java/com.sap.sse.security.ui/src/main/java/com/sap/sse/security/ui/server/UserManagementServiceImpl.java
... ...
@@ -33,11 +33,9 @@ import com.sap.sse.landscape.aws.common.shared.SecuredAwsLandscapeType;
33 33
import com.sap.sse.security.SecurityService;
34 34
import com.sap.sse.security.interfaces.Credential;
35 35
import com.sap.sse.security.shared.AccessControlListAnnotation;
36
-import com.sap.sse.security.shared.AdminRole;
37 36
import com.sap.sse.security.shared.HasPermissions;
38 37
import com.sap.sse.security.shared.HasPermissions.DefaultActions;
39 38
import com.sap.sse.security.shared.QualifiedObjectIdentifier;
40
-import com.sap.sse.security.shared.ServerAdminRole;
41 39
import com.sap.sse.security.shared.TypeRelativeObjectIdentifier;
42 40
import com.sap.sse.security.shared.UnauthorizedException;
43 41
import com.sap.sse.security.shared.UserManagementException;
... ...
@@ -53,7 +51,6 @@ import com.sap.sse.security.shared.dto.UserDTO;
53 51
import com.sap.sse.security.shared.dto.UserGroupDTO;
54 52
import com.sap.sse.security.shared.dto.WildcardPermissionWithSecurityDTO;
55 53
import com.sap.sse.security.shared.impl.PermissionAndRoleAssociation;
56
-import com.sap.sse.security.shared.impl.Role;
57 54
import com.sap.sse.security.shared.impl.SecuredSecurityTypes;
58 55
import com.sap.sse.security.shared.impl.SecuredSecurityTypes.ServerActions;
59 56
import com.sap.sse.security.shared.impl.User;
... ...
@@ -421,54 +418,16 @@ public class UserManagementServiceImpl extends RemoteServiceServlet implements U
421 418
@Override
422 419
public HashMap<String, TimedLock> getClientIPBasedTimedLocksForUserCreation() throws UnauthorizedException {
423 420
final SecurityService securityService = getSecurityService();
424
- final User user = securityService.getCurrentUser();
425
- boolean isAuthorized = false;
426
- for (Role role : user.getRoles()) {
427
- if (role.getName().equals(AdminRole.getInstance().getName())) {
428
- isAuthorized = true;
429
- break;
430
- }
431
- if (role.getName().equals(ServerAdminRole.getInstance().getName())) {
432
- isAuthorized = true;
433
- break;
434
- }
435
- };
436
- if (!isAuthorized) {
437
- // throws UnauthorizedException if fails
438
- securityService.checkCurrentUserServerPermission(ServerActions.GET_IPS_BLOCKED_FOR_USER_CREATION_ABUSE);
439
- isAuthorized = true;
440
- }
441
- if (isAuthorized) {
442
- return securityService.getClientIPBasedTimedLocksForUserCreation();
443
- } else {
444
- throw new UnauthorizedException("");
445
- }
421
+ // throws UnauthorizedException if fails
422
+ securityService.checkCurrentUserServerPermission(ServerActions.GET_IPS_BLOCKED_FOR_USER_CREATION_ABUSE);
423
+ return securityService.getClientIPBasedTimedLocksForUserCreation();
446 424
}
447 425
448 426
@Override
449 427
public HashMap<String, TimedLock> getClientIPBasedTimedLocksForBearerTokenAbuse() throws UnauthorizedException {
450 428
final SecurityService securityService = getSecurityService();
451
- final User user = securityService.getCurrentUser();
452
- boolean isAuthorized = false;
453
- for (Role role : user.getRoles()) {
454
- if (role.getName().equals(AdminRole.getInstance().getName())) {
455
- isAuthorized = true;
456
- break;
457
- }
458
- if (role.getName().equals(ServerAdminRole.getInstance().getName())) {
459
- isAuthorized = true;
460
- break;
461
- }
462
- };
463
- if (!isAuthorized) {
464
- // throws UnauthorizedException if fails
465
- securityService.checkCurrentUserServerPermission(ServerActions.GET_IPS_BLOCKED_FOR_BEARER_TOKEN_ABUSE);
466
- isAuthorized = true;
467
- }
468
- if (isAuthorized) {
469
- return securityService.getClientIPBasedTimedLocksForBearerTokenAbuse();
470
- } else {
471
- throw new UnauthorizedException("");
472
- }
429
+ // throws UnauthorizedException if fails
430
+ securityService.checkCurrentUserServerPermission(ServerActions.GET_IPS_BLOCKED_FOR_USER_CREATION_ABUSE);
431
+ return securityService.getClientIPBasedTimedLocksForBearerTokenAbuse();
473 432
}
474 433
}
java/com.sap.sse.security.ui/src/main/java/com/sap/sse/security/ui/server/UserManagementWriteServiceImpl.java
... ...
@@ -23,11 +23,9 @@ import com.sap.sse.common.media.TakedownNoticeRequestContext;
23 23
import com.sap.sse.security.Action;
24 24
import com.sap.sse.security.SecurityService;
25 25
import com.sap.sse.security.shared.HasPermissions.DefaultActions;
26
-import com.sap.sse.security.shared.AdminRole;
27 26
import com.sap.sse.security.shared.PermissionChecker;
28 27
import com.sap.sse.security.shared.QualifiedObjectIdentifier;
29 28
import com.sap.sse.security.shared.RoleDefinition;
30
-import com.sap.sse.security.shared.ServerAdminRole;
31 29
import com.sap.sse.security.shared.TypeRelativeObjectIdentifier;
32 30
import com.sap.sse.security.shared.UnauthorizedException;
33 31
import com.sap.sse.security.shared.UserGroupManagementException;
... ...
@@ -747,54 +745,16 @@ public class UserManagementWriteServiceImpl extends UserManagementServiceImpl im
747 745
@Override
748 746
public void releaseUserCreationLockOnIp(String ip) throws UnauthorizedException {
749 747
final SecurityService securityService = getSecurityService();
750
- final User user = securityService.getCurrentUser();
751
- boolean isAuthorized = false;
752
- for (Role role : user.getRoles()) {
753
- if (role.getName().equals(AdminRole.getInstance().getName())) {
754
- isAuthorized = true;
755
- break;
756
- }
757
- if (role.getName().equals(ServerAdminRole.getInstance().getName())) {
758
- isAuthorized = true;
759
- break;
760
- }
761
- };
762
- if (!isAuthorized) {
763
- // throws UnauthorizedException if fails
764
- securityService.checkCurrentUserServerPermission(ServerActions.UNLOCK_IPS_BLOCKED_FOR_USER_CREATION_ABUSE);
765
- isAuthorized = true;
766
- }
767
- if (isAuthorized) {
768
- securityService.releaseUserCreationLockOnIp(ip);
769
- } else {
770
- throw new UnauthorizedException("");
771
- }
748
+ // throws if permission not granted
749
+ securityService.checkCurrentUserServerPermission(ServerActions.UNLOCK_IPS_BLOCKED_FOR_USER_CREATION_ABUSE);
750
+ securityService.releaseUserCreationLockOnIp(ip);
772 751
}
773 752
774 753
@Override
775 754
public void releaseBearerTokenLockOnIp(String ip) throws UnauthorizedException {
776 755
final SecurityService securityService = getSecurityService();
777
- final User user = securityService.getCurrentUser();
778
- boolean isAuthorized = false;
779
- for (Role role : user.getRoles()) {
780
- if (role.getName().equals(AdminRole.getInstance().getName())) {
781
- isAuthorized = true;
782
- break;
783
- }
784
- if (role.getName().equals(ServerAdminRole.getInstance().getName())) {
785
- isAuthorized = true;
786
- break;
787
- }
788
- };
789
- if (!isAuthorized) {
790
- // throws UnauthorizedException if fails
791
- securityService.checkCurrentUserServerPermission(ServerActions.UNLOCK_IPS_BLOCKED_FOR_BEARER_TOKEN_ABUSE);
792
- isAuthorized = true;
793
- }
794
- if (isAuthorized) {
795
- securityService.releaseBearerTokenLockOnIp(ip);
796
- } else {
797
- throw new UnauthorizedException("");
798
- }
756
+ // throws UnauthorizedException if fails
757
+ securityService.checkCurrentUserServerPermission(ServerActions.UNLOCK_IPS_BLOCKED_FOR_BEARER_TOKEN_ABUSE);
758
+ securityService.releaseBearerTokenLockOnIp(ip);
799 759
}
800 760
}