195 lines
6.1 KiB
Java
195 lines
6.1 KiB
Java
/**
|
|
*
|
|
*/
|
|
package org.gcube.informationsystem.resourceregistry.context;
|
|
|
|
import java.util.HashMap;
|
|
import java.util.Map;
|
|
import java.util.UUID;
|
|
|
|
import org.gcube.informationsystem.resourceregistry.dbinitialization.DatabaseEnvironment;
|
|
import org.gcube.informationsystem.resourceregistry.dbinitialization.DatabaseIntializator;
|
|
import org.slf4j.Logger;
|
|
import org.slf4j.LoggerFactory;
|
|
|
|
import com.orientechnologies.orient.core.db.document.ODatabaseDocumentTx;
|
|
import com.tinkerpop.blueprints.impls.orient.OrientGraph;
|
|
import com.tinkerpop.blueprints.impls.orient.OrientGraphFactory;
|
|
import com.tinkerpop.blueprints.impls.orient.OrientGraphNoTx;
|
|
|
|
/**
|
|
* @author Luca Frosini (ISTI - CNR)
|
|
*
|
|
*/
|
|
public abstract class SecurityContextMapper {
|
|
|
|
private static Logger logger = LoggerFactory
|
|
.getLogger(SecurityContextMapper.class);
|
|
|
|
// Used to persist Schemas
|
|
protected static final String ADMIN_SECURITY_CONTEXT = "00000000-0000-0000-0000-000000000000";
|
|
protected static final UUID ADMIN_SECURITY_CONTEXT_UUID = UUID.fromString(ADMIN_SECURITY_CONTEXT);
|
|
|
|
// Used to Persist Context and thei relations
|
|
public static final String MANAGEMENT_SECURITY_CONTEXT = "ffffffff-ffff-ffff-ffff-ffffffffffff";
|
|
public static final UUID MANAGEMENT_SECURITY_CONTEXT_UUID = UUID.fromString(MANAGEMENT_SECURITY_CONTEXT);
|
|
|
|
private static final Map<PermissionMode, Map<UUID, OrientGraphFactory>> securityContextFactories;
|
|
|
|
static {
|
|
try {
|
|
boolean created = DatabaseIntializator.initGraphDB();
|
|
|
|
logger.trace("Creating factory for {} connecting as {}",
|
|
DatabaseEnvironment.DB_URI,
|
|
DatabaseEnvironment.CHANGED_ADMIN_USERNAME);
|
|
|
|
securityContextFactories = new HashMap<>();
|
|
|
|
OrientGraphFactory factory = new OrientGraphFactory(
|
|
DatabaseEnvironment.DB_URI,
|
|
DatabaseEnvironment.CHANGED_ADMIN_USERNAME,
|
|
DatabaseEnvironment.CHANGED_ADMIN_PASSWORD)
|
|
.setupPool(1, 10);
|
|
|
|
factory.setConnectionStrategy(DatabaseIntializator.CONNECTION_STRATEGY_PARAMETER.toString());
|
|
|
|
for (PermissionMode p : PermissionMode.values()) {
|
|
Map<UUID, OrientGraphFactory> map = new HashMap<>();
|
|
securityContextFactories.put(p, map);
|
|
|
|
getSecurityContextFactory(ADMIN_SECURITY_CONTEXT_UUID, p, false);
|
|
}
|
|
|
|
if (created) {
|
|
OrientGraph orientGraph = factory.getTx();
|
|
SecurityContext.createSecurityContext(orientGraph, MANAGEMENT_SECURITY_CONTEXT_UUID);
|
|
|
|
getSecurityContextFactory(MANAGEMENT_SECURITY_CONTEXT_UUID,
|
|
PermissionMode.READER, false);
|
|
getSecurityContextFactory(MANAGEMENT_SECURITY_CONTEXT_UUID,
|
|
PermissionMode.WRITER, false);
|
|
|
|
DatabaseIntializator.createEntitiesAndRelations();
|
|
}
|
|
|
|
} catch (Exception e) {
|
|
logger.error("Error initializing database connection", e);
|
|
throw new RuntimeException(
|
|
"Error initializing database connection", e);
|
|
}
|
|
}
|
|
|
|
public enum SecurityType {
|
|
ROLE("Role"), USER("User");
|
|
|
|
private final String name;
|
|
|
|
private SecurityType(String name) {
|
|
this.name = name;
|
|
}
|
|
|
|
public String toString() {
|
|
return name;
|
|
}
|
|
}
|
|
|
|
public enum PermissionMode {
|
|
READER("Reader"), WRITER("Writer");
|
|
|
|
private final String name;
|
|
|
|
private PermissionMode(String name) {
|
|
this.name = name;
|
|
}
|
|
|
|
public String toString() {
|
|
return name;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* @param context Context UUID. For ADMIN operation uses SecurityContextMapper.ADMIN_SECURITY_CONTEXT_UUID
|
|
* @return
|
|
*/
|
|
private static OrientGraphFactory getSecurityContextFactory(
|
|
UUID context, PermissionMode permissionMode, boolean recreate) {
|
|
OrientGraphFactory factory = null;
|
|
|
|
Map<UUID, OrientGraphFactory> permissionSecurityContextFactories = securityContextFactories.get(permissionMode);
|
|
|
|
if(recreate) {
|
|
permissionSecurityContextFactories.remove(context);
|
|
}else {
|
|
factory = permissionSecurityContextFactories.get(context);
|
|
}
|
|
|
|
if (factory == null) {
|
|
|
|
String username = null;
|
|
String password = null;
|
|
|
|
if(context.compareTo(ADMIN_SECURITY_CONTEXT_UUID)==0){
|
|
username = DatabaseEnvironment.CHANGED_ADMIN_USERNAME;
|
|
password = DatabaseEnvironment.CHANGED_ADMIN_PASSWORD;
|
|
}else {
|
|
username = getSecurityRoleOrUserName(permissionMode, SecurityType.USER, context);
|
|
password = DatabaseEnvironment.DEFAULT_PASSWORDS.get(permissionMode);
|
|
}
|
|
|
|
factory = new OrientGraphFactory(DatabaseEnvironment.DB_URI,
|
|
username, password).setupPool(1, 10);
|
|
factory.setConnectionStrategy(DatabaseIntializator.CONNECTION_STRATEGY_PARAMETER.toString());
|
|
|
|
permissionSecurityContextFactories.put(context, factory);
|
|
}
|
|
|
|
return factory;
|
|
}
|
|
|
|
protected static OrientGraph getSecurityContextGraph(
|
|
UUID context, PermissionMode permissionMode) {
|
|
OrientGraphFactory factory = getSecurityContextFactory(context, permissionMode, false);
|
|
OrientGraph orientGraph = factory.getTx();
|
|
if(orientGraph.isClosed()) {
|
|
factory = getSecurityContextFactory(context, permissionMode, true);
|
|
orientGraph = factory.getTx();
|
|
}
|
|
return orientGraph;
|
|
}
|
|
|
|
protected static OrientGraphNoTx getSecurityContextGraphNoTx(
|
|
UUID context, PermissionMode permissionMode) {
|
|
OrientGraphFactory factory = getSecurityContextFactory(context, permissionMode, false);
|
|
OrientGraphNoTx orientGraphNoTx = factory.getNoTx();
|
|
if(orientGraphNoTx.isClosed()) {
|
|
factory = getSecurityContextFactory(context, permissionMode, true);
|
|
orientGraphNoTx = factory.getNoTx();
|
|
}
|
|
return orientGraphNoTx;
|
|
}
|
|
|
|
public static ODatabaseDocumentTx getSecurityContextDatabaseDocumentTx(
|
|
UUID context, PermissionMode permissionMode) {
|
|
OrientGraphFactory factory = getSecurityContextFactory(context, permissionMode, false);
|
|
ODatabaseDocumentTx databaseDocumentTx = factory.getDatabase();
|
|
if(databaseDocumentTx.isClosed()) {
|
|
factory = getSecurityContextFactory(context, permissionMode, true);
|
|
databaseDocumentTx = factory.getDatabase();
|
|
}
|
|
return databaseDocumentTx;
|
|
}
|
|
|
|
public static String getSecurityRoleOrUserName(
|
|
PermissionMode permissionMode, SecurityType securityType,
|
|
UUID context) {
|
|
StringBuilder stringBuilder = new StringBuilder();
|
|
stringBuilder.append(permissionMode);
|
|
stringBuilder.append(securityType);
|
|
stringBuilder.append("_");
|
|
stringBuilder.append(context.toString());
|
|
return stringBuilder.toString();
|
|
}
|
|
|
|
}
|