuery(name = "ApplicationRoleEntity.findByRoleDescription", query = "SELECT a FROM ApplicationRoleEntity a WHERE a.application = :application AND a.roleDescription = :roleDescription")}) @NamedQuery(name = "ApplicationRoleEntity.findByRoleName", query = "SELECT a FROM ApplicationRoleEntity a WHERE a.application = :application AND a.roleName = :roleName"),
@NamedQuery(name = "ApplicationRoleEntity.findByRoleDescription", query = "SELECT a FROM ApplicationRoleEntity a WHERE a.application = :application AND a.roleDescription = :roleDescription")})
public class ApplicationRoleEntity implements Serializable {
public class ApplicationRoleEntity implements Serializable {
private static final long serialVersionUID = -8324054525780893823L;
private static final long serialVersionUID = -8324054525780893823L;
@Id
@Basic(optional = false) @Id
@NotNull @Basic(optional = false)
@Column(name = "id") @NotNull
@GeneratedValue(generator = "uuid2") @Column(name = "id")
@GenericGenerator(name = "uuid2", strategy = "uuid2") @GeneratedValue(generator = "uuid2")
@Type(type = "pg-uuid") @GenericGenerator(name = "uuid2", strategy = "uuid2")
private UUID id; @Type(type = "pg-uuid")
@Basic(optional = false) private UUID id;
@NotNull @Basic(optional = false)
@Size(min = 1, max = 80) @NotNull
@Column(name = "role_name") @Size(min = 1, max = 80)
private String roleName; @Column(name = "role_name")
@Basic(optional = false) private String roleName;
@NotNull @Basic(optional = false)
@Size(min = 1, max = 200) @NotNull
@Column(name = "role_description") @Size(min = 1, max = 200)
private String roleDescription; @Column(name = "role_description")
@ManyToMany(mappedBy = "applicationRoleList") private String roleDescription;
private List<AccountEntity> accountList; @ManyToMany(mappedBy = "applicationRoleList")
@JoinTable(name = "role_permission", joinColumns = { private List<AccountEntity> accountList;
@JoinColumn(name = "application_role", referencedColumnName = "id")}, inverseJoinColumns = { @JoinTable(name = "role_permission", joinColumns = {
@JoinColumn(name = "role_permission", referencedColumnName = "id")}) @JoinColumn(name = "application_role", referencedColumnName = "id")}, inverseJoinColumns = {
@ManyToMany @JoinColumn(name = "role_permission", referencedColumnName = "id")})
private List<ApplicationPermissionEntity> applicationPermissionList; @ManyToMany
@JoinColumn(name = "application", referencedColumnName = "id") private List<ApplicationPermissionEntity> applicationPermissionList;
@ManyToOne(optional = false) @JoinColumn(name = "application", referencedColumnName = "id")
private ApplicationEntity application; @ManyToOne(optional = false)
private ApplicationEntity application;
public ApplicationRoleEntity() {
} public ApplicationRoleEntity() {
}
public ApplicationRoleEntity(ApplicationEntity application) {
this.id = null; public ApplicationRoleEntity(ApplicationEntity application) {
this.application = application; this.id = null;
this.roleName = ""; this.application = application;
this.roleDescription = ""; this.roleName = "";
} this.roleDescription = "";
}
public ApplicationRoleEntity(ApplicationEntity application, String roleName, String roleDescription) {
this.id = null; public ApplicationRoleEntity(ApplicationEntity application, String roleName, String roleDescription) {
this.application = application; this.id = null;
this.roleName = roleName; this.application = application;
this.roleDescription = roleDescription; this.roleName = roleName;
} this.roleDescription = roleDescription;
}
public ApplicationRoleEntity(UUID id, ApplicationEntity application, String roleName, String roleDescription) {
this.id = id; public ApplicationRoleEntity(UUID id, ApplicationEntity application, String roleName, String roleDescription) {
this.application = application; this.id = id;
this.roleName = roleName; this.application = application;
this.roleDescription = roleDescription; this.roleName = roleName;
} this.roleDescription = roleDescription;
}
public UUID getId() {
return id; public UUID getId() {
} return id;
}
public void setId(UUID id) {
this.id = id; public void setId(UUID id) {
} this.id = id;
}
public String getRoleName() {
return roleName; public String getRoleName() {
} return roleName;
}
public void setRoleName(String roleName) {
this.roleName = roleName; public void setRoleName(String roleName) {
} this.roleName = roleName;
}
public String getRoleDescription() {
return roleDescription; public String getRoleDescription() {
} return roleDescription;
}
public void setRoleDescription(String roleDescription) {
this.roleDescription = roleDescription; public void setRoleDescription(String roleDescription) {
} this.roleDescription = roleDescription;
}
@XmlTransient
public List<AccountEntity> getAccountList() { @XmlTransient
return accountList; public List<AccountEntity> getAccountList() {
} return accountList;
}
public void setAccountList(List<AccountEntity> accountList) {
this.accountList = accountList; public void setAccountList(List<AccountEntity> accountList) {
} this.accountList = accountList;
}
@XmlTransient
public List<ApplicationPermissionEntity> getApplicationPermissionList() { @XmlTransient
return applicationPermissionList; public List<ApplicationPermissionEntity> getApplicationPermissionList() {
} return applicationPermissionList;
}
public void setApplicationPermissionList(List<ApplicationPermissionEntity> applicationPermissionList) {
this.applicationPermissionList = applicationPermissionList; public void setApplicationPermissionList(List<ApplicationPermissionEntity> applicationPermissionList) {
} this.applicationPermissionList = applicationPermissionList;
}
public ApplicationEntity getApplication() {
return application; public ApplicationEntity getApplication() {
} return application;
}
public void setApplication(ApplicationEntity application) {
this.application = application; public void setApplication(ApplicationEntity application) {
} this.application = application;
}
@Override
public int hashCode() { @Override
int hash = 0; public int hashCode() {
hash += (id != null ? id.hashCode() : 0); int hash = 0;
return hash; hash += (id != null ? id.hashCode() : 0);
} return hash;
}
@Override
public boolean equals(Object object) { @Override
// TODO: Warning - this method won't work in the case the id fields are not set public boolean equals(Object object) {
if (!(object instanceof ApplicationRoleEntity)) { // TODO: Warning - this method won't work in the case the id fields are not set
return false; if (!(object instanceof ApplicationRoleEntity)) {
} return false;
ApplicationRoleEntity other = (ApplicationRoleEntity) object; }
if ((this.id == null && other.id != null) || (this.id != null && !this.id.equals(other.id))) { ApplicationRoleEntity other = (ApplicationRoleEntity) object;
return false; if ((this.id == null && other.id != null) || (this.id != null && !this.id.equals(other.id))) {
} return false;
return true; }
} return true;
}
@Override
public String toString() { @Override
return "de.muehlencord.shared.account.entity.ApplicationRole[ id=" + id + " ]"; public String toString() {
} return "de.muehlencord.shared.account.entity.ApplicationRole[ id=" + id + " ]";
}
}
}

44
account/src/main/java/de/muehlencord/shared/account/util/AccountSecurityException.java Normal file
View File

@ -0,0 +1,44 @@
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package de.muehlencord.shared.account.util;
import java.io.Serializable;
import java.util.Locale;
import java.util.ResourceBundle;
/**
*
* @author Joern Muehlencord <joern at muehlencord.de>
*/
public class AccountSecurityException extends Exception implements Serializable {
private static final long serialVersionUID = 8135850463689587815L;
private final SecurityError securityError;
public AccountSecurityException(SecurityError securityError) {
this.securityError = securityError;
}
public String getErrorCode() {
return securityError.getErrorCode();
}
public String getMessageKey() {
return securityError.getMessageKey();
}
public String getMessage() {
ResourceBundle resourceBundle = ResourceBundle.getBundle(securityError.getClass().getName(), Locale.ENGLISH);
return resourceBundle.getString(securityError.getMessageKey());
}
public String getLocalizedMessage(Locale locale) {
ResourceBundle resourceBundle = ResourceBundle.getBundle(securityError.getClass().getName(), locale);
return resourceBundle.getString(securityError.getMessageKey());
}
}

13
account/src/main/java/de/muehlencord/shared/account/util/Permission.java Normal file
View File

@ -0,0 +1,13 @@
package de.muehlencord.shared.account.util;
/**
*
* @author Joern Muehlencord <joern at muehlencord.de>
*/
public interface Permission {
String getName();
String getDescription();
}

12
account/src/main/java/de/muehlencord/shared/account/util/SecurityError.java Normal file
View File

@ -0,0 +1,12 @@
package de.muehlencord.shared.account.util;
/**
*
* @author Joern Muehlencord <joern at muehlencord.de>
*/
public interface SecurityError {
String getErrorCode();
String getMessageKey();
}

13
account/src/main/java/de/muehlencord/shared/account/util/SecurityUtil.java
View File

@ -1,10 +1,12 @@
package de.muehlencord.shared.account.util; package de.muehlencord.shared.account.util;
import org.apache.shiro.SecurityUtils;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.apache.shiro.authc.credential.DefaultPasswordService; import org.apache.shiro.authc.credential.DefaultPasswordService;
import org.apache.shiro.crypto.hash.DefaultHashService; import org.apache.shiro.crypto.hash.DefaultHashService;
import org.apache.shiro.crypto.hash.Sha512Hash; import org.apache.shiro.crypto.hash.Sha512Hash;
import org.apache.shiro.subject.Subject;
/** /**
* *
@ -30,4 +32,15 @@ public class SecurityUtil {
return encryptedPassword; return encryptedPassword;
} }
public static void checkPermission(Permission permission, SecurityError error) throws AccountSecurityException {
Subject currentUser = SecurityUtils.getSubject();
if ((currentUser == null) || (!currentUser.isAuthenticated())) {
throw new AccountSecurityException(error); // TODO support special error for not logged in
}
String requiredPermissions = permission.getName();
if (!currentUser.isPermitted(requiredPermissions)) {
throw new AccountSecurityException(error);
}
}
} }

5
account/src/main/resources/de/muehlencord/shared/account/business/application/boundary/ApplicationServiceError.properties Normal file
View File

@ -0,0 +1,5 @@
# To change this license header, choose License Headers in Project Properties.
# To change this template file, choose Tools | Templates
# and open the template in the editor.
listall_denied=You are not allowed to list all applications

5
account/src/main/resources/de/muehlencord/shared/account/business/application/boundary/ApplicationServiceError_de_DE.properties Normal file
View File

@ -0,0 +1,5 @@
# To change this license header, choose License Headers in Project Properties.
# To change this template file, choose Tools | Templates
# and open the template in the editor.
listall_denied=Sie haben nicht die n\u00f6tige Rechte alle Applikationen aufzulisten

5
account/src/main/resources/de/muehlencord/shared/account/business/application/boundary/ApplicationServiceError_en_US.properties Normal file
View File

@ -0,0 +1,5 @@
# To change this license header, choose License Headers in Project Properties.
# To change this template file, choose Tools | Templates
# and open the template in the editor.
listall_denied=User not allowed to list all applications