Fixed admin service createPolicies and added a test.
Change-Id: Ic200338ccb928646321477f6b74e0393f14c47e4
diff --git a/src/main/java/de/ids_mannheim/korap/config/AdminSetup.java b/src/main/java/de/ids_mannheim/korap/config/AdminSetup.java
index 378e015..142b8f0 100644
--- a/src/main/java/de/ids_mannheim/korap/config/AdminSetup.java
+++ b/src/main/java/de/ids_mannheim/korap/config/AdminSetup.java
@@ -1,10 +1,9 @@
package de.ids_mannheim.korap.config;
-import de.ids_mannheim.korap.exceptions.KustvaktException;
-import de.ids_mannheim.korap.interfaces.EncryptionIface;
+import java.io.File;
+import java.io.FileOutputStream;
-import java.io.*;
-import java.security.NoSuchAlgorithmException;
+import de.ids_mannheim.korap.interfaces.EncryptionIface;
/**
* Created by hanl on 30.05.16.
diff --git a/src/main/java/de/ids_mannheim/korap/web/filter/AdminFilter.java b/src/main/java/de/ids_mannheim/korap/web/filter/AdminFilter.java
index dc60e89..f66646a 100644
--- a/src/main/java/de/ids_mannheim/korap/web/filter/AdminFilter.java
+++ b/src/main/java/de/ids_mannheim/korap/web/filter/AdminFilter.java
@@ -5,8 +5,13 @@
import com.sun.jersey.spi.container.ContainerResponseFilter;
import com.sun.jersey.spi.container.ResourceFilter;
import de.ids_mannheim.korap.config.AdminSetup;
+import de.ids_mannheim.korap.config.Attributes;
import de.ids_mannheim.korap.config.BeansFactory;
+import de.ids_mannheim.korap.exceptions.KustvaktException;
+import de.ids_mannheim.korap.interfaces.AuthenticationManagerIface;
import de.ids_mannheim.korap.interfaces.EncryptionIface;
+import de.ids_mannheim.korap.security.auth.BasicHttpAuth;
+import de.ids_mannheim.korap.security.auth.KustvaktAuthenticationManager;
import de.ids_mannheim.korap.user.TokenContext;
import de.ids_mannheim.korap.user.User;
import de.ids_mannheim.korap.utils.NamingUtils;
@@ -14,6 +19,9 @@
import de.ids_mannheim.korap.web.utils.KustvaktContext;
import de.ids_mannheim.korap.web.utils.KustvaktResponseHandler;
+import java.util.HashMap;
+import java.util.Map;
+
import javax.ws.rs.ext.Provider;
/**
@@ -23,33 +31,51 @@
@Provider
public class AdminFilter implements ContainerRequestFilter, ResourceFilter {
+// private static AuthenticationManagerIface authManager = BeansFactory.getKustvaktContext()
+// .getAuthenticationManager();
+
@Override
public ContainerRequest filter (ContainerRequest cr) {
// todo:
String host = cr.getHeaderValue(ContainerRequest.HOST);
- String ua = cr.getHeaderValue(ContainerRequest.USER_AGENT);
-
+ String agent = cr.getHeaderValue(ContainerRequest.USER_AGENT);
String authentication = cr
.getHeaderValue(ContainerRequest.AUTHORIZATION);
-
- //if (authentication != null
- // && authentication.endsWith(BeansFactory.getKustvaktContext()
- // .getConfiguration().getAdminToken())) {
- if (authentication != null && cr.isSecure()) {
- String token = StringUtils.stripTokenType(authentication);
- EncryptionIface crypto = BeansFactory.getKustvaktContext()
- .getEncryption();
-
- if (crypto.checkHash(token, AdminSetup.getInstance().getHash())) {
- TokenContext c = new TokenContext();
- c.setUsername(User.ADMINISTRATOR_NAME);
- c.setTokenType(StringUtils.getTokenType(authentication));
- c.setToken(StringUtils.stripTokenType(authentication));
- cr.setSecurityContext(new KustvaktContext(c));
- }
+
+ //decode password
+ String authenticationType = StringUtils.getTokenType(authentication);
+ String authenticationCode = StringUtils.stripTokenType(authentication);
+ String username = null, token=null;
+ if (authenticationType.equals("basic")){
+ String[] authContent = BasicHttpAuth.decode(authenticationCode);
+ username = authContent[0];
+ token= authContent[1];
}
- else
- throw KustvaktResponseHandler.throwAuthenticationException("");
+
+// if (authentication != null
+// && authentication.endsWith(BeansFactory.getKustvaktContext()
+// .getConfiguration().getAdminToken())) {
+
+// EM: to do ssl
+// if (authentication != null && cr.isSecure()) {
+// String token = StringUtils.stripTokenType(authentication);
+// EncryptionIface crypto = BeansFactory.getKustvaktContext()
+// .getEncryption();
+
+ // EM: Another method of authentification using admin token
+// if (crypto.checkHash(token, AdminSetup.getInstance().getHash())) {
+ TokenContext c = new TokenContext();
+ c.setUsername(username);
+ c.setTokenType(authenticationType);
+ c.setToken(token);
+ c.setHostAddress(host);
+ c.setUserAgent(agent);
+ cr.setSecurityContext(new KustvaktContext(c));
+
+// }
+// }
+// else
+// throw KustvaktResponseHandler.throwAuthenticationException("");
return cr;
}
diff --git a/src/main/java/de/ids_mannheim/korap/web/service/full/AdminService.java b/src/main/java/de/ids_mannheim/korap/web/service/full/AdminService.java
index 77f6a8c..983f619 100644
--- a/src/main/java/de/ids_mannheim/korap/web/service/full/AdminService.java
+++ b/src/main/java/de/ids_mannheim/korap/web/service/full/AdminService.java
@@ -1,39 +1,49 @@
package de.ids_mannheim.korap.web.service.full;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Locale;
+import java.util.Map;
+
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.Produces;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.SecurityContext;
+
+import org.joda.time.DateTime;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
import com.sun.jersey.spi.container.ResourceFilters;
+
import de.ids_mannheim.korap.auditing.AuditRecord;
+import de.ids_mannheim.korap.config.Attributes;
import de.ids_mannheim.korap.config.BeansFactory;
import de.ids_mannheim.korap.exceptions.KustvaktException;
import de.ids_mannheim.korap.exceptions.StatusCodes;
import de.ids_mannheim.korap.handlers.DocumentDao;
-import de.ids_mannheim.korap.interfaces.db.AuditingIface;
import de.ids_mannheim.korap.interfaces.AuthenticationManagerIface;
+import de.ids_mannheim.korap.interfaces.db.AuditingIface;
import de.ids_mannheim.korap.resources.Document;
import de.ids_mannheim.korap.resources.KustvaktResource;
import de.ids_mannheim.korap.resources.Permissions;
import de.ids_mannheim.korap.resources.ResourceFactory;
import de.ids_mannheim.korap.security.PolicyCondition;
import de.ids_mannheim.korap.security.ac.PolicyBuilder;
+import de.ids_mannheim.korap.user.TokenContext;
import de.ids_mannheim.korap.user.User;
import de.ids_mannheim.korap.utils.JsonUtils;
-import de.ids_mannheim.korap.utils.KustvaktLogger;
import de.ids_mannheim.korap.utils.TimeUtils;
import de.ids_mannheim.korap.web.KustvaktServer;
import de.ids_mannheim.korap.web.filter.AdminFilter;
import de.ids_mannheim.korap.web.filter.PiwikFilter;
import de.ids_mannheim.korap.web.utils.KustvaktResponseHandler;
-import org.joda.time.DateTime;
-import org.joda.time.format.DateTimeFormat;
-import org.joda.time.format.DateTimeFormatter;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import javax.ws.rs.*;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
-import java.util.List;
-import java.util.Locale;
/**
* Created by hanl on 6/11/14.
@@ -45,7 +55,7 @@
private static Logger jlog = LoggerFactory.getLogger(AdminService.class);
- private AuthenticationManagerIface controller;
+ private AuthenticationManagerIface authManager;
private AuditingIface auditingController;
private DocumentDao documentDao;
@@ -53,7 +63,7 @@
public AdminService () {
this.auditingController = BeansFactory.getKustvaktContext()
.getAuditingProvider();
- this.controller = BeansFactory.getKustvaktContext()
+ this.authManager = BeansFactory.getKustvaktContext()
.getAuthenticationManager();
this.documentDao = new DocumentDao(BeansFactory.getKustvaktContext()
.getPersistenceClient());
@@ -100,7 +110,8 @@
@QueryParam("description") String description,
@QueryParam("group") String group,
@QueryParam("perm") List<String> permissions,
- @QueryParam("loc") String loc, @QueryParam("expire") String duration) {
+ @QueryParam("loc") String loc, @QueryParam("expire") String duration,
+ @Context SecurityContext context) {
try {
KustvaktResource resource = ResourceFactory.getResource(type);
@@ -110,18 +121,34 @@
Permissions.Permission[] p = Permissions.read(permissions
.toArray(new String[0]));
-
- PolicyBuilder cr = new PolicyBuilder(User.UserFactory.getAdmin())
- .setConditions(new PolicyCondition(group)).setResources(
- resource);
+
+ TokenContext tc = (TokenContext) context.getUserPrincipal();
+ Map<String, Object> attributes = new HashMap<>();
+ attributes.put(Attributes.HOST, tc.getHostAddress());
+ attributes.put(Attributes.USER_AGENT, tc.getUserAgent());
+
+ User user = null;
+ int tokenType = 0;
+ // EM: Use enum for the authentication types
+ if(!tc.getTokenType().equals("basic")){
+ tokenType = 1;
+ }
+
+ user = authManager.authenticate(tokenType, tc.getUsername(), tc.getToken(), attributes);
+
+ PolicyBuilder pb = new PolicyBuilder(user)
+ .setConditions(new PolicyCondition(group))
+ .setResources(resource);
+
if (loc != null && !loc.isEmpty())
- cr.setLocation(loc);
+ pb.setLocation(loc);
- if (duration != null && duration.isEmpty())
- cr.setContext(TimeUtils.getNow().getMillis(),
+ if (duration != null && !duration.isEmpty())
+ pb.setContext(TimeUtils.getNow().getMillis(),
TimeUtils.convertTimeToSeconds(duration));
- cr.setPermissions(p).create();
+ pb.setPermissions(p);
+ pb.create();
}
catch (KustvaktException e) {
throw KustvaktResponseHandler.throwit(e);