public AuthorizeMiddleware(FieldDelegate next, IAuthorizationHandler authorizationHandler)
{
_next = next ??
throw new ArgumentNullException(nameof(next));
_authorizationHandler = authorizationHandler ??
throw new ArgumentNullException(nameof(authorizationHandler));
}
public TestAuthorizationHandler(
IAuthorizationHandler handler,
IHook <AuthorizationHandlerContext> authContextHook)
{
_handler = handler;
_authContextHook = authContextHook;
}
/// <summary>
/// Initializes a new instance of the <see cref="AuthorizationContext"/> class.
/// </summary>
/// <param name="kernel">The kernel.</param>
/// <param name="authorizationStore">The <see cref="IAuthorizationStore"/>.</param>
/// <param name="authorizationHandler">The <see cref="IAuthorizationHandler"/>.</param>
/// <param name="authorizationContextConfiguration">The <see cref="IAuthorizationContextConfiguration"/>.</param>
/// <exception cref="ArgumentNullException">The value of '<paramref name="kernel"/>', '<paramref name="authorizationHandler"/>', '<paramref name="authorizationStore"/>' and '<paramref name="authorizationContextConfiguration"/>' cannot be null. </exception>
public AuthorizationContext([NotNull] IKernel kernel, [NotNull] IAuthorizationStore authorizationStore, [NotNull] IAuthorizationHandler authorizationHandler, [NotNull] IAuthorizationContextConfiguration authorizationContextConfiguration)
{
if (kernel == null)
{
throw new ArgumentNullException(nameof(kernel));
}
if (authorizationStore == null)
{
throw new ArgumentNullException(nameof(authorizationStore));
}
if (authorizationHandler == null)
{
throw new ArgumentNullException(nameof(authorizationHandler));
}
if (authorizationContextConfiguration == null)
{
throw new ArgumentNullException(nameof(authorizationContextConfiguration));
}
this.Kernel = kernel;
this.authorizationStore = authorizationStore;
this.authorizationHandler = authorizationHandler;
this.AuthorizationContextConfiguration = authorizationContextConfiguration;
this.AuthorizationContextState = new UnauthorizedAuthorizationContextState(authorizationStore, authorizationHandler);
}
/// <summary>
/// Creates an authorization policy which can build and set a claims principal.
/// </summary>
/// <param name="authorizationHandler">Functionality which can handle authorization.</param>
public ClaimsPrincipalBuilderAuthorizationPolicy(IAuthorizationHandler authorizationHandler)
{
if (authorizationHandler == null)
{
throw new ArgumentNullException("authorizationHandler");
}
_authorizationHandler = authorizationHandler;
}
/// <summary>
/// Creates functionality which checks authorization access for a secure token on each service operation.
/// </summary>
/// <param name="authorizationHandler">Functionality which can handle authorization.</param>
public SecureTokenAuthorizer(IAuthorizationHandler authorizationHandler)
{
if (authorizationHandler == null)
{
throw new ArgumentNullException("authorizationHandler");
}
_authorizationHandler = authorizationHandler;
}
public void CheckPerformActivity(String authenticatedActorId, Int64 flowId, IDictionary attributeValues, String transitionName, DbSession dbSession)
{
IAuthorizationHandler authorizationHandler = GetHandlerFromFlowId(flowId, dbSession);
if (authorizationHandler != null)
{
authorizationHandler.CheckPerformActivity(authenticatedActorId, flowId, attributeValues, transitionName);
}
}
public void CheckPerformActivity(Guid authenticatedActorId, Guid flowId, IDictionary <string, object> attributeValues, string transitionName)
{
IAuthorizationHandler authorizationHandler = GetHandlerFromFlowId(flowId);
if (authorizationHandler != null)
{
authorizationHandler.CheckPerformActivity(authenticatedActorId, flowId, attributeValues, transitionName);
}
}
public void CheckDelegateActivity(String authenticatedActorId, Int64 flowId, String delegateActorId, DbSession dbSession)
{
IAuthorizationHandler authorizationHandler = GetHandlerFromFlowId(flowId, dbSession);
if (authorizationHandler != null)
{
authorizationHandler.CheckDelegateActivity(authenticatedActorId, flowId, delegateActorId);
}
}
public void CheckGetStartForm(Guid authenticatedActorId, Guid processDefinitionId)
{
IAuthorizationHandler authorizationHandler = GetHandlerFromProcessDefinitionId(processDefinitionId);
if (authorizationHandler != null)
{
authorizationHandler.CheckGetStartForm(authenticatedActorId, processDefinitionId);
}
}
public void CheckGetActivityForm(Guid authenticatedActorId, Guid flowId)
{
IAuthorizationHandler authorizationHandler = GetHandlerFromFlowId(flowId);
if (authorizationHandler != null)
{
authorizationHandler.CheckGetActivityForm(authenticatedActorId, flowId);
}
}
public void CheckCancelProcessInstance(Guid authenticatedActorId, Guid processInstanceId)
{
IAuthorizationHandler authorizationHandler = GetHandlerFromProcessInstanceId(processInstanceId);
if (authorizationHandler != null)
{
authorizationHandler.CheckCancelProcessInstance(authenticatedActorId, processInstanceId);
}
}
public void CheckStartProcessInstance(Guid authenticatedActorId, Guid processDefinitionId, IDictionary <string, object> attributeValues, string transitionName)
{
IAuthorizationHandler authorizationHandler = GetHandlerFromProcessDefinitionId(processDefinitionId);
if (authorizationHandler != null)
{
authorizationHandler.CheckStartProcessInstance(authenticatedActorId, processDefinitionId, attributeValues, transitionName);
}
}
public void CheckCancelProcessInstance(String authenticatedActorId, Int64 processInstanceId, DbSession dbSession)
{
IAuthorizationHandler authorizationHandler = GetHandlerFromProcessInstanceId(processInstanceId, dbSession);
if (authorizationHandler != null)
{
authorizationHandler.CheckCancelProcessInstance(authenticatedActorId, processInstanceId);
}
}
public void CheckDelegateActivity(Guid authenticatedActorId, Guid flowId, string delegateActorId)
{
IAuthorizationHandler authorizationHandler = GetHandlerFromFlowId(flowId);
if (authorizationHandler != null)
{
authorizationHandler.CheckDelegateActivity(authenticatedActorId, flowId, delegateActorId);
}
}
public void CheckStartProcessInstance(String authenticatedActorId, Int64 processDefinitionId, IDictionary attributeValues, String transitionName, DbSession dbSession)
{
IAuthorizationHandler authorizationHandler = GetHandlerFromProcessDefinitionId(processDefinitionId, dbSession);
if (authorizationHandler != null)
{
authorizationHandler.CheckStartProcessInstance(authenticatedActorId, processDefinitionId, attributeValues, transitionName);
}
}
public void CheckGetStartForm(String authenticatedActorId, Int64 processDefinitionId, DbSession dbSession)
{
IAuthorizationHandler authorizationHandler = GetHandlerFromProcessDefinitionId(processDefinitionId, dbSession);
if (authorizationHandler != null)
{
authorizationHandler.CheckGetStartForm(authenticatedActorId, processDefinitionId);
}
}
public void CheckCancelFlow(String authenticatedActorId, Int64 flowId, DbSession dbSession)
{
IAuthorizationHandler authorizationHandler = GetHandlerFromFlowId(flowId, dbSession);
if (authorizationHandler != null)
{
authorizationHandler.CheckCancelFlow(authenticatedActorId, flowId);
}
}
protected RetryableApiClient(HttpClient client,
IAuthorizationHandler authorizationHandler,
int maxAttempts = DEFAULT_MAX_RETRIES,
int exceptionRetryDelayMs = DEFAULT_RETRY_MS)
{
_client = client;
_authorizationHandler = authorizationHandler;
_maxAttempts = maxAttempts;
_exceptionRetryDelayMs = exceptionRetryDelayMs;
}
/**
* Assert that the given handler succeeds when a user has any of the "claimsExpectedToSucceed", and is tested
* against the supplied entity, and fails otherwise
*/
public static void AssertHandlerSucceedsWithCorrectClaims <TEntity, TRequirement>(
IAuthorizationHandler handler,
TEntity entity,
params SecurityClaimTypes[] claimsExpectedToSucceed)
where TRequirement : IAuthorizationRequirement
{
var scenarios = GetClaimTestScenarios(entity, claimsExpectedToSucceed);
scenarios.ForEach(scenario => AssertHandlerHandlesScenarioSuccessfully <TEntity, TRequirement>(handler, scenario));
}
private IAuthorizationHandler GetAuthorizationHandler(ProcessDefinitionImpl processDefinition)
{
IAuthorizationHandler authorizationHandler = null;
DelegationImpl delegation = processDefinition.AuthorizationDelegation;
if (delegation != null)
{
authorizationHandler = (IAuthorizationHandler)delegation.GetDelegate();
}
return(authorizationHandler);
}
public static async Task AssertHandlerSucceedsWithCorrectClaims <TRequirement>(
IAuthorizationHandler handler,
params SecurityClaimTypes[] claimsExpectedToSucceed)
where TRequirement : IAuthorizationRequirement
{
var scenarios = GetClaimTestScenarios(null, claimsExpectedToSucceed);
await scenarios
.ToAsyncEnumerable()
.ForEachAwaitAsync(scenario =>
AssertHandlerHandlesScenarioSuccessfully <TRequirement>(handler, scenario));
}
/**
* Assert that the given handler succeeds when a user has any of the "claimsExpectedToSucceed" and is tested
* against an arbitrary Release, and fails otherwise
*/
public static void AssertReleaseHandlerSucceedsWithCorrectClaims <TRequirement>(
IAuthorizationHandler handler,
params SecurityClaimTypes[] claimsExpectedToSucceed)
where TRequirement : IAuthorizationRequirement
{
var release = new Release
{
Id = Guid.NewGuid()
};
AssertReleaseHandlerSucceedsWithCorrectClaims <TRequirement>(handler, release, claimsExpectedToSucceed);
}
public AuthorizationService(
IAuthorizationHandler authorizationHandler,
IEnumerable <OperationAuthorizationRequirement> requirements,
T resource,
ClaimsPrincipal user
)
{
this.authorizationHandler = authorizationHandler;
this.requirements = requirements;
this.resource = resource;
this.user = user;
}
public ContractMethodInvocationHandler(
IContractImplementationResolver contractImplementationResolver,
IAuthorizationContextProvider authorizationContextProvider,
IAuthorizationHandler authorizationHandler,
IEnumerable <IInvocationSerializer> invocationSerializers,
IMethodInvoker methodInvoker)
{
this.contractImplementationResolver = contractImplementationResolver;
this.authorizationContextProvider = authorizationContextProvider;
this.authorizationHandler = authorizationHandler;
this.methodInvoker = methodInvoker;
this.invocationSerializers = invocationSerializers.ToDictionary(x => x.MediaType);
}
/// <summary>
/// Initializes a new instance of the <see cref="AuthorizationContextState"/> class.
/// </summary>
/// <param name="authorizationStore">The <see cref="IAuthorizationStore"/>.</param>
/// <param name="authorizationHandler">The <see cref="IAuthorizationHandler"/>.</param>
/// <exception cref="ArgumentNullException">The value of '<paramref name="authorizationHandler"/>' and '<paramref name="authorizationStore"/>' cannot be null. </exception>
protected AuthorizationContextState([NotNull] IAuthorizationStore authorizationStore, [NotNull] IAuthorizationHandler authorizationHandler)
{
if (authorizationStore == null)
{
throw new ArgumentNullException(nameof(authorizationStore));
}
if (authorizationHandler == null)
{
throw new ArgumentNullException(nameof(authorizationHandler));
}
this.AuthorizationStore = authorizationStore;
this.AuthorizationHandler = authorizationHandler;
}
private static IAuthorizationService GetAuthorizationService(AuthorizationOptions options, IAuthorizationPolicyProvider policyProvider)
{
Debug.Assert(options != null, "options != null");
Debug.Assert(options.Dependencies != null, "options.Dependencies != null");
if (options.Dependencies.Service != null)
{
return(options.Dependencies.Service);
}
var handlers = new IAuthorizationHandler[] { new PassThroughAuthorizationHandler() };
var logger = GetLogger(options);
return(new DefaultAuthorizationService(policyProvider, handlers, logger));
}
/// <summary>
/// Returns a new mock server.
/// Host will be <see cref="DefaultAuthHandler"/> and Port will be <see cref="DefaultPort"/>.
/// <para>Received logs will be stored in <see cref="GloutonServerMock.ListLog"/>.
/// This server won't have handlers support.
/// To get a server with handlers, please use <see cref="DefaultGloutonServer"/> instead.</para>
/// </summary>
/// <param name="authorizationHandler">The authorization handler. If null, <see cref="DefaultAuthHandler"/> will be used.</param>
/// <param name="userCertificateValidationCallback">The user certification callback. Can be null.</param>
/// <returns></returns>
internal static GloutonServerMock DefaultMockServer
(
IAuthorizationHandler authorizationHandler = null,
RemoteCertificateValidationCallback userCertificateValidationCallback = null
)
{
return(new GloutonServerMock
(
DefaultHost,
DefaultPort,
authorizationHandler ?? DefaultAuthHandler,
null,
userCertificateValidationCallback
));
}
public AuthorizationSection(
string policyName,
string claimName,
string friendlyName,
bool requiresAdminPermissions,
IAuthorizationRequirement requirement,
IAuthorizationHandler handler)
{
this.PolicyName = policyName;
this.ClaimType = claimName;
this.FriendlyName = friendlyName;
this.RequiresAdminPermissions = requiresAdminPermissions;
this.Requirement = requirement;
this.Handler = handler;
}
/// <summary>
/// Returns a new Glouton Server.
/// Host will be <see cref="DefaultHost"/> and port will be <see cref="DefaultPort"/>.
/// </summary>
/// <param name="activityMonitor"> The activity monitor used by server and its handler. If null, it will instantiate a new one.</param>
/// <param name="authorizationHandler">The authorization handler. If null, <see cref="DefaultAuthHandler"/> will be used.</param>
/// <param name="userCertificateValidationCallback">The user certification callback. Can be null.</param>
/// <returns></returns>
internal static GloutonServer DefaultGloutonServer
(
IActivityMonitor activityMonitor = null,
IAuthorizationHandler authorizationHandler = null,
RemoteCertificateValidationCallback userCertificateValidationCallback = null
)
{
return(new GloutonServer(
DefaultHost,
DefaultPort,
activityMonitor ?? new ActivityMonitor(),
authorizationHandler ?? DefaultAuthHandler,
null,
userCertificateValidationCallback
));
}
public RemoteServiceExecutor(IClientServiceDiscovery serviceDiscovery, IAddressSelector addressSelector,
IServiceTokenGetter serviceTokenGetter, ITransportClientFactory transportClientFactory,
ITypeConvertProvider typeConvertProvider, ILogger logger, ISerializer serializer,
IAuthorizationHandler authorizationHandler = null, ICache <string, List <ServerAddress> > cache = null, int retryTimes = -1)
{
_serviceDiscovery = serviceDiscovery;
_addressSelector = addressSelector;
_transportClientFactory = transportClientFactory;
_typeConvertProvider = typeConvertProvider;
_serviceTokenGetter = serviceTokenGetter;
_authorizationHandler = authorizationHandler;
_cache = cache;
_logger = logger;
_retryTimes = retryTimes;
_serializer = serializer;
}
public void Add(string authorizationScheme, IAuthorizationHandler handler)
{
authorizationScheme = authorizationScheme.ToLower();
Handlers.Add(authorizationScheme, handler);
}