From da0136cb4bcaf560c98ce8de7883f1f1bafcdf35 Mon Sep 17 00:00:00 2001 From: "panagiotis.kanakakis" Date: Wed, 4 Apr 2018 10:28:38 +0000 Subject: [PATCH] Add PreAuthorize annotation on user methods. --- .../service/controllers/BrokerApiImpl.java | 9 ++++++++ .../service/controllers/MonitorApiImpl.java | 3 +++ .../manager/service/controllers/PiWikApi.java | 2 +- .../service/controllers/PiWikApiImpl.java | 21 ++++++++++++++++++- .../controllers/RepositoryApiImpl.java | 8 +++++++ .../service/controllers/ValidatorApiImpl.java | 4 ++++ .../manager/service/application.properties | 7 +++++-- 7 files changed, 50 insertions(+), 4 deletions(-) diff --git a/src/main/java/eu/dnetlib/repo/manager/service/controllers/BrokerApiImpl.java b/src/main/java/eu/dnetlib/repo/manager/service/controllers/BrokerApiImpl.java index e985b26..4fc2229 100644 --- a/src/main/java/eu/dnetlib/repo/manager/service/controllers/BrokerApiImpl.java +++ b/src/main/java/eu/dnetlib/repo/manager/service/controllers/BrokerApiImpl.java @@ -18,6 +18,7 @@ import org.springframework.http.HttpHeaders; import org.springframework.http.HttpMethod; import org.springframework.http.ResponseEntity; import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.stereotype.Component; import org.springframework.util.LinkedMultiValueMap; import org.springframework.util.MultiValueMap; @@ -86,6 +87,7 @@ public class BrokerApiImpl implements BrokerApi { @Override + @PreAuthorize("hasRole('ROLE_USER')") public DatasourcesBroker getDatasourcesOfUser(@RequestParam("user") @ApiParam(value = "User email", required = true) String user, @RequestParam("includeShared") @@ -135,6 +137,7 @@ public class BrokerApiImpl implements BrokerApi { } @Override + @PreAuthorize("hasRole('ROLE_USER')") public EventsPage advancedShowEvents(@PathVariable("page") String page, @PathVariable("size") String size, @RequestBody AdvQueryObject advQueryObject) throws BrokerException, JSONException ,IOException { @@ -216,6 +219,7 @@ public class BrokerApiImpl implements BrokerApi { } @Override + @PreAuthorize("hasRole('ROLE_USER')") public EventsPage showEvents(@RequestParam("datasourceName") String datasourceName, @RequestParam("topic") String topic, @RequestParam("page") String page, @@ -243,6 +247,7 @@ public class BrokerApiImpl implements BrokerApi { } @Override + @PreAuthorize("hasRole('ROLE_USER')") public Map> getSimpleSubscriptionsOfUser(@PathVariable("userEmail") String userEmail) throws BrokerException { @@ -268,6 +273,7 @@ public class BrokerApiImpl implements BrokerApi { } @Override + @PreAuthorize("hasRole('ROLE_USER')") public Subscription subscribe(@RequestBody OpenaireSubscription obj) throws BrokerException { final String service = "/subscribe"; @@ -296,6 +302,7 @@ public class BrokerApiImpl implements BrokerApi { } @Override + @PreAuthorize("hasRole('ROLE_USER')") public void unsubscribe(@PathVariable("subscriptionId") String subscriptionId) throws BrokerException { final String service = "/subscriptions/" + subscriptionId; @@ -316,6 +323,7 @@ public class BrokerApiImpl implements BrokerApi { } @Override + @PreAuthorize("hasRole('ROLE_USER')") public Subscription getSubscription(@PathVariable("subscriptionId") String subscriptionId) throws BrokerException { final String service = "/subscriptions/" + subscriptionId; @@ -343,6 +351,7 @@ public class BrokerApiImpl implements BrokerApi { } @Override + @PreAuthorize("hasRole('ROLE_USER')") public EventsPage getNotificationsBySubscriptionId(@PathVariable("subscriptionId") String subscriptionId, @PathVariable("page") String page, @PathVariable("size") String size diff --git a/src/main/java/eu/dnetlib/repo/manager/service/controllers/MonitorApiImpl.java b/src/main/java/eu/dnetlib/repo/manager/service/controllers/MonitorApiImpl.java index 693b4fc..acc0bf5 100644 --- a/src/main/java/eu/dnetlib/repo/manager/service/controllers/MonitorApiImpl.java +++ b/src/main/java/eu/dnetlib/repo/manager/service/controllers/MonitorApiImpl.java @@ -9,6 +9,7 @@ import gr.uoa.di.driver.util.ServiceLocator; import io.swagger.annotations.ApiParam; import org.apache.log4j.Logger; import org.json.JSONException; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.stereotype.Component; import org.springframework.web.bind.annotation.RequestParam; @@ -37,6 +38,7 @@ public class MonitorApiImpl implements MonitorApi { .getLogger(MonitorApiImpl.class); @Override + @PreAuthorize("hasRole('ROLE_USER')") public JobsOfUser getJobsOfUser(@RequestParam("user") @ApiParam(value = "User email", required = true) String user, @RequestParam(value = "jobType", required = false) @ApiParam(value = "Equals to filter job type on validation history page") String jobType, @@ -87,6 +89,7 @@ public class MonitorApiImpl implements MonitorApi { } @Override + @PreAuthorize("hasRole('ROLE_USER')") public int getJobsOfUserPerValidationStatus(String user, String jobType, String validationStatus) throws JSONException { diff --git a/src/main/java/eu/dnetlib/repo/manager/service/controllers/PiWikApi.java b/src/main/java/eu/dnetlib/repo/manager/service/controllers/PiWikApi.java index cc51d22..8c8e0b7 100644 --- a/src/main/java/eu/dnetlib/repo/manager/service/controllers/PiWikApi.java +++ b/src/main/java/eu/dnetlib/repo/manager/service/controllers/PiWikApi.java @@ -43,5 +43,5 @@ public interface PiWikApi { @RequestMapping(value = "/enableMetricsForRepository", method = RequestMethod.POST, consumes = MediaType.APPLICATION_JSON_VALUE) - void enableMetricsForRepository(PiwikInfo piwikInfo) throws RepositoryServiceException; + void enableMetricsForRepository(String officialName,String repoWebsite,PiwikInfo piwikInfo) throws RepositoryServiceException; } diff --git a/src/main/java/eu/dnetlib/repo/manager/service/controllers/PiWikApiImpl.java b/src/main/java/eu/dnetlib/repo/manager/service/controllers/PiWikApiImpl.java index 85b84b9..7f5e28a 100644 --- a/src/main/java/eu/dnetlib/repo/manager/service/controllers/PiWikApiImpl.java +++ b/src/main/java/eu/dnetlib/repo/manager/service/controllers/PiWikApiImpl.java @@ -2,6 +2,7 @@ package eu.dnetlib.repo.manager.service.controllers; import com.fasterxml.jackson.databind.ObjectMapper; import eu.dnetlib.domain.data.PiwikInfo; +import eu.dnetlib.domain.data.Repository; import eu.dnetlib.repo.manager.shared.RepositoryServiceException; import org.apache.commons.codec.digest.DigestUtils; import org.springframework.beans.factory.annotation.Autowired; @@ -10,9 +11,11 @@ import org.springframework.beans.factory.annotation.Value; import org.springframework.dao.EmptyResultDataAccessException; import org.springframework.jdbc.core.JdbcTemplate; import org.springframework.jdbc.core.RowMapper; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.stereotype.Component; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestBody; +import org.springframework.web.bind.annotation.RequestParam; import javax.sql.DataSource; import java.io.IOException; @@ -67,6 +70,7 @@ public class PiWikApiImpl implements PiWikApi{ } @Override + @PreAuthorize("hasRole('ROLE_ADMIN')") public PiwikInfo savePiwikInfo(@RequestBody PiwikInfo piwikInfo) { JdbcTemplate jdbcTemplate = new JdbcTemplate(dataSource); jdbcTemplate.update(INSERT_PIWIK_INFO, new Object[]{piwikInfo.getRepositoryId(), piwikInfo.getSiteId(), piwikInfo.getRequestorName(), @@ -87,6 +91,7 @@ public class PiWikApiImpl implements PiWikApi{ } @Override + @PreAuthorize("hasRole('ROLE_ADMIN')") public void approvePiwikSite(@PathVariable("repositoryId") String repositoryId) { new JdbcTemplate(dataSource).update(APPROVE_PIWIK_SITE, new Object[] {repositoryId}, new int[] {Types.VARCHAR}); } @@ -99,6 +104,7 @@ public class PiWikApiImpl implements PiWikApi{ } @Override + @PreAuthorize("hasRole('ROLE_ADMIN')") public void markPiwikSiteAsValidated(@PathVariable("repositoryId") String repositoryId) throws RepositoryServiceException { try { approvePiwikSite(repositoryId); @@ -118,9 +124,22 @@ public class PiWikApiImpl implements PiWikApi{ } @Override - public void enableMetricsForRepository(@RequestBody PiwikInfo piwikInfo) throws RepositoryServiceException { + @PreAuthorize("hasRole('ROLE_USER')") + public void enableMetricsForRepository(@RequestParam("officialName") String officialName, + @RequestParam("repoWebsite") String repoWebsite, + @RequestBody PiwikInfo piwikInfo) throws RepositoryServiceException { try { + + String URL = analyticsURL + "siteName=" + URLEncoder.encode(officialName, "UTF-8") + "&url=" + + URLEncoder.encode(repoWebsite, "UTF-8"); + Map map = new ObjectMapper().readValue(new URL(URL), Map.class); + String siteId = null; + if(map.get("value")!=null) { + siteId = map.get("value").toString(); + } + piwikInfo.setSiteId(siteId); + savePiwikInfo(piwikInfo); emailUtils.sendAdministratorRequestToEnableMetrics(piwikInfo); emailUtils.sendUserRequestToEnableMetrics(piwikInfo); diff --git a/src/main/java/eu/dnetlib/repo/manager/service/controllers/RepositoryApiImpl.java b/src/main/java/eu/dnetlib/repo/manager/service/controllers/RepositoryApiImpl.java index 34e49af..7e9b239 100644 --- a/src/main/java/eu/dnetlib/repo/manager/service/controllers/RepositoryApiImpl.java +++ b/src/main/java/eu/dnetlib/repo/manager/service/controllers/RepositoryApiImpl.java @@ -20,6 +20,7 @@ import org.springframework.beans.factory.annotation.Value; import org.springframework.core.ParameterizedTypeReference; import org.springframework.http.*; import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.stereotype.Component; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestBody; @@ -199,6 +200,7 @@ public class RepositoryApiImpl implements RepositoryApi { } @Override + @PreAuthorize("hasRole('ROLE_USER')") public List getRepositoriesOfUser(@PathVariable("userEmail") String userEmail, @PathVariable("page") String page, @PathVariable("size") String size) throws JSONException { @@ -289,6 +291,7 @@ public class RepositoryApiImpl implements RepositoryApi { } @Override + @PreAuthorize("hasRole('ROLE_USER')") public Repository addRepository(@RequestParam("datatype") String datatype, @RequestBody Repository repository) throws Exception { @@ -299,6 +302,7 @@ public class RepositoryApiImpl implements RepositoryApi { } @Override + @PreAuthorize("hasRole('ROLE_USER')") public Repository updateRepository(@RequestBody Repository repository) throws JSONException { UriComponents uriComponents = UriComponentsBuilder .fromHttpUrl(baseAddress + "/ds/update/") @@ -383,6 +387,7 @@ public class RepositoryApiImpl implements RepositoryApi { } @Override + @PreAuthorize("hasRole('ROLE_USER')") public void deleteRepositoryInterface(@RequestParam("id") String id){ UriComponents uriComponents = UriComponentsBuilder .fromHttpUrl(baseAddress + "/ds/api/") @@ -393,6 +398,7 @@ public class RepositoryApiImpl implements RepositoryApi { } @Override + @PreAuthorize("hasRole('ROLE_USER')") public RepositoryInterface addRepositoryInterface(@RequestParam("datatype") String datatype, @RequestParam("repoId") String repoId, @RequestBody RepositoryInterface repositoryInterface) throws JSONException { @@ -467,6 +473,7 @@ public class RepositoryApiImpl implements RepositoryApi { } @Override + @PreAuthorize("hasRole('ROLE_USER')") public List getUrlsOfUserRepos(@PathVariable("user_email") String userEmail, @PathVariable("page") String page, @PathVariable("size") String size) throws JSONException { @@ -612,6 +619,7 @@ public class RepositoryApiImpl implements RepositoryApi { } @Override + @PreAuthorize("hasRole('ROLE_USER')") public RepositoryInterface updateRepositoryInterface(@RequestParam("repoId") String repoId, @RequestBody RepositoryInterface repositoryInterface) throws JSONException { diff --git a/src/main/java/eu/dnetlib/repo/manager/service/controllers/ValidatorApiImpl.java b/src/main/java/eu/dnetlib/repo/manager/service/controllers/ValidatorApiImpl.java index 11ef811..1df8ee6 100644 --- a/src/main/java/eu/dnetlib/repo/manager/service/controllers/ValidatorApiImpl.java +++ b/src/main/java/eu/dnetlib/repo/manager/service/controllers/ValidatorApiImpl.java @@ -17,6 +17,7 @@ import io.swagger.annotations.ApiParam; import org.apache.log4j.Logger; import org.json.JSONException; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.stereotype.Component; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestBody; @@ -82,6 +83,7 @@ public class ValidatorApiImpl implements ValidatorApi{ } @Override + @PreAuthorize("hasRole('ROLE_USER')") public void submitJobForValidation(@RequestBody JobForValidation jobForValidation) { LOGGER.debug("Submit job for validation with id : " + jobForValidation.getDatasourceId()); try { @@ -92,6 +94,7 @@ public class ValidatorApiImpl implements ValidatorApi{ } @Override + @PreAuthorize("hasRole('ROLE_USER')") public void reSubmitJobForValidation(@PathVariable("jobId") String jobId) throws JSONException { LOGGER.debug("Resubmit validation job with id : " + jobId); StoredJob job = monitorApi.getJobSummary(jobId,"all"); @@ -168,6 +171,7 @@ public class ValidatorApiImpl implements ValidatorApi{ } @Override + @PreAuthorize("hasRole('ROLE_USER')") public List getStoredJobsNew(@RequestParam("user") @ApiParam(value = "User email", required = true) String user, @RequestParam(value = "jobType", required = false) @ApiParam(value = "Equals to filter job type on validation history page") String jobType, diff --git a/src/main/resources/eu/dnetlib/repo/manager/service/application.properties b/src/main/resources/eu/dnetlib/repo/manager/service/application.properties index 5eea26f..4c7f6c9 100644 --- a/src/main/resources/eu/dnetlib/repo/manager/service/application.properties +++ b/src/main/resources/eu/dnetlib/repo/manager/service/application.properties @@ -106,8 +106,11 @@ oidc.issuer = https://aai.openaire.eu/oidc/ oidc.id = 767422b9-5461-4807-a80a-f9a2072d3a7d oidc.secret = AMQtGlbTXNjwjhF0st28LmM6V0XypMdaVS7tJmGuYFlmH36iIv4t7tVqYuLYrNPkhnZ_GPUJvhymBhFupdgb6aU -oidc.dev.home = http://194.177.192.121:8380/repomanager-service-dev/openid_connect_login -webapp.dev.front = http://194.177.192.121:3000 +#oidc.dev.home = http://194.177.192.121:8380/repomanager-service-dev/openid_connect_login +#webapp.dev.front = http://194.177.192.121:3000 + +oidc.dev.home = http://audrey.athenarc.gr:8380/repomanager-service-dev/openid_connect_login +webapp.dev.front = http://audrey.athenarc.gr:3000/dashboard redis.host = 194.177.192.121