c113f87c163e36a350af11b052c8f01b5379d1f8
java/com.sap.sailing.gwt.ui/src/main/java/com/sap/sailing/gwt/ui/adminconsole/LocalServerManagementPanel.java
| ... | ... | @@ -156,12 +156,12 @@ public class LocalServerManagementPanel extends SimplePanel { |
| 156 | 156 | stringMessages.unableToLoadIpsBlockedForBearerTokenAbuse(), stringMessages, errorReporter) { |
| 157 | 157 | @Override |
| 158 | 158 | protected void fetchData(AsyncCallback<HashMap<String, TimedLock>> callback) { |
| 159 | - sailingServiceWrite.getClientIPBasedTimedLocksForBearerTokenAbuse(callback); |
|
| 159 | + userService.getUserManagementService().getClientIPBasedTimedLocksForBearerTokenAbuse(callback); |
|
| 160 | 160 | } |
| 161 | 161 | |
| 162 | 162 | @Override |
| 163 | 163 | protected void unlockIP(String ip, AsyncCallback<Void> asyncCallback) { |
| 164 | - sailingService.releaseBearerTokenLockOnIp(ip, asyncCallback); |
|
| 164 | + userService.getUserManagementWriteService().releaseBearerTokenLockOnIp(ip, asyncCallback); |
|
| 165 | 165 | } |
| 166 | 166 | }; |
| 167 | 167 | panel.setContentWidget(table.asWidget()); |
| ... | ... | @@ -177,12 +177,12 @@ public class LocalServerManagementPanel extends SimplePanel { |
| 177 | 177 | stringMessages.unableToLoadIpsBlockedForUserCreationAbuse(), stringMessages, errorReporter) { |
| 178 | 178 | @Override |
| 179 | 179 | protected void fetchData(AsyncCallback<HashMap<String, TimedLock>> callback) { |
| 180 | - sailingServiceWrite.getClientIPBasedTimedLocksForUserCreation(callback); |
|
| 180 | + userService.getUserManagementService().getClientIPBasedTimedLocksForUserCreation(callback); |
|
| 181 | 181 | } |
| 182 | 182 | |
| 183 | 183 | @Override |
| 184 | 184 | protected void unlockIP(String ip, AsyncCallback<Void> asyncCallback) { |
| 185 | - sailingService.releaseUserCreationLockOnIp(ip, asyncCallback); |
|
| 185 | + userService.getUserManagementWriteService().releaseUserCreationLockOnIp(ip, asyncCallback); |
|
| 186 | 186 | } |
| 187 | 187 | }; |
| 188 | 188 | panel.setContentWidget(table.asWidget()); |
java/com.sap.sailing.gwt.ui/src/main/java/com/sap/sailing/gwt/ui/client/SailingService.java
| ... | ... | @@ -600,8 +600,4 @@ public interface SailingService extends RemoteService, RemoteReplicationService |
| 600 | 600 | List<CourseAreaDTO> getCourseAreaForEventOfLeaderboard(String leaderboardName); |
| 601 | 601 | |
| 602 | 602 | String getGoogleMapsLoaderAuthenticationParams(); |
| 603 | - |
|
| 604 | - HashMap<String,TimedLock> getClientIPBasedTimedLocksForUserCreation(); |
|
| 605 | - |
|
| 606 | - HashMap<String,TimedLock> getClientIPBasedTimedLocksForBearerTokenAbuse(); |
|
| 607 | 603 | } |
java/com.sap.sailing.gwt.ui/src/main/java/com/sap/sailing/gwt/ui/client/SailingServiceAsync.java
| ... | ... | @@ -690,8 +690,4 @@ public interface SailingServiceAsync extends RemoteReplicationServiceAsync { |
| 690 | 690 | void getCourseAreaForEventOfLeaderboard(String leaderboardName, AsyncCallback<List<CourseAreaDTO>> callback); |
| 691 | 691 | |
| 692 | 692 | void getGoogleMapsLoaderAuthenticationParams(AsyncCallback<String> callback); |
| 693 | - |
|
| 694 | - void getClientIPBasedTimedLocksForUserCreation(AsyncCallback<HashMap<String,TimedLock>> callback); |
|
| 695 | - |
|
| 696 | - void getClientIPBasedTimedLocksForBearerTokenAbuse(AsyncCallback<HashMap<String,TimedLock>> callback); |
|
| 697 | 693 | } |
java/com.sap.sailing.gwt.ui/src/main/java/com/sap/sailing/gwt/ui/client/SailingServiceWrite.java
| ... | ... | @@ -762,9 +762,4 @@ public interface SailingServiceWrite extends FileStorageManagementGwtService, Sa |
| 762 | 762 | void resetAIAgentCredentials(); |
| 763 | 763 | |
| 764 | 764 | void copyPairingListFromOtherLeaderboard(String sourceLeaderboardName, String targetLeaderboardName, String fromRaceColumnName, |
| 765 | - String toRaceColumnInclusiveName) throws UnauthorizedException, NotFoundException; |
|
| 766 | - |
|
| 767 | - void releaseUserCreationLockOnIp(String ip); |
|
| 768 | - |
|
| 769 | - void releaseBearerTokenLockOnIp(String ip); |
|
| 770 | -} |
|
| 765 | + String toRaceColumnInclusiveName) throws UnauthorizedException, NotFoundException;} |
java/com.sap.sailing.gwt.ui/src/main/java/com/sap/sailing/gwt/ui/client/SailingServiceWriteAsync.java
| ... | ... | @@ -776,8 +776,4 @@ public interface SailingServiceWriteAsync extends FileStorageManagementGwtServic |
| 776 | 776 | |
| 777 | 777 | void copyPairingListFromOtherLeaderboard(String sourceLeaderboardName, String targetLeaderboardName, String fromRaceColumnName, |
| 778 | 778 | String toRaceColumnInclusiveName, AsyncCallback<Void> asyncCallback); |
| 779 | - |
|
| 780 | - void releaseUserCreationLockOnIp(String ip, AsyncCallback<Void> asyncCallback); |
|
| 781 | - |
|
| 782 | - void releaseBearerTokenLockOnIp(String ip, AsyncCallback<Void> asyncCallback); |
|
| 783 | 779 | } |
java/com.sap.sailing.gwt.ui/src/main/java/com/sap/sailing/gwt/ui/server/SailingServiceImpl.java
| ... | ... | @@ -6118,58 +6118,4 @@ public class SailingServiceImpl extends ResultCachingProxiedRemoteServiceServlet |
| 6118 | 6118 | ? getSecurityService().getAccessToken(getSecurityService().getCurrentUser().getName()) |
| 6119 | 6119 | : null)); |
| 6120 | 6120 | } |
| 6121 | - |
|
| 6122 | - @Override |
|
| 6123 | - public HashMap<String, TimedLock> getClientIPBasedTimedLocksForUserCreation() { |
|
| 6124 | - final SecurityService securityService = getSecurityService(); |
|
| 6125 | - final User user = securityService.getCurrentUser(); |
|
| 6126 | - boolean isAuthorized = false; |
|
| 6127 | - for (Role role : user.getRoles()) { |
|
| 6128 | - if (role.getName().equals(AdminRole.getInstance().getName())) { |
|
| 6129 | - isAuthorized = true; |
|
| 6130 | - break; |
|
| 6131 | - } |
|
| 6132 | - if (role.getName().equals(ServerAdminRole.getInstance().getName())) { |
|
| 6133 | - isAuthorized = true; |
|
| 6134 | - break; |
|
| 6135 | - } |
|
| 6136 | - }; |
|
| 6137 | - if (!isAuthorized) { |
|
| 6138 | - // throws UnauthorizedException if fails |
|
| 6139 | - securityService.checkCurrentUserServerPermission(ServerActions.GET_IPS_BLOCKED_FOR_USER_CREATION_ABUSE); |
|
| 6140 | - isAuthorized = true; |
|
| 6141 | - } |
|
| 6142 | - if (isAuthorized) { |
|
| 6143 | - return securityService.getClientIPBasedTimedLocksForUserCreation(); |
|
| 6144 | - } else { |
|
| 6145 | - throw new UnauthorizedException(); |
|
| 6146 | - } |
|
| 6147 | - } |
|
| 6148 | - |
|
| 6149 | - @Override |
|
| 6150 | - public HashMap<String, TimedLock> getClientIPBasedTimedLocksForBearerTokenAbuse() { |
|
| 6151 | - final SecurityService securityService = getSecurityService(); |
|
| 6152 | - final User user = securityService.getCurrentUser(); |
|
| 6153 | - boolean isAuthorized = false; |
|
| 6154 | - for (Role role : user.getRoles()) { |
|
| 6155 | - if (role.getName().equals(AdminRole.getInstance().getName())) { |
|
| 6156 | - isAuthorized = true; |
|
| 6157 | - break; |
|
| 6158 | - } |
|
| 6159 | - if (role.getName().equals(ServerAdminRole.getInstance().getName())) { |
|
| 6160 | - isAuthorized = true; |
|
| 6161 | - break; |
|
| 6162 | - } |
|
| 6163 | - }; |
|
| 6164 | - if (!isAuthorized) { |
|
| 6165 | - // throws UnauthorizedException if fails |
|
| 6166 | - securityService.checkCurrentUserServerPermission(ServerActions.GET_IPS_BLOCKED_FOR_BEARER_TOKEN_ABUSE); |
|
| 6167 | - isAuthorized = true; |
|
| 6168 | - } |
|
| 6169 | - if (isAuthorized) { |
|
| 6170 | - return securityService.getClientIPBasedTimedLocksForBearerTokenAbuse(); |
|
| 6171 | - } else { |
|
| 6172 | - throw new UnauthorizedException(); |
|
| 6173 | - } |
|
| 6174 | - } |
|
| 6175 | 6121 | } |
java/com.sap.sailing.gwt.ui/src/main/java/com/sap/sailing/gwt/ui/server/SailingServiceWriteImpl.java
| ... | ... | @@ -4200,58 +4200,4 @@ public class SailingServiceWriteImpl extends SailingServiceImpl implements Saili |
| 4200 | 4200 | getRaceLogTrackingAdapter().copyPairingListFromOtherLeaderboard((RegattaLeaderboard) sourceLeaderboard, |
| 4201 | 4201 | (RegattaLeaderboard) targetLeaderboard, fromRaceColumnName, toRaceColumnInclusiveName); |
| 4202 | 4202 | } |
| 4203 | - |
|
| 4204 | - @Override |
|
| 4205 | - public void releaseUserCreationLockOnIp(String ip) throws UnauthorizedException { |
|
| 4206 | - final SecurityService securityService = getService().getSecurityService(); |
|
| 4207 | - final User user = securityService.getCurrentUser(); |
|
| 4208 | - boolean isAuthorized = false; |
|
| 4209 | - for (Role role : user.getRoles()) { |
|
| 4210 | - if (role.getName().equals(AdminRole.getInstance().getName())) { |
|
| 4211 | - isAuthorized = true; |
|
| 4212 | - break; |
|
| 4213 | - } |
|
| 4214 | - if (role.getName().equals(ServerAdminRole.getInstance().getName())) { |
|
| 4215 | - isAuthorized = true; |
|
| 4216 | - break; |
|
| 4217 | - } |
|
| 4218 | - }; |
|
| 4219 | - if (!isAuthorized) { |
|
| 4220 | - // throws UnauthorizedException if fails |
|
| 4221 | - securityService.checkCurrentUserServerPermission(ServerActions.UNLOCK_IPS_BLOCKED_FOR_USER_CREATION_ABUSE); |
|
| 4222 | - isAuthorized = true; |
|
| 4223 | - } |
|
| 4224 | - if (isAuthorized) { |
|
| 4225 | - securityService.releaseUserCreationLockOnIp(ip); |
|
| 4226 | - } else { |
|
| 4227 | - throw new UnauthorizedException(); |
|
| 4228 | - } |
|
| 4229 | - } |
|
| 4230 | - |
|
| 4231 | - @Override |
|
| 4232 | - public void releaseBearerTokenLockOnIp(String ip) throws UnauthorizedException { |
|
| 4233 | - final SecurityService securityService = getService().getSecurityService(); |
|
| 4234 | - final User user = securityService.getCurrentUser(); |
|
| 4235 | - boolean isAuthorized = false; |
|
| 4236 | - for (Role role : user.getRoles()) { |
|
| 4237 | - if (role.getName().equals(AdminRole.getInstance().getName())) { |
|
| 4238 | - isAuthorized = true; |
|
| 4239 | - break; |
|
| 4240 | - } |
|
| 4241 | - if (role.getName().equals(ServerAdminRole.getInstance().getName())) { |
|
| 4242 | - isAuthorized = true; |
|
| 4243 | - break; |
|
| 4244 | - } |
|
| 4245 | - }; |
|
| 4246 | - if (!isAuthorized) { |
|
| 4247 | - // throws UnauthorizedException if fails |
|
| 4248 | - securityService.checkCurrentUserServerPermission(ServerActions.UNLOCK_IPS_BLOCKED_FOR_BEARER_TOKEN_ABUSE); |
|
| 4249 | - isAuthorized = true; |
|
| 4250 | - } |
|
| 4251 | - if (isAuthorized) { |
|
| 4252 | - securityService.releaseBearerTokenLockOnIp(ip); |
|
| 4253 | - } else { |
|
| 4254 | - throw new UnauthorizedException(); |
|
| 4255 | - } |
|
| 4256 | - } |
|
| 4257 | 4203 | } |
java/com.sap.sse.security.ui/src/main/java/com/sap/sse/security/ui/client/UserManagementService.java
| ... | ... | @@ -2,10 +2,12 @@ package com.sap.sse.security.ui.client; |
| 2 | 2 | |
| 3 | 3 | import java.util.ArrayList; |
| 4 | 4 | import java.util.Collection; |
| 5 | +import java.util.HashMap; |
|
| 5 | 6 | import java.util.List; |
| 6 | 7 | import java.util.Map; |
| 7 | 8 | |
| 8 | 9 | import com.google.gwt.user.client.rpc.RemoteService; |
| 10 | +import com.sap.sse.common.TimedLock; |
|
| 9 | 11 | import com.sap.sse.common.Util.Pair; |
| 10 | 12 | import com.sap.sse.common.Util.Triple; |
| 11 | 13 | import com.sap.sse.gwt.client.ServerInfoDTO; |
| ... | ... | @@ -92,4 +94,8 @@ public interface UserManagementService extends RemoteService { |
| 92 | 94 | SecuredDTO addSecurityInformation(SecuredDTO securedDTO); |
| 93 | 95 | |
| 94 | 96 | Pair<Boolean, ArrayList<String>> getCORSFilterConfiguration(); |
| 97 | + |
|
| 98 | + HashMap<String,TimedLock> getClientIPBasedTimedLocksForUserCreation() throws UnauthorizedException; |
|
| 99 | + |
|
| 100 | + HashMap<String,TimedLock> getClientIPBasedTimedLocksForBearerTokenAbuse() throws UnauthorizedException; |
|
| 95 | 101 | } |
java/com.sap.sse.security.ui/src/main/java/com/sap/sse/security/ui/client/UserManagementServiceAsync.java
| ... | ... | @@ -2,10 +2,12 @@ package com.sap.sse.security.ui.client; |
| 2 | 2 | |
| 3 | 3 | import java.util.ArrayList; |
| 4 | 4 | import java.util.Collection; |
| 5 | +import java.util.HashMap; |
|
| 5 | 6 | import java.util.List; |
| 6 | 7 | import java.util.Map; |
| 7 | 8 | |
| 8 | 9 | import com.google.gwt.user.client.rpc.AsyncCallback; |
| 10 | +import com.sap.sse.common.TimedLock; |
|
| 9 | 11 | import com.sap.sse.common.Util.Pair; |
| 10 | 12 | import com.sap.sse.common.Util.Triple; |
| 11 | 13 | import com.sap.sse.gwt.client.ServerInfoDTO; |
| ... | ... | @@ -105,4 +107,8 @@ public interface UserManagementServiceAsync { |
| 105 | 107 | void addSecurityInformation(SecuredDTO securedDTO, AsyncCallback<SecuredDTO> callback); |
| 106 | 108 | |
| 107 | 109 | void getCORSFilterConfiguration(AsyncCallback<Pair<Boolean, ArrayList<String>>> callback); |
| 110 | + |
|
| 111 | + void getClientIPBasedTimedLocksForUserCreation(AsyncCallback<HashMap<String,TimedLock>> callback); |
|
| 112 | + |
|
| 113 | + void getClientIPBasedTimedLocksForBearerTokenAbuse(AsyncCallback<HashMap<String,TimedLock>> callback); |
|
| 108 | 114 | } |
java/com.sap.sse.security.ui/src/main/java/com/sap/sse/security/ui/client/UserManagementWriteService.java
| ... | ... | @@ -141,4 +141,9 @@ public interface UserManagementWriteService extends UserManagementService { |
| 141 | 141 | |
| 142 | 142 | AccessControlListDTO overrideAccessControlList(QualifiedObjectIdentifier idOfAccessControlledObject, |
| 143 | 143 | AccessControlListDTO acl) throws UnauthorizedException, org.apache.shiro.authz.UnauthorizedException; |
| 144 | + |
|
| 145 | + void releaseUserCreationLockOnIp(String ip) throws UnauthorizedException; |
|
| 146 | + |
|
| 147 | + void releaseBearerTokenLockOnIp(String ip) throws UnauthorizedException; |
|
| 148 | + |
|
| 144 | 149 | } |
java/com.sap.sse.security.ui/src/main/java/com/sap/sse/security/ui/client/UserManagementWriteServiceAsync.java
| ... | ... | @@ -125,4 +125,8 @@ public interface UserManagementWriteServiceAsync extends UserManagementServiceAs |
| 125 | 125 | void setCORSFilterConfigurationAllowedOrigins(ArrayList<String> allowedOrigins, AsyncCallback<Void> callback); |
| 126 | 126 | |
| 127 | 127 | void fileTakedownNotice(TakedownNoticeRequestContext takedownNoticeRequestContext, AsyncCallback<Void> callback); |
| 128 | + |
|
| 129 | + void releaseUserCreationLockOnIp(String ip, AsyncCallback<Void> asyncCallback); |
|
| 130 | + |
|
| 131 | + void releaseBearerTokenLockOnIp(String ip, AsyncCallback<Void> asyncCallback); |
|
| 128 | 132 | } |
java/com.sap.sse.security.ui/src/main/java/com/sap/sse/security/ui/server/UserManagementServiceImpl.java
| ... | ... | @@ -24,6 +24,7 @@ import org.osgi.util.tracker.ServiceTracker; |
| 24 | 24 | |
| 25 | 25 | import com.google.gwt.user.server.rpc.RemoteServiceServlet; |
| 26 | 26 | import com.sap.sse.ServerInfo; |
| 27 | +import com.sap.sse.common.TimedLock; |
|
| 27 | 28 | import com.sap.sse.common.Util; |
| 28 | 29 | import com.sap.sse.common.Util.Pair; |
| 29 | 30 | import com.sap.sse.common.Util.Triple; |
| ... | ... | @@ -32,9 +33,11 @@ import com.sap.sse.landscape.aws.common.shared.SecuredAwsLandscapeType; |
| 32 | 33 | import com.sap.sse.security.SecurityService; |
| 33 | 34 | import com.sap.sse.security.interfaces.Credential; |
| 34 | 35 | import com.sap.sse.security.shared.AccessControlListAnnotation; |
| 36 | +import com.sap.sse.security.shared.AdminRole; |
|
| 35 | 37 | import com.sap.sse.security.shared.HasPermissions; |
| 36 | 38 | import com.sap.sse.security.shared.HasPermissions.DefaultActions; |
| 37 | 39 | import com.sap.sse.security.shared.QualifiedObjectIdentifier; |
| 40 | +import com.sap.sse.security.shared.ServerAdminRole; |
|
| 38 | 41 | import com.sap.sse.security.shared.TypeRelativeObjectIdentifier; |
| 39 | 42 | import com.sap.sse.security.shared.UnauthorizedException; |
| 40 | 43 | import com.sap.sse.security.shared.UserManagementException; |
| ... | ... | @@ -50,6 +53,7 @@ import com.sap.sse.security.shared.dto.UserDTO; |
| 50 | 53 | import com.sap.sse.security.shared.dto.UserGroupDTO; |
| 51 | 54 | import com.sap.sse.security.shared.dto.WildcardPermissionWithSecurityDTO; |
| 52 | 55 | import com.sap.sse.security.shared.impl.PermissionAndRoleAssociation; |
| 56 | +import com.sap.sse.security.shared.impl.Role; |
|
| 53 | 57 | import com.sap.sse.security.shared.impl.SecuredSecurityTypes; |
| 54 | 58 | import com.sap.sse.security.shared.impl.SecuredSecurityTypes.ServerActions; |
| 55 | 59 | import com.sap.sse.security.shared.impl.User; |
| ... | ... | @@ -413,4 +417,58 @@ public class UserManagementServiceImpl extends RemoteServiceServlet implements U |
| 413 | 417 | final Pair<Boolean, Set<String>> preResult = getSecurityService().getCORSFilterConfiguration(ServerInfo.getName()); |
| 414 | 418 | return preResult == null ? null : new Pair<>(preResult.getA(), new ArrayList<>(preResult.getB())); |
| 415 | 419 | } |
| 420 | + |
|
| 421 | + @Override |
|
| 422 | + public HashMap<String, TimedLock> getClientIPBasedTimedLocksForUserCreation() throws UnauthorizedException { |
|
| 423 | + final SecurityService securityService = getSecurityService(); |
|
| 424 | + final User user = securityService.getCurrentUser(); |
|
| 425 | + boolean isAuthorized = false; |
|
| 426 | + for (Role role : user.getRoles()) { |
|
| 427 | + if (role.getName().equals(AdminRole.getInstance().getName())) { |
|
| 428 | + isAuthorized = true; |
|
| 429 | + break; |
|
| 430 | + } |
|
| 431 | + if (role.getName().equals(ServerAdminRole.getInstance().getName())) { |
|
| 432 | + isAuthorized = true; |
|
| 433 | + break; |
|
| 434 | + } |
|
| 435 | + }; |
|
| 436 | + if (!isAuthorized) { |
|
| 437 | + // throws UnauthorizedException if fails |
|
| 438 | + securityService.checkCurrentUserServerPermission(ServerActions.GET_IPS_BLOCKED_FOR_USER_CREATION_ABUSE); |
|
| 439 | + isAuthorized = true; |
|
| 440 | + } |
|
| 441 | + if (isAuthorized) { |
|
| 442 | + return securityService.getClientIPBasedTimedLocksForUserCreation(); |
|
| 443 | + } else { |
|
| 444 | + throw new UnauthorizedException(""); |
|
| 445 | + } |
|
| 446 | + } |
|
| 447 | + |
|
| 448 | + @Override |
|
| 449 | + public HashMap<String, TimedLock> getClientIPBasedTimedLocksForBearerTokenAbuse() throws UnauthorizedException { |
|
| 450 | + final SecurityService securityService = getSecurityService(); |
|
| 451 | + final User user = securityService.getCurrentUser(); |
|
| 452 | + boolean isAuthorized = false; |
|
| 453 | + for (Role role : user.getRoles()) { |
|
| 454 | + if (role.getName().equals(AdminRole.getInstance().getName())) { |
|
| 455 | + isAuthorized = true; |
|
| 456 | + break; |
|
| 457 | + } |
|
| 458 | + if (role.getName().equals(ServerAdminRole.getInstance().getName())) { |
|
| 459 | + isAuthorized = true; |
|
| 460 | + break; |
|
| 461 | + } |
|
| 462 | + }; |
|
| 463 | + if (!isAuthorized) { |
|
| 464 | + // throws UnauthorizedException if fails |
|
| 465 | + securityService.checkCurrentUserServerPermission(ServerActions.GET_IPS_BLOCKED_FOR_BEARER_TOKEN_ABUSE); |
|
| 466 | + isAuthorized = true; |
|
| 467 | + } |
|
| 468 | + if (isAuthorized) { |
|
| 469 | + return securityService.getClientIPBasedTimedLocksForBearerTokenAbuse(); |
|
| 470 | + } else { |
|
| 471 | + throw new UnauthorizedException(""); |
|
| 472 | + } |
|
| 473 | + } |
|
| 416 | 474 | } |
java/com.sap.sse.security.ui/src/main/java/com/sap/sse/security/ui/server/UserManagementWriteServiceImpl.java
| ... | ... | @@ -23,9 +23,11 @@ import com.sap.sse.common.media.TakedownNoticeRequestContext; |
| 23 | 23 | import com.sap.sse.security.Action; |
| 24 | 24 | import com.sap.sse.security.SecurityService; |
| 25 | 25 | import com.sap.sse.security.shared.HasPermissions.DefaultActions; |
| 26 | +import com.sap.sse.security.shared.AdminRole; |
|
| 26 | 27 | import com.sap.sse.security.shared.PermissionChecker; |
| 27 | 28 | import com.sap.sse.security.shared.QualifiedObjectIdentifier; |
| 28 | 29 | import com.sap.sse.security.shared.RoleDefinition; |
| 30 | +import com.sap.sse.security.shared.ServerAdminRole; |
|
| 29 | 31 | import com.sap.sse.security.shared.TypeRelativeObjectIdentifier; |
| 30 | 32 | import com.sap.sse.security.shared.UnauthorizedException; |
| 31 | 33 | import com.sap.sse.security.shared.UserGroupManagementException; |
| ... | ... | @@ -741,4 +743,58 @@ public class UserManagementWriteServiceImpl extends UserManagementServiceImpl im |
| 741 | 743 | public void fileTakedownNotice(TakedownNoticeRequestContext takedownNoticeRequestContext) throws MailException { |
| 742 | 744 | getSecurityService().fileTakedownNotice(takedownNoticeRequestContext); |
| 743 | 745 | } |
| 746 | + |
|
| 747 | + @Override |
|
| 748 | + public void releaseUserCreationLockOnIp(String ip) throws UnauthorizedException { |
|
| 749 | + final SecurityService securityService = getSecurityService(); |
|
| 750 | + final User user = securityService.getCurrentUser(); |
|
| 751 | + boolean isAuthorized = false; |
|
| 752 | + for (Role role : user.getRoles()) { |
|
| 753 | + if (role.getName().equals(AdminRole.getInstance().getName())) { |
|
| 754 | + isAuthorized = true; |
|
| 755 | + break; |
|
| 756 | + } |
|
| 757 | + if (role.getName().equals(ServerAdminRole.getInstance().getName())) { |
|
| 758 | + isAuthorized = true; |
|
| 759 | + break; |
|
| 760 | + } |
|
| 761 | + }; |
|
| 762 | + if (!isAuthorized) { |
|
| 763 | + // throws UnauthorizedException if fails |
|
| 764 | + securityService.checkCurrentUserServerPermission(ServerActions.UNLOCK_IPS_BLOCKED_FOR_USER_CREATION_ABUSE); |
|
| 765 | + isAuthorized = true; |
|
| 766 | + } |
|
| 767 | + if (isAuthorized) { |
|
| 768 | + securityService.releaseUserCreationLockOnIp(ip); |
|
| 769 | + } else { |
|
| 770 | + throw new UnauthorizedException(""); |
|
| 771 | + } |
|
| 772 | + } |
|
| 773 | + |
|
| 774 | + @Override |
|
| 775 | + public void releaseBearerTokenLockOnIp(String ip) throws UnauthorizedException { |
|
| 776 | + final SecurityService securityService = getSecurityService(); |
|
| 777 | + final User user = securityService.getCurrentUser(); |
|
| 778 | + boolean isAuthorized = false; |
|
| 779 | + for (Role role : user.getRoles()) { |
|
| 780 | + if (role.getName().equals(AdminRole.getInstance().getName())) { |
|
| 781 | + isAuthorized = true; |
|
| 782 | + break; |
|
| 783 | + } |
|
| 784 | + if (role.getName().equals(ServerAdminRole.getInstance().getName())) { |
|
| 785 | + isAuthorized = true; |
|
| 786 | + break; |
|
| 787 | + } |
|
| 788 | + }; |
|
| 789 | + if (!isAuthorized) { |
|
| 790 | + // throws UnauthorizedException if fails |
|
| 791 | + securityService.checkCurrentUserServerPermission(ServerActions.UNLOCK_IPS_BLOCKED_FOR_BEARER_TOKEN_ABUSE); |
|
| 792 | + isAuthorized = true; |
|
| 793 | + } |
|
| 794 | + if (isAuthorized) { |
|
| 795 | + securityService.releaseBearerTokenLockOnIp(ip); |
|
| 796 | + } else { |
|
| 797 | + throw new UnauthorizedException(""); |
|
| 798 | + } |
|
| 799 | + } |
|
| 744 | 800 | } |