From 81357b035d60ecc76be6d042c14406bac8fb3a8b Mon Sep 17 00:00:00 2001
From: "luca.frosini" <luca.frosini@isti.cnr.it>
Date: Wed, 31 Aug 2016 15:25:24 +0000
Subject: [PATCH] Fixed Security Context Management

git-svn-id: https://svn.d4science.research-infrastructures.eu/gcube/trunk/information-system/resource-registry@131059 82a268e6-3cf1-43bd-a215-b396298e98cf
---
 distro/web.xml                                       |  9 +++++++++
 .../resourceregistry/ResourceInitializer.java        |  2 --
 .../dbinitialization/SecurityContext.java            |  8 ++++----
 .../resourceregistry/resources/impl/QueryImpl.java   |  8 +++++++-
 .../resources/utils/ContextUtility.java              |  8 ++++----
 .../resources/impl/EntityManagementImplTest.java     | 12 ++++++------
 .../resources/impl/QueryImplTest.java                |  2 ++
 7 files changed, 32 insertions(+), 17 deletions(-)
 create mode 100644 distro/web.xml

diff --git a/distro/web.xml b/distro/web.xml
new file mode 100644
index 0000000..d66ed27
--- /dev/null
+++ b/distro/web.xml
@@ -0,0 +1,9 @@
+<web-app>
+	<servlet>
+    	<servlet-name>org.gcube.informationsystem.resourceregistry.ResourceInitializer</servlet-name>
+    </servlet>
+    <servlet-mapping>
+        <servlet-name>org.gcube.informationsystem.resourceregistry.ResourceInitializer</servlet-name>
+        <url-pattern>/*</url-pattern>
+    </servlet-mapping>
+</web-app>
\ No newline at end of file
diff --git a/src/main/java/org/gcube/informationsystem/resourceregistry/ResourceInitializer.java b/src/main/java/org/gcube/informationsystem/resourceregistry/ResourceInitializer.java
index 8445be6..8e64afc 100644
--- a/src/main/java/org/gcube/informationsystem/resourceregistry/ResourceInitializer.java
+++ b/src/main/java/org/gcube/informationsystem/resourceregistry/ResourceInitializer.java
@@ -9,8 +9,6 @@ public class ResourceInitializer extends ResourceConfig  {
 
 	public ResourceInitializer(){
 		packages("org.gcube.informationsystem.resourceregistry.resources");
-
 	}
 
-
 }
diff --git a/src/main/java/org/gcube/informationsystem/resourceregistry/dbinitialization/SecurityContext.java b/src/main/java/org/gcube/informationsystem/resourceregistry/dbinitialization/SecurityContext.java
index 0af6a5e..523cc63 100644
--- a/src/main/java/org/gcube/informationsystem/resourceregistry/dbinitialization/SecurityContext.java
+++ b/src/main/java/org/gcube/informationsystem/resourceregistry/dbinitialization/SecurityContext.java
@@ -67,9 +67,9 @@ public class SecurityContext {
 						SecurityContextMapper.PermissionMode.READER, 
 						SecurityContextMapper.SecurityType.ROLE, contextID));
 		
-		oSecurity.allowRole(oDocument,  ORestrictedOperation.ALLOW_ALL, DEFAULT_WRITER_ROLE);
+		//oSecurity.allowRole(oDocument,  ORestrictedOperation.ALLOW_ALL, DEFAULT_WRITER_ROLE);
+		//oSecurity.allowRole(oDocument, ORestrictedOperation.ALLOW_READ, DEFAULT_READER_ROLE);
 		
-		oSecurity.allowRole(oDocument, ORestrictedOperation.ALLOW_READ, DEFAULT_READER_ROLE);
 	}
 	
 	public static void createSecurityContext(OrientGraph orientGraph, String contextID){
@@ -84,13 +84,13 @@ public class SecurityContext {
 						SecurityContextMapper.PermissionMode.WRITER, 
 						SecurityContextMapper.SecurityType.ROLE, contextID), 
 				writer, ALLOW_MODES.DENY_ALL_BUT);
-		
+						
 		ORole readerRole = oSecurity.createRole(
 				SecurityContextMapper.getSecurityRoleOrUserName(
 						SecurityContextMapper.PermissionMode.READER, 
 						SecurityContextMapper.SecurityType.ROLE, contextID),
 				reader, ALLOW_MODES.DENY_ALL_BUT);
-
+		
 		oSecurity.createUser(
 				SecurityContextMapper.getSecurityRoleOrUserName(
 						SecurityContextMapper.PermissionMode.WRITER, 
diff --git a/src/main/java/org/gcube/informationsystem/resourceregistry/resources/impl/QueryImpl.java b/src/main/java/org/gcube/informationsystem/resourceregistry/resources/impl/QueryImpl.java
index c94a9d0..e0b1f6a 100644
--- a/src/main/java/org/gcube/informationsystem/resourceregistry/resources/impl/QueryImpl.java
+++ b/src/main/java/org/gcube/informationsystem/resourceregistry/resources/impl/QueryImpl.java
@@ -11,6 +11,7 @@ import java.net.URLEncoder;
 
 import org.gcube.informationsystem.resourceregistry.api.Query;
 import org.gcube.informationsystem.resourceregistry.api.exceptions.InvalidQueryException;
+import org.gcube.informationsystem.resourceregistry.api.exceptions.context.ContextException;
 import org.gcube.informationsystem.resourceregistry.dbinitialization.SecurityContextMapper;
 import org.gcube.informationsystem.resourceregistry.dbinitialization.DatabaseEnvironment;
 import org.gcube.informationsystem.resourceregistry.dbinitialization.SecurityContextMapper.PermissionMode;
@@ -63,7 +64,12 @@ public class QueryImpl implements Query {
 			throws InvalidQueryException {
 		
 		
-		String readerUsername = ContextUtility.getActualSecurityRoleOrUserName(SecurityContextMapper.PermissionMode.READER, SecurityContextMapper.SecurityType.USER);
+		String readerUsername;
+		try {
+			readerUsername = ContextUtility.getActualSecurityRoleOrUserName(SecurityContextMapper.PermissionMode.READER, SecurityContextMapper.SecurityType.USER);
+		} catch (ContextException e1) {
+			throw new RuntimeException(e1);
+		}
 		logger.trace("Reader Username : {}", readerUsername);
 		
 		try {
diff --git a/src/main/java/org/gcube/informationsystem/resourceregistry/resources/utils/ContextUtility.java b/src/main/java/org/gcube/informationsystem/resourceregistry/resources/utils/ContextUtility.java
index b767a91..65ad292 100644
--- a/src/main/java/org/gcube/informationsystem/resourceregistry/resources/utils/ContextUtility.java
+++ b/src/main/java/org/gcube/informationsystem/resourceregistry/resources/utils/ContextUtility.java
@@ -129,10 +129,10 @@ public class ContextUtility {
 
 	public static String getActualSecurityRoleOrUserName(
 			SecurityContextMapper.PermissionMode permissionMode,
-			SecurityContextMapper.SecurityType securityType) {
-		String scope = ScopeProvider.instance.get();
+			SecurityContextMapper.SecurityType securityType) throws ContextException {
+		String contexUUID = getActualContextUUID();
 		return SecurityContextMapper.getSecurityRoleOrUserName(permissionMode,
-				securityType, scope);
+				securityType, contexUUID);
 	}
-
+	
 }
diff --git a/src/test/java/org/gcube/informationsystem/resourceregistry/resources/impl/EntityManagementImplTest.java b/src/test/java/org/gcube/informationsystem/resourceregistry/resources/impl/EntityManagementImplTest.java
index c8aeb62..fc4ab75 100644
--- a/src/test/java/org/gcube/informationsystem/resourceregistry/resources/impl/EntityManagementImplTest.java
+++ b/src/test/java/org/gcube/informationsystem/resourceregistry/resources/impl/EntityManagementImplTest.java
@@ -43,7 +43,7 @@ public class EntityManagementImplTest {
 
 	@Test
 	public void testCreateReadDeleteFacet() throws Exception {
-		ScopeProvider.instance.set("/gcube/devsec");
+		ScopeProvider.instance.set("/gcube/devNext");
 
 		CPUFacetImpl cpuFacetImpl = new CPUFacetImpl();
 		cpuFacetImpl.setClockSpeed("1 GHz");
@@ -65,8 +65,9 @@ public class EntityManagementImplTest {
 		Entities.marshal(cpuFacetImpl, stringWriter);
 		cpuFacetImpl.setVendor("Luca");
 
+		String newclockSpeed = "2 GHz";
 		JsonNode jsonNode = Utility.getJSONNode(stringWriter.toString());
-		((ObjectNode) jsonNode).remove("clockSpeed");
+		((ObjectNode) jsonNode).put("clockSpeed", newclockSpeed);
 		((ObjectNode) jsonNode).put("My", "Test");
 
 		stringWriter = new StringWriter();
@@ -114,16 +115,15 @@ public class EntityManagementImplTest {
 		ScopeProvider.instance.set("/gcube/devNext");
 		try {
 			readJson = entityManagementImpl.readFacet(uuid);
-			logger.debug("You should not be able to read Feact with UUID {}",
+			logger.debug("You should not be able to read Facet with UUID {}",
 					uuid);
 			throw new Exception(
-					"You should not be able to read Feact with UUID " + uuid);
+					"You should not be able to read Facet with UUID " + uuid);
 		} catch (FacetNotFoundException e) {
 			logger.debug("Good the facet created in /gcube/devsec is not visible in /gcube/devNext");
 		}
 
 		jsonObject = new JSONObject(stringWriter.toString());
-		jsonObject.remove("clockSpeed");
 		jsonObject.put("My", "Test");
 
 		try {
@@ -173,7 +173,7 @@ public class EntityManagementImplTest {
 		ContactFacet contactFacet = new ContactFacetImpl();
 		contactFacet.setName("Luca");
 		contactFacet.setSurname("Frosini");
-		contactFacet.setEMail("info@lcuafrosini.com");
+		contactFacet.setEMail("info@lucafrosini.com");
 		
 		StringWriter stringWriter = new StringWriter();
 		Entities.marshal(contactFacet, stringWriter);
diff --git a/src/test/java/org/gcube/informationsystem/resourceregistry/resources/impl/QueryImplTest.java b/src/test/java/org/gcube/informationsystem/resourceregistry/resources/impl/QueryImplTest.java
index cc067bb..65ba55c 100644
--- a/src/test/java/org/gcube/informationsystem/resourceregistry/resources/impl/QueryImplTest.java
+++ b/src/test/java/org/gcube/informationsystem/resourceregistry/resources/impl/QueryImplTest.java
@@ -3,6 +3,7 @@
  */
 package org.gcube.informationsystem.resourceregistry.resources.impl;
 
+import org.gcube.common.scope.api.ScopeProvider;
 import org.gcube.informationsystem.resourceregistry.api.exceptions.InvalidQueryException;
 import org.junit.Test;
 import org.slf4j.Logger;
@@ -18,6 +19,7 @@ public class QueryImplTest {
 	
 	@Test
 	public void testQuery() throws InvalidQueryException{
+		ScopeProvider.instance.set("/gcube/devNext");
 		QueryImpl queryImpl = new QueryImpl();
 		String ret = queryImpl.execute("select * from CPUFacet", null);
 		logger.debug(ret);