You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@archiva.apache.org by ol...@apache.org on 2016/09/13 00:50:24 UTC
[1/2] archiva-redback-core git commit: Adding parameter references in
authorization resource
Repository: archiva-redback-core
Updated Branches:
refs/heads/master 87e195005 -> 8e98a8aa9
Adding parameter references in authorization resource
In certain cases the resource must be dynamically set by parameter values.
This patch allows to add a reference into the resource field of the redback
annotation '{parameterName}' that fills the resource of the permission dynamically
with the parameter value, if found.
Project: http://git-wip-us.apache.org/repos/asf/archiva-redback-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/archiva-redback-core/commit/796af57b
Tree: http://git-wip-us.apache.org/repos/asf/archiva-redback-core/tree/796af57b
Diff: http://git-wip-us.apache.org/repos/asf/archiva-redback-core/diff/796af57b
Branch: refs/heads/master
Commit: 796af57be2dda6f5b4c5b27f57157ecc0a33aff1
Parents: c02519d
Author: Martin Stockhammer <m....@web.de>
Authored: Fri Sep 9 09:40:29 2016 +0200
Committer: Martin Stockhammer <m....@web.de>
Committed: Fri Sep 9 09:40:29 2016 +0200
----------------------------------------------------------------------
.../interceptors/PermissionsInterceptor.java | 59 +++++++++++++++++++-
1 file changed, 57 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/archiva-redback-core/blob/796af57b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/interceptors/PermissionsInterceptor.java
----------------------------------------------------------------------
diff --git a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/interceptors/PermissionsInterceptor.java b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/interceptors/PermissionsInterceptor.java
index 7c35753..3f14089 100644
--- a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/interceptors/PermissionsInterceptor.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/interceptors/PermissionsInterceptor.java
@@ -30,6 +30,8 @@ import org.apache.archiva.redback.policy.MustChangePasswordException;
import org.apache.archiva.redback.system.SecuritySession;
import org.apache.archiva.redback.system.SecuritySystem;
import org.apache.commons.lang.StringUtils;
+import org.apache.cxf.jaxrs.model.OperationResourceInfo;
+import org.apache.cxf.jaxrs.model.Parameter;
import org.apache.cxf.jaxrs.utils.JAXRSUtils;
import org.apache.cxf.message.Message;
import org.slf4j.Logger;
@@ -39,10 +41,17 @@ import org.springframework.stereotype.Service;
import javax.inject.Inject;
import javax.inject.Named;
import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.QueryParam;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
+import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
+import javax.ws.rs.core.UriInfo;
import javax.ws.rs.ext.Provider;
+import java.lang.annotation.Annotation;
+import java.lang.reflect.Method;
+import java.util.List;
/**
* @author Olivier Lamy
@@ -132,10 +141,16 @@ public class PermissionsInterceptor
}
try
{
+ String resource = redbackAuthorization.resource();
+ if (resource.startsWith("{") && resource.endsWith("}") && resource.length()>2) {
+ resource = getMethodParameter(containerRequestContext, message, resource.substring(1,resource.length()-1));
+ log.debug("Found resource from annotated parameter: {}",resource);
+ }
+
AuthorizationResult authorizationResult =
securitySystem.authorize( authenticationResult.getUser(), permission, //
- StringUtils.isBlank( redbackAuthorization.resource() ) //
- ? null : redbackAuthorization.resource() );
+ StringUtils.isBlank( resource ) //
+ ? null : resource );
if ( authenticationResult != null && authorizationResult.isAuthorized() )
{
log.debug( "isAuthorized for permission {}", permission );
@@ -188,4 +203,44 @@ public class PermissionsInterceptor
containerRequestContext.abortWith( Response.status( Response.Status.FORBIDDEN ).build() );
}
+
+ /*
+ * Extracts a request parameter value from the message. Currently checks only path and query parameter.
+ */
+ private String getMethodParameter(final ContainerRequestContext requestContext, final Message message, final String parameterName) {
+ OperationResourceInfo operationResourceInfo = message.getExchange().get( OperationResourceInfo.class );
+ if ( operationResourceInfo == null )
+ {
+ return "";
+ }
+ Annotation[][] annotations = operationResourceInfo.getInParameterAnnotations();
+
+ for(int i = 0; i< annotations.length; i++) {
+ for (int k = 0; k < annotations[i].length; k++) {
+ if (annotations[i][k] instanceof PathParam && parameterName.equals(((PathParam) annotations[i][k]).value())) {
+ log.debug("Found PathParam annotation");
+ UriInfo uriInfo = requestContext.getUriInfo();
+ MultivaluedMap<String, String> pathParameters = uriInfo.getPathParameters();
+ if (pathParameters.containsKey(parameterName)) {
+ return pathParameters.getFirst(parameterName);
+ } else {
+ break;
+ }
+ } else if (annotations[i][k] instanceof QueryParam && parameterName.equals(((QueryParam) annotations[i][k]).value())) {
+ log.debug("Found QueryParam annotation");
+ UriInfo uriInfo = requestContext.getUriInfo();
+ MultivaluedMap<String, String> pathParameters = uriInfo.getQueryParameters();
+ if (pathParameters.containsKey(parameterName)) {
+ return pathParameters.getFirst(parameterName);
+ } else {
+ break;
+ }
+ }
+ }
+ }
+ log.warn("No matching request parameter value found: {}", parameterName);
+ return "";
+ }
+
+
}
[2/2] archiva-redback-core git commit: Merge branch 'pr/9' closed #9
[MRM-1908] Logged on users can write any repository
Posted by ol...@apache.org.
Merge branch 'pr/9'
closed #9
[MRM-1908] Logged on users can write any repository
Project: http://git-wip-us.apache.org/repos/asf/archiva-redback-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/archiva-redback-core/commit/8e98a8aa
Tree: http://git-wip-us.apache.org/repos/asf/archiva-redback-core/tree/8e98a8aa
Diff: http://git-wip-us.apache.org/repos/asf/archiva-redback-core/diff/8e98a8aa
Branch: refs/heads/master
Commit: 8e98a8aa9ed909b7f201fe87c0b77ea8258f74dc
Parents: 87e1950 796af57
Author: olivier lamy <ol...@apache.org>
Authored: Tue Sep 13 10:49:27 2016 +1000
Committer: olivier lamy <ol...@apache.org>
Committed: Tue Sep 13 10:49:27 2016 +1000
----------------------------------------------------------------------
.../interceptors/PermissionsInterceptor.java | 59 +++++++++++++++++++-
1 file changed, 57 insertions(+), 2 deletions(-)
----------------------------------------------------------------------