Class AuthorizationManagerServiceImpl
- java.lang.Object
-
- org.openiam.common.authmanager.service.AbstractAuthorizationManagerService
-
- org.openiam.authmanager.service.impl.AuthorizationManagerServiceImpl
-
- All Implemented Interfaces:
AuthorizationManagerService,Sweepable,org.springframework.beans.factory.Aware,org.springframework.context.ApplicationContextAware
@Service("authorizationManagerService") public class AuthorizationManagerServiceImpl extends AbstractAuthorizationManagerService implements AuthorizationManagerService, org.springframework.context.ApplicationContextAware, Sweepable- Author:
- Lev Bornovalov Use this class for checking Entitlements between Users, Groups, Roles, Organizations, and Resources This class uses JDBC Daos directly, in order to circumvent Hibernate. In order to have a high-performing partial-cache, custom JDBC Queries are required under high load (hence, the reason Hibernate is not used here) This class is READ-ONLY! No Database writes should be performed
-
-
Field Summary
-
Fields inherited from class org.openiam.common.authmanager.service.AbstractAuthorizationManagerService
resourceDAO, resourcePropDAO, transactionTemplate
-
-
Constructor Summary
Constructors Constructor Description AuthorizationManagerServiceImpl(org.springframework.transaction.PlatformTransactionManager platformTransactionManager, PropertyValueCache propertyValueSweeper, UserRabbitMQService userRabbitMQService, RabbitMQSender rabbitMQSender, MembershipDAO membershipDAO, AuthManagerDAO authManagerDAO, ProvisionBulkQueue provisionQueue, AuthorizationManagerDataProvider dataProvider, org.apache.tinkerpop.gremlin.process.traversal.dsl.graph.GraphTraversalSource graphSource, org.redisson.api.RedissonClient redissonClient, EdgeIdCacheSweeper edgeIdCacheSweeper, EntitltementsObjectCache publicResourceCache, org.springframework.data.redis.core.RedisTemplate<String,AuthorizationCacheToken> remoteEntitlementsCache, GraphIdCacheSweeper graphIdCacheSweeper, AbstractGraphIdProvider graphIdProvider, GraphOperations graphOperations, EntitltementsObjectCacheSweeper entitlementsObjectsCacheSweeper, AuthManagerMQService authManagerMQService, org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor entitlementsExecutor)
-
Method Summary
-
Methods inherited from class org.openiam.common.authmanager.service.AbstractAuthorizationManagerService
createMenuTrees, getAccessRight, getAccessRight, getAllMenuTrees, getMembershipMapByEntityId, getMembershipMapByMemberEntityId, getMenus, getMenuTree, getRightMap, localize
-
-
-
-
Constructor Detail
-
AuthorizationManagerServiceImpl
public AuthorizationManagerServiceImpl(@Qualifier("transactionManager") org.springframework.transaction.PlatformTransactionManager platformTransactionManager, PropertyValueCache propertyValueSweeper, UserRabbitMQService userRabbitMQService, RabbitMQSender rabbitMQSender, MembershipDAO membershipDAO, AuthManagerDAO authManagerDAO, ProvisionBulkQueue provisionQueue, AuthorizationManagerDataProvider dataProvider, org.apache.tinkerpop.gremlin.process.traversal.dsl.graph.GraphTraversalSource graphSource, org.redisson.api.RedissonClient redissonClient, EdgeIdCacheSweeper edgeIdCacheSweeper, EntitltementsObjectCache publicResourceCache, @Qualifier("remoteEntitlementsCache") org.springframework.data.redis.core.RedisTemplate<String,AuthorizationCacheToken> remoteEntitlementsCache, GraphIdCacheSweeper graphIdCacheSweeper, AbstractGraphIdProvider graphIdProvider, GraphOperations graphOperations, EntitltementsObjectCacheSweeper entitlementsObjectsCacheSweeper, AuthManagerMQService authManagerMQService, @Qualifier("entitlementsExecutor") org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor entitlementsExecutor)
-
-
Method Detail
-
rebuildGraph
public void rebuildGraph()
Description copied from interface:AuthorizationManagerServiceFor test or emergency use only. If your data set is large, this function will likely time-out if calling via HTTP and/or RabbitMQ This function will delete the entire graph, and rebuild it from scratch- Specified by:
rebuildGraphin interfaceAuthorizationManagerService
-
init
@PostConstruct public void init()
-
fixDataInconsistencies
@Transactional @Scheduled(initialDelay=10000L, fixedRateString="${org.openiam.authorization.manager.gremlin.fix.data.time.ms}") public void fixDataInconsistencies()In case of errors (database transaction timeout, etc), this method will TRY to fix itIn addition, this method will insert edges where startDate and/or endDate is within the current range
- Specified by:
fixDataInconsistenciesin interfaceAuthorizationManagerService
-
removeExpiredEdges
@Scheduled(initialDelayString="${org.openiam.authorization.manager.gremlin.edge.sync.time.ms}", fixedRateString="${org.openiam.authorization.manager.gremlin.edge.sync.time.ms}") @Transactional public void removeExpiredEdges()this method removes expired edges from the database- Specified by:
removeExpiredEdgesin interfaceAuthorizationManagerService
-
sweep
public void sweep()
This function builds a graph of entitelements in the underlying graph database
-
setApplicationContext
public void setApplicationContext(org.springframework.context.ApplicationContext ctx) throws org.springframework.beans.BeansException- Specified by:
setApplicationContextin interfaceorg.springframework.context.ApplicationContextAware- Throws:
org.springframework.beans.BeansException
-
isMemberOfGroup
public boolean isMemberOfGroup(String userId, String groupId)
- Specified by:
isMemberOfGroupin interfaceAuthorizationManagerService
-
isMemberOfGroup
public boolean isMemberOfGroup(String userId, String groupId, String rightId)
- Specified by:
isMemberOfGroupin interfaceAuthorizationManagerService
-
isMemberOfRole
public boolean isMemberOfRole(String userId, String roleId)
- Specified by:
isMemberOfRolein interfaceAuthorizationManagerService
-
isMemberOfRole
public boolean isMemberOfRole(String userId, String roleId, String rightId)
- Specified by:
isMemberOfRolein interfaceAuthorizationManagerService
-
getResourcesForUser
public Set<ResourceAuthorizationRight> getResourcesForUser(String userId)
- Specified by:
getResourcesForUserin interfaceAuthorizationManagerService
-
getGroupsForUser
public Set<GroupAuthorizationRight> getGroupsForUser(String userId)
- Specified by:
getGroupsForUserin interfaceAuthorizationManagerService
-
getOrganizationsForUser
public Set<OrganizationAuthorizationRight> getOrganizationsForUser(String userId)
- Specified by:
getOrganizationsForUserin interfaceAuthorizationManagerService
-
getRolesForUser
public Set<RoleAuthorizationRight> getRolesForUser(String userId)
- Specified by:
getRolesForUserin interfaceAuthorizationManagerService
-
isEntitled
public boolean isEntitled(String userId, String resourceId)
- Specified by:
isEntitledin interfaceAuthorizationManagerService
-
isEntitled
public boolean isEntitled(String userId, String resourceId, String rightId)
- Specified by:
isEntitledin interfaceAuthorizationManagerService
-
isMemberOfOrganization
public boolean isMemberOfOrganization(String userId, String organizationId)
- Specified by:
isMemberOfOrganizationin interfaceAuthorizationManagerService
-
isMemberOfOrganization
public boolean isMemberOfOrganization(String userId, String organizationId, String rightId)
- Specified by:
isMemberOfOrganizationin interfaceAuthorizationManagerService
-
showOnlyVisibleObjects
public boolean showOnlyVisibleObjects(String userId)
- Specified by:
showOnlyVisibleObjectsin interfaceAuthorizationManagerService
-
getEntitlementMap
public Map<String,Boolean> getEntitlementMap(String userId, Set<String> resourceIds)
- Specified by:
getEntitlementMapin interfaceAuthorizationManagerService
-
invalidateUserEntitlementsFromCache
public void invalidateUserEntitlementsFromCache(String id)
- Specified by:
invalidateUserEntitlementsFromCachein interfaceAuthorizationManagerService
-
getNonCachedEntitlementsForUser
public ResourceEntitlementToken getNonCachedEntitlementsForUser(NonCachedEntitlementRequest request) throws NoGraphIdFoundException
- Specified by:
getNonCachedEntitlementsForUserin interfaceAuthorizationManagerService- Throws:
NoGraphIdFoundException
-
getNonCachedEntitlementsForGroup
public ResourceEntitlementToken getNonCachedEntitlementsForGroup(NonCachedEntitlementRequest request) throws NoGraphIdFoundException
- Specified by:
getNonCachedEntitlementsForGroupin interfaceAuthorizationManagerService- Throws:
NoGraphIdFoundException
-
getNonCachedEntitlementsForResource
public ResourceEntitlementToken getNonCachedEntitlementsForResource(NonCachedEntitlementRequest request) throws NoGraphIdFoundException
- Specified by:
getNonCachedEntitlementsForResourcein interfaceAuthorizationManagerService- Throws:
NoGraphIdFoundException
-
getNonCachedEntitlementsForRole
public ResourceEntitlementToken getNonCachedEntitlementsForRole(NonCachedEntitlementRequest request) throws NoGraphIdFoundException
- Specified by:
getNonCachedEntitlementsForRolein interfaceAuthorizationManagerService- Throws:
NoGraphIdFoundException
-
getNonCachedEntitlementsForOrganization
public ResourceEntitlementToken getNonCachedEntitlementsForOrganization(NonCachedEntitlementRequest request) throws NoGraphIdFoundException
- Specified by:
getNonCachedEntitlementsForOrganizationin interfaceAuthorizationManagerService- Throws:
NoGraphIdFoundException
-
getOwnerIdsForResourceSet
public HashMap<String,SetStringResponse> getOwnerIdsForResourceSet(Set<String> resourceIdSet) throws NoGraphIdFoundException
- Specified by:
getOwnerIdsForResourceSetin interfaceAuthorizationManagerService- Throws:
NoGraphIdFoundException
-
getOwnerIdsForGroup
public Set<String> getOwnerIdsForGroup(String groupId) throws NoGraphIdFoundException
- Specified by:
getOwnerIdsForGroupin interfaceAuthorizationManagerService- Throws:
NoGraphIdFoundException
-
getOwnerIdsForGroupSet
public HashMap<String,SetStringResponse> getOwnerIdsForGroupSet(Set<String> groupIdSet) throws NoGraphIdFoundException
- Specified by:
getOwnerIdsForGroupSetin interfaceAuthorizationManagerService- Throws:
NoGraphIdFoundException
-
markUserAsEntitlementsLoadingInProgress
public void markUserAsEntitlementsLoadingInProgress(String userId, boolean inProgress)
- Specified by:
markUserAsEntitlementsLoadingInProgressin interfaceAuthorizationManagerService- Parameters:
userId- - the user IDinProgress- - if the user's entitlements are being loaded If the user's entitlements are currently being loaded, or if they are finished loading, this method will mark this as such
-
-