Jenkins

Status

Changes

Console Output

View as plain text

View Build Information

Polling Log

Timings

Git Build Data

Coverage Report

Previous Build

Next Build

Package: EnhModularRealmAuthorizer

EnhModularRealmAuthorizer

name

instruction

branch

complexity

line

method

EnhModularRealmAuthorizer()

M: 3 C: 0
0%

M: 0 C: 0
100%

M: 1 C: 0
0%

M: 2 C: 0
0%

M: 1 C: 0
0%

EnhModularRealmAuthorizer(Collection)

M: 4 C: 0
0%

M: 0 C: 0
100%

M: 1 C: 0
0%

M: 2 C: 0
0%

M: 1 C: 0
0%

checkMultipleRealms(PrincipalCollection, List)

M: 64 C: 0
0%

M: 16 C: 0
0%

M: 9 C: 0
0%

M: 12 C: 0
0%

M: 1 C: 0
0%

checkSingleRealm(PrincipalCollection, List)

M: 22 C: 0
0%

M: 2 C: 0
0%

M: 2 C: 0
0%

M: 4 C: 0
0%

M: 1 C: 0
0%

isPermitted(PrincipalCollection, List)

M: 27 C: 0
0%

M: 6 C: 0
0%

M: 4 C: 0
0%

M: 6 C: 0
0%

M: 1 C: 0
0%

isPermitted(PrincipalCollection, String[])

M: 13 C: 0
0%

M: 0 C: 0
100%

M: 1 C: 0
0%

M: 3 C: 0
0%

M: 1 C: 0
0%

lambda$isPermitted$0(String)

M: 5 C: 0
0%

M: 0 C: 0
100%

M: 1 C: 0
0%

M: 1 C: 0
0%

M: 1 C: 0
0%

static {...}

M: 4 C: 0
0%

M: 0 C: 0
100%

M: 1 C: 0
0%

M: 1 C: 0
0%

M: 1 C: 0
0%

Coverage

1: /*******************************************************************************
2:  * Copyright (c) 2020, 2022 Eurotech and/or its affiliates and others
3:  *
4:  * This program and the accompanying materials are made
5:  * available under the terms of the Eclipse Public License 2.0
6:  * which is available at https://www.eclipse.org/legal/epl-2.0/
7:  *
8:  * SPDX-License-Identifier: EPL-2.0
9:  *
10:  * Contributors:
11:  *     Eurotech - initial API and implementation
12:  *******************************************************************************/
13: package org.eclipse.kapua.broker.core.security;
14: 
15: import java.util.Arrays;
16: import java.util.Collection;
17: import java.util.List;
18: import java.util.stream.Collectors;
19: 
20: import org.apache.commons.collections.CollectionUtils;
21: import org.apache.shiro.authz.Authorizer;
22: import org.apache.shiro.authz.ModularRealmAuthorizer;
23: import org.apache.shiro.authz.Permission;
24: import org.apache.shiro.realm.Realm;
25: import org.apache.shiro.subject.PrincipalCollection;
26: import org.slf4j.Logger;
27: import org.slf4j.LoggerFactory;
28: 
29: /**
30:  * Custom {@link Authorizer} to reduce the query amount using the isPermitted method with the Permission list or String array.
31:  * To use this Authorizer a deeply modified shiro.ini is needed.
32:  * Without these changes this Authorizer will not have any realm configured. (see shiro.ini for explanation)
33:  * This authorizer takes the first valid configured realm and return the isPermitted evaluation skipping any aggregation strategy if more than one valid aggregator is defined.
34:  *
35:  */
36: public class EnhModularRealmAuthorizer extends ModularRealmAuthorizer {
37: 
38:     protected static final Logger logger = LoggerFactory.getLogger(EnhModularRealmAuthorizer.class);
39: 
40:     public EnhModularRealmAuthorizer() {
41:     }
42: 
43:     public EnhModularRealmAuthorizer(Collection<Realm> realms) {
44:         super(realms);
45:     }
46: 
47:     @Override
48:     public boolean[] isPermitted(PrincipalCollection principals, List<Permission> permissions) {
49:         assertRealmsConfigured();
50:•        if (!CollectionUtils.isEmpty(permissions)) {
51:•            if (getRealms()!=null && getRealms().size()==1) {
52:                 return checkSingleRealm(principals, permissions);
53:             }
54:             else {
55:                 return checkMultipleRealms(principals, permissions);
56:             }
57:         }
58:         return new boolean[permissions.size()];
59:     }
60: 
61:     @Override
62:     public boolean[] isPermitted(PrincipalCollection principals, String... permissions) {
63:         return isPermitted(principals, Arrays.asList(permissions).stream()
64:                 .map(permission -> getPermissionResolver().resolvePermission(permission))
65:                 .collect(Collectors.toList()));
66:     }
67: 
68:     private boolean[] checkSingleRealm(PrincipalCollection principals, List<Permission> permissions) {
69:         Realm realm = getRealms().iterator().next();
70:•        if (realm instanceof Authorizer) {
71:             return ((Authorizer) getRealms().iterator().next()).isPermitted(principals, permissions);
72:         }
73:         else {
74:             return new boolean[permissions.size()];
75:         }
76:     }
77: 
78:     private boolean[] checkMultipleRealms(PrincipalCollection principals, List<Permission> permissions) {
79:         boolean[] results = new boolean[permissions.size()];
80:•        for (Realm realm : getRealms()) {
81:•            if (realm instanceof Authorizer) {
82:                 boolean allTrue = true;
83:                 boolean[] resultTmp = ((Authorizer) realm).isPermitted(principals, permissions);
84:•                for (int j=0; j<permissions.size(); j++) {
85:•                    results[j] = results[j] || resultTmp[j];
86:•                    allTrue = allTrue && results[j];
87:                 }
88:•                if (allTrue) {
89:                     break;
90:                 }
91:             }
92:         }
93:         return results;
94:     }
95: }