Disabled basic authentication in default config & added comments.
Change-Id: If49fe931f3f88667e525354ede9fc8cb1ac3e472
diff --git a/core/src/main/java/de/ids_mannheim/korap/config/KustvaktConfiguration.java b/core/src/main/java/de/ids_mannheim/korap/config/KustvaktConfiguration.java
index f88b724..260dcda 100644
--- a/core/src/main/java/de/ids_mannheim/korap/config/KustvaktConfiguration.java
+++ b/core/src/main/java/de/ids_mannheim/korap/config/KustvaktConfiguration.java
@@ -114,7 +114,7 @@
queryLanguages = new ArrayList<>();
for (String querylang : qls)
queryLanguages.add(querylang.trim().toUpperCase());
- String is = properties.getProperty("kustvakt.security.jwt.issuer", "");
+ String is = properties.getProperty("security.jwt.issuer", "");
if (!is.startsWith("http"))
is = "http://" + is;
diff --git a/full/src/main/java/de/ids_mannheim/korap/authentication/BasicAuthentication.java b/full/src/main/java/de/ids_mannheim/korap/authentication/BasicAuthentication.java
index 96b5800..c353884 100644
--- a/full/src/main/java/de/ids_mannheim/korap/authentication/BasicAuthentication.java
+++ b/full/src/main/java/de/ids_mannheim/korap/authentication/BasicAuthentication.java
@@ -7,15 +7,13 @@
import de.ids_mannheim.korap.authentication.http.HttpAuthorizationHandler;
import de.ids_mannheim.korap.authentication.http.TransferEncoding;
import de.ids_mannheim.korap.config.Attributes;
-import de.ids_mannheim.korap.config.TokenType;
-import de.ids_mannheim.korap.config.KustvaktConfiguration;
+import de.ids_mannheim.korap.config.FullConfiguration;
import de.ids_mannheim.korap.config.Scopes;
+import de.ids_mannheim.korap.config.TokenType;
import de.ids_mannheim.korap.dao.UserDao;
import de.ids_mannheim.korap.exceptions.KustvaktException;
import de.ids_mannheim.korap.exceptions.StatusCodes;
import de.ids_mannheim.korap.interfaces.AuthenticationIface;
-import de.ids_mannheim.korap.interfaces.EncryptionIface;
-import de.ids_mannheim.korap.user.KorAPUser;
import de.ids_mannheim.korap.user.TokenContext;
import de.ids_mannheim.korap.user.User;
import de.ids_mannheim.korap.utils.StringUtils;
@@ -30,10 +28,17 @@
* Basic authentication is intended to be used with a database. It is
* currently only used for testing using a dummy DAO (@see {@link UserDao})
* without passwords.
- *
+ *
+ * <br /><br />
+ * Latest changes:
+ * <ul>
+ * <li>Added userdao check
+ * </li>
+ * </ul>
+ *
*
* @author margaretha
- * @date 15/11/2017
+ * @date 01/03/2018
*
* @author hanl
* @date 28/04/2015
@@ -43,21 +48,19 @@
@Autowired
private TransferEncoding transferEncoding;
@Autowired
- private KustvaktConfiguration config;
- @Autowired
- private EncryptionIface crypto;
+ private FullConfiguration config;
+// @Autowired
+// private EncryptionIface crypto;
@Autowired
private UserDao dao;
- public BasicAuthentication (KustvaktConfiguration config) {
- this.config = config;
- }
-
@Override
public TokenContext getTokenContext (String authToken)
throws KustvaktException {
String[] values = transferEncoding.decodeBase64(authToken);
- if (values != null) {
+ User user = dao.getAccount(values[0]);
+
+ if (user != null) {
TokenContext c = new TokenContext();
c.setUsername(values[0]);
c.setExpirationTime(TimeUtils.plusSeconds(this.config.getTokenTTL())
diff --git a/full/src/main/java/de/ids_mannheim/korap/authentication/KustvaktAuthenticationManager.java b/full/src/main/java/de/ids_mannheim/korap/authentication/KustvaktAuthenticationManager.java
index 8a8ac3d..13e5f78 100644
--- a/full/src/main/java/de/ids_mannheim/korap/authentication/KustvaktAuthenticationManager.java
+++ b/full/src/main/java/de/ids_mannheim/korap/authentication/KustvaktAuthenticationManager.java
@@ -103,11 +103,12 @@
AuthenticationIface provider = getProvider(type , null);
- if (provider == null)
- // throw exception for missing type parameter
+ if (provider == null){
throw new KustvaktException(StatusCodes.ILLEGAL_ARGUMENT,
- "token type not defined or found", "token_type");
-
+ "Authentication provider for token type "+type
+ +" is not found.", type.displayName());
+ }
+
TokenContext context = provider.getTokenContext(token);
// if (!matchStatus(host, useragent, context))
// provider.removeUserSession(token);
diff --git a/full/src/main/java/de/ids_mannheim/korap/config/FullConfiguration.java b/full/src/main/java/de/ids_mannheim/korap/config/FullConfiguration.java
index aee009b..f5f04ad 100644
--- a/full/src/main/java/de/ids_mannheim/korap/config/FullConfiguration.java
+++ b/full/src/main/java/de/ids_mannheim/korap/config/FullConfiguration.java
@@ -19,9 +19,9 @@
private String testEmail;
private String noReply;
private String emailAddressRetrieval;
-
+
private String groupInvitationTemplate;
-
+
private String ldapConfig;
private String freeOnlyRegex;
@@ -62,13 +62,17 @@
}
private void setMailConfiguration (Properties properties) {
- setMailEnabled(Boolean.valueOf(properties.getProperty("mail.enabled", "false")));
- if (isMailEnabled){
+ setMailEnabled(Boolean
+ .valueOf(properties.getProperty("mail.enabled", "false")));
+ if (isMailEnabled) {
// other properties must be set in the kustvakt.conf
- setTestEmail(properties.getProperty("mail.receiver","test@localhost"));
+ setTestEmail(
+ properties.getProperty("mail.receiver", "test@localhost"));
setNoReply(properties.getProperty("mail.sender"));
- setGroupInvitationTemplate(properties.getProperty("template.group.invitation"));
- setEmailAddressRetrieval(properties.getProperty("mail.address.retrieval","test"));
+ setGroupInvitationTemplate(
+ properties.getProperty("template.group.invitation"));
+ setEmailAddressRetrieval(
+ properties.getProperty("mail.address.retrieval", "test"));
}
}
diff --git a/full/src/main/java/de/ids_mannheim/korap/dto/converter/ResourceConverter.java b/full/src/main/java/de/ids_mannheim/korap/dto/converter/ResourceConverter.java
index 03f00b3..bfd610d 100644
--- a/full/src/main/java/de/ids_mannheim/korap/dto/converter/ResourceConverter.java
+++ b/full/src/main/java/de/ids_mannheim/korap/dto/converter/ResourceConverter.java
@@ -11,38 +11,47 @@
import de.ids_mannheim.korap.entity.AnnotationPair;
import de.ids_mannheim.korap.entity.Resource;
+/**
+ * ResourceConverter prepares data transfer objects (DTOs) from {@link Resource}
+ * entities. DTO structure defines controllers output, namely the structure of
+ * JSON objects in HTTP responses.
+ *
+ * @author margaretha
+ *
+ */
@Component
public class ResourceConverter {
public List<ResourceDto> convertToResourcesDto (List<Resource> resources) {
- List<ResourceDto> resourceDtoList = new ArrayList<ResourceDto>(resources.size());
+ List<ResourceDto> resourceDtoList =
+ new ArrayList<ResourceDto>(resources.size());
ResourceDto dto;
Map<String, String> titles;
HashMap<Integer, String> layers;
- for (Resource r: resources){
+ for (Resource r : resources) {
dto = new ResourceDto();
dto.setDescription(r.getEnglishDescription());
dto.setResourceId(r.getId());
- dto.setLanguages(new String[]{"deu"});
-
+ dto.setLanguages(new String[] { "deu" });
+
titles = new HashMap<String, String>();
titles.put("en", r.getEnglishTitle());
titles.put("de", r.getGermanTitle());
dto.setTitles(titles);
-
+
layers = new HashMap<Integer, String>();
String foundry, layer, code;
- for (AnnotationPair annotationPair : r.getLayers()){
+ for (AnnotationPair annotationPair : r.getLayers()) {
foundry = annotationPair.getAnnotation1().getCode();
layer = annotationPair.getAnnotation2().getCode();
- code = foundry +"/"+layer;
+ code = foundry + "/" + layer;
layers.put(annotationPair.getId(), code);
}
dto.setLayers(layers);
-
+
resourceDtoList.add(dto);
}
-
+
return resourceDtoList;
}
}
diff --git a/full/src/main/java/de/ids_mannheim/korap/dto/converter/VirtualCorpusAccessConverter.java b/full/src/main/java/de/ids_mannheim/korap/dto/converter/VirtualCorpusAccessConverter.java
index 3d9e3de..abd2dab 100644
--- a/full/src/main/java/de/ids_mannheim/korap/dto/converter/VirtualCorpusAccessConverter.java
+++ b/full/src/main/java/de/ids_mannheim/korap/dto/converter/VirtualCorpusAccessConverter.java
@@ -7,7 +7,14 @@
import de.ids_mannheim.korap.dto.VirtualCorpusAccessDto;
import de.ids_mannheim.korap.entity.VirtualCorpusAccess;
-
+/**
+ * VirtualCorpusAccessConverter prepares data transfer objects (DTOs) from {@link VirtualCorpusAccess}
+ * entities. DTO structure defines controllers output, namely the structure of
+ * JSON objects in HTTP responses.
+ *
+ * @author margaretha
+ *
+ */
@Component
public class VirtualCorpusAccessConverter {
diff --git a/full/src/main/java/de/ids_mannheim/korap/dto/converter/VirtualCorpusConverter.java b/full/src/main/java/de/ids_mannheim/korap/dto/converter/VirtualCorpusConverter.java
index 66a74a5..52cbfe6 100644
--- a/full/src/main/java/de/ids_mannheim/korap/dto/converter/VirtualCorpusConverter.java
+++ b/full/src/main/java/de/ids_mannheim/korap/dto/converter/VirtualCorpusConverter.java
@@ -9,6 +9,14 @@
import de.ids_mannheim.korap.exceptions.KustvaktException;
import de.ids_mannheim.korap.utils.JsonUtils;
+/**
+ * VirtualCorpusConverter prepares data transfer objects (DTOs) from {@link VirtualCorpus}
+ * entities. DTO structure defines controllers output, namely the structure of
+ * JSON objects in HTTP responses.
+ *
+ * @author margaretha
+ *
+ */
@Component
public class VirtualCorpusConverter {
diff --git a/full/src/main/java/de/ids_mannheim/korap/entity/UserGroupMember.java b/full/src/main/java/de/ids_mannheim/korap/entity/UserGroupMember.java
index f148959..bcbd100 100644
--- a/full/src/main/java/de/ids_mannheim/korap/entity/UserGroupMember.java
+++ b/full/src/main/java/de/ids_mannheim/korap/entity/UserGroupMember.java
@@ -1,7 +1,6 @@
package de.ids_mannheim.korap.entity;
import java.time.ZonedDateTime;
-import java.util.Date;
import java.util.List;
import javax.persistence.Column;
diff --git a/full/src/main/java/de/ids_mannheim/korap/interfaces/AuthenticationManagerIface.java b/full/src/main/java/de/ids_mannheim/korap/interfaces/AuthenticationManagerIface.java
index f968b61..cf37422 100644
--- a/full/src/main/java/de/ids_mannheim/korap/interfaces/AuthenticationManagerIface.java
+++ b/full/src/main/java/de/ids_mannheim/korap/interfaces/AuthenticationManagerIface.java
@@ -6,10 +6,9 @@
import javax.ws.rs.core.HttpHeaders;
-import de.ids_mannheim.korap.config.TokenType;
import de.ids_mannheim.korap.config.AuthenticationMethod;
-import de.ids_mannheim.korap.config.AuthenticationScheme;
import de.ids_mannheim.korap.config.KustvaktCacheable;
+import de.ids_mannheim.korap.config.TokenType;
import de.ids_mannheim.korap.exceptions.KustvaktException;
import de.ids_mannheim.korap.user.TokenContext;
import de.ids_mannheim.korap.user.User;
diff --git a/full/src/main/java/de/ids_mannheim/korap/rewrite/CollectionConstraint.java b/full/src/main/java/de/ids_mannheim/korap/rewrite/CollectionConstraint.java
index 5d212dd..3228f76 100644
--- a/full/src/main/java/de/ids_mannheim/korap/rewrite/CollectionConstraint.java
+++ b/full/src/main/java/de/ids_mannheim/korap/rewrite/CollectionConstraint.java
@@ -1,15 +1,11 @@
package de.ids_mannheim.korap.rewrite;
import com.fasterxml.jackson.databind.JsonNode;
+
import de.ids_mannheim.korap.config.Attributes;
import de.ids_mannheim.korap.config.KustvaktConfiguration;
-import de.ids_mannheim.korap.exceptions.KustvaktException;
import de.ids_mannheim.korap.resource.rewrite.KoralNode;
import de.ids_mannheim.korap.resource.rewrite.RewriteTask;
-import de.ids_mannheim.korap.resource.rewrite.KoralNode.RewriteIdentifier;
-import de.ids_mannheim.korap.resource.rewrite.RewriteTask.IterableRewritePath;
-import de.ids_mannheim.korap.resources.Corpus;
-import de.ids_mannheim.korap.resources.KustvaktResource;
import de.ids_mannheim.korap.user.User;
/**
@@ -18,8 +14,6 @@
*/
public class CollectionConstraint implements RewriteTask.IterableRewritePath {
-
-
@Override
public JsonNode rewriteQuery (KoralNode node, KustvaktConfiguration config,
User user) {
diff --git a/full/src/main/java/de/ids_mannheim/korap/service/MailAuthenticator.java b/full/src/main/java/de/ids_mannheim/korap/service/MailAuthenticator.java
index 28e7660..a15d890 100644
--- a/full/src/main/java/de/ids_mannheim/korap/service/MailAuthenticator.java
+++ b/full/src/main/java/de/ids_mannheim/korap/service/MailAuthenticator.java
@@ -3,6 +3,13 @@
import javax.mail.Authenticator;
import javax.mail.PasswordAuthentication;
+/** Defines Authenticator for creating javax.mail.Session.
+ *
+ * @see src/main/resources/default-config.xml
+ *
+ * @author margaretha
+ *
+ */
public class MailAuthenticator extends Authenticator {
private PasswordAuthentication passwordAuthentication;
diff --git a/full/src/main/java/de/ids_mannheim/korap/service/MailService.java b/full/src/main/java/de/ids_mannheim/korap/service/MailService.java
index 5051815..556d7b7 100644
--- a/full/src/main/java/de/ids_mannheim/korap/service/MailService.java
+++ b/full/src/main/java/de/ids_mannheim/korap/service/MailService.java
@@ -21,6 +21,12 @@
import de.ids_mannheim.korap.interfaces.AuthenticationManagerIface;
import de.ids_mannheim.korap.user.User;
+/** Manages mail related services, such as sending group member invitations
+ * per email.
+ *
+ * @author margaretha
+ *
+ */
@Service
public class MailService {
diff --git a/full/src/main/java/de/ids_mannheim/korap/service/VirtualCorpusService.java b/full/src/main/java/de/ids_mannheim/korap/service/VirtualCorpusService.java
index 4e0214b..9706cfc 100644
--- a/full/src/main/java/de/ids_mannheim/korap/service/VirtualCorpusService.java
+++ b/full/src/main/java/de/ids_mannheim/korap/service/VirtualCorpusService.java
@@ -296,20 +296,20 @@
return false;
}
- public void editVCAccess (VirtualCorpusAccess access, String username)
- throws KustvaktException {
-
- // get all the VCA admins
- UserGroup userGroup = access.getUserGroup();
- List<UserGroupMember> accessAdmins =
- userGroupService.retrieveVCAccessAdmins(userGroup);
-
- User user = authManager.getUser(username);
- if (!user.isSystemAdmin()) {
- throw new KustvaktException(StatusCodes.AUTHORIZATION_FAILED,
- "Unauthorized operation for user: " + username, username);
- }
- }
+// public void editVCAccess (VirtualCorpusAccess access, String username)
+// throws KustvaktException {
+//
+// // get all the VCA admins
+// UserGroup userGroup = access.getUserGroup();
+// List<UserGroupMember> accessAdmins =
+// userGroupService.retrieveVCAccessAdmins(userGroup);
+//
+// User user = authManager.getUser(username);
+// if (!user.isSystemAdmin()) {
+// throw new KustvaktException(StatusCodes.AUTHORIZATION_FAILED,
+// "Unauthorized operation for user: " + username, username);
+// }
+// }
public List<VirtualCorpusAccessDto> listVCAccessByVC (String username,
int vcId) throws KustvaktException {
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/controller/UserGroupController.java b/full/src/main/java/de/ids_mannheim/korap/web/controller/UserGroupController.java
index 9e15d33..72a875b 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/controller/UserGroupController.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/controller/UserGroupController.java
@@ -51,9 +51,6 @@
PiwikFilter.class })
public class UserGroupController {
- private static Logger jlog =
- LoggerFactory.getLogger(UserGroupController.class);
-
@Autowired
private FullResponseHandler responseHandler;
@Autowired
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/input/UserGroupJson.java b/full/src/main/java/de/ids_mannheim/korap/web/input/UserGroupJson.java
index e3c25bd..b08e85f 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/input/UserGroupJson.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/input/UserGroupJson.java
@@ -1,8 +1,15 @@
package de.ids_mannheim.korap.web.input;
+import de.ids_mannheim.korap.web.controller.UserGroupController;
import lombok.Getter;
import lombok.Setter;
+/** Java POJO of JSON input used in the user group controller for
+ * creating user group and managing group members.
+ *
+ * @author margaretha
+ * @see UserGroupController
+ */
@Getter
@Setter
public class UserGroupJson {
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/input/VirtualCorpusJson.java b/full/src/main/java/de/ids_mannheim/korap/web/input/VirtualCorpusJson.java
index 2c8b35a..ac09516 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/input/VirtualCorpusJson.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/input/VirtualCorpusJson.java
@@ -8,7 +8,7 @@
import lombok.Getter;
import lombok.Setter;
-/** Java POJO of JSON input of the virtual corpus service for
+/** Java POJO of JSON input of the virtual corpus controller for
* creating and editing virtual corpora.
*
* @author margaretha
diff --git a/full/src/main/resources/default-config.xml b/full/src/main/resources/default-config.xml
index 594084a..64fbe6a 100644
--- a/full/src/main/resources/default-config.xml
+++ b/full/src/main/resources/default-config.xml
@@ -223,9 +223,6 @@
type="de.ids_mannheim.korap.interfaces.db.PersistenceClient" ref="kustvakt_db" />
</bean>
- <bean id="basic_auth" class="de.ids_mannheim.korap.authentication.BasicAuthentication" />
-
-
<bean id="session_auth"
class="de.ids_mannheim.korap.authentication.SessionAuthentication">
<constructor-arg type="de.ids_mannheim.korap.config.KustvaktConfiguration"
@@ -236,7 +233,6 @@
<util:list id="kustvakt_authproviders"
value-type="de.ids_mannheim.korap.interfaces.AuthenticationIface">
- <ref bean="basic_auth" />
<ref bean="ldap_auth" />
<ref bean="session_auth" />
<!-- <ref bean="api_auth" /> -->
diff --git a/full/src/main/resources/kustvakt.conf b/full/src/main/resources/kustvakt.conf
index ab20bad..a6b2c1d 100644
--- a/full/src/main/resources/kustvakt.conf
+++ b/full/src/main/resources/kustvakt.conf
@@ -41,8 +41,6 @@
availability.regex.public = ACA.* | QAO.NC
availability.regex.all = QAO.*
-kustvakt.management.registration=enable
-
## options referring to the security module!
## token expiration time in minutes!
@@ -50,7 +48,7 @@
security.tokenTTL=72H
security.shortTokenTTL=45M
-kustvakt.security.jwt.issuer=korap.ids-mannheim.de
+security.jwt.issuer=korap.ids-mannheim.de
## specifies the user data field that is used to salt user passwords
security.passcode.salt=salt
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/UserGroupControllerTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/UserGroupControllerTest.java
index c907338..e79195a 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/UserGroupControllerTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/UserGroupControllerTest.java
@@ -58,8 +58,9 @@
.header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
.get(ClientResponse.class);
String entity = response.getEntity(String.class);
+ System.out.println(entity);
assertEquals(Status.OK.getStatusCode(), response.getStatus());
- // System.out.println(entity);
+
JsonNode node = JsonUtils.readTree(entity);
JsonNode group = node.get(1);
diff --git a/full/src/test/resources/kustvakt-test.conf b/full/src/test/resources/kustvakt-test.conf
index 1de6cb1..8a9f170 100644
--- a/full/src/test/resources/kustvakt-test.conf
+++ b/full/src/test/resources/kustvakt-test.conf
@@ -41,8 +41,6 @@
availability.regex.public = ACA.* | QAO-NC
availability.regex.all = QAO.*
-kustvakt.management.registration=enable
-
## options referring to the security module!
## token expiration time in minutes!
@@ -50,7 +48,7 @@
security.tokenTTL = 9S
security.shortTokenTTL = 5S
-kustvakt.security.jwt.issuer=korap.ids-mannheim.de
+security.jwt.issuer=korap.ids-mannheim.de
## specifies the user data field that is used to salt user passwords
security.passcode.salt=salt