diff --git a/qa/integration/src/test/java/org/eclipse/kapua/integration/misc/AccessPermissionImplTest.java b/qa/integration/src/test/java/org/eclipse/kapua/integration/misc/AccessPermissionImplTest.java
index e8c3f83fe50..9ff3d1c8a75 100644
--- a/qa/integration/src/test/java/org/eclipse/kapua/integration/misc/AccessPermissionImplTest.java
+++ b/qa/integration/src/test/java/org/eclipse/kapua/integration/misc/AccessPermissionImplTest.java
@@ -12,6 +12,10 @@
*******************************************************************************/
package org.eclipse.kapua.integration.misc;
+import java.lang.reflect.Constructor;
+import java.lang.reflect.Modifier;
+import java.util.Date;
+
import org.eclipse.kapua.commons.model.id.KapuaEid;
import org.eclipse.kapua.model.domain.Actions;
import org.eclipse.kapua.model.id.KapuaId;
@@ -19,24 +23,18 @@
import org.eclipse.kapua.service.authorization.access.AccessPermission;
import org.eclipse.kapua.service.authorization.access.shiro.AccessPermissionImpl;
import org.eclipse.kapua.service.authorization.permission.Permission;
-import org.eclipse.kapua.service.authorization.permission.shiro.PermissionImpl;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.mockito.Mockito;
-import java.lang.reflect.Constructor;
-import java.lang.reflect.Modifier;
-import java.util.Date;
-
-
@Category(JUnitTests.class)
public class AccessPermissionImplTest {
AccessPermissionImpl accessPermissionImpl1, accessPermissionImpl2, accessPermissionImpl;
AccessPermission accessPermission;
- PermissionImpl permission1, permission2;
+ Permission permission1, permission2;
Permission newPermission;
Date createdOn;
@@ -45,8 +43,8 @@ public void initialize() {
accessPermissionImpl1 = new AccessPermissionImpl(KapuaId.ONE);
accessPermissionImpl2 = new AccessPermissionImpl(KapuaId.ONE);
accessPermission = Mockito.mock(AccessPermission.class);
- permission1 = Mockito.mock(PermissionImpl.class);
- permission2 = Mockito.mock(PermissionImpl.class);
+ permission1 = new Permission("domain", Actions.connect, KapuaId.ONE, KapuaId.ANY, false);
+ permission2 = new Permission("another", null, null);
newPermission = Mockito.mock(Permission.class);
createdOn = new Date();
@@ -56,10 +54,6 @@ public void initialize() {
Mockito.when(accessPermission.getCreatedOn()).thenReturn(createdOn);
Mockito.when(accessPermission.getAccessInfoId()).thenReturn(KapuaId.ONE);
Mockito.when(accessPermission.getPermission()).thenReturn(permission1);
- Mockito.when(permission1.getDomain()).thenReturn("domain");
- Mockito.when(permission1.getAction()).thenReturn(Actions.connect);
- Mockito.when(permission1.getTargetScopeId()).thenReturn(KapuaId.ONE);
- Mockito.when(permission1.getGroupId()).thenReturn(KapuaId.ANY);
accessPermissionImpl = new AccessPermissionImpl(accessPermission);
}
@@ -168,8 +162,7 @@ public void hashCodeNullAccessInfoIdTest() {
Mockito.when(permission.getAction()).thenReturn(null);
Mockito.when(permission.getTargetScopeId()).thenReturn(null);
Mockito.when(permission.getGroupId()).thenReturn(null);
- PermissionImpl permissionImpl = new PermissionImpl(permission);
- accessPermissionImpl1.setPermission(permissionImpl);
+ accessPermissionImpl1.setPermission(permission);
Assert.assertEquals("Expected and actual values should be the same.", 924482, accessPermissionImpl1.hashCode());
}
@@ -181,8 +174,7 @@ public void hashCodeTest() {
Mockito.when(permission.getAction()).thenReturn(null);
Mockito.when(permission.getTargetScopeId()).thenReturn(null);
Mockito.when(permission.getGroupId()).thenReturn(null);
- PermissionImpl permissionImpl = new PermissionImpl(permission);
- accessPermissionImpl1.setPermission(permissionImpl);
+ accessPermissionImpl1.setPermission(permission);
Assert.assertEquals("Expected and actual values should be the same.", 925474, accessPermissionImpl1.hashCode());
}
@@ -252,7 +244,7 @@ public void equalsEqualAccessInfoIdsEqualPermissionsTest() {
public void equalsEqualAccessInfoIdsDifferentPermissionsTest() {
accessPermissionImpl1.setAccessInfoId(KapuaId.ONE);
accessPermissionImpl2.setAccessInfoId(KapuaId.ONE);
- accessPermissionImpl1.setPermission(Mockito.mock(PermissionImpl.class));
+ accessPermissionImpl1.setPermission(new Permission("another", null, null));
Assert.assertFalse("False expected.", accessPermissionImpl1.equals(accessPermissionImpl2));
}
}
\ No newline at end of file
diff --git a/qa/integration/src/test/java/org/eclipse/kapua/integration/misc/RolePermissionFactoryTest.java b/qa/integration/src/test/java/org/eclipse/kapua/integration/misc/RolePermissionFactoryTest.java
index 9d413cf23b7..0762f272cf9 100644
--- a/qa/integration/src/test/java/org/eclipse/kapua/integration/misc/RolePermissionFactoryTest.java
+++ b/qa/integration/src/test/java/org/eclipse/kapua/integration/misc/RolePermissionFactoryTest.java
@@ -14,9 +14,10 @@
import java.util.Date;
+import org.eclipse.kapua.model.domain.Actions;
import org.eclipse.kapua.model.id.KapuaId;
import org.eclipse.kapua.qa.markers.junit.JUnitTests;
-import org.eclipse.kapua.service.authorization.permission.shiro.PermissionImpl;
+import org.eclipse.kapua.service.authorization.permission.Permission;
import org.eclipse.kapua.service.authorization.role.RolePermission;
import org.eclipse.kapua.service.authorization.role.shiro.RolePermissionFactoryImpl;
import org.junit.Assert;
@@ -32,7 +33,7 @@ public class RolePermissionFactoryTest {
KapuaId scopeId;
RolePermission rolePermission;
Date createdOn, modifiedOn;
- PermissionImpl permission;
+ Permission permission;
@Before
public void initialize() {
@@ -41,7 +42,7 @@ public void initialize() {
createdOn = new Date();
modifiedOn = new Date();
rolePermission = Mockito.mock(RolePermission.class);
- permission = Mockito.mock(PermissionImpl.class);
+ permission = new Permission("domain", Actions.connect, KapuaId.ONE);
Mockito.when(rolePermission.getId()).thenReturn(KapuaId.ANY);
Mockito.when(rolePermission.getRoleId()).thenReturn(KapuaId.ONE);
diff --git a/qa/integration/src/test/java/org/eclipse/kapua/integration/misc/RolePermissionImplTest.java b/qa/integration/src/test/java/org/eclipse/kapua/integration/misc/RolePermissionImplTest.java
index eb7ad94a812..50f778ca2bd 100644
--- a/qa/integration/src/test/java/org/eclipse/kapua/integration/misc/RolePermissionImplTest.java
+++ b/qa/integration/src/test/java/org/eclipse/kapua/integration/misc/RolePermissionImplTest.java
@@ -12,10 +12,13 @@
*******************************************************************************/
package org.eclipse.kapua.integration.misc;
+import java.lang.reflect.Constructor;
+import java.lang.reflect.Modifier;
+import java.util.Date;
+
import org.eclipse.kapua.model.id.KapuaId;
import org.eclipse.kapua.qa.markers.junit.JUnitTests;
import org.eclipse.kapua.service.authorization.permission.Permission;
-import org.eclipse.kapua.service.authorization.permission.shiro.PermissionImpl;
import org.eclipse.kapua.service.authorization.role.RolePermission;
import org.eclipse.kapua.service.authorization.role.shiro.RolePermissionImpl;
import org.junit.Assert;
@@ -24,11 +27,6 @@
import org.junit.experimental.categories.Category;
import org.mockito.Mockito;
-import java.lang.reflect.Constructor;
-import java.lang.reflect.Modifier;
-import java.util.Date;
-
-
@Category(JUnitTests.class)
public class RolePermissionImplTest {
@@ -40,9 +38,9 @@ public class RolePermissionImplTest {
@Before
public void initialize() {
- scopeIds = new KapuaId[]{null, KapuaId.ONE};
- permission1 = Mockito.mock(Permission.class);
- permission2 = Mockito.mock(PermissionImpl.class);
+ scopeIds = new KapuaId[] { null, KapuaId.ONE };
+ permission1 = new Permission(null, null, null);
+ permission2 = new Permission(null, null, null);
rolePermissionImpl1 = new RolePermissionImpl(KapuaId.ONE);
rolePermissionImpl2 = new RolePermissionImpl(KapuaId.ANY);
rolePermission = Mockito.mock(RolePermission.class);
@@ -69,7 +67,7 @@ public void rolePermissionImpScopeIdTest() {
for (KapuaId scopeId : scopeIds) {
RolePermissionImpl rolePermissionImpl = new RolePermissionImpl(scopeId);
Assert.assertEquals("Expected and actual values should be the same.", scopeId, rolePermissionImpl.getScopeId());
- Assert.assertEquals("Expected and actual values should be the same.", new PermissionImpl(null, null, null, null), rolePermissionImpl.getPermission());
+ Assert.assertEquals("Expected and actual values should be the same.", new Permission(null, null, null), rolePermissionImpl.getPermission());
Assert.assertNull("Null expected.", rolePermissionImpl.getRoleId());
}
}
@@ -89,7 +87,7 @@ public void rolePermissionImplScopeIdNullPermissionTest() {
for (KapuaId scopeId : scopeIds) {
RolePermissionImpl rolePermissionImpl = new RolePermissionImpl(scopeId, null);
Assert.assertEquals("Expected and actual values should be the same.", scopeId, rolePermissionImpl.getScopeId());
- Assert.assertEquals("Expected and actual values should be the same.", new PermissionImpl(null, null, null, null), rolePermissionImpl.getPermission());
+ Assert.assertEquals("Expected and actual values should be the same.", new Permission(null, null, null), rolePermissionImpl.getPermission());
}
}
@@ -112,7 +110,7 @@ public void rolePermissionImplNullRolePermissionTest() {
@Test
public void setAndGetRoleIdTest() {
- KapuaId[] roleIds = {null, KapuaId.ONE};
+ KapuaId[] roleIds = { null, KapuaId.ONE };
RolePermissionImpl rolePermissionImpl1 = new RolePermissionImpl(KapuaId.ONE);
RolePermissionImpl rolePermissionImpl2 = new RolePermissionImpl(KapuaId.ANY, permission2);
@@ -135,8 +133,8 @@ public void setAndGetPermissionToStringTest() {
RolePermissionImpl rolePermissionImpl1 = new RolePermissionImpl(KapuaId.ONE);
RolePermissionImpl rolePermissionImpl2 = new RolePermissionImpl(KapuaId.ANY, permission2);
RolePermissionImpl rolePermissionImpl3 = new RolePermissionImpl(rolePermission);
- Permission[] permissions = {null, permission1, permission2};
- Permission[] expectedPermissions = {new PermissionImpl(null, null, null, null), new PermissionImpl(null, null, null, null), permission2};
+ Permission[] permissions = { null, permission1, permission2 };
+ Permission[] expectedPermissions = { new Permission(null, null, null), new Permission(null, null, null), permission2 };
for (int i = 0; i < permissions.length; i++) {
rolePermissionImpl1.setPermission(permissions[i]);
diff --git a/qa/integration/src/test/java/org/eclipse/kapua/integration/service/account/RunAccountServiceI9nTest.java b/qa/integration/src/test/java/org/eclipse/kapua/integration/service/account/RunAccountServiceI9nTest.java
index 377fbc3a670..2d2ab4d48eb 100644
--- a/qa/integration/src/test/java/org/eclipse/kapua/integration/service/account/RunAccountServiceI9nTest.java
+++ b/qa/integration/src/test/java/org/eclipse/kapua/integration/service/account/RunAccountServiceI9nTest.java
@@ -21,15 +21,15 @@
@RunWith(Cucumber.class)
@CucumberOptions(
features = {
- // "classpath:features/account/AccountServiceCreation.feature",
- // "classpath:features/account/AccountExpirationI9n.feature",
- // "classpath:features/account/FindSelfAccount.feature",
- // "classpath:features/account/AccountGroupService.feature",
- // "classpath:features/account/AccountDeviceRegistryService.feature",
- // "classpath:features/account/AccountJobService.feature",
- // "classpath:features/account/AccountRoleService.feature",
- // "classpath:features/account/AccountTagService.feature",
- // "classpath:features/account/AccountUserService.feature",
+ "classpath:features/account/AccountServiceCreation.feature",
+ "classpath:features/account/AccountExpirationI9n.feature",
+ "classpath:features/account/FindSelfAccount.feature",
+ "classpath:features/account/AccountGroupService.feature",
+ "classpath:features/account/AccountDeviceRegistryService.feature",
+ "classpath:features/account/AccountJobService.feature",
+ "classpath:features/account/AccountRoleService.feature",
+ "classpath:features/account/AccountTagService.feature",
+ "classpath:features/account/AccountUserService.feature",
"classpath:features/account/AccountCredentialService.feature"
},
glue = { "org.eclipse.kapua.qa.common",
diff --git a/service/security/authorization/api/src/main/java/org/eclipse/kapua/service/authorization/access/AccessPermission.java b/service/security/authorization/api/src/main/java/org/eclipse/kapua/service/authorization/access/AccessPermission.java
index 4365a36f444..33f51bf59c7 100644
--- a/service/security/authorization/api/src/main/java/org/eclipse/kapua/service/authorization/access/AccessPermission.java
+++ b/service/security/authorization/api/src/main/java/org/eclipse/kapua/service/authorization/access/AccessPermission.java
@@ -12,11 +12,6 @@
*******************************************************************************/
package org.eclipse.kapua.service.authorization.access;
-import org.eclipse.kapua.model.KapuaEntity;
-import org.eclipse.kapua.model.id.KapuaId;
-import org.eclipse.kapua.model.id.KapuaIdAdapter;
-import org.eclipse.kapua.service.authorization.permission.Permission;
-
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlElement;
@@ -24,20 +19,23 @@
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+import org.eclipse.kapua.model.KapuaEntity;
+import org.eclipse.kapua.model.id.KapuaId;
+import org.eclipse.kapua.model.id.KapuaIdAdapter;
+import org.eclipse.kapua.service.authorization.permission.Permission;
+
/**
- * Access permission entity.
- * Describes a {@link Permission} associated to the access info.
- * Wrapping of the {@link Permission} into this class is intended to adds auditing
- * informations like {@link AccessPermission#getCreatedBy()} and{@link AccessPermission#getCreatedOn()}.
+ * Access permission entity.
Describes a {@link Permission} associated to the access info.
Wrapping of the {@link Permission} into this class is intended to adds auditing informations like
+ * {@link AccessPermission#getCreatedBy()} and{@link AccessPermission#getCreatedOn()}.
*
- * This is a not editable entity so it can be only removed or created and therefore any change to
- * {@link AccessPermission#getAccessInfoId()} and {@link AccessPermission#getPermission()} property is forbidden.
+ * This is a not editable entity so it can be only removed or created and therefore any change to {@link AccessPermission#getAccessInfoId()} and {@link AccessPermission#getPermission()} property is
+ * forbidden.
*
* @since 1.0.0
*/
@XmlRootElement(name = "accessPermission")
@XmlAccessorType(XmlAccessType.PROPERTY)
-@XmlType(propOrder = {"accessInfoId", "permission"}, //
+@XmlType(propOrder = { "accessInfoId", "permission" }, //
factoryClass = AccessPermissionXmlRegistry.class, //
factoryMethod = "newAccessPermission")
public interface AccessPermission extends KapuaEntity {
@@ -52,7 +50,8 @@ default String getType() {
/**
* Sets the {@link AccessInfo} id of which this {@link AccessPermission} belongs.
*
- * @param accessId The {@link AccessInfo} id.
+ * @param accessId
+ * The {@link AccessInfo} id.
* @since 1.0.0
*/
void setAccessInfoId(KapuaId accessId);
@@ -68,10 +67,10 @@ default String getType() {
KapuaId getAccessInfoId();
/**
- * Sets the {@link Permission} that this {@link AccessPermission} has.
- * It up to the implementation class to make a clone of the given {@link Permission} or use the given {@link Permission}.
+ * Sets the {@link Permission} that this {@link AccessPermission} has.
It up to the implementation class to make a clone of the given {@link Permission} or use the given {@link Permission}.
*
- * @param permission The {@link Permission} to set for this {@link AccessPermission}.
+ * @param permission
+ * The {@link Permission} to set for this {@link AccessPermission}.
* @since 1.0.0
*/
void setPermission(Permission permission);
@@ -82,6 +81,6 @@ default String getType() {
* @return The {@link Permission} that this {@link AccessPermission} has.
*/
@XmlElement(name = "permission")
- P getPermission();
+ Permission getPermission();
}
diff --git a/service/security/authorization/api/src/main/java/org/eclipse/kapua/service/authorization/permission/Permission.java b/service/security/authorization/api/src/main/java/org/eclipse/kapua/service/authorization/permission/Permission.java
index f9008803450..d03f64a6814 100644
--- a/service/security/authorization/api/src/main/java/org/eclipse/kapua/service/authorization/permission/Permission.java
+++ b/service/security/authorization/api/src/main/java/org/eclipse/kapua/service/authorization/permission/Permission.java
@@ -12,13 +12,6 @@
*******************************************************************************/
package org.eclipse.kapua.service.authorization.permission;
-import org.eclipse.kapua.model.domain.Actions;
-import org.eclipse.kapua.model.id.KapuaId;
-import org.eclipse.kapua.model.id.KapuaIdAdapter;
-import org.eclipse.kapua.service.authorization.access.AccessInfo;
-import org.eclipse.kapua.service.authorization.domain.Domain;
-import org.eclipse.kapua.service.authorization.group.Group;
-
import javax.security.auth.Subject;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
@@ -27,10 +20,16 @@
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+import org.eclipse.kapua.model.domain.Actions;
+import org.eclipse.kapua.model.id.KapuaId;
+import org.eclipse.kapua.model.id.KapuaIdAdapter;
+import org.eclipse.kapua.service.authorization.access.AccessInfo;
+import org.eclipse.kapua.service.authorization.domain.Domain;
+import org.eclipse.kapua.service.authorization.group.Group;
+
/**
- * {@link Permission} definition.
- * A permission can be associated to a {@link Subject} (using {@link AccessInfo} entity) or a {@link Domain}.
- * {@link Permission}s enable the assignee to do {@link Actions} under specified {@link Domain} and in specified scopes.
+ * {@link Permission} definition.
A permission can be associated to a {@link Subject} (using {@link AccessInfo} entity) or a {@link Domain}.
{@link Permission}s enable the assignee to do
+ * {@link Actions} under specified {@link Domain} and in specified scopes.
*
* @since 1.0.0
*/
@@ -42,21 +41,40 @@
"targetScopeId", //
"groupId", //
"forwardable" //
-}, //
- factoryClass = PermissionXmlRegistry.class, //
- factoryMethod = "newPermission")
-public interface Permission {
+}, factoryMethod = "newPermission")
+public class Permission {
- String WILDCARD = "*";
- String SEPARATOR = ":";
+ public static final String WILDCARD = "*";
+ public static final String SEPARATOR = ":";
+ @XmlElement(name = "domain")
+ private final String domain;
+ @XmlElement(name = "action")
+ private final Actions action;
+ @XmlElement(name = "targetScopeId")
+ @XmlJavaTypeAdapter(KapuaIdAdapter.class)
+ private final KapuaId targetScopeId;
+ @XmlElement(name = "groupId")
+ @XmlJavaTypeAdapter(KapuaIdAdapter.class)
+ private final KapuaId groupId;
+ @XmlElement(name = "forwardable")
+ private final boolean forwardable;
- /**
- * Sets the domain on which the {@link Permission} gives access.
- *
- * @param domain The domain of the {@link Permission}.
- * @since 1.0.0
- */
- void setDomain(String domain);
+ // For you, JAXB
+ private static Permission newPermission() {
+ return new Permission(null, null, null);
+ }
+
+ public Permission(String domain, Actions action, KapuaId targetScopeId) {
+ this(domain, action, targetScopeId, null, false);
+ }
+
+ public Permission(String domain, Actions action, KapuaId targetScopeId, KapuaId groupId, boolean forwardable) {
+ this.domain = domain;
+ this.action = action;
+ this.targetScopeId = targetScopeId;
+ this.groupId = groupId;
+ this.forwardable = forwardable;
+ }
/**
* Gets the domain on which the {@link Permission} gives access.
@@ -64,16 +82,9 @@ public interface Permission {
* @return The domain on which the {@link Permission} gives access.
* @since 1.0.0
*/
- @XmlElement(name = "domain")
- String getDomain();
-
- /**
- * Sets the {@link org.eclipse.kapua.model.domain.Actions} that this {@link Permission} allows to do on the domain.
- *
- * @param action The {@link javax.swing.Action} that this {@link Permission} allows
- * @since 1.0.0
- */
- void setAction(Actions action);
+ public String getDomain() {
+ return this.domain;
+ }
/**
* Gets the {@link Actions} that this {@link Permission} allows to do on the domain.
@@ -81,16 +92,9 @@ public interface Permission {
* @return The {@link Actions} that this {@link Permission} allows.
* @since 1.0.0
*/
- @XmlElement(name = "action")
- Actions getAction();
-
- /**
- * Sets the target scope id that this {@link Permission} gives access.
- *
- * @param targetScopeId The target scope id that this {@link Permission} gives access.
- * @since 1.0.0
- */
- void setTargetScopeId(KapuaId targetScopeId);
+ public Actions getAction() {
+ return this.action;
+ }
/**
* Gets the target scope id that this {@link Permission} gives access.
@@ -98,17 +102,10 @@ public interface Permission {
* @return The target scope id that this {@link Permission} gives access.
* @since 1.0.0
*/
- @XmlElement(name = "targetScopeId")
- @XmlJavaTypeAdapter(KapuaIdAdapter.class)
- KapuaId getTargetScopeId();
- /**
- * Sets the {@link Group} id that this {@link Permission} gives access.
- *
- * @param groupId The {@link Group} id that this {@link Permission} gives access.
- * @since 1.0.0
- */
- void setGroupId(KapuaId groupId);
+ public KapuaId getTargetScopeId() {
+ return this.targetScopeId;
+ }
/**
* Gets the {@link Group} id that this {@link Permission} gives access.
@@ -116,26 +113,81 @@ public interface Permission {
* @return The {@link Group} id that this {@link Permission} gives access.
* @since 1.0.0
*/
- @XmlElement(name = "groupId")
- @XmlJavaTypeAdapter(KapuaIdAdapter.class)
- KapuaId getGroupId();
- /**
- * Sets whether or not this {@link Permission} is valid also for children scopeId.
- *
- * @param forwardable {@code true} if this {@link Permission} is forward-able to children scopeIds.
- * @since 1.0.0
- */
- void setForwardable(boolean forwardable);
+ public KapuaId getGroupId() {
+ return this.groupId;
+ }
/**
- * Gets whether or not this {@link Permission} is valid also for children scopeIds.
- * If a {@link Permission} is forward-able to children, the {@link Permission} will be valid
- * for all scopeIds of the {@link #getTargetScopeId()} scopeId.
+ * Gets whether or not this {@link Permission} is valid also for children scopeIds. If a {@link Permission} is forward-able to children, the {@link Permission} will be valid for all scopeIds of
+ * the {@link #getTargetScopeId()} scopeId.
*
* @return {@code true} if this {@link Permission} is forward-able to children scopeIds.
* @since 1.0.0
*/
- @XmlElement(name = "forwardable")
- boolean getForwardable();
+ public boolean getForwardable() {
+ return this.forwardable;
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder sb = new StringBuilder();
+
+ sb.append(domain != null ? domain : Permission.WILDCARD)
+ .append(Permission.SEPARATOR)
+ .append(action != null ? action.name() : Permission.WILDCARD)
+ .append(Permission.SEPARATOR)
+ .append(targetScopeId != null ? targetScopeId.getId() : Permission.WILDCARD)
+ .append(Permission.SEPARATOR)
+ .append(groupId != null ? groupId.getId() : Permission.WILDCARD);
+
+ return sb.toString();
+ }
+
+ @Override
+ public int hashCode() {
+ int prime = 31;
+ int result = 1;
+ result = prime * result + (action == null ? 0 : action.hashCode());
+ result = prime * result + (domain == null ? 0 : domain.hashCode());
+ result = prime * result + (targetScopeId == null ? 0 : targetScopeId.hashCode());
+ result = prime * result + (groupId == null ? 0 : groupId.hashCode());
+ return result;
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (this == obj) {
+ return true;
+ }
+ if (obj == null) {
+ return false;
+ }
+ if (getClass() != obj.getClass()) {
+ return false;
+ }
+ Permission other = (Permission) obj;
+ if (action != other.action) {
+ return false;
+ }
+ if (domain == null) {
+ if (other.domain != null) {
+ return false;
+ }
+ } else if (!domain.equals(other.domain)) {
+ return false;
+ }
+ if (targetScopeId == null) {
+ if (other.targetScopeId != null) {
+ return false;
+ }
+ } else if (!targetScopeId.equals(other.targetScopeId)) {
+ return false;
+ }
+ if (groupId == null) {
+ return other.groupId == null;
+ } else {
+ return groupId.equals(other.groupId);
+ }
+ }
}
diff --git a/service/security/authorization/api/src/main/java/org/eclipse/kapua/service/authorization/permission/PermissionFactory.java b/service/security/authorization/api/src/main/java/org/eclipse/kapua/service/authorization/permission/PermissionFactory.java
index 0b2a2236501..a57c912bdca 100644
--- a/service/security/authorization/api/src/main/java/org/eclipse/kapua/service/authorization/permission/PermissionFactory.java
+++ b/service/security/authorization/api/src/main/java/org/eclipse/kapua/service/authorization/permission/PermissionFactory.java
@@ -13,16 +13,16 @@
*******************************************************************************/
package org.eclipse.kapua.service.authorization.permission;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.stream.Collectors;
+
import org.eclipse.kapua.model.KapuaObjectFactory;
import org.eclipse.kapua.model.domain.Actions;
import org.eclipse.kapua.model.domain.Domain;
import org.eclipse.kapua.model.id.KapuaId;
import org.eclipse.kapua.service.authorization.group.Group;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.stream.Collectors;
-
/**
* {@link Permission} object factory.
*/
@@ -31,9 +31,12 @@ public interface PermissionFactory extends KapuaObjectFactory {
/**
* Instantiate a new {@link Permission} implementing object with the provided parameters.
*
- * @param domain The {@link Domain} of the new {@link Permission}.
- * @param action The {@link Actions} of the new {@link Permission}.
- * @param targetScopeId The target scope id of the new {@link Permission}.
+ * @param domain
+ * The {@link Domain} of the new {@link Permission}.
+ * @param action
+ * The {@link Actions} of the new {@link Permission}.
+ * @param targetScopeId
+ * The target scope id of the new {@link Permission}.
* @return A instance of the implementing class of {@link Permission}.
*/
default Permission newPermission(String domain, Actions action, KapuaId targetScopeId) {
@@ -43,10 +46,14 @@ default Permission newPermission(String domain, Actions action, KapuaId targetSc
/**
* Instantiate a new {@link Permission} implementing object with the provided parameters.
*
- * @param domain The {@link Domain} of the new {@link Permission}.
- * @param action The {@link Actions} of the new {@link Permission}.
- * @param targetScopeId The target scope id of the new {@link Permission}.
- * @param groupId The {@link Group} id that this {@link Permission} gives access.
+ * @param domain
+ * The {@link Domain} of the new {@link Permission}.
+ * @param action
+ * The {@link Actions} of the new {@link Permission}.
+ * @param targetScopeId
+ * The target scope id of the new {@link Permission}.
+ * @param groupId
+ * The {@link Group} id that this {@link Permission} gives access.
* @return A instance of the implementing class of {@link Permission}.
*/
default Permission newPermission(String domain, Actions action, KapuaId targetScopeId, KapuaId groupId) {
@@ -56,11 +63,16 @@ default Permission newPermission(String domain, Actions action, KapuaId targetSc
/**
* Instantiate a new {@link Permission} implementing object with the provided parameters.
*
- * @param domain The {@link Domain} of the new {@link Permission}.
- * @param action The {@link Actions} of the new {@link Permission}.
- * @param targetScopeId The target scope id of the new {@link Permission}.
- * @param groupId The {@link Group} id that this {@link Permission} gives access.
- * @param forwardable If the {@link Permission} is forward-able to children scopeIds
+ * @param domain
+ * The {@link Domain} of the new {@link Permission}.
+ * @param action
+ * The {@link Actions} of the new {@link Permission}.
+ * @param targetScopeId
+ * The target scope id of the new {@link Permission}.
+ * @param groupId
+ * The {@link Group} id that this {@link Permission} gives access.
+ * @param forwardable
+ * If the {@link Permission} is forward-able to children scopeIds
* @return A instance of the implementing class of {@link Permission}.
*/
Permission newPermission(String domain, Actions action, KapuaId targetScopeId, KapuaId groupId, boolean forwardable);
@@ -68,41 +80,17 @@ default Permission newPermission(String domain, Actions action, KapuaId targetSc
/**
* Instantiate new {@link Permission}s implementing object with the provided parameters.
*
- * @param domain The {@link Domain} of the new {@link Permission}.
- * @param targetScopeId The target scope id of the new {@link Permission}.
- * @param actions The {@link Actions} of the new {@link Permission}s.
+ * @param domain
+ * The {@link Domain} of the new {@link Permission}.
+ * @param targetScopeId
+ * The target scope id of the new {@link Permission}.
+ * @param actions
+ * The {@link Actions} of the new {@link Permission}s.
* @return A collection of instances of the implementing class of {@link Permission}.
*/
default Collection newPermissions(String domain, KapuaId targetScopeId, Actions... actions) {
- return newPermissions(domain, targetScopeId, null, actions);
- }
-
- /**
- * Instantiate new {@link Permission}s implementing object with the provided parameters.
- *
- * @param domain The {@link Domain} of the new {@link Permission}.
- * @param targetScopeId The target scope id of the new {@link Permission}.
- * @param groupId The {@link Group} id that this {@link Permission} gives access.
- * @param actions The {@link Actions} of the new {@link Permission}s.
- * @return A collection of instances of the implementing class of {@link Permission}.
- */
- default Collection newPermissions(String domain, KapuaId targetScopeId, KapuaId groupId, Actions... actions) {
- return newPermissions(domain, targetScopeId, groupId, false, actions);
- }
-
- /**
- * Instantiate new {@link Permission}s implementing object with the provided parameters.
- *
- * @param domain The {@link Domain} of the new {@link Permission}.
- * @param targetScopeId The target scope id of the new {@link Permission}.
- * @param groupId The {@link Group} id that this {@link Permission} gives access.
- * @param forwardable If the {@link Permission} is forward-auble to children scopeIds
- * @param actions The {@link Actions} of the new {@link Permission}s.
- * @return A collection of instances of the implementing class of {@link Permission}.
- */
- default Collection newPermissions(String domain, KapuaId targetScopeId, KapuaId groupId, boolean forwardable, Actions... actions) {
return Arrays.stream(actions)
- .map(action -> newPermission(domain, action, targetScopeId, groupId, forwardable))
+ .map(action -> newPermission(domain, action, targetScopeId, null, false))
.collect(Collectors.toList());
}
}
diff --git a/service/security/shiro/src/main/java/org/eclipse/kapua/service/authorization/access/shiro/AccessPermissionImpl.java b/service/security/shiro/src/main/java/org/eclipse/kapua/service/authorization/access/shiro/AccessPermissionImpl.java
index 4b2054d3429..b734c647332 100644
--- a/service/security/shiro/src/main/java/org/eclipse/kapua/service/authorization/access/shiro/AccessPermissionImpl.java
+++ b/service/security/shiro/src/main/java/org/eclipse/kapua/service/authorization/access/shiro/AccessPermissionImpl.java
@@ -12,13 +12,6 @@
*******************************************************************************/
package org.eclipse.kapua.service.authorization.access.shiro;
-import org.eclipse.kapua.commons.model.AbstractKapuaEntity;
-import org.eclipse.kapua.commons.model.id.KapuaEid;
-import org.eclipse.kapua.model.id.KapuaId;
-import org.eclipse.kapua.service.authorization.access.AccessPermission;
-import org.eclipse.kapua.service.authorization.permission.Permission;
-import org.eclipse.kapua.service.authorization.permission.shiro.PermissionImpl;
-
import javax.persistence.AttributeOverride;
import javax.persistence.AttributeOverrides;
import javax.persistence.Column;
@@ -26,6 +19,13 @@
import javax.persistence.Entity;
import javax.persistence.Table;
+import org.eclipse.kapua.commons.model.AbstractKapuaEntity;
+import org.eclipse.kapua.commons.model.id.KapuaEid;
+import org.eclipse.kapua.model.id.KapuaId;
+import org.eclipse.kapua.service.authorization.access.AccessPermission;
+import org.eclipse.kapua.service.authorization.permission.Permission;
+import org.eclipse.kapua.service.authorization.permission.shiro.PermissionImpl;
+
/**
* {@link AccessPermission} implementation.
*
@@ -58,7 +58,8 @@ protected AccessPermissionImpl() {
/**
* Constructor.
*
- * @param scopeId The scope {@link KapuaId} to set into the {@link AccessPermission}
+ * @param scopeId
+ * The scope {@link KapuaId} to set into the {@link AccessPermission}
* @since 1.0.0
*/
public AccessPermissionImpl(KapuaId scopeId) {
@@ -92,14 +93,16 @@ public KapuaId getAccessInfoId() {
public void setPermission(Permission permission) {
PermissionImpl permissionImpl = null;
if (permission != null) {
- permissionImpl = permission instanceof PermissionImpl ? (PermissionImpl) permission : new PermissionImpl(permission);
+ permissionImpl = new PermissionImpl(permission);
}
this.permission = permissionImpl;
}
@Override
public Permission getPermission() {
- return permission != null ? permission : new PermissionImpl(null, null, null, null);
+ return permission != null
+ ? new Permission(permission.getDomain(), permission.getAction(), permission.getTargetScopeId(), permission.getGroupId(), permission.getForwardable())
+ : new Permission(null, null, null);
}
@Override
diff --git a/service/security/shiro/src/main/java/org/eclipse/kapua/service/authorization/permission/shiro/PermissionFactoryImpl.java b/service/security/shiro/src/main/java/org/eclipse/kapua/service/authorization/permission/shiro/PermissionFactoryImpl.java
index 8703bd62ce6..96963bb2189 100644
--- a/service/security/shiro/src/main/java/org/eclipse/kapua/service/authorization/permission/shiro/PermissionFactoryImpl.java
+++ b/service/security/shiro/src/main/java/org/eclipse/kapua/service/authorization/permission/shiro/PermissionFactoryImpl.java
@@ -12,20 +12,21 @@
*******************************************************************************/
package org.eclipse.kapua.service.authorization.permission.shiro;
+import javax.inject.Singleton;
+
import org.eclipse.kapua.model.domain.Actions;
import org.eclipse.kapua.model.id.KapuaId;
import org.eclipse.kapua.service.authorization.permission.Permission;
import org.eclipse.kapua.service.authorization.permission.PermissionFactory;
-import javax.inject.Singleton;
-
/**
* {@link PermissionFactory} implementation.
*/
@Singleton
public class PermissionFactoryImpl implements PermissionFactory {
+
@Override
public Permission newPermission(String domain, Actions action, KapuaId targetScopeId, KapuaId groupId, boolean forwardable) {
- return new PermissionImpl(domain, action, targetScopeId, groupId, forwardable);
+ return new Permission(domain, action, targetScopeId, groupId, forwardable);
}
}
diff --git a/service/security/shiro/src/main/java/org/eclipse/kapua/service/authorization/permission/shiro/PermissionImpl.java b/service/security/shiro/src/main/java/org/eclipse/kapua/service/authorization/permission/shiro/PermissionImpl.java
index 2749ba47981..c8dde734c11 100644
--- a/service/security/shiro/src/main/java/org/eclipse/kapua/service/authorization/permission/shiro/PermissionImpl.java
+++ b/service/security/shiro/src/main/java/org/eclipse/kapua/service/authorization/permission/shiro/PermissionImpl.java
@@ -12,10 +12,7 @@
*******************************************************************************/
package org.eclipse.kapua.service.authorization.permission.shiro;
-import org.eclipse.kapua.commons.model.id.KapuaEid;
-import org.eclipse.kapua.model.domain.Actions;
-import org.eclipse.kapua.model.id.KapuaId;
-import org.eclipse.kapua.service.authorization.permission.Permission;
+import java.io.Serializable;
import javax.persistence.AttributeOverride;
import javax.persistence.AttributeOverrides;
@@ -25,7 +22,11 @@
import javax.persistence.Embedded;
import javax.persistence.EnumType;
import javax.persistence.Enumerated;
-import java.io.Serializable;
+
+import org.eclipse.kapua.commons.model.id.KapuaEid;
+import org.eclipse.kapua.model.domain.Actions;
+import org.eclipse.kapua.model.id.KapuaId;
+import org.eclipse.kapua.service.authorization.permission.Permission;
/**
* {@link Permission} implementation.
@@ -34,22 +35,21 @@
*/
@Embeddable
public class PermissionImpl
-// extends
-// WildcardPermission
+ // extends
+ // WildcardPermission
implements
- Permission
-// , org.apache.shiro.authz.Permission
- , Serializable {
-
+ // , org.apache.shiro.authz.Permission
+ Serializable {
private static final long serialVersionUID = 1480557438886065675L;
-//
-// //TODO: FIXME: REMOVE: A service in a jpa class? Behaviour should not be part of a data class!
-// @Transient
-// private final AccountService accountService = KapuaLocator.getInstance().getService(AccountService.class);
-// //TODO: FIXME: REMOVE: A service in a jpa class? Behaviour should not be part of a data class!
-// @Transient
-// private final DomainRegistryService domainService = KapuaLocator.getInstance().getService(DomainRegistryService.class);
+
+ //
+ // //TODO: FIXME: REMOVE: A service in a jpa class? Behaviour should not be part of a data class!
+ // @Transient
+ // private final AccountService accountService = KapuaLocator.getInstance().getService(AccountService.class);
+ // //TODO: FIXME: REMOVE: A service in a jpa class? Behaviour should not be part of a data class!
+ // @Transient
+ // private final DomainRegistryService domainService = KapuaLocator.getInstance().getService(DomainRegistryService.class);
@Basic
@Column(name = "domain", nullable = true, updatable = false)
@@ -87,7 +87,8 @@ protected PermissionImpl() {
/**
* Constructor.
*
- * @param permission The {@link Permission} to parse.
+ * @param permission
+ * The {@link Permission} to parse.
* @since 1.0.0
*/
public PermissionImpl(Permission permission) {
@@ -101,10 +102,14 @@ public PermissionImpl(Permission permission) {
/**
* Constructor.
*
- * @param domain The {@link Permission#getDomain()}.
- * @param action The {@link Permission#getAction()}.
- * @param targetScopeId The {@link Permission#getTargetScopeId()}.
- * @param groupId The {@link Permission#getGroupId()}.
+ * @param domain
+ * The {@link Permission#getDomain()}.
+ * @param action
+ * The {@link Permission#getAction()}.
+ * @param targetScopeId
+ * The {@link Permission#getTargetScopeId()}.
+ * @param groupId
+ * The {@link Permission#getGroupId()}.
* @since 1.0.0
*/
public PermissionImpl(String domain, Actions action, KapuaId targetScopeId, KapuaId groupId) {
@@ -114,11 +119,16 @@ public PermissionImpl(String domain, Actions action, KapuaId targetScopeId, Kapu
/**
* Constructor.
*
- * @param domain The {@link Permission#getDomain()}.
- * @param action The {@link Permission#getAction()}.
- * @param targetScopeId The {@link Permission#getTargetScopeId()}.
- * @param groupId The {@link Permission#getGroupId()}.
- * @param forwardable Whether the {@link Permission} is {@link Permission#getForwardable()}
+ * @param domain
+ * The {@link Permission#getDomain()}.
+ * @param action
+ * The {@link Permission#getAction()}.
+ * @param targetScopeId
+ * The {@link Permission#getTargetScopeId()}.
+ * @param groupId
+ * The {@link Permission#getGroupId()}.
+ * @param forwardable
+ * Whether the {@link Permission} is {@link Permission#getForwardable()}
* @since 1.0.0
*/
public PermissionImpl(String domain, Actions action, KapuaId targetScopeId, KapuaId groupId, boolean forwardable) {
@@ -131,52 +141,42 @@ public PermissionImpl(String domain, Actions action, KapuaId targetScopeId, Kapu
}
- @Override
public void setDomain(String domain) {
this.domain = domain;
}
- @Override
public String getDomain() {
return domain;
}
- @Override
public void setAction(Actions action) {
this.action = action;
}
- @Override
public Actions getAction() {
return action;
}
- @Override
public void setTargetScopeId(KapuaId targetScopeId) {
this.targetScopeId = KapuaEid.parseKapuaId(targetScopeId);
}
- @Override
public KapuaId getTargetScopeId() {
return targetScopeId;
}
- @Override
public void setGroupId(KapuaId groupId) {
this.groupId = KapuaEid.parseKapuaId(groupId);
}
- @Override
public KapuaId getGroupId() {
return groupId;
}
- @Override
public boolean getForwardable() {
return forwardable;
}
- @Override
public void setForwardable(boolean forwardable) {
this.forwardable = forwardable;
}
diff --git a/service/security/shiro/src/main/java/org/eclipse/kapua/service/authorization/role/shiro/RolePermissionImpl.java b/service/security/shiro/src/main/java/org/eclipse/kapua/service/authorization/role/shiro/RolePermissionImpl.java
index 46c545f1390..483cbbc989e 100644
--- a/service/security/shiro/src/main/java/org/eclipse/kapua/service/authorization/role/shiro/RolePermissionImpl.java
+++ b/service/security/shiro/src/main/java/org/eclipse/kapua/service/authorization/role/shiro/RolePermissionImpl.java
@@ -12,13 +12,7 @@
*******************************************************************************/
package org.eclipse.kapua.service.authorization.role.shiro;
-import org.eclipse.kapua.commons.model.AbstractKapuaEntity;
-import org.eclipse.kapua.commons.model.id.KapuaEid;
-import org.eclipse.kapua.commons.security.KapuaSecurityUtils;
-import org.eclipse.kapua.model.id.KapuaId;
-import org.eclipse.kapua.service.authorization.permission.Permission;
-import org.eclipse.kapua.service.authorization.permission.shiro.PermissionImpl;
-import org.eclipse.kapua.service.authorization.role.RolePermission;
+import java.util.Date;
import javax.persistence.AttributeOverride;
import javax.persistence.AttributeOverrides;
@@ -27,7 +21,14 @@
import javax.persistence.Entity;
import javax.persistence.PreUpdate;
import javax.persistence.Table;
-import java.util.Date;
+
+import org.eclipse.kapua.commons.model.AbstractKapuaEntity;
+import org.eclipse.kapua.commons.model.id.KapuaEid;
+import org.eclipse.kapua.commons.security.KapuaSecurityUtils;
+import org.eclipse.kapua.model.id.KapuaId;
+import org.eclipse.kapua.service.authorization.permission.Permission;
+import org.eclipse.kapua.service.authorization.permission.shiro.PermissionImpl;
+import org.eclipse.kapua.service.authorization.role.RolePermission;
/**
* {@link RolePermission} implementation.
@@ -61,7 +62,8 @@ protected RolePermissionImpl() {
/**
* Constructor.
*
- * @param scopeId The scope {@link KapuaId} to set into the {@link RolePermission}
+ * @param scopeId
+ * The scope {@link KapuaId} to set into the {@link RolePermission}
* @since 1.0.0
*/
public RolePermissionImpl(KapuaId scopeId) {
@@ -71,8 +73,10 @@ public RolePermissionImpl(KapuaId scopeId) {
/**
* Constructor.
*
- * @param scopeId The scope {@link KapuaId} to set into the {@link RolePermission}
- * @param permission The {@link Permission} to set into the {@link RolePermission}
+ * @param scopeId
+ * The scope {@link KapuaId} to set into the {@link RolePermission}
+ * @param permission
+ * The {@link Permission} to set into the {@link RolePermission}
* @since 1.0.0
*/
public RolePermissionImpl(KapuaId scopeId, Permission permission) {
@@ -109,14 +113,16 @@ public KapuaId getRoleId() {
public void setPermission(Permission permission) {
PermissionImpl permissionImpl = null;
if (permission != null) {
- permissionImpl = permission instanceof PermissionImpl ? (PermissionImpl) permission : new PermissionImpl(permission);
+ permissionImpl = new PermissionImpl(permission);
}
this.permission = permissionImpl;
}
@Override
public Permission getPermission() {
- return permission != null ? permission : new PermissionImpl(null, null, null, null);
+ return permission != null
+ ? new Permission(permission.getDomain(), permission.getAction(), permission.getTargetScopeId(), permission.getGroupId(), permission.getForwardable())
+ : new Permission(null, null, null);
}
@Override
diff --git a/service/security/shiro/src/main/java/org/eclipse/kapua/service/authorization/shiro/KapuaAuthorizingRealm.java b/service/security/shiro/src/main/java/org/eclipse/kapua/service/authorization/shiro/KapuaAuthorizingRealm.java
index 206a3c71e3c..af90b941802 100644
--- a/service/security/shiro/src/main/java/org/eclipse/kapua/service/authorization/shiro/KapuaAuthorizingRealm.java
+++ b/service/security/shiro/src/main/java/org/eclipse/kapua/service/authorization/shiro/KapuaAuthorizingRealm.java
@@ -38,7 +38,7 @@
import org.eclipse.kapua.service.authorization.access.AccessRole;
import org.eclipse.kapua.service.authorization.access.AccessRoleListResult;
import org.eclipse.kapua.service.authorization.access.AccessRoleService;
-import org.eclipse.kapua.service.authorization.permission.shiro.PermissionImpl;
+import org.eclipse.kapua.service.authorization.permission.Permission;
import org.eclipse.kapua.service.authorization.role.Role;
import org.eclipse.kapua.service.authorization.role.RolePermission;
import org.eclipse.kapua.service.authorization.role.RolePermissionListResult;
@@ -130,7 +130,7 @@ protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principal
}
for (AccessPermission accessPermission : accessPermissions.getItems()) {
- PermissionImpl p = accessPermission.getPermission();
+ Permission p = accessPermission.getPermission();
logger.trace("User: {} has permission: {}", username, p);
info.addObjectPermission(permissionMapper.mapPermission(p));
}
@@ -171,7 +171,7 @@ protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principal
for (RolePermission rolePermission : rolePermissions.getItems()) {
- PermissionImpl p = rolePermission.getPermission();
+ Permission p = rolePermission.getPermission();
logger.trace("Role: {} has permission: {}", role, p);
info.addObjectPermission(permissionMapper.mapPermission(p));
}
diff --git a/service/security/shiro/src/main/java/org/eclipse/kapua/service/authorization/shiro/PermissionMapperImpl.java b/service/security/shiro/src/main/java/org/eclipse/kapua/service/authorization/shiro/PermissionMapperImpl.java
index b8ef98954cd..21b871d748c 100644
--- a/service/security/shiro/src/main/java/org/eclipse/kapua/service/authorization/shiro/PermissionMapperImpl.java
+++ b/service/security/shiro/src/main/java/org/eclipse/kapua/service/authorization/shiro/PermissionMapperImpl.java
@@ -12,6 +12,10 @@
*******************************************************************************/
package org.eclipse.kapua.service.authorization.shiro;
+import java.util.Optional;
+
+import javax.inject.Inject;
+
import org.apache.shiro.authz.Permission;
import org.apache.shiro.authz.UnauthorizedException;
import org.apache.shiro.authz.permission.WildcardPermission;
@@ -32,10 +36,8 @@
import org.eclipse.kapua.service.authorization.domain.DomainRegistryService;
import org.eclipse.kapua.service.authorization.group.Group;
-import javax.inject.Inject;
-import java.util.Optional;
-
public class PermissionMapperImpl implements PermissionMapper {
+
private final DomainRegistryService domainService;
private final AccountService accountService;
@@ -50,7 +52,8 @@ public Permission mapPermission(org.eclipse.kapua.service.authorization.permissi
return new KapuaPermission(permission.getDomain(), permission.getAction(), permission.getTargetScopeId(), permission.getGroupId(), permission.getForwardable());
}
- public class KapuaPermission extends WildcardPermission implements org.eclipse.kapua.service.authorization.permission.Permission, Permission {
+ public class KapuaPermission extends WildcardPermission implements Permission {
+
private String domain;
private Actions action;
private KapuaId targetScopeId;
@@ -131,22 +134,21 @@ public boolean equals(Object obj) {
/**
* This method needs to be overridden to support Access {@link Group} feature.
*
- * {@link KapuaEntityService}s that access a specific {@link KapuaEntity} (i.e. {@link KapuaEntityService#create(KapuaEntityCreator)}, {@link KapuaEntityService#delete(KapuaId, KapuaId)})
- * can make the control taking in consideration of the {@link Group#getId()} parameter as it is known.
+ * {@link KapuaEntityService}s that access a specific {@link KapuaEntity} (i.e. {@link KapuaEntityService#create(KapuaEntityCreator)}, {@link KapuaEntityService#delete(KapuaId, KapuaId)}) can
+ * make the control taking in consideration of the {@link Group#getId()} parameter as it is known.
*
- * Instead, methods that access multiple {@link KapuaEntity}s (i.e. {@link KapuaEntityService#query(KapuaQuery)}, {@link KapuaEntityService#count(KapuaQuery)})
- * cannot make a direct control of the {@link Group#getId()} parameter as it is not known and they can be a lot.
- * The access control then, is performed by hiding the data that a {@link Subject} cannot see instead of throwing {@link UnauthorizedException}.
+ * Instead, methods that access multiple {@link KapuaEntity}s (i.e. {@link KapuaEntityService#query(KapuaQuery)}, {@link KapuaEntityService#count(KapuaQuery)}) cannot make a direct control of
+ * the {@link Group#getId()} parameter as it is not known and they can be a lot.
The access control then, is performed by hiding the data that a {@link Subject} cannot see instead of
+ * throwing {@link UnauthorizedException}.
*
*
* The access control for {@link KapuaEntityService#query(KapuaQuery)}, {@link KapuaEntityService#count(KapuaQuery)}) must specify that {@link Group#ANY} group assigned to the permission is
* enough to pass the {@link AuthorizationService#checkPermission(org.eclipse.kapua.service.authorization.permission.Permission)}.
*
*
- * In case of the {@link org.eclipse.kapua.service.authorization.permission.Permission#getForwardable()} equals to {@code true}, more lookup is required.
- * If a parent account access the resources of one of its child accounts it won't have the direct permission to access it.
- * A lookup of {@link Account#getParentAccountPath()} will be required to search if the current user scope id is
- * one of the parent of the given {@link org.eclipse.kapua.service.authorization.permission.Permission#getTargetScopeId()}
+ * In case of the {@link org.eclipse.kapua.service.authorization.permission.Permission#getForwardable()} equals to {@code true}, more lookup is required.
If a parent account access the
+ * resources of one of its child accounts it won't have the direct permission to access it. A lookup of {@link Account#getParentAccountPath()} will be required to search if the current user
+ * scope id is one of the parent of the given {@link org.eclipse.kapua.service.authorization.permission.Permission#getTargetScopeId()}
*
*
* @since 1.0.0
@@ -154,7 +156,7 @@ public boolean equals(Object obj) {
@Override
public boolean implies(Permission shiroPermission) {
- org.eclipse.kapua.service.authorization.permission.Permission targetPermission = (org.eclipse.kapua.service.authorization.permission.Permission) shiroPermission;
+ KapuaPermission targetPermission = (KapuaPermission) shiroPermission;
// Check target Permission domain
checkTargetPermissionIsGroupable(targetPermission);
@@ -188,10 +190,11 @@ public boolean implies(Permission shiroPermission) {
*
* If it is, promotes this {@link org.eclipse.kapua.service.authorization.permission.Permission#getGroupId()} to {@code null} (a.k.a. ALL groups).
*
- * @param targetPermission The target {@link Permission} to check.
+ * @param targetPermission
+ * The target {@link Permission} to check.
* @since 2.0.0
*/
- private void checkTargetPermissionIsGroupable(org.eclipse.kapua.service.authorization.permission.Permission targetPermission) {
+ private void checkTargetPermissionIsGroupable(KapuaPermission targetPermission) {
if (targetPermission.getDomain() != null) {
try {
org.eclipse.kapua.service.authorization.domain.Domain domainDefinition = KapuaSecurityUtils.doPrivileged(() -> domainService.findByName(targetPermission.getDomain()));
@@ -208,21 +211,19 @@ private void checkTargetPermissionIsGroupable(org.eclipse.kapua.service.authoriz
/**
* Checks {@code this} Permission against the given {@link Permission} parameter.
*
- * It tries to forward {@code this} Permission to the {@link #getTargetScopeId()} of the given {@link Permission} parameter.
- * This means that if the required permission has scope id 'B' and {@code this} {@link Permission} has scope id 'A',
- * this methods search the {@link Account#getParentAccountPath()} of the scope id 'B' and checks the {@link Permission} forwarding {@code this} Permission
- * to the same level of the given {@link Permission}.
+ * It tries to forward {@code this} Permission to the {@link #getTargetScopeId()} of the given {@link Permission} parameter.
This means that if the required permission has scope id 'B' and
+ * {@code this} {@link Permission} has scope id 'A', this methods search the {@link Account#getParentAccountPath()} of the scope id 'B' and checks the {@link Permission} forwarding
+ * {@code this} Permission to the same level of the given {@link Permission}.
*
*
*
Example:
- * User 'A' in account 'A' has scopeId 'A' and this permission (A) "*:*:A:*".
- * Account 'A' has a child account 'B', then 'B' has this parent account path: '/A/B';
- * User 'A' tries to access a resource of account 'B' an the direct check {@link Permission#implies(Permission)} fails.
- * So this method searches the parent account path of account 'B', found that 'A' is a parent of 'B'
+ * User 'A' in account 'A' has scopeId 'A' and this permission (A) "*:*:A:*". Account 'A' has a child account 'B', then 'B' has this parent account path: '/A/B'; User 'A' tries to access a
+ * resource of account 'B' an the direct check {@link Permission#implies(Permission)} fails. So this method searches the parent account path of account 'B', found that 'A' is a parent of 'B'
* so then {@code this} {@link Permission} is checked again with 'B' as scopeId.
*
*
- * @param shiroPermission The permission to check against.
+ * @param shiroPermission
+ * The permission to check against.
* @return {@code true} if this permission is forward-able and is valid when forwarded, {@code false otherwise}
* @since 1.0.0
*/
@@ -250,8 +251,6 @@ private boolean forwardPermission(Permission shiroPermission) {
return false;
}
-
- @Override
public void setDomain(String domain) {
this.domain = domain;
}
diff --git a/service/security/test-steps/src/main/java/org/eclipse/kapua/service/authorization/steps/AuthorizationServiceSteps.java b/service/security/test-steps/src/main/java/org/eclipse/kapua/service/authorization/steps/AuthorizationServiceSteps.java
index 2043bb199c1..59859d5e062 100644
--- a/service/security/test-steps/src/main/java/org/eclipse/kapua/service/authorization/steps/AuthorizationServiceSteps.java
+++ b/service/security/test-steps/src/main/java/org/eclipse/kapua/service/authorization/steps/AuthorizationServiceSteps.java
@@ -1569,38 +1569,40 @@ public void checkPermissionComparison() {
Assert.assertFalse(perm1.equals(null));
Assert.assertFalse(perm1.equals(Integer.valueOf(10)));
Assert.assertTrue(perm1.equals(perm2));
- perm1.setDomain(null);
+ perm1 = new Permission(null, perm1.getAction(), perm1.getTargetScopeId(), perm1.getGroupId(), perm1.getForwardable());
Assert.assertFalse(perm1.equals(perm2));
- perm2.setDomain(null);
+ perm2 = new Permission(null, perm2.getAction(), perm2.getTargetScopeId(), perm2.getGroupId(), perm2.getForwardable());
Assert.assertTrue(perm1.equals(perm2));
- perm1.setDomain("test_1");
+ perm1 = new Permission("test_1", perm1.getAction(), perm1.getTargetScopeId(), perm1.getGroupId(), perm1.getForwardable());
Assert.assertFalse(perm1.equals(perm2));
- perm2.setDomain("test_2");
+ perm2 = new Permission("test_2", perm2.getAction(), perm2.getTargetScopeId(), perm2.getGroupId(), perm2.getForwardable());
Assert.assertFalse(perm1.equals(perm2));
- perm1.setDomain("test");
- perm2.setDomain("test");
- perm1.setTargetScopeId(null);
+ perm1 = new Permission("test", perm1.getAction(), perm1.getTargetScopeId(), perm1.getGroupId(), perm1.getForwardable());
+ perm2 = new Permission("test", perm2.getAction(), perm2.getTargetScopeId(), perm2.getGroupId(), perm2.getForwardable());
+ Assert.assertTrue(perm1.equals(perm2));
+ perm1 = new Permission(perm1.getDomain(), perm1.getAction(), null, perm1.getGroupId(), perm1.getForwardable());
Assert.assertFalse(perm1.equals(perm2));
- perm2.setTargetScopeId(null);
+ perm2 = new Permission(perm2.getDomain(), perm2.getAction(), null, perm2.getGroupId(), perm2.getForwardable());
Assert.assertTrue(perm1.equals(perm2));
- perm1.setTargetScopeId(getKapuaId(10));
+ perm1 = new Permission(perm1.getDomain(), perm1.getAction(), getKapuaId(10), perm1.getGroupId(), perm1.getForwardable());
Assert.assertFalse(perm1.equals(perm2));
- perm2.setTargetScopeId(getKapuaId(15));
+ perm2 = new Permission(perm2.getDomain(), perm2.getAction(), getKapuaId(15), perm2.getGroupId(), perm2.getForwardable());
Assert.assertFalse(perm1.equals(perm2));
- perm1.setTargetScopeId(getKapuaId(10));
- perm2.setTargetScopeId(getKapuaId(10));
- perm1.setGroupId(null);
+ perm1 = new Permission(perm1.getDomain(), perm1.getAction(), getKapuaId(10), perm1.getGroupId(), perm1.getForwardable());
+ perm2 = new Permission(perm2.getDomain(), perm2.getAction(), getKapuaId(10), perm2.getGroupId(), perm2.getForwardable());
+ Assert.assertTrue(perm1.equals(perm2));
+ perm1 = new Permission(perm1.getDomain(), perm1.getAction(), perm1.getTargetScopeId(), null, perm1.getForwardable());
Assert.assertFalse(perm1.equals(perm2));
- perm2.setGroupId(null);
+ perm2 = new Permission(perm2.getDomain(), perm2.getAction(), perm2.getTargetScopeId(), null, perm2.getForwardable());
Assert.assertTrue(perm1.equals(perm2));
- perm1.setGroupId(getKapuaId(100));
+ perm1 = new Permission(perm1.getDomain(), perm1.getAction(), perm1.getTargetScopeId(), getKapuaId(100), perm1.getForwardable());
Assert.assertFalse(perm1.equals(perm2));
- perm2.setGroupId(getKapuaId(101));
+ perm2 = new Permission(perm2.getDomain(), perm2.getAction(), perm2.getTargetScopeId(), getKapuaId(101), perm2.getForwardable());
Assert.assertFalse(perm1.equals(perm2));
- perm2.setGroupId(getKapuaId(100));
+ perm2 = new Permission(perm2.getDomain(), perm2.getAction(), perm2.getTargetScopeId(), getKapuaId(100), perm2.getForwardable());
Assert.assertTrue(perm1.equals(perm2));
- perm1.setAction(Actions.read);
- perm2.setAction(Actions.write);
+ perm1 = new Permission(perm1.getDomain(), Actions.read, perm1.getTargetScopeId(), perm1.getGroupId(), perm1.getForwardable());
+ perm2 = new Permission(perm2.getDomain(), Actions.write, perm2.getTargetScopeId(), perm2.getGroupId(), perm2.getForwardable());
Assert.assertFalse(perm1.equals(perm2));
}
diff --git a/service/tag/internal/src/test/java/org/eclipse/kapua/service/tag/internal/StubPermission.java b/service/tag/internal/src/test/java/org/eclipse/kapua/service/tag/internal/StubPermission.java
deleted file mode 100644
index 9cfe851f3ad..00000000000
--- a/service/tag/internal/src/test/java/org/eclipse/kapua/service/tag/internal/StubPermission.java
+++ /dev/null
@@ -1,102 +0,0 @@
-/*******************************************************************************
- * Copyright (c) 2017, 2022 Eurotech and/or its affiliates and others
- *
- * This program and the accompanying materials are made
- * available under the terms of the Eclipse Public License 2.0
- * which is available at https://www.eclipse.org/legal/epl-2.0/
- *
- * SPDX-License-Identifier: EPL-2.0
- *
- * Contributors:
- * Eurotech - initial API and implementation
- *******************************************************************************/
-package org.eclipse.kapua.service.tag.internal;
-
-import org.eclipse.kapua.model.domain.Actions;
-import org.eclipse.kapua.model.id.KapuaId;
-import org.eclipse.kapua.service.authorization.permission.Permission;
-
-import java.util.Objects;
-
-public class StubPermission implements Permission {
- private final String domain;
- private final Actions action;
- private final KapuaId targetScopeId;
- private final KapuaId groupId;
- private final Boolean forwardable;
-
- public StubPermission(String domain, Actions actions, KapuaId targetScopeId, KapuaId groupId, Boolean forwardable) {
- this.domain = domain;
- this.action = actions;
- this.targetScopeId = targetScopeId;
- this.groupId = groupId;
- this.forwardable = forwardable;
- }
-
- @Override
- public boolean equals(Object o) {
- if (this == o) {
- return true;
- }
- if (o == null || getClass() != o.getClass()) {
- return false;
- }
- final StubPermission stubPermission = (StubPermission) o;
- return Objects.equals(domain, stubPermission.domain) && action == stubPermission.action && Objects.equals(targetScopeId, stubPermission.targetScopeId) && Objects.equals(groupId, stubPermission.groupId) && Objects.equals(forwardable, stubPermission.forwardable);
- }
-
- @Override
- public int hashCode() {
- return Objects.hash(domain, action, targetScopeId, groupId, forwardable);
- }
-
- @Override
- public void setDomain(String domain) {
-
- }
-
- @Override
- public String getDomain() {
- return domain;
- }
-
- @Override
- public void setAction(Actions action) {
-
- }
-
- @Override
- public Actions getAction() {
- return action;
- }
-
- @Override
- public void setTargetScopeId(KapuaId targetScopeId) {
-
- }
-
- @Override
- public KapuaId getTargetScopeId() {
- return targetScopeId;
- }
-
- @Override
- public void setGroupId(KapuaId groupId) {
-
- }
-
- @Override
- public KapuaId getGroupId() {
- return groupId;
- }
-
- @Override
- public void setForwardable(boolean forwardable) {
-
- }
-
- @Override
- public boolean getForwardable() {
- return forwardable;
- }
-}
diff --git a/service/tag/internal/src/test/java/org/eclipse/kapua/service/tag/internal/TagServiceImplTest.java b/service/tag/internal/src/test/java/org/eclipse/kapua/service/tag/internal/TagServiceImplTest.java
index fc4020a3190..0c2aa38a5a1 100644
--- a/service/tag/internal/src/test/java/org/eclipse/kapua/service/tag/internal/TagServiceImplTest.java
+++ b/service/tag/internal/src/test/java/org/eclipse/kapua/service/tag/internal/TagServiceImplTest.java
@@ -43,7 +43,7 @@ public class TagServiceImplTest {
.defaultAnswer(invocation -> {
throw new UnsupportedOperationException(invocation.toString());
});
- public static final Permission FAKE_PERMISSION = new StubPermission("fakeDomain", Actions.execute, new KapuaIdImpl(BigInteger.ONE), new KapuaIdImpl(BigInteger.TEN), true);
+ public static final Permission FAKE_PERMISSION = new Permission("fakeDomain", Actions.execute, new KapuaIdImpl(BigInteger.ONE), new KapuaIdImpl(BigInteger.TEN), true);
private PermissionFactory permissionFactory;
private AuthorizationService authorizationService;
private ServiceConfigurationManager serviceConfigurationManager;
diff --git a/service/user/test-steps/src/main/java/org/eclipse/kapua/service/user/steps/UserServiceSteps.java b/service/user/test-steps/src/main/java/org/eclipse/kapua/service/user/steps/UserServiceSteps.java
index 91d67259946..e2c4cc21f4c 100644
--- a/service/user/test-steps/src/main/java/org/eclipse/kapua/service/user/steps/UserServiceSteps.java
+++ b/service/user/test-steps/src/main/java/org/eclipse/kapua/service/user/steps/UserServiceSteps.java
@@ -66,6 +66,7 @@
import org.eclipse.kapua.service.authorization.access.AccessPermissionService;
import org.eclipse.kapua.service.authorization.permission.Permission;
import org.eclipse.kapua.service.authorization.permission.PermissionFactory;
+import org.eclipse.kapua.service.authorization.permission.shiro.PermissionImpl;
import org.eclipse.kapua.service.user.User;
import org.eclipse.kapua.service.user.UserAttributes;
import org.eclipse.kapua.service.user.UserCreator;
@@ -510,7 +511,7 @@ public void queryForLastAddedPermission() throws Exception {
primeException();
try {
KapuaQuery query = new KapuaQuery(getCurrentScopeId());
- query.setPredicate(query.attributePredicate(AccessPermissionAttributes.PERMISSION, permission));
+ query.setPredicate(query.attributePredicate(AccessPermissionAttributes.PERMISSION, new PermissionImpl(permission)));
AccessPermission accessPermission = accessPermissionService.query(query).getFirstItem();
stepData.put(LAST_FOUND_ACCESS_PERMISSION, accessPermission);
} catch (KapuaException ex) {