Updated admin filter and uses it for the closing index reader API.
Change-Id: I7f7ad4dbb97ae3cfd282fba4a952471878867dcb
diff --git a/core/Changes b/core/Changes
index 771026d..98871bf 100644
--- a/core/Changes
+++ b/core/Changes
@@ -2,6 +2,9 @@
2022-03-03
- Removed VCLoader.
+2022-03-28
+ - Updated admin filter (admintoken as a form param) and uses
+ it for the closing index reader API.
# version 0.65.1
diff --git a/core/src/main/java/de/ids_mannheim/korap/exceptions/StatusCodes.java b/core/src/main/java/de/ids_mannheim/korap/exceptions/StatusCodes.java
index 019c988..285485d 100644
--- a/core/src/main/java/de/ids_mannheim/korap/exceptions/StatusCodes.java
+++ b/core/src/main/java/de/ids_mannheim/korap/exceptions/StatusCodes.java
@@ -169,6 +169,7 @@
* MH: service level messages and callbacks
*/
+ @Deprecated
public static final int INCORRECT_ADMIN_TOKEN = 2000;
public static final int AUTHENTICATION_FAILED = 2001;
diff --git a/core/src/main/java/de/ids_mannheim/korap/service/SearchService.java b/core/src/main/java/de/ids_mannheim/korap/service/SearchService.java
index b1b5575..780ff22 100644
--- a/core/src/main/java/de/ids_mannheim/korap/service/SearchService.java
+++ b/core/src/main/java/de/ids_mannheim/korap/service/SearchService.java
@@ -11,7 +11,6 @@
import java.util.regex.Pattern;
import javax.annotation.PostConstruct;
-import javax.servlet.ServletContext;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.UriBuilder;
@@ -468,18 +467,8 @@
return graphDBhandler.getResponse("distCollo", "q", query);
}
- public void closeIndexReader (String token, ServletContext context)
- throws KustvaktException {
-
- if (token != null && !token.isEmpty()
- && token.equals(context.getInitParameter("adminToken"))) {
- searchKrill.closeIndexReader();
-// vcLoader.recachePredefinedVC();
- }
- else {
- throw new KustvaktException(StatusCodes.INCORRECT_ADMIN_TOKEN,
- "Admin token is incorrect");
- }
+ public void closeIndexReader () throws KustvaktException {
+ searchKrill.closeIndexReader();
}
/**
diff --git a/core/src/main/java/de/ids_mannheim/korap/web/controller/SearchController.java b/core/src/main/java/de/ids_mannheim/korap/web/controller/SearchController.java
index 0f49d48..f19f9c8 100644
--- a/core/src/main/java/de/ids_mannheim/korap/web/controller/SearchController.java
+++ b/core/src/main/java/de/ids_mannheim/korap/web/controller/SearchController.java
@@ -10,7 +10,6 @@
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
@@ -40,6 +39,7 @@
import de.ids_mannheim.korap.utils.ServiceInfo;
import de.ids_mannheim.korap.web.KustvaktResponseHandler;
import de.ids_mannheim.korap.web.filter.APIVersionFilter;
+import de.ids_mannheim.korap.web.filter.AdminFilter;
import de.ids_mannheim.korap.web.filter.AuthenticationFilter;
import de.ids_mannheim.korap.web.filter.DemoUserFilter;
import de.ids_mannheim.korap.web.filter.PiwikFilter;
@@ -101,9 +101,11 @@
@POST
@Path("{version}/index/close")
- public Response closeIndexReader (@FormParam("token") String token){
+ // overrides the whole filters
+ @ResourceFilters({APIVersionFilter.class,AdminFilter.class})
+ public Response closeIndexReader (){
try {
- searchService.closeIndexReader(token, context);
+ searchService.closeIndexReader();
}
catch (KustvaktException e) {
throw kustvaktResponseHandler.throwit(e);
diff --git a/core/src/main/java/de/ids_mannheim/korap/web/filter/AdminFilter.java b/core/src/main/java/de/ids_mannheim/korap/web/filter/AdminFilter.java
new file mode 100644
index 0000000..dd794b4
--- /dev/null
+++ b/core/src/main/java/de/ids_mannheim/korap/web/filter/AdminFilter.java
@@ -0,0 +1,78 @@
+package de.ids_mannheim.korap.web.filter;
+
+import javax.servlet.ServletContext;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.SecurityContext;
+import javax.ws.rs.ext.Provider;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import com.sun.jersey.spi.container.ContainerRequest;
+import com.sun.jersey.spi.container.ContainerRequestFilter;
+import com.sun.jersey.spi.container.ContainerResponseFilter;
+
+import de.ids_mannheim.korap.dao.AdminDao;
+import de.ids_mannheim.korap.exceptions.KustvaktException;
+import de.ids_mannheim.korap.exceptions.StatusCodes;
+import de.ids_mannheim.korap.security.context.TokenContext;
+import de.ids_mannheim.korap.web.KustvaktResponseHandler;
+
+/**
+ * @author hanl, margaretha
+ *
+ * @see {@link AuthenticationFilter}
+ */
+@Component
+@Provider
+public class AdminFilter extends AuthenticationFilter {
+
+ private @Context ServletContext servletContext;
+ @Autowired
+ private AdminDao adminDao;
+ @Autowired
+ private KustvaktResponseHandler kustvaktResponseHandler;
+
+ @Override
+ public ContainerRequest filter (ContainerRequest request) {
+ ContainerRequest superRequest = super.filter(request);
+ String username = "guest";
+
+ // legacy support for kustvakt core
+ String adminToken = superRequest.getFormParameters().getFirst("token");
+ if (adminToken != null && !adminToken.isEmpty()) {
+ // startswith token=
+ // adminToken = adminToken.substring(6);
+ if (adminToken
+ .equals(servletContext.getInitParameter("adminToken"))) {
+ return superRequest;
+ }
+ }
+
+ SecurityContext securityContext = superRequest.getSecurityContext();
+ TokenContext tokenContext = (TokenContext) securityContext
+ .getUserPrincipal();
+
+ if (tokenContext != null) {
+ username = tokenContext.getUsername();
+ if (adminDao.isAdmin(username)) {
+ return superRequest;
+ }
+ }
+ throw kustvaktResponseHandler.throwit(new KustvaktException(
+ StatusCodes.AUTHORIZATION_FAILED,
+ "Unauthorized operation for user: " + username, username));
+ }
+
+
+ @Override
+ public ContainerRequestFilter getRequestFilter () {
+ return this;
+ }
+
+
+ @Override
+ public ContainerResponseFilter getResponseFilter () {
+ return null;
+ }
+}