Compare commits
No commits in common. "b9eb17e5c6295ef35edfbd8c16d8fd3ef1b78c3c" and "754c422be0e686c2d8e1f0d7db7eb1fee4b18f17" have entirely different histories.
b9eb17e5c6
...
754c422be0
6
.github/workflows/maven.yml
vendored
6
.github/workflows/maven.yml
vendored
@ -18,9 +18,9 @@ jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/checkout@v3
|
||||
- name: Set up JDK 17
|
||||
uses: actions/setup-java@v4
|
||||
uses: actions/setup-java@v3
|
||||
with:
|
||||
java-version: '21'
|
||||
distribution: 'temurin'
|
||||
@ -32,4 +32,4 @@ jobs:
|
||||
|
||||
# Optional: Uploads the full dependency graph to GitHub to improve the quality of Dependabot alerts this repository can receive
|
||||
- name: Update dependency graph
|
||||
uses: advanced-security/maven-dependency-submission-action@4f64ddab9d742a4806eeb588d238e4c311a8397d
|
||||
uses: advanced-security/maven-dependency-submission-action@571e99aab1055c2e71a1e2309b9691de18d6b7d6
|
||||
|
||||
2
pom.xml
2
pom.xml
@ -3,7 +3,7 @@
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>kangaroo-and-rabbit</groupId>
|
||||
<artifactId>archidata</artifactId>
|
||||
<version>0.19.0</version>
|
||||
<version>0.18.0</version>
|
||||
<properties>
|
||||
<java.version>21</java.version>
|
||||
<maven.compiler.version>3.1</maven.compiler.version>
|
||||
|
||||
@ -187,7 +187,7 @@ public class AuthenticationFilter implements ContainerRequestFilter {
|
||||
final MySecurityContext userContext,
|
||||
final List<String> roles) throws SystemException {
|
||||
for (final String role : roles) {
|
||||
if (userContext.isUserInRole(this.applicationName + "/" + role)) {
|
||||
if (userContext.isUserInRole(this.applicationName, role)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
@ -245,7 +245,7 @@ public class AuthenticationFilter implements ContainerRequestFilter {
|
||||
user.type = UserByToken.TYPE_USER;
|
||||
final Object rowRight = ret.getClaim("right");
|
||||
if (rowRight != null) {
|
||||
LOGGER.info("Detect right in Authentication Filter: {}", rowRight);
|
||||
LOGGER.info("Detect right in Authentication Filer: {}", rowRight);
|
||||
user.right = (Map<String, Map<String, Object>>) ret.getClaim("right");
|
||||
/*
|
||||
if (rights.containsKey(this.applicationName)) {
|
||||
|
||||
@ -26,7 +26,17 @@ public class MySecurityContext implements SecurityContext {
|
||||
return this.contextPrincipale;
|
||||
}
|
||||
|
||||
public Object getRightOfRoleInGroup(final String group, final String role) {
|
||||
public boolean isUserInRole(final String group, final String role) {
|
||||
if (this.contextPrincipale.userByToken != null) {
|
||||
final Object value = this.contextPrincipale.userByToken.getRight(group, role);
|
||||
if (value instanceof final Boolean ret) {
|
||||
return ret;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
public Object getUserInRole(final String group, final String role) {
|
||||
if (this.contextPrincipale.userByToken != null) {
|
||||
return this.contextPrincipale.userByToken.getRight(group, role);
|
||||
}
|
||||
@ -47,95 +57,10 @@ public class MySecurityContext implements SecurityContext {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Not sure the Long type is definitive.
|
||||
public Long getUserID() {
|
||||
if (this.contextPrincipale.userByToken != null) {
|
||||
return this.contextPrincipale.userByToken.id;
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
public boolean checkRightInGroup(
|
||||
final String group,
|
||||
final String role,
|
||||
final boolean needRead,
|
||||
final boolean needWrite) {
|
||||
if ("USER".equals(role)) {
|
||||
if (groupExist(group)) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
// get associated Roles:
|
||||
final Object rightPart = getRightOfRoleInGroup(group, role);
|
||||
LOGGER.info("detect : {}", rightPart);
|
||||
long dataRight = 0;
|
||||
if (rightPart instanceof final Long rightPartCasted) {
|
||||
dataRight = rightPartCasted;
|
||||
} else if (rightPart instanceof final Integer rightPartCasted) {
|
||||
dataRight = rightPartCasted;
|
||||
}
|
||||
if (dataRight == PartRight.READ_WRITE.getValue()) {
|
||||
return true;
|
||||
}
|
||||
if (!needRead && needWrite && dataRight == PartRight.WRITE.getValue()) {
|
||||
return true;
|
||||
}
|
||||
if (needRead && !needWrite && dataRight == PartRight.READ.getValue()) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isUserInRole(final String role) {
|
||||
String roleEdit = role;
|
||||
boolean needRead = false;
|
||||
boolean needWrite = false;
|
||||
// Check if the API overwrite the right needed for this API.
|
||||
if (roleEdit.contains(":")) {
|
||||
if (roleEdit.endsWith(":w")) {
|
||||
try {
|
||||
roleEdit = roleEdit.substring(0, roleEdit.length() - 2);
|
||||
} catch (final IndexOutOfBoundsException ex) {
|
||||
LOGGER.error("Fail to extract role of '{}'", role);
|
||||
ex.printStackTrace();
|
||||
return false;
|
||||
}
|
||||
needWrite = true;
|
||||
} else if (roleEdit.endsWith(":r")) {
|
||||
try {
|
||||
roleEdit = roleEdit.substring(0, roleEdit.length() - 2);
|
||||
} catch (final IndexOutOfBoundsException ex) {
|
||||
LOGGER.error("Fail to extract role of '{}'", role);
|
||||
ex.printStackTrace();
|
||||
return false;
|
||||
}
|
||||
needRead = true;
|
||||
} else if (roleEdit.endsWith(":rw")) {
|
||||
try {
|
||||
roleEdit = roleEdit.substring(0, roleEdit.length() - 3);
|
||||
} catch (final IndexOutOfBoundsException ex) {
|
||||
LOGGER.error("Fail to extract role of '{}'", role);
|
||||
ex.printStackTrace();
|
||||
return false;
|
||||
}
|
||||
needRead = true;
|
||||
needWrite = true;
|
||||
} else {
|
||||
LOGGER.error("Request check right of an unknow right mode: {} (after ':')", roleEdit);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
if (roleEdit.contains("/")) {
|
||||
final String[] elements = roleEdit.split("/");
|
||||
return checkRightInGroup(elements[0], elements[1], needRead, needWrite);
|
||||
}
|
||||
// Special case, if the token is valid, it is an USER ...
|
||||
if ("USER".equals(roleEdit)) {
|
||||
return true;
|
||||
}
|
||||
return checkRightInGroup("?system?", roleEdit, needRead, needWrite);
|
||||
// TODO Auto-generated method stub
|
||||
return isUserInRole("???", role);
|
||||
}
|
||||
|
||||
public Object getRole(final String role) {
|
||||
|
||||
@ -1,30 +0,0 @@
|
||||
package org.kar.archidata.filter;
|
||||
|
||||
import com.fasterxml.jackson.annotation.JsonValue;
|
||||
|
||||
public enum PartRight {
|
||||
NONE(0), //
|
||||
READ(1), //
|
||||
WRITE(2), //
|
||||
READ_WRITE(3);
|
||||
|
||||
private final int value;
|
||||
|
||||
PartRight(final int value) {
|
||||
this.value = value;
|
||||
}
|
||||
|
||||
@JsonValue
|
||||
public int getValue() {
|
||||
return this.value;
|
||||
}
|
||||
|
||||
public static PartRight fromValue(final int value) {
|
||||
for (final PartRight element : values()) {
|
||||
if (element.getValue() == value) {
|
||||
return element;
|
||||
}
|
||||
}
|
||||
throw new IllegalArgumentException("PartRight: Unknown value: " + value);
|
||||
}
|
||||
}
|
||||
@ -1 +1 @@
|
||||
0.19.0
|
||||
0.18.0
|
||||
|
||||
Loading…
Reference in New Issue
Block a user