From d915df491f305e60ac59f4e8411f28cebdb70c06 Mon Sep 17 00:00:00 2001
From: Robert Butora <robert.butora@inaf.it>
Date: Mon, 11 Nov 2024 22:08:12 +0100
Subject: [PATCH] auth: func renames and removes unused func
---
.../src/main/java/auth/authz/AuthPolicy.java | 200 ++++--------------
.../java/auth/authz/webapi/AuthZFilter.java | 10 +-
2 files changed, 43 insertions(+), 167 deletions(-)
diff --git a/data-access/servlet/src/main/java/auth/authz/AuthPolicy.java b/data-access/servlet/src/main/java/auth/authz/AuthPolicy.java
index 4c36dc2..d0873c6 100644
--- a/data-access/servlet/src/main/java/auth/authz/AuthPolicy.java
+++ b/data-access/servlet/src/main/java/auth/authz/AuthPolicy.java
@@ -40,24 +40,6 @@ public class AuthPolicy
private String[] userGroups;
private boolean userGroupsValid;
-// private String dbConnUrl;
-// private String dbUserName;
-// private String dbPassword;
-
-/*
- public AuthPolicy(String userName, String[] userGroups)
- {
- this.userName = userName;
- this.userGroups = userGroups;
- this.userGroupsValid = true;
-
- access = Access.PUBLIC_AND_AUTHORIZED_PRIVATE;
-
- LOGGER.finer("User [Groups]: " + userName + " [ " + String.join(" ", userGroups) + " ]" );
- }
-*/
-
-
public AuthPolicy(Principal principal)
{
@@ -97,69 +79,7 @@ public class AuthPolicy
}
-
- public String getUserName()
- {
- return userName;
- }
-
- public boolean getUserGroupsValid()
- {
- return userGroupsValid;
- }
-
-
- public String[] getUserGroups()
- {
- return userGroups;
- }
-
- public String getUserGroupsSqlFormat()
- {
- if( (userGroups != null) && (userGroups.length > 0) )
- {
- return "\"" + String.join("\",\"" , userGroups) + "\"";
- }
- else
- {
- return null;
- }
- }
-
- public String getUserGroupsAsString(String separator)
- {
- if( (userGroups != null) && (userGroups.length > 0) )
- {
- return String.join(separator, userGroups);
- }
- else
- {
- return null;
- }
- }
-
-
-
-
- public String getAccessPolicy()
- {
- return access.name(); // returns enum as string
- }
-
-
-
- public void toXML(PrintWriter writer)
- {
- writer.println("<AccessPolicy>" + this.getAccessPolicy() + "</AccessPolicy>");
- String ug = getUserGroupsAsString(" ");
- if(userName != null) writer.println("<UserName>" + userName + "</UserName>");
- if(ug != null) writer.println("<GroupNames>" + ug + "</GroupNames>");
- }
-
-
- // API
-
- public String[] filterAuthorized(String[] pubdidArr)
+ public String[] removeNotAuthorized(String[] pubdidArr)
{
LOGGER.finer("trace");
@@ -168,7 +88,6 @@ public class AuthPolicy
switch(access)
{
case PUBLIC_ONLY :
- //filterNotPublic(pubdidList);
AuthPolicyDb adb;
synchronized(AuthPolicyDb.class)
{
@@ -177,78 +96,21 @@ public class AuthPolicy
pubdidList = adb.selectPublicOnly(pubdidArr);
break;
-
case PUBLIC_AND_AUTHORIZED_PRIVATE :
- filterNotAuthorized(pubdidList);
+ List<AuthPolicyDb.PubdidGroups> privateGroups = dbQueryPrivateUniqGroups(pubdidList);
+ List<String> notAuthorizedPubdids = selectNotAuthorized(privateGroups, userGroups);
+ removeNotAuthZd(pubdidList, notAuthorizedPubdids);
break;
default :
assert false : "Unrecoginzed access : " + access;
}
- return pubdidList.toArray(new String[0]);
- }
-
-
- // remove PRIVATE from the list
- /*
- private void filterNotPublic(ArrayList<String> pubdids)
- {
- LOGGER.fine("trace");
- assert pubdids != null;
- LOGGER.finer("PublisherDID list original : " + String.join(" ", pubdids));
-
- List<AuthPolicyDb.PubdidGroups> privateUniqPubdids = db_queryPrivateUniqPubdidGroups(pubdids);
-
- List<String> notAuthorizedUniqPubdids = pubdidsNotPublic(privateUniqPubdids, userGroups);
-
- LOGGER.finest("AuthZ removes: " + String.join(" ", notAuthorizedUniqPubdids));
-
- removeNotAuthorized(pubdids, notAuthorizedUniqPubdids);
-
- LOGGER.finest("PublisherDID list filtered : " + (pubdids.isEmpty() ? "" : String.join(" ", pubdids)));
- }
- private List<String> pubdidsNotPublic(List<AuthPolicyDb.PubdidGroups> pubdidList, String[] userGroups)
- {
- LOGGER.fine("trace");
-
- ListIterator<AuthPolicyDb.PubdidGroups> it = pubdidList.listIterator();
- List<String> pubdidsNotAuthorizedList = new LinkedList<String>();
- while (it.hasNext())
- {
- AuthPolicyDb.PubdidGroups pubdidGroups = it.next();
-
- if( true )// isIntersectionEmpty(pubdidGroups.groups, userGroups) )
- {
- pubdidsNotAuthorizedList.add(pubdidGroups.pubdid);
- }
- }
-
- return pubdidsNotAuthorizedList;
- }
- */
-
- // remove not-authorized from the list
-
- private void filterNotAuthorized(List<String> pubdids)
- {
- LOGGER.fine("trace");
- assert pubdids != null;
- LOGGER.finer("PublisherDID list original : " + String.join(" ", pubdids));
-
- List<AuthPolicyDb.PubdidGroups> privateUniqPubdids = db_queryPrivateUniqPubdidGroups(pubdids);
-
- List<String> notAuthorizedUniqPubdids = pubdidsNotAuthorized(privateUniqPubdids, userGroups);
-
- LOGGER.finest("AuthZ removes: " + String.join(" ", notAuthorizedUniqPubdids));
-
- removeNotAuthorized(pubdids, notAuthorizedUniqPubdids);
-
- LOGGER.finest("PublisherDID list filtered : " + (pubdids.isEmpty() ? "" : String.join(" ", pubdids)));
+ return pubdidList.toArray(new String[0]);
}
- private List<String> pubdidsNotAuthorized(List<AuthPolicyDb.PubdidGroups> pubdidList, String[] userGroups)
+ private List<String> selectNotAuthorized(List<AuthPolicyDb.PubdidGroups> pubdidList, String[] userGroups)
{
LOGGER.fine("trace");
@@ -271,8 +133,21 @@ public class AuthPolicy
}
+ private boolean isIntersectionEmpty(String[] stringsA, String[] stringsB)
+ {
+ for(String strA : stringsA)
+ for(String strB : stringsB)
+ {
+ if(strA.equals(strB))
+ {
+ return false;
+ }
+ }
+ return true;
+ }
+
- private void removeNotAuthorized(List<String> pubdids, List<String> notAuthorizedUniqPubdids)
+ private void removeNotAuthZd(List<String> pubdids, List<String> notAuthorizedUniqPubdids)
{
ListIterator<String> itr = pubdids.listIterator();
while (itr.hasNext())
@@ -289,23 +164,7 @@ public class AuthPolicy
}
- private boolean isIntersectionEmpty(String[] stringsA, String[] stringsB)
- {
- for(String strA : stringsA)
- for(String strB : stringsB)
- {
- if(strA.equals(strB))
- {
- return false;
- }
- }
- return true;
- }
-
-
- // DB-query
-
- private List<AuthPolicyDb.PubdidGroups> db_queryPrivateUniqPubdidGroups(List<String> pubdids)
+ private List<AuthPolicyDb.PubdidGroups> dbQueryPrivateUniqGroups(List<String> pubdids)
{
AuthPolicyDb adb;
synchronized(AuthPolicyDb.class)
@@ -329,6 +188,23 @@ public class AuthPolicy
}
+ // API (XmlSerialize to legacy results-xml)
+
+ public String getAccessPolicy() { return access.name(); }
+ public String getUserName() { return userName; }
+ public String[] getUserGroups() { return userGroups; }
+
+ public String getUserGroupsAsString(String separator)
+ {
+ if( (userGroups != null) && (userGroups.length > 0) )
+ {
+ return String.join(separator, userGroups);
+ }
+ else
+ {
+ return null;
+ }
+ }
}
diff --git a/data-access/servlet/src/main/java/auth/authz/webapi/AuthZFilter.java b/data-access/servlet/src/main/java/auth/authz/webapi/AuthZFilter.java
index ed9b0ec..4223e65 100644
--- a/data-access/servlet/src/main/java/auth/authz/webapi/AuthZFilter.java
+++ b/data-access/servlet/src/main/java/auth/authz/webapi/AuthZFilter.java
@@ -94,23 +94,23 @@ class AuthZ
throw new IllegalArgumentException("Authorization : UserPrincipal is not of expected type");
}
String[] pubdidArr = pubdidList.toArray(new String[pubdidList.size()]);
- String[] authorized_pubdids;
- authorized_pubdids = auth.filterAuthorized(pubdidArr);
+ String[] authorizedPubdids;
+ authorizedPubdids = auth.removeNotAuthorized(pubdidArr);
/* If multiplicity allowed (and in mcutout/merge):
* if one or more of pubdids not-authorized -> all request not authorized
* */
/* NOTE for now soda/vlkb_cutout does not allow multiplicity --> only one pubdid allowed */
- if((authorized_pubdids==null) || (pubdidArr==null))
+ if((authorizedPubdids==null) || (pubdidArr==null))
{
LOGGER.warning("One of arrays null");
return true;
}
else
{
- LOGGER.finest("authorized vs original length: "+authorized_pubdids.length + " / " + pubdidArr.length);
- return (authorized_pubdids.length == pubdidArr.length);
+ LOGGER.finest("authorized vs original length: "+authorizedPubdids.length + " / " + pubdidArr.length);
+ return (authorizedPubdids.length == pubdidArr.length);
}
}
--
GitLab