Complete the user-roles authorization API of SDK;

5 years ago · 9c45e48212
--- a/source/base/src/main/java/com/jd/blockchain/consts/DataCodes.java
+++ b/source/base/src/main/java/com/jd/blockchain/consts/DataCodes.java
@@ -59,7 +59,7 @@ public interface DataCodes {
 	
 	public static final int TX_OP_ROLE_CONFIGURE_ENTRY = 0x371;
 	
 	public static final int TX_OP_USER_ROLE_AUTHORIZE = 0x372;
 	public static final int TX_OP_USER_ROLES_AUTHORIZE = 0x372;
 	
 	public static final int TX_OP_USER_ROLE_AUTHORIZE_ENTRY = 0x373;

--- a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/ledger/UserRoleAuthorizeOperation.java
+++ b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/ledger/UserRoleAuthorizeOperation.java
@@ -12,42 +12,46 @@ import com.jd.blockchain.utils.Bytes;
 * @author huanghaiquan
 *
 */
@DataContract(code = DataCodes.TX_OP_USER_ROLE_AUTHORIZE)
 public interface UserRoleAuthorizeOperation extends Operation {
@DataContract(code = DataCodes.TX_OP_USER_ROLES_AUTHORIZE)
 public interface UserAuthorizeOperation extends Operation {

 	@DataField(order = 2, refContract = true, list = true)
 	UserRoleAuthEntry[] getUserRoleAuthorizations();
 	UserRolesEntry[] getUserRolesAuthorizations();

 	@DataContract(code = DataCodes.TX_OP_USER_ROLE_AUTHORIZE_ENTRY)
 	public static interface UserRoleAuthEntry {
 	public static interface UserRolesEntry {

 		/**
 		 * 用户地址；
 		 * 
 		 * @return
 		 */
 		@DataField(order = 0, primitiveType = PrimitiveType.BYTES)
 		Bytes getUserAddress();

 		@DataField(order = 2, primitiveType = PrimitiveType.INT64)
 		long getExplectedVersion();
 		
 		/**
 		 * 要更新的多角色权限策略；
 		 * 
 		 * @return
 		 */
 		RolesPolicy getRolesPolicy();
 		@DataField(order = 2, refEnum = true)
 		RolesPolicy getPolicy();

 		/**
 		 * 授权的角色清单；
 		 * 
 		 * @return
 		 */
 		@DataField(order = 1, primitiveType = PrimitiveType.TEXT)
 		String[] getAuthRoles();
 		
 		@DataField(order = 3, primitiveType = PrimitiveType.TEXT, list = true)
 		String[] getAuthorizedRoles();

 		/**
 		 * 取消授权的角色清单；
 		 * 
 		 * @return
 		 */
 		@DataField(order = 1, primitiveType = PrimitiveType.TEXT)
 		String[] getUnauthRoles();
 		@DataField(order = 4, primitiveType = PrimitiveType.TEXT, list = true)
 		String[] getUnauthorizedRoles();

 	}
 }
--- a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/BlockchainOperationFactory.java
+++ b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/BlockchainOperationFactory.java
@@ -175,7 +175,12 @@ public class BlockchainOperationFactory implements ClientOperator, LedgerInitOpe
 			return rolesConfigurer;
 		}
 		
 		
 		@Override
 		public UserAuthorizer authorziations() {
 			UserAuthorizer userAuthorizer = SECURITY_OP_BUILDER.authorziations();
 			operationList.add(userAuthorizer.getOperation());
 			return userAuthorizer;
 		}
 	}

 	private class DataAccountRegisterOperationBuilderFilter implements DataAccountRegisterOperationBuilder {
--- a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/PreparedTx.java
+++ b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/PreparedTx.java
@@ -7,13 +7,8 @@ import java.util.Comparator;

 import org.springframework.cglib.proxy.UndeclaredThrowableException;

 import com.jd.blockchain.binaryproto.BinaryProtocol;
 import com.jd.blockchain.crypto.AsymmetricKeypair;
 import com.jd.blockchain.crypto.Crypto;
 import com.jd.blockchain.crypto.HashDigest;
 import com.jd.blockchain.crypto.PrivKey;
 import com.jd.blockchain.crypto.SignatureDigest;
 import com.jd.blockchain.crypto.SignatureFunction;
 import com.jd.blockchain.ledger.DigitalSignature;
 import com.jd.blockchain.ledger.OperationResult;
 import com.jd.blockchain.ledger.PreparedTransaction;
--- a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/RolePrivilegeConfigurer.java
+++ b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/RolePrivilegeConfigurer.java
@@ -3,7 +3,7 @@ package com.jd.blockchain.transaction;
 import com.jd.blockchain.ledger.LedgerPermission;
 import com.jd.blockchain.ledger.TransactionPermission;

 public interface RolePrivilegeConfigurer {
 public interface RolePrivilegeConfigurer extends RolesConfigure {
 	
 	String getRoleName();
 	
@@ -15,5 +15,4 @@ public interface RolePrivilegeConfigurer {

 	RolePrivilegeConfigurer enable(LedgerPermission... permissions);

 	RolePrivilegeConfigurer configure(String roleName);
 }
--- a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/RolesConfigure.java
+++ b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/RolesConfigure.java
@@ -0,0 +1,7 @@
 package com.jd.blockchain.transaction;

 public interface RolesConfigure {

 	RolePrivilegeConfigurer configure(String roleName);

 }
--- a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/RolesConfigurer.java
+++ b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/RolesConfigurer.java
@@ -2,10 +2,8 @@ package com.jd.blockchain.transaction;

 import com.jd.blockchain.ledger.RolesConfigureOperation;

 public interface RolesConfigurer {
 public interface RolesConfigurer extends RolesConfigure {
 	
 	RolesConfigureOperation getOperation();
 	
 	RolePrivilegeConfigurer configure(String roleName);

 }
--- a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/SecurityOperationBuilder.java
+++ b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/SecurityOperationBuilder.java
@@ -3,14 +3,17 @@ package com.jd.blockchain.transaction;
 public interface SecurityOperationBuilder {

 	/**
 	 * 注册；
 	 * 配置角色；
 	 * 
 	 * @param id
 	 *            区块链身份；
 	 * @param stateType
 	 *            负载类型；
 	 * @return
 	 */
 	RolesConfigurer roles();

 	/**
 	 * 授权用户；
 	 * 
 	 * @return
 	 */
 	UserAuthorizer authorziations();

 }
--- a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/SecurityOperationBuilderImpl.java
+++ b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/SecurityOperationBuilderImpl.java
@@ -7,4 +7,9 @@ public class SecurityOperationBuilderImpl implements SecurityOperationBuilder{
 		return new RolesConfigureOpTemplate();
 	}

 	@Override
 	public UserAuthorizer authorziations() {
 		return new UserAuthorizeOpTemplate();
 	}

 }
--- a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/TxRequestBuilder.java
+++ b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/TxRequestBuilder.java
@@ -7,9 +7,6 @@ import com.jd.blockchain.binaryproto.BinaryProtocol;
 import com.jd.blockchain.crypto.AsymmetricKeypair;
 import com.jd.blockchain.crypto.Crypto;
 import com.jd.blockchain.crypto.HashDigest;
 import com.jd.blockchain.crypto.PrivKey;
 import com.jd.blockchain.crypto.PubKey;
 import com.jd.blockchain.crypto.SignatureDigest;
 import com.jd.blockchain.ledger.DigitalSignature;
 import com.jd.blockchain.ledger.NodeRequest;
 import com.jd.blockchain.ledger.TransactionContent;
--- a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/UserAuthorize.java
+++ b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/UserAuthorize.java
@@ -0,0 +1,12 @@
 package com.jd.blockchain.transaction;

 import com.jd.blockchain.ledger.BlockchainIdentity;
 import com.jd.blockchain.utils.Bytes;

 public interface UserAuthorize {

 	UserRolesAuthorizer forUser(BlockchainIdentity userId);

 	UserRolesAuthorizer forUser(Bytes userAddress);

 }
--- a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/UserAuthorizeOpTemplate.java
+++ b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/UserAuthorizeOpTemplate.java
@@ -0,0 +1,131 @@
 package com.jd.blockchain.transaction;

 import java.util.Collections;
 import java.util.LinkedHashMap;
 import java.util.LinkedHashSet;
 import java.util.Map;
 import java.util.Set;

 import com.jd.blockchain.binaryproto.DataContractRegistry;
 import com.jd.blockchain.ledger.BlockchainIdentity;
 import com.jd.blockchain.ledger.RolesPolicy;
 import com.jd.blockchain.ledger.SecurityUtils;
 import com.jd.blockchain.ledger.UserAuthorizeOperation;
 import com.jd.blockchain.ledger.UserRegisterOperation;
 import com.jd.blockchain.utils.ArrayUtils;
 import com.jd.blockchain.utils.Bytes;

 public class UserAuthorizeOpTemplate implements UserAuthorizer, UserAuthorizeOperation {

 	static {
 		DataContractRegistry.register(UserRegisterOperation.class);
 	}

 	private Map<Bytes, UserRolesAuthorization> userAuthMap = Collections
 			.synchronizedMap(new LinkedHashMap<Bytes, UserRolesAuthorization>());

 	public UserAuthorizeOpTemplate() {
 	}

 	public UserAuthorizeOpTemplate(BlockchainIdentity userID) {
 	}

 	@Override
 	public UserRolesAuthorization[] getUserRolesAuthorizations() {
 		return ArrayUtils.toArray(userAuthMap.values(), UserRolesAuthorization.class);
 	}

 	@Override
 	public UserAuthorizeOperation getOperation() {
 		return this;
 	}

 	@Override
 	public UserRolesAuthorizer forUser(Bytes userAddress) {
 		UserRolesAuthorization userRolesAuth = userAuthMap.get(userAddress);
 		if (userRolesAuth == null) {
 			userRolesAuth = new UserRolesAuthorization(userAddress);
 			userAuthMap.put(userAddress, userRolesAuth);
 		}
 		return userRolesAuth;
 	}

 	@Override
 	public UserRolesAuthorizer forUser(BlockchainIdentity userId) {
 		return forUser(userId.getAddress());
 	}

 	private class UserRolesAuthorization implements UserRolesAuthorizer, UserRolesEntry {

 		private Bytes userAddress;

 		private RolesPolicy policy = RolesPolicy.UNION;

 		private Set<String> authRoles = new LinkedHashSet<String>();
 		private Set<String> unauthRoles = new LinkedHashSet<String>();

 		private UserRolesAuthorization(Bytes userAddress) {
 			this.userAddress = userAddress;
 		}

 		@Override
 		public Bytes getUserAddress() {
 			return userAddress;
 		}

 		@Override
 		public RolesPolicy getPolicy() {
 			return policy;
 		}

 		@Override
 		public String[] getAuthorizedRoles() {
 			return ArrayUtils.toArray(authRoles, String.class);
 		}

 		@Override
 		public String[] getUnauthorizedRoles() {
 			return ArrayUtils.toArray(unauthRoles, String.class);
 		}

 		@Override
 		public UserRolesAuthorizer setPolicy(RolesPolicy policy) {
 			this.policy = policy;
 			return this;
 		}

 		@Override
 		public UserRolesAuthorizer authorize(String... roles) {
 			String roleName;
 			for (String r : roles) {
 				roleName = SecurityUtils.formatRoleName(r);
 				authRoles.add(roleName);
 				unauthRoles.remove(roleName);
 			}

 			return this;
 		}

 		@Override
 		public UserRolesAuthorizer unauthorize(String... roles) {
 			String roleName;
 			for (String r : roles) {
 				roleName = SecurityUtils.formatRoleName(r);
 				unauthRoles.add(roleName);
 				authRoles.remove(roleName);
 			}

 			return this;
 		}

 		@Override
 		public UserRolesAuthorizer forUser(BlockchainIdentity userId) {
 			return UserAuthorizeOpTemplate.this.forUser(userId);
 		}

 		@Override
 		public UserRolesAuthorizer forUser(Bytes userAddress) {
 			return UserAuthorizeOpTemplate.this.forUser(userAddress);
 		}
 	}
 }
--- a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/UserAuthorizer.java
+++ b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/UserAuthorizer.java
@@ -0,0 +1,9 @@
 package com.jd.blockchain.transaction;

 import com.jd.blockchain.ledger.UserAuthorizeOperation;

 public interface UserAuthorizer extends UserAuthorize {
 	
 	UserAuthorizeOperation getOperation();
 	
 }
--- a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/UserRoleAuthorizeOpTemplate.java
+++ b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/UserRoleAuthorizeOpTemplate.java
@@ -1,93 +0,0 @@
 package com.jd.blockchain.transaction;

 import java.util.Collection;
 import java.util.LinkedHashMap;
 import java.util.LinkedHashSet;
 import java.util.Map;
 import java.util.Set;

 import com.jd.blockchain.binaryproto.DataContractRegistry;
 import com.jd.blockchain.ledger.BlockchainIdentity;
 import com.jd.blockchain.ledger.RolesPolicy;
 import com.jd.blockchain.ledger.UserRegisterOperation;
 import com.jd.blockchain.ledger.UserRoleAuthorizeOperation;
 import com.jd.blockchain.utils.ArrayUtils;
 import com.jd.blockchain.utils.Bytes;

 public class UserRoleAuthorizeOpTemplate implements UserRoleAuthorizeOperation {

 	static {
 		DataContractRegistry.register(UserRegisterOperation.class);
 	}

 	private Map<Bytes, UserRoleAuthConfig> rolesMap = new LinkedHashMap<Bytes, UserRoleAuthConfig>();

 	public UserRoleAuthorizeOpTemplate() {
 	}

 	public UserRoleAuthorizeOpTemplate(BlockchainIdentity userID) {
 	}

 	@Override
 	public UserRoleAuthConfig[] getUserRoleAuthorizations() {
 		return ArrayUtils.toArray(rolesMap.values(), UserRoleAuthConfig.class);
 	}

 	public static class UserRoleAuthConfig implements UserRoleAuthEntry {

 		private Bytes userAddress;

 		private long expectedVersion;

 		private RolesPolicy rolePolicy;

 		private Set<String> authRoles = new LinkedHashSet<String>();
 		private Set<String> unauthRoles = new LinkedHashSet<String>();

 		private UserRoleAuthConfig(Bytes userAddress, long expectedVersion) {
 			this.userAddress = userAddress;
 			
 		}

 		@Override
 		public Bytes getUserAddress() {
 			return userAddress;
 		}

 		@Override
 		public long getExplectedVersion() {
 			return expectedVersion;
 		}

 		@Override
 		public RolesPolicy getRolesPolicy() {
 			return rolePolicy;
 		}

 		@Override
 		public String[] getAuthRoles() {
 			return ArrayUtils.toArray(authRoles, String.class);
 		}

 		@Override
 		public String[] getUnauthRoles() {
 			return ArrayUtils.toArray(unauthRoles, String.class);
 		}

 		public UserRoleAuthConfig authorize(String... roles) {
 			Collection<String> roleList = ArrayUtils.asList(roles);
 			authRoles.addAll(roleList);
 			unauthRoles.removeAll(roleList);

 			return this;
 		}

 		public UserRoleAuthConfig unauthorize(String... roles) {
 			Collection<String> roleList = ArrayUtils.asList(roles);
 			unauthRoles.addAll(roleList);
 			authRoles.removeAll(roleList);

 			return this;
 		}
 	}
 }
--- a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/UserRolesAuthorizer.java
+++ b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/UserRolesAuthorizer.java
@@ -0,0 +1,13 @@
 package com.jd.blockchain.transaction;

 import com.jd.blockchain.ledger.RolesPolicy;

 public interface UserRolesAuthorizer extends UserAuthorize {
 	
 	UserRolesAuthorizer authorize(String... roles);

 	UserRolesAuthorizer unauthorize(String... roles);

 	UserRolesAuthorizer setPolicy(RolesPolicy rolePolicy);

 }
--- a/source/sdk/sdk-samples/src/main/java/com/jd/blockchain/sdk/samples/SDKDemo_ConfigureSecurity.java
+++ b/source/sdk/sdk-samples/src/main/java/com/jd/blockchain/sdk/samples/SDKDemo_ConfigureSecurity.java
@@ -66,11 +66,19 @@ public class SDKDemo_ConfigureSecurity {
 		// 注册
 		txTemp.users().register(user.getIdentity());

 		txTemp.security().roles().configure("ADMIN")
 		txTemp.security().roles()
 			.configure("ADMIN")
 				.enable(LedgerPermission.REGISTER_USER, LedgerPermission.REGISTER_DATA_ACCOUNT)
 				.enable(TransactionPermission.DIRECT_OPERATION).configure("GUEST")
 				.enable(TransactionPermission.DIRECT_OPERATION)
 			.configure("GUEST")
 				.enable(TransactionPermission.CONTRACT_OPERATION);

 		txTemp.security().authorziations()
 			.forUser(user.getIdentity())
 				.authorize("ADMIN", "MANAGER")
 			.forUser(CLIENT_CERT.getAddress())
 				.authorize("GUEST");

 		// TX 准备就绪；
 		PreparedTransaction prepTx = txTemp.prepare();