Fixed issues in permission tree'

revert-70aa11f8
harshanl 9 years ago
parent f6c65dd481
commit 429b738dba

@ -60,7 +60,10 @@ public class PermissionManagerServiceImpl implements PermissionManagerService {
@Override @Override
public boolean addPermission(Permission permission) throws PermissionManagementException { public boolean addPermission(Permission permission) throws PermissionManagementException {
permissionTree.addPermission(permission); // adding a permission to the tree // update the permission path to absolute permission path
permission.setPath(PermissionUtils.getAbsolutePermissionPath(permission.getPath()));
// adding a permission to the tree
permissionTree.addPermission(permission);
return PermissionUtils.putPermission(permission); return PermissionUtils.putPermission(permission);
} }

@ -87,18 +87,19 @@ public class PermissionTree {
*/ */
public Permission getPermission(String url, String httpMethod) { public Permission getPermission(String url, String httpMethod) {
StringTokenizer st = new StringTokenizer(url, ROOT); StringTokenizer st = new StringTokenizer(url, ROOT);
PermissionNode tempRoot = rootNode; PermissionNode tempRoot;
PermissionNode currentRoot = rootNode;
while (st.hasMoreTokens()) { while (st.hasMoreTokens()) {
String currentToken = st.nextToken(); String currentToken = st.nextToken();
// returns the child node which matches with the 'currentToken' path. // returns the child node which matches with the 'currentToken' path.
tempRoot = tempRoot.getChild(currentToken); tempRoot = currentRoot.getChild(currentToken);
// if tempRoot is null, that means 'currentToken' is not matched with the child's path. // if tempRoot is null, that means 'currentToken' is not matched with the child's path.
// It means that it is at a point where the request must have dynamic path variables. // It means that it is at a point where the request must have dynamic path variables.
// Therefor it looks for '*' in the request path. ('*' denotes dynamic path variable). // Therefor it looks for '*' in the request path. ('*' denotes dynamic path variable).
if (tempRoot == null) { if (tempRoot == null) {
tempRoot = tempRoot.getChild(DYNAMIC_PATH_NOTATION); tempRoot = currentRoot.getChild(DYNAMIC_PATH_NOTATION);
// if tempRoot is null, that means there is no any permission which matches with the // if tempRoot is null, that means there is no any permission which matches with the
// given path // given path
if (tempRoot == null) { if (tempRoot == null) {
@ -108,7 +109,8 @@ public class PermissionTree {
return null; return null;
} }
} }
currentRoot = tempRoot;
} }
return tempRoot.getPermission(httpMethod); return currentRoot.getPermission(httpMethod);
} }
} }

@ -55,6 +55,10 @@ public class PermissionUtils {
} }
} }
public static String getAbsolutePermissionPath(String permissionPath) {
return PermissionUtils.ADMIN_PERMISSION_REGISTRY_PATH + permissionPath;
}
public static Permission getPermission(String path) throws PermissionManagementException { public static Permission getPermission(String path) throws PermissionManagementException {
try { try {
Resource resource = PermissionUtils.getGovernanceRegistry().get(path); Resource resource = PermissionUtils.getGovernanceRegistry().get(path);
@ -97,8 +101,7 @@ public class PermissionUtils {
Resource resource = PermissionUtils.getGovernanceRegistry().newCollection(); Resource resource = PermissionUtils.getGovernanceRegistry().newCollection();
resource.addProperty(PERMISSION_PROPERTY_NAME, resourceName); resource.addProperty(PERMISSION_PROPERTY_NAME, resourceName);
PermissionUtils.getGovernanceRegistry().beginTransaction(); PermissionUtils.getGovernanceRegistry().beginTransaction();
PermissionUtils.getGovernanceRegistry().put(ADMIN_PERMISSION_REGISTRY_PATH + PermissionUtils.getGovernanceRegistry().put(path, resource);
path, resource);
PermissionUtils.getGovernanceRegistry().commitTransaction(); PermissionUtils.getGovernanceRegistry().commitTransaction();
} }

@ -70,16 +70,14 @@ public class ScopeValidator extends OAuth2ScopeValidator {
getPermissionManagerService(); getPermissionManagerService();
try { try {
Permission permission = permissionManagerService.getPermission(properties); Permission permission = permissionManagerService.getPermission(properties);
String username = accessTokenDO.getAuthzUser(); if(permission != null){
status = CarbonContext.getThreadLocalCarbonContext().getUserRealm(). String username = accessTokenDO.getAuthzUser();
getAuthorizationManager().isUserAuthorized(username, permission.getPath(), UserRealm userRealm = CarbonContext.getThreadLocalCarbonContext().getUserRealm();
ScopeValidator.PermissionMethod.READ); if(userRealm != null && userRealm.getAuthorizationManager() != null){
UserRealm userRealm = CarbonContext.getThreadLocalCarbonContext().getUserRealm(); status = userRealm.getAuthorizationManager().isUserAuthorized(username, permission.getPath(),
if(userRealm != null && userRealm.getAuthorizationManager() != null){ PermissionMethod.READ);
status = userRealm.getAuthorizationManager().isUserAuthorized(username, permission.getPath(), }
ScopeValidator.PermissionMethod.READ);
} }
} catch (PermissionManagementException e) { } catch (PermissionManagementException e) {
log.error("Error occurred while validating the resource scope for : " + resource + log.error("Error occurred while validating the resource scope for : " + resource +
", Msg = " + e.getMessage(), e); ", Msg = " + e.getMessage(), e);

Loading…
Cancel
Save