added client method for User and Group management
This commit is contained in:
parent
74bace0042
commit
18cba6c067
|
@ -4,7 +4,7 @@
|
||||||
<wb-resource deploy-path="/" source-path="/src/main/webapp" tag="defaultRootSource"/>
|
<wb-resource deploy-path="/" source-path="/src/main/webapp" tag="defaultRootSource"/>
|
||||||
<wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/java"/>
|
<wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/java"/>
|
||||||
<wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/resources"/>
|
<wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/resources"/>
|
||||||
<dependent-module archiveName="authorization-control-library-1.0.0-SNAPSHOT.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/authorization-control-library/authorization-control-library">
|
<dependent-module archiveName="authorization-control-library-1.1.0-SNAPSHOT.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/authorization-control-library/authorization-control-library">
|
||||||
<dependency-type>uses</dependency-type>
|
<dependency-type>uses</dependency-type>
|
||||||
</dependent-module>
|
</dependent-module>
|
||||||
<dependent-module archiveName="storagehub-model-1.0.5.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/storagehub-model/storagehub-model">
|
<dependent-module archiveName="storagehub-model-1.0.5.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/storagehub-model/storagehub-model">
|
||||||
|
|
|
@ -34,9 +34,11 @@ import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils
|
||||||
import org.gcube.common.authorization.control.annotations.AuthorizationControl;
|
import org.gcube.common.authorization.control.annotations.AuthorizationControl;
|
||||||
import org.gcube.common.authorization.library.provider.AuthorizationProvider;
|
import org.gcube.common.authorization.library.provider.AuthorizationProvider;
|
||||||
import org.gcube.common.gxrest.response.outbound.GXOutboundErrorResponse;
|
import org.gcube.common.gxrest.response.outbound.GXOutboundErrorResponse;
|
||||||
|
import org.gcube.common.scope.api.ScopeProvider;
|
||||||
import org.gcube.common.storagehub.model.acls.AccessType;
|
import org.gcube.common.storagehub.model.acls.AccessType;
|
||||||
import org.gcube.common.storagehub.model.exceptions.BackendGenericError;
|
import org.gcube.common.storagehub.model.exceptions.BackendGenericError;
|
||||||
import org.gcube.common.storagehub.model.exceptions.InvalidItemException;
|
import org.gcube.common.storagehub.model.exceptions.InvalidItemException;
|
||||||
|
import org.gcube.common.storagehub.model.exceptions.UserNotAuthorizedException;
|
||||||
import org.gcube.common.storagehub.model.types.NodeProperty;
|
import org.gcube.common.storagehub.model.types.NodeProperty;
|
||||||
import org.gcube.common.storagehub.model.types.PrimaryNodeType;
|
import org.gcube.common.storagehub.model.types.PrimaryNodeType;
|
||||||
import org.gcube.data.access.storagehub.Constants;
|
import org.gcube.data.access.storagehub.Constants;
|
||||||
|
@ -51,6 +53,8 @@ public class GroupManager {
|
||||||
|
|
||||||
@Context ServletContext context;
|
@Context ServletContext context;
|
||||||
|
|
||||||
|
private static final String VREMANAGER_ROLE = "VRE-Manager";
|
||||||
|
|
||||||
private static final Logger log = LoggerFactory.getLogger(GroupManager.class);
|
private static final Logger log = LoggerFactory.getLogger(GroupManager.class);
|
||||||
|
|
||||||
@Inject
|
@Inject
|
||||||
|
@ -59,7 +63,6 @@ public class GroupManager {
|
||||||
@GET
|
@GET
|
||||||
@Path("")
|
@Path("")
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class)
|
|
||||||
public List<String> getGroups(){
|
public List<String> getGroups(){
|
||||||
|
|
||||||
JackrabbitSession session = null;
|
JackrabbitSession session = null;
|
||||||
|
@ -93,14 +96,18 @@ public class GroupManager {
|
||||||
@POST
|
@POST
|
||||||
@Path("")
|
@Path("")
|
||||||
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
|
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
|
||||||
@AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class)
|
@AuthorizationControl(allowedRoles={VREMANAGER_ROLE}, exception=MyAuthException.class)
|
||||||
public String createGroup(@FormParam("group") String group, @FormParam("accessType") AccessType accessType){
|
public String createGroup(@FormParam("group") String group, @FormParam("accessType") AccessType accessType){
|
||||||
|
|
||||||
|
|
||||||
JackrabbitSession session = null;
|
JackrabbitSession session = null;
|
||||||
String groupId = null;
|
String groupId = null;
|
||||||
try {
|
try {
|
||||||
|
|
||||||
|
checkGroupValidity(group);
|
||||||
|
|
||||||
session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
|
session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
|
||||||
|
|
||||||
org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager();
|
org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager();
|
||||||
|
|
||||||
Group createdGroup = usrManager.createGroup(group);
|
Group createdGroup = usrManager.createGroup(group);
|
||||||
|
@ -122,11 +129,13 @@ public class GroupManager {
|
||||||
|
|
||||||
@DELETE
|
@DELETE
|
||||||
@Path("{group}")
|
@Path("{group}")
|
||||||
@AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class)
|
@AuthorizationControl(allowedRoles={VREMANAGER_ROLE}, exception=MyAuthException.class)
|
||||||
public String deleteGroup(@PathParam("group") String group){
|
public String deleteGroup(@PathParam("group") String group){
|
||||||
|
|
||||||
JackrabbitSession session = null;
|
JackrabbitSession session = null;
|
||||||
try {
|
try {
|
||||||
|
|
||||||
|
checkGroupValidity(group);
|
||||||
session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
|
session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
|
||||||
|
|
||||||
org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager();
|
org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager();
|
||||||
|
@ -154,12 +163,15 @@ public class GroupManager {
|
||||||
@PUT
|
@PUT
|
||||||
@Path("{id}")
|
@Path("{id}")
|
||||||
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
|
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
|
||||||
@AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class)
|
@AuthorizationControl(allowedRoles={VREMANAGER_ROLE}, exception=MyAuthException.class)
|
||||||
public boolean addUserToGroup(@PathParam("id") String groupId, @FormParam("userId") String userId){
|
public boolean addUserToGroup(@PathParam("id") String groupId, @FormParam("userId") String userId){
|
||||||
|
|
||||||
JackrabbitSession session = null;
|
JackrabbitSession session = null;
|
||||||
boolean success = false;
|
boolean success = false;
|
||||||
try {
|
try {
|
||||||
|
|
||||||
|
checkGroupValidity(groupId);
|
||||||
|
|
||||||
session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
|
session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
|
||||||
|
|
||||||
org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager();
|
org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager();
|
||||||
|
@ -190,12 +202,15 @@ public class GroupManager {
|
||||||
|
|
||||||
@DELETE
|
@DELETE
|
||||||
@Path("{groupId}/users/{userId}")
|
@Path("{groupId}/users/{userId}")
|
||||||
@AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class)
|
@AuthorizationControl(allowedRoles={VREMANAGER_ROLE}, exception=MyAuthException.class)
|
||||||
public boolean removeUserFromGroup(@PathParam("groupId") String groupId, @PathParam("userId") String userId){
|
public boolean removeUserFromGroup(@PathParam("groupId") String groupId, @PathParam("userId") String userId){
|
||||||
|
|
||||||
JackrabbitSession session = null;
|
JackrabbitSession session = null;
|
||||||
boolean success = false;
|
boolean success = false;
|
||||||
try {
|
try {
|
||||||
|
|
||||||
|
checkGroupValidity(groupId);
|
||||||
|
|
||||||
session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
|
session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
|
||||||
|
|
||||||
org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager();
|
org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager();
|
||||||
|
@ -233,12 +248,15 @@ public class GroupManager {
|
||||||
@GET
|
@GET
|
||||||
@Path("{groupId}/users")
|
@Path("{groupId}/users")
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class)
|
@AuthorizationControl(allowedRoles={VREMANAGER_ROLE}, exception=MyAuthException.class)
|
||||||
public List<String> getUsersOfGroup(@PathParam("groupId") String groupId){
|
public List<String> getUsersOfGroup(@PathParam("groupId") String groupId){
|
||||||
|
|
||||||
JackrabbitSession session = null;
|
JackrabbitSession session = null;
|
||||||
List<String> users = new ArrayList<>();
|
List<String> users = new ArrayList<>();
|
||||||
try {
|
try {
|
||||||
|
|
||||||
|
checkGroupValidity(groupId);
|
||||||
|
|
||||||
session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
|
session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
|
||||||
|
|
||||||
org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager();
|
org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager();
|
||||||
|
@ -313,4 +331,12 @@ public class GroupManager {
|
||||||
return vreFolder;
|
return vreFolder;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private void checkGroupValidity(String group) throws UserNotAuthorizedException{
|
||||||
|
String currentContext = ScopeProvider.instance.get();
|
||||||
|
String expectedGroupId= currentContext.replace("/", "-").substring(1);
|
||||||
|
if (!group.equals(expectedGroupId))
|
||||||
|
throw new UserNotAuthorizedException("only VREManager can execute this operation");
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -280,7 +280,7 @@ public class ItemsManager {
|
||||||
|
|
||||||
@GET
|
@GET
|
||||||
@Path("publiclink/{id}")
|
@Path("publiclink/{id}")
|
||||||
@AuthorizationControl(allowed={"URIResolver"}, exception=MyAuthException.class)
|
@AuthorizationControl(allowedUsers={"URIResolver"}, exception=MyAuthException.class)
|
||||||
public Response resolvePublicLink() {
|
public Response resolvePublicLink() {
|
||||||
InnerMethodName.instance.set("resolvePubliclink");
|
InnerMethodName.instance.set("resolvePubliclink");
|
||||||
|
|
||||||
|
|
|
@ -43,7 +43,7 @@ import org.slf4j.LoggerFactory;
|
||||||
public class UserManager {
|
public class UserManager {
|
||||||
|
|
||||||
@Context ServletContext context;
|
@Context ServletContext context;
|
||||||
|
|
||||||
private static final Logger log = LoggerFactory.getLogger(UserManager.class);
|
private static final Logger log = LoggerFactory.getLogger(UserManager.class);
|
||||||
|
|
||||||
@Inject
|
@Inject
|
||||||
|
@ -55,7 +55,6 @@ public class UserManager {
|
||||||
@GET
|
@GET
|
||||||
@Path("")
|
@Path("")
|
||||||
@Produces(MediaType.APPLICATION_JSON)
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
@AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class)
|
|
||||||
public List<String> getUsers(){
|
public List<String> getUsers(){
|
||||||
|
|
||||||
JackrabbitSession session = null;
|
JackrabbitSession session = null;
|
||||||
|
@ -89,7 +88,7 @@ public class UserManager {
|
||||||
@POST
|
@POST
|
||||||
@Path("")
|
@Path("")
|
||||||
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
|
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
|
||||||
@AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class)
|
@AuthorizationControl(allowedUsers={"lucio.lelii"}, exception=MyAuthException.class)
|
||||||
public String createUser(@FormParam("user") String user, @FormParam("password") String password){
|
public String createUser(@FormParam("user") String user, @FormParam("password") String password){
|
||||||
|
|
||||||
JackrabbitSession session = null;
|
JackrabbitSession session = null;
|
||||||
|
@ -127,7 +126,7 @@ public class UserManager {
|
||||||
|
|
||||||
@DELETE
|
@DELETE
|
||||||
@Path("{id}")
|
@Path("{id}")
|
||||||
@AuthorizationControl(allowed={"lucio.lelii"}, exception=MyAuthException.class)
|
@AuthorizationControl(allowedUsers={"lucio.lelii"}, exception=MyAuthException.class)
|
||||||
public String deleteUser(@PathParam("id") String id){
|
public String deleteUser(@PathParam("id") String id){
|
||||||
|
|
||||||
JackrabbitSession session = null;
|
JackrabbitSession session = null;
|
||||||
|
|
|
@ -0,0 +1,7 @@
|
||||||
|
<application mode='online'>
|
||||||
|
<name>StorageHub</name>
|
||||||
|
<group>DataAccess</group>
|
||||||
|
<version>1.0.0-SNAPSHOT</version>
|
||||||
|
<description>Storage Hub webapp</description>
|
||||||
|
<local-persistence location='target' />
|
||||||
|
</application>
|
Loading…
Reference in New Issue