replaced authorities update with specific add/remove methods

This commit is contained in:
Konstantinos Spyrou 2021-09-15 12:04:59 +03:00
parent 7ede4c62c2
commit 1e946f8609
4 changed files with 77 additions and 66 deletions

View File

@ -15,8 +15,6 @@ import org.springframework.http.ResponseEntity;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.web.bind.annotation.*;
import java.util.Collection;
import java.util.HashSet;
import java.util.List;
import java.util.concurrent.atomic.AtomicBoolean;
@ -45,8 +43,8 @@ public class AdminController {
Integer couId = registryService.getCouId(AuthoritiesUtils.memberRole(type, id));
if (couId != null) {
JsonArray users = registryService.getUserIdByCouId(couId, true);
JsonArray emails = (email)?registryService.getUserEmailByCouId(couId, true):new JsonArray();
JsonArray names = (name)?registryService.getUserNamesByCouId(couId, true):new JsonArray();
JsonArray emails = (email) ? registryService.getUserEmailByCouId(couId, true) : new JsonArray();
JsonArray names = (name) ? registryService.getUserNamesByCouId(couId, true) : new JsonArray();
return ResponseEntity.ok(JsonUtils.mergeUserInfo(users, emails, names, gson));
}
throw new ResourceNotFoundException("Role has not been found");
@ -63,7 +61,7 @@ public class AdminController {
if (coPersonIds.size() > 0) {
Integer temp = registryService.getCouId(AuthoritiesUtils.memberRole(type, id));
if (temp != null || force) {
Integer couId = (temp != null)?temp:registryService.createRole(AuthoritiesUtils.memberRole(type, id), "");
Integer couId = (temp != null) ? temp : registryService.createRole(AuthoritiesUtils.memberRole(type, id), "");
AtomicBoolean assigned = new AtomicBoolean(false);
coPersonIds.forEach(coPersonId -> {
if (assignRoleToAccount(coPersonId, couId, type, id, force)) {
@ -85,19 +83,13 @@ public class AdminController {
String identifier = registryService.getIdentifierByCoPersonId(coPersonId);
Integer role = registryService.getRoleId(coPersonId, couId);
if (role != null || force) {
if(role == null) {
registryService.assignMemberRole(coPersonId,couId, role);
if (role == null) {
registryService.assignMemberRole(coPersonId, couId, role);
authoritiesUpdater.addRole(identifier, new SimpleGrantedAuthority(AuthoritiesUtils.member(type, id)));
}
if (registryService.getUserAdminGroup(coPersonId, couId) == null) {
registryService.assignAdminRole(coPersonId, couId);
authoritiesUpdater.update(identifier, old -> {
HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old);
if(role == null) {
authorities.add(new SimpleGrantedAuthority(AuthoritiesUtils.member(type, id)));
}
authorities.add(new SimpleGrantedAuthority(AuthoritiesUtils.manager(type, id)));
return authorities;
});
authoritiesUpdater.addRole(identifier, new SimpleGrantedAuthority(AuthoritiesUtils.manager(type, id)));
return true;
}
return false;
@ -117,11 +109,7 @@ public class AdminController {
coPersonIds.forEach(coPersonId -> {
registryService.removeAdminRole(coPersonId, couId);
String identifier = registryService.getIdentifierByCoPersonId(coPersonId);
authoritiesUpdater.update(identifier, old -> {
HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old);
authorities.remove(new SimpleGrantedAuthority(AuthoritiesUtils.manager(type, id)));
return authorities;
});
authoritiesUpdater.removeRole(identifier, new SimpleGrantedAuthority(AuthoritiesUtils.manager(type, id)));
});
return ResponseEntity.ok(new Response("Role has been revoked successfully"));
}

View File

@ -82,11 +82,7 @@ public class CuratorController {
String identifier = registryService.getIdentifierByCoPersonId(coPersonId);
Integer role = registryService.getRoleId(coPersonId, couId);
registryService.assignMemberRole(coPersonId, couId, role);
authoritiesUpdater.update(identifier, old -> {
HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old);
authorities.add(new SimpleGrantedAuthority(AuthoritiesUtils.curator(type)));
return authorities;
});
authoritiesUpdater.addRole(identifier, new SimpleGrantedAuthority(AuthoritiesUtils.curator(type)));
});
return ResponseEntity.ok(new Response("Role has been assigned successfully"));
}
@ -108,11 +104,7 @@ public class CuratorController {
String identifier = registryService.getIdentifierByCoPersonId(coPersonId);
Integer role = registryService.getRoleId(coPersonId, couId);
registryService.removeMemberRole(coPersonId, couId, role);
authoritiesUpdater.update(identifier, old -> {
HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old);
authorities.remove(new SimpleGrantedAuthority(AuthoritiesUtils.curator(type)));
return authorities;
});
authoritiesUpdater.removeRole(identifier, new SimpleGrantedAuthority(AuthoritiesUtils.curator(type)));
});
return ResponseEntity.ok(new Response("Role has been revoked successfully"));
}

View File

@ -17,8 +17,6 @@ import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.client.HttpClientErrorException;
import java.util.Collection;
import java.util.HashSet;
import java.util.List;
import java.util.concurrent.atomic.AtomicInteger;
@ -65,9 +63,9 @@ public class MemberController {
Integer couId = registryService.getCouId(AuthoritiesUtils.memberRole(type, id));
if (couId != null) {
JsonArray users = registryService.getUserIdByCouId(couId, false);
JsonArray emails = (email)?registryService.getUserEmailByCouId(couId, false):new JsonArray();
JsonArray names = (name)?registryService.getUserNamesByCouId(couId, false):new JsonArray();
if(isManager) {
JsonArray emails = (email) ? registryService.getUserEmailByCouId(couId, false) : new JsonArray();
JsonArray names = (name) ? registryService.getUserNamesByCouId(couId, false) : new JsonArray();
if (isManager) {
JsonArray managers = registryService.getUserIdByCouId(couId, true);
users.getAsJsonArray().forEach(element -> {
element.getAsJsonObject().addProperty("isManager", managers.contains(element));
@ -120,11 +118,7 @@ public class MemberController {
String identifier = registryService.getIdentifierByCoPersonId(coPersonId);
Integer role = registryService.getRoleId(coPersonId, couId);
registryService.assignMemberRole(coPersonId, couId, role);
authoritiesUpdater.update(identifier, old -> {
HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old);
authorities.add(new SimpleGrantedAuthority(AuthoritiesUtils.member(type, id)));
return authorities;
});
authoritiesUpdater.addRole(identifier, new SimpleGrantedAuthority(AuthoritiesUtils.member(type, id)));
});
return ResponseEntity.ok(new Response("Role has been assigned successfully"));
}
@ -151,16 +145,10 @@ public class MemberController {
Integer role = registryService.getRoleId(coPersonId, couId);
if (force) {
registryService.removeAdminRole(coPersonId, couId);
authoritiesUpdater.removeRole(identifier, new SimpleGrantedAuthority(AuthoritiesUtils.manager(type, id)));
}
registryService.removeMemberRole(coPersonId, couId, role);
authoritiesUpdater.update(identifier, old -> {
HashSet<SimpleGrantedAuthority> authorities = new HashSet<>((Collection<? extends SimpleGrantedAuthority>) old);
if (force) {
authorities.remove(new SimpleGrantedAuthority(AuthoritiesUtils.manager(type, id)));
}
authorities.remove(new SimpleGrantedAuthority(AuthoritiesUtils.member(type, id)));
return authorities;
});
authoritiesUpdater.removeRole(identifier, new SimpleGrantedAuthority(AuthoritiesUtils.member(type, id)));
});
return ResponseEntity.ok(new Response("Role has been revoked successfully"));
}

View File

@ -6,12 +6,15 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.common.exceptions.UnauthorizedClientException;
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
import org.springframework.session.ExpiringSession;
import org.springframework.session.FindByIndexNameSessionRepository;
import org.springframework.stereotype.Service;
import java.util.Collection;
import java.util.HashSet;
import java.util.Map;
@ -23,10 +26,11 @@ public class AuthoritiesUpdater extends HttpSessionSecurityContextRepository {
@Autowired
FindByIndexNameSessionRepository sessions;
public void update(String id, Update update) {
public void update(String id, Collection<? extends GrantedAuthority> authorities) {
if (sessions != null) {
Map<String, ExpiringSession> map = sessions.
findByIndexNameAndIndexValue(FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME, id);
if (map != null) {
logger.debug(map.values().toArray().length);
for (ExpiringSession session : map.values()) {
logger.debug(session.getId());
@ -35,7 +39,6 @@ public class AuthoritiesUpdater extends HttpSessionSecurityContextRepository {
Authentication authentication = securityContext.getAuthentication();
if (authentication instanceof OIDCAuthenticationToken) {
OIDCAuthenticationToken authOIDC = (OIDCAuthenticationToken) authentication;
Collection<? extends GrantedAuthority> authorities = update.authorities(authentication.getAuthorities());
logger.debug(authorities);
securityContext.setAuthentication(new OIDCAuthenticationToken(authOIDC.getSub(), authOIDC.getIssuer(),
authOIDC.getUserInfo(), authorities, authOIDC.getIdToken(),
@ -48,6 +51,46 @@ public class AuthoritiesUpdater extends HttpSessionSecurityContextRepository {
}
}
}
}
public void update(String id, Update update) {
Collection<? extends GrantedAuthority> authorities = update.authorities(SecurityContextHolder.getContext().getAuthentication().getAuthorities());
this.update(id, authorities);
}
public void addRole(String id, GrantedAuthority role) {
this.update(id, old -> {
HashSet<GrantedAuthority> authorities = new HashSet<>(old);
authorities.add(role);
return authorities;
});
}
public void addRole(GrantedAuthority role) {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (auth instanceof OIDCAuthenticationToken) {
OIDCAuthenticationToken oidcAuth = (OIDCAuthenticationToken) auth;
this.addRole(oidcAuth.getUserInfo().getEmail(), role);
} else {
throw new UnauthorizedClientException("User auth is not instance of OIDCAuthenticationToken");
}
}
public void removeRole(String id, GrantedAuthority role) {
this.update(id, old -> {
HashSet<GrantedAuthority> authorities = new HashSet<>(old);
authorities.remove(role);
return authorities;
});
}
public void removeRole(GrantedAuthority role) {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (auth instanceof OIDCAuthenticationToken) {
OIDCAuthenticationToken oidcAuth = (OIDCAuthenticationToken) auth;
this.removeRole(oidcAuth.getUserInfo().getEmail(), role);
}
}
public interface Update {
Collection<? extends GrantedAuthority> authorities(Collection<? extends GrantedAuthority> old);