-This change should only appear in the trunk. Currently r1624.
\ No newline at end of file
+This change should only appear in the trunk. Currently r1624. This is another test of the patching mechanism.
\ No newline at end of file
// Now try to retrieve the Intake record of the CollectionObject.
//
String predicate = RelationshipType.COLLECTIONOBJECT_INTAKE.value();
- ClientResponse<RelationsCommonList> resultResponse = relationClient.readList_SPO(collectionObjectCsid,
+ ClientResponse<RelationsCommonList> resultResponse = relationClient.readList(
+ collectionObjectCsid,
predicate,
intakeCsid);
RelationsCommonList relationList = null;
// Get clients for the CollectionSpace services
//
/** The MA x_ records. */
- private static int MAX_RECORDS = 1;
+ private static int MAX_RECORDS = 1000;
/**
* Performance test.
*/
@Test
public void performanceTest() {
-// roundTripOverhead(MAX_RECORDS);
-// deleteCollectionObjects();
+ roundTripOverhead(10);
+ deleteCollectionObjects();
String[] coList = this.createCollectionObjects(MAX_RECORDS);
-// this.searchCollectionObjects(MAX_RECORDS);
-// this.deleteCollectionObjects(coList);
-// roundTripOverhead(10);
+ this.searchCollectionObjects(MAX_RECORDS);
+ this.readCollectionObjects(coList);
+ this.deleteCollectionObjects(coList);
+ roundTripOverhead(10);
}
/**
* @return the string
*/
private String createCollectionObject(CollectionObjectClient collectionObjectClient,
- int identifier) {
+ MultipartOutput multipart) {
String result = null;
- //
- // First create a CollectionObject
- //
- CollectionobjectsCommon co = new CollectionobjectsCommon();
- fillCollectionObject(co, Integer.toString(identifier));
-
- // Next, create a part object
- MultipartOutput multipart = new MultipartOutput();
- OutputPart commonPart = multipart.addPart(co, MediaType.APPLICATION_XML_TYPE);
- commonPart.getHeaders().add("label", collectionObjectClient.getCommonPartName());
// Make the create call and check the response
ClientResponse<Response> response = collectionObjectClient.create(multipart);
try {
public String[] createCollectionObjects(int numberOfObjects) {
Random randomGenerator = new Random(System.currentTimeMillis());
CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
- String[] coList = new String[numberOfObjects];
+ String[] coList = new String[numberOfObjects];
+
+ //
+ // First create a CollectionObject
+ //
+ CollectionobjectsCommon co = new CollectionobjectsCommon();
+ fillCollectionObject(co, Long.toString(System.currentTimeMillis()));
+
+ // Next, create a part object
+ MultipartOutput multipart = new MultipartOutput();
+ OutputPart commonPart = multipart.addPart(co, MediaType.APPLICATION_XML_TYPE);
+ commonPart.getHeaders().add("label", collectionObjectClient.getCommonPartName());
int createdObjects = 0;
try {
Date startTime = new Date();
for (int i = 0; i < numberOfObjects; i++, createdObjects++) {
- coList[i] = createCollectionObject(collectionObjectClient, i + 1);
+ coList[i] = createCollectionObject(collectionObjectClient, multipart);
if (logger.isDebugEnabled() == true) {
- logger.debug("Created CollectionObject #: " + i);
+ //
+ // Print out a status every 10 operations
+ if (i % 10 == 0)
+ logger.debug("Created CollectionObject #: " + i);
}
}
Date stopTime = new Date();
return coList;
}
+ //
+ //
+ //
+
+ /**
+ * Delete collection object.
+ *
+ * @param collectionObjectClient the collection object client
+ * @param resourceId the resource id
+ */
+ private void readCollectionObject(CollectionObjectClient collectionObjectClient,
+ String resourceId) {
+ ClientResponse<Response> res = collectionObjectClient.delete(resourceId);
+ res.releaseConnection();
+ }
+
+ /**
+ * Delete collection objects.
+ *
+ * @param arrayOfObjects the array of objects
+ */
+ public void readCollectionObjects(String[] arrayOfObjects) {
+ CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
+
+ Date startTime = new Date();
+ for (int i = 0; i < arrayOfObjects.length; i++) {
+ deleteCollectionObject(collectionObjectClient, arrayOfObjects[i]);
+ }
+ Date stopTime = new Date();
+
+ if (logger.isDebugEnabled()) {
+ System.out.println("Read " + arrayOfObjects.length + " CollectionObjects" +
+ " in " + (stopTime.getTime() - startTime.getTime())/1000.0 + " seconds.");
+ }
+ }
+
+ /**
+ * Delete collection objects.
+ * FIXME: Deletes a page at a time until there are no more CollectionObjects.
+ */
+ public void readCollectionObjects() {
+ CollectionObjectClient collectionObjectClient = new CollectionObjectClient();
+ ClientResponse<AbstractCommonList> response;
+
+ List<CollectionObjectListItem> coListItems = null;
+ do {
+ response = collectionObjectClient.readList(new Long(MAX_RECORDS),
+ new Long(0));
+ try {
+ CollectionobjectsCommonList commonListElement =
+ (CollectionobjectsCommonList)response.getEntity(CollectionobjectsCommonList.class);
+ coListItems = commonListElement.getCollectionObjectListItem();
+ } finally {
+ response.releaseConnection();
+ }
+
+ Date startTime = new Date();
+ for (CollectionObjectListItem i:coListItems) {
+ readCollectionObject(collectionObjectClient, i.getCsid());
+ }
+ Date stopTime = new Date();
+
+ if (logger.isDebugEnabled()) {
+ System.out.println("Read " + coListItems.size() + " CollectionObjects" +
+ " in " + (stopTime.getTime() - startTime.getTime())/1000.0 + " seconds.");
+ }
+ } while (coListItems.size() > 0);
+ }
+ //
+ //
+ //
/**
* Delete collection object.
*
List<CollectionObjectListItem> coListItems = null;
do {
- response = collectionObjectClient.readList(Integer.toString(MAX_RECORDS),
- Integer.toString(0));
+ response = collectionObjectClient.readList(new Long(MAX_RECORDS),
+ new Long(0));
try {
CollectionobjectsCommonList commonListElement =
(CollectionobjectsCommonList)response.getEntity(CollectionobjectsCommonList.class);
Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode),
invalidStatusCodeMessage(REQUEST_TYPE, statusCode));
Assert.assertEquals(statusCode, EXPECTED_STATUS_CODE);
- int EXPECTED_ITEMS = 5; //seeded permissions
+ int EXPECTED_ITEMS = 3; //seeded permissions
+ int actual = list.getPermissions().size();
if (logger.isDebugEnabled()) {
- logger.debug(testName + ": received = " + list.getPermissions().size()
+ logger.debug(testName + ": received = " + actual
+ " expected=" + EXPECTED_ITEMS);
}
Assert.assertEquals(EXPECTED_ITEMS, list.getPermissions().size());
import org.collectionspace.services.common.config.TenantBindingConfigReaderImpl;
import org.collectionspace.services.common.service.ServiceBindingType;
import org.collectionspace.services.common.tenant.TenantBindingType;
+import org.collectionspace.services.common.security.SecurityUtils;
/**
* AuthorizationGen generates authorizations (permissions and roles)
for (ServiceBindingType sbinding : tbinding.getServiceBindings()) {
//add permissions for the main path
+ String resourceName = sbinding.getName().toLowerCase().trim();
+ if (SecurityUtils.isEntityProxy() == true) {
+ resourceName = SecurityUtils.getResourceEntity(resourceName);
+ }
Permission perm = buildAdminPermission(tbinding.getId(),
- sbinding.getName().toLowerCase());
+ resourceName);
apcList.add(perm);
//add permissions for alternate paths
- List<String> uriPaths = sbinding.getUriPath();
- for (String uriPath : uriPaths) {
- perm = buildAdminPermission(tbinding.getId(),
- uriPath.toLowerCase());
- apcList.add(perm);
+ if (SecurityUtils.isEntityProxy() == false) {
+ List<String> uriPaths = sbinding.getUriPath();
+ for (String uriPath : uriPaths) {
+ perm = buildAdminPermission(tbinding.getId(),
+ uriPath.toLowerCase());
+ apcList.add(perm);
+ }
}
-
}
+
return apcList;
-
}
private Permission buildAdminPermission(String tenantId, String resourceName) {
perm.setCsid(id);
perm.setDescription("generated admin permission");
perm.setCreatedAtItem(new Date());
- perm.setResourceName(resourceName.toLowerCase());
+ perm.setResourceName(resourceName.toLowerCase().trim());
perm.setEffect(EffectType.PERMIT);
perm.setTenantId(tenantId);
ArrayList<PermissionAction> pas = new ArrayList<PermissionAction>();
ArrayList<Permission> apcList = new ArrayList<Permission>();
TenantBindingType tbinding = tenantBindings.get(tenantId);
for (ServiceBindingType sbinding : tbinding.getServiceBindings()) {
-
//add permissions for the main path
+ String resourceName = sbinding.getName().toLowerCase().trim();
+ if (SecurityUtils.isEntityProxy() == true) {
+ resourceName = SecurityUtils.getResourceEntity(resourceName);
+ }
Permission perm = buildReaderPermission(tbinding.getId(),
- sbinding.getName().toLowerCase());
+ resourceName);
apcList.add(perm);
//add permissions for alternate paths
- List<String> uriPaths = sbinding.getUriPath();
- for (String uriPath : uriPaths) {
- perm = buildReaderPermission(tbinding.getId(),
- uriPath.toLowerCase());
- apcList.add(perm);
+ if (SecurityUtils.isEntityProxy() == false) {
+ List<String> uriPaths = sbinding.getUriPath();
+ for (String uriPath : uriPaths) {
+ perm = buildReaderPermission(tbinding.getId(),
+ uriPath.toLowerCase());
+ apcList.add(perm);
+ }
}
-
}
return apcList;
perm.setCsid(id);
perm.setCreatedAtItem(new Date());
perm.setDescription("generated readonly permission");
- perm.setResourceName(resourceName.toLowerCase());
+ perm.setResourceName(resourceName.toLowerCase().trim());
perm.setEffect(EffectType.PERMIT);
perm.setTenantId(tenantId);
ArrayList<PermissionAction> pas = new ArrayList<PermissionAction>();
no need to give slash at the beginning or end
- attributeName could be an attribute of the service schema
e.g. otherNumber from collectionobjects_common
+ - actionGroup is label that can be used by a client to "group" sets of actions for operations
+ like searching for permissions by a specific actionGroup label.
- action describes the actions that could be taken on given resource (and attribute)
- effect describes the effect of the access control for the action
performed on the given resource (and attribute)
</xs:appinfo>
</xs:annotation>
</xs:element>
+ <xs:element name="actionGroup" type="xs:string" minOccurs="0" maxOccurs="1">
+ <xs:annotation>
+ <xs:appinfo>
+ <hj:basic>
+ <orm:column name="action_group" length="128" nullable="true"/>
+ </hj:basic>
+ </xs:appinfo>
+ </xs:annotation>
+ </xs:element>
<xs:element name="action" type="permission_action" minOccurs="1" maxOccurs="unbounded"/>
<xs:element name="effect" type="effect_type" minOccurs="1" maxOccurs="1">
<xs:annotation>
drop table if exists permissions_roles;
drop table if exists roles;
create table accounts_roles (HJID bigint not null auto_increment, account_id varchar(128) not null, created_at datetime not null, role_id varchar(128) not null, role_name varchar(255), screen_name varchar(255), user_id varchar(128) not null, primary key (HJID), unique (account_id, role_id));
-create table permissions (csid varchar(128) not null, attribute_name varchar(128), created_at datetime not null, description varchar(255), effect varchar(32) not null, resource_name varchar(128) not null, tenant_id varchar(128) not null, updated_at datetime, primary key (csid));
+create table permissions (csid varchar(128) not null, action_group varchar(128), attribute_name varchar(128), created_at datetime not null, description varchar(255), effect varchar(32) not null, resource_name varchar(128) not null, tenant_id varchar(128) not null, updated_at datetime, primary key (csid));
create table permissions_actions (HJID bigint not null auto_increment, name varchar(128) not null, ACTIONS_PERMISSION_CSID varchar(128), primary key (HJID));
create table permissions_roles (HJID bigint not null auto_increment, created_at datetime not null, permission_id varchar(128) not null, permission_resource varchar(255), role_id varchar(128) not null, role_name varchar(255), primary key (HJID), unique (permission_id, role_id));
create table roles (csid varchar(128) not null, created_at datetime not null, description varchar(255), rolegroup varchar(255), rolename varchar(200) not null, tenant_id varchar(128) not null, updated_at datetime, primary key (csid), unique (rolename, tenant_id));
public final static AuthZ get() {
return self;
}
-
+
private void setupProvider() {
String beanConfig = "applicationContext-authorization.xml";
//system property is only set in test environment
* .lang.String, java.lang.String)\r
*/\r
@Override\r
- public ClientResponse<AbstractCommonList> readList(String pageSize,\r
- String pageNumber) {\r
+ public ClientResponse<AbstractCommonList> readList(Long pageSize,\r
+ Long pageNumber) {\r
return getProxy().readList(pageSize, pageNumber);\r
}\r
\r
* .lang.String, java.lang.String)\r
*/\r
@Override\r
- public ClientResponse<AbstractCommonList> readList(String sortBy, String pageSize,\r
- String pageNumber) {\r
+ public ClientResponse<AbstractCommonList> readList(String sortBy, Long pageSize,\r
+ Long pageNumber) {\r
return getProxy().readList(sortBy, pageSize, pageNumber);\r
}\r
\r
* @return the client response
*/
public ClientResponse<AbstractCommonList> readList(
- String pageSize,
- String pageNumber);
+ Long pageSize,
+ Long pageNumber);
/**
* Read list.
*/
public ClientResponse<AbstractCommonList> readList(
String sortBy,
- String pageSize,
- String pageNumber);
+ Long pageSize,
+ Long pageNumber);
/**
* Delete.
@GET\r
@Produces({"application/xml"})\r
ClientResponse<AbstractCommonList> readList(\r
- @QueryParam(IClientQueryParams.PAGE_SIZE_PARAM) String pageSize,\r
- @QueryParam(IClientQueryParams.START_PAGE_PARAM) String pageNumber);\r
+ @QueryParam(IClientQueryParams.PAGE_SIZE_PARAM) Long pageSize,\r
+ @QueryParam(IClientQueryParams.START_PAGE_PARAM) Long pageNumber);\r
\r
/**\r
* Read list.\r
+ * @param sortBy \r
*\r
* @param pageSize the page size\r
* @param pageNumber the page number\r
@Produces({"application/xml"})\r
ClientResponse<AbstractCommonList> readList(\r
@QueryParam(IClientQueryParams.SORT_BY_PARAM) String sortBy,\r
- @QueryParam(IClientQueryParams.PAGE_SIZE_PARAM) String pageSize,\r
- @QueryParam(IClientQueryParams.START_PAGE_PARAM) String pageNumber);\r
+ @QueryParam(IClientQueryParams.PAGE_SIZE_PARAM) Long pageSize,\r
+ @QueryParam(IClientQueryParams.START_PAGE_PARAM) Long pageNumber);\r
}\r
CollectionSpaceClient client, String sortBy,
long pageSize, long pageNumber) throws Exception {
ClientResponse<AbstractCommonList> response =
- client.readList(sortBy, Long.toString(pageSize), Long.toString(pageNumber));
+ client.readList(sortBy, pageSize, pageNumber);
AbstractCommonList result = null;
try {
int statusCode = response.getStatus();
import javax.ws.rs.core.UriInfo;
import javax.ws.rs.core.MultivaluedMap;
+import org.collectionspace.services.common.imaging.nuxeo.NuxeoImageUtils;
import org.collectionspace.services.common.AbstractMultiPartCollectionSpaceResourceImpl;
import org.collectionspace.services.common.authorityref.AuthorityRefList;
import org.collectionspace.services.common.context.ServiceContextFactory;
return result;
}
+
+ @GET
+ @Path("/picture")
+ @Produces("application/xml")
+ public Response createPictureDocument() {
+ Response result = null;
+
+ if (logger.isDebugEnabled()) {
+ logger.debug("------------------------------------------------------------------------------");
+ logger.debug("Prototype to create a Picture document in Nuxeo");
+ logger.debug("------------------------------------------------------------------------------");
+ logger.debug("");
+ }
+
+ NuxeoImageUtils.createPicture();
+ result = Response.status(HttpResponseCodes.SC_OK).build();
+
+ return result;
+ }
/**
* This method is deprecated. Use kwSearchCollectionObjects() method instead.
<scope>provided</scope>\r
</dependency>\r
<!-- nuxeo -->\r
+ <dependency>\r
+ <groupId>org.nuxeo.ecm.platform</groupId>\r
+ <artifactId>nuxeo-platform-imaging-api</artifactId>\r
+ <version>${nuxeo.version.5.2}</version>\r
+ </dependency>\r
<dependency>\r
<groupId>org.nuxeo.common</groupId>\r
<artifactId>nuxeo-common</artifactId>\r
String s = new String(buff);
logger.debug(s);
- System.out.println(s); //FIXME: REM - Remove this when we figure out why the logger.debug() call is not working.
//
// Essentially, reset the stream and return it in its original state
//
return result;
}
+ /**
+ * Gets the xML schema.
+ *
+ * @param partMeta the part meta
+ * @return the xML schema
+ * @throws Exception the exception
+ */
+ private static File getXMLSchema(ObjectPartType partMeta)
+ throws Exception {
+ final String FILE_SEPARATOR = System.getProperty("file.separator");
+ final String XML_SCHEMA_EXTENSION = ".xsd";
+ final String SCHEMAS_DIR = "schemas";
+
+ File schemaFile = null;
+
+ //
+ // Look for an XML Schema (.xsd) file for the incoming part payload
+ //
+ String serverRoot = ServiceMain.getInstance().getServerRootDir();
+ String schemasDir = serverRoot + FILE_SEPARATOR +
+ SCHEMAS_DIR + FILE_SEPARATOR;
+ //
+ // Send a warning to the log file if the XML Schema file is missing
+ //
+ String schemaName = schemasDir + partMeta.getLabel() + XML_SCHEMA_EXTENSION;
+ try {
+ schemaFile = new File(schemaName);
+ } catch (Exception e) {
+ if (logger.isWarnEnabled() == true) {
+ logger.warn("Missing schema file for incoming payload: " + schemaName);
+ }
+ }
+
+ return schemaFile;
+ }
+
/**
* parseProperties given payload to create XML document. this
* method also closes given stream after parsing.
* @param payload stream
* @param partMeta
+ * @param validate - whether or not to validate the payload with an XML Schema
* @return parsed Document
* @throws Exception
*/
- public static Document parseDocument(InputStream payload, ObjectPartType partMeta)
+ public static Document parseDocument(InputStream payload, ObjectPartType partMeta, Boolean validate)
throws Exception {
- final String FILE_SEPARATOR = System.getProperty("file.separator");
- final String XML_SCHEMA_EXTENSION = ".xsd";
- final String SCHEMAS_DIR = "schemas";
final String JAXP_SCHEMA_SOURCE =
"http://java.sun.com/xml/jaxp/properties/schemaSource";
final String JAXP_SCHEMA_LANGUAGE =
payload = logByteArrayInputStream((ByteArrayInputStream)payload);
}
}
- //
- // Look for an XML Schema (.xsd) file for the incoming part payload
- //
- String serverRoot = ServiceMain.getInstance().getServerRootDir();
- String schemasDir = serverRoot + FILE_SEPARATOR +
- SCHEMAS_DIR + FILE_SEPARATOR;
- //
- // Send a warning to the log file if the XML Schema file is missing
- //
- String schemaName = schemasDir + partMeta.getLabel() + XML_SCHEMA_EXTENSION;
+
File schemaFile = null;
- try {
- schemaFile = new File(schemaName);
- } catch (Exception e) {
- if (logger.isWarnEnabled() == true) {
- logger.warn("Missing schema file for incoming payload: " + schemaName);
- }
+ if (validate == true) {
+ schemaFile = getXMLSchema(partMeta);
}
//
factory.setIgnoringComments(true);
factory.setIgnoringElementContentWhitespace(true);
//
- // Enable XML validation
+ // Enable XML validation if we found an XML Schema for the payload
//
- factory.setNamespaceAware(true);
- factory.setValidating(true);
try {
- factory.setAttribute(JAXP_SCHEMA_LANGUAGE, W3C_XML_SCHEMA);
if (schemaFile != null) {
+ factory.setValidating(true);
+ factory.setNamespaceAware(true);
+ factory.setAttribute(JAXP_SCHEMA_LANGUAGE, W3C_XML_SCHEMA);
factory.setAttribute(JAXP_SCHEMA_SOURCE, schemaFile);
}
} catch (IllegalArgumentException e) {
root.setAttribute("xsi:schemaLocation", xc.getSchemaLocation());
root.setAttribute("xmlns:" + ns, xc.getNamespaceURI());
document.appendChild(root);
-
+
SchemaManager schemaManager = Framework.getLocalService(SchemaManager.class);
Schema schema = schemaManager.getSchema(partMeta.getLabel());
-
+
buildDocument(document, root, objectProps, schema);
return document;
private static void buildProperty(Document document, Element parent,
Field field, Object value) throws IOException {
Type type = field.getType();
- //no need to qualify each element name as namespace is already added
+ //no need to qualify each element name as namespace is already added
String propName = field.getName().getLocalName();
Element element = document.createElement(propName);
parent.appendChild(element);
if (ctype.getName().equals(TypeConstants.CONTENT)) {
throw new RuntimeException(
"Unexpected schema type: BLOB for field: "+propName);
- } else {
+ } else {
buildComplex(document, element, ctype, (Map) value);
- }
+ }
} else if (type.isListType()) {
if (value instanceof List) {
buildList(document, element, (ListType) type, (List) value);
throw new IllegalArgumentException(
"A value of list type is neither list neither array: "
+ value);
- }
- }
+ }
+ }
}
-
+
private static void buildComplex(Document document, Element element,
ComplexType ctype, Map map) throws IOException {
Iterator<Map.Entry> it = map.entrySet().iterator();
package org.collectionspace.services.common.security;
import java.util.HashMap;
+import java.util.List;
+
import org.jboss.resteasy.core.ResourceMethod;
import org.jboss.resteasy.core.ServerResponse;
import org.jboss.resteasy.spi.interception.PreProcessInterceptor;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.MultivaluedMap;
+import javax.ws.rs.core.PathSegment;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import javax.ws.rs.ext.Provider;
import org.collectionspace.services.authorization.URIResourceImpl;
import org.collectionspace.services.common.document.JaxbUtils;
import org.collectionspace.services.common.storage.jpa.JpaStorageUtils;
+import org.collectionspace.services.common.security.SecurityUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@Provider
public class SecurityInterceptor implements PreProcessInterceptor {
- private static final Logger logger = LoggerFactory.getLogger(SecurityInterceptor.class);
-
- @Override
- public ServerResponse preProcess(HttpRequest request, ResourceMethod method)
- throws Failure, WebApplicationException {
- String httpMethod = request.getHttpMethod();
- String uriPath = request.getUri().getPath();
- if (logger.isDebugEnabled()) {
- logger.debug("received " + httpMethod + " on " + uriPath);
- }
- String resName = getResourceName(request.getUri());
- checkActive();
- AuthZ authZ = AuthZ.get();
- CSpaceResource res = new URIResourceImpl(resName, httpMethod);
- if (!authZ.isAccessAllowed(res)) {
- logger.error("Access to " + res.getId() + " is NOT allowed to "
- + " user=" + AuthN.get().getUserId());
- Response response = Response.status(
- Response.Status.FORBIDDEN).entity(uriPath + " " + httpMethod).type("text/plain").build();
- throw new WebApplicationException(response);
- }
- if (logger.isDebugEnabled()) {
- logger.debug("Access to " + res.getId() + " is allowed to "
- + " user=" + AuthN.get().getUserId() +
- " for tenant id=" + AuthN.get().getCurrentTenantName());
- }
- return null;
- }
-
- /**
- * checkActive check if account is active
- * @throws WebApplicationException
- */
- private void checkActive() throws WebApplicationException {
- String userId = AuthN.get().getUserId();
- String tenantId = AuthN.get().getCurrentTenantId();
- try {
- //can't use JAXB here as this runs from the common jar which cannot
- //depend upon the account service
- String whereClause = "where userId = :userId";
- HashMap<String, Object> params = new HashMap<String, Object>();
- params.put("userId", userId);
-
- Object account = JpaStorageUtils.getEntity(
- "org.collectionspace.services.account.AccountsCommon", whereClause, params);
- if (account == null) {
- String msg = "User's account not found, userId=" + userId;
- Response response = Response.status(
- Response.Status.FORBIDDEN).entity(msg).type("text/plain").build();
- throw new WebApplicationException(response);
- }
- Object status = JaxbUtils.getValue(account, "getStatus");
- if (status != null) {
- String value = (String) JaxbUtils.getValue(status, "value");
- if ("INACTIVE".equalsIgnoreCase(value)) {
- String msg = "User's account is inactive, userId=" + userId;
- Response response = Response.status(
- Response.Status.FORBIDDEN).entity(msg).type("text/plain").build();
- throw new WebApplicationException(response);
- }
- }
-
- } catch (Exception e) {
- String msg = "User's account is in invalid state, userId=" + userId;
- Response response = Response.status(
- Response.Status.FORBIDDEN).entity(msg).type("text/plain").build();
- throw new WebApplicationException(response);
- }
- }
-
- private String getResourceName(UriInfo uriInfo) {
- String uriPath = uriInfo.getPath();
- MultivaluedMap<String, String> pathParams = uriInfo.getPathParameters();
- for (String pathParamName : pathParams.keySet()) {
- //assumption : path params for csid for any entity has substring csid in name
- String pathParamValue = pathParams.get(pathParamName).get(0);
- if ((pathParamName.toLowerCase().indexOf("csid") > -1)) {
- //replace csids with wildcard
- uriPath = uriPath.replace(pathParamValue, "*");
- }
- if ((pathParamName.toLowerCase().indexOf("predicate") > -1)) {
- //replace csids with wildcard
- uriPath = uriPath.replace(pathParamValue, "*");
- }
- if (pathParamName.toLowerCase().indexOf("specifier") > -1) {
- //replace name and specifiers with wildcard
- uriPath = uriPath.replace("urn:cspace:name(" + pathParamValue
- + ")", "*");
- }
- }
- uriPath = uriPath.replace("//", "/");
- return uriPath;
- }
+ /** The Constant logger. */
+ private static final Logger logger = LoggerFactory.getLogger(SecurityInterceptor.class);
+
+ /* (non-Javadoc)
+ * @see org.jboss.resteasy.spi.interception.PreProcessInterceptor#preProcess(org.jboss.resteasy.spi.HttpRequest, org.jboss.resteasy.core.ResourceMethod)
+ */
+ @Override
+ public ServerResponse preProcess(HttpRequest request, ResourceMethod method)
+ throws Failure, WebApplicationException {
+ String httpMethod = request.getHttpMethod();
+ String uriPath = request.getUri().getPath();
+ if (logger.isDebugEnabled()) {
+ logger.debug("received " + httpMethod + " on " + uriPath);
+ }
+ String resName = getResourceName(request.getUri());
+ String resEntity = SecurityUtils.getResourceEntity(resName);
+
+ //
+ // If the resource entity is acting as a proxy then all sub-resource will map to the resource itself.
+ // This essentially means that the sub-resource inherit all the authz permissions of the entity.
+ //
+ if (SecurityUtils.isEntityProxy() == true) {
+ resName = resEntity;
+ }
+
+ checkActive();
+ AuthZ authZ = AuthZ.get();
+ CSpaceResource res = new URIResourceImpl(resName, httpMethod);
+ if (!authZ.isAccessAllowed(res)) {
+ logger.error("Access to " + res.getId() + " is NOT allowed to "
+ + " user=" + AuthN.get().getUserId());
+ Response response = Response.status(
+ Response.Status.FORBIDDEN).entity(uriPath + " " + httpMethod).type("text/plain").build();
+ throw new WebApplicationException(response);
+ }
+ if (logger.isDebugEnabled()) {
+ logger.debug("Access to " + res.getId() + " is allowed to "
+ + " user=" + AuthN.get().getUserId() +
+ " for tenant id=" + AuthN.get().getCurrentTenantName());
+ }
+ return null;
+ }
+
+ /**
+ * checkActive check if account is active
+ * @throws WebApplicationException
+ */
+ private void checkActive() throws WebApplicationException {
+ String userId = AuthN.get().getUserId();
+ String tenantId = AuthN.get().getCurrentTenantId();
+ try {
+ //can't use JAXB here as this runs from the common jar which cannot
+ //depend upon the account service
+ String whereClause = "where userId = :userId";
+ HashMap<String, Object> params = new HashMap<String, Object>();
+ params.put("userId", userId);
+
+ Object account = JpaStorageUtils.getEntity(
+ "org.collectionspace.services.account.AccountsCommon", whereClause, params);
+ if (account == null) {
+ String msg = "User's account not found, userId=" + userId;
+ Response response = Response.status(
+ Response.Status.FORBIDDEN).entity(msg).type("text/plain").build();
+ throw new WebApplicationException(response);
+ }
+ Object status = JaxbUtils.getValue(account, "getStatus");
+ if (status != null) {
+ String value = (String) JaxbUtils.getValue(status, "value");
+ if ("INACTIVE".equalsIgnoreCase(value)) {
+ String msg = "User's account is inactive, userId=" + userId;
+ Response response = Response.status(
+ Response.Status.FORBIDDEN).entity(msg).type("text/plain").build();
+ throw new WebApplicationException(response);
+ }
+ }
+
+ } catch (Exception e) {
+ String msg = "User's account is in invalid state, userId=" + userId;
+ Response response = Response.status(
+ Response.Status.FORBIDDEN).entity(msg).type("text/plain").build();
+ throw new WebApplicationException(response);
+ }
+ }
+
+ /**
+ * Gets the resource name.
+ *
+ * @param uriInfo the uri info
+ * @return the resource name
+ */
+ private String getResourceName(UriInfo uriInfo) {
+ String uriPath = uriInfo.getPath();
+
+ MultivaluedMap<String, String> pathParams = uriInfo.getPathParameters();
+ for (String pathParamName : pathParams.keySet()) {
+ //assumption : path params for csid for any entity has substring csid in name
+ String pathParamValue = pathParams.get(pathParamName).get(0);
+ if ((pathParamName.toLowerCase().indexOf("csid") > -1)) {
+ //replace csids with wildcard
+ uriPath = uriPath.replace(pathParamValue, "*");
+ }
+ if ((pathParamName.toLowerCase().indexOf("predicate") > -1)) {
+ //replace csids with wildcard
+ uriPath = uriPath.replace(pathParamValue, "*");
+ }
+ if (pathParamName.toLowerCase().indexOf("specifier") > -1) {
+ //replace name and specifiers with wildcard
+ uriPath = uriPath.replace("urn:cspace:name(" + pathParamValue
+ + ")", "*");
+ }
+ }
+ uriPath = uriPath.replace("//", "/");
+ return uriPath;
+ }
}
*/
package org.collectionspace.services.common.security;
+import java.util.List;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.StringTokenizer;
+
+import javax.ws.rs.core.PathSegment;
+import javax.ws.rs.core.UriInfo;
+
import org.collectionspace.authentication.AuthN;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class SecurityUtils {
private static final Logger logger = LoggerFactory.getLogger(SecurityUtils.class);
+ public static final String URI_PATH_SEPARATOR = "/";
/**
* createPasswordHash creates password has using configured digest algorithm
}
}
+ /**
+ * Gets the resource name.
+ *
+ * @param uriInfo the uri info
+ * @return the resource name
+ */
+ public static String getResourceEntity(UriInfo uriInfo) {
+ String result = null;
+
+ result = getResourceEntity(uriInfo.getPath());
+// List<PathSegment> pathSegmentList = uriInfo.getPathSegments();
+// if (pathSegmentList.isEmpty() == false) {
+// result = pathSegmentList.get(0).getPath();
+// }
+
+ return result;
+ }
+
+ /**
+ * Gets the resource entity by returning the first segment of the resource path
+ *
+ * @param relativePath the relative path
+ * @return the resource entity
+ * @throws URISyntaxException the uRI syntax exception
+ */
+ public static String getResourceEntity(String relativePath)
+ {
+ String result = "";
+
+ StringTokenizer strTok = new StringTokenizer(relativePath, URI_PATH_SEPARATOR);
+ String pathSegment = null;
+ while (strTok.hasMoreTokens() == true) {
+ pathSegment = strTok.nextToken();
+ if (pathSegment.equals("*") == true) {
+ //
+ // leave the loop if we hit a wildcard character
+ //
+ break;
+ }
+ if (result.length() > 0) {
+ result = result.concat(URI_PATH_SEPARATOR);
+ }
+ result = result.concat(pathSegment);
+ }
+
+ return result;
+ }
+
+ /**
+ * Checks if is entity is action as a proxy for all sub-resources.
+ *
+ * @return true, if is entity proxy is acting as a proxy for all sub-resources
+ */
+ public static final boolean isEntityProxy() {
+ //
+ // should be getting this information from the cspace config settings (tenent bindings file).
+ return true;
+ }
+
+
/**
* isCSpaceAdmin check if authenticated user is a CSpace administrator
* @param tenantId
//check if this is an xml part
if(part.getMediaType().equals(MediaType.APPLICATION_XML_TYPE)){
if(payload != null){
- Document document = DocumentUtils.parseDocument(payload, partMeta);
+ Document document = DocumentUtils.parseDocument(payload, partMeta,
+ false /*don't validate*/);
//TODO: callback to handler if registered to validate the
//document
Map<String, Object> objectProps = DocumentUtils.parseProperties(document.getFirstChild());
// and then check that here, so skip other parts.\r
if(part.getMediaType().equals(MediaType.APPLICATION_XML_TYPE)){\r
if(payload != null){\r
- Document document = DocumentUtils.parseDocument(payload, partMeta);\r
+ Document document = DocumentUtils.parseDocument(payload, partMeta,\r
+ false /*don't validate*/);\r
//TODO: callback to handler if registered to validate the\r
//document\r
Map<String, Object> objectProps = DocumentUtils.parseProperties(document.getFirstChild());\r
<?xml version="1.0" encoding="UTF-8"?>\r
<classpath>\r
<classpathentry kind="src" output="target/classes" path="src/main/java"/>\r
+ <classpathentry kind="src" path="target/generated-sources/xjc"/>\r
<classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources"/>\r
<classpathentry kind="src" output="target/test-classes" path="src/test/java"/>\r
<classpathentry excluding="**" kind="src" output="target/test-classes" path="src/test/resources"/>\r
<artifactId>org.collectionspace.services.client</artifactId>\r
<version>${project.version}</version>\r
</dependency>\r
+ <dependency>\r
+ <groupId>org.collectionspace.services</groupId>\r
+ <artifactId>org.collectionspace.services.common</artifactId>\r
+ <optional>true</optional>\r
+ <version>${project.version}</version>\r
+ </dependency> \r
<!-- External dependencies -->\r
<dependency>\r
<groupId>org.testng</groupId>\r
}
/**
- * Read list_ spo.
+ * Read list.
*
* @param subjectCsid the subject csid
* @param predicate the predicate
* @param objectCsid the object csid
* @return the client response
*/
- public ClientResponse<RelationsCommonList> readList_SPO(String subjectCsid,
- String predicate, String objectCsid) {
- return relationProxy.readList_SPO(subjectCsid, predicate, objectCsid);
+ public ClientResponse<RelationsCommonList> readList(String subjectCsid,
+ String predicate,
+ String objectCsid) {
+ return relationProxy.readList(subjectCsid, predicate, objectCsid);
}
+// /**
+// * Read list_ spo.
+// *
+// * @param subjectCsid the subject csid
+// * @param predicate the predicate
+// * @param objectCsid the object csid
+// * @return the client response
+// */
+// @Deprecated
+// public ClientResponse<RelationsCommonList> readList_SPO(String subjectCsid,
+// String predicate, String objectCsid) {
+// return relationProxy.readList_SP0(subjectCsid, predicate, objectCsid);
+// }
+
/**
* Read.
*
import javax.ws.rs.core.Response;
import org.collectionspace.services.relation.RelationsCommonList;
+import org.collectionspace.services.common.relation.IRelationsManager;
+
import org.jboss.resteasy.client.ClientResponse;
import org.jboss.resteasy.plugins.providers.multipart.MultipartInput;
import org.jboss.resteasy.plugins.providers.multipart.MultipartOutput;
+import javax.ws.rs.QueryParam;
/**
* @version $Revision:$
@GET
@Produces({"application/xml"})
ClientResponse<RelationsCommonList> readList();
-
+
@GET
@Produces({"application/xml"})
- @Path("subject/{subjectCsid}/type/{predicate}/object/{objectCsid}")
- ClientResponse<RelationsCommonList> readList_SPO(@PathParam("subjectCsid") String subjectCsid,
- @PathParam("predicate") String predicate,
- @PathParam("objectCsid") String objectCsid);
+ ClientResponse<RelationsCommonList> readList(
+ @QueryParam(IRelationsManager.SUBJECT_QP) String subjectCsid,
+ @QueryParam(IRelationsManager.PREDICATE_QP) String predicate,
+ @QueryParam(IRelationsManager.OBJECT_QP) String objectCsid);
+
+// @GET
+// @Produces({"application/xml"})
+// @Path("subject/{subjectCsid}/type/{predicate}/object/{objectCsid}")
+// @Deprecated
+// ClientResponse<RelationsCommonList> readList_SPO(
+// @PathParam("subjectCsid") String subjectCsid,
+// @PathParam("predicate") String predicate,
+// @PathParam("objectCsid") String objectCsid);
//(C)reate
@POST
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.PathParam;
+import javax.ws.rs.QueryParam;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.UriInfo;
import org.collectionspace.services.common.query.IQueryManager;
+import org.collectionspace.services.common.relation.IRelationsManager;
import org.collectionspace.services.common.relation.nuxeo.RelationsUtils;
import org.collectionspace.services.common.AbstractMultiPartCollectionSpaceResourceImpl;
import org.collectionspace.services.common.context.ServiceContext;
* Gets the relation list.
*
* @param ui the ui
+ * @param subjectCsid
+ * @param predicate
+ * @param objectCsid
*
* @return the relation list
*/
@GET
@Produces("application/xml")
- public RelationsCommonList getRelationList(@Context UriInfo ui) {
+ public RelationsCommonList getRelationList(@Context UriInfo ui,
+ @QueryParam(IRelationsManager.SUBJECT_QP) String subjectCsid,
+ @QueryParam(IRelationsManager.PREDICATE_QP) String predicate,
+ @QueryParam(IRelationsManager.OBJECT_QP) String objectCsid) {
MultivaluedMap<String, String> queryParams = ui.getQueryParameters();
- return this.getRelationList(queryParams, null, null, null);
+ return this.getRelationList(queryParams, subjectCsid, predicate, objectCsid);
}
/**
RelationsCommonList relationList = new RelationsCommonList();
try {
ServiceContext<MultipartInput, MultipartOutput> ctx = createServiceContext(queryParams);
- DocumentHandler handler = createDocumentHandler(ctx);
+ DocumentHandler handler = createDocumentHandler(ctx);
String relationClause = RelationsUtils.buildWhereClause(subjectCsid, predicate, objectCsid);
handler.getDocumentFilter().appendWhereClause(relationClause, IQueryManager.SEARCH_QUALIFIER_AND);
getRepositoryClient(ctx).getFiltered(ctx, handler);
projects / tmp / jakarta-migration.git / commitdiff