Package uk.ac.manchester.spinnaker.alloc.security

Class LocalAuthProviderImpl

java.lang.Object

uk.ac.manchester.spinnaker.alloc.db.SQLQueries

uk.ac.manchester.spinnaker.alloc.db.DatabaseAwareBean

uk.ac.manchester.spinnaker.alloc.security.LocalAuthProviderImpl

All Implemented Interfaces:

AuthenticationProvider, LocalAuthenticationProvider<uk.ac.manchester.spinnaker.alloc.security.LocalAuthProviderImpl.TestAPI>

@Service
public class LocalAuthProviderImpl
extends DatabaseAwareBean
implements LocalAuthenticationProvider<uk.ac.manchester.spinnaker.alloc.security.LocalAuthProviderImpl.TestAPI>

Does authentication against users defined entirely in the database. This includes keeping the users' (encrypted) password in the database. This is primarily focused on the user_info database table.

Author:

Donal Fellows

See Also:

• Configuration properties

Nested Class Summary

Nested classes/interfaces inherited from class uk.ac.manchester.spinnaker.alloc.db.DatabaseAwareBean

DatabaseAwareBean.AbstractSQL

Field Summary

Fields

Modifier and Type	Field	Description
static final String	PRIVATE_COLLAB_PREFIX	The username prefix used to identify an OpenID user fake collaboratory.

Fields inherited from class uk.ac.manchester.spinnaker.alloc.db.SQLQueries

ADD_BLACKLISTED_CHIP, ADD_BLACKLISTED_CORE, ADD_BLACKLISTED_LINK, ADD_USER_TO_GROUP, ADJUST_QUOTA, ALLOCATE_BOARDS_BOARD, ALLOCATE_BOARDS_JOB, BUMP_IMPORTANCE, CHECK_LOCATION, checkRectangle, checkRectangleAt, CLEAR_BLACKLISTED_CHIPS, CLEAR_BLACKLISTED_CORES, CLEAR_BLACKLISTED_LINKS, COMPLETED_BLACKLIST_WRITE, COMPLETED_BOARD_INFO_READ, COMPLETED_GET_SERIAL_REQ, COUNT_CHANGES_FOR_JOB, COUNT_FUNCTIONING_BOARDS, COUNT_MACHINE_THINGS, COUNT_POWERED_BOARDS, countConnected, CREATE_BLACKLIST_READ, CREATE_BLACKLIST_WRITE, CREATE_GROUP, CREATE_GROUP_IF_NOT_EXISTS, CREATE_SERIAL_READ_REQ, CREATE_TEMP_READ_REQ, CREATE_USER, DEALLOCATE_BMP_BOARDS_JOB, DECREMENT_QUOTA, DELETE_ALLOC_RECORD, DELETE_BLACKLIST_OP, DELETE_GROUP, DELETE_JOB_RECORD, DELETE_MACHINE_TAGS, DELETE_NMPI_JOB, DELETE_NMPI_SESSION, DELETE_PENDING, DELETE_TASK, DELETE_USER, DESTROY_ALL_LIVE_JOBS, DESTROY_JOB, ERROR_PENDING, FAILED_BLACKLIST_OP, FIND_BOARD_BY_ID, FIND_BOARD_BY_NAME_AND_CFB, FIND_BOARD_BY_NAME_AND_IP_ADDRESS, FIND_BOARD_BY_NAME_AND_XYZ, FIND_EXPIRED_JOBS, FIND_FREE_BOARD, FIND_LOCATION, findBoardByGlobalChip, findBoardByIPAddress, findBoardByJobChip, findBoardByLogicalCoords, findBoardByPhysicalCoords, findRectangle, findRectangleAt, FINISHED_PENDING, GET_ALL_BMP_BOARDS, GET_ALL_BMPS, GET_ALL_BOARDS, GET_ALL_BOARDS_OF_ALL_MACHINES, GET_ALL_LIVE_JOBS, GET_ALL_MACHINES, GET_AVAILABLE_BOARD_NUMBERS, GET_BLACKLIST_READS, GET_BLACKLIST_WRITES, GET_BLACKLISTED_CHIPS, GET_BLACKLISTED_CORES, GET_BLACKLISTED_LINKS, GET_BMP_ADDRESS, GET_BMP_BOARD_NUMBERS, GET_BOARD_ADDRESS, GET_BOARD_BY_COORDS, GET_BOARD_CONNECT_INFO, GET_BOARD_JOB, GET_BOARD_NUMBERS, GET_BOARD_POWER_INFO, GET_BOARD_REPORTS, GET_CHANGES, GET_COMPLETED_BLACKLIST_OP, GET_CONSOLIDATION_TARGETS, GET_CURRENT_USAGE, GET_DEAD_BOARDS, GET_FUNCTIONING_FIELD, GET_GROUP_BY_ID, GET_GROUP_BY_NAME, GET_GROUP_BY_NAME_AND_MEMBER, GET_GROUP_NAMES_OF_USER, GET_GROUP_QUOTA, GET_JOB, GET_JOB_BOARD_COORDS, GET_JOB_BOARDS, GET_JOB_CHIP_DIMENSIONS, GET_JOB_IDS, GET_JOB_NMPI_JOB, GET_JOB_SESSION, GET_JOB_USAGE_AND_QUOTA, GET_LIVE_BOARDS, GET_LIVE_JOB_IDS, GET_LOCAL_USER_DETAILS, GET_MACHINE_BY_ID, GET_MACHINE_JOBS, GET_MACHINE_REPORTS, GET_MACHINE_WRAPS, GET_MEMBERSHIP, GET_MEMBERSHIPS_OF_USER, GET_NAMED_MACHINE, GET_ROOT_BMP_ADDRESS, GET_ROOT_COORDS, GET_ROOT_OF_BOARD, GET_SERIAL_INFO_REQS, GET_SUM_BOARDS_POWERED, GET_TAGS, GET_TEMP_INFO_REQS, GET_USER_AUTHORITIES, GET_USER_DETAILS, GET_USER_DETAILS_BY_NAME, GET_USER_DETAILS_BY_SUBJECT, GET_USER_ID, GET_USER_QUOTA, GET_USERS_OF_GROUP, getAllocationTasks, getConnectedBoards, getDeadLinks, getJobsWithChanges, getPerimeterLinks, getReportedBoards, GROUP_SYNC_ADD_GROUPS, GROUP_SYNC_DROP_TEMP_TABLE, GROUP_SYNC_INSERT_TEMP_ROW, GROUP_SYNC_MAKE_TEMP_TABLE, GROUP_SYNC_REMOVE_GROUPS, INSERT_BMP, INSERT_BOARD, INSERT_BOARD_REPORT, INSERT_JOB, INSERT_LINK, INSERT_MACHINE_SPINN_5, INSERT_REQ_BOARD, INSERT_REQ_N_BOARDS, INSERT_REQ_SIZE, INSERT_REQ_SIZE_BOARD, INSERT_TAG, IS_BOARD_BLACKLIST_CURRENT, IS_USER_LOCKED, issueChangeForJob, KILL_ALL_JOB_ALLOC_TASK, KILL_JOB_ALLOC_TASK, LIST_ALL_GROUPS, LIST_ALL_GROUPS_OF_TYPE, LIST_ALL_USERS, LIST_ALL_USERS_OF_TYPE, LIST_LIVE_JOBS, LIST_MACHINE_NAMES, LOAD_DIR_INFO, MARK_BOARD_BLACKLIST_CHANGED, MARK_BOARD_BLACKLIST_SYNCHED, MARK_CONSOLIDATED, MARK_LOGIN_FAILURE, MARK_LOGIN_SUCCESS, NOTE_DESTROY_REASON, READ_HISTORICAL_ALLOCS, READ_HISTORICAL_JOBS, REMOVE_USER_FROM_GROUP, SET_ALL_BOARDS_OFF, SET_BOARD_POWER_OFF, SET_BOARD_POWER_ON, SET_BOARD_SERIAL_IDS, SET_COLLAB_QUOTA, SET_FUNCTIONING_FIELD, SET_JOB_NMPI_JOB, SET_JOB_SESSION, SET_MACHINE_STATE, SET_MAX_COORDS, SET_STATE_DESTROYED, SET_STATE_PENDING, SET_USER_DISABLED, SET_USER_LOCKED, SET_USER_NAME, SET_USER_PASS, SET_USER_TRUST, UNLOCK_LOCKED_USERS, UPDATE_GROUP, UPDATE_KEEPALIVE, WRITE_HISTORICAL_ALLOCS, WRITE_HISTORICAL_JOBS

Constructor Summary

Constructors

Constructor	Description
LocalAuthProviderImpl()

Method Summary

Modifier and Type	Method	Description
Authentication	authenticate(Authentication auth)
boolean	createUser(String username, String password, TrustLevel trustLevel)	Create a user.
void	mapAuthorities(OidcUserAuthority user, Collection<GrantedAuthority> ga)	Map the authorities, adding them to the result.
boolean	supports(Class<?> cls)
void	unlockLockedUsers()	Unlock any locked users whose lock period has expired.
Authentication	updateAuthentication(jakarta.servlet.http.HttpServletRequest req, SecurityContext ctx)	Convert the type of the authentication in the security context.

Methods inherited from class uk.ac.manchester.spinnaker.alloc.db.DatabaseAwareBean

execute, executeRead, getConnection, getHistoricalConnection, isHistoricalDBAvailable

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

PRIVATE_COLLAB_PREFIX

public static final String PRIVATE_COLLAB_PREFIX

The username prefix used to identify an OpenID user fake collaboratory.

See Also:

• Constant Field Values

Constructor Details

LocalAuthProviderImpl

public LocalAuthProviderImpl()

Method Details

createUser

@PreAuthorize("hasRole(\'ADMIN\')")
public boolean createUser(String username,
 String password,
 TrustLevel trustLevel)

Description copied from interface: LocalAuthenticationProvider

Create a user. Only admins can create users.

Specified by:

createUser in interface LocalAuthenticationProvider<uk.ac.manchester.spinnaker.alloc.security.LocalAuthProviderImpl.TestAPI>

Parameters:

username - The user name to use.

password - The unencoded password to use.

trustLevel - How much is the user trusted.

Returns:

True if the user was created, false if the user already existed.

authenticate

public Authentication authenticate(Authentication auth)
                            throws AuthenticationException

Specified by:

authenticate in interface AuthenticationProvider

Throws:

AuthenticationException

updateAuthentication

public Authentication updateAuthentication(jakarta.servlet.http.HttpServletRequest req,
 SecurityContext ctx)

Description copied from interface: LocalAuthenticationProvider

Convert the type of the authentication in the security context.

Specified by:

updateAuthentication in interface LocalAuthenticationProvider<uk.ac.manchester.spinnaker.alloc.security.LocalAuthProviderImpl.TestAPI>

Parameters:

req - The request being made.

ctx - The security context.

Returns:

The new authentication (which is also installed into the security context), or null if the authentication is not changed.

supports

public boolean supports(Class<?> cls)

Specified by:

supports in interface AuthenticationProvider

mapAuthorities

public void mapAuthorities(OidcUserAuthority user,
 Collection<GrantedAuthority> ga)

Description copied from interface: LocalAuthenticationProvider

Map the authorities, adding them to the result.

Specified by:

mapAuthorities in interface LocalAuthenticationProvider<uk.ac.manchester.spinnaker.alloc.security.LocalAuthProviderImpl.TestAPI>

Parameters:

user - The overall authority to map.

ga - Where to add the authorities.

unlockLockedUsers

@Scheduled(fixedDelayString="#{authProperties.unlockPeriod}")
public void unlockLockedUsers()

Description copied from interface: LocalAuthenticationProvider

Unlock any locked users whose lock period has expired.

Specified by:

unlockLockedUsers in interface LocalAuthenticationProvider<uk.ac.manchester.spinnaker.alloc.security.LocalAuthProviderImpl.TestAPI>