• Home
• io.openremote
• openremote-manager
• 1.2.1
• source code
• ManagerIdentityProvider.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.openremote.manager.security.ManagerIdentityProvider Maven / Gradle / Ivy

/*
 * Copyright 2017, OpenRemote Inc.
 *
 * See the CONTRIBUTORS.txt file in the distribution for a
 * full listing of individual contributors.
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program. If not, see .
 */
package org.openremote.manager.security;

import jakarta.persistence.Query;
import org.openremote.container.persistence.PersistenceService;
import org.openremote.container.security.AuthContext;
import org.openremote.container.security.IdentityProvider;
import org.openremote.model.event.shared.RealmFilter;
import org.openremote.model.query.AssetQuery;
import org.openremote.model.query.UserQuery;
import org.openremote.model.query.filter.StringPredicate;
import org.openremote.model.security.*;
import org.openremote.model.util.TextUtil;

import jakarta.persistence.Tuple;

import java.util.*;
import java.util.function.BiConsumer;
import java.util.stream.Collectors;
import java.util.stream.IntStream;

import static org.openremote.model.query.filter.StringPredicate.toSQLParameter;
import static org.openremote.model.Constants.MASTER_REALM;

// TODO: Normalise interface for Basic and Keycloak providers and add client CRUD

/**
 * SPI for implementations used by {@link ManagerIdentityService}, provides CRUD of
 * {@link User} and {@link Realm}.
 */
public interface ManagerIdentityProvider extends IdentityProvider {

    User[] queryUsers(UserQuery userQuery);

    User getUser(String userId);

    User getUserByUsername(String realm, String username);

    User createUpdateUser(String realm, User user, String password, boolean allowUpdate);

    void deleteUser(String realm, String userId);

    void resetPassword(String realm, String userId, Credential credential);

    String resetSecret(String realm, String userId, String secret);

    Role[] getRoles(String realm, String client);

    void updateClientRoles(String realm, String client, Role[] roles);

    Role[] getUserRoles(String realm, String userId, String client);

    Role[] getUserRealmRoles(String realm, String userId);

    void updateUserRoles(String realm, String userId, String client, String... roles);

    void updateUserRealmRoles(String realm, String userId, String... roles);

    boolean isMasterRealmAdmin(String userId);

    boolean isRestrictedUser(AuthContext authContext);

    boolean isUserInRealm(String userId, String realm);

    Realm[] getRealms();

    Realm getRealm(String realm);

    void updateRealm(Realm realm);

    Realm createRealm(Realm realm);

    void deleteRealm(String realm);

    boolean isRealmActiveAndAccessible(AuthContext authContext, Realm realm);

    boolean isRealmActiveAndAccessible(AuthContext authContext, String realm);

    boolean realmExists(String realm);

    /**
     * Superusers can subscribe to all events, regular users must be in the same realm as the filter and any
     * required roles must match. If the authenticated party is a restricted user, this returns false.
     *
     * @return true if the authenticated party can subscribe to events with the given filter.
     */
    boolean canSubscribeWith(AuthContext auth, RealmFilter filter, ClientRole... requiredRoles);

    /**
     * Returns the frontend URL to be used for frontend apps to authenticate
     */
    String getFrontendURI();

    /*
     * BELOW ARE STATIC HELPER METHODS
     */

    default String[] addRealmRoles(String realm, String userId, String... roles) {
        Set realmRoles = Arrays.stream(getUserRealmRoles(realm, userId)).filter(role -> role.isAssigned() || Arrays.stream(roles).anyMatch(r -> role.getName().equals(r))).map(Role::getName).collect(Collectors.toCollection(LinkedHashSet::new));
        realmRoles.addAll(Arrays.asList(roles));
        return realmRoles.toArray(new String[0]);
    }

    @SuppressWarnings("unchecked")
    static User[] getUsersFromDb(PersistenceService persistenceService, UserQuery query) {
        StringBuilder sb = new StringBuilder();
        List