C++ (Cpp) ISecResourceList 예제들

예제 #1

파일: defaultsecuritymanager.cpp 프로젝트: jamienoss/HPCC-Platform

IAuthMap * CLocalSecurityManager::createAuthMap(IPropertyTree * authconfig)
{
    CAuthMap* authmap = new CAuthMap(this);

    IPropertyTreeIterator *loc_iter = NULL;
    loc_iter = authconfig->getElements(".//Location");
    if (loc_iter != NULL)
    {
        IPropertyTree *location = NULL;
        loc_iter->first();
        while(loc_iter->isValid())
        {
            location = &loc_iter->query();
            if (location)
            {
                StringBuffer pathstr, rstr, required, description;
                location->getProp("@path", pathstr);
                location->getProp("@resource", rstr);
                location->getProp("@required", required);
                location->getProp("@description", description);
                
                if(pathstr.length() == 0)
                    throw MakeStringException(-1, "path empty in Authenticate/Location");
                if(rstr.length() == 0)
                    throw MakeStringException(-1, "resource empty in Authenticate/Location");

                ISecResourceList* rlist = authmap->queryResourceList(pathstr.str());
                if(rlist == NULL)
                {
                    rlist = createResourceList("localsecurity");                        
                    authmap->add(pathstr.str(), rlist);
                }
                ISecResource* rs = rlist->addResource(rstr.str());
                unsigned requiredaccess = str2perm(required.str());
                rs->setRequiredAccessFlags(requiredaccess);
                rs->setDescription(description.str());
            }
            loc_iter->next();
        }
        loc_iter->Release();
        loc_iter = NULL;
    }

    return authmap;
}

예제 #2

파일: htpasswdSecurity.cpp 프로젝트: Michael-Gardner/HPCC-Platform

	IAuthMap * createAuthMap(IPropertyTree * authconfig)
	{
		CAuthMap* authmap = new CAuthMap(this);

		Owned<IPropertyTreeIterator> loc_iter;
		loc_iter.setown(authconfig->getElements(".//Location"));
		if (loc_iter)
		{
			IPropertyTree *location = NULL;
			loc_iter->first();
			while(loc_iter->isValid())
			{
				location = &loc_iter->query();
				if (location)
				{
					StringBuffer pathstr, rstr, required, description;
					location->getProp("@path", pathstr);
					location->getProp("@resource", rstr);
					location->getProp("@required", required);
					location->getProp("@description", description);

					if(pathstr.length() == 0)
						throw MakeStringException(-1, "path empty in Authenticate/Location");
					if(rstr.length() == 0)
						throw MakeStringException(-1, "resource empty in Authenticate/Location");

					ISecResourceList* rlist = authmap->queryResourceList(pathstr.str());
					if(rlist == NULL)
					{
						rlist = createResourceList("htpasswdsecurity");
						authmap->add(pathstr.str(), rlist);
					}
					ISecResource* rs = rlist->addResource(rstr.str());
                    SecAccessFlags requiredaccess = str2perm(required.str());
					rs->setRequiredAccessFlags(requiredaccess);
					rs->setDescription(description.str());
                    rs->setAccessFlags(SecAccess_Full);//grant full access to authenticated users
				}
				loc_iter->next();
			}
		}

		return authmap;
	}

예제 #3

파일: htpasswdSecurity.cpp 프로젝트: Michael-Gardner/HPCC-Platform

    IAuthMap * createFeatureMap(IPropertyTree * authconfig)
    {
        CAuthMap* feature_authmap = new CAuthMap(this);

        Owned<IPropertyTreeIterator> feature_iter;
        feature_iter.setown(authconfig->getElements(".//Feature"));
        ForEach(*feature_iter)
        {
            IPropertyTree *feature = NULL;
            feature = &feature_iter->query();
            if (feature)
            {
                StringBuffer pathstr, rstr, required, description;
                feature->getProp("@path", pathstr);
                feature->getProp("@resource", rstr);
                feature->getProp("@required", required);
                feature->getProp("@description", description);
                ISecResourceList* rlist = feature_authmap->queryResourceList(pathstr.str());
                if(rlist == NULL)
                {
                    rlist = createResourceList(pathstr.str());
                    feature_authmap->add(pathstr.str(), rlist);
                }
                if (!rstr.isEmpty())
                {
                    ISecResource* rs = rlist->addResource(rstr.str());
                    SecAccessFlags requiredaccess = str2perm(required.str());
                    rs->setRequiredAccessFlags(requiredaccess);
                    rs->setDescription(description.str());
                    rs->setAccessFlags(SecAccess_Full);//grant full access to authenticated users
                }
            }
        }

        return feature_authmap;
    }

예제 #4

파일: sechandler.cpp 프로젝트: RogerDev/HPCC-Platform

bool SecHandler::authorizeSecReqFeatures(StringArray & features, IEspStringIntMap & pmap, unsigned *required)
{
    if(features.length() == 0)
        return false;
    
    if(m_secmgr.get() == NULL)
    {
        for(unsigned i = 0; i < features.length(); i++)
        {
            const char* feature = features.item(i);
            if(feature != NULL && feature[0] != 0)
                pmap.setValue(feature, SecAccess_Full);
        }
        return true;
    }

    if(m_user.get() == NULL)
    {
        AuditMessage(AUDIT_TYPE_ACCESS_FAILURE, "Authorization", "Access Denied: No username provided");
        return false;
    }


    Owned<ISecResourceList> plist = m_secmgr->createResourceList("FeatureMap");

    std::map<std::string, std::string> namemap;

    unsigned i;
    for(i = 0; i < features.length(); i++)
    {
        const char* feature = features.item(i);
        if(feature == NULL || feature[0] == 0)
            continue;
        
        if(m_feature_authmap.get() == NULL)
        {
            plist->addResource(feature);
            namemap[feature] = feature;
        }
        else
        {
            ISecResourceList* rlist = m_feature_authmap->queryResourceList(feature);
            ISecResource* resource = NULL;
            if(rlist != NULL && (resource = rlist->queryResource((unsigned)0)) != NULL)
            {
                plist->addResource(resource->clone());
                namemap[resource->getName()] = feature;
            }
            else
            {
                // Use the feature name as the resource name if no authmap was found
                ISecResource* res = plist->addResource(feature);
                res->setRequiredAccessFlags(SecAccess_Unknown);
                namemap[feature] = feature;
            }
        }
    }
    
    bool auth_ok = false;
    try
    {
        auth_ok = m_secmgr->authorize(*m_user.get(), plist, m_secureContext.get());
    }
    catch(IException* e)
    {
        StringBuffer errmsg;
        e->errorMessage(errmsg);
        ERRLOG("Exception authorizing, error=%s\n", errmsg.str());
        return false;
    }
    catch(...)
    {
        ERRLOG("Unknown exception authorizing\n");
        return false;
    }
    if(auth_ok)
    {
        for(i = 0; i < (unsigned)plist->count(); i++)
        {
            ISecResource* resource = plist->queryResource(i);
            if(resource != NULL)
            {
                std::string feature = namemap[resource->getName()];
                if(feature.size() == 0)
                    continue;
                pmap.setValue(feature.c_str(), resource->getAccessFlags());
                if (required && required[i]>0 && resource->getAccessFlags()<required[i])
                {
                    AuditMessage(AUDIT_TYPE_ACCESS_FAILURE, "Authorization", "Access Denied: Not enough access rights for resource", "Resource: %s [%s]", resource->getName(), resource->getDescription());
                }
            }
        }
    }
    return auth_ok;
}