Loading data-access/servlet/src/main/java/auth/authz/AuthPolicy.java +38 −162 Original line number Diff line number Diff line Loading @@ -40,24 +40,6 @@ public class AuthPolicy private String[] userGroups; private boolean userGroupsValid; // private String dbConnUrl; // private String dbUserName; // private String dbPassword; /* public AuthPolicy(String userName, String[] userGroups) { this.userName = userName; this.userGroups = userGroups; this.userGroupsValid = true; access = Access.PUBLIC_AND_AUTHORIZED_PRIVATE; LOGGER.finer("User [Groups]: " + userName + " [ " + String.join(" ", userGroups) + " ]" ); } */ public AuthPolicy(Principal principal) { Loading Loading @@ -97,69 +79,7 @@ public class AuthPolicy } public String getUserName() { return userName; } public boolean getUserGroupsValid() { return userGroupsValid; } public String[] getUserGroups() { return userGroups; } public String getUserGroupsSqlFormat() { if( (userGroups != null) && (userGroups.length > 0) ) { return "\"" + String.join("\",\"" , userGroups) + "\""; } else { return null; } } public String getUserGroupsAsString(String separator) { if( (userGroups != null) && (userGroups.length > 0) ) { return String.join(separator, userGroups); } else { return null; } } public String getAccessPolicy() { return access.name(); // returns enum as string } public void toXML(PrintWriter writer) { writer.println("<AccessPolicy>" + this.getAccessPolicy() + "</AccessPolicy>"); String ug = getUserGroupsAsString(" "); if(userName != null) writer.println("<UserName>" + userName + "</UserName>"); if(ug != null) writer.println("<GroupNames>" + ug + "</GroupNames>"); } // API public String[] filterAuthorized(String[] pubdidArr) public String[] removeNotAuthorized(String[] pubdidArr) { LOGGER.finer("trace"); Loading @@ -168,7 +88,6 @@ public class AuthPolicy switch(access) { case PUBLIC_ONLY : //filterNotPublic(pubdidList); AuthPolicyDb adb; synchronized(AuthPolicyDb.class) { Loading @@ -177,48 +96,34 @@ public class AuthPolicy pubdidList = adb.selectPublicOnly(pubdidArr); break; case PUBLIC_AND_AUTHORIZED_PRIVATE : filterNotAuthorized(pubdidList); List<AuthPolicyDb.PubdidGroups> privateGroups = dbQueryPrivateUniqGroups(pubdidList); List<String> notAuthorizedPubdids = selectNotAuthorized(privateGroups, userGroups); removeNotAuthZd(pubdidList, notAuthorizedPubdids); break; default : assert false : "Unrecoginzed access : " + access; } return pubdidList.toArray(new String[0]); } // remove PRIVATE from the list /* private void filterNotPublic(ArrayList<String> pubdids) { LOGGER.fine("trace"); assert pubdids != null; LOGGER.finer("PublisherDID list original : " + String.join(" ", pubdids)); List<AuthPolicyDb.PubdidGroups> privateUniqPubdids = db_queryPrivateUniqPubdidGroups(pubdids); List<String> notAuthorizedUniqPubdids = pubdidsNotPublic(privateUniqPubdids, userGroups); LOGGER.finest("AuthZ removes: " + String.join(" ", notAuthorizedUniqPubdids)); removeNotAuthorized(pubdids, notAuthorizedUniqPubdids); LOGGER.finest("PublisherDID list filtered : " + (pubdids.isEmpty() ? "" : String.join(" ", pubdids))); } private List<String> pubdidsNotPublic(List<AuthPolicyDb.PubdidGroups> pubdidList, String[] userGroups) private List<String> selectNotAuthorized(List<AuthPolicyDb.PubdidGroups> pubdidList, String[] userGroups) { LOGGER.fine("trace"); ListIterator<AuthPolicyDb.PubdidGroups> it = pubdidList.listIterator(); List<String> pubdidsNotAuthorizedList = new LinkedList<String>(); ListIterator<AuthPolicyDb.PubdidGroups> it = pubdidList.listIterator(); while (it.hasNext()) { AuthPolicyDb.PubdidGroups pubdidGroups = it.next(); if( true )// isIntersectionEmpty(pubdidGroups.groups, userGroups) ) LOGGER.finest(pubdidGroups.pubdid + " : " + String.join(" ",pubdidGroups.groups)); if( isIntersectionEmpty(pubdidGroups.groups, userGroups) ) { pubdidsNotAuthorizedList.add(pubdidGroups.pubdid); } Loading @@ -226,53 +131,23 @@ public class AuthPolicy return pubdidsNotAuthorizedList; } */ // remove not-authorized from the list private void filterNotAuthorized(List<String> pubdids) { LOGGER.fine("trace"); assert pubdids != null; LOGGER.finer("PublisherDID list original : " + String.join(" ", pubdids)); List<AuthPolicyDb.PubdidGroups> privateUniqPubdids = db_queryPrivateUniqPubdidGroups(pubdids); List<String> notAuthorizedUniqPubdids = pubdidsNotAuthorized(privateUniqPubdids, userGroups); LOGGER.finest("AuthZ removes: " + String.join(" ", notAuthorizedUniqPubdids)); removeNotAuthorized(pubdids, notAuthorizedUniqPubdids); LOGGER.finest("PublisherDID list filtered : " + (pubdids.isEmpty() ? "" : String.join(" ", pubdids))); } private List<String> pubdidsNotAuthorized(List<AuthPolicyDb.PubdidGroups> pubdidList, String[] userGroups) private boolean isIntersectionEmpty(String[] stringsA, String[] stringsB) { LOGGER.fine("trace"); List<String> pubdidsNotAuthorizedList = new LinkedList<String>(); ListIterator<AuthPolicyDb.PubdidGroups> it = pubdidList.listIterator(); while (it.hasNext()) for(String strA : stringsA) for(String strB : stringsB) { AuthPolicyDb.PubdidGroups pubdidGroups = it.next(); LOGGER.finest(pubdidGroups.pubdid + " : " + String.join(" ",pubdidGroups.groups)); if( isIntersectionEmpty(pubdidGroups.groups, userGroups) ) if(strA.equals(strB)) { pubdidsNotAuthorizedList.add(pubdidGroups.pubdid); return false; } } return pubdidsNotAuthorizedList; return true; } private void removeNotAuthorized(List<String> pubdids, List<String> notAuthorizedUniqPubdids) private void removeNotAuthZd(List<String> pubdids, List<String> notAuthorizedUniqPubdids) { ListIterator<String> itr = pubdids.listIterator(); while (itr.hasNext()) Loading @@ -289,23 +164,7 @@ public class AuthPolicy } private boolean isIntersectionEmpty(String[] stringsA, String[] stringsB) { for(String strA : stringsA) for(String strB : stringsB) { if(strA.equals(strB)) { return false; } } return true; } // DB-query private List<AuthPolicyDb.PubdidGroups> db_queryPrivateUniqPubdidGroups(List<String> pubdids) private List<AuthPolicyDb.PubdidGroups> dbQueryPrivateUniqGroups(List<String> pubdids) { AuthPolicyDb adb; synchronized(AuthPolicyDb.class) Loading @@ -329,6 +188,23 @@ public class AuthPolicy } // API (XmlSerialize to legacy results-xml) public String getAccessPolicy() { return access.name(); } public String getUserName() { return userName; } public String[] getUserGroups() { return userGroups; } public String getUserGroupsAsString(String separator) { if( (userGroups != null) && (userGroups.length > 0) ) { return String.join(separator, userGroups); } else { return null; } } } data-access/servlet/src/main/java/auth/authz/webapi/AuthZFilter.java +5 −5 Original line number Diff line number Diff line Loading @@ -94,23 +94,23 @@ class AuthZ throw new IllegalArgumentException("Authorization : UserPrincipal is not of expected type"); } String[] pubdidArr = pubdidList.toArray(new String[pubdidList.size()]); String[] authorized_pubdids; authorized_pubdids = auth.filterAuthorized(pubdidArr); String[] authorizedPubdids; authorizedPubdids = auth.removeNotAuthorized(pubdidArr); /* If multiplicity allowed (and in mcutout/merge): * if one or more of pubdids not-authorized -> all request not authorized * */ /* NOTE for now soda/vlkb_cutout does not allow multiplicity --> only one pubdid allowed */ if((authorized_pubdids==null) || (pubdidArr==null)) if((authorizedPubdids==null) || (pubdidArr==null)) { LOGGER.warning("One of arrays null"); return true; } else { LOGGER.finest("authorized vs original length: "+authorized_pubdids.length + " / " + pubdidArr.length); return (authorized_pubdids.length == pubdidArr.length); LOGGER.finest("authorized vs original length: "+authorizedPubdids.length + " / " + pubdidArr.length); return (authorizedPubdids.length == pubdidArr.length); } } Loading Loading
data-access/servlet/src/main/java/auth/authz/AuthPolicy.java +38 −162 Original line number Diff line number Diff line Loading @@ -40,24 +40,6 @@ public class AuthPolicy private String[] userGroups; private boolean userGroupsValid; // private String dbConnUrl; // private String dbUserName; // private String dbPassword; /* public AuthPolicy(String userName, String[] userGroups) { this.userName = userName; this.userGroups = userGroups; this.userGroupsValid = true; access = Access.PUBLIC_AND_AUTHORIZED_PRIVATE; LOGGER.finer("User [Groups]: " + userName + " [ " + String.join(" ", userGroups) + " ]" ); } */ public AuthPolicy(Principal principal) { Loading Loading @@ -97,69 +79,7 @@ public class AuthPolicy } public String getUserName() { return userName; } public boolean getUserGroupsValid() { return userGroupsValid; } public String[] getUserGroups() { return userGroups; } public String getUserGroupsSqlFormat() { if( (userGroups != null) && (userGroups.length > 0) ) { return "\"" + String.join("\",\"" , userGroups) + "\""; } else { return null; } } public String getUserGroupsAsString(String separator) { if( (userGroups != null) && (userGroups.length > 0) ) { return String.join(separator, userGroups); } else { return null; } } public String getAccessPolicy() { return access.name(); // returns enum as string } public void toXML(PrintWriter writer) { writer.println("<AccessPolicy>" + this.getAccessPolicy() + "</AccessPolicy>"); String ug = getUserGroupsAsString(" "); if(userName != null) writer.println("<UserName>" + userName + "</UserName>"); if(ug != null) writer.println("<GroupNames>" + ug + "</GroupNames>"); } // API public String[] filterAuthorized(String[] pubdidArr) public String[] removeNotAuthorized(String[] pubdidArr) { LOGGER.finer("trace"); Loading @@ -168,7 +88,6 @@ public class AuthPolicy switch(access) { case PUBLIC_ONLY : //filterNotPublic(pubdidList); AuthPolicyDb adb; synchronized(AuthPolicyDb.class) { Loading @@ -177,48 +96,34 @@ public class AuthPolicy pubdidList = adb.selectPublicOnly(pubdidArr); break; case PUBLIC_AND_AUTHORIZED_PRIVATE : filterNotAuthorized(pubdidList); List<AuthPolicyDb.PubdidGroups> privateGroups = dbQueryPrivateUniqGroups(pubdidList); List<String> notAuthorizedPubdids = selectNotAuthorized(privateGroups, userGroups); removeNotAuthZd(pubdidList, notAuthorizedPubdids); break; default : assert false : "Unrecoginzed access : " + access; } return pubdidList.toArray(new String[0]); } // remove PRIVATE from the list /* private void filterNotPublic(ArrayList<String> pubdids) { LOGGER.fine("trace"); assert pubdids != null; LOGGER.finer("PublisherDID list original : " + String.join(" ", pubdids)); List<AuthPolicyDb.PubdidGroups> privateUniqPubdids = db_queryPrivateUniqPubdidGroups(pubdids); List<String> notAuthorizedUniqPubdids = pubdidsNotPublic(privateUniqPubdids, userGroups); LOGGER.finest("AuthZ removes: " + String.join(" ", notAuthorizedUniqPubdids)); removeNotAuthorized(pubdids, notAuthorizedUniqPubdids); LOGGER.finest("PublisherDID list filtered : " + (pubdids.isEmpty() ? "" : String.join(" ", pubdids))); } private List<String> pubdidsNotPublic(List<AuthPolicyDb.PubdidGroups> pubdidList, String[] userGroups) private List<String> selectNotAuthorized(List<AuthPolicyDb.PubdidGroups> pubdidList, String[] userGroups) { LOGGER.fine("trace"); ListIterator<AuthPolicyDb.PubdidGroups> it = pubdidList.listIterator(); List<String> pubdidsNotAuthorizedList = new LinkedList<String>(); ListIterator<AuthPolicyDb.PubdidGroups> it = pubdidList.listIterator(); while (it.hasNext()) { AuthPolicyDb.PubdidGroups pubdidGroups = it.next(); if( true )// isIntersectionEmpty(pubdidGroups.groups, userGroups) ) LOGGER.finest(pubdidGroups.pubdid + " : " + String.join(" ",pubdidGroups.groups)); if( isIntersectionEmpty(pubdidGroups.groups, userGroups) ) { pubdidsNotAuthorizedList.add(pubdidGroups.pubdid); } Loading @@ -226,53 +131,23 @@ public class AuthPolicy return pubdidsNotAuthorizedList; } */ // remove not-authorized from the list private void filterNotAuthorized(List<String> pubdids) { LOGGER.fine("trace"); assert pubdids != null; LOGGER.finer("PublisherDID list original : " + String.join(" ", pubdids)); List<AuthPolicyDb.PubdidGroups> privateUniqPubdids = db_queryPrivateUniqPubdidGroups(pubdids); List<String> notAuthorizedUniqPubdids = pubdidsNotAuthorized(privateUniqPubdids, userGroups); LOGGER.finest("AuthZ removes: " + String.join(" ", notAuthorizedUniqPubdids)); removeNotAuthorized(pubdids, notAuthorizedUniqPubdids); LOGGER.finest("PublisherDID list filtered : " + (pubdids.isEmpty() ? "" : String.join(" ", pubdids))); } private List<String> pubdidsNotAuthorized(List<AuthPolicyDb.PubdidGroups> pubdidList, String[] userGroups) private boolean isIntersectionEmpty(String[] stringsA, String[] stringsB) { LOGGER.fine("trace"); List<String> pubdidsNotAuthorizedList = new LinkedList<String>(); ListIterator<AuthPolicyDb.PubdidGroups> it = pubdidList.listIterator(); while (it.hasNext()) for(String strA : stringsA) for(String strB : stringsB) { AuthPolicyDb.PubdidGroups pubdidGroups = it.next(); LOGGER.finest(pubdidGroups.pubdid + " : " + String.join(" ",pubdidGroups.groups)); if( isIntersectionEmpty(pubdidGroups.groups, userGroups) ) if(strA.equals(strB)) { pubdidsNotAuthorizedList.add(pubdidGroups.pubdid); return false; } } return pubdidsNotAuthorizedList; return true; } private void removeNotAuthorized(List<String> pubdids, List<String> notAuthorizedUniqPubdids) private void removeNotAuthZd(List<String> pubdids, List<String> notAuthorizedUniqPubdids) { ListIterator<String> itr = pubdids.listIterator(); while (itr.hasNext()) Loading @@ -289,23 +164,7 @@ public class AuthPolicy } private boolean isIntersectionEmpty(String[] stringsA, String[] stringsB) { for(String strA : stringsA) for(String strB : stringsB) { if(strA.equals(strB)) { return false; } } return true; } // DB-query private List<AuthPolicyDb.PubdidGroups> db_queryPrivateUniqPubdidGroups(List<String> pubdids) private List<AuthPolicyDb.PubdidGroups> dbQueryPrivateUniqGroups(List<String> pubdids) { AuthPolicyDb adb; synchronized(AuthPolicyDb.class) Loading @@ -329,6 +188,23 @@ public class AuthPolicy } // API (XmlSerialize to legacy results-xml) public String getAccessPolicy() { return access.name(); } public String getUserName() { return userName; } public String[] getUserGroups() { return userGroups; } public String getUserGroupsAsString(String separator) { if( (userGroups != null) && (userGroups.length > 0) ) { return String.join(separator, userGroups); } else { return null; } } }
data-access/servlet/src/main/java/auth/authz/webapi/AuthZFilter.java +5 −5 Original line number Diff line number Diff line Loading @@ -94,23 +94,23 @@ class AuthZ throw new IllegalArgumentException("Authorization : UserPrincipal is not of expected type"); } String[] pubdidArr = pubdidList.toArray(new String[pubdidList.size()]); String[] authorized_pubdids; authorized_pubdids = auth.filterAuthorized(pubdidArr); String[] authorizedPubdids; authorizedPubdids = auth.removeNotAuthorized(pubdidArr); /* If multiplicity allowed (and in mcutout/merge): * if one or more of pubdids not-authorized -> all request not authorized * */ /* NOTE for now soda/vlkb_cutout does not allow multiplicity --> only one pubdid allowed */ if((authorized_pubdids==null) || (pubdidArr==null)) if((authorizedPubdids==null) || (pubdidArr==null)) { LOGGER.warning("One of arrays null"); return true; } else { LOGGER.finest("authorized vs original length: "+authorized_pubdids.length + " / " + pubdidArr.length); return (authorized_pubdids.length == pubdidArr.length); LOGGER.finest("authorized vs original length: "+authorizedPubdids.length + " / " + pubdidArr.length); return (authorizedPubdids.length == pubdidArr.length); } } Loading
