Manage correct rights
This commit is contained in:
parent
ca18d3759d
commit
d028eb2261
@ -4,7 +4,6 @@ import java.io.IOException;
|
||||
import java.lang.reflect.Method;
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Map.Entry;
|
||||
// https://stackoverflow.com/questions/26777083/best-practice-for-rest-token-based-authentication-with-jax-rs-and-jersey
|
||||
// https://stackoverflow.com/questions/26777083/best-practice-for-rest-token-based-authentication-with-jax-rs-and-jersey/45814178#45814178
|
||||
@ -246,7 +245,7 @@ public class AuthenticationFilter implements ContainerRequestFilter {
|
||||
final Object rowRight = ret.getClaim("right");
|
||||
if (rowRight != null) {
|
||||
LOGGER.info("Detect right in Authentication Filter: {}", rowRight);
|
||||
user.right = (Map<String, Map<String, Object>>) ret.getClaim("right");
|
||||
user.right = RightSafeCaster.safeCastAndTransform(ret.getClaim("right"));
|
||||
/*
|
||||
if (rights.containsKey(this.applicationName)) {
|
||||
user.right = rights.get(this.applicationName);
|
||||
|
||||
@ -26,7 +26,7 @@ public class MySecurityContext implements SecurityContext {
|
||||
return this.contextPrincipale;
|
||||
}
|
||||
|
||||
public Object getRightOfRoleInGroup(final String group, final String role) {
|
||||
public PartRight getRightOfRoleInGroup(final String group, final String role) {
|
||||
if (this.contextPrincipale.userByToken != null) {
|
||||
return this.contextPrincipale.userByToken.getRight(group, role);
|
||||
}
|
||||
@ -67,21 +67,15 @@ public class MySecurityContext implements SecurityContext {
|
||||
return false;
|
||||
}
|
||||
// get associated Roles:
|
||||
final Object rightPart = getRightOfRoleInGroup(group, role);
|
||||
final PartRight rightPart = getRightOfRoleInGroup(group, role);
|
||||
LOGGER.info("detect : {}", rightPart);
|
||||
long dataRight = 0;
|
||||
if (rightPart instanceof final Long rightPartCasted) {
|
||||
dataRight = rightPartCasted;
|
||||
} else if (rightPart instanceof final Integer rightPartCasted) {
|
||||
dataRight = rightPartCasted;
|
||||
}
|
||||
if (dataRight == PartRight.READ_WRITE.getValue()) {
|
||||
if (PartRight.READ_WRITE.equals(rightPart)) {
|
||||
return true;
|
||||
}
|
||||
if (!needRead && needWrite && dataRight == PartRight.WRITE.getValue()) {
|
||||
if (!needRead && needWrite && PartRight.WRITE.equals(rightPart)) {
|
||||
return true;
|
||||
}
|
||||
if (needRead && !needWrite && dataRight == PartRight.READ.getValue()) {
|
||||
if (needRead && !needWrite && PartRight.READ.equals(rightPart)) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
|
||||
@ -27,4 +27,27 @@ public enum PartRight {
|
||||
}
|
||||
throw new IllegalArgumentException("PartRight: Unknown value: " + value);
|
||||
}
|
||||
|
||||
public static PartRight fromValue(final long value) {
|
||||
for (final PartRight element : values()) {
|
||||
if (element.getValue() == value) {
|
||||
return element;
|
||||
}
|
||||
}
|
||||
throw new IllegalArgumentException("PartRight: Unknown value: " + value);
|
||||
}
|
||||
|
||||
public static PartRight fromString(final String value) {
|
||||
if (value == null) {
|
||||
throw new IllegalArgumentException("La chaîne ne peut pas être nulle");
|
||||
}
|
||||
|
||||
return switch (value.toUpperCase()) {
|
||||
case "NONE" -> NONE;
|
||||
case "READ" -> READ;
|
||||
case "WRITE" -> WRITE;
|
||||
case "READ_WRITE" -> READ_WRITE;
|
||||
default -> throw new IllegalArgumentException("Valeur inconnue pour PartRight : " + value);
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
61
src/org/kar/archidata/filter/RightSafeCaster.java
Normal file
61
src/org/kar/archidata/filter/RightSafeCaster.java
Normal file
@ -0,0 +1,61 @@
|
||||
package org.kar.archidata.filter;
|
||||
|
||||
import java.util.Map;
|
||||
|
||||
public class RightSafeCaster {
|
||||
|
||||
@SuppressWarnings("unchecked")
|
||||
public static Map<String, Map<String, PartRight>> safeCastAndTransform(final Object obj) {
|
||||
if (!(obj instanceof Map)) {
|
||||
throw new IllegalArgumentException("L'objet n'est pas un Map");
|
||||
}
|
||||
|
||||
final Map<?, ?> outerMap = (Map<?, ?>) obj;
|
||||
|
||||
// Résultat final après vérification et transformation
|
||||
final Map<String, Map<String, PartRight>> resultMap = new java.util.HashMap<>();
|
||||
|
||||
for (final Map.Entry<?, ?> outerEntry : outerMap.entrySet()) {
|
||||
if (!(outerEntry.getKey() instanceof String)) {
|
||||
throw new IllegalArgumentException("Une clé du Map externe n'est pas de type String");
|
||||
}
|
||||
|
||||
if (!(outerEntry.getValue() instanceof Map)) {
|
||||
throw new IllegalArgumentException("Une valeur du Map externe n'est pas un Map");
|
||||
}
|
||||
|
||||
final String outerKey = (String) outerEntry.getKey();
|
||||
final Map<?, ?> innerMap = (Map<?, ?>) outerEntry.getValue();
|
||||
|
||||
final Map<String, PartRight> transformedInnerMap = new java.util.HashMap<>();
|
||||
|
||||
for (final Map.Entry<?, ?> innerEntry : innerMap.entrySet()) {
|
||||
if (!(innerEntry.getKey() instanceof String)) {
|
||||
throw new IllegalArgumentException("Une clé du Map interne n'est pas de type String");
|
||||
}
|
||||
|
||||
final String innerKey = (String) innerEntry.getKey();
|
||||
final Object value = innerEntry.getValue();
|
||||
|
||||
PartRight partRight;
|
||||
if (value instanceof PartRight) {
|
||||
partRight = (PartRight) value;
|
||||
} else if (value instanceof final Integer valueCasted) {
|
||||
partRight = PartRight.fromValue(valueCasted);
|
||||
} else if (value instanceof final Long valueCasted) {
|
||||
partRight = PartRight.fromValue(valueCasted);
|
||||
} else if (value instanceof final String valueCasted) {
|
||||
partRight = PartRight.fromString(valueCasted);
|
||||
} else {
|
||||
throw new IllegalArgumentException("The Map Value is neither PartRight nor String nor Integer");
|
||||
}
|
||||
|
||||
transformedInnerMap.put(innerKey, partRight);
|
||||
}
|
||||
|
||||
resultMap.put(outerKey, transformedInnerMap);
|
||||
}
|
||||
|
||||
return resultMap;
|
||||
}
|
||||
}
|
||||
@ -4,6 +4,8 @@ import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
import org.kar.archidata.filter.PartRight;
|
||||
|
||||
public class UserByToken {
|
||||
public static final int TYPE_USER = -1;
|
||||
public static final int TYPE_APPLICATION = -2;
|
||||
@ -11,10 +13,11 @@ public class UserByToken {
|
||||
public Integer type = null;
|
||||
|
||||
public Long id = null;
|
||||
public Long parentId = null; // FOr application, this is the id of the application, and of user token, this is the USERID
|
||||
// For application, this is the id of the application, and of user token, this is the USERID
|
||||
public Long parentId = null;
|
||||
public String name = null;
|
||||
// Right map
|
||||
public Map<String, Map<String, Object>> right = new HashMap<>();
|
||||
public Map<String, Map<String, PartRight>> right = new HashMap<>();
|
||||
|
||||
public Set<String> getGroups() {
|
||||
return this.right.keySet();
|
||||
@ -27,11 +30,11 @@ public class UserByToken {
|
||||
return this.right.containsKey(group);
|
||||
}
|
||||
|
||||
public Object getRight(final String group, final String key) {
|
||||
public PartRight getRight(final String group, final String key) {
|
||||
if (!this.right.containsKey(group)) {
|
||||
return null;
|
||||
}
|
||||
final Map<String, Object> rightGroup = this.right.get(group);
|
||||
final Map<String, PartRight> rightGroup = this.right.get(group);
|
||||
if (!rightGroup.containsKey(key)) {
|
||||
return null;
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user