diff --git a/ch.eitchnet.privilege b/ch.eitchnet.privilege index 3f7636428..2607bbef3 160000 --- a/ch.eitchnet.privilege +++ b/ch.eitchnet.privilege @@ -1 +1 @@ -Subproject commit 3f7636428d460b37f1a5cb02144b41c0376be433 +Subproject commit 2607bbef3fc7df863548820665d8ed133e524c39 diff --git a/li.strolch.rest/src/main/java/li/strolch/rest/StrolchRestfulConstants.java b/li.strolch.rest/src/main/java/li/strolch/rest/StrolchRestfulConstants.java index f3e8dfa43..c05b3ac6c 100644 --- a/li.strolch.rest/src/main/java/li/strolch/rest/StrolchRestfulConstants.java +++ b/li.strolch.rest/src/main/java/li/strolch/rest/StrolchRestfulConstants.java @@ -21,5 +21,4 @@ package li.strolch.rest; public class StrolchRestfulConstants { public static final String STROLCH_CERTIFICATE = "strolch.certificate"; //$NON-NLS-1$ - public static final String ROLE_STROLCH_PRIVILEGE_ADMIN = "StrolchPrivilegeAdmin"; } diff --git a/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/PrivilegePoliciesService.java b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/PrivilegePoliciesService.java index a06ce7809..42ddf01d1 100644 --- a/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/PrivilegePoliciesService.java +++ b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/PrivilegePoliciesService.java @@ -30,7 +30,6 @@ import javax.ws.rs.core.Response; import li.strolch.agent.api.ComponentContainer; import li.strolch.rest.RestfulStrolchComponent; import li.strolch.rest.StrolchRestfulConstants; -import ch.eitchnet.privilege.base.AccessDeniedException; import ch.eitchnet.privilege.handler.PrivilegeHandler; import ch.eitchnet.privilege.model.Certificate; import ch.eitchnet.utils.xml.XmlKeyValue; @@ -43,12 +42,7 @@ public class PrivilegePoliciesService { // private static final Logger logger = LoggerFactory.getLogger(PrivilegePoliciesService.class); - private PrivilegeHandler getPrivilegeHandler(Certificate cert, boolean requiresStrolchPrivilegeAdminRole) { - if (requiresStrolchPrivilegeAdminRole && !cert.hasRole(StrolchRestfulConstants.ROLE_STROLCH_PRIVILEGE_ADMIN)) { - throw new AccessDeniedException("You may not perform the request as you are missing role " - + StrolchRestfulConstants.ROLE_STROLCH_PRIVILEGE_ADMIN); - } - + private PrivilegeHandler getPrivilegeHandler(Certificate cert) { ComponentContainer container = RestfulStrolchComponent.getInstance().getContainer(); return container.getPrivilegeHandler().getPrivilegeHandler(cert); } @@ -57,7 +51,7 @@ public class PrivilegePoliciesService { @Produces(MediaType.APPLICATION_JSON) public Response getRoles(@Context HttpServletRequest request) { Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE); - PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true); + PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert); Map policyDefs = privilegeHandler.getPolicyDefs(cert); List values = XmlKeyValue.valueOf(policyDefs); diff --git a/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/PrivilegeRolesService.java b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/PrivilegeRolesService.java index f73671ecc..d606e3da9 100644 --- a/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/PrivilegeRolesService.java +++ b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/PrivilegeRolesService.java @@ -55,12 +55,7 @@ public class PrivilegeRolesService { private static final Logger logger = LoggerFactory.getLogger(PrivilegeRolesService.class); - private PrivilegeHandler getPrivilegeHandler(Certificate cert, boolean requiresStrolchPrivilegeAdminRole) { - if (requiresStrolchPrivilegeAdminRole && !cert.hasRole(StrolchRestfulConstants.ROLE_STROLCH_PRIVILEGE_ADMIN)) { - throw new AccessDeniedException("You may not perform the request as you are missing role " - + StrolchRestfulConstants.ROLE_STROLCH_PRIVILEGE_ADMIN); - } - + private PrivilegeHandler getPrivilegeHandler(Certificate cert) { ComponentContainer container = RestfulStrolchComponent.getInstance().getContainer(); return container.getPrivilegeHandler().getPrivilegeHandler(cert); } @@ -69,7 +64,7 @@ public class PrivilegeRolesService { @Produces(MediaType.APPLICATION_JSON) public Response getRoles(@Context HttpServletRequest request) { Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE); - PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true); + PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert); List roles = privilegeHandler.getRoles(cert); GenericEntity> entity = new GenericEntity>(roles) { @@ -82,7 +77,7 @@ public class PrivilegeRolesService { @Path("{rolename}") public Response getRole(@PathParam("rolename") String rolename, @Context HttpServletRequest request) { Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE); - PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true); + PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert); RoleRep role = privilegeHandler.getRole(cert, rolename); return Response.ok(role, MediaType.APPLICATION_JSON).build(); @@ -95,7 +90,7 @@ public class PrivilegeRolesService { Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE); try { - PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true); + PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert); RoleRep role = privilegeHandler.addRole(cert, newRole); return Response.ok(role, MediaType.APPLICATION_JSON).build(); @@ -123,7 +118,7 @@ public class PrivilegeRolesService { return Response.serverError().entity(new Result("Path rolename and data do not have same role name!")) .type(MediaType.APPLICATION_JSON).build(); - PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true); + PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert); RoleRep role = privilegeHandler.replaceRole(cert, updatedRole); return Response.ok(role, MediaType.APPLICATION_JSON).build(); @@ -146,7 +141,7 @@ public class PrivilegeRolesService { Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE); try { - PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true); + PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert); RoleRep role = privilegeHandler.removeRole(cert, rolename); return Response.ok(role, MediaType.APPLICATION_JSON).build(); @@ -170,7 +165,7 @@ public class PrivilegeRolesService { Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE); try { - PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true); + PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert); RoleRep updatedRole = privilegeHandler.addOrReplacePrivilegeOnRole(cert, rolename, privilegeRep); return Response.ok(updatedRole, MediaType.APPLICATION_JSON).build(); @@ -194,7 +189,7 @@ public class PrivilegeRolesService { Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE); try { - PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true); + PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert); RoleRep updatedRole = privilegeHandler.removePrivilegeFromRole(cert, rolename, privilege); return Response.ok(updatedRole, MediaType.APPLICATION_JSON).build(); diff --git a/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/PrivilegeUsersService.java b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/PrivilegeUsersService.java index e79f86e94..782f17ea3 100644 --- a/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/PrivilegeUsersService.java +++ b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/PrivilegeUsersService.java @@ -15,8 +15,6 @@ */ package li.strolch.rest.endpoint; -import static li.strolch.rest.StrolchRestfulConstants.ROLE_STROLCH_PRIVILEGE_ADMIN; - import java.text.MessageFormat; import java.util.List; import java.util.Locale; @@ -60,12 +58,7 @@ public class PrivilegeUsersService { private static final Logger logger = LoggerFactory.getLogger(PrivilegeUsersService.class); - private PrivilegeHandler getPrivilegeHandler(Certificate cert, boolean requiresStrolchPrivilegeAdminRole) { - if (requiresStrolchPrivilegeAdminRole && !cert.hasRole(ROLE_STROLCH_PRIVILEGE_ADMIN)) { - String msg = "You may not perform the request as you are missing role {0}"; - throw new AccessDeniedException(MessageFormat.format(msg, ROLE_STROLCH_PRIVILEGE_ADMIN)); - } - + private PrivilegeHandler getPrivilegeHandler(Certificate cert) { ComponentContainer container = RestfulStrolchComponent.getInstance().getContainer(); return container.getPrivilegeHandler().getPrivilegeHandler(cert); } @@ -74,7 +67,7 @@ public class PrivilegeUsersService { @Produces(MediaType.APPLICATION_JSON) public Response getUsers(@Context HttpServletRequest request) { Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE); - PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true); + PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert); List users = privilegeHandler.getUsers(cert); GenericEntity> entity = new GenericEntity>(users) { @@ -87,7 +80,7 @@ public class PrivilegeUsersService { @Path("{username}") public Response getUser(@PathParam("username") String username, @Context HttpServletRequest request) { Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE); - PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true); + PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert); UserRep user = privilegeHandler.getUser(cert, username); return Response.ok(user, MediaType.APPLICATION_JSON).build(); @@ -99,7 +92,7 @@ public class PrivilegeUsersService { @Path("query") public Response queryUsers(UserRep query, @Context HttpServletRequest request) { Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE); - PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true); + PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert); List users = privilegeHandler.queryUsers(cert, query); GenericEntity> entity = new GenericEntity>(users) { @@ -114,7 +107,7 @@ public class PrivilegeUsersService { Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE); try { - PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true); + PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert); UserRep user = privilegeHandler.addUser(cert, newUser, null); return Response.ok(user, MediaType.APPLICATION_JSON).build(); @@ -137,7 +130,7 @@ public class PrivilegeUsersService { Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE); try { - PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true); + PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert); UserRep user = privilegeHandler.removeUser(cert, username); return Response.ok(user, MediaType.APPLICATION_JSON).build(); @@ -165,7 +158,7 @@ public class PrivilegeUsersService { return Response.serverError().entity(new Result("Path username and data do not have same username!")) .type(MediaType.APPLICATION_JSON).build(); - PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true); + PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert); UserRep updatedUser = privilegeHandler.updateUser(cert, updatedFields); return Response.ok(updatedUser, MediaType.APPLICATION_JSON).build(); @@ -189,7 +182,7 @@ public class PrivilegeUsersService { Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE); try { - PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true); + PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert); UserRep updatedUser = privilegeHandler.addRoleToUser(cert, username, rolename); return Response.ok(updatedUser, MediaType.APPLICATION_JSON).build(); @@ -213,7 +206,7 @@ public class PrivilegeUsersService { Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE); try { - PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true); + PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert); UserRep updatedUser = privilegeHandler.removeRoleFromUser(cert, username, rolename); return Response.ok(updatedUser, MediaType.APPLICATION_JSON).build(); @@ -244,7 +237,7 @@ public class PrivilegeUsersService { return Response.serverError().entity(new Result(msg)).type(MediaType.APPLICATION_JSON).build(); } - PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true); + PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert); UserRep updatedUser = privilegeHandler.setUserState(cert, username, userState); return Response.ok(updatedUser, MediaType.APPLICATION_JSON).build(); @@ -268,7 +261,7 @@ public class PrivilegeUsersService { try { // if user changing own password, then no need for StrolchPrivilegeAdmin - PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, !cert.getUsername().equals(username)); + PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert); privilegeHandler.setUserPassword(cert, username, passwordField.getPassword().getBytes()); return Response.ok(new Result(), MediaType.APPLICATION_JSON).build(); @@ -301,7 +294,7 @@ public class PrivilegeUsersService { } // if user changing own locale, then no need for StrolchPrivilegeAdmin - PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, !cert.getUsername().equals(username)); + PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert); UserRep updatedUser = privilegeHandler.setUserLocale(cert, username, locale); return Response.ok(updatedUser, MediaType.APPLICATION_JSON).build();