replaced authorities update with specific add/remove methods
This commit is contained in:
parent
7ede4c62c2
commit
1e946f8609
|
@ -15,8 +15,6 @@ import org.springframework.http.ResponseEntity;
|
|||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.concurrent.atomic.AtomicBoolean;
|
||||
|
||||
|
@ -45,8 +43,8 @@ public class AdminController {
|
|||
Integer couId = registryService.getCouId(AuthoritiesUtils.memberRole(type, id));
|
||||
if (couId != null) {
|
||||
JsonArray users = registryService.getUserIdByCouId(couId, true);
|
||||
JsonArray emails = (email)?registryService.getUserEmailByCouId(couId, true):new JsonArray();
|
||||
JsonArray names = (name)?registryService.getUserNamesByCouId(couId, true):new JsonArray();
|
||||
JsonArray emails = (email) ? registryService.getUserEmailByCouId(couId, true) : new JsonArray();
|
||||
JsonArray names = (name) ? registryService.getUserNamesByCouId(couId, true) : new JsonArray();
|
||||
return ResponseEntity.ok(JsonUtils.mergeUserInfo(users, emails, names, gson));
|
||||
}
|
||||
throw new ResourceNotFoundException("Role has not been found");
|
||||
|
@ -63,7 +61,7 @@ public class AdminController {
|
|||
if (coPersonIds.size() > 0) {
|
||||
Integer temp = registryService.getCouId(AuthoritiesUtils.memberRole(type, id));
|
||||
if (temp != null || force) {
|
||||
Integer couId = (temp != null)?temp:registryService.createRole(AuthoritiesUtils.memberRole(type, id), "");
|
||||
Integer couId = (temp != null) ? temp : registryService.createRole(AuthoritiesUtils.memberRole(type, id), "");
|
||||
AtomicBoolean assigned = new AtomicBoolean(false);
|
||||
coPersonIds.forEach(coPersonId -> {
|
||||
if (assignRoleToAccount(coPersonId, couId, type, id, force)) {
|
||||
|
@ -85,19 +83,13 @@ public class AdminController {
|
|||
String identifier = registryService.getIdentifierByCoPersonId(coPersonId);
|
||||
Integer role = registryService.getRoleId(coPersonId, couId);
|
||||
if (role != null || force) {
|
||||
if(role == null) {
|
||||
registryService.assignMemberRole(coPersonId,couId, role);
|
||||
if (role == null) {
|
||||
registryService.assignMemberRole(coPersonId, couId, role);
|
||||
authoritiesUpdater.addRole(identifier, new SimpleGrantedAuthority(AuthoritiesUtils.member(type, id)));
|
||||
}
|
||||
if (registryService.getUserAdminGroup(coPersonId, couId) == null) {
|
||||
registryService.assignAdminRole(coPersonId, couId);
|
||||
authoritiesUpdater.update(identifier, old -> {
|
||||
HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old);
|
||||
if(role == null) {
|
||||
authorities.add(new SimpleGrantedAuthority(AuthoritiesUtils.member(type, id)));
|
||||
}
|
||||
authorities.add(new SimpleGrantedAuthority(AuthoritiesUtils.manager(type, id)));
|
||||
return authorities;
|
||||
});
|
||||
authoritiesUpdater.addRole(identifier, new SimpleGrantedAuthority(AuthoritiesUtils.manager(type, id)));
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
|
@ -117,11 +109,7 @@ public class AdminController {
|
|||
coPersonIds.forEach(coPersonId -> {
|
||||
registryService.removeAdminRole(coPersonId, couId);
|
||||
String identifier = registryService.getIdentifierByCoPersonId(coPersonId);
|
||||
authoritiesUpdater.update(identifier, old -> {
|
||||
HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old);
|
||||
authorities.remove(new SimpleGrantedAuthority(AuthoritiesUtils.manager(type, id)));
|
||||
return authorities;
|
||||
});
|
||||
authoritiesUpdater.removeRole(identifier, new SimpleGrantedAuthority(AuthoritiesUtils.manager(type, id)));
|
||||
});
|
||||
return ResponseEntity.ok(new Response("Role has been revoked successfully"));
|
||||
}
|
||||
|
|
|
@ -82,11 +82,7 @@ public class CuratorController {
|
|||
String identifier = registryService.getIdentifierByCoPersonId(coPersonId);
|
||||
Integer role = registryService.getRoleId(coPersonId, couId);
|
||||
registryService.assignMemberRole(coPersonId, couId, role);
|
||||
authoritiesUpdater.update(identifier, old -> {
|
||||
HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old);
|
||||
authorities.add(new SimpleGrantedAuthority(AuthoritiesUtils.curator(type)));
|
||||
return authorities;
|
||||
});
|
||||
authoritiesUpdater.addRole(identifier, new SimpleGrantedAuthority(AuthoritiesUtils.curator(type)));
|
||||
});
|
||||
return ResponseEntity.ok(new Response("Role has been assigned successfully"));
|
||||
}
|
||||
|
@ -108,11 +104,7 @@ public class CuratorController {
|
|||
String identifier = registryService.getIdentifierByCoPersonId(coPersonId);
|
||||
Integer role = registryService.getRoleId(coPersonId, couId);
|
||||
registryService.removeMemberRole(coPersonId, couId, role);
|
||||
authoritiesUpdater.update(identifier, old -> {
|
||||
HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old);
|
||||
authorities.remove(new SimpleGrantedAuthority(AuthoritiesUtils.curator(type)));
|
||||
return authorities;
|
||||
});
|
||||
authoritiesUpdater.removeRole(identifier, new SimpleGrantedAuthority(AuthoritiesUtils.curator(type)));
|
||||
});
|
||||
return ResponseEntity.ok(new Response("Role has been revoked successfully"));
|
||||
}
|
||||
|
|
|
@ -17,8 +17,6 @@ import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
|||
import org.springframework.web.bind.annotation.*;
|
||||
import org.springframework.web.client.HttpClientErrorException;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.concurrent.atomic.AtomicInteger;
|
||||
|
||||
|
@ -65,9 +63,9 @@ public class MemberController {
|
|||
Integer couId = registryService.getCouId(AuthoritiesUtils.memberRole(type, id));
|
||||
if (couId != null) {
|
||||
JsonArray users = registryService.getUserIdByCouId(couId, false);
|
||||
JsonArray emails = (email)?registryService.getUserEmailByCouId(couId, false):new JsonArray();
|
||||
JsonArray names = (name)?registryService.getUserNamesByCouId(couId, false):new JsonArray();
|
||||
if(isManager) {
|
||||
JsonArray emails = (email) ? registryService.getUserEmailByCouId(couId, false) : new JsonArray();
|
||||
JsonArray names = (name) ? registryService.getUserNamesByCouId(couId, false) : new JsonArray();
|
||||
if (isManager) {
|
||||
JsonArray managers = registryService.getUserIdByCouId(couId, true);
|
||||
users.getAsJsonArray().forEach(element -> {
|
||||
element.getAsJsonObject().addProperty("isManager", managers.contains(element));
|
||||
|
@ -120,11 +118,7 @@ public class MemberController {
|
|||
String identifier = registryService.getIdentifierByCoPersonId(coPersonId);
|
||||
Integer role = registryService.getRoleId(coPersonId, couId);
|
||||
registryService.assignMemberRole(coPersonId, couId, role);
|
||||
authoritiesUpdater.update(identifier, old -> {
|
||||
HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old);
|
||||
authorities.add(new SimpleGrantedAuthority(AuthoritiesUtils.member(type, id)));
|
||||
return authorities;
|
||||
});
|
||||
authoritiesUpdater.addRole(identifier, new SimpleGrantedAuthority(AuthoritiesUtils.member(type, id)));
|
||||
});
|
||||
return ResponseEntity.ok(new Response("Role has been assigned successfully"));
|
||||
}
|
||||
|
@ -151,16 +145,10 @@ public class MemberController {
|
|||
Integer role = registryService.getRoleId(coPersonId, couId);
|
||||
if (force) {
|
||||
registryService.removeAdminRole(coPersonId, couId);
|
||||
authoritiesUpdater.removeRole(identifier, new SimpleGrantedAuthority(AuthoritiesUtils.manager(type, id)));
|
||||
}
|
||||
registryService.removeMemberRole(coPersonId, couId, role);
|
||||
authoritiesUpdater.update(identifier, old -> {
|
||||
HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old);
|
||||
if (force) {
|
||||
authorities.remove(new SimpleGrantedAuthority(AuthoritiesUtils.manager(type, id)));
|
||||
}
|
||||
authorities.remove(new SimpleGrantedAuthority(AuthoritiesUtils.member(type, id)));
|
||||
return authorities;
|
||||
});
|
||||
authoritiesUpdater.removeRole(identifier, new SimpleGrantedAuthority(AuthoritiesUtils.member(type, id)));
|
||||
});
|
||||
return ResponseEntity.ok(new Response("Role has been revoked successfully"));
|
||||
}
|
||||
|
|
|
@ -6,12 +6,15 @@ import org.springframework.beans.factory.annotation.Autowired;
|
|||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.context.SecurityContext;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.oauth2.common.exceptions.UnauthorizedClientException;
|
||||
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
|
||||
import org.springframework.session.ExpiringSession;
|
||||
import org.springframework.session.FindByIndexNameSessionRepository;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.HashSet;
|
||||
import java.util.Map;
|
||||
|
||||
|
||||
|
@ -23,10 +26,11 @@ public class AuthoritiesUpdater extends HttpSessionSecurityContextRepository {
|
|||
@Autowired
|
||||
FindByIndexNameSessionRepository sessions;
|
||||
|
||||
public void update(String id, Update update) {
|
||||
public void update(String id, Collection<? extends GrantedAuthority> authorities) {
|
||||
if (sessions != null) {
|
||||
Map<String, ExpiringSession> map = sessions.
|
||||
findByIndexNameAndIndexValue(FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME, id);
|
||||
if (map != null) {
|
||||
logger.debug(map.values().toArray().length);
|
||||
for (ExpiringSession session : map.values()) {
|
||||
logger.debug(session.getId());
|
||||
|
@ -35,7 +39,6 @@ public class AuthoritiesUpdater extends HttpSessionSecurityContextRepository {
|
|||
Authentication authentication = securityContext.getAuthentication();
|
||||
if (authentication instanceof OIDCAuthenticationToken) {
|
||||
OIDCAuthenticationToken authOIDC = (OIDCAuthenticationToken) authentication;
|
||||
Collection<? extends GrantedAuthority> authorities = update.authorities(authentication.getAuthorities());
|
||||
logger.debug(authorities);
|
||||
securityContext.setAuthentication(new OIDCAuthenticationToken(authOIDC.getSub(), authOIDC.getIssuer(),
|
||||
authOIDC.getUserInfo(), authorities, authOIDC.getIdToken(),
|
||||
|
@ -48,6 +51,46 @@ public class AuthoritiesUpdater extends HttpSessionSecurityContextRepository {
|
|||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public void update(String id, Update update) {
|
||||
Collection<? extends GrantedAuthority> authorities = update.authorities(SecurityContextHolder.getContext().getAuthentication().getAuthorities());
|
||||
this.update(id, authorities);
|
||||
}
|
||||
|
||||
public void addRole(String id, GrantedAuthority role) {
|
||||
this.update(id, old -> {
|
||||
HashSet<GrantedAuthority> authorities = new HashSet<>(old);
|
||||
authorities.add(role);
|
||||
return authorities;
|
||||
});
|
||||
}
|
||||
|
||||
public void addRole(GrantedAuthority role) {
|
||||
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
|
||||
if (auth instanceof OIDCAuthenticationToken) {
|
||||
OIDCAuthenticationToken oidcAuth = (OIDCAuthenticationToken) auth;
|
||||
this.addRole(oidcAuth.getUserInfo().getEmail(), role);
|
||||
} else {
|
||||
throw new UnauthorizedClientException("User auth is not instance of OIDCAuthenticationToken");
|
||||
}
|
||||
}
|
||||
|
||||
public void removeRole(String id, GrantedAuthority role) {
|
||||
this.update(id, old -> {
|
||||
HashSet<GrantedAuthority> authorities = new HashSet<>(old);
|
||||
authorities.remove(role);
|
||||
return authorities;
|
||||
});
|
||||
}
|
||||
|
||||
public void removeRole(GrantedAuthority role) {
|
||||
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
|
||||
if (auth instanceof OIDCAuthenticationToken) {
|
||||
OIDCAuthenticationToken oidcAuth = (OIDCAuthenticationToken) auth;
|
||||
this.removeRole(oidcAuth.getUserInfo().getEmail(), role);
|
||||
}
|
||||
}
|
||||
|
||||
public interface Update {
|
||||
Collection<? extends GrantedAuthority> authorities(Collection<? extends GrantedAuthority> old);
|
||||
|
|
Loading…
Reference in New Issue