Compare commits
No commits in common. "b9eb17e5c6295ef35edfbd8c16d8fd3ef1b78c3c" and "754c422be0e686c2d8e1f0d7db7eb1fee4b18f17" have entirely different histories.
b9eb17e5c6
...
754c422be0
6
.github/workflows/maven.yml
vendored
6
.github/workflows/maven.yml
vendored
@ -18,9 +18,9 @@ jobs:
|
|||||||
build:
|
build:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v3
|
||||||
- name: Set up JDK 17
|
- name: Set up JDK 17
|
||||||
uses: actions/setup-java@v4
|
uses: actions/setup-java@v3
|
||||||
with:
|
with:
|
||||||
java-version: '21'
|
java-version: '21'
|
||||||
distribution: 'temurin'
|
distribution: 'temurin'
|
||||||
@ -32,4 +32,4 @@ jobs:
|
|||||||
|
|
||||||
# Optional: Uploads the full dependency graph to GitHub to improve the quality of Dependabot alerts this repository can receive
|
# Optional: Uploads the full dependency graph to GitHub to improve the quality of Dependabot alerts this repository can receive
|
||||||
- name: Update dependency graph
|
- name: Update dependency graph
|
||||||
uses: advanced-security/maven-dependency-submission-action@4f64ddab9d742a4806eeb588d238e4c311a8397d
|
uses: advanced-security/maven-dependency-submission-action@571e99aab1055c2e71a1e2309b9691de18d6b7d6
|
||||||
|
|||||||
2
pom.xml
2
pom.xml
@ -3,7 +3,7 @@
|
|||||||
<modelVersion>4.0.0</modelVersion>
|
<modelVersion>4.0.0</modelVersion>
|
||||||
<groupId>kangaroo-and-rabbit</groupId>
|
<groupId>kangaroo-and-rabbit</groupId>
|
||||||
<artifactId>archidata</artifactId>
|
<artifactId>archidata</artifactId>
|
||||||
<version>0.19.0</version>
|
<version>0.18.0</version>
|
||||||
<properties>
|
<properties>
|
||||||
<java.version>21</java.version>
|
<java.version>21</java.version>
|
||||||
<maven.compiler.version>3.1</maven.compiler.version>
|
<maven.compiler.version>3.1</maven.compiler.version>
|
||||||
|
|||||||
@ -187,7 +187,7 @@ public class AuthenticationFilter implements ContainerRequestFilter {
|
|||||||
final MySecurityContext userContext,
|
final MySecurityContext userContext,
|
||||||
final List<String> roles) throws SystemException {
|
final List<String> roles) throws SystemException {
|
||||||
for (final String role : roles) {
|
for (final String role : roles) {
|
||||||
if (userContext.isUserInRole(this.applicationName + "/" + role)) {
|
if (userContext.isUserInRole(this.applicationName, role)) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -245,7 +245,7 @@ public class AuthenticationFilter implements ContainerRequestFilter {
|
|||||||
user.type = UserByToken.TYPE_USER;
|
user.type = UserByToken.TYPE_USER;
|
||||||
final Object rowRight = ret.getClaim("right");
|
final Object rowRight = ret.getClaim("right");
|
||||||
if (rowRight != null) {
|
if (rowRight != null) {
|
||||||
LOGGER.info("Detect right in Authentication Filter: {}", rowRight);
|
LOGGER.info("Detect right in Authentication Filer: {}", rowRight);
|
||||||
user.right = (Map<String, Map<String, Object>>) ret.getClaim("right");
|
user.right = (Map<String, Map<String, Object>>) ret.getClaim("right");
|
||||||
/*
|
/*
|
||||||
if (rights.containsKey(this.applicationName)) {
|
if (rights.containsKey(this.applicationName)) {
|
||||||
|
|||||||
@ -26,7 +26,17 @@ public class MySecurityContext implements SecurityContext {
|
|||||||
return this.contextPrincipale;
|
return this.contextPrincipale;
|
||||||
}
|
}
|
||||||
|
|
||||||
public Object getRightOfRoleInGroup(final String group, final String role) {
|
public boolean isUserInRole(final String group, final String role) {
|
||||||
|
if (this.contextPrincipale.userByToken != null) {
|
||||||
|
final Object value = this.contextPrincipale.userByToken.getRight(group, role);
|
||||||
|
if (value instanceof final Boolean ret) {
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
public Object getUserInRole(final String group, final String role) {
|
||||||
if (this.contextPrincipale.userByToken != null) {
|
if (this.contextPrincipale.userByToken != null) {
|
||||||
return this.contextPrincipale.userByToken.getRight(group, role);
|
return this.contextPrincipale.userByToken.getRight(group, role);
|
||||||
}
|
}
|
||||||
@ -47,95 +57,10 @@ public class MySecurityContext implements SecurityContext {
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Not sure the Long type is definitive.
|
|
||||||
public Long getUserID() {
|
|
||||||
if (this.contextPrincipale.userByToken != null) {
|
|
||||||
return this.contextPrincipale.userByToken.id;
|
|
||||||
}
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
public boolean checkRightInGroup(
|
|
||||||
final String group,
|
|
||||||
final String role,
|
|
||||||
final boolean needRead,
|
|
||||||
final boolean needWrite) {
|
|
||||||
if ("USER".equals(role)) {
|
|
||||||
if (groupExist(group)) {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
// get associated Roles:
|
|
||||||
final Object rightPart = getRightOfRoleInGroup(group, role);
|
|
||||||
LOGGER.info("detect : {}", rightPart);
|
|
||||||
long dataRight = 0;
|
|
||||||
if (rightPart instanceof final Long rightPartCasted) {
|
|
||||||
dataRight = rightPartCasted;
|
|
||||||
} else if (rightPart instanceof final Integer rightPartCasted) {
|
|
||||||
dataRight = rightPartCasted;
|
|
||||||
}
|
|
||||||
if (dataRight == PartRight.READ_WRITE.getValue()) {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
if (!needRead && needWrite && dataRight == PartRight.WRITE.getValue()) {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
if (needRead && !needWrite && dataRight == PartRight.READ.getValue()) {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean isUserInRole(final String role) {
|
public boolean isUserInRole(final String role) {
|
||||||
String roleEdit = role;
|
// TODO Auto-generated method stub
|
||||||
boolean needRead = false;
|
return isUserInRole("???", role);
|
||||||
boolean needWrite = false;
|
|
||||||
// Check if the API overwrite the right needed for this API.
|
|
||||||
if (roleEdit.contains(":")) {
|
|
||||||
if (roleEdit.endsWith(":w")) {
|
|
||||||
try {
|
|
||||||
roleEdit = roleEdit.substring(0, roleEdit.length() - 2);
|
|
||||||
} catch (final IndexOutOfBoundsException ex) {
|
|
||||||
LOGGER.error("Fail to extract role of '{}'", role);
|
|
||||||
ex.printStackTrace();
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
needWrite = true;
|
|
||||||
} else if (roleEdit.endsWith(":r")) {
|
|
||||||
try {
|
|
||||||
roleEdit = roleEdit.substring(0, roleEdit.length() - 2);
|
|
||||||
} catch (final IndexOutOfBoundsException ex) {
|
|
||||||
LOGGER.error("Fail to extract role of '{}'", role);
|
|
||||||
ex.printStackTrace();
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
needRead = true;
|
|
||||||
} else if (roleEdit.endsWith(":rw")) {
|
|
||||||
try {
|
|
||||||
roleEdit = roleEdit.substring(0, roleEdit.length() - 3);
|
|
||||||
} catch (final IndexOutOfBoundsException ex) {
|
|
||||||
LOGGER.error("Fail to extract role of '{}'", role);
|
|
||||||
ex.printStackTrace();
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
needRead = true;
|
|
||||||
needWrite = true;
|
|
||||||
} else {
|
|
||||||
LOGGER.error("Request check right of an unknow right mode: {} (after ':')", roleEdit);
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (roleEdit.contains("/")) {
|
|
||||||
final String[] elements = roleEdit.split("/");
|
|
||||||
return checkRightInGroup(elements[0], elements[1], needRead, needWrite);
|
|
||||||
}
|
|
||||||
// Special case, if the token is valid, it is an USER ...
|
|
||||||
if ("USER".equals(roleEdit)) {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
return checkRightInGroup("?system?", roleEdit, needRead, needWrite);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public Object getRole(final String role) {
|
public Object getRole(final String role) {
|
||||||
|
|||||||
@ -1,30 +0,0 @@
|
|||||||
package org.kar.archidata.filter;
|
|
||||||
|
|
||||||
import com.fasterxml.jackson.annotation.JsonValue;
|
|
||||||
|
|
||||||
public enum PartRight {
|
|
||||||
NONE(0), //
|
|
||||||
READ(1), //
|
|
||||||
WRITE(2), //
|
|
||||||
READ_WRITE(3);
|
|
||||||
|
|
||||||
private final int value;
|
|
||||||
|
|
||||||
PartRight(final int value) {
|
|
||||||
this.value = value;
|
|
||||||
}
|
|
||||||
|
|
||||||
@JsonValue
|
|
||||||
public int getValue() {
|
|
||||||
return this.value;
|
|
||||||
}
|
|
||||||
|
|
||||||
public static PartRight fromValue(final int value) {
|
|
||||||
for (final PartRight element : values()) {
|
|
||||||
if (element.getValue() == value) {
|
|
||||||
return element;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
throw new IllegalArgumentException("PartRight: Unknown value: " + value);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@ -1 +1 @@
|
|||||||
0.19.0
|
0.18.0
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user