From: Richard Millet <richard.millet@berkeley.edu>
Date: Wed, 3 Nov 2010 21:44:33 +0000 (+0000)
Subject: CSPACE-3150: Spring OID now has a mapping entry in our (CSpace) permission administra... 
X-Git-Url: https://git.aero2k.de/?a=commitdiff_plain;h=3bd4e82ddaa89d1fddd87df6670adc93d1ced177;p=tmp%2Fjakarta-migration.git

CSPACE-3150: Spring OID now has a mapping entry in our (CSpace) permission administration tables for clarity and debugging purposes.
---

diff --git a/services/authorization-mgt/import/src/main/java/org/collectionspace/services/authorization/importer/AuthorizationGen.java b/services/authorization-mgt/import/src/main/java/org/collectionspace/services/authorization/importer/AuthorizationGen.java
index bf4a385c1..c10f290f3 100644
--- a/services/authorization-mgt/import/src/main/java/org/collectionspace/services/authorization/importer/AuthorizationGen.java
+++ b/services/authorization-mgt/import/src/main/java/org/collectionspace/services/authorization/importer/AuthorizationGen.java
@@ -37,6 +37,7 @@ import org.collectionspace.services.authorization.ActionType;
 import org.collectionspace.services.authorization.Permission;
 import org.collectionspace.services.authorization.EffectType;
 import org.collectionspace.services.authorization.PermissionAction;
+import org.collectionspace.services.authorization.PermissionActionUtil;
 import org.collectionspace.services.authorization.PermissionRole;
 import org.collectionspace.services.authorization.PermissionValue;
 import org.collectionspace.services.authorization.PermissionsList;
@@ -154,21 +155,20 @@ public class AuthorizationGen {
         ArrayList<PermissionAction> pas = new ArrayList<PermissionAction>();
         perm.setActions(pas);
 
-        PermissionAction pa = new PermissionAction();
-        pa.setName(ActionType.CREATE);
-        pas.add(pa);
-        PermissionAction pa1 = new PermissionAction();
-        pa1.setName(ActionType.READ);
-        pas.add(pa1);
-        PermissionAction pa2 = new PermissionAction();
-        pa2.setName(ActionType.UPDATE);
-        pas.add(pa2);
-        PermissionAction pa3 = new PermissionAction();
-        pa3.setName(ActionType.DELETE);
-        pas.add(pa3);
-        PermissionAction pa4 = new PermissionAction();
-        pa4.setName(ActionType.SEARCH);
-        pas.add(pa4);
+        PermissionAction permAction = PermissionActionUtil.create(perm, ActionType.CREATE);
+        pas.add(permAction);
+        
+        permAction = PermissionActionUtil.create(perm, ActionType.READ);
+        pas.add(permAction);
+        
+        permAction = PermissionActionUtil.create(perm, ActionType.UPDATE);
+        pas.add(permAction);
+        
+        permAction = PermissionActionUtil.create(perm, ActionType.DELETE);
+        pas.add(permAction);
+        
+        permAction = PermissionActionUtil.create(perm, ActionType.SEARCH);
+        pas.add(permAction);
         
         return perm;
     }
@@ -220,13 +220,12 @@ public class AuthorizationGen {
         ArrayList<PermissionAction> pas = new ArrayList<PermissionAction>();
         perm.setActions(pas);
 
-        PermissionAction pa1 = new PermissionAction();
-        pa1.setName(ActionType.READ);
-        pas.add(pa1);
+        PermissionAction permAction = PermissionActionUtil.create(perm, ActionType.READ);
+        pas.add(permAction);
+
+        permAction = PermissionActionUtil.create(perm, ActionType.SEARCH);
+        pas.add(permAction);
 
-        PermissionAction pa4 = new PermissionAction();
-        pa4.setName(ActionType.SEARCH);
-        pas.add(pa4);
         return perm;
     }
 
@@ -257,7 +256,6 @@ public class AuthorizationGen {
 
             Role rrole = buildTenantReaderRole(tenantId);
             readerRoles.add(rrole);
-
         }
     }
 
diff --git a/services/authorization-mgt/import/src/main/java/org/collectionspace/services/authorization/importer/AuthorizationSeed.java b/services/authorization-mgt/import/src/main/java/org/collectionspace/services/authorization/importer/AuthorizationSeed.java
index 895b1162b..fee4fa997 100644
--- a/services/authorization-mgt/import/src/main/java/org/collectionspace/services/authorization/importer/AuthorizationSeed.java
+++ b/services/authorization-mgt/import/src/main/java/org/collectionspace/services/authorization/importer/AuthorizationSeed.java
@@ -116,7 +116,7 @@ public class AuthorizationSeed {
         }
         List<PermissionAction> permActions = perm.getActions();
         for (PermissionAction permAction : permActions) {
-            CSpaceAction action = getAction(permAction.getName());
+            CSpaceAction action = URIResourceImpl.getAction(permAction.getName());
             URIResourceImpl uriRes = new URIResourceImpl(perm.getTenantId(),
                     perm.getResourceName(), action);
             boolean grant = perm.getEffect().equals(EffectType.PERMIT) ? true : false;
@@ -129,7 +129,7 @@ public class AuthorizationSeed {
      * given ActionType
      * @param action
      * @return
-     */
+     *
     private CSpaceAction getAction(ActionType action) {
         if (ActionType.CREATE.equals(action)) {
             return CSpaceAction.CREATE;
@@ -150,6 +150,7 @@ public class AuthorizationSeed {
         }
         throw new IllegalArgumentException("action = " + action.toString());
     }
+    */
 
     static Object fromFile(Class jaxbClass, String fileName) throws Exception {
         InputStream is = new FileInputStream(fileName);
diff --git a/services/authorization-mgt/service/build.xml b/services/authorization-mgt/service/build.xml
index 11b3ee137..5584b08fe 100644
--- a/services/authorization-mgt/service/build.xml
+++ b/services/authorization-mgt/service/build.xml
@@ -10,7 +10,7 @@
     <property file="${services.trunk}/build.properties" />
     <property name="mvn.opts" value="" />
     <property name="src" location="src"/>
-    <property name="authorization.jar" value="cspace-services-authz.jar"/>
+    <property name="authorization.jar" value="collectionspace-services-authz-mgt.jar"/>
     <condition property="osfamily-unix">
         <os family="unix" />
     </condition>
@@ -109,6 +109,7 @@
         </exec>
     </target>
 
+<!--
     <target name="deploy" depends="install"
             description="deploy authorization service in ${jboss.server.cspace}">
         <copy file="${basedir}/target/${authorization.jar}" todir="${jboss.server.cspace}/lib"/>
@@ -120,6 +121,7 @@
         <delete file="${jboss.server.cspace}/lib/${authorization.jar}"/>
         <echo message="Check out authorization Service Configuration Guide on wiki.collectionspace.org for more details"/>
     </target>
+-->    
 
     <target name="dist"
             description="generate distribution for authorization service" depends="package">
diff --git a/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/PermissionDocumentHandler.java b/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/PermissionDocumentHandler.java
index 94d9e03a6..29503a36a 100644
--- a/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/PermissionDocumentHandler.java
+++ b/services/authorization-mgt/service/src/main/java/org/collectionspace/services/authorization/storage/PermissionDocumentHandler.java
@@ -29,10 +29,16 @@ import java.util.UUID;
 
 import org.collectionspace.services.authorization.AccountRole;
 import org.collectionspace.services.authorization.AccountRoleRel;
+import org.collectionspace.services.authorization.ActionType;
+import org.collectionspace.services.authorization.AuthZ;
+import org.collectionspace.services.authorization.CSpaceAction;
+import org.collectionspace.services.authorization.EffectType;
 import org.collectionspace.services.authorization.Permission;
 import org.collectionspace.services.authorization.PermissionAction;
+import org.collectionspace.services.authorization.PermissionActionUtil;
 import org.collectionspace.services.authorization.PermissionsList;
 import org.collectionspace.services.authorization.PermissionsRolesList;
+import org.collectionspace.services.authorization.URIResourceImpl;
 
 import org.collectionspace.services.common.document.AbstractDocumentHandlerImpl;
 import org.collectionspace.services.common.document.BadRequestException;
@@ -54,6 +60,54 @@ public class PermissionDocumentHandler
     private final Logger logger = LoggerFactory.getLogger(PermissionDocumentHandler.class);
     private Permission permission;
     private PermissionsList permissionsList;
+    
+    public CSpaceAction getAction(ActionType action) {
+    	System.out.println("Hello, world? " + action.name());
+    	System.out.println("Hello, world? " + ActionType.CREATE.name());
+    	
+    	try {
+        if (ActionType.CREATE.name().equals(action.name())) {
+            return CSpaceAction.CREATE;
+        } else if (ActionType.READ.equals(action)) {
+            return CSpaceAction.READ;
+        } else if (ActionType.UPDATE.equals(action)) {
+            return CSpaceAction.UPDATE;
+        } else if (ActionType.DELETE.equals(action)) {
+            return CSpaceAction.DELETE;
+        } else if (ActionType.SEARCH.equals(action)) {
+            return CSpaceAction.SEARCH;
+        } else if (ActionType.ADMIN.equals(action)) {
+            return CSpaceAction.ADMIN;
+        } else if (ActionType.START.equals(action)) {
+            return CSpaceAction.START;
+        } else if (ActionType.STOP.equals(action)) {
+            return CSpaceAction.STOP;
+        }
+    	} catch (Exception x) {
+    		x.printStackTrace();
+    	}
+        throw new IllegalArgumentException("action = " + action.toString());
+    }
+    
+    /*
+     * Add the ACE hashed ID to the permission action so we can map the permission to the Spring Security
+     * tables.
+     */
+    private void handlePermissionActions(Permission perm) {
+    	//FIXME: REM - Having Java class loader issues with ActionType class.  Not sure of the cause.
+    	try {
+	        List<PermissionAction> permActions = perm.getActions();
+	        for (PermissionAction permAction : permActions) {
+	            CSpaceAction action = getAction(permAction.getName());
+	            URIResourceImpl uriRes = new URIResourceImpl(perm.getTenantId(),
+	                    perm.getResourceName(), action);
+	            permAction.setObjectIdentity(uriRes.getHashedId().toString());
+	            //PermissionActionUtil.update(perm, permAction);
+	        }
+    	} catch (Exception x) {
+    		x.printStackTrace();
+    	}
+    }
 
     @Override
     public void handleCreate(DocumentWrapper<Permission> wrapDoc) throws Exception {
@@ -61,6 +115,7 @@ public class PermissionDocumentHandler
         Permission permission = wrapDoc.getWrappedObject();
         permission.setCsid(id);
         setTenant(permission);
+        handlePermissionActions(permission);
     }
 
     @Override
@@ -105,6 +160,7 @@ public class PermissionDocumentHandler
             logger.debug("merged permission=" + JaxbUtils.toString(to, Permission.class));
         }
 
+        handlePermissionActions(to);
         return to;
     }
 
diff --git a/services/authorization/jaxb/src/main/resources/permissions.xsd b/services/authorization/jaxb/src/main/resources/permissions.xsd
index 0107371e4..097cea7c5 100644
--- a/services/authorization/jaxb/src/main/resources/permissions.xsd
+++ b/services/authorization/jaxb/src/main/resources/permissions.xsd
@@ -170,6 +170,15 @@
                     </xs:appinfo>
                 </xs:annotation>
             </xs:element>
+            <xs:element name="objectIdentity" type="xs:string" minOccurs="1">
+                <xs:annotation>
+                    <xs:appinfo>
+                        <hj:basic>
+                            <orm:column name="objectIdentity" length="128" nullable="false"/>
+                        </hj:basic>
+                    </xs:appinfo>
+                </xs:annotation>
+            </xs:element>
         </xs:sequence>
     </xs:complexType>
 
diff --git a/services/authorization/pstore/src/main/resources/db/mysql/authorization.sql b/services/authorization/pstore/src/main/resources/db/mysql/authorization.sql
index 2683107b1..e878814da 100644
--- a/services/authorization/pstore/src/main/resources/db/mysql/authorization.sql
+++ b/services/authorization/pstore/src/main/resources/db/mysql/authorization.sql
@@ -6,7 +6,7 @@ drop table if exists permissions_roles;
 drop table if exists roles;
 create table accounts_roles (HJID bigint not null auto_increment, account_id varchar(128) not null, created_at datetime not null, role_id varchar(128) not null, role_name varchar(255), screen_name varchar(255), user_id varchar(128) not null, primary key (HJID), unique (account_id, role_id));
 create table permissions (csid varchar(128) not null, action_group varchar(128), attribute_name varchar(128), created_at datetime not null, description varchar(255), effect varchar(32) not null, resource_name varchar(128) not null, tenant_id varchar(128) not null, updated_at datetime, primary key (csid));
-create table permissions_actions (HJID bigint not null auto_increment, name varchar(128) not null, ACTIONS_PERMISSION_CSID varchar(128), primary key (HJID));
+create table permissions_actions (HJID bigint not null auto_increment, name varchar(128) not null, objectIdentity varchar(128) not null, ACTIONS_PERMISSION_CSID varchar(128), primary key (HJID));
 create table permissions_roles (HJID bigint not null auto_increment, actionGroup varchar(255), created_at datetime not null, permission_id varchar(128) not null, permission_resource varchar(255), role_id varchar(128) not null, role_name varchar(255), primary key (HJID), unique (permission_id, role_id));
 create table roles (csid varchar(128) not null, created_at datetime not null, description varchar(255), rolegroup varchar(255), rolename varchar(200) not null, tenant_id varchar(128) not null, updated_at datetime, primary key (csid), unique (rolename, tenant_id));
 alter table permissions_actions add index FK85F82042E2DC84FD (ACTIONS_PERMISSION_CSID), add constraint FK85F82042E2DC84FD foreign key (ACTIONS_PERMISSION_CSID) references permissions (csid);
diff --git a/services/authorization/service/src/main/java/org/collectionspace/services/authorization/CSpaceResource.java b/services/authorization/service/src/main/java/org/collectionspace/services/authorization/CSpaceResource.java
index f9599afd7..34ad61f28 100644
--- a/services/authorization/service/src/main/java/org/collectionspace/services/authorization/CSpaceResource.java
+++ b/services/authorization/service/src/main/java/org/collectionspace/services/authorization/CSpaceResource.java
@@ -44,6 +44,13 @@ public interface CSpaceResource {
      * @return
      */
     public String getId();
+    
+    /**
+     * Gets the hashed id.
+     *
+     * @return the hashed id
+     */
+    public Long getHashedId();
 
     /**
      * getType get type of the resource
diff --git a/services/authorization/service/src/main/java/org/collectionspace/services/authorization/CSpaceResourceImpl.java b/services/authorization/service/src/main/java/org/collectionspace/services/authorization/CSpaceResourceImpl.java
index ac1780fce..f03505800 100644
--- a/services/authorization/service/src/main/java/org/collectionspace/services/authorization/CSpaceResourceImpl.java
+++ b/services/authorization/service/src/main/java/org/collectionspace/services/authorization/CSpaceResourceImpl.java
@@ -87,6 +87,11 @@ public abstract class CSpaceResourceImpl implements CSpaceResource {
         //tenant-qualified id
         return tenantId + SEPARATOR_COLON + id;
     }
+    
+    @Override
+    public Long getHashedId() {
+    	return Long.valueOf(getId().hashCode());
+    }
 
     @Override
     public TYPE getType() {
diff --git a/services/authorization/service/src/main/java/org/collectionspace/services/authorization/PermissionActionUtil.java b/services/authorization/service/src/main/java/org/collectionspace/services/authorization/PermissionActionUtil.java
new file mode 100644
index 000000000..565a3754a
--- /dev/null
+++ b/services/authorization/service/src/main/java/org/collectionspace/services/authorization/PermissionActionUtil.java
@@ -0,0 +1,32 @@
+package org.collectionspace.services.authorization;
+
+import org.collectionspace.services.authorization.PermissionAction;
+import org.collectionspace.services.authorization.ActionType;
+import org.collectionspace.services.authorization.Permission;
+
+public class PermissionActionUtil {
+
+	static public PermissionAction create(Permission perm,
+			ActionType actionType) {
+        PermissionAction pa = new PermissionAction();
+
+	    CSpaceAction action = URIResourceImpl.getAction(actionType);
+	    URIResourceImpl uriRes = new URIResourceImpl(perm.getTenantId(),
+	            perm.getResourceName(), action);
+	    pa.setName(actionType);
+	    pa.setObjectIdentity(uriRes.getHashedId().toString());
+	    
+	    return pa;
+	}
+
+	static public PermissionAction update(Permission perm, PermissionAction permAction) {
+        PermissionAction pa = new PermissionAction();
+
+	    CSpaceAction action = URIResourceImpl.getAction(permAction.getName());
+	    URIResourceImpl uriRes = new URIResourceImpl(perm.getTenantId(),
+	            perm.getResourceName(), action);
+	    pa.setObjectIdentity(uriRes.getHashedId().toString());
+	    
+	    return pa;
+	}
+}
diff --git a/services/authorization/service/src/main/java/org/collectionspace/services/authorization/URIResourceImpl.java b/services/authorization/service/src/main/java/org/collectionspace/services/authorization/URIResourceImpl.java
index c1cb1496b..5996bb755 100644
--- a/services/authorization/service/src/main/java/org/collectionspace/services/authorization/URIResourceImpl.java
+++ b/services/authorization/service/src/main/java/org/collectionspace/services/authorization/URIResourceImpl.java
@@ -121,6 +121,37 @@ public class URIResourceImpl extends CSpaceResourceImpl {
         return uri;
     }
 
+    /*
+     * Map a Permission ActionType to a CSpaceAction
+     */
+    public static CSpaceAction getAction(ActionType action) {
+    	System.out.println("Hello, world? " + action.name());
+    	System.out.println("Hello, world? " + ActionType.CREATE.name());
+    	
+    	try {
+        if (ActionType.CREATE.name().equals(action.name())) {
+            return CSpaceAction.CREATE;
+        } else if (ActionType.READ.equals(action)) {
+            return CSpaceAction.READ;
+        } else if (ActionType.UPDATE.equals(action)) {
+            return CSpaceAction.UPDATE;
+        } else if (ActionType.DELETE.equals(action)) {
+            return CSpaceAction.DELETE;
+        } else if (ActionType.SEARCH.equals(action)) {
+            return CSpaceAction.SEARCH;
+        } else if (ActionType.ADMIN.equals(action)) {
+            return CSpaceAction.ADMIN;
+        } else if (ActionType.START.equals(action)) {
+            return CSpaceAction.START;
+        } else if (ActionType.STOP.equals(action)) {
+            return CSpaceAction.STOP;
+        }
+    	} catch (Exception x) {
+    		x.printStackTrace();
+    	}
+        throw new IllegalArgumentException("action = " + action.toString());
+    }
+    
     /**
      * getAction is a conveneniece method to get action
      * for given HTTP method invoked on the resource
diff --git a/services/authorization/service/src/main/java/org/collectionspace/services/authorization/spring/SpringAuthorizationProvider.java b/services/authorization/service/src/main/java/org/collectionspace/services/authorization/spring/SpringAuthorizationProvider.java
index 20c73ce37..f0dd05a00 100644
--- a/services/authorization/service/src/main/java/org/collectionspace/services/authorization/spring/SpringAuthorizationProvider.java
+++ b/services/authorization/service/src/main/java/org/collectionspace/services/authorization/spring/SpringAuthorizationProvider.java
@@ -113,7 +113,8 @@ public class SpringAuthorizationProvider implements CSpaceAuthorizationProvider
     }
 
     static Long getObjectIdentityIdentifier(CSpaceResource res) {
-        return Long.valueOf(res.getId().hashCode());
+    	return res.getHashedId();
+        //return Long.valueOf(res.getId().hashCode());
     }
 
     static String getObjectIdentityType(CSpaceResource res) {