Skip to main content
summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAngel Avila2015-04-10 02:33:02 +0000
committerjmisinco2015-04-10 02:33:02 +0000
commit1a5a944045a52bfd6486a28d17466bd93dff69fe (patch)
tree404f5470516c120768ae979a3ef704a7f9060f19
parent02c0f064d6527c24876ec6a30f5b62eb29dbab7c (diff)
downloadorg.eclipse.osee-1a5a944045a52bfd6486a28d17466bd93dff69fe.tar.gz
org.eclipse.osee-1a5a944045a52bfd6486a28d17466bd93dff69fe.tar.xz
org.eclipse.osee-1a5a944045a52bfd6486a28d17466bd93dff69fe.zip
feature[ATS186414]: Enable OAuth Roles
-rw-r--r--plugins/org.eclipse.osee.account.rest/META-INF/MANIFEST.MF1
-rw-r--r--plugins/org.eclipse.osee.account.rest/OSGI-INF/jaxrs.authenticator.xml1
-rw-r--r--plugins/org.eclipse.osee.account.rest/src/org/eclipse/osee/account/rest/internal/AccountsResource.java3
-rw-r--r--plugins/org.eclipse.osee.account.rest/src/org/eclipse/osee/account/rest/internal/JaxRsAuthenticatorImpl.java21
-rw-r--r--plugins/org.eclipse.osee.account.rest/src/org/eclipse/osee/account/rest/internal/SubscriptionsResource.java1
-rw-r--r--plugins/org.eclipse.osee.authorization.admin.test/src/org/eclipse/osee/authorization/admin/internal/AuthorizationAdminImplTest.java1
-rw-r--r--plugins/org.eclipse.osee.authorization.admin/META-INF/MANIFEST.MF9
-rw-r--r--plugins/org.eclipse.osee.authorization.admin/OSGI-INF/authorization.admin.xml3
-rw-r--r--plugins/org.eclipse.osee.authorization.admin/OSGI-INF/osee.authorization.provider.xml8
-rw-r--r--plugins/org.eclipse.osee.authorization.admin/src/org/eclipse/osee/authorization/admin/AuthorizationAdmin.java2
-rw-r--r--plugins/org.eclipse.osee.authorization.admin/src/org/eclipse/osee/authorization/admin/AuthorizationConfiguration.java2
-rw-r--r--plugins/org.eclipse.osee.authorization.admin/src/org/eclipse/osee/authorization/admin/AuthorizationConfigurationBuilder.java15
-rw-r--r--plugins/org.eclipse.osee.authorization.admin/src/org/eclipse/osee/authorization/admin/AuthorizationConstants.java4
-rw-r--r--plugins/org.eclipse.osee.authorization.admin/src/org/eclipse/osee/authorization/admin/AuthorizationRequest.java2
-rw-r--r--plugins/org.eclipse.osee.authorization.admin/src/org/eclipse/osee/authorization/admin/AuthorizationRequestBuilder.java20
-rw-r--r--plugins/org.eclipse.osee.authorization.admin/src/org/eclipse/osee/authorization/admin/AuthorizationUser.java24
-rw-r--r--plugins/org.eclipse.osee.authorization.admin/src/org/eclipse/osee/authorization/admin/internal/AuthorizationAdminImpl.java14
-rw-r--r--plugins/org.eclipse.osee.authorization.admin/src/org/eclipse/osee/authorization/admin/internal/OseeAuthorizationProvider.java142
-rw-r--r--plugins/org.eclipse.osee.jaxrs.server/OSGI-INF/jaxrs.osee.interceptor.xml7
-rw-r--r--plugins/org.eclipse.osee.jaxrs.server/OSGI-INF/jaxrs.simple.authorizing.filter.xml10
-rw-r--r--plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/OAuth2DataProvider.java30
-rw-r--r--plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/OseeAnnotationsInterceptor.java43
-rw-r--r--plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/OseeAuthorizingFilter.java57
-rw-r--r--plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/adapters/OAuthEncryption.java3
-rw-r--r--plugins/org.eclipse.osee.orcs.rest.model/src/org/eclipse/osee/orcs/rest/model/BranchEndpoint.java3
-rw-r--r--plugins/org.eclipse.osee.orcs.rest.model/src/org/eclipse/osee/orcs/rest/model/DatastoreEndpoint.java3
-rw-r--r--plugins/org.eclipse.osee.orcs.rest.model/src/org/eclipse/osee/orcs/rest/model/IndexerEndpoint.java3
-rw-r--r--plugins/org.eclipse.osee.orcs.rest.model/src/org/eclipse/osee/orcs/rest/model/TransactionEndpoint.java3
-rw-r--r--plugins/org.eclipse.osee.orcs.rest.model/src/org/eclipse/osee/orcs/rest/model/TypesEndpoint.java3
29 files changed, 408 insertions, 30 deletions
diff --git a/plugins/org.eclipse.osee.account.rest/META-INF/MANIFEST.MF b/plugins/org.eclipse.osee.account.rest/META-INF/MANIFEST.MF
index cf0729390d..78dfef189c 100644
--- a/plugins/org.eclipse.osee.account.rest/META-INF/MANIFEST.MF
+++ b/plugins/org.eclipse.osee.account.rest/META-INF/MANIFEST.MF
@@ -16,6 +16,7 @@ Import-Package: javax.annotation.security,
org.eclipse.osee.account.admin,
org.eclipse.osee.account.rest.model,
org.eclipse.osee.authentication.admin,
+ org.eclipse.osee.authorization.admin,
org.eclipse.osee.framework.jdk.core.type,
org.eclipse.osee.framework.jdk.core.util,
org.eclipse.osee.jaxrs.server.security,
diff --git a/plugins/org.eclipse.osee.account.rest/OSGI-INF/jaxrs.authenticator.xml b/plugins/org.eclipse.osee.account.rest/OSGI-INF/jaxrs.authenticator.xml
index fb0f73b597..2514d9248d 100644
--- a/plugins/org.eclipse.osee.account.rest/OSGI-INF/jaxrs.authenticator.xml
+++ b/plugins/org.eclipse.osee.account.rest/OSGI-INF/jaxrs.authenticator.xml
@@ -7,4 +7,5 @@
<reference bind="setAccountAdmin" cardinality="1..1" interface="org.eclipse.osee.account.admin.AccountAdmin" name="AccountAdmin" policy="static" />
<reference bind="setAuthenticationAdmin" cardinality="1..1" interface="org.eclipse.osee.authentication.admin.AuthenticationAdmin" name="AuthenticationAdmin" policy="static"/>
<property name="jaxrs.authenticator.automatic.account.creation.allowed" type="Boolean" value="true"/>
+ <reference bind="setAuthorizationAdmin" cardinality="1..1" interface="org.eclipse.osee.authorization.admin.AuthorizationAdmin" name="AuthorizationAdmin" policy="static"/>
</scr:component>
diff --git a/plugins/org.eclipse.osee.account.rest/src/org/eclipse/osee/account/rest/internal/AccountsResource.java b/plugins/org.eclipse.osee.account.rest/src/org/eclipse/osee/account/rest/internal/AccountsResource.java
index b10647cb73..752e7b5201 100644
--- a/plugins/org.eclipse.osee.account.rest/src/org/eclipse/osee/account/rest/internal/AccountsResource.java
+++ b/plugins/org.eclipse.osee.account.rest/src/org/eclipse/osee/account/rest/internal/AccountsResource.java
@@ -11,7 +11,6 @@
package org.eclipse.osee.account.rest.internal;
import javax.annotation.security.PermitAll;
-import javax.annotation.security.RolesAllowed;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
@@ -21,7 +20,6 @@ import javax.ws.rs.core.MediaType;
import org.eclipse.osee.account.rest.model.AccountContexts;
import org.eclipse.osee.account.rest.model.AccountInfoData;
import org.eclipse.osee.framework.jdk.core.type.OseePrincipal;
-import org.eclipse.osee.framework.jdk.core.type.SystemRoles;
/**
* @author Roberto E. Escobar
@@ -55,7 +53,6 @@ public class AccountsResource {
* @return All accounts
*/
@GET
- @RolesAllowed(SystemRoles.ROLES_AUTHENTICATED)
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
public AccountInfoData[] getAccounts() {
return accountOps.getAllAccounts().toArray(new AccountInfoData[] {});
diff --git a/plugins/org.eclipse.osee.account.rest/src/org/eclipse/osee/account/rest/internal/JaxRsAuthenticatorImpl.java b/plugins/org.eclipse.osee.account.rest/src/org/eclipse/osee/account/rest/internal/JaxRsAuthenticatorImpl.java
index 72f7871422..f54848b43a 100644
--- a/plugins/org.eclipse.osee.account.rest/src/org/eclipse/osee/account/rest/internal/JaxRsAuthenticatorImpl.java
+++ b/plugins/org.eclipse.osee.account.rest/src/org/eclipse/osee/account/rest/internal/JaxRsAuthenticatorImpl.java
@@ -24,6 +24,11 @@ import org.eclipse.osee.authentication.admin.AuthenticatedUser;
import org.eclipse.osee.authentication.admin.AuthenticationAdmin;
import org.eclipse.osee.authentication.admin.AuthenticationRequest;
import org.eclipse.osee.authentication.admin.AuthenticationRequestBuilder;
+import org.eclipse.osee.authorization.admin.Authorization;
+import org.eclipse.osee.authorization.admin.AuthorizationAdmin;
+import org.eclipse.osee.authorization.admin.AuthorizationRequest;
+import org.eclipse.osee.authorization.admin.AuthorizationRequestBuilder;
+import org.eclipse.osee.authorization.admin.AuthorizationUser;
import org.eclipse.osee.framework.jdk.core.type.BaseIdentity;
import org.eclipse.osee.framework.jdk.core.type.Identifiable;
import org.eclipse.osee.framework.jdk.core.type.OseeCoreException;
@@ -38,6 +43,7 @@ import org.eclipse.osee.jaxrs.server.security.JaxRsAuthenticator;
public class JaxRsAuthenticatorImpl implements JaxRsAuthenticator {
private AuthenticationAdmin authenticationAdmin;
+ private AuthorizationAdmin authorizationAdmin;
private AccountAdmin accountAdmin;
private volatile boolean automaticAccountCreationAllowed = DEFAULT_JAXRS_AUTH__ALLOW_AUTOMATIC_ACCOUNT_CREATION;
@@ -50,6 +56,10 @@ public class JaxRsAuthenticatorImpl implements JaxRsAuthenticator {
this.accountAdmin = accountAdmin;
}
+ public void setAuthorizationAdmin(AuthorizationAdmin authorizationAdmin) {
+ this.authorizationAdmin = authorizationAdmin;
+ }
+
public void start(Map<String, Object> props) {
update(props);
}
@@ -102,6 +112,17 @@ public class JaxRsAuthenticatorImpl implements JaxRsAuthenticator {
roles.add(role);
}
// Get additional roles/permissions from authorization service;
+ AuthorizationRequest authorizationRequest = AuthorizationRequestBuilder.newBuilder()//
+ .secure(true) //
+ .identifier(account.getId())//
+ .build();
+
+ Authorization authorize = authorizationAdmin.authorize(authorizationRequest);
+ AuthorizationUser authUser = (AuthorizationUser) authorize.getPrincipal();
+
+ for (String role : authUser.getRoles()) {
+ roles.add(role);
+ }
// Preferences or other user specific properties
Map<String, String> properties = Collections.emptyMap();
diff --git a/plugins/org.eclipse.osee.account.rest/src/org/eclipse/osee/account/rest/internal/SubscriptionsResource.java b/plugins/org.eclipse.osee.account.rest/src/org/eclipse/osee/account/rest/internal/SubscriptionsResource.java
index f69f97b6e5..921e83c043 100644
--- a/plugins/org.eclipse.osee.account.rest/src/org/eclipse/osee/account/rest/internal/SubscriptionsResource.java
+++ b/plugins/org.eclipse.osee.account.rest/src/org/eclipse/osee/account/rest/internal/SubscriptionsResource.java
@@ -49,7 +49,6 @@ public class SubscriptionsResource {
*
* @return accountSubscriptions
*/
- @RolesAllowed(SystemRoles.ROLES_AUTHENTICATED)
@Path("/for-account/{account-id}")
@GET
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
diff --git a/plugins/org.eclipse.osee.authorization.admin.test/src/org/eclipse/osee/authorization/admin/internal/AuthorizationAdminImplTest.java b/plugins/org.eclipse.osee.authorization.admin.test/src/org/eclipse/osee/authorization/admin/internal/AuthorizationAdminImplTest.java
index a6e40db6f5..cb0af22089 100644
--- a/plugins/org.eclipse.osee.authorization.admin.test/src/org/eclipse/osee/authorization/admin/internal/AuthorizationAdminImplTest.java
+++ b/plugins/org.eclipse.osee.authorization.admin.test/src/org/eclipse/osee/authorization/admin/internal/AuthorizationAdminImplTest.java
@@ -137,6 +137,7 @@ public class AuthorizationAdminImplTest {
assertEquals(false, actual);
AuthorizationRequest request = AuthorizationRequestBuilder.newBuilder()//
+ .authorizationType("None")//
.build();
thrown.expect(OseeArgumentException.class);
diff --git a/plugins/org.eclipse.osee.authorization.admin/META-INF/MANIFEST.MF b/plugins/org.eclipse.osee.authorization.admin/META-INF/MANIFEST.MF
index 2e42f07c2d..435af1d112 100644
--- a/plugins/org.eclipse.osee.authorization.admin/META-INF/MANIFEST.MF
+++ b/plugins/org.eclipse.osee.authorization.admin/META-INF/MANIFEST.MF
@@ -7,7 +7,12 @@ Bundle-Vendor: Eclipse Open System Engineering Environment
Bundle-RequiredExecutionEnvironment: JavaSE-1.6
Service-Component: OSGI-INF/*.xml
Export-Package: org.eclipse.osee.authorization.admin
-Import-Package: org.eclipse.osee.framework.jdk.core.type,
+Import-Package: org.eclipse.osee.framework.core.data,
+ org.eclipse.osee.framework.core.enums,
+ org.eclipse.osee.framework.jdk.core.type,
org.eclipse.osee.framework.jdk.core.util,
- org.eclipse.osee.logger
+ org.eclipse.osee.logger,
+ org.eclipse.osee.orcs,
+ org.eclipse.osee.orcs.data,
+ org.eclipse.osee.orcs.search
Bundle-ActivationPolicy: lazy
diff --git a/plugins/org.eclipse.osee.authorization.admin/OSGI-INF/authorization.admin.xml b/plugins/org.eclipse.osee.authorization.admin/OSGI-INF/authorization.admin.xml
index 2b59539508..1fb4c7ecb8 100644
--- a/plugins/org.eclipse.osee.authorization.admin/OSGI-INF/authorization.admin.xml
+++ b/plugins/org.eclipse.osee.authorization.admin/OSGI-INF/authorization.admin.xml
@@ -7,5 +7,6 @@
<reference bind="setLogger" cardinality="1..1" interface="org.eclipse.osee.logger.Log" name="Log" policy="static"/>
<reference bind="addAuthorizationProvider" cardinality="0..n" interface="org.eclipse.osee.authorization.admin.AuthorizationProvider" name="AuthorizationProvider" policy="dynamic" unbind="removeAuthorizationProvider"/>
<property name="authorization.scheme.override" type="String" value="PERMIT_ALL"/>
- <property name="authorization.scheme.allowed" type="String" value="None"/>
+ <property name="authorization.scheme.allowed" type="String"/>
+ <property name="authorization.scheme.default" type="String" value="OSEE"/>
</scr:component>
diff --git a/plugins/org.eclipse.osee.authorization.admin/OSGI-INF/osee.authorization.provider.xml b/plugins/org.eclipse.osee.authorization.admin/OSGI-INF/osee.authorization.provider.xml
new file mode 100644
index 0000000000..2b63a45678
--- /dev/null
+++ b/plugins/org.eclipse.osee.authorization.admin/OSGI-INF/osee.authorization.provider.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<scr:component xmlns:scr="http://www.osgi.org/xmlns/scr/v1.1.0">
+ <implementation class="org.eclipse.osee.authorization.admin.internal.OseeAuthorizationProvider"/>
+ <service>
+ <provide interface="org.eclipse.osee.authorization.admin.AuthorizationProvider"/>
+ </service>
+ <reference bind="setOrcsApi" cardinality="1..1" interface="org.eclipse.osee.orcs.OrcsApi" name="OrcsApi" policy="static"/>
+</scr:component>
diff --git a/plugins/org.eclipse.osee.authorization.admin/src/org/eclipse/osee/authorization/admin/AuthorizationAdmin.java b/plugins/org.eclipse.osee.authorization.admin/src/org/eclipse/osee/authorization/admin/AuthorizationAdmin.java
index a7156afd20..c395b9b854 100644
--- a/plugins/org.eclipse.osee.authorization.admin/src/org/eclipse/osee/authorization/admin/AuthorizationAdmin.java
+++ b/plugins/org.eclipse.osee.authorization.admin/src/org/eclipse/osee/authorization/admin/AuthorizationAdmin.java
@@ -23,4 +23,6 @@ public interface AuthorizationAdmin {
Iterable<String> getAvailableSchemes();
+ String getDefaultScheme();
+
}
diff --git a/plugins/org.eclipse.osee.authorization.admin/src/org/eclipse/osee/authorization/admin/AuthorizationConfiguration.java b/plugins/org.eclipse.osee.authorization.admin/src/org/eclipse/osee/authorization/admin/AuthorizationConfiguration.java
index d95405fc41..d5eeb24bb3 100644
--- a/plugins/org.eclipse.osee.authorization.admin/src/org/eclipse/osee/authorization/admin/AuthorizationConfiguration.java
+++ b/plugins/org.eclipse.osee.authorization.admin/src/org/eclipse/osee/authorization/admin/AuthorizationConfiguration.java
@@ -21,4 +21,6 @@ public interface AuthorizationConfiguration {
Iterable<String> getAllowedSchemes();
+ String getDefaultScheme();
+
} \ No newline at end of file
diff --git a/plugins/org.eclipse.osee.authorization.admin/src/org/eclipse/osee/authorization/admin/AuthorizationConfigurationBuilder.java b/plugins/org.eclipse.osee.authorization.admin/src/org/eclipse/osee/authorization/admin/AuthorizationConfigurationBuilder.java
index c0936a081b..3adbdbb5d8 100644
--- a/plugins/org.eclipse.osee.authorization.admin/src/org/eclipse/osee/authorization/admin/AuthorizationConfigurationBuilder.java
+++ b/plugins/org.eclipse.osee.authorization.admin/src/org/eclipse/osee/authorization/admin/AuthorizationConfigurationBuilder.java
@@ -60,6 +60,7 @@ public class AuthorizationConfigurationBuilder {
private AuthorizationOverride override;
private final Set<String> schemes = new HashSet<String>();
+ private String defaultScheme;
@Override
public synchronized AuthorizationConfigurationImpl clone() {
@@ -88,6 +89,11 @@ public class AuthorizationConfigurationBuilder {
return unmodifiableSortedIterable(schemes);
}
+ @Override
+ public String getDefaultScheme() {
+ return defaultScheme;
+ }
+
public void addSchemes(Collection<String> toAdd) {
if (toAdd != null && !toAdd.isEmpty()) {
for (String scheme : toAdd) {
@@ -102,10 +108,18 @@ public class AuthorizationConfigurationBuilder {
}
}
+ public void setDefaultScheme(String scheme) {
+ if (Strings.isValid(scheme)) {
+ this.defaultScheme = scheme;
+ }
+ }
+
public void loadProperties(Map<String, Object> props) {
if (props != null && !props.isEmpty()) {
setOverride(getOverrideType(props, AUTHORIZATION_OVERRIDE, DEFAULT_AUTHORIZATION_OVERRIDE));
addSchemes(getSet(props, AUTHORIZATION_SCHEME_ALLOWED, DEFAULT_AUTHORIZATION_PROVIDER));
+ setDefaultScheme(get(props, AuthorizationConstants.AUTHORIZATION_SCHEME_DEFAULT,
+ AuthorizationConstants.DEFAULT_AUTHORIZATION_SCHEME_DEFAULT));
}
}
@@ -143,7 +157,6 @@ public class AuthorizationConfigurationBuilder {
}
return toReturn;
}
-
}
} \ No newline at end of file
diff --git a/plugins/org.eclipse.osee.authorization.admin/src/org/eclipse/osee/authorization/admin/AuthorizationConstants.java b/plugins/org.eclipse.osee.authorization.admin/src/org/eclipse/osee/authorization/admin/AuthorizationConstants.java
index 6c98e2bc7b..824c0e0deb 100644
--- a/plugins/org.eclipse.osee.authorization.admin/src/org/eclipse/osee/authorization/admin/AuthorizationConstants.java
+++ b/plugins/org.eclipse.osee.authorization.admin/src/org/eclipse/osee/authorization/admin/AuthorizationConstants.java
@@ -30,6 +30,7 @@ public final class AuthorizationConstants {
public static final String DENY_ALL_AUTHORIZER_SCHEME = "Override - DenyAll";
public static final String PERMIT_ALL_AUTHORIZER_SCHEME = "Override - PermitAll";
public static final String NONE_AUTHORIZATION_PROVIDER = "None";
+ public static final String OSEE_AUTHORIZATION_PROVIDER = "OSEE";
public static final AuthorizationOverride DEFAULT_AUTHORIZATION_OVERRIDE = AuthorizationOverride.PERMIT_ALL;
public static final String DEFAULT_AUTHORIZATION_PROVIDER = NONE_AUTHORIZATION_PROVIDER;
@@ -37,4 +38,7 @@ public final class AuthorizationConstants {
public static final String AUTHORIZATION_OVERRIDE = qualify("override");
public static final String AUTHORIZATION_SCHEME_ALLOWED = qualify("scheme.allowed");
+ public static final String AUTHORIZATION_SCHEME_DEFAULT = qualify("scheme.default");
+ public static final String DEFAULT_AUTHORIZATION_SCHEME_DEFAULT = "";
+
}
diff --git a/plugins/org.eclipse.osee.authorization.admin/src/org/eclipse/osee/authorization/admin/AuthorizationRequest.java b/plugins/org.eclipse.osee.authorization.admin/src/org/eclipse/osee/authorization/admin/AuthorizationRequest.java
index 3c036b94a7..5f92925b69 100644
--- a/plugins/org.eclipse.osee.authorization.admin/src/org/eclipse/osee/authorization/admin/AuthorizationRequest.java
+++ b/plugins/org.eclipse.osee.authorization.admin/src/org/eclipse/osee/authorization/admin/AuthorizationRequest.java
@@ -27,4 +27,6 @@ public interface AuthorizationRequest {
String getAuthorizationType();
+ long getIdentifier();
+
}
diff --git a/plugins/org.eclipse.osee.authorization.admin/src/org/eclipse/osee/authorization/admin/AuthorizationRequestBuilder.java b/plugins/org.eclipse.osee.authorization.admin/src/org/eclipse/osee/authorization/admin/AuthorizationRequestBuilder.java
index da6869445c..49c13b646e 100644
--- a/plugins/org.eclipse.osee.authorization.admin/src/org/eclipse/osee/authorization/admin/AuthorizationRequestBuilder.java
+++ b/plugins/org.eclipse.osee.authorization.admin/src/org/eclipse/osee/authorization/admin/AuthorizationRequestBuilder.java
@@ -22,6 +22,7 @@ public final class AuthorizationRequestBuilder {
private String path;
private String method;
private String authType;
+ private long identifier;
private AuthorizationRequestBuilder() {
//
@@ -32,7 +33,7 @@ public final class AuthorizationRequestBuilder {
}
public AuthorizationRequest build() {
- return new AuthorizationRequestImpl(isSecure, date, path, method, authType);
+ return new AuthorizationRequestImpl(isSecure, date, path, method, authType, identifier);
}
public AuthorizationRequestBuilder secure(boolean isSecure) {
@@ -45,6 +46,11 @@ public final class AuthorizationRequestBuilder {
return this;
}
+ public AuthorizationRequestBuilder identifier(long identifier) {
+ this.identifier = identifier;
+ return this;
+ }
+
public AuthorizationRequestBuilder method(String method) {
this.method = method;
return this;
@@ -67,14 +73,16 @@ public final class AuthorizationRequestBuilder {
private final String path;
private final String method;
private final String authType;
+ private final long identifier;
- public AuthorizationRequestImpl(boolean isSecure, Date requestDate, String path, String method, String authType) {
+ public AuthorizationRequestImpl(boolean isSecure, Date requestDate, String path, String method, String authType, long identifier) {
super();
this.isSecure = isSecure;
this.requestDate = requestDate;
this.path = path;
this.method = method;
this.authType = authType;
+ this.identifier = identifier;
}
@Override
@@ -103,9 +111,13 @@ public final class AuthorizationRequestBuilder {
}
@Override
- public String toString() {
- return "AuthorizationRequestImpl [isSecure=" + isSecure + ", requestDate=" + requestDate + ", path=" + path + ", method=" + method + ", authType=" + authType + "]";
+ public long getIdentifier() {
+ return identifier;
}
+ @Override
+ public String toString() {
+ return "AuthorizationRequestImpl [isSecure=" + isSecure + ", requestDate=" + requestDate + ", path=" + path + ", method=" + method + ", authType=" + authType + ", identifier" + identifier + "]";
+ }
}
}
diff --git a/plugins/org.eclipse.osee.authorization.admin/src/org/eclipse/osee/authorization/admin/AuthorizationUser.java b/plugins/org.eclipse.osee.authorization.admin/src/org/eclipse/osee/authorization/admin/AuthorizationUser.java
new file mode 100644
index 0000000000..a5b7d694d0
--- /dev/null
+++ b/plugins/org.eclipse.osee.authorization.admin/src/org/eclipse/osee/authorization/admin/AuthorizationUser.java
@@ -0,0 +1,24 @@
+/*******************************************************************************
+ * Copyright (c) 2015 Boeing.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ *
+ * Contributors:
+ * Boeing - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.osee.authorization.admin;
+
+import java.security.Principal;
+
+/**
+ * @author Angel Avila
+ */
+public interface AuthorizationUser extends Principal, Authorization {
+
+ Iterable<String> getRoles();
+
+ boolean isAuthenticated();
+
+}
diff --git a/plugins/org.eclipse.osee.authorization.admin/src/org/eclipse/osee/authorization/admin/internal/AuthorizationAdminImpl.java b/plugins/org.eclipse.osee.authorization.admin/src/org/eclipse/osee/authorization/admin/internal/AuthorizationAdminImpl.java
index 5c01ee7b1a..ff0c139db4 100644
--- a/plugins/org.eclipse.osee.authorization.admin/src/org/eclipse/osee/authorization/admin/internal/AuthorizationAdminImpl.java
+++ b/plugins/org.eclipse.osee.authorization.admin/src/org/eclipse/osee/authorization/admin/internal/AuthorizationAdminImpl.java
@@ -13,6 +13,7 @@ package org.eclipse.osee.authorization.admin.internal;
import static org.eclipse.osee.authorization.admin.internal.AuthorizationUtil.normalize;
import java.security.Principal;
import java.util.Date;
+import java.util.Iterator;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import org.eclipse.osee.authorization.admin.Authority;
@@ -104,7 +105,6 @@ public class AuthorizationAdminImpl implements AuthorizationAdmin {
@Override
public Authorization authorize(AuthorizationRequest request) {
logger.debug("Authorization Requested: [%s]", request);
-
String scheme = getScheme(request);
checkSchemeAllowed(scheme);
@@ -124,10 +124,20 @@ public class AuthorizationAdminImpl implements AuthorizationAdmin {
return new AuthorizationImpl(authScheme, date, secure, principal, authority);
}
+ @Override
+ public String getDefaultScheme() {
+ String toReturn = config.getDefaultScheme();
+ if (!Strings.isValid(toReturn)) {
+ Iterator<String> iterator = getAllowedSchemes().iterator();
+ toReturn = iterator.hasNext() ? iterator.next() : "";
+ }
+ return toReturn;
+ }
+
private String getScheme(AuthorizationRequest request) {
String toReturn = request.getAuthorizationType();
if (!Strings.isValid(toReturn) || isNoneAllowed()) {
- toReturn = AuthorizationConstants.NONE_AUTHORIZATION_PROVIDER;
+ toReturn = getDefaultScheme();
}
return toReturn;
}
diff --git a/plugins/org.eclipse.osee.authorization.admin/src/org/eclipse/osee/authorization/admin/internal/OseeAuthorizationProvider.java b/plugins/org.eclipse.osee.authorization.admin/src/org/eclipse/osee/authorization/admin/internal/OseeAuthorizationProvider.java
new file mode 100644
index 0000000000..65ad40ab63
--- /dev/null
+++ b/plugins/org.eclipse.osee.authorization.admin/src/org/eclipse/osee/authorization/admin/internal/OseeAuthorizationProvider.java
@@ -0,0 +1,142 @@
+/*******************************************************************************
+ * Copyright (c) 2015 Boeing.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ *
+ * Contributors:
+ * Boeing - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.osee.authorization.admin.internal;
+
+import java.security.Principal;
+import java.util.Date;
+import java.util.HashSet;
+import java.util.Set;
+import org.eclipse.osee.authorization.admin.Authority;
+import org.eclipse.osee.authorization.admin.AuthorizationConstants;
+import org.eclipse.osee.authorization.admin.AuthorizationData;
+import org.eclipse.osee.authorization.admin.AuthorizationProvider;
+import org.eclipse.osee.authorization.admin.AuthorizationRequest;
+import org.eclipse.osee.authorization.admin.AuthorizationUser;
+import org.eclipse.osee.framework.core.data.IOseeBranch;
+import org.eclipse.osee.framework.core.enums.CoreBranches;
+import org.eclipse.osee.framework.core.enums.CoreRelationTypes;
+import org.eclipse.osee.framework.jdk.core.type.ResultSet;
+import org.eclipse.osee.orcs.ApplicationContext;
+import org.eclipse.osee.orcs.OrcsApi;
+import org.eclipse.osee.orcs.data.ArtifactReadable;
+import org.eclipse.osee.orcs.search.QueryFactory;
+
+/**
+ * @author Angel Avila
+ */
+public class OseeAuthorizationProvider implements AuthorizationProvider, AuthorizationData, Authority {
+ private OrcsApi orcsApi;
+
+ Principal principal;
+
+ public void setOrcsApi(OrcsApi orcsApi) {
+ this.orcsApi = orcsApi;
+ }
+
+ @Override
+ public String getScheme() {
+ return AuthorizationConstants.OSEE_AUTHORIZATION_PROVIDER;
+ }
+
+ @Override
+ public Principal getPrincipal() {
+ return principal;
+ }
+
+ @Override
+ public Authority getAuthority() {
+ return this;
+ }
+
+ @Override
+ public AuthorizationData authorize(AuthorizationRequest request) {
+ Set<String> rolesFromStore = getRolesFromStore(request.getIdentifier());
+ principal = newAuthorization(rolesFromStore);
+ return this;
+ }
+
+ private IOseeBranch getAdminBranch() {
+ return CoreBranches.COMMON;
+ }
+
+ private QueryFactory getQuery() {
+ return orcsApi.getQueryFactory(getContext());
+ }
+
+ private ApplicationContext getContext() {
+ return null;
+ }
+
+ private Set<String> getRolesFromStore(long identifier) {
+ Set<String> roles = new HashSet<String>();
+ ArtifactReadable oseeUser =
+ getQuery().fromBranch(getAdminBranch()).andUuid(identifier).getResults().getExactlyOne();
+ ResultSet<ArtifactReadable> groups = oseeUser.getRelated(CoreRelationTypes.Universal_Grouping__Group);
+
+ for (ArtifactReadable group : groups) {
+ roles.add(group.getName());
+ }
+
+ return roles;
+ }
+
+ @Override
+ public boolean isInRole(String role) {
+ return true;
+ }
+
+ private AuthorizationUser newAuthorization(final Set<String> roles) {
+ return new AuthorizationUser() {
+
+ @Override
+ public Iterable<String> getRoles() {
+ return roles;
+ }
+
+ @Override
+ public boolean isAuthenticated() {
+ return true;
+ }
+
+ @Override
+ public String getName() {
+ return null;
+ }
+
+ @Override
+ public Date getCreationDate() {
+ return null;
+ }
+
+ @Override
+ public boolean isSecure() {
+ return false;
+ }
+
+ @Override
+ public Principal getPrincipal() {
+ return null;
+ }
+
+ @Override
+ public String getScheme() {
+ return null;
+ }
+
+ @Override
+ public boolean isInRole(String role) {
+ return false;
+ }
+
+ };
+ }
+
+}
diff --git a/plugins/org.eclipse.osee.jaxrs.server/OSGI-INF/jaxrs.osee.interceptor.xml b/plugins/org.eclipse.osee.jaxrs.server/OSGI-INF/jaxrs.osee.interceptor.xml
new file mode 100644
index 0000000000..ce015eaf50
--- /dev/null
+++ b/plugins/org.eclipse.osee.jaxrs.server/OSGI-INF/jaxrs.osee.interceptor.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<scr:component xmlns:scr="http://www.osgi.org/xmlns/scr/v1.1.0" configuration-policy="optional">
+ <implementation class="org.eclipse.osee.jaxrs.server.internal.security.oauth2.provider.OseeAnnotationsInterceptor" />
+ <service>
+ <provide interface="org.apache.cxf.interceptor.security.AbstractAuthorizingInInterceptor" />
+ </service>
+</scr:component>
diff --git a/plugins/org.eclipse.osee.jaxrs.server/OSGI-INF/jaxrs.simple.authorizing.filter.xml b/plugins/org.eclipse.osee.jaxrs.server/OSGI-INF/jaxrs.simple.authorizing.filter.xml
new file mode 100644
index 0000000000..c6a3bc49aa
--- /dev/null
+++ b/plugins/org.eclipse.osee.jaxrs.server/OSGI-INF/jaxrs.simple.authorizing.filter.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<scr:component xmlns:scr="http://www.osgi.org/xmlns/scr/v1.1.0">
+ <implementation class="org.eclipse.osee.jaxrs.server.internal.security.oauth2.provider.OseeAuthorizingFilter"/>
+ <service>
+ <provide interface="javax.ws.rs.container.ContainerRequestFilter"/>
+ <provide interface="java.lang.Object"/>
+ </service>
+ <reference bind="setInterceptor" cardinality="1..1" interface="org.apache.cxf.interceptor.security.AbstractAuthorizingInInterceptor" name="AbstractAuthorizingInInterceptor" policy="static"/>
+ <reference bind="setResourceManager" cardinality="1..1" interface="org.eclipse.osee.jaxrs.server.internal.JaxRsResourceManager" name="JaxRsResourceManager" policy="static"/>
+</scr:component>
diff --git a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/OAuth2DataProvider.java b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/OAuth2DataProvider.java
index 9ab855dbe8..95724a1694 100644
--- a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/OAuth2DataProvider.java
+++ b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/OAuth2DataProvider.java
@@ -310,9 +310,15 @@ public class OAuth2DataProvider implements AuthorizationCodeDataProvider {
Iterable<OAuthToken> accessTokens = storage.getAccessTokensByRefreshToken(accessToken.getTokenKey());
for (OAuthToken entry : accessTokens) {
boolean isExpired = OAuthUtils.isExpired(entry.getIssuedAt(), entry.getExpiresIn());
+
if (!isExpired && entry.getGrantType().equals(grantType)) {
token = serializer.decryptAccessToken(this, entry.getTokenKey(), getSecretKey());
}
+
+ boolean isRolesOutdated = isRolesOutdated(subject, token);
+ if (isRolesOutdated) {
+ revokeAllTokens(client, subjectId, grantType);
+ }
break;
}
break;
@@ -324,6 +330,30 @@ public class OAuth2DataProvider implements AuthorizationCodeDataProvider {
return token;
}
+ private boolean isRolesOutdated(UserSubject subject, ServerAccessToken token) {
+ List<String> oldRoles = token.getSubject().getRoles();
+ List<String> newRoles = subject.getRoles();
+
+ boolean equalLists = oldRoles.size() == newRoles.size() && oldRoles.containsAll(newRoles);
+
+ return !equalLists;
+ }
+
+ private void revokeAllTokens(Client client, long subjectId, String grantType) {
+ long clientId = getClientId(client);
+ OAuthToken preauthorizedToken = storage.getPreauthorizedToken(clientId, subjectId, grantType);
+ while (preauthorizedToken != null) {
+ Iterable<OAuthToken> accessTokens = storage.getAccessTokensByRefreshToken(preauthorizedToken.getTokenKey());
+
+ for (OAuthToken entry : accessTokens) {
+ revokeToken(client, entry.getTokenKey(), "");
+ }
+ revokeToken(client, preauthorizedToken.getTokenKey(), "");
+
+ preauthorizedToken = storage.getPreauthorizedToken(clientId, subjectId, grantType);
+ }
+ }
+
@Override
public List<OAuthPermission> convertScopeToPermissions(Client client, List<String> requestedScope) {
return Collections.emptyList();
diff --git a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/OseeAnnotationsInterceptor.java b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/OseeAnnotationsInterceptor.java
new file mode 100644
index 0000000000..a72f1b6138
--- /dev/null
+++ b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/OseeAnnotationsInterceptor.java
@@ -0,0 +1,43 @@
+/*******************************************************************************
+ * Copyright (c) 2015 Boeing.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ *
+ * Contributors:
+ * Boeing - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.osee.jaxrs.server.internal.security.oauth2.provider;
+
+import java.lang.reflect.Method;
+import java.util.HashMap;
+import java.util.Map;
+import org.apache.cxf.interceptor.security.SecureAnnotationsInterceptor;
+import org.apache.cxf.message.Message;
+
+/**
+ * @author Angel Avila
+ */
+
+public class OseeAnnotationsInterceptor extends SecureAnnotationsInterceptor {
+
+ @Override
+ public void handleMessage(Message message) {
+ Method method = (Method) message.get("org.apache.cxf.resource.method");
+ Class<?> declaringClass = method.getDeclaringClass();
+ if (declaringClass != null) {
+ initRoles(declaringClass);
+ } else {
+ // Set Default roles here if needed
+ }
+ super.handleMessage(message);
+ }
+
+ private void initRoles(Class<?> clazz) {
+ Map<String, String> rolesMap = new HashMap<String, String>();
+ findRoles(clazz, rolesMap);
+ super.setMethodRolesMap(rolesMap);
+ }
+
+}
diff --git a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/OseeAuthorizingFilter.java b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/OseeAuthorizingFilter.java
new file mode 100644
index 0000000000..7a82630123
--- /dev/null
+++ b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/OseeAuthorizingFilter.java
@@ -0,0 +1,57 @@
+/*******************************************************************************
+ * Copyright (c) 2015 Boeing.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ *
+ * Contributors:
+ * Boeing - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.osee.jaxrs.server.internal.security.oauth2.provider;
+
+import javax.annotation.Priority;
+import javax.ws.rs.Priorities;
+import javax.ws.rs.container.ContainerRequestContext;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.ext.Provider;
+import org.apache.cxf.interceptor.security.AbstractAuthorizingInInterceptor;
+import org.apache.cxf.jaxrs.security.SimpleAuthorizingFilter;
+import org.apache.cxf.jaxrs.utils.JAXRSUtils;
+import org.eclipse.osee.jaxrs.server.internal.JaxRsResourceManager;
+import org.eclipse.osee.jaxrs.server.internal.JaxRsResourceManager.Resource;
+
+/**
+ * @author Angel Avila
+ */
+
+@Provider
+@Priority(Priorities.AUTHORIZATION)
+public class OseeAuthorizingFilter extends SimpleAuthorizingFilter {
+
+ private AbstractAuthorizingInInterceptor interceptor;
+ private JaxRsResourceManager resourceManager;
+
+ @Override
+ public void filter(ContainerRequestContext context) {
+ context.getSecurityContext().getUserPrincipal();
+ Resource resource = resourceManager.findResource(context);
+ if (resource == null) {
+ try {
+ interceptor.handleMessage(JAXRSUtils.getCurrentMessage());
+ } catch (Exception ex) {
+ context.abortWith(Response.status(Response.Status.FORBIDDEN).build());
+ }
+ }
+ }
+
+ @Override
+ public void setInterceptor(AbstractAuthorizingInInterceptor in) {
+ interceptor = in;
+ }
+
+ public void setResourceManager(JaxRsResourceManager resourceManager) {
+ this.resourceManager = resourceManager;
+ }
+
+}
diff --git a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/adapters/OAuthEncryption.java b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/adapters/OAuthEncryption.java
index 92dd70f29e..42093f3ad5 100644
--- a/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/adapters/OAuthEncryption.java
+++ b/plugins/org.eclipse.osee.jaxrs.server/src/org/eclipse/osee/jaxrs/server/internal/security/oauth2/provider/adapters/OAuthEncryption.java
@@ -308,7 +308,8 @@ public class OAuthEncryption {
state.append(tokenizeString(subject.getId()));
state.append("&");
// 3
- state.append(tokenizeString(subject.getRoles().toString()));
+ String roles = tokenizeString(subject.getRoles().toString());
+ state.append(roles.replaceAll(", ", ","));
state.append("&");
// 4
state.append(tokenizeString(subject.getProperties().toString()));
diff --git a/plugins/org.eclipse.osee.orcs.rest.model/src/org/eclipse/osee/orcs/rest/model/BranchEndpoint.java b/plugins/org.eclipse.osee.orcs.rest.model/src/org/eclipse/osee/orcs/rest/model/BranchEndpoint.java
index 35736ee3cf..95778d5cf1 100644
--- a/plugins/org.eclipse.osee.orcs.rest.model/src/org/eclipse/osee/orcs/rest/model/BranchEndpoint.java
+++ b/plugins/org.eclipse.osee.orcs.rest.model/src/org/eclipse/osee/orcs/rest/model/BranchEndpoint.java
@@ -11,7 +11,6 @@
package org.eclipse.osee.orcs.rest.model;
import java.util.List;
-import javax.annotation.security.RolesAllowed;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.DefaultValue;
@@ -26,13 +25,11 @@ import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import org.eclipse.osee.framework.core.enums.BranchState;
import org.eclipse.osee.framework.core.enums.BranchType;
-import org.eclipse.osee.framework.jdk.core.type.SystemRoles;
/**
* @author Roberto E. Escobar
*/
@Path("branches")
-@RolesAllowed(SystemRoles.ROLES_AUTHENTICATED)
public interface BranchEndpoint {
@GET
diff --git a/plugins/org.eclipse.osee.orcs.rest.model/src/org/eclipse/osee/orcs/rest/model/DatastoreEndpoint.java b/plugins/org.eclipse.osee.orcs.rest.model/src/org/eclipse/osee/orcs/rest/model/DatastoreEndpoint.java
index 8f51ff13ab..d163290835 100644
--- a/plugins/org.eclipse.osee.orcs.rest.model/src/org/eclipse/osee/orcs/rest/model/DatastoreEndpoint.java
+++ b/plugins/org.eclipse.osee.orcs.rest.model/src/org/eclipse/osee/orcs/rest/model/DatastoreEndpoint.java
@@ -10,20 +10,17 @@
*******************************************************************************/
package org.eclipse.osee.orcs.rest.model;
-import javax.annotation.security.RolesAllowed;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
-import org.eclipse.osee.framework.jdk.core.type.SystemRoles;
/**
* @author Roberto E. Escobar
*/
@Path("datastore")
-@RolesAllowed(SystemRoles.ROLES_AUTHENTICATED)
public interface DatastoreEndpoint {
@GET
diff --git a/plugins/org.eclipse.osee.orcs.rest.model/src/org/eclipse/osee/orcs/rest/model/IndexerEndpoint.java b/plugins/org.eclipse.osee.orcs.rest.model/src/org/eclipse/osee/orcs/rest/model/IndexerEndpoint.java
index b4d6b57dfe..88534a8a0c 100644
--- a/plugins/org.eclipse.osee.orcs.rest.model/src/org/eclipse/osee/orcs/rest/model/IndexerEndpoint.java
+++ b/plugins/org.eclipse.osee.orcs.rest.model/src/org/eclipse/osee/orcs/rest/model/IndexerEndpoint.java
@@ -10,7 +10,6 @@
*******************************************************************************/
package org.eclipse.osee.orcs.rest.model;
-import javax.annotation.security.RolesAllowed;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.DefaultValue;
@@ -20,13 +19,11 @@ import javax.ws.rs.PathParam;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
-import org.eclipse.osee.framework.jdk.core.type.SystemRoles;
/**
* @author Roberto E. Escobar
*/
@Path("index")
-@RolesAllowed(SystemRoles.ROLES_AUTHENTICATED)
public interface IndexerEndpoint {
@PUT
diff --git a/plugins/org.eclipse.osee.orcs.rest.model/src/org/eclipse/osee/orcs/rest/model/TransactionEndpoint.java b/plugins/org.eclipse.osee.orcs.rest.model/src/org/eclipse/osee/orcs/rest/model/TransactionEndpoint.java
index 978da0cfb0..12fd7ef6f0 100644
--- a/plugins/org.eclipse.osee.orcs.rest.model/src/org/eclipse/osee/orcs/rest/model/TransactionEndpoint.java
+++ b/plugins/org.eclipse.osee.orcs.rest.model/src/org/eclipse/osee/orcs/rest/model/TransactionEndpoint.java
@@ -11,7 +11,6 @@
package org.eclipse.osee.orcs.rest.model;
import java.util.List;
-import javax.annotation.security.RolesAllowed;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.PUT;
@@ -20,13 +19,11 @@ import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
-import org.eclipse.osee.framework.jdk.core.type.SystemRoles;
/**
* @author Roberto E. Escobar
*/
@Path("txs")
-@RolesAllowed(SystemRoles.ROLES_AUTHENTICATED)
public interface TransactionEndpoint {
@GET
diff --git a/plugins/org.eclipse.osee.orcs.rest.model/src/org/eclipse/osee/orcs/rest/model/TypesEndpoint.java b/plugins/org.eclipse.osee.orcs.rest.model/src/org/eclipse/osee/orcs/rest/model/TypesEndpoint.java
index 1f9d3640f0..7b96acc420 100644
--- a/plugins/org.eclipse.osee.orcs.rest.model/src/org/eclipse/osee/orcs/rest/model/TypesEndpoint.java
+++ b/plugins/org.eclipse.osee.orcs.rest.model/src/org/eclipse/osee/orcs/rest/model/TypesEndpoint.java
@@ -11,7 +11,6 @@
package org.eclipse.osee.orcs.rest.model;
import java.io.InputStream;
-import javax.annotation.security.RolesAllowed;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
@@ -19,13 +18,11 @@ import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
-import org.eclipse.osee.framework.jdk.core.type.SystemRoles;
/**
* @author Roberto E. Escobar
*/
@Path("types")
-@RolesAllowed(SystemRoles.ROLES_AUTHENTICATED)
public interface TypesEndpoint {
@GET

Back to the top