Skip to content

Commit

Permalink
- Proposal #2: integration of GeoStore with SpringSecurity
Browse files Browse the repository at this point in the history
  • Loading branch information
Alessio Fabiani committed Feb 4, 2014
1 parent d5e90a8 commit 29a4d4a
Show file tree
Hide file tree
Showing 20 changed files with 697 additions and 307 deletions.
4 changes: 4 additions & 0 deletions src/server/modules/rest/api/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,10 @@
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-frontend-jaxrs</artifactId>
</dependency>
<dependency>
<groupId>com.google.code.cxf-spring-security</groupId>
<artifactId>cxf-spring-security</artifactId>
</dependency>

<!-- needed for @RolesAllowed
<dependency>
Expand Down
19 changes: 12 additions & 7 deletions ...ules/rest/api/src/main/java/it/geosolutions/geostore/services/rest/RESTBackupService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,24 +32,25 @@
import it.geosolutions.geostore.services.rest.exception.NotFoundWebEx;
import it.geosolutions.geostore.services.rest.model.RESTQuickBackup;

import javax.annotation.security.RolesAllowed;
import javax.ws.rs.GET;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;

import javax.ws.rs.core.SecurityContext;

import org.apache.cxf.jaxrs.ext.multipart.Multipart;
import org.springframework.security.access.annotation.Secured;

/**
* Backup/restore REST service
*
* @author ETj (etj at geo-solutions.it)
*/
@RolesAllowed({ "ADMIN" })
//@RolesAllowed({ "ADMIN" })
@Secured({ "ROLE_ADMIN" })
public interface RESTBackupService {

/**
Expand All @@ -60,13 +61,15 @@ public interface RESTBackupService {
@GET
@Path("/full")
@Produces({ MediaType.TEXT_PLAIN })
@RolesAllowed({ "ADMIN" })
//@RolesAllowed({ "ADMIN" })
@Secured({ "ROLE_ADMIN" })
String backup(@Context SecurityContext sc);

@PUT
@Path("/full/{token}")
@Produces({ MediaType.TEXT_PLAIN })
@RolesAllowed({ "ADMIN" })
//@RolesAllowed({ "ADMIN" })
@Secured({ "ROLE_ADMIN" })
String restore(@Context SecurityContext sc, @PathParam("token") String token);

/**
Expand All @@ -77,7 +80,8 @@ public interface RESTBackupService {
@GET
@Path("/quick")
@Produces({ MediaType.TEXT_PLAIN, MediaType.TEXT_XML, MediaType.APPLICATION_JSON })
@RolesAllowed({ "ADMIN" })
//@RolesAllowed({ "ADMIN" })
@Secured({ "ROLE_ADMIN" })
RESTQuickBackup quickBackup(@Context SecurityContext sc) throws BadRequestServiceEx;

/**
Expand All @@ -88,7 +92,8 @@ public interface RESTBackupService {
@PUT
@Path("/quick")
@Produces({ MediaType.TEXT_PLAIN, MediaType.TEXT_XML, MediaType.APPLICATION_JSON })
@RolesAllowed({ "ADMIN" })
//@RolesAllowed({ "ADMIN" })
@Secured({ "ROLE_ADMIN" })
String quickRestore(@Context SecurityContext sc, @Multipart("backup") RESTQuickBackup backup)
throws BadRequestServiceEx;

Expand Down
20 changes: 13 additions & 7 deletions ...es/rest/api/src/main/java/it/geosolutions/geostore/services/rest/RESTCategoryService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,6 @@
import it.geosolutions.geostore.services.rest.exception.NotFoundWebEx;
import it.geosolutions.geostore.services.rest.model.CategoryList;

import javax.annotation.security.RolesAllowed;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
Expand All @@ -49,6 +48,7 @@
import javax.ws.rs.core.SecurityContext;

import org.apache.cxf.jaxrs.ext.multipart.Multipart;
import org.springframework.security.access.annotation.Secured;

/**
* Interface RESTCategoryService.
Expand All @@ -68,7 +68,8 @@ public interface RESTCategoryService {
@Path("/")
@Consumes({ MediaType.APPLICATION_XML, MediaType.TEXT_XML })
@Produces({ MediaType.TEXT_PLAIN, MediaType.TEXT_XML, MediaType.APPLICATION_JSON })
@RolesAllowed({ "ADMIN" })
//@RolesAllowed({ "ADMIN" })
@Secured({ "ROLE_ADMIN" })
long insert(@Context SecurityContext sc, @Multipart("category") Category category)
throws BadRequestServiceEx, NotFoundServiceEx;

Expand All @@ -81,7 +82,8 @@ long insert(@Context SecurityContext sc, @Multipart("category") Category categor
@PUT
@Path("/category/{id}")
@Consumes({ MediaType.APPLICATION_XML, MediaType.TEXT_XML })
@RolesAllowed({ "ADMIN" })
//@RolesAllowed({ "ADMIN" })
@Secured({ "ROLE_ADMIN" })
long update(@Context SecurityContext sc, @PathParam("id") long id,
@Multipart("category") Category category) throws NotFoundWebEx;

Expand All @@ -91,7 +93,8 @@ long update(@Context SecurityContext sc, @PathParam("id") long id,
*/
@DELETE
@Path("/category/{id}")
@RolesAllowed({ "ADMIN" })
//@RolesAllowed({ "ADMIN" })
@Secured({ "ROLE_ADMIN" })
void delete(@Context SecurityContext sc, @PathParam("id") long id) throws NotFoundWebEx;

/**
Expand All @@ -102,7 +105,8 @@ long update(@Context SecurityContext sc, @PathParam("id") long id,
@GET
@Path("/category/{id}")
@Produces({ MediaType.TEXT_PLAIN, MediaType.TEXT_XML, MediaType.APPLICATION_JSON })
@RolesAllowed({ "ADMIN", "USER", "GUEST" })
//@RolesAllowed({ "ADMIN", "USER", "GUEST" })
@Secured({ "ROLE_USER", "ROLE_ADMIN", "ROLE_ANONYMOUS" })
Category get(@Context SecurityContext sc, @PathParam("id") long id) throws NotFoundWebEx;

/**
Expand All @@ -113,8 +117,9 @@ long update(@Context SecurityContext sc, @PathParam("id") long id,
*/
@GET
@Path("/")
@RolesAllowed({ "ADMIN", "USER", "GUEST" })
@Produces({ MediaType.TEXT_XML, MediaType.APPLICATION_JSON })
//@RolesAllowed({ "ADMIN", "USER", "GUEST" })
@Secured({ "ROLE_USER", "ROLE_ADMIN", "ROLE_ANONYMOUS" })
CategoryList getAll(@Context SecurityContext sc, @QueryParam("page") Integer page,
@QueryParam("entries") Integer entries) throws BadRequestWebEx;

Expand All @@ -124,7 +129,8 @@ CategoryList getAll(@Context SecurityContext sc, @QueryParam("page") Integer pag
*/
@GET
@Path("/count/{nameLike}")
@RolesAllowed({ "ADMIN", "USER", "GUEST" })
//@RolesAllowed({ "ADMIN", "USER", "GUEST" })
@Secured({ "ROLE_USER", "ROLE_ADMIN", "ROLE_ANONYMOUS" })
long getCount(@Context SecurityContext sc, @PathParam("nameLike") String nameLike);

}
12 changes: 8 additions & 4 deletions ...odules/rest/api/src/main/java/it/geosolutions/geostore/services/rest/RESTMiscService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,6 @@
import it.geosolutions.geostore.services.rest.exception.NotFoundWebEx;
import it.geosolutions.geostore.services.rest.model.ShortResourceList;

import javax.annotation.security.RolesAllowed;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
Expand All @@ -43,6 +42,8 @@
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.SecurityContext;

import org.springframework.security.access.annotation.Secured;

/**
* Interface RESTMiscService. Experimental operations go here.
*
Expand All @@ -54,23 +55,26 @@ public interface RESTMiscService {

@GET
@Path("/category/name/{cname}/resource/name/{rname}/data")
@RolesAllowed({ "ADMIN", "USER", "GUEST" })
//@RolesAllowed({ "ADMIN", "USER", "GUEST" })
@Secured({ "ROLE_USER", "ROLE_ADMIN", "ROLE_ANONYMOUS" })
String getData(@Context SecurityContext sc, @PathParam("cname") String cname,
@PathParam("rname") String rname) throws NotFoundWebEx, ConflictWebEx, BadRequestWebEx,
InternalErrorWebEx;

@GET
@Path("/category/name/{cname}/resource/name/{rname}")
@Produces({ MediaType.TEXT_XML, MediaType.APPLICATION_JSON })
@RolesAllowed({ "ADMIN", "USER", "GUEST" })
//@RolesAllowed({ "ADMIN", "USER", "GUEST" })
@Secured({ "ROLE_USER", "ROLE_ADMIN", "ROLE_ANONYMOUS" })
Resource getResource(@Context SecurityContext sc, @PathParam("cname") String cname,
@PathParam("rname") String rname) throws NotFoundWebEx, ConflictWebEx, BadRequestWebEx,
InternalErrorWebEx;

@GET
@Path("/category/name/{cname}/resources/")
@Produces({ MediaType.TEXT_XML, MediaType.APPLICATION_JSON })
@RolesAllowed({ "ADMIN", "USER", "GUEST" })
//@RolesAllowed({ "ADMIN", "USER", "GUEST" })
@Secured({ "ROLE_USER", "ROLE_ADMIN", "ROLE_ANONYMOUS" })
ShortResourceList getResourcesByCategory(@Context SecurityContext sc,
@PathParam("cname") String cname) throws NotFoundWebEx, ConflictWebEx, BadRequestWebEx,
InternalErrorWebEx;
Expand Down
44 changes: 29 additions & 15 deletions ...es/rest/api/src/main/java/it/geosolutions/geostore/services/rest/RESTResourceService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,6 @@
import it.geosolutions.geostore.services.rest.model.ShortAttributeList;
import it.geosolutions.geostore.services.rest.model.ShortResourceList;

import javax.annotation.security.RolesAllowed;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.DefaultValue;
Expand All @@ -55,14 +54,16 @@
import javax.ws.rs.core.SecurityContext;

import org.apache.cxf.jaxrs.ext.multipart.Multipart;
import org.springframework.security.access.annotation.Secured;

/**
* Interface RESTResourceService.
*
* @author ETj (etj at geo-solutions.it)
* @author Tobia di Pisa (tobia.dipisa at geo-solutions.it)
*/
@RolesAllowed({ "ADMIN" })
//@RolesAllowed({ "ADMIN" })
@Secured({ "ROLE_ADMIN" })
public interface RESTResourceService {

/**
Expand All @@ -75,7 +76,8 @@ public interface RESTResourceService {
@Consumes({ MediaType.APPLICATION_XML, MediaType.TEXT_XML })
// @Produces({MediaType.TEXT_PLAIN, MediaType.TEXT_XML, MediaType.APPLICATION_JSON})
@Produces({ MediaType.TEXT_PLAIN })
@RolesAllowed({ "ADMIN", "USER" })
//@RolesAllowed({ "ADMIN", "USER" })
@Secured({ "ROLE_USER", "ROLE_ADMIN" })
long insert(@Context SecurityContext sc, @Multipart("resource") RESTResource resource)
throws InternalErrorWebEx;

Expand All @@ -89,7 +91,8 @@ long insert(@Context SecurityContext sc, @Multipart("resource") RESTResource res
@PUT
@Path("/resource/{id}")
@Consumes({ MediaType.APPLICATION_XML, MediaType.TEXT_XML })
@RolesAllowed({ "ADMIN", "USER" })
//@RolesAllowed({ "ADMIN", "USER" })
@Secured({ "ROLE_USER", "ROLE_ADMIN" })
long update(@Context SecurityContext sc, @PathParam("id") long id,
@Multipart("resource") RESTResource resource) throws NotFoundWebEx, BadRequestWebEx;

Expand All @@ -100,7 +103,8 @@ long update(@Context SecurityContext sc, @PathParam("id") long id,
*/
@DELETE
@Path("/resource/{id}")
@RolesAllowed({ "ADMIN", "USER" })
//@RolesAllowed({ "ADMIN", "USER" })
@Secured({ "ROLE_USER", "ROLE_ADMIN" })
void delete(@Context SecurityContext sc, @PathParam("id") long id) throws NotFoundWebEx;

/**
Expand All @@ -109,7 +113,8 @@ long update(@Context SecurityContext sc, @PathParam("id") long id,
*/
@DELETE
@Path("/")
@RolesAllowed({ "ADMIN" })
//@RolesAllowed({ "ADMIN" })
@Secured({ "ROLE_ADMIN" })
void deleteResources(@Context SecurityContext sc, @Multipart("filter") SearchFilter filter)
throws BadRequestWebEx, InternalErrorWebEx;

Expand All @@ -121,7 +126,8 @@ void deleteResources(@Context SecurityContext sc, @Multipart("filter") SearchFil
@GET
@Path("/resource/{id}")
@Produces({ MediaType.TEXT_PLAIN, MediaType.TEXT_XML, MediaType.APPLICATION_JSON })
@RolesAllowed({ "ADMIN", "USER", "GUEST" })
//@RolesAllowed({ "ADMIN", "USER", "GUEST" })
@Secured({ "ROLE_USER", "ROLE_ADMIN", "ROLE_ANONYMOUS" })
Resource get(@Context SecurityContext sc, @PathParam("id") long id,
@QueryParam("full") @DefaultValue("false") boolean full)

Expand All @@ -136,7 +142,8 @@ Resource get(@Context SecurityContext sc, @PathParam("id") long id,
@GET
@Path("/")
@Produces({ MediaType.TEXT_PLAIN, MediaType.TEXT_XML, MediaType.APPLICATION_JSON })
@RolesAllowed({ "ADMIN", "USER", "GUEST" })
//@RolesAllowed({ "ADMIN", "USER", "GUEST" })
@Secured({ "ROLE_USER", "ROLE_ADMIN", "ROLE_ANONYMOUS" })
ShortResourceList getAll(@Context SecurityContext sc, @QueryParam("page") Integer page,
@QueryParam("entries") Integer entries) throws BadRequestWebEx;

Expand All @@ -150,7 +157,8 @@ ShortResourceList getAll(@Context SecurityContext sc, @QueryParam("page") Intege
@GET
@Path("/search/{nameLike}")
@Produces({ MediaType.TEXT_PLAIN, MediaType.TEXT_XML, MediaType.APPLICATION_JSON })
@RolesAllowed({ "ADMIN", "USER", "GUEST" })
//@RolesAllowed({ "ADMIN", "USER", "GUEST" })
@Secured({ "ROLE_USER", "ROLE_ADMIN", "ROLE_ANONYMOUS" })
ShortResourceList getList(@Context SecurityContext sc, @PathParam("nameLike") String nameLike,
@QueryParam("page") Integer page, @QueryParam("entries") Integer entries)
throws BadRequestWebEx;
Expand All @@ -164,7 +172,8 @@ ShortResourceList getList(@Context SecurityContext sc, @PathParam("nameLike") St
@Path("/search")
@Produces({ MediaType.TEXT_PLAIN, MediaType.TEXT_XML, MediaType.APPLICATION_JSON })
@Consumes({ MediaType.APPLICATION_XML, MediaType.TEXT_XML })
@RolesAllowed({ "ADMIN", "USER", "GUEST" })
//@RolesAllowed({ "ADMIN", "USER", "GUEST" })
@Secured({ "ROLE_USER", "ROLE_ADMIN", "ROLE_ANONYMOUS" })
@Deprecated
ShortResourceList getResources(@Context SecurityContext sc,
@Multipart("filter") SearchFilter filter) throws BadRequestWebEx, InternalErrorWebEx;
Expand All @@ -185,7 +194,8 @@ ShortResourceList getResources(@Context SecurityContext sc,
@Path("/search/list")
@Produces({ MediaType.TEXT_PLAIN, MediaType.TEXT_XML, MediaType.APPLICATION_JSON })
@Consumes({ MediaType.APPLICATION_XML, MediaType.TEXT_XML })
@RolesAllowed({ "ADMIN", "USER", "GUEST" })
//@RolesAllowed({ "ADMIN", "USER", "GUEST" })
@Secured({ "ROLE_USER", "ROLE_ADMIN", "ROLE_ANONYMOUS" })
ResourceList getResourcesList(@Context SecurityContext sc, @QueryParam("page") Integer page,
@QueryParam("entries") Integer entries,
@QueryParam("includeAttributes") @DefaultValue("false") boolean includeAttributes,
Expand All @@ -198,7 +208,8 @@ ResourceList getResourcesList(@Context SecurityContext sc, @QueryParam("page") I
*/
@GET
@Path("/count/{nameLike}")
@RolesAllowed({ "ADMIN", "USER", "GUEST" })
//@RolesAllowed({ "ADMIN", "USER", "GUEST" })
@Secured({ "ROLE_USER", "ROLE_ADMIN", "ROLE_ANONYMOUS" })
long getCount(@Context SecurityContext sc, @PathParam("nameLike") String nameLike);

/**
Expand All @@ -209,7 +220,8 @@ ResourceList getResourcesList(@Context SecurityContext sc, @QueryParam("page") I
@GET
@Path("/resource/{id}/attributes")
@Produces({ MediaType.TEXT_PLAIN, MediaType.TEXT_XML, MediaType.APPLICATION_JSON })
@RolesAllowed({ "ADMIN", "USER", "GUEST" })
//@RolesAllowed({ "ADMIN", "USER", "GUEST" })
@Secured({ "ROLE_USER", "ROLE_ADMIN", "ROLE_ANONYMOUS" })
ShortAttributeList getAttributes(@Context SecurityContext sc, @PathParam("id") long id)
throws NotFoundWebEx;

Expand All @@ -222,7 +234,8 @@ ShortAttributeList getAttributes(@Context SecurityContext sc, @PathParam("id") l
@GET
@Path("/resource/{id}/attributes/{name}")
@Produces({ MediaType.TEXT_PLAIN, MediaType.TEXT_XML, MediaType.APPLICATION_JSON })
@RolesAllowed({ "ADMIN", "USER", "GUEST" })
//@RolesAllowed({ "ADMIN", "USER", "GUEST" })
@Secured({ "ROLE_USER", "ROLE_ADMIN", "ROLE_ANONYMOUS" })
String getAttribute(@Context SecurityContext sc, @PathParam("id") long id,
@PathParam("name") String name) throws NotFoundWebEx;

Expand All @@ -237,7 +250,8 @@ String getAttribute(@Context SecurityContext sc, @PathParam("id") long id,
@PUT
@Path("/resource/{id}/attributes/{name}/{value}")
@Produces({ MediaType.TEXT_PLAIN, MediaType.TEXT_XML, MediaType.APPLICATION_JSON })
@RolesAllowed({ "ADMIN", "USER" })
//@RolesAllowed({ "ADMIN", "USER" })
@Secured({ "ROLE_USER", "ROLE_ADMIN", "ROLE_ANONYMOUS" })
long updateAttribute(@Context SecurityContext sc, @PathParam("id") long id,
@PathParam("name") String name, @PathParam("value") String value);

Expand Down
Loading

5 comments on commit 29a4d4a

@mbarto
Copy link
Contributor

@mbarto mbarto commented on 29a4d4a Feb 10, 2014

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some comments:

  • can't we put extractAuthUser in a common place, instead of duplicating it in every rest service impl?
  • one doubt: if we don't have the security interceptor anymore who is creating the GeoStorePrincipal object now?
  • no unit tests?

@simboss
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Without unit tests we cannot accept the pull request

@afabiani
Copy link
Member

@afabiani afabiani commented on 29a4d4a Feb 10, 2014 via email

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@simboss
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LDAP is a new functionality hence we should add some tests relying on an embedded LDAP server to make sure that:

  • the configuration works
  • if we ever make a changes things keep working

I believe Mauro has done something along this line in the past.

@afabiani
Copy link
Member

@afabiani afabiani commented on 29a4d4a Feb 10, 2014 via email

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.