Fixed Security Context Management

git-svn-id: https://svn.d4science.research-infrastructures.eu/gcube/trunk/information-system/resource-registry@131059 82a268e6-3cf1-43bd-a215-b396298e98cf
2016-08-31 15:25:24 +00:00 · 2016-08-31 15:25:24 +00:00 · 81357b035d
parent f3db7c8138
commit 81357b035d
7 changed files with 32 additions and 17 deletions
--- a/distro/web.xml
+++ b/distro/web.xml
@ -0,0 +1,9 @@
+<web-app>
+	<servlet>
+    	<servlet-name>org.gcube.informationsystem.resourceregistry.ResourceInitializer</servlet-name>
+    </servlet>
+    <servlet-mapping>
+        <servlet-name>org.gcube.informationsystem.resourceregistry.ResourceInitializer</servlet-name>
+        <url-pattern>/*</url-pattern>
+    </servlet-mapping>
+</web-app>
--- a/src/main/java/org/gcube/informationsystem/resourceregistry/ResourceInitializer.java
+++ b/src/main/java/org/gcube/informationsystem/resourceregistry/ResourceInitializer.java
@ -9,8 +9,6 @@ public class ResourceInitializer extends ResourceConfig  {

 	public ResourceInitializer(){
 		packages("org.gcube.informationsystem.resourceregistry.resources");
-
 	}

-
 }
--- a/src/main/java/org/gcube/informationsystem/resourceregistry/dbinitialization/SecurityContext.java
+++ b/src/main/java/org/gcube/informationsystem/resourceregistry/dbinitialization/SecurityContext.java
@ -67,9 +67,9 @@ public class SecurityContext {
 						SecurityContextMapper.PermissionMode.READER, 
 						SecurityContextMapper.SecurityType.ROLE, contextID));
 		
-		oSecurity.allowRole(oDocument,  ORestrictedOperation.ALLOW_ALL, DEFAULT_WRITER_ROLE);
+		//oSecurity.allowRole(oDocument,  ORestrictedOperation.ALLOW_ALL, DEFAULT_WRITER_ROLE);
+		//oSecurity.allowRole(oDocument, ORestrictedOperation.ALLOW_READ, DEFAULT_READER_ROLE);
 		
-		oSecurity.allowRole(oDocument, ORestrictedOperation.ALLOW_READ, DEFAULT_READER_ROLE);
 	}
 	
 	public static void createSecurityContext(OrientGraph orientGraph, String contextID){
@ -84,13 +84,13 @@ public class SecurityContext {
 						SecurityContextMapper.PermissionMode.WRITER, 
 						SecurityContextMapper.SecurityType.ROLE, contextID), 
 				writer, ALLOW_MODES.DENY_ALL_BUT);
-		
+						
 		ORole readerRole = oSecurity.createRole(
 				SecurityContextMapper.getSecurityRoleOrUserName(
 						SecurityContextMapper.PermissionMode.READER, 
 						SecurityContextMapper.SecurityType.ROLE, contextID),
 				reader, ALLOW_MODES.DENY_ALL_BUT);
-
+		
 		oSecurity.createUser(
 				SecurityContextMapper.getSecurityRoleOrUserName(
 						SecurityContextMapper.PermissionMode.WRITER, 
--- a/src/main/java/org/gcube/informationsystem/resourceregistry/resources/impl/QueryImpl.java
+++ b/src/main/java/org/gcube/informationsystem/resourceregistry/resources/impl/QueryImpl.java
@ -11,6 +11,7 @@ import java.net.URLEncoder;

 import org.gcube.informationsystem.resourceregistry.api.Query;
 import org.gcube.informationsystem.resourceregistry.api.exceptions.InvalidQueryException;
+import org.gcube.informationsystem.resourceregistry.api.exceptions.context.ContextException;
 import org.gcube.informationsystem.resourceregistry.dbinitialization.SecurityContextMapper;
 import org.gcube.informationsystem.resourceregistry.dbinitialization.DatabaseEnvironment;
 import org.gcube.informationsystem.resourceregistry.dbinitialization.SecurityContextMapper.PermissionMode;
@ -63,7 +64,12 @@ public class QueryImpl implements Query {
 			throws InvalidQueryException {
 		
 		
-		String readerUsername = ContextUtility.getActualSecurityRoleOrUserName(SecurityContextMapper.PermissionMode.READER, SecurityContextMapper.SecurityType.USER);
+		String readerUsername;
+		try {
+			readerUsername = ContextUtility.getActualSecurityRoleOrUserName(SecurityContextMapper.PermissionMode.READER, SecurityContextMapper.SecurityType.USER);
+		} catch (ContextException e1) {
+			throw new RuntimeException(e1);
+		}
 		logger.trace("Reader Username : {}", readerUsername);
 		
 		try {
--- a/src/main/java/org/gcube/informationsystem/resourceregistry/resources/utils/ContextUtility.java
+++ b/src/main/java/org/gcube/informationsystem/resourceregistry/resources/utils/ContextUtility.java
@ -129,10 +129,10 @@ public class ContextUtility {

 	public static String getActualSecurityRoleOrUserName(
 			SecurityContextMapper.PermissionMode permissionMode,
-			SecurityContextMapper.SecurityType securityType) {
-		String scope = ScopeProvider.instance.get();
+			SecurityContextMapper.SecurityType securityType) throws ContextException {
+		String contexUUID = getActualContextUUID();
 		return SecurityContextMapper.getSecurityRoleOrUserName(permissionMode,
-				securityType, scope);
+				securityType, contexUUID);
 	}
-
+	
 }
--- a/src/test/java/org/gcube/informationsystem/resourceregistry/resources/impl/EntityManagementImplTest.java
+++ b/src/test/java/org/gcube/informationsystem/resourceregistry/resources/impl/EntityManagementImplTest.java
@ -43,7 +43,7 @@ public class EntityManagementImplTest {

 	@Test
 	public void testCreateReadDeleteFacet() throws Exception {
-		ScopeProvider.instance.set("/gcube/devsec");
+		ScopeProvider.instance.set("/gcube/devNext");

 		CPUFacetImpl cpuFacetImpl = new CPUFacetImpl();
 		cpuFacetImpl.setClockSpeed("1 GHz");
@ -65,8 +65,9 @@ public class EntityManagementImplTest {
 		Entities.marshal(cpuFacetImpl, stringWriter);
 		cpuFacetImpl.setVendor("Luca");

+		String newclockSpeed = "2 GHz";
 		JsonNode jsonNode = Utility.getJSONNode(stringWriter.toString());
-		((ObjectNode) jsonNode).remove("clockSpeed");
+		((ObjectNode) jsonNode).put("clockSpeed", newclockSpeed);
 		((ObjectNode) jsonNode).put("My", "Test");

 		stringWriter = new StringWriter();
@ -114,16 +115,15 @@ public class EntityManagementImplTest {
 		ScopeProvider.instance.set("/gcube/devNext");
 		try {
 			readJson = entityManagementImpl.readFacet(uuid);
-			logger.debug("You should not be able to read Feact with UUID {}",
+			logger.debug("You should not be able to read Facet with UUID {}",
 					uuid);
 			throw new Exception(
-					"You should not be able to read Feact with UUID " + uuid);
+					"You should not be able to read Facet with UUID " + uuid);
 		} catch (FacetNotFoundException e) {
 			logger.debug("Good the facet created in /gcube/devsec is not visible in /gcube/devNext");
 		}

 		jsonObject = new JSONObject(stringWriter.toString());
-		jsonObject.remove("clockSpeed");
 		jsonObject.put("My", "Test");

 		try {
@ -173,7 +173,7 @@ public class EntityManagementImplTest {
 		ContactFacet contactFacet = new ContactFacetImpl();
 		contactFacet.setName("Luca");
 		contactFacet.setSurname("Frosini");
-		contactFacet.setEMail("info@lcuafrosini.com");
+		contactFacet.setEMail("info@lucafrosini.com");
 		
 		StringWriter stringWriter = new StringWriter();
 		Entities.marshal(contactFacet, stringWriter);
--- a/src/test/java/org/gcube/informationsystem/resourceregistry/resources/impl/QueryImplTest.java
+++ b/src/test/java/org/gcube/informationsystem/resourceregistry/resources/impl/QueryImplTest.java
@ -3,6 +3,7 @@
 */
 package org.gcube.informationsystem.resourceregistry.resources.impl;

+import org.gcube.common.scope.api.ScopeProvider;
 import org.gcube.informationsystem.resourceregistry.api.exceptions.InvalidQueryException;
 import org.junit.Test;
 import org.slf4j.Logger;
@ -18,6 +19,7 @@ public class QueryImplTest {
 	
 	@Test
 	public void testQuery() throws InvalidQueryException{
+		ScopeProvider.instance.set("/gcube/devNext");
 		QueryImpl queryImpl = new QueryImpl();
 		String ret = queryImpl.execute("select * from CPUFacet", null);
 		logger.debug(ret);