io.continual.iam.impl.file.IamFileDbServiceManager Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of continualIamFile Show documentation
Show all versions of continualIamFile Show documentation
Continual IAM over a local file.
The newest version!
/*
* Copyright 2019, Continual.io
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package io.continual.iam.impl.file;
import java.io.File;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;
import io.continual.builder.Builder.BuildFailure;
import io.continual.iam.IamServiceManager;
import io.continual.iam.access.AccessControlList;
import io.continual.iam.access.AccessDb;
import io.continual.iam.access.AccessManager;
import io.continual.iam.access.AclUpdateListener;
import io.continual.iam.exceptions.IamSvcException;
import io.continual.iam.identity.IdentityDb;
import io.continual.iam.identity.IdentityManager;
import io.continual.iam.impl.common.CommonJsonDb.AclFactory;
import io.continual.iam.impl.common.CommonJsonGroup;
import io.continual.iam.impl.common.CommonJsonIdentity;
import io.continual.iam.impl.common.jwt.JwtProducer;
import io.continual.iam.impl.common.jwt.SimpleJwtValidator;
import io.continual.iam.tags.TagManager;
import io.continual.services.ServiceContainer;
import io.continual.services.SimpleService;
import io.continual.util.data.exprEval.ExpressionEvaluator;
import io.continual.util.data.json.JsonVisitor;
import io.continual.util.data.json.JsonVisitor.ArrayVisitor;
public class IamFileDbServiceManager extends SimpleService implements IamServiceManager
{
public IamFileDbServiceManager ( ServiceContainer sc, JSONObject settings ) throws IamSvcException, BuildFailure
{
final String sysAdminGroup = settings.optString ( "sysAdminGroup", "sysadmin" );
final JSONObject jwt = settings.optJSONObject ( "jwt" );
JwtProducer p = null;
if ( jwt != null )
{
final String jwtIssuer = jwt.optString ( "issuer", null );
final String jwtSecret = jwt.optString ( "sha256Key", null );
if ( jwtIssuer != null && jwtSecret != null )
{
p = new JwtProducer.Builder ()
.withIssuerName ( jwtIssuer )
.usingSigningKey ( jwtSecret )
.build ()
;
}
}
final ExpressionEvaluator evaluator = sc.getExprEval ( settings );
fDb = new IamFileDb.Builder ()
.usingFile ( new File ( evaluator.evaluateText ( settings.getString ( "file" ) ) ) )
.withPassword ( evaluator.evaluateText ( settings.optString ( "password", "" ) ) )
.readonly ( settings.optBoolean ( "readonly", false ) )
.usingAclFactory ( new AclFactory ()
{
@Override
public AccessControlList createDefaultAcl ( AclUpdateListener acll )
{
final AccessControlList acl = new AccessControlList ( acll );
acl
.permit ( sysAdminGroup, AccessControlList.READ )
.permit ( sysAdminGroup, AccessControlList.UPDATE )
.permit ( sysAdminGroup, AccessControlList.CREATE )
.permit ( sysAdminGroup, AccessControlList.DELETE )
;
return acl;
}
} )
.withJwtProducer ( p )
.build ()
;
// optionally add 3rd party JWT validators to the db
if ( jwt != null )
{
final JSONArray auths = jwt.optJSONArray ( "thirdPartyAuth" );
JsonVisitor.forEachElement ( auths, new ArrayVisitor ()
{
@Override
public boolean visit ( JSONObject authEntry ) throws JSONException,BuildFailure
{
final String keys = authEntry.optString ( "keys" );
final SimpleJwtValidator v = new SimpleJwtValidator.Builder ()
.named ( authEntry.optString ( "name", "(anonymous)" ) )
.forIssuer ( authEntry.getString ( "issuer" ) )
.forAudience ( authEntry.getString ( "audience" ) )
.getPublicKeysFrom ( keys )
.build ()
;
fDb.addJwtValidator ( v );
return true;
}
} );
}
}
@Override
public IdentityDb getIdentityDb () throws IamSvcException
{
return fDb;
}
@Override
public AccessDb getAccessDb () throws IamSvcException
{
return fDb;
}
@Override
public IdentityManager getIdentityManager () throws IamSvcException
{
return fDb;
}
@Override
public AccessManager getAccessManager () throws IamSvcException
{
return fDb;
}
@Override
public TagManager getTagManager () throws IamSvcException
{
return fDb;
}
private final IamFileDb fDb;
}
© 2015 - 2024 Weber Informatics LLC | Privacy Policy