Class LocalAuthProviderImpl

java.lang.Object

uk.ac.manchester.spinnaker.alloc.db.SQLQueries

uk.ac.manchester.spinnaker.alloc.db.DatabaseAwareBean

uk.ac.manchester.spinnaker.alloc.security.LocalAuthProviderImpl

All Implemented Interfaces:

AuthenticationProvider, LocalAuthenticationProvider<uk.ac.manchester.spinnaker.alloc.security.LocalAuthProviderImpl.TestAPI>

@Service
public class LocalAuthProviderImpl
extends DatabaseAwareBean
implements LocalAuthenticationProvider<uk.ac.manchester.spinnaker.alloc.security.LocalAuthProviderImpl.TestAPI>

Does authentication against users defined entirely in the database. This includes keeping the users' (encrypted) password in the database. This is primarily focused on the user_info database table.

Author:

Donal Fellows

See Also:

• Configuration properties

Nested Class Summary

Nested classes/interfaces inherited from class DatabaseAwareBean

DatabaseAwareBean.AbstractSQL

Field Summary

Fields

Modifier and Type	Field	Description
static final String	PRIVATE_COLLAB_PREFIX	The username prefix used to identify an OpenID user fake collaboratory.

Fields inherited from class SQLQueries

ADD_BLACKLISTED_CHIP, ADD_BLACKLISTED_CORE, ADD_BLACKLISTED_LINK, ADD_USER_TO_GROUP, ADJUST_QUOTA, ALLOCATE_BOARDS_BOARD, ALLOCATE_BOARDS_JOB, BUMP_IMPORTANCE, CHECK_LOCATION, checkRectangle, checkRectangleAt, CLEAR_BLACKLISTED_CHIPS, CLEAR_BLACKLISTED_CORES, CLEAR_BLACKLISTED_LINKS, COMPLETED_BLACKLIST_WRITE, COMPLETED_BOARD_INFO_READ, COMPLETED_GET_SERIAL_REQ, COUNT_CHANGES_FOR_JOB, COUNT_FUNCTIONING_BOARDS, COUNT_MACHINE_THINGS, COUNT_POWERED_BOARDS, countConnected, CREATE_BLACKLIST_READ, CREATE_BLACKLIST_WRITE, CREATE_GROUP, CREATE_GROUP_IF_NOT_EXISTS, CREATE_SERIAL_READ_REQ, CREATE_TEMP_READ_REQ, CREATE_USER, DEALLOCATE_BMP_BOARDS_JOB, DECREMENT_QUOTA, DELETE_ALLOC_RECORD, DELETE_BLACKLIST_OP, DELETE_GROUP, DELETE_JOB_RECORD, DELETE_MACHINE_TAGS, DELETE_NMPI_JOB, DELETE_NMPI_SESSION, DELETE_PENDING, DELETE_TASK, DELETE_USER, DESTROY_ALL_LIVE_JOBS, DESTROY_JOB, ERROR_PENDING, FAILED_BLACKLIST_OP, FIND_BOARD_BY_ID, FIND_BOARD_BY_NAME_AND_CFB, FIND_BOARD_BY_NAME_AND_IP_ADDRESS, FIND_BOARD_BY_NAME_AND_XYZ, FIND_EXPIRED_JOBS, FIND_FREE_BOARD, FIND_LOCATION, findBoardByGlobalChip, findBoardByIPAddress, findBoardByJobChip, findBoardByLogicalCoords, findBoardByPhysicalCoords, findRectangle, findRectangleAt, FINISHED_PENDING, GET_ALL_BMP_BOARDS, GET_ALL_BMPS, GET_ALL_BOARDS, GET_ALL_BOARDS_OF_ALL_MACHINES, GET_ALL_LIVE_JOBS, GET_ALL_MACHINES, GET_AVAILABLE_BOARD_NUMBERS, GET_BLACKLIST_READS, GET_BLACKLIST_WRITES, GET_BLACKLISTED_CHIPS, GET_BLACKLISTED_CORES, GET_BLACKLISTED_LINKS, GET_BMP_ADDRESS, GET_BMP_BOARD_NUMBERS, GET_BOARD_ADDRESS, GET_BOARD_BY_COORDS, GET_BOARD_CONNECT_INFO, GET_BOARD_JOB, GET_BOARD_NUMBERS, GET_BOARD_POWER_INFO, GET_BOARD_REPORTS, GET_CHANGES, GET_COMPLETED_BLACKLIST_OP, GET_CONSOLIDATION_TARGETS, GET_CURRENT_USAGE, GET_DEAD_BOARDS, GET_FUNCTIONING_FIELD, GET_GROUP_BY_ID, GET_GROUP_BY_NAME, GET_GROUP_BY_NAME_AND_MEMBER, GET_GROUP_NAMES_OF_USER, GET_GROUP_QUOTA, GET_JOB, GET_JOB_BOARD_COORDS, GET_JOB_BOARDS, GET_JOB_CHIP_DIMENSIONS, GET_JOB_IDS, GET_JOB_NMPI_JOB, GET_JOB_SESSION, GET_JOB_USAGE_AND_QUOTA, GET_LIVE_BOARDS, GET_LIVE_JOB_IDS, GET_LOCAL_USER_DETAILS, GET_MACHINE_BY_ID, GET_MACHINE_JOBS, GET_MACHINE_REPORTS, GET_MACHINE_WRAPS, GET_MEMBERSHIP, GET_MEMBERSHIPS_OF_USER, GET_NAMED_MACHINE, GET_ROOT_BMP_ADDRESS, GET_ROOT_COORDS, GET_ROOT_OF_BOARD, GET_SERIAL_INFO_REQS, GET_SUM_BOARDS_POWERED, GET_TAGS, GET_TEMP_INFO_REQS, GET_USER_AUTHORITIES, GET_USER_DETAILS, GET_USER_DETAILS_BY_NAME, GET_USER_DETAILS_BY_SUBJECT, GET_USER_ID, GET_USER_QUOTA, GET_USERS_OF_GROUP, getAllocationTasks, getConnectedBoards, getDeadLinks, getJobsWithChanges, getPerimeterLinks, getReportedBoards, GROUP_SYNC_ADD_GROUPS, GROUP_SYNC_DROP_TEMP_TABLE, GROUP_SYNC_INSERT_TEMP_ROW, GROUP_SYNC_MAKE_TEMP_TABLE, GROUP_SYNC_REMOVE_GROUPS, INSERT_BMP, INSERT_BOARD, INSERT_BOARD_REPORT, INSERT_JOB, INSERT_LINK, INSERT_MACHINE_SPINN_5, INSERT_REQ_BOARD, INSERT_REQ_N_BOARDS, INSERT_REQ_SIZE, INSERT_REQ_SIZE_BOARD, INSERT_TAG, IS_BOARD_BLACKLIST_CURRENT, IS_USER_LOCKED, issueChangeForJob, KILL_ALL_JOB_ALLOC_TASK, KILL_JOB_ALLOC_TASK, LIST_ALL_GROUPS, LIST_ALL_GROUPS_OF_TYPE, LIST_ALL_USERS, LIST_ALL_USERS_OF_TYPE, LIST_LIVE_JOBS, LIST_MACHINE_NAMES, LOAD_DIR_INFO, MARK_BOARD_BLACKLIST_CHANGED, MARK_BOARD_BLACKLIST_SYNCHED, MARK_CONSOLIDATED, MARK_LOGIN_FAILURE, MARK_LOGIN_SUCCESS, NOTE_DESTROY_REASON, READ_HISTORICAL_ALLOCS, READ_HISTORICAL_JOBS, REMOVE_USER_FROM_GROUP, SET_ALL_BOARDS_OFF, SET_BOARD_POWER_OFF, SET_BOARD_POWER_ON, SET_BOARD_SERIAL_IDS, SET_COLLAB_QUOTA, SET_FUNCTIONING_FIELD, SET_JOB_NMPI_JOB, SET_JOB_SESSION, SET_MACHINE_STATE, SET_MAX_COORDS, SET_STATE_DESTROYED, SET_STATE_PENDING, SET_USER_DISABLED, SET_USER_LOCKED, SET_USER_NAME, SET_USER_PASS, SET_USER_TRUST, UNLOCK_LOCKED_USERS, UPDATE_GROUP, UPDATE_KEEPALIVE, WRITE_HISTORICAL_ALLOCS, WRITE_HISTORICAL_JOBS

Constructor Summary

Constructors

Constructor	Description
LocalAuthProviderImpl()

Method Summary

Modifier and Type	Method	Description
Authentication	authenticate(Authentication auth)
boolean	createUser(String username, String password, TrustLevel trustLevel)	Create a user.
void	mapAuthorities(OidcUserAuthority user, Collection<GrantedAuthority> ga)	Map the authorities, adding them to the result.
boolean	supports(Class<?> cls)
void	unlockLockedUsers()	Unlock any locked users whose lock period has expired.
Authentication	updateAuthentication(HttpServletRequest req, SecurityContext ctx)	Convert the type of the authentication in the security context.

Methods inherited from class DatabaseAwareBean

execute, executeRead, getConnection, getHistoricalConnection, isHistoricalDBAvailable

Methods inherited from class Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

PRIVATE_COLLAB_PREFIX

public static final String PRIVATE_COLLAB_PREFIX

The username prefix used to identify an OpenID user fake collaboratory.

See Also:

• Constant Field Values

Constructor Details

LocalAuthProviderImpl

public LocalAuthProviderImpl()

Method Details

createUser

@PreAuthorize("hasRole('ADMIN')")
public boolean createUser(String username,
 String password,
 TrustLevel trustLevel)

Description copied from interface: LocalAuthenticationProvider

Create a user. Only admins can create users.

Specified by:

createUser in interface LocalAuthenticationProvider<uk.ac.manchester.spinnaker.alloc.security.LocalAuthProviderImpl.TestAPI>

Parameters:

username - The user name to use.

password - The unencoded password to use.

trustLevel - How much is the user trusted.

Returns:

True if the user was created, false if the user already existed.

authenticate

public Authentication authenticate(Authentication auth)
                            throws AuthenticationException

Specified by:

authenticate in interface AuthenticationProvider

Throws:

AuthenticationException

updateAuthentication

public Authentication updateAuthentication(HttpServletRequest req,
 SecurityContext ctx)

Description copied from interface: LocalAuthenticationProvider

Convert the type of the authentication in the security context.

Specified by:

updateAuthentication in interface LocalAuthenticationProvider<uk.ac.manchester.spinnaker.alloc.security.LocalAuthProviderImpl.TestAPI>

Parameters:

req - The request being made.

ctx - The security context.

Returns:

The new authentication (which is also installed into the security context), or null if the authentication is not changed.

supports

public boolean supports(Class<?> cls)

Specified by:

supports in interface AuthenticationProvider

mapAuthorities

public void mapAuthorities(OidcUserAuthority user,
 Collection<GrantedAuthority> ga)

Description copied from interface: LocalAuthenticationProvider

Map the authorities, adding them to the result.

Specified by:

mapAuthorities in interface LocalAuthenticationProvider<uk.ac.manchester.spinnaker.alloc.security.LocalAuthProviderImpl.TestAPI>

Parameters:

user - The overall authority to map.

ga - Where to add the authorities.

unlockLockedUsers

@Scheduled(fixedDelayString="#{authProperties.unlockPeriod}")
public void unlockLockedUsers()

Description copied from interface: LocalAuthenticationProvider

Unlock any locked users whose lock period has expired.

Specified by:

unlockLockedUsers in interface LocalAuthenticationProvider<uk.ac.manchester.spinnaker.alloc.security.LocalAuthProviderImpl.TestAPI>