diff --git a/ch.eitchnet.privilege b/ch.eitchnet.privilege index 83740b59e..5940a345d 160000 --- a/ch.eitchnet.privilege +++ b/ch.eitchnet.privilege @@ -1 +1 @@ -Subproject commit 83740b59e21e356ac3f4e3439cd038b7f4b9a073 +Subproject commit 5940a345d4f374aede973fb6d218a4199c8bfb4d diff --git a/ch.eitchnet.utils b/ch.eitchnet.utils index 09966937c..07f009b7f 160000 --- a/ch.eitchnet.utils +++ b/ch.eitchnet.utils @@ -1 +1 @@ -Subproject commit 09966937c904113002d09e419c70b5945a761a4c +Subproject commit 07f009b7ff7cba427e4f0508da65f8d9b04db2f4 diff --git a/li.strolch.rest/src/main/java/li/strolch/rest/StrolchRestfulClasses.java b/li.strolch.rest/src/main/java/li/strolch/rest/StrolchRestfulClasses.java index ec43201f4..3da59dfdc 100644 --- a/li.strolch.rest/src/main/java/li/strolch/rest/StrolchRestfulClasses.java +++ b/li.strolch.rest/src/main/java/li/strolch/rest/StrolchRestfulClasses.java @@ -22,6 +22,9 @@ import java.util.Set; import li.strolch.rest.endpoint.AuthenticationService; import li.strolch.rest.endpoint.EnumQuery; import li.strolch.rest.endpoint.Inspector; +import li.strolch.rest.endpoint.PrivilegePoliciesService; +import li.strolch.rest.endpoint.PrivilegeRolesService; +import li.strolch.rest.endpoint.PrivilegeUsersService; import li.strolch.rest.endpoint.VersionQuery; import li.strolch.rest.filters.AccessControlResponseFilter; import li.strolch.rest.filters.AuthenicationRequestFilter; @@ -36,12 +39,19 @@ public class StrolchRestfulClasses { public static Set> providerClasses; static { + Set> restfulClasses = new HashSet<>(); + restfulClasses.add(AuthenticationService.class); restfulClasses.add(Inspector.class); restfulClasses.add(VersionQuery.class); restfulClasses.add(EnumQuery.class); + // privilege + restfulClasses.add(PrivilegeUsersService.class); + restfulClasses.add(PrivilegeRolesService.class); + restfulClasses.add(PrivilegePoliciesService.class); + Set> providerClasses = new HashSet<>(); providerClasses.add(StrolchRestfulExceptionMapper.class); providerClasses.add(AccessControlResponseFilter.class); diff --git a/li.strolch.rest/src/main/java/li/strolch/rest/StrolchRestfulConstants.java b/li.strolch.rest/src/main/java/li/strolch/rest/StrolchRestfulConstants.java index c05b3ac6c..f3e8dfa43 100644 --- a/li.strolch.rest/src/main/java/li/strolch/rest/StrolchRestfulConstants.java +++ b/li.strolch.rest/src/main/java/li/strolch/rest/StrolchRestfulConstants.java @@ -21,4 +21,5 @@ package li.strolch.rest; public class StrolchRestfulConstants { public static final String STROLCH_CERTIFICATE = "strolch.certificate"; //$NON-NLS-1$ + public static final String ROLE_STROLCH_PRIVILEGE_ADMIN = "StrolchPrivilegeAdmin"; } diff --git a/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java index 695532515..750450528 100644 --- a/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java +++ b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java @@ -27,7 +27,6 @@ import javax.ws.rs.Path; import javax.ws.rs.PathParam; import javax.ws.rs.Produces; import javax.ws.rs.core.Context; -import javax.ws.rs.core.GenericEntity; import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; @@ -63,9 +62,6 @@ public class AuthenticationService { public Response login(Login login, @Context HttpHeaders headers) { LoginResult loginResult = new LoginResult(); - GenericEntity entity = new GenericEntity(loginResult, LoginResult.class) { - // - }; try { @@ -102,19 +98,19 @@ public class AuthenticationService { else loginResult.setPrivileges(allowList); - return Response.ok().entity(entity)// + return Response.ok().entity(loginResult)// .header(HttpHeaders.AUTHORIZATION, certificate.getAuthToken())// .build(); } catch (StrolchException | PrivilegeException e) { logger.error(e.getMessage(), e); loginResult.setMsg(MessageFormat.format("Could not log in due to: {0}", e.getMessage())); //$NON-NLS-1$ - return Response.status(Status.FORBIDDEN).entity(entity).build(); + return Response.status(Status.UNAUTHORIZED).entity(loginResult).build(); } catch (Exception e) { logger.error(e.getMessage(), e); String msg = e.getMessage(); loginResult.setMsg(MessageFormat.format("{0}: {1}", e.getClass().getName(), msg)); //$NON-NLS-1$ - return Response.serverError().entity(entity).build(); + return Response.serverError().entity(loginResult).build(); } } diff --git a/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/PrivilegePoliciesService.java b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/PrivilegePoliciesService.java new file mode 100644 index 000000000..a06ce7809 --- /dev/null +++ b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/PrivilegePoliciesService.java @@ -0,0 +1,68 @@ +/* + * Copyright 2013 Robert von Burg + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package li.strolch.rest.endpoint; + +import java.util.List; +import java.util.Map; + +import javax.servlet.http.HttpServletRequest; +import javax.ws.rs.GET; +import javax.ws.rs.Path; +import javax.ws.rs.Produces; +import javax.ws.rs.core.Context; +import javax.ws.rs.core.GenericEntity; +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.Response; + +import li.strolch.agent.api.ComponentContainer; +import li.strolch.rest.RestfulStrolchComponent; +import li.strolch.rest.StrolchRestfulConstants; +import ch.eitchnet.privilege.base.AccessDeniedException; +import ch.eitchnet.privilege.handler.PrivilegeHandler; +import ch.eitchnet.privilege.model.Certificate; +import ch.eitchnet.utils.xml.XmlKeyValue; + +/** + * @author Robert von Burg + */ +@Path("strolch/privilege/policies") +public class PrivilegePoliciesService { + + // private static final Logger logger = LoggerFactory.getLogger(PrivilegePoliciesService.class); + + private PrivilegeHandler getPrivilegeHandler(Certificate cert, boolean requiresStrolchPrivilegeAdminRole) { + if (requiresStrolchPrivilegeAdminRole && !cert.hasRole(StrolchRestfulConstants.ROLE_STROLCH_PRIVILEGE_ADMIN)) { + throw new AccessDeniedException("You may not perform the request as you are missing role " + + StrolchRestfulConstants.ROLE_STROLCH_PRIVILEGE_ADMIN); + } + + ComponentContainer container = RestfulStrolchComponent.getInstance().getContainer(); + return container.getPrivilegeHandler().getPrivilegeHandler(cert); + } + + @GET + @Produces(MediaType.APPLICATION_JSON) + public Response getRoles(@Context HttpServletRequest request) { + Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE); + PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true); + + Map policyDefs = privilegeHandler.getPolicyDefs(cert); + List values = XmlKeyValue.valueOf(policyDefs); + GenericEntity> entity = new GenericEntity>(values) { + }; + return Response.ok(entity, MediaType.APPLICATION_JSON).build(); + } +} diff --git a/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/PrivilegeRolesService.java b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/PrivilegeRolesService.java new file mode 100644 index 000000000..3d4871fa3 --- /dev/null +++ b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/PrivilegeRolesService.java @@ -0,0 +1,258 @@ +/* + * Copyright 2013 Robert von Burg + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package li.strolch.rest.endpoint; + +import java.util.List; + +import javax.servlet.http.HttpServletRequest; +import javax.ws.rs.Consumes; +import javax.ws.rs.DELETE; +import javax.ws.rs.GET; +import javax.ws.rs.POST; +import javax.ws.rs.PUT; +import javax.ws.rs.Path; +import javax.ws.rs.PathParam; +import javax.ws.rs.Produces; +import javax.ws.rs.core.Context; +import javax.ws.rs.core.GenericEntity; +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.Response; +import javax.ws.rs.core.Response.Status; + +import li.strolch.agent.api.ComponentContainer; +import li.strolch.rest.RestfulStrolchComponent; +import li.strolch.rest.StrolchRestfulConstants; +import li.strolch.rest.model.Result; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import ch.eitchnet.privilege.base.AccessDeniedException; +import ch.eitchnet.privilege.base.PrivilegeException; +import ch.eitchnet.privilege.handler.PrivilegeHandler; +import ch.eitchnet.privilege.model.Certificate; +import ch.eitchnet.privilege.model.PrivilegeRep; +import ch.eitchnet.privilege.model.RoleRep; + +/** + * @author Robert von Burg + */ +@Path("strolch/privilege/roles") +public class PrivilegeRolesService { + + private static final Logger logger = LoggerFactory.getLogger(PrivilegeRolesService.class); + + private PrivilegeHandler getPrivilegeHandler(Certificate cert, boolean requiresStrolchPrivilegeAdminRole) { + if (requiresStrolchPrivilegeAdminRole && !cert.hasRole(StrolchRestfulConstants.ROLE_STROLCH_PRIVILEGE_ADMIN)) { + throw new AccessDeniedException("You may not perform the request as you are missing role " + + StrolchRestfulConstants.ROLE_STROLCH_PRIVILEGE_ADMIN); + } + + ComponentContainer container = RestfulStrolchComponent.getInstance().getContainer(); + return container.getPrivilegeHandler().getPrivilegeHandler(cert); + } + + @GET + @Produces(MediaType.APPLICATION_JSON) + public Response getRoles(@Context HttpServletRequest request) { + Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE); + PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true); + + List roles = privilegeHandler.getRoles(cert); + GenericEntity> entity = new GenericEntity>(roles) { + }; + return Response.ok(entity, MediaType.APPLICATION_JSON).build(); + } + + @GET + @Produces(MediaType.APPLICATION_JSON) + @Path("{rolename}") + public Response getRole(@PathParam("rolename") String rolename, @Context HttpServletRequest request) { + Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE); + PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true); + + RoleRep role = privilegeHandler.getRole(cert, rolename); + return Response.ok(role, MediaType.APPLICATION_JSON).build(); + } + + @POST + @Consumes(MediaType.APPLICATION_JSON) + @Produces(MediaType.APPLICATION_JSON) + public Response addRole(RoleRep newRole, @Context HttpServletRequest request) { + Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE); + try { + + PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true); + privilegeHandler.addRole(cert, newRole); + return Response.ok(new Result(), MediaType.APPLICATION_JSON).build(); + + } catch (AccessDeniedException e) { + logger.error(e.getMessage(), e); + return Response.status(Status.UNAUTHORIZED).entity(new Result(e.getMessage())) + .type(MediaType.APPLICATION_JSON).build(); + } catch (PrivilegeException e) { + logger.error(e.getMessage(), e); + return Response.status(Status.FORBIDDEN).entity(new Result(e.getMessage())) + .type(MediaType.APPLICATION_JSON).build(); + } catch (Exception e) { + logger.error(e.getMessage(), e); + return Response.serverError().entity(new Result(e.getMessage())).type(MediaType.APPLICATION_JSON).build(); + } + } + + @PUT + @Consumes(MediaType.APPLICATION_JSON) + @Produces(MediaType.APPLICATION_JSON) + @Path("{rolename}") + public Response replaceRole(@PathParam("rolename") String rolename, RoleRep updatedRole, + @Context HttpServletRequest request) { + Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE); + try { + + if (!rolename.equals(updatedRole.getName())) + return Response.serverError().entity(new Result("Path rolename and data do not have same role name!")) + .type(MediaType.APPLICATION_JSON).build(); + + PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true); + privilegeHandler.replaceRole(cert, updatedRole); + return Response.ok(new Result(), MediaType.APPLICATION_JSON).build(); + + } catch (AccessDeniedException e) { + logger.error(e.getMessage(), e); + return Response.status(Status.UNAUTHORIZED).entity(new Result(e.getMessage())) + .type(MediaType.APPLICATION_JSON).build(); + } catch (PrivilegeException e) { + logger.error(e.getMessage(), e); + return Response.status(Status.FORBIDDEN).entity(new Result(e.getMessage())) + .type(MediaType.APPLICATION_JSON).build(); + } catch (Exception e) { + logger.error(e.getMessage(), e); + return Response.serverError().entity(new Result(e.getMessage())).type(MediaType.APPLICATION_JSON).build(); + } + } + + @DELETE + @Consumes(MediaType.APPLICATION_JSON) + @Produces(MediaType.APPLICATION_JSON) + @Path("{rolename}") + public Response removeRole(@PathParam("rolename") String rolename, @Context HttpServletRequest request) { + Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE); + try { + + PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true); + privilegeHandler.removeRole(cert, rolename); + return Response.ok(new Result(), MediaType.APPLICATION_JSON).build(); + + } catch (AccessDeniedException e) { + logger.error(e.getMessage(), e); + return Response.status(Status.UNAUTHORIZED).entity(new Result(e.getMessage())) + .type(MediaType.APPLICATION_JSON).build(); + } catch (PrivilegeException e) { + logger.error(e.getMessage(), e); + return Response.status(Status.FORBIDDEN).entity(new Result(e.getMessage())) + .type(MediaType.APPLICATION_JSON).build(); + } catch (Exception e) { + logger.error(e.getMessage(), e); + return Response.serverError().entity(new Result(e.getMessage())).type(MediaType.APPLICATION_JSON).build(); + } + } + + @PUT + @Consumes(MediaType.APPLICATION_JSON) + @Produces(MediaType.APPLICATION_JSON) + @Path("{rolename}/privileges") + public Response addOrReplacePrivilegeOnRole(@PathParam("rolename") String rolename, PrivilegeRep privilegeRep, + @Context HttpServletRequest request) { + Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE); + try { + + PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true); + privilegeHandler.addOrReplacePrivilegeOnRole(cert, rolename, privilegeRep); + return Response.ok(new Result(), MediaType.APPLICATION_JSON).build(); + + } catch (AccessDeniedException e) { + logger.error(e.getMessage(), e); + return Response.status(Status.UNAUTHORIZED).entity(new Result(e.getMessage())) + .type(MediaType.APPLICATION_JSON).build(); + } catch (PrivilegeException e) { + logger.error(e.getMessage(), e); + return Response.status(Status.FORBIDDEN).entity(new Result(e.getMessage())) + .type(MediaType.APPLICATION_JSON).build(); + } catch (Exception e) { + logger.error(e.getMessage(), e); + return Response.serverError().entity(new Result(e.getMessage())).type(MediaType.APPLICATION_JSON).build(); + } + } + + @DELETE + @Consumes(MediaType.APPLICATION_JSON) + @Produces(MediaType.APPLICATION_JSON) + @Path("{rolename}/privileges/{privilege}") + public Response removePrivilegeFromRole(@PathParam("rolename") String rolename, + @PathParam("privilege") String privilege, @Context HttpServletRequest request) { + Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE); + try { + + PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true); + privilegeHandler.removePrivilegeFromRole(cert, rolename, privilege); + return Response.ok(new Result(), MediaType.APPLICATION_JSON).build(); + + } catch (AccessDeniedException e) { + logger.error(e.getMessage(), e); + return Response.status(Status.UNAUTHORIZED).entity(new Result(e.getMessage())) + .type(MediaType.APPLICATION_JSON).build(); + } catch (PrivilegeException e) { + logger.error(e.getMessage(), e); + return Response.status(Status.FORBIDDEN).entity(new Result(e.getMessage())) + .type(MediaType.APPLICATION_JSON).build(); + } catch (Exception e) { + logger.error(e.getMessage(), e); + return Response.serverError().entity(new Result(e.getMessage())).type(MediaType.APPLICATION_JSON).build(); + } + } + + @PUT + @Consumes(MediaType.APPLICATION_JSON) + @Produces(MediaType.APPLICATION_JSON) + @Path("{rolename}/privileges/{privilege}") + public Response addOrReplacePrivilegeOnRole(@PathParam("rolename") String rolename, + @PathParam("privilege") String privilege, PrivilegeRep privilegeRep, @Context HttpServletRequest request) { + Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE); + try { + + if (!privilege.equals(privilegeRep.getName())) + return Response.serverError() + .entity(new Result("Path privilege and data do not have same privilege name!")) + .type(MediaType.APPLICATION_JSON).build(); + + PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true); + privilegeHandler.addOrReplacePrivilegeOnRole(cert, rolename, privilegeRep); + return Response.ok(new Result(), MediaType.APPLICATION_JSON).build(); + + } catch (AccessDeniedException e) { + logger.error(e.getMessage(), e); + return Response.status(Status.UNAUTHORIZED).entity(new Result(e.getMessage())) + .type(MediaType.APPLICATION_JSON).build(); + } catch (PrivilegeException e) { + logger.error(e.getMessage(), e); + return Response.status(Status.FORBIDDEN).entity(new Result(e.getMessage())) + .type(MediaType.APPLICATION_JSON).build(); + } catch (Exception e) { + logger.error(e.getMessage(), e); + return Response.serverError().entity(new Result(e.getMessage())).type(MediaType.APPLICATION_JSON).build(); + } + } +} diff --git a/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/PrivilegeUsersService.java b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/PrivilegeUsersService.java new file mode 100644 index 000000000..c12c8100c --- /dev/null +++ b/li.strolch.rest/src/main/java/li/strolch/rest/endpoint/PrivilegeUsersService.java @@ -0,0 +1,245 @@ +/* + * Copyright 2013 Robert von Burg + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package li.strolch.rest.endpoint; + +import java.util.List; + +import javax.servlet.http.HttpServletRequest; +import javax.ws.rs.Consumes; +import javax.ws.rs.DELETE; +import javax.ws.rs.GET; +import javax.ws.rs.POST; +import javax.ws.rs.PUT; +import javax.ws.rs.Path; +import javax.ws.rs.PathParam; +import javax.ws.rs.Produces; +import javax.ws.rs.core.Context; +import javax.ws.rs.core.GenericEntity; +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.Response; +import javax.ws.rs.core.Response.Status; + +import li.strolch.agent.api.ComponentContainer; +import li.strolch.rest.RestfulStrolchComponent; +import li.strolch.rest.StrolchRestfulConstants; +import li.strolch.rest.model.Result; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import ch.eitchnet.privilege.base.AccessDeniedException; +import ch.eitchnet.privilege.base.PrivilegeException; +import ch.eitchnet.privilege.handler.PrivilegeHandler; +import ch.eitchnet.privilege.model.Certificate; +import ch.eitchnet.privilege.model.UserRep; + +/** + * @author Robert von Burg + */ +@Path("strolch/privilege/users") +public class PrivilegeUsersService { + + private static final Logger logger = LoggerFactory.getLogger(PrivilegeUsersService.class); + + private PrivilegeHandler getPrivilegeHandler(Certificate cert, boolean requiresStrolchPrivilegeAdminRole) { + if (requiresStrolchPrivilegeAdminRole && !cert.hasRole(StrolchRestfulConstants.ROLE_STROLCH_PRIVILEGE_ADMIN)) { + throw new AccessDeniedException("You may not perform the request as you are missing role " + + StrolchRestfulConstants.ROLE_STROLCH_PRIVILEGE_ADMIN); + } + + ComponentContainer container = RestfulStrolchComponent.getInstance().getContainer(); + return container.getPrivilegeHandler().getPrivilegeHandler(cert); + } + + @GET + @Produces(MediaType.APPLICATION_JSON) + public Response getUsers(@Context HttpServletRequest request) { + Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE); + PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true); + + List users = privilegeHandler.getUsers(cert); + GenericEntity> entity = new GenericEntity>(users) { + }; + return Response.ok(entity, MediaType.APPLICATION_JSON).build(); + } + + @GET + @Produces(MediaType.APPLICATION_JSON) + @Path("{username}") + public Response getUser(@PathParam("username") String username, @Context HttpServletRequest request) { + Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE); + PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true); + + UserRep user = privilegeHandler.getUser(cert, username); + return Response.ok(user, MediaType.APPLICATION_JSON).build(); + } + + @POST + @Consumes(MediaType.APPLICATION_JSON) + @Produces(MediaType.APPLICATION_JSON) + @Path("query") + public Response queryUsers(UserRep query, @Context HttpServletRequest request) { + Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE); + PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true); + + List users = privilegeHandler.queryUsers(cert, query); + GenericEntity> entity = new GenericEntity>(users) { + }; + return Response.ok(entity, MediaType.APPLICATION_JSON).build(); + } + + @POST + @Consumes(MediaType.APPLICATION_JSON) + @Produces(MediaType.APPLICATION_JSON) + public Response addUser(UserRep newUser, @Context HttpServletRequest request) { + Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE); + try { + + PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true); + privilegeHandler.addUser(cert, newUser, null); + return Response.ok(new Result(), MediaType.APPLICATION_JSON).build(); + + } catch (AccessDeniedException e) { + logger.error(e.getMessage(), e); + return Response.status(Status.UNAUTHORIZED).entity(new Result(e.getMessage())) + .type(MediaType.APPLICATION_JSON).build(); + } catch (PrivilegeException e) { + logger.error(e.getMessage(), e); + return Response.status(Status.FORBIDDEN).entity(new Result(e.getMessage())) + .type(MediaType.APPLICATION_JSON).build(); + } catch (Exception e) { + logger.error(e.getMessage(), e); + return Response.serverError().entity(new Result(e.getMessage())).type(MediaType.APPLICATION_JSON).build(); + } + } + + @DELETE + @Consumes(MediaType.APPLICATION_JSON) + @Produces(MediaType.APPLICATION_JSON) + @Path("{username}") + public Response removeUser(@PathParam("username") String username, @Context HttpServletRequest request) { + Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE); + try { + + PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true); + privilegeHandler.removeUser(cert, username); + return Response.ok(new Result(), MediaType.APPLICATION_JSON).build(); + + } catch (AccessDeniedException e) { + logger.error(e.getMessage(), e); + return Response.status(Status.UNAUTHORIZED).entity(new Result(e.getMessage())) + .type(MediaType.APPLICATION_JSON).build(); + } catch (PrivilegeException e) { + logger.error(e.getMessage(), e); + return Response.status(Status.FORBIDDEN).entity(new Result(e.getMessage())) + .type(MediaType.APPLICATION_JSON).build(); + } catch (Exception e) { + logger.error(e.getMessage(), e); + return Response.serverError().entity(new Result(e.getMessage())).type(MediaType.APPLICATION_JSON).build(); + } + } + + @PUT + @Consumes(MediaType.APPLICATION_JSON) + @Produces(MediaType.APPLICATION_JSON) + @Path("{username}") + public Response updateUser(@PathParam("username") String username, UserRep updatedFields, + @Context HttpServletRequest request) { + Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE); + try { + + if (!username.equals(updatedFields.getUsername())) + return Response.serverError().entity(new Result("Path username and data do not have same username!")) + .type(MediaType.APPLICATION_JSON).build(); + + PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true); + privilegeHandler.updateUser(cert, updatedFields); + return Response.ok(new Result(), MediaType.APPLICATION_JSON).build(); + + } catch (AccessDeniedException e) { + logger.error(e.getMessage(), e); + return Response.status(Status.UNAUTHORIZED).entity(new Result(e.getMessage())) + .type(MediaType.APPLICATION_JSON).build(); + } catch (PrivilegeException e) { + logger.error(e.getMessage(), e); + return Response.status(Status.FORBIDDEN).entity(new Result(e.getMessage())) + .type(MediaType.APPLICATION_JSON).build(); + } catch (Exception e) { + logger.error(e.getMessage(), e); + return Response.serverError().entity(new Result(e.getMessage())).type(MediaType.APPLICATION_JSON).build(); + } + } + + @PUT + @Consumes(MediaType.APPLICATION_JSON) + @Produces(MediaType.APPLICATION_JSON) + @Path("{username}/roles/{rolename}") + public Response addRoleToUser(@PathParam("username") String username, @PathParam("rolename") String rolename, + @Context HttpServletRequest request) { + Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE); + try { + + PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true); + privilegeHandler.addRoleToUser(cert, username, rolename); + return Response.ok(new Result(), MediaType.APPLICATION_JSON).build(); + + } catch (AccessDeniedException e) { + logger.error(e.getMessage(), e); + return Response.status(Status.UNAUTHORIZED).entity(new Result(e.getMessage())) + .type(MediaType.APPLICATION_JSON).build(); + } catch (PrivilegeException e) { + logger.error(e.getMessage(), e); + return Response.status(Status.FORBIDDEN).entity(new Result(e.getMessage())) + .type(MediaType.APPLICATION_JSON).build(); + } catch (Exception e) { + logger.error(e.getMessage(), e); + return Response.serverError().entity(new Result(e.getMessage())).type(MediaType.APPLICATION_JSON).build(); + } + } + + @DELETE + @Consumes(MediaType.APPLICATION_JSON) + @Produces(MediaType.APPLICATION_JSON) + @Path("{username}/roles/{rolename}") + public Response removeRoleFromUser(@PathParam("username") String username, @PathParam("rolename") String rolename, + @Context HttpServletRequest request) { + Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE); + try { + + PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true); + privilegeHandler.removeRoleFromUser(cert, username, rolename); + return Response.ok(new Result(), MediaType.APPLICATION_JSON).build(); + + } catch (AccessDeniedException e) { + logger.error(e.getMessage(), e); + return Response.status(Status.UNAUTHORIZED).entity(new Result(e.getMessage())) + .type(MediaType.APPLICATION_JSON).build(); + } catch (PrivilegeException e) { + logger.error(e.getMessage(), e); + return Response.status(Status.FORBIDDEN).entity(new Result(e.getMessage())) + .type(MediaType.APPLICATION_JSON).build(); + } catch (Exception e) { + logger.error(e.getMessage(), e); + return Response.serverError().entity(new Result(e.getMessage())).type(MediaType.APPLICATION_JSON).build(); + } + } + + // TODO set password on user + // TODO set state on user + // TODO set locale on user + // TODO change username of user + +} diff --git a/li.strolch.rest/src/main/java/li/strolch/rest/model/LoginResult.java b/li.strolch.rest/src/main/java/li/strolch/rest/model/LoginResult.java index 740c946a1..ee7082060 100644 --- a/li.strolch.rest/src/main/java/li/strolch/rest/model/LoginResult.java +++ b/li.strolch.rest/src/main/java/li/strolch/rest/model/LoginResult.java @@ -25,6 +25,8 @@ import javax.xml.bind.annotation.XmlAttribute; import javax.xml.bind.annotation.XmlElement; import javax.xml.bind.annotation.XmlRootElement; +import ch.eitchnet.utils.xml.XmlKeyValue; + /** * @author Robert von Burg */ @@ -41,9 +43,6 @@ public class LoginResult { @XmlAttribute(name = "locale") private String locale; - @XmlAttribute(name = "parameters") - private Map parameters; - @XmlAttribute(name = "msg") private String msg; @@ -53,6 +52,8 @@ public class LoginResult { @XmlElement(name = "privileges") private List privileges; + private Map parameters; + public LoginResult() { // no-arg constructor for JAXB } @@ -125,6 +126,16 @@ public class LoginResult { this.parameters = parameters; } + /** + * Returns the string map properties of this user as a list of {@link XmlKeyValue} elements + * + * @return the string map properties of this user as a list of {@link XmlKeyValue} elements + */ + @XmlElement(name = "properties") + public List getPropertiesAsKeyValue() { + return XmlKeyValue.valueOf(this.parameters); + } + /** * @return the msg */ diff --git a/li.strolch.rest/src/main/java/li/strolch/rest/model/Result.java b/li.strolch.rest/src/main/java/li/strolch/rest/model/Result.java new file mode 100644 index 000000000..fbcc48848 --- /dev/null +++ b/li.strolch.rest/src/main/java/li/strolch/rest/model/Result.java @@ -0,0 +1,50 @@ +/* + * Copyright 2013 Robert von Burg + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package li.strolch.rest.model; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlRootElement; + +import ch.eitchnet.utils.helper.StringHelper; + +/** + * @author Robert von Burg + */ +@XmlRootElement(name = "Result") +@XmlAccessorType(XmlAccessType.NONE) +public class Result { + + @XmlAttribute(name = "msg") + private String msg; + + public Result(String msg) { + this.msg = msg; + } + + public Result() { + this.msg = StringHelper.DASH; + } + + public String getMsg() { + return this.msg; + } + + public void setMsg(String msg) { + this.msg = msg; + } +}