9ed2676e7fe75d8060841da0ceb9c398f31a450e
java/com.sap.sailing.gwt.ui/src/main/java/com/sap/sailing/gwt/ui/server/SailingServiceImpl.java
| ... | ... | @@ -502,15 +502,20 @@ import com.sap.sse.replication.ReplicationService; |
| 502 | 502 | import com.sap.sse.security.SecurityService; |
| 503 | 503 | import com.sap.sse.security.SessionUtils; |
| 504 | 504 | import com.sap.sse.security.shared.AccessControlListAnnotation; |
| 505 | +import com.sap.sse.security.shared.AdminRole; |
|
| 505 | 506 | import com.sap.sse.security.shared.HasPermissions; |
| 506 | 507 | import com.sap.sse.security.shared.HasPermissions.DefaultActions; |
| 507 | 508 | import com.sap.sse.security.shared.RoleDefinition; |
| 509 | +import com.sap.sse.security.shared.ServerAdminRole; |
|
| 508 | 510 | import com.sap.sse.security.shared.TypeRelativeObjectIdentifier; |
| 511 | +import com.sap.sse.security.shared.WildcardPermission; |
|
| 509 | 512 | import com.sap.sse.security.shared.dto.SecuredDTO; |
| 510 | 513 | import com.sap.sse.security.shared.dto.StrippedUserGroupDTO; |
| 511 | 514 | import com.sap.sse.security.shared.impl.AccessControlList; |
| 515 | +import com.sap.sse.security.shared.impl.Role; |
|
| 512 | 516 | import com.sap.sse.security.shared.impl.SecuredSecurityTypes; |
| 513 | 517 | import com.sap.sse.security.shared.impl.SecuredSecurityTypes.ServerActions; |
| 518 | +import com.sap.sse.security.shared.impl.User; |
|
| 514 | 519 | import com.sap.sse.security.shared.impl.UserGroup; |
| 515 | 520 | import com.sap.sse.security.ui.server.SecurityDTOFactory; |
| 516 | 521 | import com.sap.sse.security.ui.server.SecurityDTOUtil; |
| ... | ... | @@ -6116,11 +6121,67 @@ public class SailingServiceImpl extends ResultCachingProxiedRemoteServiceServlet |
| 6116 | 6121 | |
| 6117 | 6122 | @Override |
| 6118 | 6123 | public HashMap<String, TimedLock> getClientIPBasedTimedLocksForUserCreation() { |
| 6119 | - return getSecurityService().getClientIPBasedTimedLocksForUserCreation(); |
|
| 6124 | + final SecurityService securityService = getSecurityService(); |
|
| 6125 | + final User user = securityService.getCurrentUser(); |
|
| 6126 | + boolean isAuthorized = false; |
|
| 6127 | + for (Role role : user.getRoles()) { |
|
| 6128 | + if (role.getName().equals(AdminRole.getInstance().getName())) { |
|
| 6129 | + isAuthorized = true; |
|
| 6130 | + break; |
|
| 6131 | + } |
|
| 6132 | + if (role.getName().equals(ServerAdminRole.getInstance().getName())) { |
|
| 6133 | + isAuthorized = true; |
|
| 6134 | + break; |
|
| 6135 | + } |
|
| 6136 | + }; |
|
| 6137 | + if (!isAuthorized) { |
|
| 6138 | + for (WildcardPermission permission : user.getPermissions()) { |
|
| 6139 | + final boolean hasPermission = permission.toString() |
|
| 6140 | + .equals(SecuredDomainType.IP_BLOCKLIST_FOR_USER_CREATION_ABUSE |
|
| 6141 | + .getStringPermission(DefaultActions.READ)); |
|
| 6142 | + if (hasPermission) { |
|
| 6143 | + isAuthorized = true; |
|
| 6144 | + break; |
|
| 6145 | + } |
|
| 6146 | + } |
|
| 6147 | + } |
|
| 6148 | + if (isAuthorized) { |
|
| 6149 | + return securityService.getClientIPBasedTimedLocksForUserCreation(); |
|
| 6150 | + } else { |
|
| 6151 | + throw new UnauthorizedException(); |
|
| 6152 | + } |
|
| 6120 | 6153 | } |
| 6121 | 6154 | |
| 6122 | 6155 | @Override |
| 6123 | 6156 | public HashMap<String, TimedLock> getClientIPBasedTimedLocksForBearerTokenAbuse() { |
| 6124 | - return getSecurityService().getClientIPBasedTimedLocksForBearerTokenAbuse(); |
|
| 6157 | + final SecurityService securityService = getSecurityService(); |
|
| 6158 | + final User user = securityService.getCurrentUser(); |
|
| 6159 | + boolean isAuthorized = false; |
|
| 6160 | + for (Role role : user.getRoles()) { |
|
| 6161 | + if (role.getName().equals(AdminRole.getInstance().getName())) { |
|
| 6162 | + isAuthorized = true; |
|
| 6163 | + break; |
|
| 6164 | + } |
|
| 6165 | + if (role.getName().equals(ServerAdminRole.getInstance().getName())) { |
|
| 6166 | + isAuthorized = true; |
|
| 6167 | + break; |
|
| 6168 | + } |
|
| 6169 | + }; |
|
| 6170 | + if (!isAuthorized) { |
|
| 6171 | + for (WildcardPermission permission : user.getPermissions()) { |
|
| 6172 | + final boolean hasPermission = permission.toString() |
|
| 6173 | + .equals(SecuredDomainType.IP_BLOCKLIST_FOR_BEARER_TOKEN_ABUSE |
|
| 6174 | + .getStringPermission(DefaultActions.READ)); |
|
| 6175 | + if (hasPermission) { |
|
| 6176 | + isAuthorized = true; |
|
| 6177 | + break; |
|
| 6178 | + } |
|
| 6179 | + } |
|
| 6180 | + } |
|
| 6181 | + if (isAuthorized) { |
|
| 6182 | + return securityService.getClientIPBasedTimedLocksForBearerTokenAbuse(); |
|
| 6183 | + } else { |
|
| 6184 | + throw new UnauthorizedException(); |
|
| 6185 | + } |
|
| 6125 | 6186 | } |
| 6126 | 6187 | } |
java/com.sap.sailing.gwt.ui/src/main/java/com/sap/sailing/gwt/ui/server/SailingServiceWriteImpl.java
| ... | ... | @@ -393,12 +393,18 @@ import com.sap.sse.gwt.server.filestorage.FileStorageServiceDTOUtils; |
| 393 | 393 | import com.sap.sse.gwt.shared.filestorage.FileStorageServiceDTO; |
| 394 | 394 | import com.sap.sse.gwt.shared.filestorage.FileStorageServicePropertyErrorsDTO; |
| 395 | 395 | import com.sap.sse.security.Action; |
| 396 | +import com.sap.sse.security.SecurityService; |
|
| 396 | 397 | import com.sap.sse.security.shared.HasPermissions.DefaultActions; |
| 398 | +import com.sap.sse.security.shared.AdminRole; |
|
| 397 | 399 | import com.sap.sse.security.shared.QualifiedObjectIdentifier; |
| 398 | 400 | import com.sap.sse.security.shared.RoleDefinition; |
| 401 | +import com.sap.sse.security.shared.ServerAdminRole; |
|
| 399 | 402 | import com.sap.sse.security.shared.TypeRelativeObjectIdentifier; |
| 403 | +import com.sap.sse.security.shared.WildcardPermission; |
|
| 400 | 404 | import com.sap.sse.security.shared.impl.Ownership; |
| 405 | +import com.sap.sse.security.shared.impl.Role; |
|
| 401 | 406 | import com.sap.sse.security.shared.impl.SecuredSecurityTypes; |
| 407 | +import com.sap.sse.security.shared.impl.User; |
|
| 402 | 408 | import com.sap.sse.security.shared.impl.SecuredSecurityTypes.ServerActions; |
| 403 | 409 | import com.sap.sse.security.shared.impl.UserGroup; |
| 404 | 410 | import com.sap.sse.security.ui.server.SecurityDTOUtil; |
| ... | ... | @@ -4197,12 +4203,68 @@ public class SailingServiceWriteImpl extends SailingServiceImpl implements Saili |
| 4197 | 4203 | } |
| 4198 | 4204 | |
| 4199 | 4205 | @Override |
| 4200 | - public void releaseUserCreationLockOnIp(String ip) { |
|
| 4201 | - getService().getSecurityService().releaseUserCreationLockOnIp(ip); |
|
| 4206 | + public void releaseUserCreationLockOnIp(String ip) throws UnauthorizedException { |
|
| 4207 | + final SecurityService securityService = getService().getSecurityService(); |
|
| 4208 | + final User user = securityService.getCurrentUser(); |
|
| 4209 | + boolean isAuthorized = false; |
|
| 4210 | + for (Role role : user.getRoles()) { |
|
| 4211 | + if (role.getName().equals(AdminRole.getInstance().getName())) { |
|
| 4212 | + isAuthorized = true; |
|
| 4213 | + break; |
|
| 4214 | + } |
|
| 4215 | + if (role.getName().equals(ServerAdminRole.getInstance().getName())) { |
|
| 4216 | + isAuthorized = true; |
|
| 4217 | + break; |
|
| 4218 | + } |
|
| 4219 | + }; |
|
| 4220 | + if (!isAuthorized) { |
|
| 4221 | + for (WildcardPermission permission : user.getPermissions()) { |
|
| 4222 | + final boolean hasPermission = permission.toString() |
|
| 4223 | + .equals(SecuredDomainType.IP_BLOCKLIST_FOR_USER_CREATION_ABUSE |
|
| 4224 | + .getStringPermission(DefaultActions.READ)); |
|
| 4225 | + if (hasPermission) { |
|
| 4226 | + isAuthorized = true; |
|
| 4227 | + break; |
|
| 4228 | + } |
|
| 4229 | + } |
|
| 4230 | + } |
|
| 4231 | + if (isAuthorized) { |
|
| 4232 | + securityService.releaseUserCreationLockOnIp(ip); |
|
| 4233 | + } else { |
|
| 4234 | + throw new UnauthorizedException(); |
|
| 4235 | + } |
|
| 4202 | 4236 | } |
| 4203 | 4237 | |
| 4204 | 4238 | @Override |
| 4205 | - public void releaseBearerTokenLockOnIp(String ip) { |
|
| 4206 | - getService().getSecurityService().releaseBearerTokenLockOnIp(ip); |
|
| 4239 | + public void releaseBearerTokenLockOnIp(String ip) throws UnauthorizedException { |
|
| 4240 | + final SecurityService securityService = getService().getSecurityService(); |
|
| 4241 | + final User user = securityService.getCurrentUser(); |
|
| 4242 | + boolean isAuthorized = false; |
|
| 4243 | + for (Role role : user.getRoles()) { |
|
| 4244 | + if (role.getName().equals(AdminRole.getInstance().getName())) { |
|
| 4245 | + isAuthorized = true; |
|
| 4246 | + break; |
|
| 4247 | + } |
|
| 4248 | + if (role.getName().equals(ServerAdminRole.getInstance().getName())) { |
|
| 4249 | + isAuthorized = true; |
|
| 4250 | + break; |
|
| 4251 | + } |
|
| 4252 | + }; |
|
| 4253 | + if (!isAuthorized) { |
|
| 4254 | + for (WildcardPermission permission : user.getPermissions()) { |
|
| 4255 | + final boolean hasPermission = permission.toString() |
|
| 4256 | + .equals(SecuredDomainType.IP_BLOCKLIST_FOR_BEARER_TOKEN_ABUSE |
|
| 4257 | + .getStringPermission(DefaultActions.READ)); |
|
| 4258 | + if (hasPermission) { |
|
| 4259 | + isAuthorized = true; |
|
| 4260 | + break; |
|
| 4261 | + } |
|
| 4262 | + } |
|
| 4263 | + } |
|
| 4264 | + if (isAuthorized) { |
|
| 4265 | + securityService.releaseBearerTokenLockOnIp(ip); |
|
| 4266 | + } else { |
|
| 4267 | + throw new UnauthorizedException(); |
|
| 4268 | + } |
|
| 4207 | 4269 | } |
| 4208 | 4270 | } |