Complete the user-roles authorization API of SDK;

source/base/src/main/java/com/jd/blockchain/consts/DataCodes.java

@@ -59,7 +59,7 @@ public interface DataCodes {
 	
 	public static final int TX_OP_ROLE_CONFIGURE_ENTRY = 0x371;
 	
-	public static final int TX_OP_USER_ROLE_AUTHORIZE = 0x372;
+	public static final int TX_OP_USER_ROLES_AUTHORIZE = 0x372;
 	
 	public static final int TX_OP_USER_ROLE_AUTHORIZE_ENTRY = 0x373;
 

source/ledger/ledger-model/src/main/java/com/jd/blockchain/ledger/UserRoleAuthorizeOperation.java → source/ledger/ledger-model/src/main/java/com/jd/blockchain/ledger/UserAuthorizeOperation.java

@@ -12,42 +12,46 @@ import com.jd.blockchain.utils.Bytes;
  * @author huanghaiquan
  *
  */
-@DataContract(code = DataCodes.TX_OP_USER_ROLE_AUTHORIZE)
-public interface UserRoleAuthorizeOperation extends Operation {
+@DataContract(code = DataCodes.TX_OP_USER_ROLES_AUTHORIZE)
+public interface UserAuthorizeOperation extends Operation {
 
 	@DataField(order = 2, refContract = true, list = true)
-	UserRoleAuthEntry[] getUserRoleAuthorizations();
+	UserRolesEntry[] getUserRolesAuthorizations();
 
 	@DataContract(code = DataCodes.TX_OP_USER_ROLE_AUTHORIZE_ENTRY)
-	public static interface UserRoleAuthEntry {
+	public static interface UserRolesEntry {
 
+		/**
+		 * 用户地址；
+		 * 
+		 * @return
+		 */
 		@DataField(order = 0, primitiveType = PrimitiveType.BYTES)
 		Bytes getUserAddress();
 
-		@DataField(order = 2, primitiveType = PrimitiveType.INT64)
-		long getExplectedVersion();
-		
 		/**
 		 * 要更新的多角色权限策略；
+		 * 
 		 * @return
 		 */
-		RolesPolicy getRolesPolicy();
+		@DataField(order = 2, refEnum = true)
+		RolesPolicy getPolicy();
 
 		/**
 		 * 授权的角色清单；
 		 * 
 		 * @return
 		 */
-		@DataField(order = 1, primitiveType = PrimitiveType.TEXT)
-		String[] getAuthRoles();
-		
+		@DataField(order = 3, primitiveType = PrimitiveType.TEXT, list = true)
+		String[] getAuthorizedRoles();
+
 		/**
 		 * 取消授权的角色清单；
 		 * 
 		 * @return
 		 */
-		@DataField(order = 1, primitiveType = PrimitiveType.TEXT)
-		String[] getUnauthRoles();
+		@DataField(order = 4, primitiveType = PrimitiveType.TEXT, list = true)
+		String[] getUnauthorizedRoles();
 
 	}
 }

source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/BlockchainOperationFactory.java

@@ -175,7 +175,12 @@ public class BlockchainOperationFactory implements ClientOperator, LedgerInitOpe
 			return rolesConfigurer;
 		}
 		
-		
+		@Override
+		public UserAuthorizer authorziations() {
+			UserAuthorizer userAuthorizer = SECURITY_OP_BUILDER.authorziations();
+			operationList.add(userAuthorizer.getOperation());
+			return userAuthorizer;
+		}
 	}
 
 	private class DataAccountRegisterOperationBuilderFilter implements DataAccountRegisterOperationBuilder {

source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/PreparedTx.java

@@ -7,13 +7,8 @@ import java.util.Comparator;
 
 import org.springframework.cglib.proxy.UndeclaredThrowableException;
 
-import com.jd.blockchain.binaryproto.BinaryProtocol;
 import com.jd.blockchain.crypto.AsymmetricKeypair;
-import com.jd.blockchain.crypto.Crypto;
 import com.jd.blockchain.crypto.HashDigest;
-import com.jd.blockchain.crypto.PrivKey;
-import com.jd.blockchain.crypto.SignatureDigest;
-import com.jd.blockchain.crypto.SignatureFunction;
 import com.jd.blockchain.ledger.DigitalSignature;
 import com.jd.blockchain.ledger.OperationResult;
 import com.jd.blockchain.ledger.PreparedTransaction;

source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/RolePrivilegeConfigurer.java

@@ -3,7 +3,7 @@ package com.jd.blockchain.transaction;
 import com.jd.blockchain.ledger.LedgerPermission;
 import com.jd.blockchain.ledger.TransactionPermission;
 
-public interface RolePrivilegeConfigurer {
+public interface RolePrivilegeConfigurer extends RolesConfigure {
 	
 	String getRoleName();
 	
@@ -15,5 +15,4 @@ public interface RolePrivilegeConfigurer {
 
 	RolePrivilegeConfigurer enable(LedgerPermission... permissions);
 
-	RolePrivilegeConfigurer configure(String roleName);
 }

source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/RolesConfigure.java

@@ -0,0 +1,7 @@
+package com.jd.blockchain.transaction;
+
+public interface RolesConfigure {
+
+	RolePrivilegeConfigurer configure(String roleName);
+
+}

source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/RolesConfigurer.java

@@ -2,10 +2,8 @@ package com.jd.blockchain.transaction;
 
 import com.jd.blockchain.ledger.RolesConfigureOperation;
 
-public interface RolesConfigurer {
+public interface RolesConfigurer extends RolesConfigure {
 	
 	RolesConfigureOperation getOperation();
-	
-	RolePrivilegeConfigurer configure(String roleName);
 
 }

source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/SecurityOperationBuilder.java

@@ -3,14 +3,17 @@ package com.jd.blockchain.transaction;
 public interface SecurityOperationBuilder {
 
 	/**
-	 * 注册；
+	 * 配置角色；
 	 * 
-	 * @param id
-	 *            区块链身份；
-	 * @param stateType
-	 *            负载类型；
 	 * @return
 	 */
 	RolesConfigurer roles();
 
+	/**
+	 * 授权用户；
+	 * 
+	 * @return
+	 */
+	UserAuthorizer authorziations();
+
 }

source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/SecurityOperationBuilderImpl.java

@@ -7,4 +7,9 @@ public class SecurityOperationBuilderImpl implements SecurityOperationBuilder{
 		return new RolesConfigureOpTemplate();
 	}
 
+	@Override
+	public UserAuthorizer authorziations() {
+		return new UserAuthorizeOpTemplate();
+	}
+
 }

source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/TxRequestBuilder.java

@@ -7,9 +7,6 @@ import com.jd.blockchain.binaryproto.BinaryProtocol;
 import com.jd.blockchain.crypto.AsymmetricKeypair;
 import com.jd.blockchain.crypto.Crypto;
 import com.jd.blockchain.crypto.HashDigest;
-import com.jd.blockchain.crypto.PrivKey;
-import com.jd.blockchain.crypto.PubKey;
-import com.jd.blockchain.crypto.SignatureDigest;
 import com.jd.blockchain.ledger.DigitalSignature;
 import com.jd.blockchain.ledger.NodeRequest;
 import com.jd.blockchain.ledger.TransactionContent;

source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/UserAuthorize.java

@@ -0,0 +1,12 @@
+package com.jd.blockchain.transaction;
+
+import com.jd.blockchain.ledger.BlockchainIdentity;
+import com.jd.blockchain.utils.Bytes;
+
+public interface UserAuthorize {
+
+	UserRolesAuthorizer forUser(BlockchainIdentity userId);
+
+	UserRolesAuthorizer forUser(Bytes userAddress);
+
+}

source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/UserAuthorizeOpTemplate.java

@@ -0,0 +1,131 @@
+package com.jd.blockchain.transaction;
+
+import java.util.Collections;
+import java.util.LinkedHashMap;
+import java.util.LinkedHashSet;
+import java.util.Map;
+import java.util.Set;
+
+import com.jd.blockchain.binaryproto.DataContractRegistry;
+import com.jd.blockchain.ledger.BlockchainIdentity;
+import com.jd.blockchain.ledger.RolesPolicy;
+import com.jd.blockchain.ledger.SecurityUtils;
+import com.jd.blockchain.ledger.UserAuthorizeOperation;
+import com.jd.blockchain.ledger.UserRegisterOperation;
+import com.jd.blockchain.utils.ArrayUtils;
+import com.jd.blockchain.utils.Bytes;
+
+public class UserAuthorizeOpTemplate implements UserAuthorizer, UserAuthorizeOperation {
+
+	static {
+		DataContractRegistry.register(UserRegisterOperation.class);
+	}
+
+	private Map<Bytes, UserRolesAuthorization> userAuthMap = Collections
+			.synchronizedMap(new LinkedHashMap<Bytes, UserRolesAuthorization>());
+
+	public UserAuthorizeOpTemplate() {
+	}
+
+	public UserAuthorizeOpTemplate(BlockchainIdentity userID) {
+	}
+
+	@Override
+	public UserRolesAuthorization[] getUserRolesAuthorizations() {
+		return ArrayUtils.toArray(userAuthMap.values(), UserRolesAuthorization.class);
+	}
+
+	@Override
+	public UserAuthorizeOperation getOperation() {
+		return this;
+	}
+
+	@Override
+	public UserRolesAuthorizer forUser(Bytes userAddress) {
+		UserRolesAuthorization userRolesAuth = userAuthMap.get(userAddress);
+		if (userRolesAuth == null) {
+			userRolesAuth = new UserRolesAuthorization(userAddress);
+			userAuthMap.put(userAddress, userRolesAuth);
+		}
+		return userRolesAuth;
+	}
+
+	@Override
+	public UserRolesAuthorizer forUser(BlockchainIdentity userId) {
+		return forUser(userId.getAddress());
+	}
+
+	private class UserRolesAuthorization implements UserRolesAuthorizer, UserRolesEntry {
+
+		private Bytes userAddress;
+
+		private RolesPolicy policy = RolesPolicy.UNION;
+
+		private Set<String> authRoles = new LinkedHashSet<String>();
+		private Set<String> unauthRoles = new LinkedHashSet<String>();
+
+		private UserRolesAuthorization(Bytes userAddress) {
+			this.userAddress = userAddress;
+		}
+
+		@Override
+		public Bytes getUserAddress() {
+			return userAddress;
+		}
+
+		@Override
+		public RolesPolicy getPolicy() {
+			return policy;
+		}
+
+		@Override
+		public String[] getAuthorizedRoles() {
+			return ArrayUtils.toArray(authRoles, String.class);
+		}
+
+		@Override
+		public String[] getUnauthorizedRoles() {
+			return ArrayUtils.toArray(unauthRoles, String.class);
+		}
+
+		@Override
+		public UserRolesAuthorizer setPolicy(RolesPolicy policy) {
+			this.policy = policy;
+			return this;
+		}
+
+		@Override
+		public UserRolesAuthorizer authorize(String... roles) {
+			String roleName;
+			for (String r : roles) {
+				roleName = SecurityUtils.formatRoleName(r);
+				authRoles.add(roleName);
+				unauthRoles.remove(roleName);
+			}
+
+			return this;
+		}
+
+		@Override
+		public UserRolesAuthorizer unauthorize(String... roles) {
+			String roleName;
+			for (String r : roles) {
+				roleName = SecurityUtils.formatRoleName(r);
+				unauthRoles.add(roleName);
+				authRoles.remove(roleName);
+			}
+
+			return this;
+		}
+
+		@Override
+		public UserRolesAuthorizer forUser(BlockchainIdentity userId) {
+			return UserAuthorizeOpTemplate.this.forUser(userId);
+		}
+
+		@Override
+		public UserRolesAuthorizer forUser(Bytes userAddress) {
+			return UserAuthorizeOpTemplate.this.forUser(userAddress);
+		}
+	}
+}

source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/UserAuthorizer.java

@@ -0,0 +1,9 @@
+package com.jd.blockchain.transaction;
+
+import com.jd.blockchain.ledger.UserAuthorizeOperation;
+
+public interface UserAuthorizer extends UserAuthorize {
+	
+	UserAuthorizeOperation getOperation();
+	
+}

source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/UserRoleAuthorizeOpTemplate.java

@@ -1,93 +0,0 @@
-package com.jd.blockchain.transaction;
-
-import java.util.Collection;
-import java.util.LinkedHashMap;
-import java.util.LinkedHashSet;
-import java.util.Map;
-import java.util.Set;
-
-import com.jd.blockchain.binaryproto.DataContractRegistry;
-import com.jd.blockchain.ledger.BlockchainIdentity;
-import com.jd.blockchain.ledger.RolesPolicy;
-import com.jd.blockchain.ledger.UserRegisterOperation;
-import com.jd.blockchain.ledger.UserRoleAuthorizeOperation;
-import com.jd.blockchain.utils.ArrayUtils;
-import com.jd.blockchain.utils.Bytes;
-
-public class UserRoleAuthorizeOpTemplate implements UserRoleAuthorizeOperation {
-
-	static {
-		DataContractRegistry.register(UserRegisterOperation.class);
-	}
-
-	private Map<Bytes, UserRoleAuthConfig> rolesMap = new LinkedHashMap<Bytes, UserRoleAuthConfig>();
-
-	public UserRoleAuthorizeOpTemplate() {
-	}
-
-	public UserRoleAuthorizeOpTemplate(BlockchainIdentity userID) {
-	}
-
-	@Override
-	public UserRoleAuthConfig[] getUserRoleAuthorizations() {
-		return ArrayUtils.toArray(rolesMap.values(), UserRoleAuthConfig.class);
-	}
-
-	public static class UserRoleAuthConfig implements UserRoleAuthEntry {
-
-		private Bytes userAddress;
-
-		private long expectedVersion;
-
-		private RolesPolicy rolePolicy;
-
-		private Set<String> authRoles = new LinkedHashSet<String>();
-		private Set<String> unauthRoles = new LinkedHashSet<String>();
-
-		private UserRoleAuthConfig(Bytes userAddress, long expectedVersion) {
-			this.userAddress = userAddress;
-			
-		}
-
-		@Override
-		public Bytes getUserAddress() {
-			return userAddress;
-		}
-
-		@Override
-		public long getExplectedVersion() {
-			return expectedVersion;
-		}
-
-		@Override
-		public RolesPolicy getRolesPolicy() {
-			return rolePolicy;
-		}
-
-		@Override
-		public String[] getAuthRoles() {
-			return ArrayUtils.toArray(authRoles, String.class);
-		}
-
-		@Override
-		public String[] getUnauthRoles() {
-			return ArrayUtils.toArray(unauthRoles, String.class);
-		}
-
-		public UserRoleAuthConfig authorize(String... roles) {
-			Collection<String> roleList = ArrayUtils.asList(roles);
-			authRoles.addAll(roleList);
-			unauthRoles.removeAll(roleList);
-
-			return this;
-		}
-
-		public UserRoleAuthConfig unauthorize(String... roles) {
-			Collection<String> roleList = ArrayUtils.asList(roles);
-			unauthRoles.addAll(roleList);
-			authRoles.removeAll(roleList);
-
-			return this;
-		}
-	}
-}

source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/UserRolesAuthorizer.java

@@ -0,0 +1,13 @@
+package com.jd.blockchain.transaction;
+
+import com.jd.blockchain.ledger.RolesPolicy;
+
+public interface UserRolesAuthorizer extends UserAuthorize {
+	
+	UserRolesAuthorizer authorize(String... roles);
+
+	UserRolesAuthorizer unauthorize(String... roles);
+
+	UserRolesAuthorizer setPolicy(RolesPolicy rolePolicy);
+
+}

source/sdk/sdk-samples/src/main/java/com/jd/blockchain/sdk/samples/SDKDemo_ConfigureSecurity.java

@@ -66,11 +66,19 @@ public class SDKDemo_ConfigureSecurity {
 		// 注册
 		txTemp.users().register(user.getIdentity());
 
-		txTemp.security().roles().configure("ADMIN")
+		txTemp.security().roles()
+			.configure("ADMIN")
 				.enable(LedgerPermission.REGISTER_USER, LedgerPermission.REGISTER_DATA_ACCOUNT)
-				.enable(TransactionPermission.DIRECT_OPERATION).configure("GUEST")
+				.enable(TransactionPermission.DIRECT_OPERATION)
+			.configure("GUEST")
 				.enable(TransactionPermission.CONTRACT_OPERATION);
 
+		txTemp.security().authorziations()
+			.forUser(user.getIdentity())
+				.authorize("ADMIN", "MANAGER")
+			.forUser(CLIENT_CERT.getAddress())
+				.authorize("GUEST");
+
 		// TX 准备就绪；
 		PreparedTransaction prepTx = txTemp.prepare();