-
Notifications
You must be signed in to change notification settings - Fork 169
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Permission Checks now use Wildcard semantics. (#2355)
Permission checks are using Subject.isPermitted() which honors wildcard semantics. Changed read/write permission checks to use permissions instead of roles. Removed role cache from Permission Service. Altered JwtAuthRealm to filter user permissions to either * or first element of permission to check for speed. Changed permission index from JsonNode to Map<>. Serializes same way, but map semantics are simpler to navigate. Altered AuthrizationInfo to contain index of Permissions and store Wildcard perms. General cleanup of unused imports and removed unused dependencies (ie: Autowired fields were removed if no longer needed). Fixes #2353. * Added test cases. Reordered test scoped dependencies in pom.xml. Refactored shared methods to AbstractDatabaseTest.
- Loading branch information
1 parent
f347d2d
commit 6a43da5
Showing
12 changed files
with
439 additions
and
268 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
42 changes: 28 additions & 14 deletions
42
src/main/java/org/ohdsi/webapi/security/model/UserSimpleAuthorizationInfo.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,25 +1,39 @@ | ||
package org.ohdsi.webapi.security.model; | ||
|
||
import java.util.List; | ||
import java.util.Map; | ||
import org.apache.shiro.authz.Permission; | ||
import org.apache.shiro.authz.SimpleAuthorizationInfo; | ||
|
||
public class UserSimpleAuthorizationInfo extends SimpleAuthorizationInfo { | ||
private Long userId; | ||
|
||
private String login; | ||
private Long userId; | ||
private String login; | ||
private Map<String,List<Permission>> permissionIdx; | ||
|
||
public Long getUserId() { | ||
return userId; | ||
} | ||
|
||
public Long getUserId() { | ||
return userId; | ||
} | ||
|
||
public void setUserId(Long userId) { | ||
this.userId = userId; | ||
} | ||
public void setUserId(Long userId) { | ||
this.userId = userId; | ||
} | ||
|
||
public String getLogin() { | ||
return login; | ||
} | ||
public String getLogin() { | ||
return login; | ||
} | ||
|
||
public void setLogin(String login) { | ||
this.login = login; | ||
} | ||
|
||
public Map<String, List<Permission>> getPermissionIdx() { | ||
return permissionIdx; | ||
} | ||
|
||
public void setPermissionIdx(Map<String, List<Permission>> permissionIdx) { | ||
this.permissionIdx = permissionIdx; | ||
} | ||
|
||
public void setLogin(String login) { | ||
this.login = login; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.