Updated admin filter and uses it for the closing index reader API.
Change-Id: I7f7ad4dbb97ae3cfd282fba4a952471878867dcb
diff --git a/core/Changes b/core/Changes
index 771026d..98871bf 100644
--- a/core/Changes
+++ b/core/Changes
@@ -2,6 +2,9 @@
2022-03-03
- Removed VCLoader.
+2022-03-28
+ - Updated admin filter (admintoken as a form param) and uses
+ it for the closing index reader API.
# version 0.65.1
diff --git a/core/src/main/java/de/ids_mannheim/korap/exceptions/StatusCodes.java b/core/src/main/java/de/ids_mannheim/korap/exceptions/StatusCodes.java
index 019c988..285485d 100644
--- a/core/src/main/java/de/ids_mannheim/korap/exceptions/StatusCodes.java
+++ b/core/src/main/java/de/ids_mannheim/korap/exceptions/StatusCodes.java
@@ -169,6 +169,7 @@
* MH: service level messages and callbacks
*/
+ @Deprecated
public static final int INCORRECT_ADMIN_TOKEN = 2000;
public static final int AUTHENTICATION_FAILED = 2001;
diff --git a/core/src/main/java/de/ids_mannheim/korap/service/SearchService.java b/core/src/main/java/de/ids_mannheim/korap/service/SearchService.java
index b1b5575..780ff22 100644
--- a/core/src/main/java/de/ids_mannheim/korap/service/SearchService.java
+++ b/core/src/main/java/de/ids_mannheim/korap/service/SearchService.java
@@ -11,7 +11,6 @@
import java.util.regex.Pattern;
import javax.annotation.PostConstruct;
-import javax.servlet.ServletContext;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.UriBuilder;
@@ -468,18 +467,8 @@
return graphDBhandler.getResponse("distCollo", "q", query);
}
- public void closeIndexReader (String token, ServletContext context)
- throws KustvaktException {
-
- if (token != null && !token.isEmpty()
- && token.equals(context.getInitParameter("adminToken"))) {
- searchKrill.closeIndexReader();
-// vcLoader.recachePredefinedVC();
- }
- else {
- throw new KustvaktException(StatusCodes.INCORRECT_ADMIN_TOKEN,
- "Admin token is incorrect");
- }
+ public void closeIndexReader () throws KustvaktException {
+ searchKrill.closeIndexReader();
}
/**
diff --git a/core/src/main/java/de/ids_mannheim/korap/web/controller/SearchController.java b/core/src/main/java/de/ids_mannheim/korap/web/controller/SearchController.java
index 0f49d48..f19f9c8 100644
--- a/core/src/main/java/de/ids_mannheim/korap/web/controller/SearchController.java
+++ b/core/src/main/java/de/ids_mannheim/korap/web/controller/SearchController.java
@@ -10,7 +10,6 @@
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
@@ -40,6 +39,7 @@
import de.ids_mannheim.korap.utils.ServiceInfo;
import de.ids_mannheim.korap.web.KustvaktResponseHandler;
import de.ids_mannheim.korap.web.filter.APIVersionFilter;
+import de.ids_mannheim.korap.web.filter.AdminFilter;
import de.ids_mannheim.korap.web.filter.AuthenticationFilter;
import de.ids_mannheim.korap.web.filter.DemoUserFilter;
import de.ids_mannheim.korap.web.filter.PiwikFilter;
@@ -101,9 +101,11 @@
@POST
@Path("{version}/index/close")
- public Response closeIndexReader (@FormParam("token") String token){
+ // overrides the whole filters
+ @ResourceFilters({APIVersionFilter.class,AdminFilter.class})
+ public Response closeIndexReader (){
try {
- searchService.closeIndexReader(token, context);
+ searchService.closeIndexReader();
}
catch (KustvaktException e) {
throw kustvaktResponseHandler.throwit(e);
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/filter/AdminFilter.java b/core/src/main/java/de/ids_mannheim/korap/web/filter/AdminFilter.java
similarity index 74%
rename from full/src/main/java/de/ids_mannheim/korap/web/filter/AdminFilter.java
rename to core/src/main/java/de/ids_mannheim/korap/web/filter/AdminFilter.java
index 229e303..dd794b4 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/filter/AdminFilter.java
+++ b/core/src/main/java/de/ids_mannheim/korap/web/filter/AdminFilter.java
@@ -36,35 +36,41 @@
@Override
public ContainerRequest filter (ContainerRequest request) {
ContainerRequest superRequest = super.filter(request);
-
- String adminToken = superRequest.getEntity(String.class);
-
- SecurityContext securityContext = superRequest.getSecurityContext();
- TokenContext tokenContext =
- (TokenContext) securityContext.getUserPrincipal();
- String username = tokenContext.getUsername();
-
+ String username = "guest";
+
+ // legacy support for kustvakt core
+ String adminToken = superRequest.getFormParameters().getFirst("token");
if (adminToken != null && !adminToken.isEmpty()) {
// startswith token=
- adminToken = adminToken.substring(6);
- if (adminToken.equals(servletContext.getInitParameter("adminToken"))) {
+ // adminToken = adminToken.substring(6);
+ if (adminToken
+ .equals(servletContext.getInitParameter("adminToken"))) {
return superRequest;
}
}
- if (adminDao.isAdmin(username)) {
- return superRequest;
+ SecurityContext securityContext = superRequest.getSecurityContext();
+ TokenContext tokenContext = (TokenContext) securityContext
+ .getUserPrincipal();
+
+ if (tokenContext != null) {
+ username = tokenContext.getUsername();
+ if (adminDao.isAdmin(username)) {
+ return superRequest;
+ }
}
throw kustvaktResponseHandler.throwit(new KustvaktException(
StatusCodes.AUTHORIZATION_FAILED,
"Unauthorized operation for user: " + username, username));
}
+
@Override
public ContainerRequestFilter getRequestFilter () {
return this;
}
+
@Override
public ContainerResponseFilter getResponseFilter () {
return null;
diff --git a/full/Changes b/full/Changes
index 653149b..c367b10 100644
--- a/full/Changes
+++ b/full/Changes
@@ -9,6 +9,9 @@
- Updated admin filter by using admin token and role checks.
2022-03-18
- Added an OAuth2 admin API to delete expired/revoked access and refresh tokens.
+2022-03-28
+ - Updated admin filter (admintoken as a form param) and uses
+ it for the closing index reader API.
# version 0.65.1
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuth2AdminController.java b/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuth2AdminController.java
index 336f1a8..f51ab78 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuth2AdminController.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuth2AdminController.java
@@ -37,7 +37,7 @@
@POST
@Path("/token/clean")
- public Response cleanExpiredInvalidToken (String token,
+ public Response cleanExpiredInvalidToken (
@Context SecurityContext securityContext) {
TokenContext context =