Commit ddcfe76d authored by Matija Obreza's avatar Matija Obreza
Browse files

Permissions provided in JSON for frontend

- @WithMockOAuth2Authentication annotation for testing the API
- Registered CurrentApplicationContext bean for CurrentPermissionsWriter
parent ec3eff9a
......@@ -27,7 +27,7 @@ import org.springframework.security.access.prepost.PreAuthorize;
public interface DescriptorService {
@PreAuthorize("hasRole('ADMINISTRATOR')")
@PreAuthorize("isAuthenticated()")
Descriptor createDescriptor(Descriptor input);
/**
......
......@@ -558,24 +558,6 @@
<artifactId>spring-security-test</artifactId>
<version>${spring.security.version}</version>
<scope>test</scope>
<exclusions>
<exclusion>
<artifactId>spring-security-core</artifactId>
<groupId>org.springframework.security</groupId>
</exclusion>
<exclusion>
<artifactId>spring-core</artifactId>
<groupId>org.springframework</groupId>
</exclusion>
<exclusion>
<artifactId>spring-test</artifactId>
<groupId>org.springframework</groupId>
</exclusion>
<exclusion>
<artifactId>spring-security-web</artifactId>
<groupId>org.springframework.security</groupId>
</exclusion>
</exclusions>
</dependency>
<!--swagger -->
......
......@@ -17,6 +17,7 @@ package org.genesys.catalog.server.config;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.math.NumberUtils;
import org.genesys.blocks.util.CurrentApplicationContext;
import org.genesys.filerepository.service.BytesStorageService;
import org.genesys.filerepository.service.VirusScanner;
import org.genesys.filerepository.service.impl.ClamAVScanner;
......@@ -27,6 +28,7 @@ import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.EnableAspectJAutoProxy;
import org.springframework.core.annotation.Order;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
......@@ -49,6 +51,13 @@ public class ApplicationConfig {
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Bean
@Order(Integer.MIN_VALUE)
public CurrentApplicationContext currentApplicationContext() {
// This provides static access to current application context
return new CurrentApplicationContext();
}
@Bean
public VirusScanner virusScanner() {
......
package org.genesys.catalog.server.config;
import java.io.Serializable;
import org.apache.tomcat.jdbc.pool.DataSource;
import org.genesys.catalog.model.user.UserRole;
import org.genesys.catalog.server.service.impl.CaffeineAclCache;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.cache.Cache;
......@@ -13,7 +16,8 @@ import org.springframework.security.acls.domain.ConsoleAuditLogger;
import org.springframework.security.acls.domain.DefaultPermissionGrantingStrategy;
import org.springframework.security.acls.jdbc.BasicLookupStrategy;
import org.springframework.security.acls.jdbc.JdbcMutableAclService;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
/**
* @author Andrey Lugovskoy.
......@@ -29,7 +33,27 @@ public class SpringAclConfig {
@Bean(name = "permissionEvaluator")
public AclPermissionEvaluator aclPermissionEvaluator() {
return new AclPermissionEvaluator(aclService());
return new AclPermissionEvaluator(aclService()) {
@Override
public boolean hasPermission(Authentication authentication, Object domainObject, Object permission) {
for (GrantedAuthority authority : authentication.getAuthorities()) {
if (UserRole.ADMINISTRATOR == authority) {
return true;
}
}
return super.hasPermission(authentication, domainObject, permission);
}
@Override
public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType, Object permission) {
for (GrantedAuthority authority : authentication.getAuthorities()) {
if (UserRole.ADMINISTRATOR == authority) {
return true;
}
}
return super.hasPermission(authentication, targetId, targetType, permission);
}
};
}
@Bean
......@@ -39,7 +63,7 @@ public class SpringAclConfig {
@Bean
public AclAuthorizationStrategyImpl aclAuthorizationStrategy() {
return new AclAuthorizationStrategyImpl(new SimpleGrantedAuthority("ADMINISTRATOR"));
return new AclAuthorizationStrategyImpl(UserRole.ADMINISTRATOR);
}
@Bean
......
......@@ -36,6 +36,7 @@ import org.genesys.catalog.model.traits.DescriptorList;
import org.genesys.catalog.persistence.traits.DescriptorListRepository;
import org.genesys.catalog.persistence.traits.DescriptorRepository;
import org.genesys.catalog.server.controller.rest.AbstractRestTest;
import org.genesys.catalog.server.controller.rest.WithMockOAuth2Authentication;
import org.genesys.catalog.service.filters.DescriptorFilter;
import org.genesys.catalog.service.filters.PartnerFilter;
import org.genesys.common.model.Partner;
......@@ -48,7 +49,6 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.restdocs.JUnitRestDocumentation;
import org.springframework.restdocs.mockmvc.RestDocumentationRequestBuilders;
import org.springframework.security.test.context.support.WithMockUser;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.result.MockMvcResultHandlers;
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
......@@ -110,7 +110,6 @@ public class DescriptorControllerTest extends AbstractRestTest {
@Test
@WithMockUser(username = "user", password = "user" , roles = "ADMINISTRATOR")
public void createDescriptorListTest() throws Exception {
String s = verboseMapper.writeValueAsString(setUpDescriptorList("Des 1", true, "Title 1", "Vt 1", UUID.randomUUID()));
......@@ -121,7 +120,6 @@ public class DescriptorControllerTest extends AbstractRestTest {
}
@Test
@WithMockUser(username = "user", password = "user" ,roles = "ADMINISTRATOR")
public void updateDescriptorListTest() throws Exception {
DescriptorList descriptorList = setUpDescriptorList("Des 2", true, "Title 2", "Vt 2", UUID.randomUUID());
descriptorList = descriptorListRepository.save(descriptorList);
......@@ -144,7 +142,6 @@ public class DescriptorControllerTest extends AbstractRestTest {
}
@Test
@WithMockUser(username = "user", password = "user" ,roles = "USER")
public void listDescriptorListsTest() throws Exception {
DescriptorList descriptorList = setUpDescriptorList("Des 2", true, "Title 2", "Vt 2", UUID.randomUUID());
descriptorList = descriptorListRepository.save(descriptorList);
......@@ -159,9 +156,10 @@ public class DescriptorControllerTest extends AbstractRestTest {
}
@Test
@WithMockUser(username = "user", password = "user" ,roles = "ADMINISTRATOR")
@WithMockOAuth2Authentication(roles = { "USER" }, scopes = { "write" })
public void listDescriptorsTest() throws Exception {
createDescriptorTest();
DescriptorFilter descriptorFilter = new DescriptorFilter();
PartnerFilter partnerFilter = new PartnerFilter();
partnerFilter.name = StringFilter.eq(PARTNER_NAME);
......@@ -181,7 +179,6 @@ public class DescriptorControllerTest extends AbstractRestTest {
}
@Test
@WithMockUser(username = "user", password = "user" ,roles = "USER")
public void getDescriptorTest() throws Exception {
Descriptor descriptor = descriptorRepository.save(setUpDescriptor());
......@@ -194,7 +191,7 @@ public class DescriptorControllerTest extends AbstractRestTest {
}
@Test
@WithMockUser(username = "user", password = "user" ,roles = "ADMINISTRATOR")
@WithMockOAuth2Authentication(roles = { "ADMINISTRATOR" }, scopes = { "write" })
public void updateDescriptorTest() throws Exception {
Descriptor descriptor = descriptorRepository.save(setUpDescriptor());
Descriptor newDescriptor = new Descriptor();
......@@ -217,7 +214,6 @@ public class DescriptorControllerTest extends AbstractRestTest {
}
@Test
@WithMockUser(username = "user", password = "user" ,roles = "USER")
public void getDescriptorListTest() throws Exception {
DescriptorList descriptorList = setUpDescriptorList("Des 2", true, "Title 2", "Vt 2", UUID.randomUUID());
descriptorListRepository.save(descriptorList);
......@@ -231,7 +227,7 @@ public class DescriptorControllerTest extends AbstractRestTest {
}
@Test
@WithMockUser(username = "user", password = "user" ,roles = "ADMINISTRATOR")
@WithMockOAuth2Authentication(roles = { "ADMINISTRATOR" }, scopes = { "write" })
public void createDescriptorTest() throws Exception {
String s = verboseMapper.writeValueAsString(setUpDescriptor());
......@@ -242,7 +238,6 @@ public class DescriptorControllerTest extends AbstractRestTest {
}
@Test
@WithMockUser(username = "user", password = "user" ,roles = "ADMINISTRATOR")
public void removeDescriptorList() throws Exception {
DescriptorList descriptorList = setUpDescriptorList("Des 2", true, "Title 2", "Vt 2", UUID.randomUUID());
descriptorListRepository.save(descriptorList);
......@@ -256,7 +251,6 @@ public class DescriptorControllerTest extends AbstractRestTest {
}
@Test
@WithMockUser(username = "user", password = "user" ,roles = "ADMINISTRATOR")
public void deleteDescriptorList() throws Exception {
DescriptorList descriptorList = setUpDescriptorList("Des 2", true, "Title 2", "Vt 2", UUID.randomUUID());
descriptorListRepository.save(descriptorList);
......
package org.genesys.catalog.server.controller.rest;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import org.springframework.security.test.context.support.WithSecurityContext;
/**
* Based on https://stackoverflow.com/questions/29510759/how-to-test-spring-security-oauth2-resource-server-security/40921028#40921028
*/
@Retention(RetentionPolicy.RUNTIME)
@WithSecurityContext(factory = WithMockOAuth2AuthenticationSecurityContextFactory.class)
public @interface WithMockOAuth2Authentication {
/**
* User authorities
*/
String[] roles() default { "USER" };
/**
* OAuth client scopes
*/
String[] scopes() default { "write" };
}
package org.genesys.catalog.server.controller.rest;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
import java.util.UUID;
import java.util.stream.Collectors;
import com.google.common.collect.Sets;
import org.genesys.blocks.security.model.BasicUser;
import org.genesys.catalog.model.user.User;
import org.genesys.catalog.model.user.UserRole;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.OAuth2Request;
import org.springframework.security.test.context.support.WithSecurityContextFactory;
/**
* https://stackoverflow.com/questions/29510759/how-to-test-spring-security-oauth2-resource-server-security/40921028#40921028
*/
public class WithMockOAuth2AuthenticationSecurityContextFactory implements WithSecurityContextFactory<WithMockOAuth2Authentication> {
private static final Long USER_ID = -10l;
private static final UUID USER_UUID = UUID.randomUUID();
@Override
public SecurityContext createSecurityContext(WithMockOAuth2Authentication mockOAuth2Auth) {
SecurityContext context = SecurityContextHolder.createEmptyContext();
Set<String> scopes = Sets.newHashSet(mockOAuth2Auth.scopes());
String clientId = "mockmvc-oauth2-client";
Collection<GrantedAuthority> clientAuthorities = new HashSet<>();
clientAuthorities.add(new SimpleGrantedAuthority("ROLE_CLIENT"));
OAuth2Request request = new OAuth2Request(null, clientId, clientAuthorities, true, scopes, null, null, null, null);
BasicUser<?> principal = new User();
principal.setId(USER_ID);
principal.setUuid(USER_UUID.toString());
principal.setEmail("user@example.com");
principal.setPrincipal(true);
Collection<GrantedAuthority> userAuthorities = Arrays.stream(mockOAuth2Auth.roles()).map(role -> UserRole.valueOf(role)).collect(Collectors.toSet());
Authentication userAuthentication = new UsernamePasswordAuthenticationToken(principal, null, userAuthorities);
Authentication auth = new OAuth2Authentication(request, userAuthentication);
context.setAuthentication(auth);
return context;
}
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment