[New] Added rest services for privilege management
- not yet all services are implemented - not yet tested
This commit is contained in:
parent
a434c42198
commit
f774cfb4d5
|
@ -1 +1 @@
|
||||||
Subproject commit 83740b59e21e356ac3f4e3439cd038b7f4b9a073
|
Subproject commit 5940a345d4f374aede973fb6d218a4199c8bfb4d
|
|
@ -1 +1 @@
|
||||||
Subproject commit 09966937c904113002d09e419c70b5945a761a4c
|
Subproject commit 07f009b7ff7cba427e4f0508da65f8d9b04db2f4
|
|
@ -22,6 +22,9 @@ import java.util.Set;
|
||||||
import li.strolch.rest.endpoint.AuthenticationService;
|
import li.strolch.rest.endpoint.AuthenticationService;
|
||||||
import li.strolch.rest.endpoint.EnumQuery;
|
import li.strolch.rest.endpoint.EnumQuery;
|
||||||
import li.strolch.rest.endpoint.Inspector;
|
import li.strolch.rest.endpoint.Inspector;
|
||||||
|
import li.strolch.rest.endpoint.PrivilegePoliciesService;
|
||||||
|
import li.strolch.rest.endpoint.PrivilegeRolesService;
|
||||||
|
import li.strolch.rest.endpoint.PrivilegeUsersService;
|
||||||
import li.strolch.rest.endpoint.VersionQuery;
|
import li.strolch.rest.endpoint.VersionQuery;
|
||||||
import li.strolch.rest.filters.AccessControlResponseFilter;
|
import li.strolch.rest.filters.AccessControlResponseFilter;
|
||||||
import li.strolch.rest.filters.AuthenicationRequestFilter;
|
import li.strolch.rest.filters.AuthenicationRequestFilter;
|
||||||
|
@ -36,12 +39,19 @@ public class StrolchRestfulClasses {
|
||||||
public static Set<Class<?>> providerClasses;
|
public static Set<Class<?>> providerClasses;
|
||||||
|
|
||||||
static {
|
static {
|
||||||
|
|
||||||
Set<Class<?>> restfulClasses = new HashSet<>();
|
Set<Class<?>> restfulClasses = new HashSet<>();
|
||||||
|
|
||||||
restfulClasses.add(AuthenticationService.class);
|
restfulClasses.add(AuthenticationService.class);
|
||||||
restfulClasses.add(Inspector.class);
|
restfulClasses.add(Inspector.class);
|
||||||
restfulClasses.add(VersionQuery.class);
|
restfulClasses.add(VersionQuery.class);
|
||||||
restfulClasses.add(EnumQuery.class);
|
restfulClasses.add(EnumQuery.class);
|
||||||
|
|
||||||
|
// privilege
|
||||||
|
restfulClasses.add(PrivilegeUsersService.class);
|
||||||
|
restfulClasses.add(PrivilegeRolesService.class);
|
||||||
|
restfulClasses.add(PrivilegePoliciesService.class);
|
||||||
|
|
||||||
Set<Class<?>> providerClasses = new HashSet<>();
|
Set<Class<?>> providerClasses = new HashSet<>();
|
||||||
providerClasses.add(StrolchRestfulExceptionMapper.class);
|
providerClasses.add(StrolchRestfulExceptionMapper.class);
|
||||||
providerClasses.add(AccessControlResponseFilter.class);
|
providerClasses.add(AccessControlResponseFilter.class);
|
||||||
|
|
|
@ -21,4 +21,5 @@ package li.strolch.rest;
|
||||||
public class StrolchRestfulConstants {
|
public class StrolchRestfulConstants {
|
||||||
|
|
||||||
public static final String STROLCH_CERTIFICATE = "strolch.certificate"; //$NON-NLS-1$
|
public static final String STROLCH_CERTIFICATE = "strolch.certificate"; //$NON-NLS-1$
|
||||||
|
public static final String ROLE_STROLCH_PRIVILEGE_ADMIN = "StrolchPrivilegeAdmin";
|
||||||
}
|
}
|
||||||
|
|
|
@ -27,7 +27,6 @@ import javax.ws.rs.Path;
|
||||||
import javax.ws.rs.PathParam;
|
import javax.ws.rs.PathParam;
|
||||||
import javax.ws.rs.Produces;
|
import javax.ws.rs.Produces;
|
||||||
import javax.ws.rs.core.Context;
|
import javax.ws.rs.core.Context;
|
||||||
import javax.ws.rs.core.GenericEntity;
|
|
||||||
import javax.ws.rs.core.HttpHeaders;
|
import javax.ws.rs.core.HttpHeaders;
|
||||||
import javax.ws.rs.core.MediaType;
|
import javax.ws.rs.core.MediaType;
|
||||||
import javax.ws.rs.core.Response;
|
import javax.ws.rs.core.Response;
|
||||||
|
@ -63,9 +62,6 @@ public class AuthenticationService {
|
||||||
public Response login(Login login, @Context HttpHeaders headers) {
|
public Response login(Login login, @Context HttpHeaders headers) {
|
||||||
|
|
||||||
LoginResult loginResult = new LoginResult();
|
LoginResult loginResult = new LoginResult();
|
||||||
GenericEntity<LoginResult> entity = new GenericEntity<LoginResult>(loginResult, LoginResult.class) {
|
|
||||||
//
|
|
||||||
};
|
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
|
||||||
|
@ -102,19 +98,19 @@ public class AuthenticationService {
|
||||||
else
|
else
|
||||||
loginResult.setPrivileges(allowList);
|
loginResult.setPrivileges(allowList);
|
||||||
|
|
||||||
return Response.ok().entity(entity)//
|
return Response.ok().entity(loginResult)//
|
||||||
.header(HttpHeaders.AUTHORIZATION, certificate.getAuthToken())//
|
.header(HttpHeaders.AUTHORIZATION, certificate.getAuthToken())//
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
} catch (StrolchException | PrivilegeException e) {
|
} catch (StrolchException | PrivilegeException e) {
|
||||||
logger.error(e.getMessage(), e);
|
logger.error(e.getMessage(), e);
|
||||||
loginResult.setMsg(MessageFormat.format("Could not log in due to: {0}", e.getMessage())); //$NON-NLS-1$
|
loginResult.setMsg(MessageFormat.format("Could not log in due to: {0}", e.getMessage())); //$NON-NLS-1$
|
||||||
return Response.status(Status.FORBIDDEN).entity(entity).build();
|
return Response.status(Status.UNAUTHORIZED).entity(loginResult).build();
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
logger.error(e.getMessage(), e);
|
logger.error(e.getMessage(), e);
|
||||||
String msg = e.getMessage();
|
String msg = e.getMessage();
|
||||||
loginResult.setMsg(MessageFormat.format("{0}: {1}", e.getClass().getName(), msg)); //$NON-NLS-1$
|
loginResult.setMsg(MessageFormat.format("{0}: {1}", e.getClass().getName(), msg)); //$NON-NLS-1$
|
||||||
return Response.serverError().entity(entity).build();
|
return Response.serverError().entity(loginResult).build();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,68 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2013 Robert von Burg <eitch@eitchnet.ch>
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
package li.strolch.rest.endpoint;
|
||||||
|
|
||||||
|
import java.util.List;
|
||||||
|
import java.util.Map;
|
||||||
|
|
||||||
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
import javax.ws.rs.GET;
|
||||||
|
import javax.ws.rs.Path;
|
||||||
|
import javax.ws.rs.Produces;
|
||||||
|
import javax.ws.rs.core.Context;
|
||||||
|
import javax.ws.rs.core.GenericEntity;
|
||||||
|
import javax.ws.rs.core.MediaType;
|
||||||
|
import javax.ws.rs.core.Response;
|
||||||
|
|
||||||
|
import li.strolch.agent.api.ComponentContainer;
|
||||||
|
import li.strolch.rest.RestfulStrolchComponent;
|
||||||
|
import li.strolch.rest.StrolchRestfulConstants;
|
||||||
|
import ch.eitchnet.privilege.base.AccessDeniedException;
|
||||||
|
import ch.eitchnet.privilege.handler.PrivilegeHandler;
|
||||||
|
import ch.eitchnet.privilege.model.Certificate;
|
||||||
|
import ch.eitchnet.utils.xml.XmlKeyValue;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author Robert von Burg <eitch@eitchnet.ch>
|
||||||
|
*/
|
||||||
|
@Path("strolch/privilege/policies")
|
||||||
|
public class PrivilegePoliciesService {
|
||||||
|
|
||||||
|
// private static final Logger logger = LoggerFactory.getLogger(PrivilegePoliciesService.class);
|
||||||
|
|
||||||
|
private PrivilegeHandler getPrivilegeHandler(Certificate cert, boolean requiresStrolchPrivilegeAdminRole) {
|
||||||
|
if (requiresStrolchPrivilegeAdminRole && !cert.hasRole(StrolchRestfulConstants.ROLE_STROLCH_PRIVILEGE_ADMIN)) {
|
||||||
|
throw new AccessDeniedException("You may not perform the request as you are missing role "
|
||||||
|
+ StrolchRestfulConstants.ROLE_STROLCH_PRIVILEGE_ADMIN);
|
||||||
|
}
|
||||||
|
|
||||||
|
ComponentContainer container = RestfulStrolchComponent.getInstance().getContainer();
|
||||||
|
return container.getPrivilegeHandler().getPrivilegeHandler(cert);
|
||||||
|
}
|
||||||
|
|
||||||
|
@GET
|
||||||
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
|
public Response getRoles(@Context HttpServletRequest request) {
|
||||||
|
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||||
|
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true);
|
||||||
|
|
||||||
|
Map<String, String> policyDefs = privilegeHandler.getPolicyDefs(cert);
|
||||||
|
List<XmlKeyValue> values = XmlKeyValue.valueOf(policyDefs);
|
||||||
|
GenericEntity<List<XmlKeyValue>> entity = new GenericEntity<List<XmlKeyValue>>(values) {
|
||||||
|
};
|
||||||
|
return Response.ok(entity, MediaType.APPLICATION_JSON).build();
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,258 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2013 Robert von Burg <eitch@eitchnet.ch>
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
package li.strolch.rest.endpoint;
|
||||||
|
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
import javax.ws.rs.Consumes;
|
||||||
|
import javax.ws.rs.DELETE;
|
||||||
|
import javax.ws.rs.GET;
|
||||||
|
import javax.ws.rs.POST;
|
||||||
|
import javax.ws.rs.PUT;
|
||||||
|
import javax.ws.rs.Path;
|
||||||
|
import javax.ws.rs.PathParam;
|
||||||
|
import javax.ws.rs.Produces;
|
||||||
|
import javax.ws.rs.core.Context;
|
||||||
|
import javax.ws.rs.core.GenericEntity;
|
||||||
|
import javax.ws.rs.core.MediaType;
|
||||||
|
import javax.ws.rs.core.Response;
|
||||||
|
import javax.ws.rs.core.Response.Status;
|
||||||
|
|
||||||
|
import li.strolch.agent.api.ComponentContainer;
|
||||||
|
import li.strolch.rest.RestfulStrolchComponent;
|
||||||
|
import li.strolch.rest.StrolchRestfulConstants;
|
||||||
|
import li.strolch.rest.model.Result;
|
||||||
|
|
||||||
|
import org.slf4j.Logger;
|
||||||
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
|
import ch.eitchnet.privilege.base.AccessDeniedException;
|
||||||
|
import ch.eitchnet.privilege.base.PrivilegeException;
|
||||||
|
import ch.eitchnet.privilege.handler.PrivilegeHandler;
|
||||||
|
import ch.eitchnet.privilege.model.Certificate;
|
||||||
|
import ch.eitchnet.privilege.model.PrivilegeRep;
|
||||||
|
import ch.eitchnet.privilege.model.RoleRep;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author Robert von Burg <eitch@eitchnet.ch>
|
||||||
|
*/
|
||||||
|
@Path("strolch/privilege/roles")
|
||||||
|
public class PrivilegeRolesService {
|
||||||
|
|
||||||
|
private static final Logger logger = LoggerFactory.getLogger(PrivilegeRolesService.class);
|
||||||
|
|
||||||
|
private PrivilegeHandler getPrivilegeHandler(Certificate cert, boolean requiresStrolchPrivilegeAdminRole) {
|
||||||
|
if (requiresStrolchPrivilegeAdminRole && !cert.hasRole(StrolchRestfulConstants.ROLE_STROLCH_PRIVILEGE_ADMIN)) {
|
||||||
|
throw new AccessDeniedException("You may not perform the request as you are missing role "
|
||||||
|
+ StrolchRestfulConstants.ROLE_STROLCH_PRIVILEGE_ADMIN);
|
||||||
|
}
|
||||||
|
|
||||||
|
ComponentContainer container = RestfulStrolchComponent.getInstance().getContainer();
|
||||||
|
return container.getPrivilegeHandler().getPrivilegeHandler(cert);
|
||||||
|
}
|
||||||
|
|
||||||
|
@GET
|
||||||
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
|
public Response getRoles(@Context HttpServletRequest request) {
|
||||||
|
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||||
|
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true);
|
||||||
|
|
||||||
|
List<RoleRep> roles = privilegeHandler.getRoles(cert);
|
||||||
|
GenericEntity<List<RoleRep>> entity = new GenericEntity<List<RoleRep>>(roles) {
|
||||||
|
};
|
||||||
|
return Response.ok(entity, MediaType.APPLICATION_JSON).build();
|
||||||
|
}
|
||||||
|
|
||||||
|
@GET
|
||||||
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
|
@Path("{rolename}")
|
||||||
|
public Response getRole(@PathParam("rolename") String rolename, @Context HttpServletRequest request) {
|
||||||
|
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||||
|
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true);
|
||||||
|
|
||||||
|
RoleRep role = privilegeHandler.getRole(cert, rolename);
|
||||||
|
return Response.ok(role, MediaType.APPLICATION_JSON).build();
|
||||||
|
}
|
||||||
|
|
||||||
|
@POST
|
||||||
|
@Consumes(MediaType.APPLICATION_JSON)
|
||||||
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
|
public Response addRole(RoleRep newRole, @Context HttpServletRequest request) {
|
||||||
|
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||||
|
try {
|
||||||
|
|
||||||
|
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true);
|
||||||
|
privilegeHandler.addRole(cert, newRole);
|
||||||
|
return Response.ok(new Result(), MediaType.APPLICATION_JSON).build();
|
||||||
|
|
||||||
|
} catch (AccessDeniedException e) {
|
||||||
|
logger.error(e.getMessage(), e);
|
||||||
|
return Response.status(Status.UNAUTHORIZED).entity(new Result(e.getMessage()))
|
||||||
|
.type(MediaType.APPLICATION_JSON).build();
|
||||||
|
} catch (PrivilegeException e) {
|
||||||
|
logger.error(e.getMessage(), e);
|
||||||
|
return Response.status(Status.FORBIDDEN).entity(new Result(e.getMessage()))
|
||||||
|
.type(MediaType.APPLICATION_JSON).build();
|
||||||
|
} catch (Exception e) {
|
||||||
|
logger.error(e.getMessage(), e);
|
||||||
|
return Response.serverError().entity(new Result(e.getMessage())).type(MediaType.APPLICATION_JSON).build();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@PUT
|
||||||
|
@Consumes(MediaType.APPLICATION_JSON)
|
||||||
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
|
@Path("{rolename}")
|
||||||
|
public Response replaceRole(@PathParam("rolename") String rolename, RoleRep updatedRole,
|
||||||
|
@Context HttpServletRequest request) {
|
||||||
|
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||||
|
try {
|
||||||
|
|
||||||
|
if (!rolename.equals(updatedRole.getName()))
|
||||||
|
return Response.serverError().entity(new Result("Path rolename and data do not have same role name!"))
|
||||||
|
.type(MediaType.APPLICATION_JSON).build();
|
||||||
|
|
||||||
|
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true);
|
||||||
|
privilegeHandler.replaceRole(cert, updatedRole);
|
||||||
|
return Response.ok(new Result(), MediaType.APPLICATION_JSON).build();
|
||||||
|
|
||||||
|
} catch (AccessDeniedException e) {
|
||||||
|
logger.error(e.getMessage(), e);
|
||||||
|
return Response.status(Status.UNAUTHORIZED).entity(new Result(e.getMessage()))
|
||||||
|
.type(MediaType.APPLICATION_JSON).build();
|
||||||
|
} catch (PrivilegeException e) {
|
||||||
|
logger.error(e.getMessage(), e);
|
||||||
|
return Response.status(Status.FORBIDDEN).entity(new Result(e.getMessage()))
|
||||||
|
.type(MediaType.APPLICATION_JSON).build();
|
||||||
|
} catch (Exception e) {
|
||||||
|
logger.error(e.getMessage(), e);
|
||||||
|
return Response.serverError().entity(new Result(e.getMessage())).type(MediaType.APPLICATION_JSON).build();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@DELETE
|
||||||
|
@Consumes(MediaType.APPLICATION_JSON)
|
||||||
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
|
@Path("{rolename}")
|
||||||
|
public Response removeRole(@PathParam("rolename") String rolename, @Context HttpServletRequest request) {
|
||||||
|
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||||
|
try {
|
||||||
|
|
||||||
|
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true);
|
||||||
|
privilegeHandler.removeRole(cert, rolename);
|
||||||
|
return Response.ok(new Result(), MediaType.APPLICATION_JSON).build();
|
||||||
|
|
||||||
|
} catch (AccessDeniedException e) {
|
||||||
|
logger.error(e.getMessage(), e);
|
||||||
|
return Response.status(Status.UNAUTHORIZED).entity(new Result(e.getMessage()))
|
||||||
|
.type(MediaType.APPLICATION_JSON).build();
|
||||||
|
} catch (PrivilegeException e) {
|
||||||
|
logger.error(e.getMessage(), e);
|
||||||
|
return Response.status(Status.FORBIDDEN).entity(new Result(e.getMessage()))
|
||||||
|
.type(MediaType.APPLICATION_JSON).build();
|
||||||
|
} catch (Exception e) {
|
||||||
|
logger.error(e.getMessage(), e);
|
||||||
|
return Response.serverError().entity(new Result(e.getMessage())).type(MediaType.APPLICATION_JSON).build();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@PUT
|
||||||
|
@Consumes(MediaType.APPLICATION_JSON)
|
||||||
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
|
@Path("{rolename}/privileges")
|
||||||
|
public Response addOrReplacePrivilegeOnRole(@PathParam("rolename") String rolename, PrivilegeRep privilegeRep,
|
||||||
|
@Context HttpServletRequest request) {
|
||||||
|
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||||
|
try {
|
||||||
|
|
||||||
|
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true);
|
||||||
|
privilegeHandler.addOrReplacePrivilegeOnRole(cert, rolename, privilegeRep);
|
||||||
|
return Response.ok(new Result(), MediaType.APPLICATION_JSON).build();
|
||||||
|
|
||||||
|
} catch (AccessDeniedException e) {
|
||||||
|
logger.error(e.getMessage(), e);
|
||||||
|
return Response.status(Status.UNAUTHORIZED).entity(new Result(e.getMessage()))
|
||||||
|
.type(MediaType.APPLICATION_JSON).build();
|
||||||
|
} catch (PrivilegeException e) {
|
||||||
|
logger.error(e.getMessage(), e);
|
||||||
|
return Response.status(Status.FORBIDDEN).entity(new Result(e.getMessage()))
|
||||||
|
.type(MediaType.APPLICATION_JSON).build();
|
||||||
|
} catch (Exception e) {
|
||||||
|
logger.error(e.getMessage(), e);
|
||||||
|
return Response.serverError().entity(new Result(e.getMessage())).type(MediaType.APPLICATION_JSON).build();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@DELETE
|
||||||
|
@Consumes(MediaType.APPLICATION_JSON)
|
||||||
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
|
@Path("{rolename}/privileges/{privilege}")
|
||||||
|
public Response removePrivilegeFromRole(@PathParam("rolename") String rolename,
|
||||||
|
@PathParam("privilege") String privilege, @Context HttpServletRequest request) {
|
||||||
|
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||||
|
try {
|
||||||
|
|
||||||
|
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true);
|
||||||
|
privilegeHandler.removePrivilegeFromRole(cert, rolename, privilege);
|
||||||
|
return Response.ok(new Result(), MediaType.APPLICATION_JSON).build();
|
||||||
|
|
||||||
|
} catch (AccessDeniedException e) {
|
||||||
|
logger.error(e.getMessage(), e);
|
||||||
|
return Response.status(Status.UNAUTHORIZED).entity(new Result(e.getMessage()))
|
||||||
|
.type(MediaType.APPLICATION_JSON).build();
|
||||||
|
} catch (PrivilegeException e) {
|
||||||
|
logger.error(e.getMessage(), e);
|
||||||
|
return Response.status(Status.FORBIDDEN).entity(new Result(e.getMessage()))
|
||||||
|
.type(MediaType.APPLICATION_JSON).build();
|
||||||
|
} catch (Exception e) {
|
||||||
|
logger.error(e.getMessage(), e);
|
||||||
|
return Response.serverError().entity(new Result(e.getMessage())).type(MediaType.APPLICATION_JSON).build();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@PUT
|
||||||
|
@Consumes(MediaType.APPLICATION_JSON)
|
||||||
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
|
@Path("{rolename}/privileges/{privilege}")
|
||||||
|
public Response addOrReplacePrivilegeOnRole(@PathParam("rolename") String rolename,
|
||||||
|
@PathParam("privilege") String privilege, PrivilegeRep privilegeRep, @Context HttpServletRequest request) {
|
||||||
|
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||||
|
try {
|
||||||
|
|
||||||
|
if (!privilege.equals(privilegeRep.getName()))
|
||||||
|
return Response.serverError()
|
||||||
|
.entity(new Result("Path privilege and data do not have same privilege name!"))
|
||||||
|
.type(MediaType.APPLICATION_JSON).build();
|
||||||
|
|
||||||
|
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true);
|
||||||
|
privilegeHandler.addOrReplacePrivilegeOnRole(cert, rolename, privilegeRep);
|
||||||
|
return Response.ok(new Result(), MediaType.APPLICATION_JSON).build();
|
||||||
|
|
||||||
|
} catch (AccessDeniedException e) {
|
||||||
|
logger.error(e.getMessage(), e);
|
||||||
|
return Response.status(Status.UNAUTHORIZED).entity(new Result(e.getMessage()))
|
||||||
|
.type(MediaType.APPLICATION_JSON).build();
|
||||||
|
} catch (PrivilegeException e) {
|
||||||
|
logger.error(e.getMessage(), e);
|
||||||
|
return Response.status(Status.FORBIDDEN).entity(new Result(e.getMessage()))
|
||||||
|
.type(MediaType.APPLICATION_JSON).build();
|
||||||
|
} catch (Exception e) {
|
||||||
|
logger.error(e.getMessage(), e);
|
||||||
|
return Response.serverError().entity(new Result(e.getMessage())).type(MediaType.APPLICATION_JSON).build();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,245 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2013 Robert von Burg <eitch@eitchnet.ch>
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
package li.strolch.rest.endpoint;
|
||||||
|
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
import javax.ws.rs.Consumes;
|
||||||
|
import javax.ws.rs.DELETE;
|
||||||
|
import javax.ws.rs.GET;
|
||||||
|
import javax.ws.rs.POST;
|
||||||
|
import javax.ws.rs.PUT;
|
||||||
|
import javax.ws.rs.Path;
|
||||||
|
import javax.ws.rs.PathParam;
|
||||||
|
import javax.ws.rs.Produces;
|
||||||
|
import javax.ws.rs.core.Context;
|
||||||
|
import javax.ws.rs.core.GenericEntity;
|
||||||
|
import javax.ws.rs.core.MediaType;
|
||||||
|
import javax.ws.rs.core.Response;
|
||||||
|
import javax.ws.rs.core.Response.Status;
|
||||||
|
|
||||||
|
import li.strolch.agent.api.ComponentContainer;
|
||||||
|
import li.strolch.rest.RestfulStrolchComponent;
|
||||||
|
import li.strolch.rest.StrolchRestfulConstants;
|
||||||
|
import li.strolch.rest.model.Result;
|
||||||
|
|
||||||
|
import org.slf4j.Logger;
|
||||||
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
|
import ch.eitchnet.privilege.base.AccessDeniedException;
|
||||||
|
import ch.eitchnet.privilege.base.PrivilegeException;
|
||||||
|
import ch.eitchnet.privilege.handler.PrivilegeHandler;
|
||||||
|
import ch.eitchnet.privilege.model.Certificate;
|
||||||
|
import ch.eitchnet.privilege.model.UserRep;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author Robert von Burg <eitch@eitchnet.ch>
|
||||||
|
*/
|
||||||
|
@Path("strolch/privilege/users")
|
||||||
|
public class PrivilegeUsersService {
|
||||||
|
|
||||||
|
private static final Logger logger = LoggerFactory.getLogger(PrivilegeUsersService.class);
|
||||||
|
|
||||||
|
private PrivilegeHandler getPrivilegeHandler(Certificate cert, boolean requiresStrolchPrivilegeAdminRole) {
|
||||||
|
if (requiresStrolchPrivilegeAdminRole && !cert.hasRole(StrolchRestfulConstants.ROLE_STROLCH_PRIVILEGE_ADMIN)) {
|
||||||
|
throw new AccessDeniedException("You may not perform the request as you are missing role "
|
||||||
|
+ StrolchRestfulConstants.ROLE_STROLCH_PRIVILEGE_ADMIN);
|
||||||
|
}
|
||||||
|
|
||||||
|
ComponentContainer container = RestfulStrolchComponent.getInstance().getContainer();
|
||||||
|
return container.getPrivilegeHandler().getPrivilegeHandler(cert);
|
||||||
|
}
|
||||||
|
|
||||||
|
@GET
|
||||||
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
|
public Response getUsers(@Context HttpServletRequest request) {
|
||||||
|
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||||
|
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true);
|
||||||
|
|
||||||
|
List<UserRep> users = privilegeHandler.getUsers(cert);
|
||||||
|
GenericEntity<List<UserRep>> entity = new GenericEntity<List<UserRep>>(users) {
|
||||||
|
};
|
||||||
|
return Response.ok(entity, MediaType.APPLICATION_JSON).build();
|
||||||
|
}
|
||||||
|
|
||||||
|
@GET
|
||||||
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
|
@Path("{username}")
|
||||||
|
public Response getUser(@PathParam("username") String username, @Context HttpServletRequest request) {
|
||||||
|
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||||
|
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true);
|
||||||
|
|
||||||
|
UserRep user = privilegeHandler.getUser(cert, username);
|
||||||
|
return Response.ok(user, MediaType.APPLICATION_JSON).build();
|
||||||
|
}
|
||||||
|
|
||||||
|
@POST
|
||||||
|
@Consumes(MediaType.APPLICATION_JSON)
|
||||||
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
|
@Path("query")
|
||||||
|
public Response queryUsers(UserRep query, @Context HttpServletRequest request) {
|
||||||
|
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||||
|
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true);
|
||||||
|
|
||||||
|
List<UserRep> users = privilegeHandler.queryUsers(cert, query);
|
||||||
|
GenericEntity<List<UserRep>> entity = new GenericEntity<List<UserRep>>(users) {
|
||||||
|
};
|
||||||
|
return Response.ok(entity, MediaType.APPLICATION_JSON).build();
|
||||||
|
}
|
||||||
|
|
||||||
|
@POST
|
||||||
|
@Consumes(MediaType.APPLICATION_JSON)
|
||||||
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
|
public Response addUser(UserRep newUser, @Context HttpServletRequest request) {
|
||||||
|
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||||
|
try {
|
||||||
|
|
||||||
|
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true);
|
||||||
|
privilegeHandler.addUser(cert, newUser, null);
|
||||||
|
return Response.ok(new Result(), MediaType.APPLICATION_JSON).build();
|
||||||
|
|
||||||
|
} catch (AccessDeniedException e) {
|
||||||
|
logger.error(e.getMessage(), e);
|
||||||
|
return Response.status(Status.UNAUTHORIZED).entity(new Result(e.getMessage()))
|
||||||
|
.type(MediaType.APPLICATION_JSON).build();
|
||||||
|
} catch (PrivilegeException e) {
|
||||||
|
logger.error(e.getMessage(), e);
|
||||||
|
return Response.status(Status.FORBIDDEN).entity(new Result(e.getMessage()))
|
||||||
|
.type(MediaType.APPLICATION_JSON).build();
|
||||||
|
} catch (Exception e) {
|
||||||
|
logger.error(e.getMessage(), e);
|
||||||
|
return Response.serverError().entity(new Result(e.getMessage())).type(MediaType.APPLICATION_JSON).build();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@DELETE
|
||||||
|
@Consumes(MediaType.APPLICATION_JSON)
|
||||||
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
|
@Path("{username}")
|
||||||
|
public Response removeUser(@PathParam("username") String username, @Context HttpServletRequest request) {
|
||||||
|
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||||
|
try {
|
||||||
|
|
||||||
|
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true);
|
||||||
|
privilegeHandler.removeUser(cert, username);
|
||||||
|
return Response.ok(new Result(), MediaType.APPLICATION_JSON).build();
|
||||||
|
|
||||||
|
} catch (AccessDeniedException e) {
|
||||||
|
logger.error(e.getMessage(), e);
|
||||||
|
return Response.status(Status.UNAUTHORIZED).entity(new Result(e.getMessage()))
|
||||||
|
.type(MediaType.APPLICATION_JSON).build();
|
||||||
|
} catch (PrivilegeException e) {
|
||||||
|
logger.error(e.getMessage(), e);
|
||||||
|
return Response.status(Status.FORBIDDEN).entity(new Result(e.getMessage()))
|
||||||
|
.type(MediaType.APPLICATION_JSON).build();
|
||||||
|
} catch (Exception e) {
|
||||||
|
logger.error(e.getMessage(), e);
|
||||||
|
return Response.serverError().entity(new Result(e.getMessage())).type(MediaType.APPLICATION_JSON).build();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@PUT
|
||||||
|
@Consumes(MediaType.APPLICATION_JSON)
|
||||||
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
|
@Path("{username}")
|
||||||
|
public Response updateUser(@PathParam("username") String username, UserRep updatedFields,
|
||||||
|
@Context HttpServletRequest request) {
|
||||||
|
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||||
|
try {
|
||||||
|
|
||||||
|
if (!username.equals(updatedFields.getUsername()))
|
||||||
|
return Response.serverError().entity(new Result("Path username and data do not have same username!"))
|
||||||
|
.type(MediaType.APPLICATION_JSON).build();
|
||||||
|
|
||||||
|
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true);
|
||||||
|
privilegeHandler.updateUser(cert, updatedFields);
|
||||||
|
return Response.ok(new Result(), MediaType.APPLICATION_JSON).build();
|
||||||
|
|
||||||
|
} catch (AccessDeniedException e) {
|
||||||
|
logger.error(e.getMessage(), e);
|
||||||
|
return Response.status(Status.UNAUTHORIZED).entity(new Result(e.getMessage()))
|
||||||
|
.type(MediaType.APPLICATION_JSON).build();
|
||||||
|
} catch (PrivilegeException e) {
|
||||||
|
logger.error(e.getMessage(), e);
|
||||||
|
return Response.status(Status.FORBIDDEN).entity(new Result(e.getMessage()))
|
||||||
|
.type(MediaType.APPLICATION_JSON).build();
|
||||||
|
} catch (Exception e) {
|
||||||
|
logger.error(e.getMessage(), e);
|
||||||
|
return Response.serverError().entity(new Result(e.getMessage())).type(MediaType.APPLICATION_JSON).build();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@PUT
|
||||||
|
@Consumes(MediaType.APPLICATION_JSON)
|
||||||
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
|
@Path("{username}/roles/{rolename}")
|
||||||
|
public Response addRoleToUser(@PathParam("username") String username, @PathParam("rolename") String rolename,
|
||||||
|
@Context HttpServletRequest request) {
|
||||||
|
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||||
|
try {
|
||||||
|
|
||||||
|
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true);
|
||||||
|
privilegeHandler.addRoleToUser(cert, username, rolename);
|
||||||
|
return Response.ok(new Result(), MediaType.APPLICATION_JSON).build();
|
||||||
|
|
||||||
|
} catch (AccessDeniedException e) {
|
||||||
|
logger.error(e.getMessage(), e);
|
||||||
|
return Response.status(Status.UNAUTHORIZED).entity(new Result(e.getMessage()))
|
||||||
|
.type(MediaType.APPLICATION_JSON).build();
|
||||||
|
} catch (PrivilegeException e) {
|
||||||
|
logger.error(e.getMessage(), e);
|
||||||
|
return Response.status(Status.FORBIDDEN).entity(new Result(e.getMessage()))
|
||||||
|
.type(MediaType.APPLICATION_JSON).build();
|
||||||
|
} catch (Exception e) {
|
||||||
|
logger.error(e.getMessage(), e);
|
||||||
|
return Response.serverError().entity(new Result(e.getMessage())).type(MediaType.APPLICATION_JSON).build();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@DELETE
|
||||||
|
@Consumes(MediaType.APPLICATION_JSON)
|
||||||
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
|
@Path("{username}/roles/{rolename}")
|
||||||
|
public Response removeRoleFromUser(@PathParam("username") String username, @PathParam("rolename") String rolename,
|
||||||
|
@Context HttpServletRequest request) {
|
||||||
|
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||||
|
try {
|
||||||
|
|
||||||
|
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true);
|
||||||
|
privilegeHandler.removeRoleFromUser(cert, username, rolename);
|
||||||
|
return Response.ok(new Result(), MediaType.APPLICATION_JSON).build();
|
||||||
|
|
||||||
|
} catch (AccessDeniedException e) {
|
||||||
|
logger.error(e.getMessage(), e);
|
||||||
|
return Response.status(Status.UNAUTHORIZED).entity(new Result(e.getMessage()))
|
||||||
|
.type(MediaType.APPLICATION_JSON).build();
|
||||||
|
} catch (PrivilegeException e) {
|
||||||
|
logger.error(e.getMessage(), e);
|
||||||
|
return Response.status(Status.FORBIDDEN).entity(new Result(e.getMessage()))
|
||||||
|
.type(MediaType.APPLICATION_JSON).build();
|
||||||
|
} catch (Exception e) {
|
||||||
|
logger.error(e.getMessage(), e);
|
||||||
|
return Response.serverError().entity(new Result(e.getMessage())).type(MediaType.APPLICATION_JSON).build();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// TODO set password on user
|
||||||
|
// TODO set state on user
|
||||||
|
// TODO set locale on user
|
||||||
|
// TODO change username of user
|
||||||
|
|
||||||
|
}
|
|
@ -25,6 +25,8 @@ import javax.xml.bind.annotation.XmlAttribute;
|
||||||
import javax.xml.bind.annotation.XmlElement;
|
import javax.xml.bind.annotation.XmlElement;
|
||||||
import javax.xml.bind.annotation.XmlRootElement;
|
import javax.xml.bind.annotation.XmlRootElement;
|
||||||
|
|
||||||
|
import ch.eitchnet.utils.xml.XmlKeyValue;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author Robert von Burg <eitch@eitchnet.ch>
|
* @author Robert von Burg <eitch@eitchnet.ch>
|
||||||
*/
|
*/
|
||||||
|
@ -41,9 +43,6 @@ public class LoginResult {
|
||||||
@XmlAttribute(name = "locale")
|
@XmlAttribute(name = "locale")
|
||||||
private String locale;
|
private String locale;
|
||||||
|
|
||||||
@XmlAttribute(name = "parameters")
|
|
||||||
private Map<String, String> parameters;
|
|
||||||
|
|
||||||
@XmlAttribute(name = "msg")
|
@XmlAttribute(name = "msg")
|
||||||
private String msg;
|
private String msg;
|
||||||
|
|
||||||
|
@ -53,6 +52,8 @@ public class LoginResult {
|
||||||
@XmlElement(name = "privileges")
|
@XmlElement(name = "privileges")
|
||||||
private List<String> privileges;
|
private List<String> privileges;
|
||||||
|
|
||||||
|
private Map<String, String> parameters;
|
||||||
|
|
||||||
public LoginResult() {
|
public LoginResult() {
|
||||||
// no-arg constructor for JAXB
|
// no-arg constructor for JAXB
|
||||||
}
|
}
|
||||||
|
@ -125,6 +126,16 @@ public class LoginResult {
|
||||||
this.parameters = parameters;
|
this.parameters = parameters;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns the string map properties of this user as a list of {@link XmlKeyValue} elements
|
||||||
|
*
|
||||||
|
* @return the string map properties of this user as a list of {@link XmlKeyValue} elements
|
||||||
|
*/
|
||||||
|
@XmlElement(name = "properties")
|
||||||
|
public List<XmlKeyValue> getPropertiesAsKeyValue() {
|
||||||
|
return XmlKeyValue.valueOf(this.parameters);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @return the msg
|
* @return the msg
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -0,0 +1,50 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2013 Robert von Burg <eitch@eitchnet.ch>
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
package li.strolch.rest.model;
|
||||||
|
|
||||||
|
import javax.xml.bind.annotation.XmlAccessType;
|
||||||
|
import javax.xml.bind.annotation.XmlAccessorType;
|
||||||
|
import javax.xml.bind.annotation.XmlAttribute;
|
||||||
|
import javax.xml.bind.annotation.XmlRootElement;
|
||||||
|
|
||||||
|
import ch.eitchnet.utils.helper.StringHelper;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author Robert von Burg <eitch@eitchnet.ch>
|
||||||
|
*/
|
||||||
|
@XmlRootElement(name = "Result")
|
||||||
|
@XmlAccessorType(XmlAccessType.NONE)
|
||||||
|
public class Result {
|
||||||
|
|
||||||
|
@XmlAttribute(name = "msg")
|
||||||
|
private String msg;
|
||||||
|
|
||||||
|
public Result(String msg) {
|
||||||
|
this.msg = msg;
|
||||||
|
}
|
||||||
|
|
||||||
|
public Result() {
|
||||||
|
this.msg = StringHelper.DASH;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getMsg() {
|
||||||
|
return this.msg;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setMsg(String msg) {
|
||||||
|
this.msg = msg;
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue