Added support to manage reserved UUID

This commit is contained in:
Luca Frosini 2021-10-21 16:32:05 +02:00
parent ef1f3bb427
commit fc4ed61344
13 changed files with 112 additions and 58 deletions

View File

@ -21,7 +21,6 @@ import org.gcube.informationsystem.resourceregistry.api.exceptions.context.Conte
import org.gcube.informationsystem.resourceregistry.contexts.security.AdminSecurityContext;
import org.gcube.informationsystem.resourceregistry.contexts.security.SecurityContext;
import org.gcube.informationsystem.resourceregistry.contexts.security.SecurityContext.PermissionMode;
import org.gcube.informationsystem.resourceregistry.dbinitialization.DatabaseEnvironment;
import org.gcube.informationsystem.resourceregistry.instances.base.ElementManagementUtility;
import org.gcube.informationsystem.resourceregistry.utils.Utility;
import org.slf4j.Logger;
@ -105,7 +104,7 @@ public class ContextUtility {
public static AdminSecurityContext getAdminSecurityContext() throws ResourceRegistryException {
AdminSecurityContext adminSecurityContext = (AdminSecurityContext) ContextUtility.getInstance()
.getSecurityContextByUUID(DatabaseEnvironment.ADMIN_SECURITY_CONTEXT_UUID);
.getSecurityContextByUUID(AdminSecurityContext.ADMIN_SECURITY_CONTEXT_UUID);
return adminSecurityContext;
}

View File

@ -30,8 +30,8 @@ import org.gcube.informationsystem.resourceregistry.api.exceptions.context.Conte
import org.gcube.informationsystem.resourceregistry.api.exceptions.schema.SchemaViolationException;
import org.gcube.informationsystem.resourceregistry.contexts.ContextUtility;
import org.gcube.informationsystem.resourceregistry.contexts.relations.IsParentOfManagement;
import org.gcube.informationsystem.resourceregistry.contexts.security.ContextSecurityContext;
import org.gcube.informationsystem.resourceregistry.contexts.security.SecurityContext;
import org.gcube.informationsystem.resourceregistry.dbinitialization.DatabaseEnvironment;
import org.gcube.informationsystem.resourceregistry.instances.base.entities.EntityElementManagement;
import org.gcube.informationsystem.resourceregistry.utils.Utility;
import org.gcube.informationsystem.types.reference.entities.EntityType;
@ -111,7 +111,7 @@ public class ContextManagement extends EntityElementManagement<Context, EntityTy
protected SecurityContext getWorkingContext() throws ResourceRegistryException {
if (workingContext == null) {
workingContext = ContextUtility.getInstance()
.getSecurityContextByUUID(DatabaseEnvironment.CONTEXT_SECURITY_CONTEXT_UUID);
.getSecurityContextByUUID(ContextSecurityContext.CONTEXT_SECURITY_CONTEXT_UUID);
}
return workingContext;
}

View File

@ -16,8 +16,8 @@ import org.gcube.informationsystem.resourceregistry.api.exceptions.relation.ispa
import org.gcube.informationsystem.resourceregistry.api.exceptions.schema.SchemaViolationException;
import org.gcube.informationsystem.resourceregistry.contexts.ContextUtility;
import org.gcube.informationsystem.resourceregistry.contexts.entities.ContextManagement;
import org.gcube.informationsystem.resourceregistry.contexts.security.ContextSecurityContext;
import org.gcube.informationsystem.resourceregistry.contexts.security.SecurityContext;
import org.gcube.informationsystem.resourceregistry.dbinitialization.DatabaseEnvironment;
import org.gcube.informationsystem.resourceregistry.instances.base.relations.RelationElementManagement;
import org.gcube.informationsystem.resourceregistry.utils.Utility;
import org.gcube.informationsystem.types.reference.entities.EntityType;
@ -52,7 +52,7 @@ public class IsParentOfManagement extends RelationElementManagement<ContextManag
protected SecurityContext getWorkingContext() throws ResourceRegistryException {
if (workingContext == null) {
workingContext = ContextUtility.getInstance()
.getSecurityContextByUUID(DatabaseEnvironment.CONTEXT_SECURITY_CONTEXT_UUID);
.getSecurityContextByUUID(ContextSecurityContext.CONTEXT_SECURITY_CONTEXT_UUID);
}
return workingContext;
}

View File

@ -1,5 +1,7 @@
package org.gcube.informationsystem.resourceregistry.contexts.security;
import java.util.UUID;
import org.gcube.informationsystem.resourceregistry.api.exceptions.ResourceRegistryException;
import org.gcube.informationsystem.resourceregistry.dbinitialization.DatabaseEnvironment;
import org.slf4j.Logger;
@ -16,8 +18,16 @@ public class AdminSecurityContext extends SecurityContext {
private static Logger logger = LoggerFactory.getLogger(SecurityContext.class);
public static final String ADMIN_SECURITY_CONTEXT;
public static final UUID ADMIN_SECURITY_CONTEXT_UUID;
static {
ADMIN_SECURITY_CONTEXT = "00000000-0000-0000-0000-000000000000";
ADMIN_SECURITY_CONTEXT_UUID = UUID.fromString(ADMIN_SECURITY_CONTEXT);
}
public AdminSecurityContext() throws ResourceRegistryException {
super(DatabaseEnvironment.ADMIN_SECURITY_CONTEXT_UUID, false);
super(ADMIN_SECURITY_CONTEXT_UUID, false);
}
@Override

View File

@ -1,7 +1,8 @@
package org.gcube.informationsystem.resourceregistry.contexts.security;
import java.util.UUID;
import org.gcube.informationsystem.resourceregistry.api.exceptions.ResourceRegistryException;
import org.gcube.informationsystem.resourceregistry.dbinitialization.DatabaseEnvironment;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -15,8 +16,16 @@ public class ContextSecurityContext extends SecurityContext {
private static Logger logger = LoggerFactory.getLogger(SecurityContext.class);
public static final String CONTEXT_SECURITY_CONTEXT;
public static final UUID CONTEXT_SECURITY_CONTEXT_UUID;
static {
CONTEXT_SECURITY_CONTEXT = "ffffffff-ffff-ffff-ffff-ffffffffffff";
CONTEXT_SECURITY_CONTEXT_UUID = UUID.fromString(CONTEXT_SECURITY_CONTEXT);
}
public ContextSecurityContext() throws ResourceRegistryException {
super(DatabaseEnvironment.CONTEXT_SECURITY_CONTEXT_UUID, false);
super(CONTEXT_SECURITY_CONTEXT_UUID, false);
}
@Override

View File

@ -0,0 +1,53 @@
package org.gcube.informationsystem.resourceregistry.contexts.security;
import java.util.UUID;
import org.gcube.informationsystem.resourceregistry.api.exceptions.ResourceRegistryException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.orientechnologies.orient.core.metadata.security.ORole;
import com.orientechnologies.orient.core.metadata.security.ORule;
/**
* @author Luca Frosini (ISTI - CNR)
*/
public class QueryTemplatesSecurityContext extends SecurityContext {
private static Logger logger = LoggerFactory.getLogger(SecurityContext.class);
public static final String TEMPLATES_SECURITY_CONTEXT;
public static final UUID TEMPLATES_SECURITY_CONTEXT_UUID;
static {
TEMPLATES_SECURITY_CONTEXT = "dddddddd-dddd-dddd-dddd-dddddddddddd";
TEMPLATES_SECURITY_CONTEXT_UUID = UUID.fromString(TEMPLATES_SECURITY_CONTEXT);
}
public QueryTemplatesSecurityContext() throws ResourceRegistryException {
super(TEMPLATES_SECURITY_CONTEXT_UUID, false);
}
@Override
protected ORole addExtraRules(ORole role, PermissionMode permissionMode) {
logger.trace("Adding extra rules for {}", role.getName());
switch(permissionMode) {
case WRITER:
role.addRule(ORule.ResourceGeneric.CLUSTER, null, ORole.PERMISSION_ALL);
role.addRule(ORule.ResourceGeneric.SYSTEM_CLUSTERS, null, ORole.PERMISSION_ALL);
role.addRule(ORule.ResourceGeneric.CLASS, null, ORole.PERMISSION_ALL);
break;
case READER:
role.addRule(ORule.ResourceGeneric.CLUSTER, null, ORole.PERMISSION_READ);
role.addRule(ORule.ResourceGeneric.SYSTEM_CLUSTERS, null, ORole.PERMISSION_READ);
role.addRule(ORule.ResourceGeneric.CLASS, null, ORole.PERMISSION_READ);
break;
default:
break;
}
return role;
}
}

View File

@ -1,7 +1,8 @@
package org.gcube.informationsystem.resourceregistry.contexts.security;
import java.util.UUID;
import org.gcube.informationsystem.resourceregistry.api.exceptions.ResourceRegistryException;
import org.gcube.informationsystem.resourceregistry.dbinitialization.DatabaseEnvironment;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -15,8 +16,17 @@ public class SchemaSecurityContext extends SecurityContext {
private static Logger logger = LoggerFactory.getLogger(SecurityContext.class);
// Used to persist Schemas
public static final String SCHEMA_SECURITY_CONTEXT;
public static final UUID SCHEMA_SECURITY_CONTEXT_UUID;
static {
SCHEMA_SECURITY_CONTEXT = "eeeeeeee-eeee-eeee-eeee-eeeeeeeeeeee";
SCHEMA_SECURITY_CONTEXT_UUID = UUID.fromString(SCHEMA_SECURITY_CONTEXT);
}
public SchemaSecurityContext() throws ResourceRegistryException {
super(DatabaseEnvironment.SCHEMA_SECURITY_CONTEXT_UUID, false);
super(SCHEMA_SECURITY_CONTEXT_UUID, false);
}
@Override

View File

@ -20,6 +20,7 @@ import org.gcube.informationsystem.resourceregistry.api.exceptions.ResourceRegis
import org.gcube.informationsystem.resourceregistry.contexts.ContextUtility;
import org.gcube.informationsystem.resourceregistry.dbinitialization.DatabaseEnvironment;
import org.gcube.informationsystem.resourceregistry.utils.Utility;
import org.gcube.informationsystem.utils.UUIDManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -296,7 +297,7 @@ public class SecurityContext {
String[] list = name.split("_");
if (list.length == 2) {
String contextUUID = list[1];
if (!DatabaseEnvironment.RESERVED_CONTEX_UUID_STRING.contains(contextUUID)) {
if (!UUIDManager.isReservedUUID(contextUUID)) {
contexts.add(contextUUID);
}
}

View File

@ -6,13 +6,10 @@ import java.net.URL;
import java.security.Key;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.ServiceLoader;
import java.util.Set;
import java.util.UUID;
import org.gcube.common.encryption.SymmetricKey;
import org.gcube.informationsystem.base.reference.AccessType;
@ -25,6 +22,7 @@ import org.gcube.informationsystem.model.reference.properties.Property;
import org.gcube.informationsystem.resourceregistry.contexts.ContextUtility;
import org.gcube.informationsystem.resourceregistry.contexts.security.AdminSecurityContext;
import org.gcube.informationsystem.resourceregistry.contexts.security.ContextSecurityContext;
import org.gcube.informationsystem.resourceregistry.contexts.security.QueryTemplatesSecurityContext;
import org.gcube.informationsystem.resourceregistry.contexts.security.SchemaSecurityContext;
import org.gcube.informationsystem.resourceregistry.contexts.security.SecurityContext.PermissionMode;
import org.gcube.informationsystem.resourceregistry.instances.base.ElementManagement;
@ -115,21 +113,7 @@ public class DatabaseEnvironment {
public static final String DB_URI;
public static final CONNECTION_STRATEGY CONNECTION_STRATEGY_PARAMETER = CONNECTION_STRATEGY.ROUND_ROBIN_CONNECT;
// Used to indicate virtual admin security context
private static final String ADMIN_SECURITY_CONTEXT;
public static final UUID ADMIN_SECURITY_CONTEXT_UUID;
// Used to persist Schemas
private static final String SCHEMA_SECURITY_CONTEXT;
public static final UUID SCHEMA_SECURITY_CONTEXT_UUID;
// Used to Persist Context and their relations
private static final String CONTEXT_SECURITY_CONTEXT;
public static final UUID CONTEXT_SECURITY_CONTEXT_UUID;
public static final Set<String> RESERVED_CONTEX_UUID_STRING;
public static final Set<UUID> RESERVED_CONTEX_UUID;
protected static final String DB_KEY_FILENAME_VARNAME = "DB_KEY_FILENAME";
protected static final String DB_KEY_ALGORITHM_VARNAME = "DB_KEY_ALGORITHM";
@ -194,26 +178,7 @@ public class DatabaseEnvironment {
throw new RuntimeException("Unable to load properties", e);
}
RESERVED_CONTEX_UUID_STRING = new HashSet<>();
RESERVED_CONTEX_UUID = new HashSet<>();
ADMIN_SECURITY_CONTEXT = "00000000-0000-0000-0000-000000000000";
RESERVED_CONTEX_UUID_STRING.add(ADMIN_SECURITY_CONTEXT);
ADMIN_SECURITY_CONTEXT_UUID = UUID.fromString(ADMIN_SECURITY_CONTEXT);
RESERVED_CONTEX_UUID.add(ADMIN_SECURITY_CONTEXT_UUID);
// Used to persist Schemas
SCHEMA_SECURITY_CONTEXT = "eeeeeeee-eeee-eeee-eeee-eeeeeeeeeeee";
RESERVED_CONTEX_UUID_STRING.add(SCHEMA_SECURITY_CONTEXT);
SCHEMA_SECURITY_CONTEXT_UUID = UUID.fromString(SCHEMA_SECURITY_CONTEXT);
RESERVED_CONTEX_UUID.add(SCHEMA_SECURITY_CONTEXT_UUID);
// Used to Persist Context and their relations
CONTEXT_SECURITY_CONTEXT = "ffffffff-ffff-ffff-ffff-ffffffffffff";
RESERVED_CONTEX_UUID_STRING.add(CONTEXT_SECURITY_CONTEXT);
CONTEXT_SECURITY_CONTEXT_UUID = UUID.fromString(CONTEXT_SECURITY_CONTEXT);
RESERVED_CONTEX_UUID.add(CONTEXT_SECURITY_CONTEXT_UUID);
try {
boolean created = initGraphDB();
@ -223,6 +188,9 @@ public class DatabaseEnvironment {
AdminSecurityContext adminSecurityContext = new AdminSecurityContext();
contextUtility.addSecurityContext(adminSecurityContext.getUUID().toString(), adminSecurityContext);
QueryTemplatesSecurityContext queryTemplatesSecurityContext = new QueryTemplatesSecurityContext();
contextUtility.addSecurityContext(queryTemplatesSecurityContext.getUUID().toString(), queryTemplatesSecurityContext);
ContextSecurityContext contextSecurityContext = new ContextSecurityContext();
contextUtility.addSecurityContext(contextSecurityContext.getUUID().toString(), contextSecurityContext);

View File

@ -14,8 +14,8 @@ import org.gcube.informationsystem.resourceregistry.api.exceptions.schema.Schema
import org.gcube.informationsystem.resourceregistry.api.exceptions.schema.SchemaNotFoundException;
import org.gcube.informationsystem.resourceregistry.api.exceptions.schema.SchemaViolationException;
import org.gcube.informationsystem.resourceregistry.contexts.ContextUtility;
import org.gcube.informationsystem.resourceregistry.contexts.security.SchemaSecurityContext;
import org.gcube.informationsystem.resourceregistry.contexts.security.SecurityContext;
import org.gcube.informationsystem.resourceregistry.dbinitialization.DatabaseEnvironment;
import org.gcube.informationsystem.resourceregistry.instances.base.ElementManagementUtility;
import org.gcube.informationsystem.resourceregistry.instances.base.entities.EntityElementManagement;
import org.gcube.informationsystem.resourceregistry.utils.Utility;
@ -51,7 +51,7 @@ public abstract class EntityTypeDefinitionManagement<E extends EntityType> exten
protected SecurityContext getWorkingContext() throws ResourceRegistryException {
if (workingContext == null) {
workingContext = ContextUtility.getInstance()
.getSecurityContextByUUID(DatabaseEnvironment.SCHEMA_SECURITY_CONTEXT_UUID);
.getSecurityContextByUUID(SchemaSecurityContext.SCHEMA_SECURITY_CONTEXT_UUID);
}
return workingContext;
}

View File

@ -13,8 +13,8 @@ import org.gcube.informationsystem.resourceregistry.api.exceptions.schema.Schema
import org.gcube.informationsystem.resourceregistry.api.exceptions.schema.SchemaNotFoundException;
import org.gcube.informationsystem.resourceregistry.api.exceptions.schema.SchemaViolationException;
import org.gcube.informationsystem.resourceregistry.contexts.ContextUtility;
import org.gcube.informationsystem.resourceregistry.contexts.security.SchemaSecurityContext;
import org.gcube.informationsystem.resourceregistry.contexts.security.SecurityContext;
import org.gcube.informationsystem.resourceregistry.dbinitialization.DatabaseEnvironment;
import org.gcube.informationsystem.resourceregistry.instances.base.ElementManagement;
import org.gcube.informationsystem.resourceregistry.instances.base.ElementManagementUtility;
import org.gcube.informationsystem.resourceregistry.utils.Utility;
@ -58,7 +58,7 @@ public class PropertyTypeDefinitionManagement extends ElementManagement<OElement
protected SecurityContext getWorkingContext() throws ResourceRegistryException {
if(workingContext == null) {
workingContext = ContextUtility.getInstance()
.getSecurityContextByUUID(DatabaseEnvironment.SCHEMA_SECURITY_CONTEXT_UUID);
.getSecurityContextByUUID(SchemaSecurityContext.SCHEMA_SECURITY_CONTEXT_UUID);
}
return workingContext;
}

View File

@ -16,8 +16,8 @@ import org.gcube.informationsystem.resourceregistry.api.exceptions.schema.Schema
import org.gcube.informationsystem.resourceregistry.api.exceptions.schema.SchemaNotFoundException;
import org.gcube.informationsystem.resourceregistry.api.exceptions.schema.SchemaViolationException;
import org.gcube.informationsystem.resourceregistry.contexts.ContextUtility;
import org.gcube.informationsystem.resourceregistry.contexts.security.SchemaSecurityContext;
import org.gcube.informationsystem.resourceregistry.contexts.security.SecurityContext;
import org.gcube.informationsystem.resourceregistry.dbinitialization.DatabaseEnvironment;
import org.gcube.informationsystem.resourceregistry.instances.base.ElementManagementUtility;
import org.gcube.informationsystem.resourceregistry.instances.base.relations.RelationElementManagement;
import org.gcube.informationsystem.resourceregistry.types.entities.EntityTypeDefinitionManagement;
@ -62,7 +62,7 @@ public abstract class RelationTypeDefinitionManagement<T extends EntityTypeDefin
protected SecurityContext getWorkingContext() throws ResourceRegistryException {
if (workingContext == null) {
this.workingContext = ContextUtility.getInstance()
.getSecurityContextByUUID(DatabaseEnvironment.SCHEMA_SECURITY_CONTEXT_UUID);
.getSecurityContextByUUID(SchemaSecurityContext.SCHEMA_SECURITY_CONTEXT_UUID);
}
return workingContext;
}

View File

@ -16,6 +16,7 @@ import org.gcube.informationsystem.base.reference.IdentifiableElement;
import org.gcube.informationsystem.model.reference.properties.Header;
import org.gcube.informationsystem.resourceregistry.api.exceptions.ResourceRegistryException;
import org.gcube.informationsystem.utils.ElementMapper;
import org.gcube.informationsystem.utils.UUIDManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -52,7 +53,7 @@ public class HeaderUtility {
HeaderOrient header = new HeaderOrient();
if(uuid == null) {
uuid = UUID.randomUUID();
uuid = UUIDManager.generateValidRandomUUID();
}
header.setUUID(uuid);
@ -72,7 +73,7 @@ public class HeaderUtility {
}
public static Header getHeader(JsonNode jsonNode, boolean creation)
throws JsonParseException, JsonMappingException, IOException {
throws JsonParseException, JsonMappingException, IOException, ResourceRegistryException {
if(jsonNode.has(IdentifiableElement.HEADER_PROPERTY)) {
JsonNode headerNode = jsonNode.get(IdentifiableElement.HEADER_PROPERTY);
if(headerNode.isNull()) {
@ -80,9 +81,12 @@ public class HeaderUtility {
}
HeaderOrient header = null;
if(creation) {
// If an header is provided MUST contains and UUID otherwise is
// If an header is provided, it MUST contains an UUID otherwise is
// an invalid request so that let that an exception is raised
UUID uuid = UUID.fromString(headerNode.get(Header.UUID_PROPERTY).asText());
if(UUIDManager.isReservedUUID(uuid)) {
throw new ResourceRegistryException("The provided UUID " + uuid.toString() + "is reserved. The reserved UUID are : " + UUIDManager.getAllReservedUUIDAsStrings());
}
header = (HeaderOrient) createHeader(uuid);
} else {
header = new HeaderOrient();