Fixed issues in permission tree'

4.x.x
harshanl 9 years ago
parent f6c65dd481
commit 429b738dba

@ -60,7 +60,10 @@ public class PermissionManagerServiceImpl implements PermissionManagerService {
@Override
public boolean addPermission(Permission permission) throws PermissionManagementException {
permissionTree.addPermission(permission); // adding a permission to the tree
// update the permission path to absolute permission path
permission.setPath(PermissionUtils.getAbsolutePermissionPath(permission.getPath()));
// adding a permission to the tree
permissionTree.addPermission(permission);
return PermissionUtils.putPermission(permission);
}

@ -87,18 +87,19 @@ public class PermissionTree {
*/
public Permission getPermission(String url, String httpMethod) {
StringTokenizer st = new StringTokenizer(url, ROOT);
PermissionNode tempRoot = rootNode;
PermissionNode tempRoot;
PermissionNode currentRoot = rootNode;
while (st.hasMoreTokens()) {
String currentToken = st.nextToken();
// returns the child node which matches with the 'currentToken' path.
tempRoot = tempRoot.getChild(currentToken);
tempRoot = currentRoot.getChild(currentToken);
// if tempRoot is null, that means 'currentToken' is not matched with the child's path.
// It means that it is at a point where the request must have dynamic path variables.
// Therefor it looks for '*' in the request path. ('*' denotes dynamic path variable).
if (tempRoot == null) {
tempRoot = tempRoot.getChild(DYNAMIC_PATH_NOTATION);
tempRoot = currentRoot.getChild(DYNAMIC_PATH_NOTATION);
// if tempRoot is null, that means there is no any permission which matches with the
// given path
if (tempRoot == null) {
@ -108,7 +109,8 @@ public class PermissionTree {
return null;
}
}
currentRoot = tempRoot;
}
return tempRoot.getPermission(httpMethod);
return currentRoot.getPermission(httpMethod);
}
}

@ -55,6 +55,10 @@ public class PermissionUtils {
}
}
public static String getAbsolutePermissionPath(String permissionPath) {
return PermissionUtils.ADMIN_PERMISSION_REGISTRY_PATH + permissionPath;
}
public static Permission getPermission(String path) throws PermissionManagementException {
try {
Resource resource = PermissionUtils.getGovernanceRegistry().get(path);
@ -97,8 +101,7 @@ public class PermissionUtils {
Resource resource = PermissionUtils.getGovernanceRegistry().newCollection();
resource.addProperty(PERMISSION_PROPERTY_NAME, resourceName);
PermissionUtils.getGovernanceRegistry().beginTransaction();
PermissionUtils.getGovernanceRegistry().put(ADMIN_PERMISSION_REGISTRY_PATH +
path, resource);
PermissionUtils.getGovernanceRegistry().put(path, resource);
PermissionUtils.getGovernanceRegistry().commitTransaction();
}

@ -70,16 +70,14 @@ public class ScopeValidator extends OAuth2ScopeValidator {
getPermissionManagerService();
try {
Permission permission = permissionManagerService.getPermission(properties);
String username = accessTokenDO.getAuthzUser();
status = CarbonContext.getThreadLocalCarbonContext().getUserRealm().
getAuthorizationManager().isUserAuthorized(username, permission.getPath(),
ScopeValidator.PermissionMethod.READ);
UserRealm userRealm = CarbonContext.getThreadLocalCarbonContext().getUserRealm();
if(userRealm != null && userRealm.getAuthorizationManager() != null){
status = userRealm.getAuthorizationManager().isUserAuthorized(username, permission.getPath(),
ScopeValidator.PermissionMethod.READ);
if(permission != null){
String username = accessTokenDO.getAuthzUser();
UserRealm userRealm = CarbonContext.getThreadLocalCarbonContext().getUserRealm();
if(userRealm != null && userRealm.getAuthorizationManager() != null){
status = userRealm.getAuthorizationManager().isUserAuthorized(username, permission.getPath(),
PermissionMethod.READ);
}
}
} catch (PermissionManagementException e) {
log.error("Error occurred while validating the resource scope for : " + resource +
", Msg = " + e.getMessage(), e);

Loading…
Cancel
Save