Revision 7000
Added by ben leinfelder about 12 years ago
| src/edu/ucsb/nceas/metacat/dataone/D1NodeService.java | ||
|---|---|---|
| 677 | 677 |
Subject verifiedSubject = new Subject(); |
| 678 | 678 |
verifiedSubject.setValue(Constants.SUBJECT_VERIFIED_USER); |
| 679 | 679 |
|
| 680 |
// get the subjects from the session |
|
| 681 |
List<Subject> subjects = new ArrayList<Subject>(); |
|
| 682 |
if (session != null) {
|
|
| 683 |
Subject subject = session.getSubject(); |
|
| 684 |
if (subject != null) {
|
|
| 685 |
subjects.add(subject); |
|
| 686 |
} |
|
| 687 |
SubjectInfo subjectInfo = session.getSubjectInfo(); |
|
| 688 |
if (subjectInfo != null) {
|
|
| 689 |
// add the equivalent identities |
|
| 690 |
List<Person> personList = subjectInfo.getPersonList(); |
|
| 691 |
if (personList != null) {
|
|
| 692 |
for (Person p: personList) {
|
|
| 693 |
subjects.add(p.getSubject()); |
|
| 694 |
if (p.getVerified()) {
|
|
| 695 |
// add the verified symbolic user |
|
| 696 |
if (!subjects.contains(verifiedSubject)) {
|
|
| 697 |
subjects.add(verifiedSubject); |
|
| 698 |
} |
|
| 699 |
} |
|
| 700 |
} |
|
| 701 |
} |
|
| 702 |
// add the groups |
|
| 703 |
List<Group> groupList = subjectInfo.getGroupList(); |
|
| 704 |
if (groupList != null) {
|
|
| 705 |
for (Group g: groupList) {
|
|
| 706 |
subjects.add(g.getSubject()); |
|
| 707 |
} |
|
| 708 |
} |
|
| 709 |
} |
|
| 710 |
// add the authenticated symbolic as a check |
|
| 711 |
Subject authenticatedSubject = new Subject(); |
|
| 712 |
authenticatedSubject.setValue(Constants.SUBJECT_AUTHENTICATED_USER); |
|
| 713 |
subjects.add(authenticatedSubject); |
|
| 714 |
|
|
| 715 |
} |
|
| 716 |
|
|
| 717 |
// add public subject |
|
| 680 |
// get the subject[s] from the session |
|
| 681 |
List<Subject> subjects = new ArrayList<Subject>(); |
|
| 682 |
if (session != null) {
|
|
| 683 |
// primary subject |
|
| 684 |
Subject subject = session.getSubject(); |
|
| 685 |
if (subject != null) {
|
|
| 686 |
subjects.add(subject); |
|
| 687 |
} |
|
| 688 |
// details about the subject |
|
| 689 |
SubjectInfo subjectInfo = session.getSubjectInfo(); |
|
| 690 |
if (subjectInfo != null) {
|
|
| 691 |
// find subjectInfo for the primary subject |
|
| 692 |
List<Person> personList = subjectInfo.getPersonList(); |
|
| 693 |
if (personList != null) {
|
|
| 694 |
for (Person p : personList) {
|
|
| 695 |
// for the primary person |
|
| 696 |
if (p.getSubject().equals(subject)) {
|
|
| 697 |
if (p.getVerified()) {
|
|
| 698 |
// add the verified symbolic user |
|
| 699 |
if (!subjects.contains(verifiedSubject)) {
|
|
| 700 |
subjects.add(verifiedSubject); |
|
| 701 |
} |
|
| 702 |
} |
|
| 703 |
// add the equivalent identities |
|
| 704 |
List<Subject> equivList = p |
|
| 705 |
.getEquivalentIdentityList(); |
|
| 706 |
if (equivList != null) {
|
|
| 707 |
for (Subject equiv : equivList) {
|
|
| 708 |
subjects.add(equiv); |
|
| 709 |
} |
|
| 710 |
} |
|
| 711 |
// add the groups |
|
| 712 |
List<Subject> groupList = p.getIsMemberOfList(); |
|
| 713 |
if (groupList != null) {
|
|
| 714 |
for (Subject g : groupList) {
|
|
| 715 |
subjects.add(g); |
|
| 716 |
} |
|
| 717 |
} |
|
| 718 |
break; |
|
| 719 |
} |
|
| 720 |
} |
|
| 721 |
} |
|
| 722 |
} |
|
| 723 |
|
|
| 724 |
// add the authenticated symbolic since we have a session |
|
| 725 |
Subject authenticatedSubject = new Subject(); |
|
| 726 |
authenticatedSubject.setValue(Constants.SUBJECT_AUTHENTICATED_USER); |
|
| 727 |
subjects.add(authenticatedSubject); |
|
| 728 |
} |
|
| 729 |
|
|
| 730 |
// add public subject for everyone |
|
| 718 | 731 |
Subject publicSubject = new Subject(); |
| 719 | 732 |
publicSubject.setValue(Constants.SUBJECT_PUBLIC); |
| 720 | 733 |
subjects.add(publicSubject); |
Also available in: Unified diff
use updated authorization policies as discussed in:
https://redmine.dataone.org/issues/2277
and
http://epad.dataone.org/20120131-authn-authz-questions