You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@usergrid.apache.org by mr...@apache.org on 2016/08/17 21:18:06 UTC
[47/50] [abbrv] usergrid git commit: Add hooks for post processing
for external integrations. Update security filters to check additional
security context for service admin.
Add hooks for post processing for external integrations. Update security filters to check additional security context for service admin.
Project: http://git-wip-us.apache.org/repos/asf/usergrid/repo
Commit: http://git-wip-us.apache.org/repos/asf/usergrid/commit/32204b9f
Tree: http://git-wip-us.apache.org/repos/asf/usergrid/tree/32204b9f
Diff: http://git-wip-us.apache.org/repos/asf/usergrid/diff/32204b9f
Branch: refs/heads/datastax-cass-driver
Commit: 32204b9fa5d73acd30a11de970220d3b40f95b65
Parents: 2a514d4
Author: Michael Russo <mr...@apigee.com>
Authored: Fri Aug 12 13:51:40 2016 -0700
Committer: Michael Russo <mr...@apigee.com>
Committed: Fri Aug 12 13:51:40 2016 -0700
----------------------------------------------------------------------
.../organizations/OrganizationsResource.java | 34 ++++++---------
.../organizations/users/UsersResource.java | 45 +++++++++++---------
.../rest/management/users/UserResource.java | 22 ++++++----
.../rest/management/users/UsersResource.java | 34 +++++++--------
.../organizations/OrganizationsResource.java | 24 +++++++++++
.../security/SecuredResourceFilterFactory.java | 16 ++++---
.../usergrid/management/ManagementService.java | 17 ++++++++
.../cassandra/AccountCreationPropsImpl.java | 4 +-
.../cassandra/ManagementServiceImpl.java | 24 +++++++++++
9 files changed, 148 insertions(+), 72 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/usergrid/blob/32204b9f/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationsResource.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationsResource.java b/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationsResource.java
index b75ca60..6105ce6 100644
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationsResource.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationsResource.java
@@ -20,6 +20,7 @@ package org.apache.usergrid.rest.management.organizations;
import com.fasterxml.jackson.jaxrs.json.annotation.JSONP;
import com.google.common.base.Preconditions;
import org.apache.commons.lang.StringUtils;
+import org.apache.shiro.SecurityUtils;
import org.apache.usergrid.management.ApplicationCreator;
import org.apache.usergrid.management.OrganizationInfo;
import org.apache.usergrid.management.OrganizationOwnerInfo;
@@ -28,6 +29,8 @@ import org.apache.usergrid.rest.AbstractContextResource;
import org.apache.usergrid.rest.ApiResponse;
import org.apache.usergrid.rest.RootResource;
import org.apache.usergrid.rest.security.annotations.RequireSystemAccess;
+import org.apache.usergrid.security.shiro.principals.PrincipalIdentifier;
+import org.apache.usergrid.security.shiro.utils.SubjectUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
@@ -40,6 +43,8 @@ import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.UriInfo;
import java.util.*;
+import static org.apache.commons.lang.StringUtils.isBlank;
+
@Component( "org.apache.usergrid.rest.management.organizations.OrganizationsResource" )
@Scope( "prototype" )
@@ -69,6 +74,7 @@ public class OrganizationsResource extends AbstractContextResource {
public ApiResponse getAllOrganizations() throws Exception{
ApiResponse response = createApiResponse();
+ //TODO this needs paging at some point
List<OrganizationInfo> orgs = management.getOrganizations(null, 10000);
List<Object> jsonOrgList = new ArrayList<>();
@@ -185,8 +191,8 @@ public class OrganizationsResource extends AbstractContextResource {
String email, String password, Map<String, Object> userProperties,
Map<String, Object> orgProperties, String callback ) throws Exception {
- // Providing no password in this request signifies that an existing admin users should be associated to the
- // newly requested organization.
+ /* Providing no password in this request signifies that an existing admin users should be associated to the
+ newly requested organization. */
// Always let the sysadmin create an org, but otherwise follow the behavior specified with
// the property 'usergrid.management.allow-public-registration'
@@ -221,6 +227,12 @@ public class OrganizationsResource extends AbstractContextResource {
applicationCreator.createSampleFor( organizationOwner.getOrganization() );
+ // ( DO NOT REMOVE ) Execute any post processing which may be overridden by external classes using UG as
+ // a dependency
+ management.createAdminUserPostProcessing(organizationOwner.getOwner(), null);
+ management.createOrganizationPostProcessing(organizationOwner.getOrganization(), null);
+ management.addUserToOrganizationPostProcessing(organizationOwner.getOwner(), organizationName, null);
+
response.setData( organizationOwner );
response.setSuccess();
@@ -228,22 +240,4 @@ public class OrganizationsResource extends AbstractContextResource {
return response;
}
- /*
- * @POST
- *
- * @Consumes(MediaType.MULTIPART_FORM_DATA) public JSONWithPadding
- * newOrganizationFromMultipart(@Context UriInfo ui,
- *
- * @FormDataParam("organization") String organization,
- *
- * @FormDataParam("username") String username,
- *
- * @FormDataParam("name") String name,
- *
- * @FormDataParam("email") String email,
- *
- * @FormDataParam("password") String password) throws Exception { return
- * newOrganizationFromForm(ui, organization, username, name, email,
- * password); }
- */
}
http://git-wip-us.apache.org/repos/asf/usergrid/blob/32204b9f/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/users/UsersResource.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/users/UsersResource.java b/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/users/UsersResource.java
index dad2c14..3b70c06 100644
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/users/UsersResource.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/users/UsersResource.java
@@ -141,6 +141,10 @@ public class UsersResource extends AbstractContextResource {
management.startAdminUserPasswordResetFlow(organization.getUuid(), user);
}
}
+
+ // DO NOT REMOVE - used for external classes to hook into any post-processing
+ management.createAdminUserPostProcessing(user, null);
+
}
if ( user == null ) {
@@ -149,6 +153,9 @@ public class UsersResource extends AbstractContextResource {
management.addAdminUserToOrganization( user, organization, true );
+ // DO NOT REMOVE - used for external classes to hook into any post-processing
+ management.addUserToOrganizationPostProcessing(user, organization.getName(), null);
+
Map<String, Object> result = new LinkedHashMap<String, Object>();
result.put( "user", user );
response.setData( result );
@@ -157,26 +164,6 @@ public class UsersResource extends AbstractContextResource {
return response;
}
- /*
- * @RequireOrganizationAccess
- *
- * @POST
- *
- * @Consumes(MediaType.MULTIPART_FORM_DATA) public JSONWithPadding
- * newUserForOrganizationFromMultipart(
- *
- * @Context UriInfo ui, @FormDataParam("username") String username,
- *
- * @FormDataParam("name") String name,
- *
- * @FormDataParam("email") String email,
- *
- * @FormDataParam("password") String password) throws Exception {
- *
- * return newUserForOrganizationFromForm(ui, username, name, email,
- * password); }
- */
-
@RequireOrganizationAccess
@PUT
@@ -196,6 +183,9 @@ public class UsersResource extends AbstractContextResource {
}
management.addAdminUserToOrganization( user, organization, true );
+ // DO NOT REMOVE - used for external classes to hook into any post-processing
+ management.addUserToOrganizationPostProcessing(user, organization.getName(), null);
+
Map<String, Object> result = new LinkedHashMap<String, Object>();
result.put( "user", user );
response.setData( result );
@@ -223,6 +213,9 @@ public class UsersResource extends AbstractContextResource {
}
management.addAdminUserToOrganization( user, organization, true );
+ // DO NOT REMOVE - used for external classes to hook into any post-processing
+ management.addUserToOrganizationPostProcessing(user, organization.getName(), null);
+
Map<String, Object> result = new LinkedHashMap<String, Object>();
result.put( "user", user );
response.setData( result );
@@ -258,6 +251,9 @@ public class UsersResource extends AbstractContextResource {
}
management.addAdminUserToOrganization( user, organization, true );
+ // DO NOT REMOVE - used for external classes to hook into any post-processing
+ management.addUserToOrganizationPostProcessing(user, organization.getName(), null);
+
Map<String, Object> result = new LinkedHashMap<String, Object>();
result.put( "user", user );
response.setData( result );
@@ -284,6 +280,9 @@ public class UsersResource extends AbstractContextResource {
}
management.removeAdminUserFromOrganization( user.getUuid(), organization.getUuid() );
+ // DO NOT REMOVE - used for external classes to hook into any post-processing
+ management.removeUserFromOrganizationPostProcessing(user, organization.getName(), null);
+
Map<String, Object> result = new LinkedHashMap<String, Object>();
result.put( "user", user );
response.setData( result );
@@ -320,6 +319,9 @@ public class UsersResource extends AbstractContextResource {
}
management.removeAdminUserFromOrganization( user.getUuid(), organization.getUuid() );
+ // DO NOT REMOVE - used for external classes to hook into any post-processing
+ management.removeUserFromOrganizationPostProcessing(user, organization.getName(), null);
+
Map<String, Object> result = new LinkedHashMap<String, Object>();
result.put( "user", user );
response.setData( result );
@@ -347,6 +349,9 @@ public class UsersResource extends AbstractContextResource {
}
management.removeAdminUserFromOrganization( user.getUuid(), organization.getUuid() );
+ // DO NOT REMOVE - used for external classes to hook into any post-processing
+ management.removeUserFromOrganizationPostProcessing(user, organization.getName(), null);
+
Map<String, Object> result = new LinkedHashMap<String, Object>();
result.put( "user", user );
response.setData( result );
http://git-wip-us.apache.org/repos/asf/usergrid/blob/32204b9f/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java
index 0e89294..af37cf5 100644
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java
@@ -102,6 +102,12 @@ public class UserResource extends AbstractContextResource {
@QueryParam( "callback" ) @DefaultValue( "callback" ) String callback )
throws Exception {
+ if ( tokens.isExternalSSOProviderEnabled() && !isServiceAdmin() ) {
+ throw new IllegalArgumentException( "External SSO integration is enabled, admin users must update" +
+ " info via provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER) );
+ }
+
+
if ( json == null ) {
return null;
}
@@ -136,7 +142,7 @@ public class UserResource extends AbstractContextResource {
@QueryParam( "callback" ) @DefaultValue( "callback" ) String callback )
throws Exception {
- if ( tokens.isExternalSSOProviderEnabled() ) {
+ if ( tokens.isExternalSSOProviderEnabled() && !isServiceAdmin() ) {
throw new IllegalArgumentException( "External SSO integration is enabled, admin users must reset passwords via" +
" provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER) );
}
@@ -222,7 +228,7 @@ public class UserResource extends AbstractContextResource {
@Produces( MediaType.TEXT_HTML )
public Viewable showPasswordResetForm( @Context UriInfo ui, @QueryParam( "token" ) String token ) {
- if ( tokens.isExternalSSOProviderEnabled() ) {
+ if ( tokens.isExternalSSOProviderEnabled() && !isServiceAdmin() ) {
throw new IllegalArgumentException( "External SSO integration is enabled, admin users must reset password via" +
" provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER) );
}
@@ -266,7 +272,7 @@ public class UserResource extends AbstractContextResource {
logger.trace("handlePasswordResetForm");
}
- if ( tokens.isExternalSSOProviderEnabled() ) {
+ if ( tokens.isExternalSSOProviderEnabled() && !isServiceAdmin() ) {
throw new IllegalArgumentException( "External SSO integration is enabled, admin users must reset password via" +
" provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER) );
}
@@ -352,7 +358,7 @@ public class UserResource extends AbstractContextResource {
@Produces( MediaType.TEXT_HTML )
public Viewable activate( @Context UriInfo ui, @QueryParam( "token" ) String token ) {
- if ( tokens.isExternalSSOProviderEnabled() ) {
+ if ( tokens.isExternalSSOProviderEnabled() && !isServiceAdmin() ) {
throw new IllegalArgumentException( "External SSO integration is enabled, admin users must activate via" +
" provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER) );
}
@@ -382,7 +388,7 @@ public class UserResource extends AbstractContextResource {
@Produces( MediaType.TEXT_HTML )
public Viewable confirm( @Context UriInfo ui, @QueryParam( "token" ) String token ) {
- if ( tokens.isExternalSSOProviderEnabled() ) {
+ if ( tokens.isExternalSSOProviderEnabled() && !isServiceAdmin() ) {
throw new IllegalArgumentException( "External SSO integration is enabled, admin users must confirm " +
"via provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER ) );
}
@@ -418,7 +424,7 @@ public class UserResource extends AbstractContextResource {
@QueryParam( "callback" ) @DefaultValue( "callback" ) String callback )
throws Exception {
- if ( tokens.isExternalSSOProviderEnabled() ) {
+ if ( tokens.isExternalSSOProviderEnabled() && !isServiceAdmin() ) {
throw new IllegalArgumentException( "External SSO integration is enabled, admin user must re-activate " +
"via provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER ) );
}
@@ -442,7 +448,7 @@ public class UserResource extends AbstractContextResource {
@QueryParam( "callback" ) @DefaultValue( "callback" ) String callback )
throws Exception {
- if ( tokens.isExternalSSOProviderEnabled() ) {
+ if ( tokens.isExternalSSOProviderEnabled() && !isServiceAdmin() ) {
throw new IllegalArgumentException( "External SSO integration is enabled, admin user tokens must be revoked " +
"via provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER) );
}
@@ -479,7 +485,7 @@ public class UserResource extends AbstractContextResource {
@QueryParam( "callback" ) @DefaultValue( "callback" ) String callback,
@QueryParam( "token" ) String token ) throws Exception {
- if ( tokens.isExternalSSOProviderEnabled() ) {
+ if ( tokens.isExternalSSOProviderEnabled() && !isServiceAdmin() ) {
throw new IllegalArgumentException( "External SSO integration is enabled, admin user token must be revoked via " +
"via provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER ) );
}
http://git-wip-us.apache.org/repos/asf/usergrid/blob/32204b9f/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UsersResource.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UsersResource.java b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UsersResource.java
index 607c3e0..6999841 100644
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UsersResource.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UsersResource.java
@@ -45,6 +45,7 @@ import java.util.UUID;
import static org.apache.commons.lang.StringUtils.isBlank;
import static org.apache.usergrid.rest.exceptions.SecurityException.mappableSecurityException;
+import static org.apache.usergrid.security.shiro.utils.SubjectUtils.isServiceAdmin;
import static org.apache.usergrid.security.tokens.cassandra.TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER_URL;
@@ -115,7 +116,7 @@ public class UsersResource extends AbstractContextResource {
@QueryParam( "callback" ) @DefaultValue( "callback" ) String callback )
throws Exception {
- if ( tokens.isExternalSSOProviderEnabled() ) {
+ if ( tokens.isExternalSSOProviderEnabled() && !isServiceAdmin() ) {
throw new IllegalArgumentException( "External SSO integration is enabled, admin users registering without an org" +
" must do so via provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER) );
}
@@ -154,31 +155,23 @@ public class UsersResource extends AbstractContextResource {
throw mappableSecurityException( AuthErrorInfo.BAD_CREDENTIALS_SYNTAX_ERROR );
}
+ // DO NOT REMOVE - used for external classes to hook into any post-processing
+ management.createAdminUserPostProcessing(user, null);
+
return response;
}
- /*
- * @POST
- *
- * @Consumes(MediaType.MULTIPART_FORM_DATA) public JSONWithPadding
- * createUserFromMultipart(@Context UriInfo ui,
- *
- * @FormDataParam("username") String username,
- *
- * @FormDataParam("name") String name,
- *
- * @FormDataParam("email") String email,
- *
- * @FormDataParam("password") String password) throws Exception {
- *
- * return createUser(ui, username, name, email, password); }
- */
-
@GET
@Path( "resetpw" )
@Produces( MediaType.TEXT_HTML )
public Viewable showPasswordResetForm( @Context UriInfo ui ) {
+
+ if ( tokens.isExternalSSOProviderEnabled() && !isServiceAdmin() ) {
+ throw new IllegalArgumentException( "External SSO integration is enabled, admin users must reset password via" +
+ " provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER) );
+ }
+
return handleViewable( "resetpw_email_form", this );
}
@@ -191,6 +184,11 @@ public class UsersResource extends AbstractContextResource {
@FormParam( "recaptcha_challenge_field" ) String challenge,
@FormParam( "recaptcha_response_field" ) String uresponse ) {
+ if ( tokens.isExternalSSOProviderEnabled() && !isServiceAdmin() ) {
+ throw new IllegalArgumentException( "External SSO integration is enabled, admin users must reset password via" +
+ " provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER) );
+ }
+
try {
if ( isBlank( email ) ) {
errorMsg = "No email provided, try again...";
http://git-wip-us.apache.org/repos/asf/usergrid/blob/32204b9f/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/organizations/OrganizationsResource.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/organizations/OrganizationsResource.java b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/organizations/OrganizationsResource.java
index dfbe7af..e9a5f53 100644
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/organizations/OrganizationsResource.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/organizations/OrganizationsResource.java
@@ -95,6 +95,10 @@ public class OrganizationsResource extends AbstractContextResource {
management.activateOrganization( organization );
+ // DO NOT REMOVE - used for external classes to hook into any post-processing
+ management.createOrganizationPostProcessing(organization, null);
+ management.addUserToOrganizationPostProcessing(user, organizationName, null);
+
return response;
}
@@ -122,6 +126,10 @@ public class OrganizationsResource extends AbstractContextResource {
management.activateOrganization( organization );
+ // DO NOT REMOVE - used for external classes to hook into any post-processing
+ management.createOrganizationPostProcessing(organization, null);
+ management.addUserToOrganizationPostProcessing(user, organizationName, null);
+
return response;
}
@@ -142,6 +150,10 @@ public class OrganizationsResource extends AbstractContextResource {
OrganizationInfo organization = management.getOrganizationByName( organizationName );
management.addAdminUserToOrganization( user, organization, true );
+
+ // DO NOT REMOVE - used for external classes to hook into any post-processing
+ management.addUserToOrganizationPostProcessing(user, organizationName, null);
+
response.setData( organization );
return response;
}
@@ -160,6 +172,10 @@ public class OrganizationsResource extends AbstractContextResource {
OrganizationInfo organization = management.getOrganizationByUuid( UUID.fromString( organizationIdStr ) );
management.addAdminUserToOrganization( user, organization, true );
+
+ // DO NOT REMOVE - used for external classes to hook into any post-processing
+ management.addUserToOrganizationPostProcessing(user, organization.getName(), null);
+
response.setData( organization );
return response;
}
@@ -182,6 +198,10 @@ public class OrganizationsResource extends AbstractContextResource {
OrganizationInfo organization = management.getOrganizationByUuid( UUID.fromString( organizationIdStr ) );
management.removeAdminUserFromOrganization( user.getUuid(), organization.getUuid() );
+
+ // DO NOT REMOVE - used for external classes to hook into any post-processing
+ management.removeUserFromOrganizationPostProcessing(user, organization.getName(), null);
+
response.setData( organization );
return response;
}
@@ -203,6 +223,10 @@ public class OrganizationsResource extends AbstractContextResource {
response.setAction( "remove user from organization" );
OrganizationInfo organization = management.getOrganizationByName( organizationName );
management.removeAdminUserFromOrganization( user.getUuid(), organization.getUuid() );
+
+ // DO NOT REMOVE - used for external classes to hook into any post-processing
+ management.removeUserFromOrganizationPostProcessing(user, organizationName, null);
+
response.setData( organization );
return response;
http://git-wip-us.apache.org/repos/asf/usergrid/blob/32204b9f/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java b/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java
index 85e6210..ede6c35 100644
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java
@@ -254,7 +254,7 @@ public class SecuredResourceFilterFactory implements DynamicFeature {
logger.trace("SysadminLocalhostFilter.authorize");
}
- if (!request.getSecurityContext().isUserInRole( ROLE_SERVICE_ADMIN )) {
+ if ( !isServiceAdmin() && !isBasicAuthServiceAdmin(request)) {
// not a sysadmin request
return;
}
@@ -303,7 +303,7 @@ public class SecuredResourceFilterFactory implements DynamicFeature {
logger.trace("OrganizationFilter.authorize");
}
- if ( !isPermittedAccessToOrganization( getOrganizationIdentifier() ) ) {
+ if ( !isPermittedAccessToOrganization( getOrganizationIdentifier() ) && !isBasicAuthServiceAdmin(request) ) {
if (logger.isTraceEnabled()) {
logger.trace("No organization access authorized");
}
@@ -375,7 +375,7 @@ public class SecuredResourceFilterFactory implements DynamicFeature {
throw mappableSecurityException( "unauthorized", "No application guest access authorized" );
}
}
- if ( !isPermittedAccessToApplication( getApplicationIdentifier() ) ) {
+ if ( !isPermittedAccessToApplication( getApplicationIdentifier() ) && !isBasicAuthServiceAdmin(request) ) {
throw mappableSecurityException( "unauthorized", "No application access authorized" );
}
}
@@ -397,7 +397,7 @@ public class SecuredResourceFilterFactory implements DynamicFeature {
logger.trace("SystemFilter.authorize");
}
try {
- if (!request.getSecurityContext().isUserInRole( ROLE_SERVICE_ADMIN )) {
+ if (!isBasicAuthServiceAdmin(request) && !isServiceAdmin()) {
if (logger.isTraceEnabled()) {
logger.trace("You are not the system admin.");
}
@@ -429,7 +429,7 @@ public class SecuredResourceFilterFactory implements DynamicFeature {
if (logger.isTraceEnabled()) {
logger.trace("AdminUserFilter.authorize");
}
- if (!isUser( getUserIdentifier() ) && !isServiceAdmin() ) {
+ if (!isUser( getUserIdentifier() ) && !isServiceAdmin() && !isBasicAuthServiceAdmin(request) ) {
throw mappableSecurityException( "unauthorized", "No admin user access authorized" );
}
}
@@ -539,5 +539,11 @@ public class SecuredResourceFilterFactory implements DynamicFeature {
}
}
+ private static boolean isBasicAuthServiceAdmin(ContainerRequestContext request){
+
+ return request.getSecurityContext().isUserInRole( ROLE_SERVICE_ADMIN );
+
+ }
+
}
http://git-wip-us.apache.org/repos/asf/usergrid/blob/32204b9f/stack/services/src/main/java/org/apache/usergrid/management/ManagementService.java
----------------------------------------------------------------------
diff --git a/stack/services/src/main/java/org/apache/usergrid/management/ManagementService.java b/stack/services/src/main/java/org/apache/usergrid/management/ManagementService.java
index a161a27..5ac1713 100644
--- a/stack/services/src/main/java/org/apache/usergrid/management/ManagementService.java
+++ b/stack/services/src/main/java/org/apache/usergrid/management/ManagementService.java
@@ -371,4 +371,21 @@ public interface ManagementService {
void updateOrganizationConfig( OrganizationConfig organizationConfig ) throws Exception;
Observable<Id> deleteAllEntities(final UUID applicationId,final int limit);
+
+
+ // DO NOT REMOVE BELOW METHODS, THEY ARE HERE TO ALLOW EXTERNAL CLASSES TO OVERRIDE AND HOOK INTO POST PROCESSING
+ void createOrganizationPostProcessing( final OrganizationInfo orgInfo,
+ final Map<String, String> properties ) throws Exception;
+
+ void createAdminUserPostProcessing( final UserInfo userInfo,
+ final Map<String, String> properties ) throws Exception;
+
+ void addUserToOrganizationPostProcessing( final UserInfo userInfo,
+ final String organizationName,
+ final Map<String, String> properties ) throws Exception;
+
+ void removeUserFromOrganizationPostProcessing( final UserInfo userInfo,
+ final String organizationName,
+ final Map<String, String> properties ) throws Exception;
+
}
http://git-wip-us.apache.org/repos/asf/usergrid/blob/32204b9f/stack/services/src/main/java/org/apache/usergrid/management/cassandra/AccountCreationPropsImpl.java
----------------------------------------------------------------------
diff --git a/stack/services/src/main/java/org/apache/usergrid/management/cassandra/AccountCreationPropsImpl.java b/stack/services/src/main/java/org/apache/usergrid/management/cassandra/AccountCreationPropsImpl.java
index 7c6a091..552f74b 100644
--- a/stack/services/src/main/java/org/apache/usergrid/management/cassandra/AccountCreationPropsImpl.java
+++ b/stack/services/src/main/java/org/apache/usergrid/management/cassandra/AccountCreationPropsImpl.java
@@ -86,7 +86,9 @@ public class AccountCreationPropsImpl implements AccountCreationProps {
public String getProperty( String name ) {
String propertyValue = properties.getProperty( name );
if ( isBlank( propertyValue ) ) {
- logger.warn( "Missing value for {}", name );
+ if ( logger.isDebugEnabled() ) {
+ logger.debug("Missing value for {}", name);
+ }
propertyValue = null;
}
return propertyValue;
http://git-wip-us.apache.org/repos/asf/usergrid/blob/32204b9f/stack/services/src/main/java/org/apache/usergrid/management/cassandra/ManagementServiceImpl.java
----------------------------------------------------------------------
diff --git a/stack/services/src/main/java/org/apache/usergrid/management/cassandra/ManagementServiceImpl.java b/stack/services/src/main/java/org/apache/usergrid/management/cassandra/ManagementServiceImpl.java
index 4bd2e4f..21c6983 100644
--- a/stack/services/src/main/java/org/apache/usergrid/management/cassandra/ManagementServiceImpl.java
+++ b/stack/services/src/main/java/org/apache/usergrid/management/cassandra/ManagementServiceImpl.java
@@ -3494,4 +3494,28 @@ public class ManagementServiceImpl implements ManagementService {
localShiroCache.invalidateAll();
}
+ @Override
+ public void createOrganizationPostProcessing( final OrganizationInfo orgInfo,
+ final Map<String,String> properties ){
+ // do nothing, this is a hook for any classes extending the ManagementServiceInterface
+
+ }
+
+ @Override
+ public void createAdminUserPostProcessing( final UserInfo userInfo, final Map<String,String> properties){
+ // do nothing, this is a hook for any classes extending the ManagementServiceInterface
+ }
+
+ @Override
+ public void addUserToOrganizationPostProcessing( final UserInfo userInfo, final String organizationName,
+ final Map<String,String> properties){
+ // do nothing, this is a hook for any classes extending the ManagementServiceInterface
+ }
+
+ @Override
+ public void removeUserFromOrganizationPostProcessing( final UserInfo userInfo, final String organizationName,
+ final Map<String,String> properties){
+ // do nothing, this is a hook for any classes extending the ManagementServiceInterface
+ }
+
}