All Downloads are FREE. Search and download functionalities are using the official Maven repository.

io.continual.iam.impl.file.IamFileDbServiceManager Maven / Gradle / Ivy

The newest version!
/*
 *	Copyright 2019, Continual.io
 *
 *	Licensed under the Apache License, Version 2.0 (the "License");
 *	you may not use this file except in compliance with the License.
 *	You may obtain a copy of the License at
 *	
 *	http://www.apache.org/licenses/LICENSE-2.0
 *	
 *	Unless required by applicable law or agreed to in writing, software
 *	distributed under the License is distributed on an "AS IS" BASIS,
 *	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *	See the License for the specific language governing permissions and
 *	limitations under the License.
 */
package io.continual.iam.impl.file;

import java.io.File;

import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;

import io.continual.builder.Builder.BuildFailure;
import io.continual.iam.IamServiceManager;
import io.continual.iam.access.AccessControlList;
import io.continual.iam.access.AccessDb;
import io.continual.iam.access.AccessManager;
import io.continual.iam.access.AclUpdateListener;
import io.continual.iam.exceptions.IamSvcException;
import io.continual.iam.identity.IdentityDb;
import io.continual.iam.identity.IdentityManager;
import io.continual.iam.impl.common.CommonJsonDb.AclFactory;
import io.continual.iam.impl.common.CommonJsonGroup;
import io.continual.iam.impl.common.CommonJsonIdentity;
import io.continual.iam.impl.common.jwt.JwtProducer;
import io.continual.iam.impl.common.jwt.SimpleJwtValidator;
import io.continual.iam.tags.TagManager;
import io.continual.services.ServiceContainer;
import io.continual.services.SimpleService;
import io.continual.util.data.exprEval.ExpressionEvaluator;
import io.continual.util.data.json.JsonVisitor;
import io.continual.util.data.json.JsonVisitor.ArrayVisitor;

public class IamFileDbServiceManager extends SimpleService implements IamServiceManager
{
	public IamFileDbServiceManager ( ServiceContainer sc, JSONObject settings ) throws IamSvcException, BuildFailure
	{
		final String sysAdminGroup = settings.optString ( "sysAdminGroup", "sysadmin" );

		final JSONObject jwt = settings.optJSONObject ( "jwt" );

		JwtProducer p = null;
		if ( jwt != null )
		{
			final String jwtIssuer = jwt.optString ( "issuer", null );
			final String jwtSecret = jwt.optString ( "sha256Key", null );
			if ( jwtIssuer != null && jwtSecret != null )
			{
				p = new JwtProducer.Builder ()
					.withIssuerName ( jwtIssuer )
					.usingSigningKey ( jwtSecret )
					.build ()
				;
			}
		}

		final ExpressionEvaluator evaluator = sc.getExprEval ( settings );

		fDb = new IamFileDb.Builder ()
			.usingFile ( new File ( evaluator.evaluateText ( settings.getString ( "file" ) ) ) )
			.withPassword ( evaluator.evaluateText ( settings.optString ( "password", "" ) ) )
			.readonly ( settings.optBoolean ( "readonly", false ) )
			.usingAclFactory ( new AclFactory ()
			{
				@Override
				public AccessControlList createDefaultAcl ( AclUpdateListener acll )
				{
					final AccessControlList acl = new AccessControlList ( acll );
					acl
						.permit ( sysAdminGroup, AccessControlList.READ )
						.permit ( sysAdminGroup, AccessControlList.UPDATE )
						.permit ( sysAdminGroup, AccessControlList.CREATE )
						.permit ( sysAdminGroup, AccessControlList.DELETE )
					;
					return acl;
				}
			} )
			.withJwtProducer ( p )
			.build ()
		;

		// optionally add 3rd party JWT validators to the db
		if ( jwt != null )
		{
			final JSONArray auths = jwt.optJSONArray ( "thirdPartyAuth" );
			JsonVisitor.forEachElement ( auths, new ArrayVisitor ()
			{
				@Override
				public boolean visit ( JSONObject authEntry ) throws JSONException,BuildFailure
				{
					final String keys = authEntry.optString ( "keys" );
					
					final SimpleJwtValidator v = new SimpleJwtValidator.Builder ()
						.named ( authEntry.optString ( "name", "(anonymous)" ) )
						.forIssuer ( authEntry.getString ( "issuer" ) )
						.forAudience ( authEntry.getString ( "audience" ) )
						.getPublicKeysFrom ( keys )
						.build ()
					;
					fDb.addJwtValidator ( v );
					return true;
				}
			} );
		}
	}

	@Override
	public IdentityDb getIdentityDb () throws IamSvcException
	{
		return fDb;
	}

	@Override
	public AccessDb getAccessDb () throws IamSvcException
	{
		return fDb;
	}

	@Override
	public IdentityManager getIdentityManager () throws IamSvcException
	{
		return fDb;
	}

	@Override
	public AccessManager getAccessManager () throws IamSvcException
	{
		return fDb;
	}

	@Override
	public TagManager getTagManager () throws IamSvcException
	{
		return fDb;
	}

	private final IamFileDb fDb;
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy