Package uk.ac.manchester.spinnaker.alloc.security

Class LocalAuthProviderImpl

java.lang.Object

uk.ac.manchester.spinnaker.alloc.db.SQLQueries

uk.ac.manchester.spinnaker.alloc.db.DatabaseAwareBean

uk.ac.manchester.spinnaker.alloc.security.LocalAuthProviderImpl

All Implemented Interfaces:

AuthenticationProvider, LocalAuthenticationProvider<uk.ac.manchester.spinnaker.alloc.security.LocalAuthProviderImpl.TestAPI>

@Service
public class LocalAuthProviderImpl
extends DatabaseAwareBean
implements LocalAuthenticationProvider<uk.ac.manchester.spinnaker.alloc.security.LocalAuthProviderImpl.TestAPI>

Does authentication against users defined entirely in the database. This includes keeping the users' (encrypted) password in the database. This is primarily focused on the user_info database table.

Author:

Donal Fellows

See Also:

Configuration properties

Nested Class Summary

Nested classes/interfaces inherited from class uk.ac.manchester.spinnaker.alloc.db.DatabaseAwareBean

DatabaseAwareBean.AbstractSQL

Field Summary

Fields inherited from class uk.ac.manchester.spinnaker.alloc.db.SQLQueries

ADD_BLACKLISTED_CHIP, ADD_BLACKLISTED_CORE, ADD_BLACKLISTED_LINK, ADD_USER_TO_GROUP, ADJUST_QUOTA, ALLOCATE_BOARDS_BOARD, ALLOCATE_BOARDS_JOB, BUMP_IMPORTANCE, CHECK_LOCATION, checkRectangle, checkRectangleAt, CLEAR_BLACKLISTED_CHIPS, CLEAR_BLACKLISTED_CORES, CLEAR_BLACKLISTED_LINKS, COMPLETED_BLACKLIST_WRITE, COMPLETED_BOARD_INFO_READ, COMPLETED_GET_SERIAL_REQ, COUNT_CHANGES_FOR_JOB, COUNT_FUNCTIONING_BOARDS, COUNT_MACHINE_THINGS, COUNT_POWERED_BOARDS, countConnected, CREATE_BLACKLIST_READ, CREATE_BLACKLIST_WRITE, CREATE_GROUP, CREATE_GROUP_IF_NOT_EXISTS, CREATE_SERIAL_READ_REQ, CREATE_TEMP_READ_REQ, CREATE_USER, DEALLOCATE_BMP_BOARDS_JOB, DECREMENT_QUOTA, DELETE_ALLOC_RECORD, DELETE_BLACKLIST_OP, DELETE_GROUP, DELETE_JOB_RECORD, DELETE_MACHINE_TAGS, DELETE_NMPI_JOB, DELETE_NMPI_SESSION, DELETE_PENDING, DELETE_TASK, DELETE_USER, DESTROY_JOB, ERROR_PENDING, FAILED_BLACKLIST_OP, FIND_BOARD_BY_ID, FIND_BOARD_BY_NAME_AND_CFB, FIND_BOARD_BY_NAME_AND_IP_ADDRESS, FIND_BOARD_BY_NAME_AND_XYZ, FIND_EXPIRED_JOBS, FIND_FREE_BOARD, FIND_LOCATION, findBoardByGlobalChip, findBoardByIPAddress, findBoardByJobChip, findBoardByLogicalCoords, findBoardByPhysicalCoords, findRectangle, findRectangleAt, FINISHED_PENDING, GET_ALL_BMP_BOARDS, GET_ALL_BMPS, GET_ALL_BOARDS, GET_ALL_BOARDS_OF_ALL_MACHINES, GET_ALL_MACHINES, GET_AVAILABLE_BOARD_NUMBERS, GET_BLACKLIST_READS, GET_BLACKLIST_WRITES, GET_BLACKLISTED_CHIPS, GET_BLACKLISTED_CORES, GET_BLACKLISTED_LINKS, GET_BMP_ADDRESS, GET_BMP_BOARD_NUMBERS, GET_BOARD_ADDRESS, GET_BOARD_BY_COORDS, GET_BOARD_CONNECT_INFO, GET_BOARD_JOB, GET_BOARD_NUMBERS, GET_BOARD_POWER_INFO, GET_BOARD_REPORTS, GET_CHANGES, GET_COMPLETED_BLACKLIST_OP, GET_CONSOLIDATION_TARGETS, GET_CURRENT_USAGE, GET_DEAD_BOARDS, GET_FUNCTIONING_FIELD, GET_GROUP_BY_ID, GET_GROUP_BY_NAME, GET_GROUP_BY_NAME_AND_MEMBER, GET_GROUP_NAMES_OF_USER, GET_GROUP_QUOTA, GET_JOB, GET_JOB_BOARD_COORDS, GET_JOB_BOARDS, GET_JOB_CHIP_DIMENSIONS, GET_JOB_IDS, GET_JOB_NMPI_JOB, GET_JOB_SESSION, GET_JOB_USAGE_AND_QUOTA, GET_LIVE_BOARDS, GET_LIVE_JOB_IDS, GET_LOCAL_USER_DETAILS, GET_MACHINE_BY_ID, GET_MACHINE_JOBS, GET_MACHINE_REPORTS, GET_MACHINE_WRAPS, GET_MEMBERSHIP, GET_MEMBERSHIPS_OF_USER, GET_NAMED_MACHINE, GET_ROOT_BMP_ADDRESS, GET_ROOT_COORDS, GET_ROOT_OF_BOARD, GET_SERIAL_INFO_REQS, GET_SUM_BOARDS_POWERED, GET_TAGS, GET_TEMP_INFO_REQS, GET_USER_AUTHORITIES, GET_USER_DETAILS, GET_USER_DETAILS_BY_NAME, GET_USER_DETAILS_BY_SUBJECT, GET_USER_ID, GET_USER_QUOTA, GET_USERS_OF_GROUP, getAllocationTasks, getConnectedBoards, getDeadLinks, getJobsWithChanges, getPerimeterLinks, getReportedBoards, GROUP_SYNC_ADD_GROUPS, GROUP_SYNC_DROP_TEMP_TABLE, GROUP_SYNC_INSERT_TEMP_ROW, GROUP_SYNC_MAKE_TEMP_TABLE, GROUP_SYNC_REMOVE_GROUPS, INSERT_BMP, INSERT_BOARD, INSERT_BOARD_REPORT, INSERT_JOB, INSERT_LINK, INSERT_MACHINE_SPINN_5, INSERT_REQ_BOARD, INSERT_REQ_N_BOARDS, INSERT_REQ_SIZE, INSERT_REQ_SIZE_BOARD, INSERT_TAG, IS_BOARD_BLACKLIST_CURRENT, IS_USER_LOCKED, issueChangeForJob, KILL_JOB_ALLOC_TASK, LIST_ALL_GROUPS, LIST_ALL_GROUPS_OF_TYPE, LIST_ALL_USERS, LIST_ALL_USERS_OF_TYPE, LIST_LIVE_JOBS, LIST_MACHINE_NAMES, LOAD_DIR_INFO, MARK_BOARD_BLACKLIST_CHANGED, MARK_BOARD_BLACKLIST_SYNCHED, MARK_CONSOLIDATED, MARK_LOGIN_FAILURE, MARK_LOGIN_SUCCESS, NOTE_DESTROY_REASON, READ_HISTORICAL_ALLOCS, READ_HISTORICAL_JOBS, REMOVE_USER_FROM_GROUP, SET_BOARD_POWER_OFF, SET_BOARD_POWER_ON, SET_BOARD_SERIAL_IDS, SET_COLLAB_QUOTA, SET_FUNCTIONING_FIELD, SET_JOB_NMPI_JOB, SET_JOB_SESSION, SET_MACHINE_STATE, SET_MAX_COORDS, SET_STATE_DESTROYED, SET_STATE_PENDING, SET_USER_DISABLED, SET_USER_LOCKED, SET_USER_NAME, SET_USER_PASS, SET_USER_TRUST, UNLOCK_LOCKED_USERS, UPDATE_GROUP, UPDATE_KEEPALIVE, WRITE_HISTORICAL_ALLOCS, WRITE_HISTORICAL_JOBS

Constructor Summary

Constructors

Constructor	Description
LocalAuthProviderImpl()

Method Summary

Modifier and Type	Method	Description
Authentication	authenticate(Authentication auth)
boolean	createUser(String username, String password, TrustLevel trustLevel)	Create a user.
void	mapAuthorities(OidcUserAuthority user, Collection<GrantedAuthority> ga)	Map the authorities, adding them to the result.
boolean	supports(Class<?> cls)
void	unlockLockedUsers()	Unlock any locked users whose lock period has expired.
Authentication	updateAuthentication(HttpServletRequest req, SecurityContext ctx)	Convert the type of the authentication in the security context.

Methods inherited from class uk.ac.manchester.spinnaker.alloc.db.DatabaseAwareBean

execute, executeRead, getConnection, getHistoricalConnection, isHistoricalDBAvailable

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

LocalAuthProviderImpl

public LocalAuthProviderImpl()

Method Details

createUser

@PreAuthorize("hasRole(\'ADMIN\')") public boolean createUser(String username, String password, TrustLevel trustLevel)

Description copied from interface: LocalAuthenticationProvider

Create a user. Only admins can create users.

Specified by:

createUser in interface LocalAuthenticationProvider<uk.ac.manchester.spinnaker.alloc.security.LocalAuthProviderImpl.TestAPI>

Parameters:

username - The user name to use.

password - The unencoded password to use.

trustLevel - How much is the user trusted.

Returns:

True if the user was created, false if the user already existed.

authenticate

public Authentication authenticate(Authentication auth) throws AuthenticationException

Specified by:

authenticate in interface AuthenticationProvider

Throws:

AuthenticationException

updateAuthentication

public Authentication updateAuthentication(HttpServletRequest req, SecurityContext ctx)

Description copied from interface: LocalAuthenticationProvider

Convert the type of the authentication in the security context.

Specified by:

updateAuthentication in interface LocalAuthenticationProvider<uk.ac.manchester.spinnaker.alloc.security.LocalAuthProviderImpl.TestAPI>

Parameters:

req - The request being made.

ctx - The security context.

Returns:

The new authentication (which is also installed into the security context), or null if the authentication is not changed.

supports

public boolean supports(Class<?> cls)

Specified by:

supports in interface AuthenticationProvider

mapAuthorities

public void mapAuthorities(OidcUserAuthority user, Collection<GrantedAuthority> ga)

Description copied from interface: LocalAuthenticationProvider

Map the authorities, adding them to the result.

Specified by:

mapAuthorities in interface LocalAuthenticationProvider<uk.ac.manchester.spinnaker.alloc.security.LocalAuthProviderImpl.TestAPI>

Parameters:

user - The overall authority to map.

ga - Where to add the authorities.

unlockLockedUsers

@Scheduled(fixedDelayString="#{authProperties.unlockPeriod}") public void unlockLockedUsers()

Description copied from interface: LocalAuthenticationProvider

Unlock any locked users whose lock period has expired.

Specified by:

unlockLockedUsers in interface LocalAuthenticationProvider<uk.ac.manchester.spinnaker.alloc.security.LocalAuthProviderImpl.TestAPI>