feature[ats_ATS64264]: Integrate JAX-RS authentication with AccountAdmin

Change-Id: Ied30b74520a8c23b4aebe2fdb78142da4d7eff5b

7 files changed, 251 insertions, 8 deletions

diff --git a/plugins/org.eclipse.osee.account.rest/META-INF/MANIFEST.MF b/plugins/org.eclipse.osee.account.rest/META-INF/MANIFEST.MF
index 9f2eabf08a6..f651e2e2550 100644
--- a/plugins/org.eclipse.osee.account.rest/META-INF/MANIFEST.MF
+++ b/plugins/org.eclipse.osee.account.rest/META-INF/MANIFEST.MF
@@ -15,7 +15,9 @@ Import-Package: javax.annotation.security,
  org.apache.commons.codec.binary,
  org.eclipse.osee.account.admin,
  org.eclipse.osee.account.rest.model,
+ org.eclipse.osee.authentication.admin,
  org.eclipse.osee.framework.jdk.core.type,
  org.eclipse.osee.framework.jdk.core.util,
+ org.eclipse.osee.jaxrs.server.security,
  org.eclipse.osee.template.engine
 Bundle-ActivationPolicy: lazy
diff --git a/plugins/org.eclipse.osee.account.rest/OSGI-INF/jaxrs.authenticator.xml b/plugins/org.eclipse.osee.account.rest/OSGI-INF/jaxrs.authenticator.xml
new file mode 100644
index 00000000000..fb0f73b5970
--- /dev/null
+++ b/plugins/org.eclipse.osee.account.rest/OSGI-INF/jaxrs.authenticator.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<scr:component xmlns:scr="http://www.osgi.org/xmlns/scr/v1.1.0" activate="start" configuration-policy="optional" deactivate="stop" modified="update">
+	<implementation class="org.eclipse.osee.account.rest.internal.JaxRsAuthenticatorImpl" />
+	<service>
+		<provide interface="org.eclipse.osee.jaxrs.server.security.JaxRsAuthenticator" />
+	</service>
+	<reference bind="setAccountAdmin" cardinality="1..1" interface="org.eclipse.osee.account.admin.AccountAdmin" name="AccountAdmin" policy="static" />
+   <reference bind="setAuthenticationAdmin" cardinality="1..1" interface="org.eclipse.osee.authentication.admin.AuthenticationAdmin" name="AuthenticationAdmin" policy="static"/>
+   <property name="jaxrs.authenticator.automatic.account.creation.allowed" type="Boolean" value="true"/>
+</scr:component>
diff --git a/plugins/org.eclipse.osee.account.rest/src/org/eclipse/osee/account/rest/internal/JaxRsAuthenticatorConstants.java b/plugins/org.eclipse.osee.account.rest/src/org/eclipse/osee/account/rest/internal/JaxRsAuthenticatorConstants.java
new file mode 100644
index 00000000000..0bf9b033a12
--- /dev/null
+++ b/plugins/org.eclipse.osee.account.rest/src/org/eclipse/osee/account/rest/internal/JaxRsAuthenticatorConstants.java
@@ -0,0 +1,33 @@
+/*******************************************************************************
+ * Copyright (c) 2014 Boeing.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ *
+ * Contributors:
+ *     Boeing - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.osee.account.rest.internal;
+
+/**
+ * @author Roberto E. Escobar
+ */
+public final class JaxRsAuthenticatorConstants {
+
+   private JaxRsAuthenticatorConstants() {
+      // Constants
+   }
+
+   private static final String NAMESPACE = "jaxrs.authenticator";
+
+   private static String qualify(String value) {
+      return String.format("%s.%s", NAMESPACE, value);
+   }
+
+   public static final String JAXRS_AUTH__ALLOW_AUTOMATIC_ACCOUNT_CREATION =
+      qualify("automatic.account.creation.allowed");
+
+   public static final boolean DEFAULT_JAXRS_AUTH__ALLOW_AUTOMATIC_ACCOUNT_CREATION = true;
+
+}
\ No newline at end of file
diff --git a/plugins/org.eclipse.osee.account.rest/src/org/eclipse/osee/account/rest/internal/JaxRsAuthenticatorImpl.java b/plugins/org.eclipse.osee.account.rest/src/org/eclipse/osee/account/rest/internal/JaxRsAuthenticatorImpl.java
new file mode 100644
index 00000000000..9042081a412
--- /dev/null
+++ b/plugins/org.eclipse.osee.account.rest/src/org/eclipse/osee/account/rest/internal/JaxRsAuthenticatorImpl.java
@@ -0,0 +1,189 @@
+/*******************************************************************************
+ * Copyright (c) 2014 Boeing.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ *
+ * Contributors:
+ *     Boeing - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.osee.account.rest.internal;
+
+import static org.eclipse.osee.account.rest.internal.JaxRsAuthenticatorConstants.DEFAULT_JAXRS_AUTH__ALLOW_AUTOMATIC_ACCOUNT_CREATION;
+import static org.eclipse.osee.account.rest.internal.JaxRsAuthenticatorConstants.JAXRS_AUTH__ALLOW_AUTOMATIC_ACCOUNT_CREATION;
+import java.util.Collections;
+import java.util.LinkedHashSet;
+import java.util.Map;
+import java.util.Set;
+import org.eclipse.osee.account.admin.Account;
+import org.eclipse.osee.account.admin.AccountAdmin;
+import org.eclipse.osee.account.admin.CreateAccountRequest;
+import org.eclipse.osee.account.admin.CreateAccountRequestBuilder;
+import org.eclipse.osee.account.admin.SystemRoles;
+import org.eclipse.osee.authentication.admin.AuthenticatedUser;
+import org.eclipse.osee.authentication.admin.AuthenticationAdmin;
+import org.eclipse.osee.authentication.admin.AuthenticationRequest;
+import org.eclipse.osee.authentication.admin.AuthenticationRequestBuilder;
+import org.eclipse.osee.framework.jdk.core.type.BaseIdentity;
+import org.eclipse.osee.framework.jdk.core.type.Identifiable;
+import org.eclipse.osee.framework.jdk.core.type.OseeCoreException;
+import org.eclipse.osee.framework.jdk.core.type.OseePrincipal;
+import org.eclipse.osee.framework.jdk.core.type.ResultSet;
+import org.eclipse.osee.jaxrs.server.security.JaxRsAuthenticator;
+
+/**
+ * @author Roberto E. Escobar
+ */
+public class JaxRsAuthenticatorImpl implements JaxRsAuthenticator {
+
+   private AuthenticationAdmin authenticationAdmin;
+   private AccountAdmin accountAdmin;
+
+   private volatile boolean automaticAccountCreationAllowed = DEFAULT_JAXRS_AUTH__ALLOW_AUTOMATIC_ACCOUNT_CREATION;
+
+   public void setAuthenticationAdmin(AuthenticationAdmin authenticationAdmin) {
+      this.authenticationAdmin = authenticationAdmin;
+   }
+
+   public void setAccountAdmin(AccountAdmin accountAdmin) {
+      this.accountAdmin = accountAdmin;
+   }
+
+   public void start(Map<String, Object> props) {
+      update(props);
+   }
+
+   public void stop() {
+      //
+   }
+
+   public void update(Map<String, Object> props) {
+      automaticAccountCreationAllowed =
+         getBoolean(props, JAXRS_AUTH__ALLOW_AUTOMATIC_ACCOUNT_CREATION,
+            DEFAULT_JAXRS_AUTH__ALLOW_AUTOMATIC_ACCOUNT_CREATION);
+   }
+
+   @Override
+   public OseePrincipal authenticate(String scheme, String username, String password) {
+      AuthenticationRequest request = AuthenticationRequestBuilder.newBuilder() //
+      .userName(username)//
+      .password(password)//
+      .build();
+
+      AuthenticatedUser subject = authenticationAdmin.authenticate(request);
+      Account account = resolveAccount(username, subject, automaticAccountCreationAllowed);
+
+      Set<String> roles = new LinkedHashSet<String>();
+      if (subject.isAuthenticated()) {
+         roles.add(SystemRoles.ROLES_AUTHENTICATED);
+      } else {
+         roles.add(SystemRoles.ROLES_ANONYMOUS);
+      }
+      for (String role : subject.getRoles()) {
+         roles.add(role);
+      }
+      // Get additional roles/permissions from authorization service;
+
+      // Preferences or other user specific properties
+      Map<String, String> properties = Collections.emptyMap();
+      return new OseePrincipalImpl(username, account, subject.isAuthenticated(), roles, properties);
+   }
+
+   private Account resolveAccount(String login, AuthenticatedUser subject, boolean accountCreationAllowed) {
+      ResultSet<Account> result = accountAdmin.getAccountByUserName(subject.getUserName());
+      Account account = result.getOneOrNull();
+      if (account == null) {
+         if (subject.isAuthenticated() && accountCreationAllowed) {
+            CreateAccountRequest request = CreateAccountRequestBuilder.newBuilder()//
+            .active(subject.isActive())//
+            .displayName(subject.getDisplayName())//
+            .email(subject.getEmailAddress())//
+            .userName(subject.getUserName())//
+            .build();
+            Identifiable<String> id = accountAdmin.createAccount(request);
+            account = accountAdmin.getAccountById(id).getExactlyOne();
+         } else {
+            // or log in as anonymous ?
+            throw new OseeCoreException("Account not found for [%s]", login);
+         }
+      }
+      return account;
+   }
+
+   private static boolean getBoolean(Map<String, Object> props, String key, boolean defaultValue) {
+      boolean toReturn = defaultValue;
+      Object object = props != null ? props.get(key) : null;
+      if (object != null) {
+         if (object instanceof String) {
+            toReturn = Boolean.parseBoolean((String) object);
+         } else if (object instanceof Boolean) {
+            toReturn = (Boolean) object;
+         }
+      }
+      return toReturn;
+   }
+
+   private static final class OseePrincipalImpl extends BaseIdentity<Long> implements OseePrincipal {
+      private final String login;
+      private final Account data;
+      private final boolean authenticated;
+      private final Set<String> roles;
+      private final Map<String, String> properties;
+
+      public OseePrincipalImpl(String login, Account data, boolean authenticated, Set<String> roles, Map<String, String> properties) {
+         super(data.getId());
+         this.login = login;
+         this.data = data;
+         this.authenticated = authenticated;
+         this.roles = roles;
+         this.properties = properties;
+      }
+
+      @Override
+      public String getDisplayName() {
+         return data.getName();
+      }
+
+      @Override
+      public String getUserName() {
+         return data.getUserName();
+      }
+
+      @Override
+      public String getEmailAddress() {
+         return data.getEmail();
+      }
+
+      @Override
+      public boolean isActive() {
+         return data.isActive();
+      }
+
+      @Override
+      public Set<String> getRoles() {
+         return roles;
+      }
+
+      @Override
+      public boolean isAuthenticated() {
+         return authenticated;
+      }
+
+      @Override
+      public String getName() {
+         return getDisplayName();
+      }
+
+      @Override
+      public String getLogin() {
+         return login;
+      }
+
+      @Override
+      public Map<String, String> getProperties() {
+         return properties;
+      }
+   }
+
+}
\ No newline at end of file
diff --git a/plugins/org.eclipse.osee.framework.jdk.core/src/org/eclipse/osee/framework/jdk/core/type/OseePrincipal.java b/plugins/org.eclipse.osee.framework.jdk.core/src/org/eclipse/osee/framework/jdk/core/type/OseePrincipal.java
index 3c8688eb84b..cdcb14feb24 100644
--- a/plugins/org.eclipse.osee.framework.jdk.core/src/org/eclipse/osee/framework/jdk/core/type/OseePrincipal.java
+++ b/plugins/org.eclipse.osee.framework.jdk.core/src/org/eclipse/osee/framework/jdk/core/type/OseePrincipal.java
@@ -11,8 +11,8 @@
 package org.eclipse.osee.framework.jdk.core.type;
 
 import java.security.Principal;
-import java.util.List;
 import java.util.Map;
+import java.util.Set;
 
 /**
  * @author Roberto E. Escobar
@@ -21,7 +21,7 @@ public interface OseePrincipal extends Principal, Identity<Long> {
 
    String getLogin();
 
-   List<String> getRoles();
+   Set<String> getRoles();
 
    String getDisplayName();
 
diff --git a/plugins/org.eclipse.osee.jaxrs.server/OSGI-INF/jaxrs.security.oauth2.provider.server.xml b/plugins/org.eclipse.osee.jaxrs.server/OSGI-INF/jaxrs.security.oauth2.provider.server.xml
index fddf8df53bc..6e745b87c91 100644
--- a/plugins/org.eclipse.osee.jaxrs.server/OSGI-INF/jaxrs.security.oauth2.provider.server.xml
+++ b/plugins/org.eclipse.osee.jaxrs.server/OSGI-INF/jaxrs.security.oauth2.provider.server.xml
@@ -5,5 +5,5 @@
  	<reference bind="setJaxRsApplicationRegistry" cardinality="1..1" interface="org.eclipse.osee.jaxrs.server.internal.applications.JaxRsApplicationRegistry" name="JaxRsApplicationRegistry" policy="static"/>
    <reference bind="setJaxRsAuthenticator" cardinality="1..1" interface="org.eclipse.osee.jaxrs.server.security.JaxRsAuthenticator" name="JaxRsAuthenticator" policy="static"/>
    <reference bind="setJaxRsOAuthStorage" cardinality="1..1" interface="org.eclipse.osee.jaxrs.server.security.JaxRsOAuthStorage" name="JaxRsOAuthStorage" policy="static"/>
-   <reference bind="setJaxRsSessionProvider" cardinality="1..1" interface="org.eclipse.osee.jaxrs.server.security.JaxRsSessionProvider" name="JaxRsSessionProvider" policy="static"/>
+   <reference bind="setJaxRsSessionProvider" cardinality="0..1" interface="org.eclipse.osee.jaxrs.server.security.JaxRsSessionProvider" name="JaxRsSessionProvider" policy="static"/>
 </scr:component>
diff --git a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/OAuthUtil.java b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/OAuthUtil.java
index 253e82a5a30..16d02770c8d 100644
--- a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/OAuthUtil.java
+++ b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/OAuthUtil.java
@@ -14,8 +14,10 @@ import java.io.UnsupportedEncodingException;
 import java.net.URI;
 import java.security.Principal;
 import java.util.ArrayList;
+import java.util.Collection;
 import java.util.Collections;
 import java.util.HashMap;
+import java.util.LinkedHashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
@@ -147,7 +149,7 @@ public final class OAuthUtil {
       return new SecurityContext() {
          @Override
          public boolean isUserInRole(String role) {
-            List<String> roles = principal.getRoles();
+            Collection<String> roles = principal.getRoles();
             if (roles == null) {
                roles = Collections.emptyList();
             }
@@ -189,7 +191,12 @@ public final class OAuthUtil {
 
    public static OseePrincipal newOseePrincipal(UserSubject subject) {
       Long id = getUserSubjectUuid(subject);
-      return new UserSubjectWrapper(id, subject);
+      Set<String> roles = new LinkedHashSet<String>();
+      List<String> sRoles = subject.getRoles();
+      if (sRoles != null) {
+         roles.addAll(sRoles);
+      }
+      return new UserSubjectWrapper(id, subject, roles);
    }
 
    public static Long getUserSubjectUuid(UserSubject subject) {
@@ -226,10 +233,12 @@ public final class OAuthUtil {
    private static final class UserSubjectWrapper extends BaseIdentity<Long> implements OseePrincipal {
 
       private final UserSubject subject;
+      private final Set<String> roles;
 
-      public UserSubjectWrapper(Long id, UserSubject subject) {
+      public UserSubjectWrapper(Long id, UserSubject subject, Set<String> roles) {
          super(id);
          this.subject = subject;
+         this.roles = roles;
       }
 
       @Override
@@ -243,8 +252,8 @@ public final class OAuthUtil {
       }
 
       @Override
-      public List<String> getRoles() {
-         return subject.getRoles();
+      public Set<String> getRoles() {
+         return roles;
       }
 
       @Override