Changed admin authentication by using database and removed SSL.
Change-Id: Idca1d91aea908326771d34432a93c77032639c62
diff --git a/src/main/java/de/ids_mannheim/korap/config/AdminSetup.java b/src/main/java/de/ids_mannheim/korap/config/AdminSetup.java
index 142b8f0..4d6687f 100644
--- a/src/main/java/de/ids_mannheim/korap/config/AdminSetup.java
+++ b/src/main/java/de/ids_mannheim/korap/config/AdminSetup.java
@@ -8,6 +8,7 @@
/**
* Created by hanl on 30.05.16.
*/
+@Deprecated
public class AdminSetup {
private final String token_hash;
diff --git a/src/main/java/de/ids_mannheim/korap/config/Attributes.java b/src/main/java/de/ids_mannheim/korap/config/Attributes.java
index 8775883..16ddfdd 100644
--- a/src/main/java/de/ids_mannheim/korap/config/Attributes.java
+++ b/src/main/java/de/ids_mannheim/korap/config/Attributes.java
@@ -2,6 +2,7 @@
public class Attributes {
+ // EM: Use enum for the authentication types
public static final String AUTHORIZATION = "Authorization";
public static final String SESSION_AUTHENTICATION = "session_token";
public static final String API_AUTHENTICATION = "api_token";
@@ -44,7 +45,8 @@
public static final String ADDRESS = "address";
public static final String COUNTRY = "country";
public static final String IPADDRESS = "ipaddress";
- // deprcated, use created
+ public static final String IS_ADMIN = "admin";
+ // deprecated, use created
public static final String ACCOUNT_CREATION = "account_creation";
public static final String ACCOUNTLOCK = "account_lock";
public static final String ACCOUNTLINK = "account_link";
diff --git a/src/main/java/de/ids_mannheim/korap/config/ContextHolder.java b/src/main/java/de/ids_mannheim/korap/config/ContextHolder.java
index e142def..c0126da 100644
--- a/src/main/java/de/ids_mannheim/korap/config/ContextHolder.java
+++ b/src/main/java/de/ids_mannheim/korap/config/ContextHolder.java
@@ -29,6 +29,7 @@
public static final String KUSTVAKT_AUTHENTICATION_MANAGER = "kustvakt_authenticationmanager";
public static final String KUSTVAKT_AUTHPROVIDERS = "kustvakt_authproviders";
public static final String KUSTVAKT_USERDB = "kustvakt_userdb";
+ public static final String KUSTVAKT_ADMINDB = "kustvakt_admindb";
public static final String KUSTVAKT_POLICIES = "kustvakt_policies";
private ApplicationContext context = null;
@@ -105,6 +106,10 @@
public EntityHandlerIface getUserDBHandler () {
return getBean(KUSTVAKT_USERDB);
}
+
+ public AdminHandlerIface getAdminDBHandler () {
+ return getBean(KUSTVAKT_ADMINDB);
+ }
public PolicyHandlerIface getPolicyDbProvider () {
diff --git a/src/main/java/de/ids_mannheim/korap/config/KustvaktConfiguration.java b/src/main/java/de/ids_mannheim/korap/config/KustvaktConfiguration.java
index 7255988..4bd1605 100644
--- a/src/main/java/de/ids_mannheim/korap/config/KustvaktConfiguration.java
+++ b/src/main/java/de/ids_mannheim/korap/config/KustvaktConfiguration.java
@@ -28,18 +28,6 @@
public static final Map<String, Object> KUSTVAKT_USER = new HashMap<>();
-// static {
-// KUSTVAKT_USER.put(Attributes.ID, 1000);
-// KUSTVAKT_USER.put(Attributes.USERNAME, "kustvakt");
-// KUSTVAKT_USER.put(Attributes.PASSWORD, "kustvakt2015");
-// KUSTVAKT_USER.put(Attributes.EMAIL, "kustvakt@ids-mannheim.de");
-// KUSTVAKT_USER.put(Attributes.COUNTRY, "Germany");
-// KUSTVAKT_USER.put(Attributes.ADDRESS, "Mannheim");
-// KUSTVAKT_USER.put(Attributes.FIRSTNAME, "Kustvakt");
-// KUSTVAKT_USER.put(Attributes.LASTNAME, "KorAP");
-// KUSTVAKT_USER.put(Attributes.INSTITUTION, "IDS Mannheim");
-// }
-
private static final Logger jlog = LoggerFactory
.getLogger(KustvaktConfiguration.class);
private String indexDir;
@@ -168,7 +156,7 @@
KUSTVAKT_USER.put(Attributes.FIRSTNAME, properties.getProperty("kustvakt.init.user.firstname"));
KUSTVAKT_USER.put(Attributes.LASTNAME, properties.getProperty("kustvakt.init.user.lastname"));
KUSTVAKT_USER.put(Attributes.INSTITUTION, properties.getProperty("kustvakt.init.user.institution"));
-
+ KUSTVAKT_USER.put(Attributes.IS_ADMIN, properties.getProperty("kustvakt.init.user.admin"));
return properties;
}
diff --git a/src/main/java/de/ids_mannheim/korap/handlers/AdminDao.java b/src/main/java/de/ids_mannheim/korap/handlers/AdminDao.java
new file mode 100644
index 0000000..7237afd
--- /dev/null
+++ b/src/main/java/de/ids_mannheim/korap/handlers/AdminDao.java
@@ -0,0 +1,93 @@
+package de.ids_mannheim.korap.handlers;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.dao.DataAccessException;
+import org.springframework.jdbc.core.namedparam.MapSqlParameterSource;
+import org.springframework.jdbc.core.namedparam.NamedParameterJdbcTemplate;
+
+import de.ids_mannheim.korap.config.KustvaktBaseDaoInterface;
+import de.ids_mannheim.korap.exceptions.KustvaktException;
+import de.ids_mannheim.korap.interfaces.db.AdminHandlerIface;
+import de.ids_mannheim.korap.interfaces.db.PersistenceClient;
+import de.ids_mannheim.korap.user.User;
+
+public class AdminDao implements AdminHandlerIface, KustvaktBaseDaoInterface {
+
+ private static Logger jlog = LoggerFactory.getLogger(AdminDao.class);
+ private NamedParameterJdbcTemplate jdbcTemplate;
+
+ public AdminDao(PersistenceClient client) {
+ this.jdbcTemplate = (NamedParameterJdbcTemplate) client.getSource();
+ }
+
+ @Override
+ public int addAccount(User user) throws KustvaktException{
+ MapSqlParameterSource params = new MapSqlParameterSource();
+ params.addValue("user_id", user.getId());
+ String query = "INSERT INTO admin_users (user_id) VALUES (:user_id)";
+ try {
+ int r = this.jdbcTemplate.update(query, params);
+ return r;
+ }
+ catch (DataAccessException e) {
+ jlog.warn("Could not add {} as an admin. {} is already an admin.",
+ user.getUsername());
+// throw new dbException(user.getId().toString(), "admin_users",
+// StatusCodes.ENTRY_EXISTS, user.getId().toString());
+ return 0;
+ }
+ }
+
+ @Override
+ public int size() {
+ final String query = "SELECT COUNT(*) FROM admin_users;";
+ return this.jdbcTemplate.queryForObject(query, new HashMap<String, Object>(), Integer.class);
+ }
+
+ @Override
+ public int truncate() {
+ String sql = "DELETE FROM korap_users;";
+ try {
+ return this.jdbcTemplate.update(sql, new HashMap<String, Object>());
+ } catch (DataAccessException e) {
+ return -1;
+ }
+ }
+
+ @Override
+ public int updateAccount(User user) throws KustvaktException {
+ // TODO Auto-generated method stub
+ return 0;
+ }
+
+ @Override
+ public int deleteAccount(Integer userid) throws KustvaktException {
+ // TODO Auto-generated method stub
+ return 0;
+ }
+
+ @Override
+ public boolean isAdmin(int userId) {
+ Map<String, String> namedParameters = Collections.singletonMap(
+ "user_id", String.valueOf(userId));
+
+ final String sql = "select id from admin_users where user_id=:user_id;";
+ try {
+ List<Map<String, Object>> ids = this.jdbcTemplate.queryForList(sql, namedParameters);
+ if (ids.isEmpty()){
+ return false;
+ }
+ }
+ catch (DataAccessException e) {
+ return false;
+ }
+ return true;
+ }
+
+}
diff --git a/src/main/java/de/ids_mannheim/korap/handlers/EntityDao.java b/src/main/java/de/ids_mannheim/korap/handlers/EntityDao.java
index a13eeeb..3ef97bb 100644
--- a/src/main/java/de/ids_mannheim/korap/handlers/EntityDao.java
+++ b/src/main/java/de/ids_mannheim/korap/handlers/EntityDao.java
@@ -38,7 +38,6 @@
private static Logger jlog = LoggerFactory.getLogger(EntityDao.class);
private NamedParameterJdbcTemplate jdbcTemplate;
-
public EntityDao (PersistenceClient client) {
this.jdbcTemplate = (NamedParameterJdbcTemplate) client.getSource();
}
@@ -194,11 +193,11 @@
KeyHolder holder = new GeneratedKeyHolder();
+ int r;
try {
- int r = this.jdbcTemplate.update(query, np, holder,
+ r = this.jdbcTemplate.update(query, np, holder,
new String[] { "id" });
user.setId(holder.getKey().intValue());
- return r;
}
catch (DataAccessException e) {
jlog.error("Could not create user account with username: {}",
@@ -206,6 +205,8 @@
throw new dbException(user.getUsername(), "korap_users",
StatusCodes.ENTRY_EXISTS, user.getUsername());
}
+
+ return r;
}
diff --git a/src/main/java/de/ids_mannheim/korap/interfaces/db/AdminHandlerIface.java b/src/main/java/de/ids_mannheim/korap/interfaces/db/AdminHandlerIface.java
new file mode 100644
index 0000000..f9f56d6
--- /dev/null
+++ b/src/main/java/de/ids_mannheim/korap/interfaces/db/AdminHandlerIface.java
@@ -0,0 +1,24 @@
+package de.ids_mannheim.korap.interfaces.db;
+
+import de.ids_mannheim.korap.exceptions.KustvaktException;
+import de.ids_mannheim.korap.user.User;
+
+/**
+ * @author margaretha
+ */
+public interface AdminHandlerIface {
+
+ int updateAccount (User user) throws KustvaktException;
+
+
+ int addAccount (User user) throws KustvaktException;
+
+
+ int deleteAccount (Integer userid) throws KustvaktException;
+
+
+ int truncate () throws KustvaktException;
+
+ boolean isAdmin(int userId);
+
+}
diff --git a/src/main/java/de/ids_mannheim/korap/security/ac/PolicyEvaluator.java b/src/main/java/de/ids_mannheim/korap/security/ac/PolicyEvaluator.java
index 0fbe1d1..928ca77 100644
--- a/src/main/java/de/ids_mannheim/korap/security/ac/PolicyEvaluator.java
+++ b/src/main/java/de/ids_mannheim/korap/security/ac/PolicyEvaluator.java
@@ -172,7 +172,8 @@
public boolean isManaged () {
- return getOwner(this.policies[0]) == KorAPUser.ADMINISTRATOR_ID;
+ //return getOwner(this.policies[0]) == KorAPUser.ADMINISTRATOR_ID;
+ return false;
}
diff --git a/src/main/java/de/ids_mannheim/korap/security/auth/KustvaktAuthenticationManager.java b/src/main/java/de/ids_mannheim/korap/security/auth/KustvaktAuthenticationManager.java
index 4f18a76..c959e5e 100644
--- a/src/main/java/de/ids_mannheim/korap/security/auth/KustvaktAuthenticationManager.java
+++ b/src/main/java/de/ids_mannheim/korap/security/auth/KustvaktAuthenticationManager.java
@@ -11,6 +11,7 @@
import de.ids_mannheim.korap.interfaces.AuthenticationManagerIface;
import de.ids_mannheim.korap.interfaces.EncryptionIface;
import de.ids_mannheim.korap.interfaces.ValidatorIface;
+import de.ids_mannheim.korap.interfaces.db.AdminHandlerIface;
import de.ids_mannheim.korap.interfaces.db.AuditingIface;
import de.ids_mannheim.korap.interfaces.db.EntityHandlerIface;
import de.ids_mannheim.korap.interfaces.db.UserDataDbIface;
@@ -41,18 +42,21 @@
.getLogger(KustvaktAuthenticationManager.class);
private EncryptionIface crypto;
private EntityHandlerIface entHandler;
+ private AdminHandlerIface adminHandler;
private AuditingIface auditing;
private KustvaktConfiguration config;
private Collection userdatadaos;
private LoginCounter counter;
private ValidatorIface validator;
- public KustvaktAuthenticationManager (EntityHandlerIface userdb,
+ public KustvaktAuthenticationManager (EntityHandlerIface userdb,
+ AdminHandlerIface admindb,
EncryptionIface crypto,
KustvaktConfiguration config,
AuditingIface auditer,
Collection<UserDataDbIface> userdatadaos) {
this.entHandler = userdb;
+ this.adminHandler = admindb;
this.config = config;
this.crypto = crypto;
this.auditing = auditer;
@@ -258,7 +262,11 @@
attributes.toString());
}
}
+
+ boolean isAdmin = adminHandler.isAdmin(unknown.getId());
+ unknown.setAdmin(isAdmin);
jlog.trace("Authentication: found username " + unknown.getUsername());
+
if (unknown instanceof KorAPUser) {
if (password == null || password.isEmpty())
throw new WrappedException(new KustvaktException(
@@ -536,6 +544,11 @@
user.addField(param);
}
user.setPassword(hash);
+
+ String o = (String) attributes.get(Attributes.IS_ADMIN);
+ boolean b = Boolean.parseBoolean(o);
+ user.setAdmin(b);
+
try {
UserDetails details = new UserDetails();
details.read(safeMap, true);
@@ -546,6 +559,9 @@
jlog.info("Creating new user account for user {}",
user.getUsername());
entHandler.createAccount(user);
+ if (user.isAdmin() && user instanceof KorAPUser){
+ adminHandler.addAccount(user);
+ }
details.setUserId(user.getId());
settings.setUserId(user.getId());
diff --git a/src/main/java/de/ids_mannheim/korap/user/User.java b/src/main/java/de/ids_mannheim/korap/user/User.java
index 7cf211d..53c3d1e 100644
--- a/src/main/java/de/ids_mannheim/korap/user/User.java
+++ b/src/main/java/de/ids_mannheim/korap/user/User.java
@@ -21,8 +21,8 @@
@Data
public abstract class User implements Serializable {
- public static final int ADMINISTRATOR_ID = 34349733;
- public static final String ADMINISTRATOR_NAME = "admin";
+// public static final int ADMINISTRATOR_ID = 34349733;
+// public static final String ADMINISTRATOR_NAME = "admin";
private Integer id;
// in local its username, in shib it's edupersonPrincipalName
@@ -44,6 +44,7 @@
private List<Userdata> userdata;
+ private boolean isAdmin;
protected User () {
this.fields = new ParamFields();
@@ -134,10 +135,9 @@
return true;
}
-
- public boolean isAdmin () {
- return this.getUsername().equals(ADMINISTRATOR_ID);
- }
+// public boolean isAdmin () {
+// return this.getUsername().equals(ADMINISTRATOR_ID);
+// }
protected abstract User clone ();
@@ -164,10 +164,9 @@
return user;
}
-
- public static KorAPUser getAdmin () {
- return new KorAPUser(ADMINISTRATOR_ID, ADMINISTRATOR_NAME);
- }
+// public static KorAPUser getAdmin () {
+// return new KorAPUser(ADMINISTRATOR_ID, ADMINISTRATOR_NAME);
+// }
public static DemoUser getDemoUser () {
diff --git a/src/main/java/de/ids_mannheim/korap/utils/UserPropertyReader.java b/src/main/java/de/ids_mannheim/korap/utils/UserPropertyReader.java
index 544ceef..d98de46 100644
--- a/src/main/java/de/ids_mannheim/korap/utils/UserPropertyReader.java
+++ b/src/main/java/de/ids_mannheim/korap/utils/UserPropertyReader.java
@@ -21,6 +21,8 @@
/**
* @author hanl
* @date 30/09/2014
+ *
+ * EM: where is this used?
*/
public class UserPropertyReader extends PropertyReader {
@@ -70,23 +72,23 @@
private User createUser (String username, Properties p)
throws KustvaktException {
KorAPUser user;
- if (username.equals(User.ADMINISTRATOR_NAME)) {
- user = User.UserFactory.getAdmin();
-
- String pass = p.getProperty(username + ".password", null);
- if (pass == null)
- throw new KustvaktException(StatusCodes.ILLEGAL_ARGUMENT);
-
- try {
- pass = crypto.secureHash(pass);
- }
- catch (NoSuchAlgorithmException | UnsupportedEncodingException e) {
- throw new KustvaktException(StatusCodes.REQUEST_INVALID);
- }
- user.setPassword(pass);
- iface.createAccount(user);
- }
- else {
+// if (username.equals(User.ADMINISTRATOR_NAME)) {
+// user = User.UserFactory.getAdmin();
+//
+// String pass = p.getProperty(username + ".password", null);
+// if (pass == null)
+// throw new KustvaktException(StatusCodes.ILLEGAL_ARGUMENT);
+//
+// try {
+// pass = crypto.secureHash(pass);
+// }
+// catch (NoSuchAlgorithmException | UnsupportedEncodingException e) {
+// throw new KustvaktException(StatusCodes.REQUEST_INVALID);
+// }
+// user.setPassword(pass);
+// iface.createAccount(user);
+// }
+// else {
user = User.UserFactory.getUser(username);
Map<String, Object> vals = new HashMap<>();
for (Map.Entry e : p.entrySet()) {
@@ -132,7 +134,7 @@
BeansFactory.getKustvaktContext().getUserDataProviders(),
UserSettings.class);
dao.store(set);
- }
+// }
jlog.info("successfully created account for user {}",
user.getUsername());
diff --git a/src/main/java/de/ids_mannheim/korap/web/KustvaktBaseServer.java b/src/main/java/de/ids_mannheim/korap/web/KustvaktBaseServer.java
index 2939a2a..8fbd509 100644
--- a/src/main/java/de/ids_mannheim/korap/web/KustvaktBaseServer.java
+++ b/src/main/java/de/ids_mannheim/korap/web/KustvaktBaseServer.java
@@ -107,15 +107,15 @@
server.setHandler(contextHandler);
- if (kargs.sslContext != null) {
- SslSocketConnector sslConnector = new SslSocketConnector(
- kargs.sslContext);
- sslConnector.setPort(8443);
- sslConnector.setMaxIdleTime(60000);
- server.setConnectors(new Connector[] { connector, sslConnector });
- }
- else
- server.setConnectors(new Connector[] { connector });
+// if (kargs.sslContext != null) {
+// SslSocketConnector sslConnector = new SslSocketConnector(
+// kargs.sslContext);
+// sslConnector.setPort(8443);
+// sslConnector.setMaxIdleTime(60000);
+// server.setConnectors(new Connector[] { connector, sslConnector });
+// }
+// else
+ server.setConnectors(new Connector[] { connector });
server.start();
server.join();
diff --git a/src/main/java/de/ids_mannheim/korap/web/filter/AdminFilter.java b/src/main/java/de/ids_mannheim/korap/web/filter/AdminFilter.java
index 6455452..bfd12f9 100644
--- a/src/main/java/de/ids_mannheim/korap/web/filter/AdminFilter.java
+++ b/src/main/java/de/ids_mannheim/korap/web/filter/AdminFilter.java
@@ -1,93 +1,89 @@
package de.ids_mannheim.korap.web.filter;
-import com.sun.jersey.spi.container.ContainerRequest;
-import com.sun.jersey.spi.container.ContainerRequestFilter;
-import com.sun.jersey.spi.container.ContainerResponseFilter;
-import com.sun.jersey.spi.container.ResourceFilter;
-import de.ids_mannheim.korap.config.AdminSetup;
-import de.ids_mannheim.korap.config.Attributes;
-import de.ids_mannheim.korap.config.BeansFactory;
-import de.ids_mannheim.korap.exceptions.KustvaktException;
-import de.ids_mannheim.korap.interfaces.AuthenticationManagerIface;
-import de.ids_mannheim.korap.interfaces.EncryptionIface;
-import de.ids_mannheim.korap.security.auth.BasicHttpAuth;
-import de.ids_mannheim.korap.security.auth.KustvaktAuthenticationManager;
-import de.ids_mannheim.korap.user.TokenContext;
-import de.ids_mannheim.korap.user.User;
-import de.ids_mannheim.korap.utils.NamingUtils;
-import de.ids_mannheim.korap.utils.StringUtils;
-import de.ids_mannheim.korap.web.utils.KustvaktContext;
-import de.ids_mannheim.korap.web.utils.KustvaktResponseHandler;
-
import java.util.HashMap;
import java.util.Map;
import javax.ws.rs.ext.Provider;
+import com.sun.jersey.spi.container.ContainerRequest;
+import com.sun.jersey.spi.container.ContainerRequestFilter;
+import com.sun.jersey.spi.container.ContainerResponseFilter;
+import com.sun.jersey.spi.container.ResourceFilter;
+
+import de.ids_mannheim.korap.config.Attributes;
+import de.ids_mannheim.korap.config.BeansFactory;
+import de.ids_mannheim.korap.exceptions.KustvaktException;
+import de.ids_mannheim.korap.interfaces.AuthenticationManagerIface;
+import de.ids_mannheim.korap.security.auth.BasicHttpAuth;
+import de.ids_mannheim.korap.user.TokenContext;
+import de.ids_mannheim.korap.user.User;
+import de.ids_mannheim.korap.utils.StringUtils;
+import de.ids_mannheim.korap.web.utils.KustvaktContext;
+import de.ids_mannheim.korap.web.utils.KustvaktResponseHandler;
+
/**
- * @author hanl
- * @date 17/06/2014
+ * @author hanl, margaretha
+ * @date 04/2017
*/
@Provider
public class AdminFilter implements ContainerRequestFilter, ResourceFilter {
-// private static AuthenticationManagerIface authManager = BeansFactory.getKustvaktContext()
-// .getAuthenticationManager();
-
- @Override
- public ContainerRequest filter (ContainerRequest cr) {
- // todo:
- String host = cr.getHeaderValue(ContainerRequest.HOST);
- String agent = cr.getHeaderValue(ContainerRequest.USER_AGENT);
- String authentication = cr
- .getHeaderValue(ContainerRequest.AUTHORIZATION);
-
- //decode password
- String authenticationType = StringUtils.getTokenType(authentication);
- String authenticationCode = StringUtils.stripTokenType(authentication);
- String username = null, token=null;
- if (authenticationType.equals("basic")){
- String[] authContent = BasicHttpAuth.decode(authenticationCode);
- username = authContent[0];
- token= authContent[1];
- }
-
-// if (authentication != null
-// && authentication.endsWith(BeansFactory.getKustvaktContext()
-// .getConfiguration().getAdminToken())) {
-
-// EM: to do ssl
- if (authentication != null && cr.isSecure()) {
-// String token = StringUtils.stripTokenType(authentication);
-// EncryptionIface crypto = BeansFactory.getKustvaktContext()
-// .getEncryption();
-
- // EM: Another method of authentification using admin token
-// if (crypto.checkHash(token, AdminSetup.getInstance().getHash())) {
- TokenContext c = new TokenContext();
- c.setUsername(username);
- c.setTokenType(authenticationType);
- c.setToken(token);
- c.setHostAddress(host);
- c.setUserAgent(agent);
- cr.setSecurityContext(new KustvaktContext(c));
-
-// }
- }
- else
- throw KustvaktResponseHandler.throwAuthenticationException("Unsecure connection.");
- return cr;
- }
+ private static AuthenticationManagerIface authManager = BeansFactory.getKustvaktContext()
+ .getAuthenticationManager();
+ @Override
+ public ContainerRequest filter(ContainerRequest cr) {
+ String authentication = cr.getHeaderValue(ContainerRequest.AUTHORIZATION);
+ if (authentication == null) {
+ throw KustvaktResponseHandler.throwAuthenticationException("The authorization header value is missing.");
+ }
- @Override
- public ContainerRequestFilter getRequestFilter () {
- return this;
- }
+ // decode password
+ String authenticationType = StringUtils.getTokenType(authentication);
+ String authenticationCode = StringUtils.stripTokenType(authentication);
+ String username = null, token = null;
+ int tokenType = 0;
+
+ if (authenticationType.equals(Attributes.BASIC_AUTHENTICATION)) {
+ String[] authContent = BasicHttpAuth.decode(authenticationCode);
+ username = authContent[0];
+ token = authContent[1];
+ }
+
+ String host = cr.getHeaderValue(ContainerRequest.HOST);
+ String agent = cr.getHeaderValue(ContainerRequest.USER_AGENT);
+ Map<String, Object> attributes = new HashMap<>();
+ attributes.put(Attributes.HOST, host);
+ attributes.put(Attributes.USER_AGENT, agent);
+ try {
+ User user = authManager.authenticate(tokenType, username, token, attributes);
+ if (!user.isAdmin()){
+ throw KustvaktResponseHandler.throwAuthenticationException("Admin authentication failed.");
+ }
+ Map<String, Object> properties = cr.getProperties();
+ properties.put("user", user);
+ } catch (KustvaktException e) {
+ throw KustvaktResponseHandler.throwAuthenticationException("User authentication failed.");
+ }
+ TokenContext c = new TokenContext();
+ c.setUsername(username);
+ c.setTokenType(authenticationType);
+ c.setToken(token);
+ c.setHostAddress(host);
+ c.setUserAgent(agent);
+ cr.setSecurityContext(new KustvaktContext(c));
- @Override
- public ContainerResponseFilter getResponseFilter () {
- return null;
- }
+ return cr;
+ }
+
+ @Override
+ public ContainerRequestFilter getRequestFilter() {
+ return this;
+ }
+
+ @Override
+ public ContainerResponseFilter getResponseFilter() {
+ return null;
+ }
}
diff --git a/src/main/java/de/ids_mannheim/korap/web/service/full/AdminService.java b/src/main/java/de/ids_mannheim/korap/web/service/full/AdminService.java
index 983f619..d1a3162 100644
--- a/src/main/java/de/ids_mannheim/korap/web/service/full/AdminService.java
+++ b/src/main/java/de/ids_mannheim/korap/web/service/full/AdminService.java
@@ -20,6 +20,7 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import com.sun.jersey.api.core.HttpContext;
import com.sun.jersey.spi.container.ResourceFilters;
import de.ids_mannheim.korap.auditing.AuditRecord;
@@ -111,7 +112,7 @@
@QueryParam("group") String group,
@QueryParam("perm") List<String> permissions,
@QueryParam("loc") String loc, @QueryParam("expire") String duration,
- @Context SecurityContext context) {
+ @Context HttpContext context) {
try {
KustvaktResource resource = ResourceFactory.getResource(type);
@@ -122,20 +123,8 @@
Permissions.Permission[] p = Permissions.read(permissions
.toArray(new String[0]));
- TokenContext tc = (TokenContext) context.getUserPrincipal();
- Map<String, Object> attributes = new HashMap<>();
- attributes.put(Attributes.HOST, tc.getHostAddress());
- attributes.put(Attributes.USER_AGENT, tc.getUserAgent());
-
- User user = null;
- int tokenType = 0;
- // EM: Use enum for the authentication types
- if(!tc.getTokenType().equals("basic")){
- tokenType = 1;
- }
+ User user = (User) context.getProperties().get("user");
- user = authManager.authenticate(tokenType, tc.getUsername(), tc.getToken(), attributes);
-
PolicyBuilder pb = new PolicyBuilder(user)
.setConditions(new PolicyCondition(group))
.setResources(resource);
diff --git a/src/main/resources/db/mysql/V0.1__userdatabase.sql b/src/main/resources/db/mysql/V0.1__userdatabase.sql
index 09b1591..6f67575 100644
--- a/src/main/resources/db/mysql/V0.1__userdatabase.sql
+++ b/src/main/resources/db/mysql/V0.1__userdatabase.sql
@@ -14,6 +14,13 @@
account_link VARCHAR(100)
);
+CREATE TABLE IF NOT EXISTS admin_users (
+ id INTEGER PRIMARY KEY AUTO_INCREMENT,
+ user_id INTEGER NOT NULL UNIQUE,
+ foreign key (user_id)
+ references korap_users (id)
+);
+
CREATE TABLE IF NOT EXISTS shib_users (
id INTEGER PRIMARY KEY AUTO_INCREMENT,
username VARCHAR(100) NOT NULL UNIQUE,
diff --git a/src/main/resources/db/mysql/mysql_schema_comp.sql b/src/main/resources/db/mysql/mysql_schema_comp.sql
index 6ee11c5..44ec4de 100644
--- a/src/main/resources/db/mysql/mysql_schema_comp.sql
+++ b/src/main/resources/db/mysql/mysql_schema_comp.sql
@@ -22,6 +22,13 @@
accountLink VARCHAR(100)
)$$
+CREATE TABLE IF NOT EXISTS admin_users (
+ id INTEGER PRIMARY KEY AUTO_INCREMENT,
+ user_id INTEGER NOT NULL,
+ foreign key (user_id)
+ references korap_users (id)
+)$$
+
CREATE TABLE IF NOT EXISTS user_details (
Id INTEGER PRIMARY KEY AUTO_INCREMENT,
userID INTEGER NOT NULL UNIQUE,
diff --git a/src/main/resources/db/sqlite/V1__Initial_version.sql b/src/main/resources/db/sqlite/V1__Initial_version.sql
index eaa32ff..55641ae 100644
--- a/src/main/resources/db/sqlite/V1__Initial_version.sql
+++ b/src/main/resources/db/sqlite/V1__Initial_version.sql
@@ -11,6 +11,13 @@
account_link VARCHAR(100)
);
+CREATE TABLE IF NOT EXISTS admin_users (
+id INTEGER PRIMARY KEY AUTOINCREMENT,
+user_id INTEGER NOT NULL UNIQUE,
+foreign key (user_id)
+references korap_users (id)
+);
+
CREATE TABLE IF NOT EXISTS shib_users (
id INTEGER PRIMARY KEY AUTOINCREMENT,
username VARCHAR(150) NOT NULL UNIQUE,
diff --git a/src/main/resources/default-config.xml b/src/main/resources/default-config.xml
index 7d49e91..0a95416 100644
--- a/src/main/resources/default-config.xml
+++ b/src/main/resources/default-config.xml
@@ -99,7 +99,12 @@
class="de.ids_mannheim.korap.handlers.EntityDao">
<constructor-arg ref="kustvakt_db"/>
</bean>
-
+
+ <bean id="kustvakt_admindb"
+ class="de.ids_mannheim.korap.handlers.AdminDao">
+ <constructor-arg ref="kustvakt_db"/>
+ </bean>
+
<bean id="resource_provider"
class="de.ids_mannheim.korap.handlers.ResourceDao">
<constructor-arg ref="kustvakt_db"/>
@@ -192,6 +197,9 @@
<constructor-arg
type="de.ids_mannheim.korap.interfaces.db.EntityHandlerIface"
ref="kustvakt_userdb"/>
+ <constructor-arg
+ type="de.ids_mannheim.korap.interfaces.db.AdminHandlerIface"
+ ref="kustvakt_admindb"/>
<constructor-arg type="de.ids_mannheim.korap.interfaces.EncryptionIface"
ref="kustvakt_encryption"/>
<constructor-arg ref="kustvakt_config"/>