Commit 5f1017a7 authored by michael.simon's avatar michael.simon
Browse files

add idp admin role

parent 59c20f76
......@@ -16,6 +16,7 @@ import java.util.Set;
import edu.kit.scc.webreg.entity.GroupEntity;
import edu.kit.scc.webreg.entity.RoleEntity;
import edu.kit.scc.webreg.entity.RoleGroupEntity;
import edu.kit.scc.webreg.entity.SamlIdpMetadataEntity;
import edu.kit.scc.webreg.entity.UserEntity;
import edu.kit.scc.webreg.entity.UserRoleEntity;
......@@ -59,4 +60,5 @@ public interface RoleDao extends BaseDao<RoleEntity, Long> {
List<RoleEntity> findByIdentityId(Long identityId);
List<SamlIdpMetadataEntity> findIdpsForRole(RoleEntity role);
}
......@@ -28,6 +28,7 @@ import edu.kit.scc.webreg.dao.identity.IdentityDao;
import edu.kit.scc.webreg.entity.GroupEntity;
import edu.kit.scc.webreg.entity.RoleEntity;
import edu.kit.scc.webreg.entity.RoleGroupEntity;
import edu.kit.scc.webreg.entity.SamlIdpMetadataEntity;
import edu.kit.scc.webreg.entity.UserEntity;
import edu.kit.scc.webreg.entity.UserRoleEntity;
import edu.kit.scc.webreg.entity.identity.IdentityEntity;
......@@ -156,6 +157,13 @@ public class JpaRoleDao extends JpaBaseDao<RoleEntity, Long> implements RoleDao
.setParameter("role", role).getResultList();
}
@SuppressWarnings("unchecked")
@Override
public List<SamlIdpMetadataEntity> findIdpsForRole(RoleEntity role) {
return em.createQuery("select g from SamlIdpMetadataEntity g left join g.adminRoles gr where gr.role = :role")
.setParameter("role", role).getResultList();
}
@SuppressWarnings("unchecked")
@Override
public Boolean checkUserInRole(Long userId, String roleName) {
......
/*******************************************************************************
* Copyright (c) 2014 Michael Simon.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the GNU Public License v3.0
* which accompanies this distribution, and is available at
* http://www.gnu.org/licenses/gpl.html
*
* Contributors:
* Michael Simon - initial
******************************************************************************/
package edu.kit.scc.webreg.entity;
import java.util.Set;
import javax.persistence.Entity;
import javax.persistence.OneToMany;
@Entity(name = "SamlIdpAdminRoleEntity")
public class SamlIdpAdminRoleEntity extends RoleEntity {
private static final long serialVersionUID = 1L;
@OneToMany(targetEntity=SamlIdpMetadataAdminRoleEntity.class, mappedBy="role")
private Set<SamlIdpMetadataAdminRoleEntity> adminForIdps;
public Set<SamlIdpMetadataAdminRoleEntity> getAdminForIdps() {
return adminForIdps;
}
public void setAdminForIdps(Set<SamlIdpMetadataAdminRoleEntity> adminForIdps) {
this.adminForIdps = adminForIdps;
}
}
/*******************************************************************************
* Copyright (c) 2014 Michael Simon.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the GNU Public License v3.0
* which accompanies this distribution, and is available at
* http://www.gnu.org/licenses/gpl.html
*
* Contributors:
* Michael Simon - initial
******************************************************************************/
package edu.kit.scc.webreg.entity;
import javax.persistence.Entity;
import javax.persistence.ManyToOne;
import javax.persistence.Table;
@Entity(name = "SamlIdpMetadataAdminRoleEntity")
@Table(name = "idpmetadata_admin_role")
public class SamlIdpMetadataAdminRoleEntity extends AbstractBaseEntity {
private static final long serialVersionUID = 1L;
@ManyToOne(targetEntity = SamlIdpMetadataEntity.class)
private SamlIdpMetadataEntity idp;
@ManyToOne(targetEntity = SamlIdpAdminRoleEntity.class)
private SamlIdpAdminRoleEntity role;
public SamlIdpMetadataEntity getIdp() {
return idp;
}
public void setIdp(SamlIdpMetadataEntity idp) {
this.idp = idp;
}
public SamlIdpAdminRoleEntity getRole() {
return role;
}
public void setRole(SamlIdpAdminRoleEntity role) {
this.role = role;
}
@Override
public int hashCode() {
final int prime = 31;
int result = super.hashCode();
result = prime * result + ((idp == null) ? 0 : idp.hashCode());
result = prime * result + ((role == null) ? 0 : role.hashCode());
return result;
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (!super.equals(obj))
return false;
if (getClass() != obj.getClass())
return false;
SamlIdpMetadataAdminRoleEntity other = (SamlIdpMetadataAdminRoleEntity) obj;
if (idp == null) {
if (other.idp != null)
return false;
} else if (!idp.equals(other.idp))
return false;
if (role == null) {
if (other.role != null)
return false;
} else if (!role.equals(other.role))
return false;
return true;
}
}
......@@ -42,7 +42,11 @@ public class SamlIdpMetadataEntity extends SamlMetadataEntity {
@OneToMany(targetEntity = SamlIdpScopeEntity.class,
mappedBy = "idp", cascade = CascadeType.REMOVE)
private Set<SamlIdpScopeEntity> scopes;
@OneToMany(targetEntity = SamlIdpMetadataAdminRoleEntity.class,
mappedBy = "idp")
private Set<SamlIdpMetadataAdminRoleEntity> adminRoles;
@ElementCollection
@JoinTable(name = "idp_entity_categories")
@Column(name = "value_data", length = 2048)
......@@ -115,4 +119,12 @@ public class SamlIdpMetadataEntity extends SamlMetadataEntity {
public void setLastIdStatusChange(Date lastIdStatusChange) {
this.lastIdStatusChange = lastIdStatusChange;
}
public Set<SamlIdpMetadataAdminRoleEntity> getAdminRoles() {
return adminRoles;
}
public void setAdminRoles(Set<SamlIdpMetadataAdminRoleEntity> adminRoles) {
this.adminRoles = adminRoles;
}
}
......@@ -15,6 +15,7 @@ import java.util.Set;
import edu.kit.scc.webreg.entity.GroupEntity;
import edu.kit.scc.webreg.entity.RoleEntity;
import edu.kit.scc.webreg.entity.SamlIdpMetadataEntity;
import edu.kit.scc.webreg.entity.UserEntity;
public interface RoleService extends BaseService<RoleEntity, Long> {
......@@ -50,5 +51,6 @@ public interface RoleService extends BaseService<RoleEntity, Long> {
List<RoleEntity> findByIdentityId(Long identityId);
Boolean checkIdentityInRole(Long identityId, String roleName);
List<SamlIdpMetadataEntity> findIdpsForRole(RoleEntity role);
}
......@@ -21,6 +21,7 @@ import edu.kit.scc.webreg.dao.RoleDao;
import edu.kit.scc.webreg.dao.identity.IdentityDao;
import edu.kit.scc.webreg.entity.GroupEntity;
import edu.kit.scc.webreg.entity.RoleEntity;
import edu.kit.scc.webreg.entity.SamlIdpMetadataEntity;
import edu.kit.scc.webreg.entity.UserEntity;
import edu.kit.scc.webreg.entity.identity.IdentityEntity;
import edu.kit.scc.webreg.service.RoleService;
......@@ -116,7 +117,12 @@ public class RoleServiceImpl extends BaseServiceImpl<RoleEntity, Long> implement
public List<GroupEntity> findGroupsForRole(RoleEntity role) {
return dao.findGroupsForRole(role);
}
@Override
public List<SamlIdpMetadataEntity> findIdpsForRole(RoleEntity role) {
return dao.findIdpsForRole(role);
}
@Override
public RoleEntity findByName(String name) {
return dao.findByName(name);
......
......@@ -32,11 +32,14 @@ import org.opensaml.xmlsec.signature.X509Certificate;
import org.opensaml.xmlsec.signature.X509Data;
import org.slf4j.Logger;
import edu.kit.scc.webreg.entity.SamlIdpAdminRoleEntity;
import edu.kit.scc.webreg.entity.SamlIdpMetadataEntity;
import edu.kit.scc.webreg.entity.SamlUserEntity;
import edu.kit.scc.webreg.entity.UserEntity;
import edu.kit.scc.webreg.entity.UserRoleEntity;
import edu.kit.scc.webreg.entity.identity.IdentityEntity;
import edu.kit.scc.webreg.exc.NotAuthorizedException;
import edu.kit.scc.webreg.service.RoleService;
import edu.kit.scc.webreg.service.SamlIdpMetadataService;
import edu.kit.scc.webreg.service.UserService;
import edu.kit.scc.webreg.service.identity.IdentityService;
......@@ -67,6 +70,9 @@ public class IdpAdminIndexBean implements Serializable {
@Inject
private SamlHelper samlHelper;
@Inject
private RoleService roleService;
private IdentityEntity identity;
private List<UserEntity> userList;
private List<SamlIdpMetadataEntity> idpList;
......@@ -82,8 +88,10 @@ public class IdpAdminIndexBean implements Serializable {
if (getIdpList().size() == 0) {
throw new NotAuthorizedException("Not authorized");
}
selectedIdp = idpList.get(0);
if (selectedIdp == null) {
selectedIdp = idpList.get(0);
}
}
public IdentityEntity getIdentity() {
......@@ -97,7 +105,7 @@ public class IdpAdminIndexBean implements Serializable {
if (userList == null) {
userList = new ArrayList<UserEntity>();
for (UserEntity user : userService.findByIdentity(getIdentity())) {
userList.add(userService.findByIdWithAttrs(user.getId(), "attributeStore"));
userList.add(userService.findByIdWithAttrs(user.getId(), "attributeStore", "roles"));
}
}
return userList;
......@@ -112,6 +120,12 @@ public class IdpAdminIndexBean implements Serializable {
user.getAttributeStore().get("urn:oid:1.3.6.1.4.1.5923.1.1.1.7").contains("http://bwidm.scc.kit.edu/entitlement/idp-admin")) {
idpList.add(((SamlUserEntity) user).getIdp());
}
for (UserRoleEntity role : user.getRoles()) {
if (role.getRole() instanceof SamlIdpAdminRoleEntity) {
idpList.addAll(roleService.findIdpsForRole(role.getRole()));
}
}
}
}
return idpList;
......@@ -122,12 +136,15 @@ public class IdpAdminIndexBean implements Serializable {
}
public void setSelectedIdp(SamlIdpMetadataEntity selectedIdp) {
this.selectedIdp = selectedIdp;
if (selectedIdp != null && (! selectedIdp.equals(this.selectedIdp))) {
idp = null;
this.selectedIdp = selectedIdp;
}
}
public SamlIdpMetadataEntity getIdp() {
if (idp == null || (! idp.equals(selectedIdp))) {
idp = idpService.findByIdWithAll(selectedIdp.getId());
if (idp == null || (! idp.equals(getSelectedIdp()))) {
idp = idpService.findByIdWithAll(getSelectedIdp().getId());
certMap = new HashMap<KeyDescriptor, List<java.security.cert.X509Certificate>>();
entityDescriptor = samlHelper.unmarshal(idp.getEntityDescriptor(), EntityDescriptor.class);
......
......@@ -29,10 +29,10 @@
converter="#{samlIdpMetadataConverter}">
<f:selectItems value="#{idpAdminIndexBean.idpList}"
var="idp" itemLabel="#{idp.entityId}" itemValue="#{idp}"/>
<f:ajax render=":form:idpDetailPanel" />
<f:ajax render=":form:idpDetailPanel" execute="@this" />
</p:selectOneMenu>
<p:tabView id="idpDetailPanel" dynamic="true" cache="true">
<p:tabView id="idpDetailPanel" dynamic="true" cache="false">
<p:tab id="tab1" title="#{messages.overview}">
<p:panelGrid id="baseData" columns="2">
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment