diff --git a/broker/artemis/plugin/src/main/java/org/eclipse/kapua/broker/artemis/plugin/security/ServerPlugin.java b/broker/artemis/plugin/src/main/java/org/eclipse/kapua/broker/artemis/plugin/security/ServerPlugin.java index a55ef103cb9..4b919d1af27 100644 --- a/broker/artemis/plugin/src/main/java/org/eclipse/kapua/broker/artemis/plugin/security/ServerPlugin.java +++ b/broker/artemis/plugin/src/main/java/org/eclipse/kapua/broker/artemis/plugin/security/ServerPlugin.java @@ -42,7 +42,6 @@ import org.eclipse.kapua.client.security.context.Utils; import org.eclipse.kapua.commons.core.ServiceModuleBundle; import org.eclipse.kapua.commons.metric.CommonsMetric; -import org.eclipse.kapua.commons.populators.DataPopulatorRunner; import org.eclipse.kapua.commons.setting.system.SystemSetting; import org.eclipse.kapua.commons.setting.system.SystemSettingKey; import org.eclipse.kapua.commons.util.KapuaDateUtils; @@ -125,7 +124,6 @@ public ServerPlugin() { publishInfoMessageSizeLimit = BrokerSetting.getInstance().getInt(BrokerSettingKey.PUBLISHED_MESSAGE_SIZE_LOG_THRESHOLD, DEFAULT_PUBLISHED_MESSAGE_SIZE_LOG_THRESHOLD); //TODO find a proper way to initialize database DatabaseCheckUpdate databaseCheckUpdate = new DatabaseCheckUpdate(); - KapuaLocator.getInstance().getService(DataPopulatorRunner.class).runPopulators(); serverContext = ServerContext.getInstance(); brokerEventHanldler = BrokerEventHandler.getInstance(); brokerEventHanldler.registerConsumer((brokerEvent) -> disconnectClient(brokerEvent)); diff --git a/commons/src/main/java/org/eclipse/kapua/commons/CommonsModule.java b/commons/src/main/java/org/eclipse/kapua/commons/CommonsModule.java index e35fac4a53d..6f520d70999 100644 --- a/commons/src/main/java/org/eclipse/kapua/commons/CommonsModule.java +++ b/commons/src/main/java/org/eclipse/kapua/commons/CommonsModule.java @@ -20,6 +20,7 @@ import org.eclipse.kapua.commons.jpa.KapuaJpaRepositoryConfiguration; import org.eclipse.kapua.commons.model.domains.Domains; import org.eclipse.kapua.commons.model.query.QueryFactoryImpl; +import org.eclipse.kapua.commons.populators.DataPopulator; import org.eclipse.kapua.commons.populators.DataPopulatorRunner; import org.eclipse.kapua.commons.service.event.store.api.EventStoreRecordRepository; import org.eclipse.kapua.commons.service.event.store.api.EventStoreService; @@ -44,6 +45,17 @@ protected void configureModule() { bind(DataPopulatorRunner.class).in(Singleton.class); } + @ProvidesIntoSet + //Guice does not like to inject empty sets, so in order to always have a valid DataPopulatorRunner here is a placeholder, good-for-nothing populator implementation + public DataPopulator noopDataPopulator() { + return new DataPopulator() { + @Override + public void populate() { + //Noop + } + }; + } + @ProvidesIntoSet public Domain eventStoreDomain() { return new DomainEntry(Domains.EVENT_STORE, EventStoreService.class.getName(), false, Actions.read, Actions.delete, Actions.write); diff --git a/commons/src/main/java/org/eclipse/kapua/commons/jpa/KapuaEntityJpaRepository.java b/commons/src/main/java/org/eclipse/kapua/commons/jpa/KapuaEntityJpaRepository.java index b204affd9ee..9d9a26c4c31 100644 --- a/commons/src/main/java/org/eclipse/kapua/commons/jpa/KapuaEntityJpaRepository.java +++ b/commons/src/main/java/org/eclipse/kapua/commons/jpa/KapuaEntityJpaRepository.java @@ -69,7 +69,7 @@ public class KapuaEntityJpaRepository concreteClass; protected final String entityName; protected final Supplier listSupplier; - private final Logger logger = LoggerFactory.getLogger(this.getClass()); + protected final Logger logger = LoggerFactory.getLogger(this.getClass()); private static final String SQL_ERROR_CODE_CONSTRAINT_VIOLATION = "23505"; private final KapuaJpaRepositoryConfiguration configuration; private static final String ATTRIBUTE_SEPARATOR = "."; diff --git a/service/security/authorization/api/src/main/java/org/eclipse/kapua/service/authorization/access/AccessPermissionRepository.java b/service/security/authorization/api/src/main/java/org/eclipse/kapua/service/authorization/access/AccessPermissionRepository.java index eb87f15c7a8..e25d7d811f5 100644 --- a/service/security/authorization/api/src/main/java/org/eclipse/kapua/service/authorization/access/AccessPermissionRepository.java +++ b/service/security/authorization/api/src/main/java/org/eclipse/kapua/service/authorization/access/AccessPermissionRepository.java @@ -13,6 +13,7 @@ package org.eclipse.kapua.service.authorization.access; import org.eclipse.kapua.KapuaException; +import org.eclipse.kapua.model.domain.Actions; import org.eclipse.kapua.model.id.KapuaId; import org.eclipse.kapua.storage.KapuaEntityRepository; import org.eclipse.kapua.storage.TxContext; @@ -20,4 +21,6 @@ public interface AccessPermissionRepository extends KapuaEntityRepository { AccessPermissionListResult findByAccessInfoId(TxContext txContext, KapuaId scopeId, KapuaId accessInfoId) throws KapuaException; + + AccessPermissionListResult deleteAllByDomainAndAction(TxContext tx, String domainEntryName, Actions actionToDelete) throws KapuaException; } diff --git a/service/security/authorization/api/src/main/java/org/eclipse/kapua/service/authorization/role/RolePermissionRepository.java b/service/security/authorization/api/src/main/java/org/eclipse/kapua/service/authorization/role/RolePermissionRepository.java index d232a3bf1d2..2d4bfee6a4f 100644 --- a/service/security/authorization/api/src/main/java/org/eclipse/kapua/service/authorization/role/RolePermissionRepository.java +++ b/service/security/authorization/api/src/main/java/org/eclipse/kapua/service/authorization/role/RolePermissionRepository.java @@ -13,10 +13,13 @@ package org.eclipse.kapua.service.authorization.role; import org.eclipse.kapua.KapuaException; +import org.eclipse.kapua.model.domain.Actions; import org.eclipse.kapua.model.id.KapuaId; import org.eclipse.kapua.storage.KapuaEntityRepository; import org.eclipse.kapua.storage.TxContext; public interface RolePermissionRepository extends KapuaEntityRepository { RolePermissionListResult findByRoleId(TxContext tx, KapuaId scopeId, KapuaId roleId) throws KapuaException; + + RolePermissionListResult deleteAllByDomainAndAction(TxContext tx, String domainName, Actions actionToDelete) throws KapuaException; } diff --git a/service/security/shiro/src/main/java/org/eclipse/kapua/service/authorization/access/shiro/AccessPermissionImplJpaRepository.java b/service/security/shiro/src/main/java/org/eclipse/kapua/service/authorization/access/shiro/AccessPermissionImplJpaRepository.java index 308ad7657af..c671dee6d68 100644 --- a/service/security/shiro/src/main/java/org/eclipse/kapua/service/authorization/access/shiro/AccessPermissionImplJpaRepository.java +++ b/service/security/shiro/src/main/java/org/eclipse/kapua/service/authorization/access/shiro/AccessPermissionImplJpaRepository.java @@ -15,6 +15,7 @@ import org.eclipse.kapua.KapuaException; import org.eclipse.kapua.commons.jpa.KapuaEntityJpaRepository; import org.eclipse.kapua.commons.jpa.KapuaJpaRepositoryConfiguration; +import org.eclipse.kapua.model.domain.Actions; import org.eclipse.kapua.model.id.KapuaId; import org.eclipse.kapua.service.authorization.access.AccessPermission; import org.eclipse.kapua.service.authorization.access.AccessPermissionAttributes; @@ -26,6 +27,7 @@ public class AccessPermissionImplJpaRepository extends KapuaEntityJpaRepository implements AccessPermissionRepository { + public AccessPermissionImplJpaRepository(KapuaJpaRepositoryConfiguration configuration) { super(AccessPermissionImpl.class, AccessPermission.TYPE, () -> new AccessPermissionListResultImpl(), configuration); } @@ -36,4 +38,32 @@ public AccessPermissionListResult findByAccessInfoId(TxContext tx, KapuaId scope query.setPredicate(query.attributePredicate(AccessPermissionAttributes.ACCESS_INFO_ID, accessInfoId)); return this.query(tx, query); } + + @Override + public AccessPermissionListResult deleteAllByDomainAndAction(TxContext tx, String domainName, Actions actionToDelete) throws KapuaException { + return new AccessPermissionListResultImpl(); +// final EntityManager em = JpaAwareTxContext.extractEntityManager(tx); +// final CriteriaBuilder cb = em.getCriteriaBuilder(); +// +// final CriteriaQuery listQuery = cb.createQuery(AccessPermissionImpl.class); +// final Root listRoot = listQuery.from(AccessPermissionImpl.class); +// listQuery.where( +// // Find all the triggers that are associated with this job +// cb.and( +// cb.equal(listRoot.get(AccessPermissionImpl_.permission).get(PermissionImpl_.domain), domainName), +// cb.equal(listRoot.get(AccessPermissionImpl_.permission).get(PermissionImpl_.action), actionToDelete) +// ) +// ); +// final List resultList = em.createQuery(listQuery).getResultList(); +// +// if (!resultList.isEmpty()) { +// final CriteriaDelete deleteQuery = cb.createCriteriaDelete(AccessPermissionImpl.class); +// final Root deleteRoot = deleteQuery.from(AccessPermissionImpl.class); +// deleteQuery.where(deleteRoot.get(AccessPermissionImpl_.id).in(resultList.stream().map(r -> r.getId()).map(KapuaEid::parseKapuaId).collect(Collectors.toList()))); +// em.createQuery(deleteQuery).executeUpdate(); +// } +// final AccessPermissionListResultImpl res = new AccessPermissionListResultImpl(); +// res.addItems(resultList); +// return res; + } } diff --git a/service/security/shiro/src/main/java/org/eclipse/kapua/service/authorization/access/shiro/CachingAccessPermissionRepository.java b/service/security/shiro/src/main/java/org/eclipse/kapua/service/authorization/access/shiro/CachingAccessPermissionRepository.java index ebcc3df6f94..3518a351e14 100644 --- a/service/security/shiro/src/main/java/org/eclipse/kapua/service/authorization/access/shiro/CachingAccessPermissionRepository.java +++ b/service/security/shiro/src/main/java/org/eclipse/kapua/service/authorization/access/shiro/CachingAccessPermissionRepository.java @@ -15,6 +15,7 @@ import org.eclipse.kapua.KapuaException; import org.eclipse.kapua.commons.service.internal.cache.EntityCache; import org.eclipse.kapua.commons.storage.KapuaEntityRepositoryCachingWrapper; +import org.eclipse.kapua.model.domain.Actions; import org.eclipse.kapua.model.id.KapuaId; import org.eclipse.kapua.service.authorization.access.AccessPermission; import org.eclipse.kapua.service.authorization.access.AccessPermissionAttributes; @@ -63,4 +64,14 @@ public AccessPermissionListResult findByAccessInfoId(TxContext tx, KapuaId scope } return listResult; } + + @Override + public AccessPermissionListResult deleteAllByDomainAndAction(TxContext tx, String domainEntryName, Actions actionToDelete) throws KapuaException { + return new AccessPermissionListResultImpl(); +// final AccessPermissionListResult removed = wrapped.deleteAllByDomainAndAction(tx, domainEntryName, actionToDelete); +// if (!removed.isEmpty()) { +// removed.getItems().forEach(item -> entityCache.removeList(item.getScopeId(), item.getAccessInfoId())); +// } +// return removed; + } } diff --git a/service/security/shiro/src/main/java/org/eclipse/kapua/service/authorization/domain/shiro/DomainsAligner.java b/service/security/shiro/src/main/java/org/eclipse/kapua/service/authorization/domain/shiro/DomainsAligner.java new file mode 100644 index 00000000000..86327a13f9f --- /dev/null +++ b/service/security/shiro/src/main/java/org/eclipse/kapua/service/authorization/domain/shiro/DomainsAligner.java @@ -0,0 +1,143 @@ +/******************************************************************************* + * Copyright (c) 2016, 2022 Eurotech and/or its affiliates and others + * + * This program and the accompanying materials are made + * available under the terms of the Eclipse Public License 2.0 + * which is available at https://www.eclipse.org/legal/epl-2.0/ + * + * SPDX-License-Identifier: EPL-2.0 + * + * Contributors: + * Eurotech - initial API and implementation + *******************************************************************************/ +package org.eclipse.kapua.service.authorization.domain.shiro; + +import org.eclipse.kapua.KapuaException; +import org.eclipse.kapua.commons.populators.DataPopulator; +import org.eclipse.kapua.model.domain.Actions; +import org.eclipse.kapua.model.domain.Domain; +import org.eclipse.kapua.service.authorization.access.AccessPermissionRepository; +import org.eclipse.kapua.service.authorization.domain.DomainRepository; +import org.eclipse.kapua.service.authorization.role.RolePermissionRepository; +import org.eclipse.kapua.storage.TxContext; +import org.eclipse.kapua.storage.TxManager; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import javax.inject.Inject; +import java.util.EnumSet; +import java.util.List; +import java.util.Map; +import java.util.Set; + +public class DomainsAligner implements DataPopulator { + private final TxManager txManager; + private final DomainRepository domainRepository; + private final AccessPermissionRepository accessPermissionRepository; + private final RolePermissionRepository rolePermissionRepository; + private final Set knownDomains; + private final Logger logger = LoggerFactory.getLogger(this.getClass()); + + @Inject + public DomainsAligner(TxManager txManager, + DomainRepository domainRepository, + AccessPermissionRepository accessPermissionRepository, RolePermissionRepository rolePermissionRepository, + Set knownDomains) { + this.txManager = txManager; + this.domainRepository = domainRepository; + this.accessPermissionRepository = accessPermissionRepository; + this.rolePermissionRepository = rolePermissionRepository; + this.knownDomains = knownDomains; + } + + @Override + public void populate() { +// logger.info("Domain alignment commencing. Found {} domain declarations in wiring", knownDomains.size()); +// final Map knownDomainsByName = knownDomains +// .stream() +// .collect(Collectors.toMap(d -> d.getName(), d -> d)); +// final List declaredDomainsNotInDb = new ArrayList<>(knownDomainsByName.keySet()); +// try { +// KapuaSecurityUtils.doPrivileged(() -> { +// txManager.execute(tx -> { +// final List dbDomainEntries = domainRepository.query(tx, new DomainQueryImpl()).getItems(); +// logger.info("Found {} domain declarations in database", dbDomainEntries.size()); +// +// for (final org.eclipse.kapua.service.authorization.domain.Domain dbDomainEntry : dbDomainEntries) { +// if (!knownDomainsByName.containsKey(dbDomainEntry.getName())) { +// //Leave it be. As we share the database with other components, it might have been created by such components and be hidden from us +// logger.warn("Domain '{}' is only present in the database but has no current declaration! Details: {}", dbDomainEntry.getName(), dbDomainEntry.getDomain()); +// continue; +// } +// //Good news, it's both declared in wiring and present in the db! +// declaredDomainsNotInDb.remove(dbDomainEntry.getName()); +// //Trigger fetch of Actions collection from db, otherwise the toString would not show the details +// dbDomainEntry.getActions(); +// final Domain wiredDomain = knownDomainsByName.get(dbDomainEntry.getName()); +// if (dbDomainEntry.getDomain().equals(wiredDomain)) { +// //We are happy! +// logger.debug("Domain '{}' is ok: {}", dbDomainEntry.getName(), dbDomainEntry.getDomain()); +// continue; +// } +// //Align them! +// alignDomains(tx, dbDomainEntry, wiredDomain); +// } +// createMissingDomains(tx, declaredDomainsNotInDb, knownDomainsByName); +// logger.info("Domain alignment complete!"); +// return null; +// }); +// }); +// } catch (KapuaException e) { +// throw new RuntimeException(e); +// } + } + + private void createMissingDomains(TxContext tx, List declaredDomainsNotInDb, Map knownDomainsByName) throws KapuaException { + if (declaredDomainsNotInDb.size() > 0) { + logger.info("Found {} declared domains that have no counterpart in the database!", declaredDomainsNotInDb.size()); + //Create wired domains not present in the db + for (final String declaredOnlyName : declaredDomainsNotInDb) { + final Domain expected = knownDomainsByName.get(declaredOnlyName); + createDomainInDb(tx, expected); + } + } + } + + private void createDomainInDb(TxContext tx, Domain expected) throws KapuaException { + logger.info("To be added: {}", expected); + final org.eclipse.kapua.service.authorization.domain.Domain newEntity = new DomainImpl(); + newEntity.setName(expected.getName()); + newEntity.setActions(expected.getActions()); + newEntity.setGroupable(expected.getGroupable()); + newEntity.setServiceName(expected.getServiceName()); + domainRepository.create(tx, newEntity); + } + + private void alignDomains(TxContext tx, org.eclipse.kapua.service.authorization.domain.Domain dbDomainEntry, Domain wiredDomain) throws KapuaException { + logger.error("Domain mismatch for name '{}'! Details:" + + "\n\tDb entry: '{}', " + + "\n\texpected: '{}'", + dbDomainEntry.getName(), + dbDomainEntry.getDomain(), + wiredDomain); + + final EnumSet actionsInExcessOnTheDb = EnumSet.copyOf(dbDomainEntry.getActions()); + actionsInExcessOnTheDb.removeAll(wiredDomain.getActions()); + removeActionsInExcess(tx, dbDomainEntry.getName(), actionsInExcessOnTheDb); + //Remove the action from the domain. Thank you JPA for autoupdating the entity on transaction close + dbDomainEntry.getActions().removeAll(actionsInExcessOnTheDb); + + final EnumSet actionsMissingInTheDb = EnumSet.copyOf(wiredDomain.getActions()); + actionsMissingInTheDb.removeAll(dbDomainEntry.getActions()); + //Add the actions to the domain. Thank you JPA for autoupdating the entity on transaction close + dbDomainEntry.getActions().addAll(actionsMissingInTheDb); + } + + private void removeActionsInExcess(TxContext tx, String domainName, EnumSet actionsInExcessOnTheDb) throws KapuaException { + for (final Actions actionToDelete : actionsInExcessOnTheDb) { + logger.info("Removing action '{}' from domain '{}'", actionToDelete, domainName); + accessPermissionRepository.deleteAllByDomainAndAction(tx, domainName, actionToDelete); + rolePermissionRepository.deleteAllByDomainAndAction(tx, domainName, actionToDelete); + } + } +} diff --git a/service/security/shiro/src/main/java/org/eclipse/kapua/service/authorization/domain/shiro/DomainsPopulator.java b/service/security/shiro/src/main/java/org/eclipse/kapua/service/authorization/domain/shiro/DomainsPopulator.java deleted file mode 100644 index 6a628aae012..00000000000 --- a/service/security/shiro/src/main/java/org/eclipse/kapua/service/authorization/domain/shiro/DomainsPopulator.java +++ /dev/null @@ -1,99 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2016, 2022 Eurotech and/or its affiliates and others - * - * This program and the accompanying materials are made - * available under the terms of the Eclipse Public License 2.0 - * which is available at https://www.eclipse.org/legal/epl-2.0/ - * - * SPDX-License-Identifier: EPL-2.0 - * - * Contributors: - * Eurotech - initial API and implementation - *******************************************************************************/ -package org.eclipse.kapua.service.authorization.domain.shiro; - -import org.eclipse.kapua.KapuaException; -import org.eclipse.kapua.commons.populators.DataPopulator; -import org.eclipse.kapua.commons.security.KapuaSecurityUtils; -import org.eclipse.kapua.model.domain.Domain; -import org.eclipse.kapua.service.authorization.domain.DomainRepository; -import org.eclipse.kapua.storage.TxManager; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import javax.inject.Inject; -import java.util.ArrayList; -import java.util.List; -import java.util.Map; -import java.util.Set; -import java.util.stream.Collectors; - -public class DomainsPopulator implements DataPopulator { - private final TxManager txManager; - private final DomainRepository domainRepository; - private final Set knownDomains; - private final Logger logger = LoggerFactory.getLogger(this.getClass()); - - @Inject - public DomainsPopulator(TxManager txManager, DomainRepository domainRepository, - Set knownDomains) { - this.txManager = txManager; - this.domainRepository = domainRepository; - this.knownDomains = knownDomains; - } - - @Override - public void populate() { - logger.info("Domain alignment commencing. Found {} domain declarations in wiring", knownDomains.size()); - final Map knownDomainsByName = knownDomains - .stream() - .collect(Collectors.toMap(d -> d.getName(), d -> d)); - final List declaredOnlyNames = new ArrayList<>(knownDomainsByName.keySet()); - try { - KapuaSecurityUtils.doPrivileged(() -> { - txManager.execute(tx -> { - final List dbDomainEntries = domainRepository.query(tx, new DomainQueryImpl()).getItems(); - logger.info("Found {} domain declarations in database", dbDomainEntries.size()); - final List dbOnlyNames = new ArrayList<>(); - - for (final org.eclipse.kapua.service.authorization.domain.Domain dbDomainEntry : dbDomainEntries) { - if (!knownDomainsByName.containsKey(dbDomainEntry.getName())) { - dbOnlyNames.add(dbDomainEntry); - logger.warn("Domain '{}' is only present in the database but has no current declaration! Details: {}", dbDomainEntry.getName(), dbDomainEntry.getDomain()); - continue; - } - declaredOnlyNames.remove(dbDomainEntry.getName()); - //Trigger fetch from db - dbDomainEntry.getActions(); - if (dbDomainEntry.getDomain().equals(knownDomainsByName.get(dbDomainEntry.getName()))) { - logger.debug("Domain '{}' is ok: {}", dbDomainEntry.getName(), dbDomainEntry.getDomain()); - } else { - logger.error("Domain mismatch for name '{}'! Details:" + - "\n\tDb entry: '{}', " + - "\n\texpected: '{}'", dbDomainEntry.getName(), dbDomainEntry.getDomain(), knownDomainsByName.get(dbDomainEntry.getName())); - } - } - if (declaredOnlyNames.size() > 0) { - logger.info("Found {} declared domains that have no counterpart in the database!", declaredOnlyNames.size()); - } - for (final String declaredOnlyName : declaredOnlyNames) { - final Domain expected = knownDomainsByName.get(declaredOnlyName); - logger.info("To be added: {}", expected); - final org.eclipse.kapua.service.authorization.domain.Domain newEntity = new DomainImpl(); - newEntity.setName(expected.getName()); - newEntity.setActions(expected.getActions()); - newEntity.setGroupable(expected.getGroupable()); - newEntity.setServiceName(expected.getServiceName()); -//Conflict with some domains created by liquibase only in certain subprojects, (e.g.: broker domain created only in authorization service app. -// If the populator is run by other components, it creates the domain first and the liquibase script fails - // domainRepository.create(tx, newEntity); - } - logger.info("Domain alignment complete!"); - return null; - }); - }); - } catch (KapuaException e) { - throw new RuntimeException(e); - } - } -} diff --git a/service/security/shiro/src/main/java/org/eclipse/kapua/service/authorization/role/shiro/RolePermissionCachingRepository.java b/service/security/shiro/src/main/java/org/eclipse/kapua/service/authorization/role/shiro/RolePermissionCachingRepository.java index 73a4c26228c..18404c51b86 100644 --- a/service/security/shiro/src/main/java/org/eclipse/kapua/service/authorization/role/shiro/RolePermissionCachingRepository.java +++ b/service/security/shiro/src/main/java/org/eclipse/kapua/service/authorization/role/shiro/RolePermissionCachingRepository.java @@ -15,6 +15,7 @@ import org.eclipse.kapua.KapuaException; import org.eclipse.kapua.commons.service.internal.cache.EntityCache; import org.eclipse.kapua.commons.storage.KapuaEntityRepositoryCachingWrapper; +import org.eclipse.kapua.model.domain.Actions; import org.eclipse.kapua.model.id.KapuaId; import org.eclipse.kapua.service.authorization.role.RolePermission; import org.eclipse.kapua.service.authorization.role.RolePermissionListResult; @@ -65,4 +66,14 @@ public RolePermissionListResult findByRoleId(TxContext tx, KapuaId scopeId, Kapu entityCache.putList(scopeId, roleId, listResult); return fromWrapped; } + + @Override + public RolePermissionListResult deleteAllByDomainAndAction(TxContext tx, String domainName, Actions actionToDelete) throws KapuaException { + return new RolePermissionListResultImpl(); +// final RolePermissionListResult removed = wrapped.deleteAllByDomainAndAction(tx, domainName, actionToDelete); +// if (!removed.isEmpty()) { +// removed.getItems().forEach(item -> entityCache.removeList(item.getScopeId(), item.getRoleId())); +// } +// return removed; + } } diff --git a/service/security/shiro/src/main/java/org/eclipse/kapua/service/authorization/role/shiro/RolePermissionImplJpaRepository.java b/service/security/shiro/src/main/java/org/eclipse/kapua/service/authorization/role/shiro/RolePermissionImplJpaRepository.java index 802739a9e01..b25f67ed35e 100644 --- a/service/security/shiro/src/main/java/org/eclipse/kapua/service/authorization/role/shiro/RolePermissionImplJpaRepository.java +++ b/service/security/shiro/src/main/java/org/eclipse/kapua/service/authorization/role/shiro/RolePermissionImplJpaRepository.java @@ -15,6 +15,7 @@ import org.eclipse.kapua.KapuaException; import org.eclipse.kapua.commons.jpa.KapuaEntityJpaRepository; import org.eclipse.kapua.commons.jpa.KapuaJpaRepositoryConfiguration; +import org.eclipse.kapua.model.domain.Actions; import org.eclipse.kapua.model.id.KapuaId; import org.eclipse.kapua.service.authorization.role.RolePermission; import org.eclipse.kapua.service.authorization.role.RolePermissionListResult; @@ -35,4 +36,32 @@ public RolePermissionListResult findByRoleId(TxContext tx, KapuaId scopeId, Kapu res.addItems(doFindAllByField(tx, scopeId, RolePermissionImpl_.ROLE_ID, roleId)); return res; } + + @Override + public RolePermissionListResult deleteAllByDomainAndAction(TxContext tx, String domainName, Actions actionToDelete) throws KapuaException { + return new RolePermissionListResultImpl(); +// final EntityManager em = JpaAwareTxContext.extractEntityManager(tx); +// final CriteriaBuilder cb = em.getCriteriaBuilder(); +// +// final CriteriaQuery listQuery = cb.createQuery(RolePermissionImpl.class); +// final Root listRoot = listQuery.from(RolePermissionImpl.class); +// listQuery.where( +// // Find all the triggers that are associated with this job +// cb.and( +// cb.equal(listRoot.get(RolePermissionImpl_.permission).get(PermissionImpl_.domain), domainName), +// cb.equal(listRoot.get(RolePermissionImpl_.permission).get(PermissionImpl_.action), actionToDelete) +// ) +// ); +// final List resultList = em.createQuery(listQuery).getResultList(); +// +// if (!resultList.isEmpty()) { +// final CriteriaDelete deleteQuery = cb.createCriteriaDelete(RolePermissionImpl.class); +// final Root deleteRoot = deleteQuery.from(RolePermissionImpl.class); +// deleteQuery.where(deleteRoot.get(RolePermissionImpl_.id).in(resultList.stream().map(r -> r.getId()).map(KapuaEid::parseKapuaId).collect(Collectors.toList()))); +// em.createQuery(deleteQuery).executeUpdate(); +// } +// final RolePermissionListResultImpl res = new RolePermissionListResultImpl(); +// res.addItems(resultList); +// return res; + } } diff --git a/service/security/shiro/src/main/java/org/eclipse/kapua/service/authorization/shiro/AuthorizationModule.java b/service/security/shiro/src/main/java/org/eclipse/kapua/service/authorization/shiro/AuthorizationModule.java index d2763d989db..820c468f611 100644 --- a/service/security/shiro/src/main/java/org/eclipse/kapua/service/authorization/shiro/AuthorizationModule.java +++ b/service/security/shiro/src/main/java/org/eclipse/kapua/service/authorization/shiro/AuthorizationModule.java @@ -72,7 +72,7 @@ import org.eclipse.kapua.service.authorization.domain.shiro.DomainFactoryImpl; import org.eclipse.kapua.service.authorization.domain.shiro.DomainImplJpaRepository; import org.eclipse.kapua.service.authorization.domain.shiro.DomainRegistryServiceImpl; -import org.eclipse.kapua.service.authorization.domain.shiro.DomainsPopulator; +import org.eclipse.kapua.service.authorization.domain.shiro.DomainsAligner; import org.eclipse.kapua.service.authorization.group.GroupFactory; import org.eclipse.kapua.service.authorization.group.GroupRepository; import org.eclipse.kapua.service.authorization.group.GroupService; @@ -175,11 +175,15 @@ ServiceModule authorizationServiceModule(AccessInfoService accessInfoService, DataPopulator domainsPopulator( KapuaJpaTxManagerFactory jpaTxManagerFactory, DomainRepository domainRepository, + AccessPermissionRepository accessPermissionRepository, + RolePermissionRepository rolePermissionRepository, Set declaredDomains ) { - return new DomainsPopulator( + return new DomainsAligner( jpaTxManagerFactory.create("kapua-authorization"), domainRepository, + accessPermissionRepository, + rolePermissionRepository, declaredDomains ); }