List of usage examples for java.security.acl Group addMember
public boolean addMember(Principal user);
From source file:org.betaconceptframework.astroboa.engine.service.security.AstroboaLogin.java
private void addRolesToSubject() throws LoginException { //Must return at list one group named "Roles" in order to be final Group groupContainingAllRoles = new CmsGroup(AstroboaPrincipalName.Roles.toString()); if (userIsAnonymous(getUsername())) { //User ANONYMOUS is a virtual user which must have specific role //regardless of whether the identity store is external or internal groupContainingAllRoles.addMember(new CmsPrincipal(CmsRoleAffiliationFactory.INSTANCE .getCmsRoleAffiliationForRepository(CmsRole.ROLE_CMS_EXTERNAL_VIEWER, repositoryId))); } else {/*from w ww.j a v a 2 s. c o m*/ List<String> impliedRoles = getIdentityStore().getImpliedRoles(getUsername()); //Load all roles in a tree if (impliedRoles != null) { for (String impliedRole : impliedRoles) { groupContainingAllRoles.addMember(new CmsPrincipal(impliedRole)); } } } subject.getPrincipals().add(groupContainingAllRoles); }
From source file:org.betaconceptframework.astroboa.security.jaas.AstroboaLoginModule.java
private void addRolesToSubject() throws LoginException { //Must return at list one group named "Roles" in order to be final Group groupContainingAllRoles = new CmsGroup(AstroboaPrincipalName.Roles.toString()); if (userIsAnonymous(getUsername())) { //User ANONYMOUS is a virtual user which must have specific role //regardless of whether the identity store is external or internal groupContainingAllRoles.addMember(new CmsPrincipal(CmsRoleAffiliationFactory.INSTANCE .getCmsRoleAffiliationForRepository(CmsRole.ROLE_CMS_EXTERNAL_VIEWER, repositoryId))); } else {// ww w. jav a2 s . c o m List<String> impliedRoles = identityStore.getImpliedRoles(getUsername()); //Load all roles in a tree if (impliedRoles != null) { for (String impliedRole : impliedRoles) { groupContainingAllRoles.addMember(new CmsPrincipal(impliedRole)); } } } subject.getPrincipals().add(groupContainingAllRoles); }
From source file:org.collectionspace.authentication.realm.db.CSpaceDbRealm.java
/** * Execute the tenantsQuery against the datasourceName to obtain the tenants for * the authenticated user.//from w ww . j a v a 2 s . co m * @return collection containing the roles */ @Override public Collection<Group> getTenants(String username, String groupClassName) throws LoginException { if (logger.isDebugEnabled()) { logger.debug("getTenants using tenantsQuery: " + tenantsQuery + ", username: " + username); } Connection conn = null; HashMap<String, Group> groupsMap = new HashMap<String, Group>(); PreparedStatement ps = null; ResultSet rs = null; try { conn = getConnection(); // Get the user role names if (logger.isDebugEnabled()) { logger.debug("Executing query: " + tenantsQuery + ", with username: " + username); } ps = conn.prepareStatement(tenantsQuery); try { ps.setString(1, username); } catch (ArrayIndexOutOfBoundsException ignore) { // The query may not have any parameters so just try it } rs = ps.executeQuery(); if (rs.next() == false) { if (logger.isDebugEnabled()) { logger.debug("No tenants found"); } // We are running with an unauthenticatedIdentity so create an // empty Tenants set and return. // FIXME should this be allowed? Group g = createGroup(groupClassName, "Tenants"); groupsMap.put(g.getName(), g); return groupsMap.values(); } do { String tenantId = rs.getString(1); String tenantName = rs.getString(2); String groupName = rs.getString(3); if (groupName == null || groupName.length() == 0) { groupName = "Tenants"; } Group group = (Group) groupsMap.get(groupName); if (group == null) { group = createGroup(groupClassName, groupName); groupsMap.put(groupName, group); } try { Principal p = createTenant(tenantName, tenantId); if (logger.isDebugEnabled()) { logger.debug("Assign user to tenant " + tenantName); } group.addMember(p); } catch (Exception e) { logger.error("Failed to create tenant: " + tenantName + " " + e.toString()); } } while (rs.next()); } catch (SQLException ex) { LoginException le = new LoginException("Query failed"); le.initCause(ex); throw le; } catch (Exception e) { LoginException le = new LoginException("unknown exception"); le.initCause(e); throw le; } finally { if (rs != null) { try { rs.close(); } catch (SQLException e) { } } if (ps != null) { try { ps.close(); } catch (SQLException e) { } } if (conn != null) { try { conn.close(); } catch (Exception ex) { } } } return groupsMap.values(); }
From source file:org.collectionspace.authentication.realm.db.CSpaceDbRealm.java
/** * Execute the rolesQuery against the datasourceName to obtain the roles for * the authenticated user./*from w w w . j a v a2s. com*/ * @return collection containing the roles */ @Override public Collection<Group> getRoles(String username, String principalClassName, String groupClassName) throws LoginException { if (logger.isDebugEnabled()) { logger.debug("getRoleSets using rolesQuery: " + rolesQuery + ", username: " + username); } Connection conn = null; HashMap<String, Group> groupsMap = new HashMap<String, Group>(); PreparedStatement ps = null; ResultSet rs = null; try { conn = getConnection(); // Get the user role names if (logger.isDebugEnabled()) { logger.debug("Executing query: " + rolesQuery + ", with username: " + username); } ps = conn.prepareStatement(rolesQuery); try { ps.setString(1, username); } catch (ArrayIndexOutOfBoundsException ignore) { // The query may not have any parameters so just try it } rs = ps.executeQuery(); if (rs.next() == false) { if (logger.isDebugEnabled()) { logger.debug("No roles found"); } // if(aslm.getUnauthenticatedIdentity() == null){ // throw new FailedLoginException("No matching username found in Roles"); // } /* We are running with an unauthenticatedIdentity so create an empty Roles set and return. */ Group g = createGroup(groupClassName, "Roles"); groupsMap.put(g.getName(), g); return groupsMap.values(); } do { String roleName = rs.getString(1); String groupName = rs.getString(2); if (groupName == null || groupName.length() == 0) { groupName = "Roles"; } Group group = (Group) groupsMap.get(groupName); if (group == null) { group = createGroup(groupClassName, groupName); groupsMap.put(groupName, group); } try { Principal p = createPrincipal(principalClassName, roleName); if (logger.isDebugEnabled()) { logger.debug("Assign user to role " + roleName); } group.addMember(p); } catch (Exception e) { logger.error("Failed to create principal: " + roleName + " " + e.toString()); } } while (rs.next()); } catch (SQLException ex) { LoginException le = new LoginException("Query failed"); le.initCause(ex); throw le; } catch (Exception e) { LoginException le = new LoginException("unknown exception"); le.initCause(e); throw le; } finally { if (rs != null) { try { rs.close(); } catch (SQLException e) { } } if (ps != null) { try { ps.close(); } catch (SQLException e) { } } if (conn != null) { try { conn.close(); } catch (Exception ex) { } } } return groupsMap.values(); }
From source file:org.betaconceptframework.astroboa.engine.jcr.dao.RepositoryDao.java
private void initializeIdentityStoreForRepository(CmsRepository cmsRepository) { if (StringUtils.isBlank(cmsRepository.getExternalIdentityStoreJNDIName())) { String identityStoreRepositoryId = cmsRepository.getIdentityStoreRepositoryId(); if (StringUtils.isBlank(identityStoreRepositoryId)) { throw new CmsException( "No external IdentityStore JNDI has been provided nor an identity store repository id for repository " + cmsRepository.getId()); }/* w w w . ja v a 2 s .c o m*/ if (!repositoryInfos.containsKey(identityStoreRepositoryId)) { throw new CmsException("Found no repository with id " + identityStoreRepositoryId + ".Cannot initialize identity store for repository " + cmsRepository.getId()); } CmsRepository cmsRepositoryIdentityStore = repositoryInfos.get(identityStoreRepositoryId); Subject subject = new Subject(); subject.getPrincipals().add(new IdentityPrincipal(IdentityPrincipal.SYSTEM)); Group rolesPrincipal = new CmsGroup(AstroboaPrincipalName.Roles.toString()); for (CmsRole cmsRole : CmsRole.values()) { rolesPrincipal.addMember(new CmsPrincipal(CmsRoleAffiliationFactory.INSTANCE .getCmsRoleAffiliationForRepository(cmsRole, identityStoreRepositoryId))); } subject.getPrincipals().add(rolesPrincipal); SecurityContext securityContext = new SecurityContext(identityStoreRepositoryId, subject, 30, null); RepositoryContext repositoryContext = new RepositoryContext(cmsRepositoryIdentityStore, securityContext); AstroboaClientContextHolder .registerClientContext(new AstroboaClientContext(repositoryContext, lazyLoader), true); cmsRepositoryInitializationManager.initializeIdentityStore(cmsRepository.getId(), cmsRepositoryIdentityStore); AstroboaClientContextHolder.clearContext(); } }