[New] Added rest services for privilege management
- not yet all services are implemented - not yet tested
This commit is contained in:
parent
a434c42198
commit
f774cfb4d5
|
@ -1 +1 @@
|
|||
Subproject commit 83740b59e21e356ac3f4e3439cd038b7f4b9a073
|
||||
Subproject commit 5940a345d4f374aede973fb6d218a4199c8bfb4d
|
|
@ -1 +1 @@
|
|||
Subproject commit 09966937c904113002d09e419c70b5945a761a4c
|
||||
Subproject commit 07f009b7ff7cba427e4f0508da65f8d9b04db2f4
|
|
@ -22,6 +22,9 @@ import java.util.Set;
|
|||
import li.strolch.rest.endpoint.AuthenticationService;
|
||||
import li.strolch.rest.endpoint.EnumQuery;
|
||||
import li.strolch.rest.endpoint.Inspector;
|
||||
import li.strolch.rest.endpoint.PrivilegePoliciesService;
|
||||
import li.strolch.rest.endpoint.PrivilegeRolesService;
|
||||
import li.strolch.rest.endpoint.PrivilegeUsersService;
|
||||
import li.strolch.rest.endpoint.VersionQuery;
|
||||
import li.strolch.rest.filters.AccessControlResponseFilter;
|
||||
import li.strolch.rest.filters.AuthenicationRequestFilter;
|
||||
|
@ -36,12 +39,19 @@ public class StrolchRestfulClasses {
|
|||
public static Set<Class<?>> providerClasses;
|
||||
|
||||
static {
|
||||
|
||||
Set<Class<?>> restfulClasses = new HashSet<>();
|
||||
|
||||
restfulClasses.add(AuthenticationService.class);
|
||||
restfulClasses.add(Inspector.class);
|
||||
restfulClasses.add(VersionQuery.class);
|
||||
restfulClasses.add(EnumQuery.class);
|
||||
|
||||
// privilege
|
||||
restfulClasses.add(PrivilegeUsersService.class);
|
||||
restfulClasses.add(PrivilegeRolesService.class);
|
||||
restfulClasses.add(PrivilegePoliciesService.class);
|
||||
|
||||
Set<Class<?>> providerClasses = new HashSet<>();
|
||||
providerClasses.add(StrolchRestfulExceptionMapper.class);
|
||||
providerClasses.add(AccessControlResponseFilter.class);
|
||||
|
|
|
@ -21,4 +21,5 @@ package li.strolch.rest;
|
|||
public class StrolchRestfulConstants {
|
||||
|
||||
public static final String STROLCH_CERTIFICATE = "strolch.certificate"; //$NON-NLS-1$
|
||||
public static final String ROLE_STROLCH_PRIVILEGE_ADMIN = "StrolchPrivilegeAdmin";
|
||||
}
|
||||
|
|
|
@ -27,7 +27,6 @@ import javax.ws.rs.Path;
|
|||
import javax.ws.rs.PathParam;
|
||||
import javax.ws.rs.Produces;
|
||||
import javax.ws.rs.core.Context;
|
||||
import javax.ws.rs.core.GenericEntity;
|
||||
import javax.ws.rs.core.HttpHeaders;
|
||||
import javax.ws.rs.core.MediaType;
|
||||
import javax.ws.rs.core.Response;
|
||||
|
@ -63,9 +62,6 @@ public class AuthenticationService {
|
|||
public Response login(Login login, @Context HttpHeaders headers) {
|
||||
|
||||
LoginResult loginResult = new LoginResult();
|
||||
GenericEntity<LoginResult> entity = new GenericEntity<LoginResult>(loginResult, LoginResult.class) {
|
||||
//
|
||||
};
|
||||
|
||||
try {
|
||||
|
||||
|
@ -102,19 +98,19 @@ public class AuthenticationService {
|
|||
else
|
||||
loginResult.setPrivileges(allowList);
|
||||
|
||||
return Response.ok().entity(entity)//
|
||||
return Response.ok().entity(loginResult)//
|
||||
.header(HttpHeaders.AUTHORIZATION, certificate.getAuthToken())//
|
||||
.build();
|
||||
|
||||
} catch (StrolchException | PrivilegeException e) {
|
||||
logger.error(e.getMessage(), e);
|
||||
loginResult.setMsg(MessageFormat.format("Could not log in due to: {0}", e.getMessage())); //$NON-NLS-1$
|
||||
return Response.status(Status.FORBIDDEN).entity(entity).build();
|
||||
return Response.status(Status.UNAUTHORIZED).entity(loginResult).build();
|
||||
} catch (Exception e) {
|
||||
logger.error(e.getMessage(), e);
|
||||
String msg = e.getMessage();
|
||||
loginResult.setMsg(MessageFormat.format("{0}: {1}", e.getClass().getName(), msg)); //$NON-NLS-1$
|
||||
return Response.serverError().entity(entity).build();
|
||||
return Response.serverError().entity(loginResult).build();
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -0,0 +1,68 @@
|
|||
/*
|
||||
* Copyright 2013 Robert von Burg <eitch@eitchnet.ch>
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package li.strolch.rest.endpoint;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.ws.rs.GET;
|
||||
import javax.ws.rs.Path;
|
||||
import javax.ws.rs.Produces;
|
||||
import javax.ws.rs.core.Context;
|
||||
import javax.ws.rs.core.GenericEntity;
|
||||
import javax.ws.rs.core.MediaType;
|
||||
import javax.ws.rs.core.Response;
|
||||
|
||||
import li.strolch.agent.api.ComponentContainer;
|
||||
import li.strolch.rest.RestfulStrolchComponent;
|
||||
import li.strolch.rest.StrolchRestfulConstants;
|
||||
import ch.eitchnet.privilege.base.AccessDeniedException;
|
||||
import ch.eitchnet.privilege.handler.PrivilegeHandler;
|
||||
import ch.eitchnet.privilege.model.Certificate;
|
||||
import ch.eitchnet.utils.xml.XmlKeyValue;
|
||||
|
||||
/**
|
||||
* @author Robert von Burg <eitch@eitchnet.ch>
|
||||
*/
|
||||
@Path("strolch/privilege/policies")
|
||||
public class PrivilegePoliciesService {
|
||||
|
||||
// private static final Logger logger = LoggerFactory.getLogger(PrivilegePoliciesService.class);
|
||||
|
||||
private PrivilegeHandler getPrivilegeHandler(Certificate cert, boolean requiresStrolchPrivilegeAdminRole) {
|
||||
if (requiresStrolchPrivilegeAdminRole && !cert.hasRole(StrolchRestfulConstants.ROLE_STROLCH_PRIVILEGE_ADMIN)) {
|
||||
throw new AccessDeniedException("You may not perform the request as you are missing role "
|
||||
+ StrolchRestfulConstants.ROLE_STROLCH_PRIVILEGE_ADMIN);
|
||||
}
|
||||
|
||||
ComponentContainer container = RestfulStrolchComponent.getInstance().getContainer();
|
||||
return container.getPrivilegeHandler().getPrivilegeHandler(cert);
|
||||
}
|
||||
|
||||
@GET
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
public Response getRoles(@Context HttpServletRequest request) {
|
||||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true);
|
||||
|
||||
Map<String, String> policyDefs = privilegeHandler.getPolicyDefs(cert);
|
||||
List<XmlKeyValue> values = XmlKeyValue.valueOf(policyDefs);
|
||||
GenericEntity<List<XmlKeyValue>> entity = new GenericEntity<List<XmlKeyValue>>(values) {
|
||||
};
|
||||
return Response.ok(entity, MediaType.APPLICATION_JSON).build();
|
||||
}
|
||||
}
|
|
@ -0,0 +1,258 @@
|
|||
/*
|
||||
* Copyright 2013 Robert von Burg <eitch@eitchnet.ch>
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package li.strolch.rest.endpoint;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.ws.rs.Consumes;
|
||||
import javax.ws.rs.DELETE;
|
||||
import javax.ws.rs.GET;
|
||||
import javax.ws.rs.POST;
|
||||
import javax.ws.rs.PUT;
|
||||
import javax.ws.rs.Path;
|
||||
import javax.ws.rs.PathParam;
|
||||
import javax.ws.rs.Produces;
|
||||
import javax.ws.rs.core.Context;
|
||||
import javax.ws.rs.core.GenericEntity;
|
||||
import javax.ws.rs.core.MediaType;
|
||||
import javax.ws.rs.core.Response;
|
||||
import javax.ws.rs.core.Response.Status;
|
||||
|
||||
import li.strolch.agent.api.ComponentContainer;
|
||||
import li.strolch.rest.RestfulStrolchComponent;
|
||||
import li.strolch.rest.StrolchRestfulConstants;
|
||||
import li.strolch.rest.model.Result;
|
||||
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
import ch.eitchnet.privilege.base.AccessDeniedException;
|
||||
import ch.eitchnet.privilege.base.PrivilegeException;
|
||||
import ch.eitchnet.privilege.handler.PrivilegeHandler;
|
||||
import ch.eitchnet.privilege.model.Certificate;
|
||||
import ch.eitchnet.privilege.model.PrivilegeRep;
|
||||
import ch.eitchnet.privilege.model.RoleRep;
|
||||
|
||||
/**
|
||||
* @author Robert von Burg <eitch@eitchnet.ch>
|
||||
*/
|
||||
@Path("strolch/privilege/roles")
|
||||
public class PrivilegeRolesService {
|
||||
|
||||
private static final Logger logger = LoggerFactory.getLogger(PrivilegeRolesService.class);
|
||||
|
||||
private PrivilegeHandler getPrivilegeHandler(Certificate cert, boolean requiresStrolchPrivilegeAdminRole) {
|
||||
if (requiresStrolchPrivilegeAdminRole && !cert.hasRole(StrolchRestfulConstants.ROLE_STROLCH_PRIVILEGE_ADMIN)) {
|
||||
throw new AccessDeniedException("You may not perform the request as you are missing role "
|
||||
+ StrolchRestfulConstants.ROLE_STROLCH_PRIVILEGE_ADMIN);
|
||||
}
|
||||
|
||||
ComponentContainer container = RestfulStrolchComponent.getInstance().getContainer();
|
||||
return container.getPrivilegeHandler().getPrivilegeHandler(cert);
|
||||
}
|
||||
|
||||
@GET
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
public Response getRoles(@Context HttpServletRequest request) {
|
||||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true);
|
||||
|
||||
List<RoleRep> roles = privilegeHandler.getRoles(cert);
|
||||
GenericEntity<List<RoleRep>> entity = new GenericEntity<List<RoleRep>>(roles) {
|
||||
};
|
||||
return Response.ok(entity, MediaType.APPLICATION_JSON).build();
|
||||
}
|
||||
|
||||
@GET
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
@Path("{rolename}")
|
||||
public Response getRole(@PathParam("rolename") String rolename, @Context HttpServletRequest request) {
|
||||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true);
|
||||
|
||||
RoleRep role = privilegeHandler.getRole(cert, rolename);
|
||||
return Response.ok(role, MediaType.APPLICATION_JSON).build();
|
||||
}
|
||||
|
||||
@POST
|
||||
@Consumes(MediaType.APPLICATION_JSON)
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
public Response addRole(RoleRep newRole, @Context HttpServletRequest request) {
|
||||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||
try {
|
||||
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true);
|
||||
privilegeHandler.addRole(cert, newRole);
|
||||
return Response.ok(new Result(), MediaType.APPLICATION_JSON).build();
|
||||
|
||||
} catch (AccessDeniedException e) {
|
||||
logger.error(e.getMessage(), e);
|
||||
return Response.status(Status.UNAUTHORIZED).entity(new Result(e.getMessage()))
|
||||
.type(MediaType.APPLICATION_JSON).build();
|
||||
} catch (PrivilegeException e) {
|
||||
logger.error(e.getMessage(), e);
|
||||
return Response.status(Status.FORBIDDEN).entity(new Result(e.getMessage()))
|
||||
.type(MediaType.APPLICATION_JSON).build();
|
||||
} catch (Exception e) {
|
||||
logger.error(e.getMessage(), e);
|
||||
return Response.serverError().entity(new Result(e.getMessage())).type(MediaType.APPLICATION_JSON).build();
|
||||
}
|
||||
}
|
||||
|
||||
@PUT
|
||||
@Consumes(MediaType.APPLICATION_JSON)
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
@Path("{rolename}")
|
||||
public Response replaceRole(@PathParam("rolename") String rolename, RoleRep updatedRole,
|
||||
@Context HttpServletRequest request) {
|
||||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||
try {
|
||||
|
||||
if (!rolename.equals(updatedRole.getName()))
|
||||
return Response.serverError().entity(new Result("Path rolename and data do not have same role name!"))
|
||||
.type(MediaType.APPLICATION_JSON).build();
|
||||
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true);
|
||||
privilegeHandler.replaceRole(cert, updatedRole);
|
||||
return Response.ok(new Result(), MediaType.APPLICATION_JSON).build();
|
||||
|
||||
} catch (AccessDeniedException e) {
|
||||
logger.error(e.getMessage(), e);
|
||||
return Response.status(Status.UNAUTHORIZED).entity(new Result(e.getMessage()))
|
||||
.type(MediaType.APPLICATION_JSON).build();
|
||||
} catch (PrivilegeException e) {
|
||||
logger.error(e.getMessage(), e);
|
||||
return Response.status(Status.FORBIDDEN).entity(new Result(e.getMessage()))
|
||||
.type(MediaType.APPLICATION_JSON).build();
|
||||
} catch (Exception e) {
|
||||
logger.error(e.getMessage(), e);
|
||||
return Response.serverError().entity(new Result(e.getMessage())).type(MediaType.APPLICATION_JSON).build();
|
||||
}
|
||||
}
|
||||
|
||||
@DELETE
|
||||
@Consumes(MediaType.APPLICATION_JSON)
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
@Path("{rolename}")
|
||||
public Response removeRole(@PathParam("rolename") String rolename, @Context HttpServletRequest request) {
|
||||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||
try {
|
||||
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true);
|
||||
privilegeHandler.removeRole(cert, rolename);
|
||||
return Response.ok(new Result(), MediaType.APPLICATION_JSON).build();
|
||||
|
||||
} catch (AccessDeniedException e) {
|
||||
logger.error(e.getMessage(), e);
|
||||
return Response.status(Status.UNAUTHORIZED).entity(new Result(e.getMessage()))
|
||||
.type(MediaType.APPLICATION_JSON).build();
|
||||
} catch (PrivilegeException e) {
|
||||
logger.error(e.getMessage(), e);
|
||||
return Response.status(Status.FORBIDDEN).entity(new Result(e.getMessage()))
|
||||
.type(MediaType.APPLICATION_JSON).build();
|
||||
} catch (Exception e) {
|
||||
logger.error(e.getMessage(), e);
|
||||
return Response.serverError().entity(new Result(e.getMessage())).type(MediaType.APPLICATION_JSON).build();
|
||||
}
|
||||
}
|
||||
|
||||
@PUT
|
||||
@Consumes(MediaType.APPLICATION_JSON)
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
@Path("{rolename}/privileges")
|
||||
public Response addOrReplacePrivilegeOnRole(@PathParam("rolename") String rolename, PrivilegeRep privilegeRep,
|
||||
@Context HttpServletRequest request) {
|
||||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||
try {
|
||||
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true);
|
||||
privilegeHandler.addOrReplacePrivilegeOnRole(cert, rolename, privilegeRep);
|
||||
return Response.ok(new Result(), MediaType.APPLICATION_JSON).build();
|
||||
|
||||
} catch (AccessDeniedException e) {
|
||||
logger.error(e.getMessage(), e);
|
||||
return Response.status(Status.UNAUTHORIZED).entity(new Result(e.getMessage()))
|
||||
.type(MediaType.APPLICATION_JSON).build();
|
||||
} catch (PrivilegeException e) {
|
||||
logger.error(e.getMessage(), e);
|
||||
return Response.status(Status.FORBIDDEN).entity(new Result(e.getMessage()))
|
||||
.type(MediaType.APPLICATION_JSON).build();
|
||||
} catch (Exception e) {
|
||||
logger.error(e.getMessage(), e);
|
||||
return Response.serverError().entity(new Result(e.getMessage())).type(MediaType.APPLICATION_JSON).build();
|
||||
}
|
||||
}
|
||||
|
||||
@DELETE
|
||||
@Consumes(MediaType.APPLICATION_JSON)
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
@Path("{rolename}/privileges/{privilege}")
|
||||
public Response removePrivilegeFromRole(@PathParam("rolename") String rolename,
|
||||
@PathParam("privilege") String privilege, @Context HttpServletRequest request) {
|
||||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||
try {
|
||||
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true);
|
||||
privilegeHandler.removePrivilegeFromRole(cert, rolename, privilege);
|
||||
return Response.ok(new Result(), MediaType.APPLICATION_JSON).build();
|
||||
|
||||
} catch (AccessDeniedException e) {
|
||||
logger.error(e.getMessage(), e);
|
||||
return Response.status(Status.UNAUTHORIZED).entity(new Result(e.getMessage()))
|
||||
.type(MediaType.APPLICATION_JSON).build();
|
||||
} catch (PrivilegeException e) {
|
||||
logger.error(e.getMessage(), e);
|
||||
return Response.status(Status.FORBIDDEN).entity(new Result(e.getMessage()))
|
||||
.type(MediaType.APPLICATION_JSON).build();
|
||||
} catch (Exception e) {
|
||||
logger.error(e.getMessage(), e);
|
||||
return Response.serverError().entity(new Result(e.getMessage())).type(MediaType.APPLICATION_JSON).build();
|
||||
}
|
||||
}
|
||||
|
||||
@PUT
|
||||
@Consumes(MediaType.APPLICATION_JSON)
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
@Path("{rolename}/privileges/{privilege}")
|
||||
public Response addOrReplacePrivilegeOnRole(@PathParam("rolename") String rolename,
|
||||
@PathParam("privilege") String privilege, PrivilegeRep privilegeRep, @Context HttpServletRequest request) {
|
||||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||
try {
|
||||
|
||||
if (!privilege.equals(privilegeRep.getName()))
|
||||
return Response.serverError()
|
||||
.entity(new Result("Path privilege and data do not have same privilege name!"))
|
||||
.type(MediaType.APPLICATION_JSON).build();
|
||||
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true);
|
||||
privilegeHandler.addOrReplacePrivilegeOnRole(cert, rolename, privilegeRep);
|
||||
return Response.ok(new Result(), MediaType.APPLICATION_JSON).build();
|
||||
|
||||
} catch (AccessDeniedException e) {
|
||||
logger.error(e.getMessage(), e);
|
||||
return Response.status(Status.UNAUTHORIZED).entity(new Result(e.getMessage()))
|
||||
.type(MediaType.APPLICATION_JSON).build();
|
||||
} catch (PrivilegeException e) {
|
||||
logger.error(e.getMessage(), e);
|
||||
return Response.status(Status.FORBIDDEN).entity(new Result(e.getMessage()))
|
||||
.type(MediaType.APPLICATION_JSON).build();
|
||||
} catch (Exception e) {
|
||||
logger.error(e.getMessage(), e);
|
||||
return Response.serverError().entity(new Result(e.getMessage())).type(MediaType.APPLICATION_JSON).build();
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,245 @@
|
|||
/*
|
||||
* Copyright 2013 Robert von Burg <eitch@eitchnet.ch>
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package li.strolch.rest.endpoint;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.ws.rs.Consumes;
|
||||
import javax.ws.rs.DELETE;
|
||||
import javax.ws.rs.GET;
|
||||
import javax.ws.rs.POST;
|
||||
import javax.ws.rs.PUT;
|
||||
import javax.ws.rs.Path;
|
||||
import javax.ws.rs.PathParam;
|
||||
import javax.ws.rs.Produces;
|
||||
import javax.ws.rs.core.Context;
|
||||
import javax.ws.rs.core.GenericEntity;
|
||||
import javax.ws.rs.core.MediaType;
|
||||
import javax.ws.rs.core.Response;
|
||||
import javax.ws.rs.core.Response.Status;
|
||||
|
||||
import li.strolch.agent.api.ComponentContainer;
|
||||
import li.strolch.rest.RestfulStrolchComponent;
|
||||
import li.strolch.rest.StrolchRestfulConstants;
|
||||
import li.strolch.rest.model.Result;
|
||||
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
import ch.eitchnet.privilege.base.AccessDeniedException;
|
||||
import ch.eitchnet.privilege.base.PrivilegeException;
|
||||
import ch.eitchnet.privilege.handler.PrivilegeHandler;
|
||||
import ch.eitchnet.privilege.model.Certificate;
|
||||
import ch.eitchnet.privilege.model.UserRep;
|
||||
|
||||
/**
|
||||
* @author Robert von Burg <eitch@eitchnet.ch>
|
||||
*/
|
||||
@Path("strolch/privilege/users")
|
||||
public class PrivilegeUsersService {
|
||||
|
||||
private static final Logger logger = LoggerFactory.getLogger(PrivilegeUsersService.class);
|
||||
|
||||
private PrivilegeHandler getPrivilegeHandler(Certificate cert, boolean requiresStrolchPrivilegeAdminRole) {
|
||||
if (requiresStrolchPrivilegeAdminRole && !cert.hasRole(StrolchRestfulConstants.ROLE_STROLCH_PRIVILEGE_ADMIN)) {
|
||||
throw new AccessDeniedException("You may not perform the request as you are missing role "
|
||||
+ StrolchRestfulConstants.ROLE_STROLCH_PRIVILEGE_ADMIN);
|
||||
}
|
||||
|
||||
ComponentContainer container = RestfulStrolchComponent.getInstance().getContainer();
|
||||
return container.getPrivilegeHandler().getPrivilegeHandler(cert);
|
||||
}
|
||||
|
||||
@GET
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
public Response getUsers(@Context HttpServletRequest request) {
|
||||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true);
|
||||
|
||||
List<UserRep> users = privilegeHandler.getUsers(cert);
|
||||
GenericEntity<List<UserRep>> entity = new GenericEntity<List<UserRep>>(users) {
|
||||
};
|
||||
return Response.ok(entity, MediaType.APPLICATION_JSON).build();
|
||||
}
|
||||
|
||||
@GET
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
@Path("{username}")
|
||||
public Response getUser(@PathParam("username") String username, @Context HttpServletRequest request) {
|
||||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true);
|
||||
|
||||
UserRep user = privilegeHandler.getUser(cert, username);
|
||||
return Response.ok(user, MediaType.APPLICATION_JSON).build();
|
||||
}
|
||||
|
||||
@POST
|
||||
@Consumes(MediaType.APPLICATION_JSON)
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
@Path("query")
|
||||
public Response queryUsers(UserRep query, @Context HttpServletRequest request) {
|
||||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true);
|
||||
|
||||
List<UserRep> users = privilegeHandler.queryUsers(cert, query);
|
||||
GenericEntity<List<UserRep>> entity = new GenericEntity<List<UserRep>>(users) {
|
||||
};
|
||||
return Response.ok(entity, MediaType.APPLICATION_JSON).build();
|
||||
}
|
||||
|
||||
@POST
|
||||
@Consumes(MediaType.APPLICATION_JSON)
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
public Response addUser(UserRep newUser, @Context HttpServletRequest request) {
|
||||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||
try {
|
||||
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true);
|
||||
privilegeHandler.addUser(cert, newUser, null);
|
||||
return Response.ok(new Result(), MediaType.APPLICATION_JSON).build();
|
||||
|
||||
} catch (AccessDeniedException e) {
|
||||
logger.error(e.getMessage(), e);
|
||||
return Response.status(Status.UNAUTHORIZED).entity(new Result(e.getMessage()))
|
||||
.type(MediaType.APPLICATION_JSON).build();
|
||||
} catch (PrivilegeException e) {
|
||||
logger.error(e.getMessage(), e);
|
||||
return Response.status(Status.FORBIDDEN).entity(new Result(e.getMessage()))
|
||||
.type(MediaType.APPLICATION_JSON).build();
|
||||
} catch (Exception e) {
|
||||
logger.error(e.getMessage(), e);
|
||||
return Response.serverError().entity(new Result(e.getMessage())).type(MediaType.APPLICATION_JSON).build();
|
||||
}
|
||||
}
|
||||
|
||||
@DELETE
|
||||
@Consumes(MediaType.APPLICATION_JSON)
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
@Path("{username}")
|
||||
public Response removeUser(@PathParam("username") String username, @Context HttpServletRequest request) {
|
||||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||
try {
|
||||
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true);
|
||||
privilegeHandler.removeUser(cert, username);
|
||||
return Response.ok(new Result(), MediaType.APPLICATION_JSON).build();
|
||||
|
||||
} catch (AccessDeniedException e) {
|
||||
logger.error(e.getMessage(), e);
|
||||
return Response.status(Status.UNAUTHORIZED).entity(new Result(e.getMessage()))
|
||||
.type(MediaType.APPLICATION_JSON).build();
|
||||
} catch (PrivilegeException e) {
|
||||
logger.error(e.getMessage(), e);
|
||||
return Response.status(Status.FORBIDDEN).entity(new Result(e.getMessage()))
|
||||
.type(MediaType.APPLICATION_JSON).build();
|
||||
} catch (Exception e) {
|
||||
logger.error(e.getMessage(), e);
|
||||
return Response.serverError().entity(new Result(e.getMessage())).type(MediaType.APPLICATION_JSON).build();
|
||||
}
|
||||
}
|
||||
|
||||
@PUT
|
||||
@Consumes(MediaType.APPLICATION_JSON)
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
@Path("{username}")
|
||||
public Response updateUser(@PathParam("username") String username, UserRep updatedFields,
|
||||
@Context HttpServletRequest request) {
|
||||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||
try {
|
||||
|
||||
if (!username.equals(updatedFields.getUsername()))
|
||||
return Response.serverError().entity(new Result("Path username and data do not have same username!"))
|
||||
.type(MediaType.APPLICATION_JSON).build();
|
||||
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true);
|
||||
privilegeHandler.updateUser(cert, updatedFields);
|
||||
return Response.ok(new Result(), MediaType.APPLICATION_JSON).build();
|
||||
|
||||
} catch (AccessDeniedException e) {
|
||||
logger.error(e.getMessage(), e);
|
||||
return Response.status(Status.UNAUTHORIZED).entity(new Result(e.getMessage()))
|
||||
.type(MediaType.APPLICATION_JSON).build();
|
||||
} catch (PrivilegeException e) {
|
||||
logger.error(e.getMessage(), e);
|
||||
return Response.status(Status.FORBIDDEN).entity(new Result(e.getMessage()))
|
||||
.type(MediaType.APPLICATION_JSON).build();
|
||||
} catch (Exception e) {
|
||||
logger.error(e.getMessage(), e);
|
||||
return Response.serverError().entity(new Result(e.getMessage())).type(MediaType.APPLICATION_JSON).build();
|
||||
}
|
||||
}
|
||||
|
||||
@PUT
|
||||
@Consumes(MediaType.APPLICATION_JSON)
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
@Path("{username}/roles/{rolename}")
|
||||
public Response addRoleToUser(@PathParam("username") String username, @PathParam("rolename") String rolename,
|
||||
@Context HttpServletRequest request) {
|
||||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||
try {
|
||||
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true);
|
||||
privilegeHandler.addRoleToUser(cert, username, rolename);
|
||||
return Response.ok(new Result(), MediaType.APPLICATION_JSON).build();
|
||||
|
||||
} catch (AccessDeniedException e) {
|
||||
logger.error(e.getMessage(), e);
|
||||
return Response.status(Status.UNAUTHORIZED).entity(new Result(e.getMessage()))
|
||||
.type(MediaType.APPLICATION_JSON).build();
|
||||
} catch (PrivilegeException e) {
|
||||
logger.error(e.getMessage(), e);
|
||||
return Response.status(Status.FORBIDDEN).entity(new Result(e.getMessage()))
|
||||
.type(MediaType.APPLICATION_JSON).build();
|
||||
} catch (Exception e) {
|
||||
logger.error(e.getMessage(), e);
|
||||
return Response.serverError().entity(new Result(e.getMessage())).type(MediaType.APPLICATION_JSON).build();
|
||||
}
|
||||
}
|
||||
|
||||
@DELETE
|
||||
@Consumes(MediaType.APPLICATION_JSON)
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
@Path("{username}/roles/{rolename}")
|
||||
public Response removeRoleFromUser(@PathParam("username") String username, @PathParam("rolename") String rolename,
|
||||
@Context HttpServletRequest request) {
|
||||
Certificate cert = (Certificate) request.getAttribute(StrolchRestfulConstants.STROLCH_CERTIFICATE);
|
||||
try {
|
||||
|
||||
PrivilegeHandler privilegeHandler = getPrivilegeHandler(cert, true);
|
||||
privilegeHandler.removeRoleFromUser(cert, username, rolename);
|
||||
return Response.ok(new Result(), MediaType.APPLICATION_JSON).build();
|
||||
|
||||
} catch (AccessDeniedException e) {
|
||||
logger.error(e.getMessage(), e);
|
||||
return Response.status(Status.UNAUTHORIZED).entity(new Result(e.getMessage()))
|
||||
.type(MediaType.APPLICATION_JSON).build();
|
||||
} catch (PrivilegeException e) {
|
||||
logger.error(e.getMessage(), e);
|
||||
return Response.status(Status.FORBIDDEN).entity(new Result(e.getMessage()))
|
||||
.type(MediaType.APPLICATION_JSON).build();
|
||||
} catch (Exception e) {
|
||||
logger.error(e.getMessage(), e);
|
||||
return Response.serverError().entity(new Result(e.getMessage())).type(MediaType.APPLICATION_JSON).build();
|
||||
}
|
||||
}
|
||||
|
||||
// TODO set password on user
|
||||
// TODO set state on user
|
||||
// TODO set locale on user
|
||||
// TODO change username of user
|
||||
|
||||
}
|
|
@ -25,6 +25,8 @@ import javax.xml.bind.annotation.XmlAttribute;
|
|||
import javax.xml.bind.annotation.XmlElement;
|
||||
import javax.xml.bind.annotation.XmlRootElement;
|
||||
|
||||
import ch.eitchnet.utils.xml.XmlKeyValue;
|
||||
|
||||
/**
|
||||
* @author Robert von Burg <eitch@eitchnet.ch>
|
||||
*/
|
||||
|
@ -41,9 +43,6 @@ public class LoginResult {
|
|||
@XmlAttribute(name = "locale")
|
||||
private String locale;
|
||||
|
||||
@XmlAttribute(name = "parameters")
|
||||
private Map<String, String> parameters;
|
||||
|
||||
@XmlAttribute(name = "msg")
|
||||
private String msg;
|
||||
|
||||
|
@ -53,6 +52,8 @@ public class LoginResult {
|
|||
@XmlElement(name = "privileges")
|
||||
private List<String> privileges;
|
||||
|
||||
private Map<String, String> parameters;
|
||||
|
||||
public LoginResult() {
|
||||
// no-arg constructor for JAXB
|
||||
}
|
||||
|
@ -125,6 +126,16 @@ public class LoginResult {
|
|||
this.parameters = parameters;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the string map properties of this user as a list of {@link XmlKeyValue} elements
|
||||
*
|
||||
* @return the string map properties of this user as a list of {@link XmlKeyValue} elements
|
||||
*/
|
||||
@XmlElement(name = "properties")
|
||||
public List<XmlKeyValue> getPropertiesAsKeyValue() {
|
||||
return XmlKeyValue.valueOf(this.parameters);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the msg
|
||||
*/
|
||||
|
|
|
@ -0,0 +1,50 @@
|
|||
/*
|
||||
* Copyright 2013 Robert von Burg <eitch@eitchnet.ch>
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package li.strolch.rest.model;
|
||||
|
||||
import javax.xml.bind.annotation.XmlAccessType;
|
||||
import javax.xml.bind.annotation.XmlAccessorType;
|
||||
import javax.xml.bind.annotation.XmlAttribute;
|
||||
import javax.xml.bind.annotation.XmlRootElement;
|
||||
|
||||
import ch.eitchnet.utils.helper.StringHelper;
|
||||
|
||||
/**
|
||||
* @author Robert von Burg <eitch@eitchnet.ch>
|
||||
*/
|
||||
@XmlRootElement(name = "Result")
|
||||
@XmlAccessorType(XmlAccessType.NONE)
|
||||
public class Result {
|
||||
|
||||
@XmlAttribute(name = "msg")
|
||||
private String msg;
|
||||
|
||||
public Result(String msg) {
|
||||
this.msg = msg;
|
||||
}
|
||||
|
||||
public Result() {
|
||||
this.msg = StringHelper.DASH;
|
||||
}
|
||||
|
||||
public String getMsg() {
|
||||
return this.msg;
|
||||
}
|
||||
|
||||
public void setMsg(String msg) {
|
||||
this.msg = msg;
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue