You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@usergrid.apache.org by mr...@apache.org on 2015/12/05 09:14:17 UTC
[2/2] usergrid git commit: Merge branch 'release' of
https://git-wip-us.apache.org/repos/asf/usergrid
Merge branch 'release' of https://git-wip-us.apache.org/repos/asf/usergrid
Project: http://git-wip-us.apache.org/repos/asf/usergrid/repo
Commit: http://git-wip-us.apache.org/repos/asf/usergrid/commit/c6945e3d
Tree: http://git-wip-us.apache.org/repos/asf/usergrid/tree/c6945e3d
Diff: http://git-wip-us.apache.org/repos/asf/usergrid/diff/c6945e3d
Branch: refs/heads/master
Commit: c6945e3d6f608d1333c269657eb47064866d3e0b
Parents: 3c8a308 fdc0d80
Author: Michael Russo <mi...@gmail.com>
Authored: Sat Dec 5 00:13:37 2015 -0800
Committer: Michael Russo <mi...@gmail.com>
Committed: Sat Dec 5 00:13:37 2015 -0800
----------------------------------------------------------------------
.../shard/impl/NodeShardAllocationImpl.java | 2 +-
.../rest/applications/ApplicationResource.java | 1 +
.../rest/applications/AuthResource.java | 10 +-
.../applications/assets/AssetsResource.java | 8 +-
.../rest/applications/queues/QueueResource.java | 10 ++
.../queues/QueueSubscriberResource.java | 5 +
.../queues/QueueSubscriptionResource.java | 5 +
.../queues/QueueTransactionsResource.java | 4 +
.../security/SecuredResourceFilterFactory.java | 93 ++++++++++++++-
.../annotations/CheckPermissionsForPath.java | 32 ++++++
.../usergrid/rest/applications/SecurityIT.java | 115 +++++++++++++++++++
11 files changed, 274 insertions(+), 11 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/usergrid/blob/c6945e3d/stack/rest/src/main/java/org/apache/usergrid/rest/applications/ApplicationResource.java
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/usergrid/blob/c6945e3d/stack/rest/src/main/java/org/apache/usergrid/rest/applications/assets/AssetsResource.java
----------------------------------------------------------------------
diff --cc stack/rest/src/main/java/org/apache/usergrid/rest/applications/assets/AssetsResource.java
index a8a106e,f748ee9..f1647b1
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/applications/assets/AssetsResource.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/applications/assets/AssetsResource.java
@@@ -22,8 -23,8 +22,9 @@@ import com.fasterxml.jackson.jaxrs.json
import org.apache.usergrid.persistence.EntityManager;
import org.apache.usergrid.persistence.entities.Asset;
import org.apache.usergrid.rest.AbstractContextResource;
+import org.apache.usergrid.rest.ApiResponse;
import org.apache.usergrid.rest.applications.ServiceResource;
+ import org.apache.usergrid.rest.security.annotations.CheckPermissionsForPath;
import org.apache.usergrid.rest.security.annotations.RequireApplicationAccess;
import org.apache.usergrid.services.assets.data.AssetUtils;
import org.apache.usergrid.services.assets.data.AwsSdkS3BinaryStore;
http://git-wip-us.apache.org/repos/asf/usergrid/blob/c6945e3d/stack/rest/src/main/java/org/apache/usergrid/rest/applications/queues/QueueResource.java
----------------------------------------------------------------------
diff --cc stack/rest/src/main/java/org/apache/usergrid/rest/applications/queues/QueueResource.java
index 98edf1c,de71073..609b860
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/applications/queues/QueueResource.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/applications/queues/QueueResource.java
@@@ -17,11 -17,25 +17,12 @@@
package org.apache.usergrid.rest.applications.queues;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import javax.ws.rs.Consumes;
-import javax.ws.rs.DELETE;
-import javax.ws.rs.DefaultValue;
-import javax.ws.rs.GET;
-import javax.ws.rs.POST;
-import javax.ws.rs.PUT;
-import javax.ws.rs.Path;
-import javax.ws.rs.PathParam;
-import javax.ws.rs.Produces;
-import javax.ws.rs.QueryParam;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.UriInfo;
-
+import com.fasterxml.jackson.jaxrs.json.annotation.JSONP;
+import org.apache.commons.lang.StringUtils;
+import org.apache.usergrid.exception.NotImplementedException;
+import org.apache.usergrid.mq.*;
+import org.apache.usergrid.rest.AbstractContextResource;
+ import org.apache.usergrid.rest.security.annotations.CheckPermissionsForPath;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.Scope;
@@@ -88,11 -107,10 +91,12 @@@ public class QueueResource extends Abst
}
+ @CheckPermissionsForPath
@Path("properties")
@GET
- public JSONWithPadding getProperties( @Context UriInfo ui,
+ @JSONP
+ @Produces({MediaType.APPLICATION_JSON, "application/javascript"})
+ public Queue getProperties( @Context UriInfo ui,
@QueryParam("callback") @DefaultValue("callback") String callback )
throws Exception {
@@@ -117,10 -134,9 +122,11 @@@
}
+ @CheckPermissionsForPath
@GET
- public JSONWithPadding executeGet( @Context UriInfo ui, @QueryParam("start") String firstQueuePath,
+ @JSONP
+ @Produces({MediaType.APPLICATION_JSON, "application/javascript"})
+ public Object executeGet( @Context UriInfo ui, @QueryParam("start") String firstQueuePath,
@QueryParam("limit") @DefaultValue("10") int limit,
@QueryParam("callback") @DefaultValue("callback") String callback )
throws Exception {
@@@ -162,11 -180,10 +169,12 @@@
}
+ @CheckPermissionsForPath
@PUT
@Consumes(MediaType.APPLICATION_JSON)
- public JSONWithPadding executePut( @Context UriInfo ui, Map<String, Object> json,
+ @JSONP
+ @Produces({MediaType.APPLICATION_JSON, "application/javascript"})
+ public Map<String, Object> executePut( @Context UriInfo ui, Map<String, Object> json,
@QueryParam("callback") @DefaultValue("callback") String callback )
throws Exception {
@@@ -178,11 -195,11 +186,12 @@@
}
+ @CheckPermissionsForPath
@DELETE
- public JSONWithPadding executeDelete( @Context UriInfo ui,
- @QueryParam("callback") @DefaultValue("callback") String callback )
- throws Exception {
+ @JSONP
+ @Produces({MediaType.APPLICATION_JSON, "application/javascript"})
+ public Queue executeDelete(
+ @Context UriInfo ui, @QueryParam("callback") @DefaultValue("callback") String callback ) throws Exception {
throw new NotImplementedException( "Queue delete is not implemented yet" );
}
http://git-wip-us.apache.org/repos/asf/usergrid/blob/c6945e3d/stack/rest/src/main/java/org/apache/usergrid/rest/applications/queues/QueueSubscriberResource.java
----------------------------------------------------------------------
diff --cc stack/rest/src/main/java/org/apache/usergrid/rest/applications/queues/QueueSubscriberResource.java
index baa9535,7f32be0..b264e8f
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/applications/queues/QueueSubscriberResource.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/applications/queues/QueueSubscriberResource.java
@@@ -17,11 -17,24 +17,12 @@@
package org.apache.usergrid.rest.applications.queues;
-import java.util.List;
-import java.util.Map;
-
-import javax.ws.rs.Consumes;
-import javax.ws.rs.DELETE;
-import javax.ws.rs.DefaultValue;
-import javax.ws.rs.GET;
-import javax.ws.rs.POST;
-import javax.ws.rs.PUT;
-import javax.ws.rs.Path;
-import javax.ws.rs.PathParam;
-import javax.ws.rs.Produces;
-import javax.ws.rs.QueryParam;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.UriInfo;
-
+import com.fasterxml.jackson.jaxrs.json.annotation.JSONP;
+import org.apache.commons.lang.StringUtils;
+import org.apache.usergrid.mq.QueueManager;
+import org.apache.usergrid.mq.QueueSet;
+import org.apache.usergrid.rest.AbstractContextResource;
+ import org.apache.usergrid.rest.security.annotations.CheckPermissionsForPath;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.Scope;
@@@ -79,10 -93,9 +80,11 @@@ public class QueueSubscriberResource ex
}
+ @CheckPermissionsForPath
@GET
- public JSONWithPadding executeGet( @Context UriInfo ui, @QueryParam("start") String firstSubscriberQueuePath,
+ @JSONP
+ @Produces({MediaType.APPLICATION_JSON, "application/javascript"})
+ public QueueSet executeGet( @Context UriInfo ui, @QueryParam("start") String firstSubscriberQueuePath,
@QueryParam("limit") @DefaultValue("10") int limit,
@QueryParam("callback") @DefaultValue("callback") String callback )
throws Exception {
@@@ -95,11 -108,10 +97,12 @@@
}
+ @CheckPermissionsForPath
@POST
@Consumes(MediaType.APPLICATION_JSON)
- public JSONWithPadding executePost( @Context UriInfo ui, EntityHolder<Map<String, Object>> body,
+ @JSONP
+ @Produces({MediaType.APPLICATION_JSON, "application/javascript"})
+ public QueueSet executePost( @Context UriInfo ui, Map<String, Object> body,
@QueryParam("callback") @DefaultValue("callback") String callback )
throws Exception {
@@@ -109,11 -121,10 +112,12 @@@
}
+ @CheckPermissionsForPath
@PUT
@Consumes(MediaType.APPLICATION_JSON)
- public JSONWithPadding executePut( @Context UriInfo ui, EntityHolder<Map<String, Object>> body,
+ @JSONP
+ @Produces({MediaType.APPLICATION_JSON, "application/javascript"})
+ public QueueSet executePut( @Context UriInfo ui, Map<String, Object> body,
@QueryParam("callback") @DefaultValue("callback") String callback )
throws Exception {
@@@ -136,10 -147,9 +140,11 @@@
}
+ @CheckPermissionsForPath
@DELETE
- public JSONWithPadding executeDelete( @Context UriInfo ui,
+ @JSONP
+ @Produces({MediaType.APPLICATION_JSON, "application/javascript"})
+ public QueueSet executeDelete( @Context UriInfo ui,
@QueryParam("callback") @DefaultValue("callback") String callback )
throws Exception {
http://git-wip-us.apache.org/repos/asf/usergrid/blob/c6945e3d/stack/rest/src/main/java/org/apache/usergrid/rest/applications/queues/QueueSubscriptionResource.java
----------------------------------------------------------------------
diff --cc stack/rest/src/main/java/org/apache/usergrid/rest/applications/queues/QueueSubscriptionResource.java
index a21cd66,c488095..778b57d
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/applications/queues/QueueSubscriptionResource.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/applications/queues/QueueSubscriptionResource.java
@@@ -17,11 -17,24 +17,12 @@@
package org.apache.usergrid.rest.applications.queues;
-import java.util.List;
-import java.util.Map;
-
-import javax.ws.rs.Consumes;
-import javax.ws.rs.DELETE;
-import javax.ws.rs.DefaultValue;
-import javax.ws.rs.GET;
-import javax.ws.rs.POST;
-import javax.ws.rs.PUT;
-import javax.ws.rs.Path;
-import javax.ws.rs.PathParam;
-import javax.ws.rs.Produces;
-import javax.ws.rs.QueryParam;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.UriInfo;
-
+import com.fasterxml.jackson.jaxrs.json.annotation.JSONP;
+import org.apache.commons.lang.StringUtils;
+import org.apache.usergrid.mq.QueueManager;
+import org.apache.usergrid.mq.QueueSet;
+import org.apache.usergrid.rest.AbstractContextResource;
+ import org.apache.usergrid.rest.security.annotations.CheckPermissionsForPath;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.Scope;
@@@ -81,10 -95,9 +82,11 @@@ public class QueueSubscriptionResource
}
+ @CheckPermissionsForPath
@GET
- public JSONWithPadding executeGet( @Context UriInfo ui, @QueryParam("start") String firstSubscriptionQueuePath,
+ @JSONP
+ @Produces({MediaType.APPLICATION_JSON, "application/javascript"})
+ public QueueSet executeGet( @Context UriInfo ui, @QueryParam("start") String firstSubscriptionQueuePath,
@QueryParam("limit") @DefaultValue("10") int limit,
@QueryParam("callback") @DefaultValue("callback") String callback )
throws Exception {
@@@ -97,11 -110,10 +99,12 @@@
}
+ @CheckPermissionsForPath
@POST
@Consumes(MediaType.APPLICATION_JSON)
- public JSONWithPadding executePost( @Context UriInfo ui, EntityHolder<Map<String, Object>> body,
+ @JSONP
+ @Produces({MediaType.APPLICATION_JSON, "application/javascript"})
+ public QueueSet executePost( @Context UriInfo ui, Map<String, Object> body,
@QueryParam("callback") @DefaultValue("callback") String callback )
throws Exception {
@@@ -111,11 -123,10 +114,12 @@@
}
+ @CheckPermissionsForPath
@PUT
@Consumes(MediaType.APPLICATION_JSON)
- public JSONWithPadding executePut( @Context UriInfo ui, EntityHolder<Map<String, Object>> body,
+ @JSONP
+ @Produces({MediaType.APPLICATION_JSON, "application/javascript"})
+ public QueueSet executePut( @Context UriInfo ui, Map<String, Object> body,
@QueryParam("callback") @DefaultValue("callback") String callback )
throws Exception {
@@@ -138,10 -149,9 +142,11 @@@
}
+ @CheckPermissionsForPath
@DELETE
- public JSONWithPadding executeDelete( @Context UriInfo ui,
+ @JSONP
+ @Produces({MediaType.APPLICATION_JSON, "application/javascript"})
+ public QueueSet executeDelete( @Context UriInfo ui,
@QueryParam("callback") @DefaultValue("callback") String callback )
throws Exception {
http://git-wip-us.apache.org/repos/asf/usergrid/blob/c6945e3d/stack/rest/src/main/java/org/apache/usergrid/rest/applications/queues/QueueTransactionsResource.java
----------------------------------------------------------------------
diff --cc stack/rest/src/main/java/org/apache/usergrid/rest/applications/queues/QueueTransactionsResource.java
index 199e7f8,56cca2c..678daae
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/applications/queues/QueueTransactionsResource.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/applications/queues/QueueTransactionsResource.java
@@@ -17,21 -17,30 +17,23 @@@
package org.apache.usergrid.rest.applications.queues;
-import java.util.UUID;
-
-import javax.ws.rs.DELETE;
-import javax.ws.rs.DefaultValue;
-import javax.ws.rs.PUT;
-import javax.ws.rs.Path;
-import javax.ws.rs.PathParam;
-import javax.ws.rs.Produces;
-import javax.ws.rs.QueryParam;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.UriInfo;
-
+import com.fasterxml.jackson.jaxrs.json.annotation.JSONP;
+import org.apache.usergrid.mq.QueueManager;
+import org.apache.usergrid.mq.QueueQuery;
+import org.apache.usergrid.persistence.Results;
+import org.apache.usergrid.rest.AbstractContextResource;
+ import org.apache.usergrid.rest.security.annotations.CheckPermissionsForPath;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Component;
-import org.apache.usergrid.mq.QueueManager;
-import org.apache.usergrid.mq.QueueQuery;
-import org.apache.usergrid.persistence.Results;
-import org.apache.usergrid.rest.AbstractContextResource;
-import com.sun.jersey.api.json.JSONWithPadding;
++
+import javax.ws.rs.*;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.UriInfo;
+import java.util.UUID;
import static org.apache.usergrid.utils.MapUtils.hashMap;
@@@ -62,11 -71,10 +64,12 @@@ public class QueueTransactionsResource
}
+ @CheckPermissionsForPath
@Path("{id}")
@PUT
- public JSONWithPadding updateTransaction( @Context UriInfo ui, @PathParam("id") UUID transactionId,
+ @JSONP
+ @Produces({MediaType.APPLICATION_JSON, "application/javascript"})
+ public Results updateTransaction( @Context UriInfo ui, @PathParam("id") UUID transactionId,
@QueryParam("callback") @DefaultValue("callback") String callback )
throws Exception {
@@@ -78,11 -86,10 +81,12 @@@
}
+ @CheckPermissionsForPath
@Path("{id}")
@DELETE
- public JSONWithPadding removeTransaction( @Context UriInfo ui, @PathParam("id") UUID transactionId,
+ @JSONP
+ @Produces({MediaType.APPLICATION_JSON, "application/javascript"})
+ public Results removeTransaction( @Context UriInfo ui, @PathParam("id") UUID transactionId,
@QueryParam("callback") @DefaultValue("callback") String callback )
throws Exception {
http://git-wip-us.apache.org/repos/asf/usergrid/blob/c6945e3d/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java
----------------------------------------------------------------------
diff --cc stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java
index 04f0fc4,d867e1b..d57e84c
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java
@@@ -17,16 -17,28 +17,14 @@@
package org.apache.usergrid.rest.security;
-import java.util.Collections;
-import java.util.List;
-import java.util.Map;
-import java.util.Properties;
-
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.UriInfo;
-
+ import org.apache.shiro.subject.Subject;
-import org.apache.usergrid.rest.security.annotations.*;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Qualifier;
-import org.springframework.stereotype.Component;
import org.apache.usergrid.management.ApplicationInfo;
import org.apache.usergrid.management.ManagementService;
import org.apache.usergrid.persistence.EntityManager;
import org.apache.usergrid.persistence.EntityManagerFactory;
import org.apache.usergrid.persistence.index.query.Identifier;
import org.apache.usergrid.rest.exceptions.SecurityException;
- import org.apache.usergrid.rest.security.annotations.RequireAdminUserAccess;
- import org.apache.usergrid.rest.security.annotations.RequireApplicationAccess;
- import org.apache.usergrid.rest.security.annotations.RequireOrganizationAccess;
- import org.apache.usergrid.rest.security.annotations.RequireSystemAccess;
++import org.apache.usergrid.rest.security.annotations.*;
import org.apache.usergrid.rest.utils.PathingUtils;
import org.apache.usergrid.security.shiro.utils.SubjectUtils;
import org.apache.usergrid.services.ServiceManagerFactory;
@@@ -113,40 -114,46 +111,43 @@@ public class SecuredResourceFilterFacto
@Override
- public List<ResourceFilter> create( AbstractMethod am ) {
+ public void configure(ResourceInfo resourceInfo, FeatureContext featureContext) {
+ Method am = resourceInfo.getResourceMethod();
+
+ logger.debug( "configure {} method {}",
+ resourceInfo.getResourceClass().getSimpleName(), resourceInfo.getResourceMethod().getName() );
+
if ( am.isAnnotationPresent( RequireApplicationAccess.class ) ) {
- return Collections.<ResourceFilter>singletonList( new ApplicationFilter() );
+ featureContext.register( ApplicationFilter.class );
}
else if ( am.isAnnotationPresent( RequireOrganizationAccess.class ) ) {
- return Collections.<ResourceFilter>singletonList( new OrganizationFilter() );
+
+ featureContext.register( OrganizationFilter.class );
}
else if ( am.isAnnotationPresent( RequireSystemAccess.class ) ) {
- return Collections.<ResourceFilter>singletonList( new SystemFilter() );
+ featureContext.register( SystemFilter.class );
}
else if ( am.isAnnotationPresent( RequireAdminUserAccess.class ) ) {
- return Collections.<ResourceFilter>singletonList( new AdminUserFilter() );
+ featureContext.register( SystemFilter.AdminUserFilter.class );
}
+ else if ( am.isAnnotationPresent( CheckPermissionsForPath.class ) ) {
- return Collections.<ResourceFilter>singletonList( new PathPermissionsFilter() );
++ featureContext.register( PathPermissionsFilter.class );
+ }
- return null;
- }
+ }
- public abstract class AbstractFilter implements ResourceFilter, ContainerRequestFilter {
- public AbstractFilter() {
- }
+ public static abstract class AbstractFilter implements ContainerRequestFilter {
+ private UriInfo uriInfo;
- @Override
- public ContainerRequestFilter getRequestFilter() {
- return this;
+ public AbstractFilter( UriInfo uriInfo ) {
+ this.uriInfo = uriInfo;
}
-
@Override
- public ContainerResponseFilter getResponseFilter() {
- return null;
- }
+ public void filter(ContainerRequestContext request) throws IOException {
-
- @Override
- public ContainerRequest filter( ContainerRequest request ) {
- logger.debug( "Filtering {}", request.getRequestUri().toString() );
+ logger.debug( "Filtering {}", request.getUriInfo().getRequestUri().toString() );
if ( request.getMethod().equalsIgnoreCase( "OPTIONS" ) ) {
logger.debug( "Skipping option request" );
@@@ -328,23 -313,81 +329,107 @@@
}
}
}
- }
+ @Resource
+ public static class AdminUserFilter extends AbstractFilter {
- public class AdminUserFilter extends AbstractFilter {
- public AdminUserFilter() {
- }
-
+ @Inject
+ public AdminUserFilter(UriInfo uriInfo) {
+ super( uriInfo );
+ }
- @Override
- public void authorize( ContainerRequest request ) {
- logger.debug( "AdminUserFilter.authorize" );
- if ( !isUser( getUserIdentifier() ) ) {
- throw mappableSecurityException( "unauthorized", "No admin user access authorized" );
+ @Override
+ public void authorize(ContainerRequestContext request) {
+ logger.debug( "AdminUserFilter.authorize" );
+ if (!isUser( getUserIdentifier() )) {
+ throw mappableSecurityException( "unauthorized", "No admin user access authorized" );
+ }
}
}
+
}
+
+ // This filter is created in REST from logic in org.apache.usergrid.services.AbstractService.checkPermissionsForPath
- public class PathPermissionsFilter extends AbstractFilter {
++ @Resource
++ public static class PathPermissionsFilter extends AbstractFilter {
++
++ EntityManagerFactory emf;
++ ManagementService management;
+
- public PathPermissionsFilter() {}
++ @Autowired
++ public void setEntityManagerFactory( EntityManagerFactory emf ) {
++ this.emf = emf;
++ }
++
++
++ public EntityManagerFactory getEntityManagerFactory() {
++ return emf;
++ }
++
++ @Autowired
++ public void setManagementService( ManagementService management ) {
++ this.management = management;
++ }
++
++ @Inject
++ public PathPermissionsFilter(UriInfo uriInfo) {
++ super( uriInfo );
++ }
+
+
+ @Override
- public void authorize( ContainerRequest request ) {
++ public void authorize( ContainerRequestContext request ) {
+ if(logger.isDebugEnabled()){
+ logger.debug( "PathPermissionsFilter.authorize" );
+ }
+
+ final String PATH_MSG =
+ "---- Checked permissions for path --------------------------------------------\n" + "Requested path: {} \n"
+ + "Requested action: {} \n" + "Requested permission: {} \n" + "Permitted: {} \n";
+
+ ApplicationInfo application;
+
+ try {
+
+ application = management.getApplicationInfo( getApplicationIdentifier() );
+ EntityManager em = emf.getEntityManager( application.getId() );
+ Subject currentUser = SubjectUtils.getSubject();
+
+ if ( currentUser == null ) {
+ return;
+ }
+ String applicationName = application.getName().toLowerCase();
+ String operation = request.getMethod().toLowerCase();
- String path = request.getPath().toLowerCase().replace(applicationName, "");
++ String path = request.getUriInfo().getPath().toLowerCase().replace(applicationName, "");
+ String perm = getPermissionFromPath( em.getApplicationRef().getUuid(), operation, path );
+
+ boolean permitted = currentUser.isPermitted( perm );
+ if ( logger.isDebugEnabled() ) {
+ logger.debug( PATH_MSG, new Object[] { path, operation, perm, permitted } );
+ }
+
+ if(!permitted){
+ // throwing this so we can raise a proper mapped REST exception
+ throw new Exception("Subject not permitted");
+ }
+
+
+ SubjectUtils.checkPermission( perm );
+ Subject subject = SubjectUtils.getSubject();
+
+ if ( logger.isDebugEnabled() ) {
+ logger.debug("Checked subject {} for perm {}", subject != null ? subject.toString() : "", perm);
+ logger.debug("------------------------------------------------------------------------------");
+ }
+
+
+ } catch (Exception e){
+ throw mappableSecurityException( "unauthorized",
+ "Subject does not have permission to access this resource" );
+ }
+
+ }
+ }
+
++
}
http://git-wip-us.apache.org/repos/asf/usergrid/blob/c6945e3d/stack/rest/src/test/java/org/apache/usergrid/rest/applications/SecurityIT.java
----------------------------------------------------------------------
diff --cc stack/rest/src/test/java/org/apache/usergrid/rest/applications/SecurityIT.java
index 0000000,c5b06b5..f64afe8
mode 000000,100644..100644
--- a/stack/rest/src/test/java/org/apache/usergrid/rest/applications/SecurityIT.java
+++ b/stack/rest/src/test/java/org/apache/usergrid/rest/applications/SecurityIT.java
@@@ -1,0 -1,113 +1,115 @@@
+ /*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+ package org.apache.usergrid.rest.applications;
+
+
+ import com.sun.jersey.api.client.UniformInterfaceException;
+ import org.apache.usergrid.rest.test.resource.AbstractRestIT;
+ import org.apache.usergrid.rest.test.resource.model.ApiResponse;
+ import org.apache.usergrid.utils.UUIDUtils;
+ import org.junit.Test;
+
++import javax.ws.rs.WebApplicationException;
+ import java.util.UUID;
+
+ import static org.junit.Assert.assertEquals;
+
+ /**
+ * These tests will execute requests against certain paths (with or without credentials) to ensure access is being
+ * allowed according to the REST and Services permissions defined for the resource.
+ */
+ public class SecurityIT extends AbstractRestIT {
+
+ public SecurityIT() throws Exception {}
+
+ @Test
+ public void testAssetsNoCredentials(){
+
+ final UUID uuid = UUIDUtils.newTimeUUID();
++ int responseStatus = 0;
+ try {
+ //use false in get() for no token
+ this.pathResource(getOrgAppPath("assets/" + uuid + "/data")).get(ApiResponse.class, false);
+
- } catch (UniformInterfaceException ui){
- assertEquals(401, ui.getResponse().getStatus());
++ } catch (WebApplicationException ex) {
++ responseStatus = ex.getResponse().getStatus();
+ }
++ assertEquals(401, responseStatus);
+ }
+
+
+ @Test
+ public void testFacebookAuthNoCredentials(){
+
+ int responseStatus = 0;
+ try {
+ //use false in get() for no token
+ this.pathResource(getOrgAppPath("auth/facebook")).get(ApiResponse.class, false);
+
- } catch (UniformInterfaceException ui){
- responseStatus = ui.getResponse().getStatus();
-
++ } catch (WebApplicationException ex) {
++ responseStatus = ex.getResponse().getStatus();
+ }
+ assertEquals(401, responseStatus);
+ }
+
+ @Test
+ public void testPingIdentityAuthNoCredentials(){
+
+ int responseStatus = 0;
+ try {
+ //use false in get() for no token
+ this.pathResource(getOrgAppPath("auth/pingident")).get(ApiResponse.class, false);
+
- } catch (UniformInterfaceException ui){
- responseStatus = ui.getResponse().getStatus();
++ } catch (WebApplicationException ex) {
++ responseStatus = ex.getResponse().getStatus();
+ }
+ assertEquals(401, responseStatus);
+
+ }
+
+ @Test
+ public void testFoursquareAuthNoCredentials(){
+
+ int responseStatus = 0;
+ try {
+ //use false in get() for no token
+ this.pathResource(getOrgAppPath("auth/foursquare")).get(ApiResponse.class, false);
+
- } catch (UniformInterfaceException ui){
- responseStatus = ui.getResponse().getStatus();
++ } catch (WebApplicationException ex) {
++ responseStatus = ex.getResponse().getStatus();
+ }
+ assertEquals(401, responseStatus);
+
+ }
+
+ @Test
+ public void testQueuesNoCredentials(){
+
+ int responseStatus = 0;
+ try {
+ //use false in get() for no token
+ this.pathResource(getOrgAppPath("queues")).get(ApiResponse.class, false);
+
- } catch (UniformInterfaceException ui){
- responseStatus = ui.getResponse().getStatus();
++ } catch (WebApplicationException ex) {
++ responseStatus = ex.getResponse().getStatus();
+ }
+ assertEquals(401, responseStatus);
+
+ }
+
+
+ }