diff options
author | Roberto E. Escobar | 2014-08-06 23:49:41 +0000 |
---|---|---|
committer | Angel Avila | 2014-08-06 23:49:41 +0000 |
commit | 93026f22e9237bf3ae9a850d4489dc5b027869a9 (patch) | |
tree | c851d975577289844890fff97feb239f9e7dcded /plugins | |
parent | 7c974809073fe4ea14a6e992917e7c533e7f50e3 (diff) | |
download | org.eclipse.osee-93026f22e9237bf3ae9a850d4489dc5b027869a9.tar.gz org.eclipse.osee-93026f22e9237bf3ae9a850d4489dc5b027869a9.tar.xz org.eclipse.osee-93026f22e9237bf3ae9a850d4489dc5b027869a9.zip |
feature[ats_ATS64264]: Integrate JAX-RS authentication with AccountAdmin
Change-Id: Ied30b74520a8c23b4aebe2fdb78142da4d7eff5b
Diffstat (limited to 'plugins')
7 files changed, 251 insertions, 8 deletions
diff --git a/plugins/org.eclipse.osee.account.rest/META-INF/MANIFEST.MF b/plugins/org.eclipse.osee.account.rest/META-INF/MANIFEST.MF index 9f2eabf08a6..f651e2e2550 100644 --- a/plugins/org.eclipse.osee.account.rest/META-INF/MANIFEST.MF +++ b/plugins/org.eclipse.osee.account.rest/META-INF/MANIFEST.MF @@ -15,7 +15,9 @@ Import-Package: javax.annotation.security, org.apache.commons.codec.binary, org.eclipse.osee.account.admin, org.eclipse.osee.account.rest.model, + org.eclipse.osee.authentication.admin, org.eclipse.osee.framework.jdk.core.type, org.eclipse.osee.framework.jdk.core.util, + org.eclipse.osee.jaxrs.server.security, org.eclipse.osee.template.engine Bundle-ActivationPolicy: lazy diff --git a/plugins/org.eclipse.osee.account.rest/OSGI-INF/jaxrs.authenticator.xml b/plugins/org.eclipse.osee.account.rest/OSGI-INF/jaxrs.authenticator.xml new file mode 100644 index 00000000000..fb0f73b5970 --- /dev/null +++ b/plugins/org.eclipse.osee.account.rest/OSGI-INF/jaxrs.authenticator.xml @@ -0,0 +1,10 @@ +<?xml version="1.0" encoding="UTF-8"?> +<scr:component xmlns:scr="http://www.osgi.org/xmlns/scr/v1.1.0" activate="start" configuration-policy="optional" deactivate="stop" modified="update"> + <implementation class="org.eclipse.osee.account.rest.internal.JaxRsAuthenticatorImpl" /> + <service> + <provide interface="org.eclipse.osee.jaxrs.server.security.JaxRsAuthenticator" /> + </service> + <reference bind="setAccountAdmin" cardinality="1..1" interface="org.eclipse.osee.account.admin.AccountAdmin" name="AccountAdmin" policy="static" /> + <reference bind="setAuthenticationAdmin" cardinality="1..1" interface="org.eclipse.osee.authentication.admin.AuthenticationAdmin" name="AuthenticationAdmin" policy="static"/> + <property name="jaxrs.authenticator.automatic.account.creation.allowed" type="Boolean" value="true"/> +</scr:component> diff --git a/plugins/org.eclipse.osee.account.rest/src/org/eclipse/osee/account/rest/internal/JaxRsAuthenticatorConstants.java b/plugins/org.eclipse.osee.account.rest/src/org/eclipse/osee/account/rest/internal/JaxRsAuthenticatorConstants.java new file mode 100644 index 00000000000..0bf9b033a12 --- /dev/null +++ b/plugins/org.eclipse.osee.account.rest/src/org/eclipse/osee/account/rest/internal/JaxRsAuthenticatorConstants.java @@ -0,0 +1,33 @@ +/******************************************************************************* + * Copyright (c) 2014 Boeing. + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * + * Contributors: + * Boeing - initial API and implementation + *******************************************************************************/ +package org.eclipse.osee.account.rest.internal; + +/** + * @author Roberto E. Escobar + */ +public final class JaxRsAuthenticatorConstants { + + private JaxRsAuthenticatorConstants() { + // Constants + } + + private static final String NAMESPACE = "jaxrs.authenticator"; + + private static String qualify(String value) { + return String.format("%s.%s", NAMESPACE, value); + } + + public static final String JAXRS_AUTH__ALLOW_AUTOMATIC_ACCOUNT_CREATION = + qualify("automatic.account.creation.allowed"); + + public static final boolean DEFAULT_JAXRS_AUTH__ALLOW_AUTOMATIC_ACCOUNT_CREATION = true; + +}
\ No newline at end of file diff --git a/plugins/org.eclipse.osee.account.rest/src/org/eclipse/osee/account/rest/internal/JaxRsAuthenticatorImpl.java b/plugins/org.eclipse.osee.account.rest/src/org/eclipse/osee/account/rest/internal/JaxRsAuthenticatorImpl.java new file mode 100644 index 00000000000..9042081a412 --- /dev/null +++ b/plugins/org.eclipse.osee.account.rest/src/org/eclipse/osee/account/rest/internal/JaxRsAuthenticatorImpl.java @@ -0,0 +1,189 @@ +/******************************************************************************* + * Copyright (c) 2014 Boeing. + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * + * Contributors: + * Boeing - initial API and implementation + *******************************************************************************/ +package org.eclipse.osee.account.rest.internal; + +import static org.eclipse.osee.account.rest.internal.JaxRsAuthenticatorConstants.DEFAULT_JAXRS_AUTH__ALLOW_AUTOMATIC_ACCOUNT_CREATION; +import static org.eclipse.osee.account.rest.internal.JaxRsAuthenticatorConstants.JAXRS_AUTH__ALLOW_AUTOMATIC_ACCOUNT_CREATION; +import java.util.Collections; +import java.util.LinkedHashSet; +import java.util.Map; +import java.util.Set; +import org.eclipse.osee.account.admin.Account; +import org.eclipse.osee.account.admin.AccountAdmin; +import org.eclipse.osee.account.admin.CreateAccountRequest; +import org.eclipse.osee.account.admin.CreateAccountRequestBuilder; +import org.eclipse.osee.account.admin.SystemRoles; +import org.eclipse.osee.authentication.admin.AuthenticatedUser; +import org.eclipse.osee.authentication.admin.AuthenticationAdmin; +import org.eclipse.osee.authentication.admin.AuthenticationRequest; +import org.eclipse.osee.authentication.admin.AuthenticationRequestBuilder; +import org.eclipse.osee.framework.jdk.core.type.BaseIdentity; +import org.eclipse.osee.framework.jdk.core.type.Identifiable; +import org.eclipse.osee.framework.jdk.core.type.OseeCoreException; +import org.eclipse.osee.framework.jdk.core.type.OseePrincipal; +import org.eclipse.osee.framework.jdk.core.type.ResultSet; +import org.eclipse.osee.jaxrs.server.security.JaxRsAuthenticator; + +/** + * @author Roberto E. Escobar + */ +public class JaxRsAuthenticatorImpl implements JaxRsAuthenticator { + + private AuthenticationAdmin authenticationAdmin; + private AccountAdmin accountAdmin; + + private volatile boolean automaticAccountCreationAllowed = DEFAULT_JAXRS_AUTH__ALLOW_AUTOMATIC_ACCOUNT_CREATION; + + public void setAuthenticationAdmin(AuthenticationAdmin authenticationAdmin) { + this.authenticationAdmin = authenticationAdmin; + } + + public void setAccountAdmin(AccountAdmin accountAdmin) { + this.accountAdmin = accountAdmin; + } + + public void start(Map<String, Object> props) { + update(props); + } + + public void stop() { + // + } + + public void update(Map<String, Object> props) { + automaticAccountCreationAllowed = + getBoolean(props, JAXRS_AUTH__ALLOW_AUTOMATIC_ACCOUNT_CREATION, + DEFAULT_JAXRS_AUTH__ALLOW_AUTOMATIC_ACCOUNT_CREATION); + } + + @Override + public OseePrincipal authenticate(String scheme, String username, String password) { + AuthenticationRequest request = AuthenticationRequestBuilder.newBuilder() // + .userName(username)// + .password(password)// + .build(); + + AuthenticatedUser subject = authenticationAdmin.authenticate(request); + Account account = resolveAccount(username, subject, automaticAccountCreationAllowed); + + Set<String> roles = new LinkedHashSet<String>(); + if (subject.isAuthenticated()) { + roles.add(SystemRoles.ROLES_AUTHENTICATED); + } else { + roles.add(SystemRoles.ROLES_ANONYMOUS); + } + for (String role : subject.getRoles()) { + roles.add(role); + } + // Get additional roles/permissions from authorization service; + + // Preferences or other user specific properties + Map<String, String> properties = Collections.emptyMap(); + return new OseePrincipalImpl(username, account, subject.isAuthenticated(), roles, properties); + } + + private Account resolveAccount(String login, AuthenticatedUser subject, boolean accountCreationAllowed) { + ResultSet<Account> result = accountAdmin.getAccountByUserName(subject.getUserName()); + Account account = result.getOneOrNull(); + if (account == null) { + if (subject.isAuthenticated() && accountCreationAllowed) { + CreateAccountRequest request = CreateAccountRequestBuilder.newBuilder()// + .active(subject.isActive())// + .displayName(subject.getDisplayName())// + .email(subject.getEmailAddress())// + .userName(subject.getUserName())// + .build(); + Identifiable<String> id = accountAdmin.createAccount(request); + account = accountAdmin.getAccountById(id).getExactlyOne(); + } else { + // or log in as anonymous ? + throw new OseeCoreException("Account not found for [%s]", login); + } + } + return account; + } + + private static boolean getBoolean(Map<String, Object> props, String key, boolean defaultValue) { + boolean toReturn = defaultValue; + Object object = props != null ? props.get(key) : null; + if (object != null) { + if (object instanceof String) { + toReturn = Boolean.parseBoolean((String) object); + } else if (object instanceof Boolean) { + toReturn = (Boolean) object; + } + } + return toReturn; + } + + private static final class OseePrincipalImpl extends BaseIdentity<Long> implements OseePrincipal { + private final String login; + private final Account data; + private final boolean authenticated; + private final Set<String> roles; + private final Map<String, String> properties; + + public OseePrincipalImpl(String login, Account data, boolean authenticated, Set<String> roles, Map<String, String> properties) { + super(data.getId()); + this.login = login; + this.data = data; + this.authenticated = authenticated; + this.roles = roles; + this.properties = properties; + } + + @Override + public String getDisplayName() { + return data.getName(); + } + + @Override + public String getUserName() { + return data.getUserName(); + } + + @Override + public String getEmailAddress() { + return data.getEmail(); + } + + @Override + public boolean isActive() { + return data.isActive(); + } + + @Override + public Set<String> getRoles() { + return roles; + } + + @Override + public boolean isAuthenticated() { + return authenticated; + } + + @Override + public String getName() { + return getDisplayName(); + } + + @Override + public String getLogin() { + return login; + } + + @Override + public Map<String, String> getProperties() { + return properties; + } + } + +}
\ No newline at end of file diff --git a/plugins/org.eclipse.osee.framework.jdk.core/src/org/eclipse/osee/framework/jdk/core/type/OseePrincipal.java b/plugins/org.eclipse.osee.framework.jdk.core/src/org/eclipse/osee/framework/jdk/core/type/OseePrincipal.java index 3c8688eb84b..cdcb14feb24 100644 --- a/plugins/org.eclipse.osee.framework.jdk.core/src/org/eclipse/osee/framework/jdk/core/type/OseePrincipal.java +++ b/plugins/org.eclipse.osee.framework.jdk.core/src/org/eclipse/osee/framework/jdk/core/type/OseePrincipal.java @@ -11,8 +11,8 @@ package org.eclipse.osee.framework.jdk.core.type; import java.security.Principal; -import java.util.List; import java.util.Map; +import java.util.Set; /** * @author Roberto E. Escobar @@ -21,7 +21,7 @@ public interface OseePrincipal extends Principal, Identity<Long> { String getLogin(); - List<String> getRoles(); + Set<String> getRoles(); String getDisplayName(); diff --git a/plugins/org.eclipse.osee.jaxrs.server/OSGI-INF/jaxrs.security.oauth2.provider.server.xml b/plugins/org.eclipse.osee.jaxrs.server/OSGI-INF/jaxrs.security.oauth2.provider.server.xml index fddf8df53bc..6e745b87c91 100644 --- a/plugins/org.eclipse.osee.jaxrs.server/OSGI-INF/jaxrs.security.oauth2.provider.server.xml +++ b/plugins/org.eclipse.osee.jaxrs.server/OSGI-INF/jaxrs.security.oauth2.provider.server.xml @@ -5,5 +5,5 @@ <reference bind="setJaxRsApplicationRegistry" cardinality="1..1" interface="org.eclipse.osee.jaxrs.server.internal.applications.JaxRsApplicationRegistry" name="JaxRsApplicationRegistry" policy="static"/> <reference bind="setJaxRsAuthenticator" cardinality="1..1" interface="org.eclipse.osee.jaxrs.server.security.JaxRsAuthenticator" name="JaxRsAuthenticator" policy="static"/> <reference bind="setJaxRsOAuthStorage" cardinality="1..1" interface="org.eclipse.osee.jaxrs.server.security.JaxRsOAuthStorage" name="JaxRsOAuthStorage" policy="static"/> - <reference bind="setJaxRsSessionProvider" cardinality="1..1" interface="org.eclipse.osee.jaxrs.server.security.JaxRsSessionProvider" name="JaxRsSessionProvider" policy="static"/> + <reference bind="setJaxRsSessionProvider" cardinality="0..1" interface="org.eclipse.osee.jaxrs.server.security.JaxRsSessionProvider" name="JaxRsSessionProvider" policy="static"/> </scr:component> diff --git a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/OAuthUtil.java b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/OAuthUtil.java index 253e82a5a30..16d02770c8d 100644 --- a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/OAuthUtil.java +++ b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/OAuthUtil.java @@ -14,8 +14,10 @@ import java.io.UnsupportedEncodingException; import java.net.URI; import java.security.Principal; import java.util.ArrayList; +import java.util.Collection; import java.util.Collections; import java.util.HashMap; +import java.util.LinkedHashSet; import java.util.List; import java.util.Map; import java.util.Set; @@ -147,7 +149,7 @@ public final class OAuthUtil { return new SecurityContext() { @Override public boolean isUserInRole(String role) { - List<String> roles = principal.getRoles(); + Collection<String> roles = principal.getRoles(); if (roles == null) { roles = Collections.emptyList(); } @@ -189,7 +191,12 @@ public final class OAuthUtil { public static OseePrincipal newOseePrincipal(UserSubject subject) { Long id = getUserSubjectUuid(subject); - return new UserSubjectWrapper(id, subject); + Set<String> roles = new LinkedHashSet<String>(); + List<String> sRoles = subject.getRoles(); + if (sRoles != null) { + roles.addAll(sRoles); + } + return new UserSubjectWrapper(id, subject, roles); } public static Long getUserSubjectUuid(UserSubject subject) { @@ -226,10 +233,12 @@ public final class OAuthUtil { private static final class UserSubjectWrapper extends BaseIdentity<Long> implements OseePrincipal { private final UserSubject subject; + private final Set<String> roles; - public UserSubjectWrapper(Long id, UserSubject subject) { + public UserSubjectWrapper(Long id, UserSubject subject, Set<String> roles) { super(id); this.subject = subject; + this.roles = roles; } @Override @@ -243,8 +252,8 @@ public final class OAuthUtil { } @Override - public List<String> getRoles() { - return subject.getRoles(); + public Set<String> getRoles() { + return roles; } @Override |