Commit 0ee3ab13 authored by Matija Obreza's avatar Matija Obreza

Code refactored for app-blocks:1.1-SNAPSHOT

parent fbd1e076
......@@ -24,3 +24,4 @@ npm-debug.log
.settings
.pmd
node_tmp
effective.pom
......@@ -58,7 +58,7 @@
<snippetsDirectory>${project.build.directory}/generated-snippets</snippetsDirectory>
<junit.version>4.12</junit.version>
<application.blocks.version>1.1-SNAPSHOT</application.blocks.version>
<commons.beanutils.version>1.9.2</commons.beanutils.version>
<commons.collections.version>3.2.1</commons.collections.version>
<commons.fileupload.version>1.3.1</commons.fileupload.version>
......@@ -287,9 +287,21 @@
<version>1.9.4.RELEASE</version>
</dependency>
<!-- Hibernate dependencies -->
<!-- App blocks -->
<dependency>
<groupId>org.genesys-pgr</groupId>
<artifactId>application-blocks-auditlog</artifactId>
<version>${application.blocks.version}</version>
</dependency>
<dependency>
<groupId>org.genesys-pgr</groupId>
<artifactId>application-blocks-security</artifactId>
<version>${application.blocks.version}</version>
</dependency>
<!-- Hibernate dependencies -->
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-entitymanager</artifactId>
......
/**
* Copyright 2014 Global Crop Diversity Trust
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
package org.genesys2.server.aspect;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.genesys2.server.model.AclAwareModel;
import org.genesys2.server.service.AclService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
@Aspect
@Component
public class AclAssignerAspect {
private static final Log LOG = LogFactory.getLog(AclAssignerAspect.class);
@Autowired
private AclService aclService;
@Around("execution(* org.genesys2.server.persistence.domain.*.save(..))")
public Object aroundSaveAclObject(ProceedingJoinPoint pjp) throws Throwable {
final Object arg0 = pjp.getArgs()[0];
boolean needsAcl = false;
if (arg0 instanceof AclAwareModel) {
final AclAwareModel aclModel = (AclAwareModel) arg0;
needsAcl = aclModel.getId() == null;
}
try {
final Object retval = pjp.proceed();
if (needsAcl) {
final AclAwareModel aclModel = (AclAwareModel) retval;
LOG.warn("Inserting ACL entries for owner: " + aclModel.getId());
aclService.addCreatorPermissions(aclModel);
}
return retval;
} finally {
// Nothing to do here
}
}
}
......@@ -25,7 +25,6 @@ import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.genesys2.server.model.UserRole;
import org.genesys2.server.model.impl.User;
import org.genesys2.server.security.AuthUserDetails;
import org.genesys2.server.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
......@@ -85,13 +84,9 @@ public class AsAdminAspect {
SYS_ADMIN = new PreAuthenticatedAuthenticationToken("SYS_ADMIN", null, Arrays.asList(new SimpleGrantedAuthority(UserRole.ADMINISTRATOR
.getName())));
} else {
LOG.warn("Got SYS_ADMIN account: " + sysUser);
LOG.warn("Got SYS_ADMIN account: " + sysUser + " with roles=" + sysUser.getAuthorities());
final AuthUserDetails userDetails = new AuthUserDetails(sysUser.getUuid(), "", Arrays.asList(new SimpleGrantedAuthority(UserRole.ADMINISTRATOR
.getName())));
userDetails.setUser(sysUser);
SYS_ADMIN = new PreAuthenticatedAuthenticationToken(userDetails, null, userDetails.getAuthorities());
SYS_ADMIN = new PreAuthenticatedAuthenticationToken(sysUser, null, sysUser.getAuthorities());
}
}
......
/**
* Copyright 2014 Global Crop Diversity Trust
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
package org.genesys2.server.exception;
public class NoUserFoundException extends UserException {
private static final long serialVersionUID = -3218537334751840421L;
public NoUserFoundException() {
}
public NoUserFoundException(String message) {
super(message);
}
public NoUserFoundException(String message, Throwable cause) {
super(message, cause);
}
public NoUserFoundException(Throwable cause) {
super(cause);
}
public NoUserFoundException(long modelId) {
this.modelId = modelId;
}
public NoUserFoundException(Throwable cause, long modelId) {
super(cause);
this.modelId = modelId;
}
private long modelId;
public long getModelId() {
return modelId;
}
}
/**
* Copyright 2014 Global Crop Diversity Trust
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
package org.genesys2.server.exception;
public class NotUniqueUserException extends UserException {
private static final long serialVersionUID = -3260458819774485495L;
public NotUniqueUserException() {
}
public NotUniqueUserException(String message) {
super(message);
}
public NotUniqueUserException(String message, Throwable cause) {
super(message, cause);
}
public NotUniqueUserException(Throwable cause) {
super(cause);
}
public NotUniqueUserException(Throwable cause, String email) {
super(cause);
this.email = email;
}
private String email;
public String getEmail() {
return email;
}
}
/**
* Copyright 2014 Global Crop Diversity Trust
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
package org.genesys2.server.exception;
import org.genesys2.server.ApplicationException;
public class UserException extends ApplicationException {
private static final long serialVersionUID = -5046893564893762245L;
public UserException() {
super();
}
public UserException(String message) {
super(message);
}
public UserException(String message, Throwable cause) {
super(message, cause);
}
public UserException(Throwable cause) {
super(cause);
}
}
......@@ -19,11 +19,11 @@ package org.genesys2.server.listener.sample;
import java.util.HashSet;
import java.util.Set;
import org.genesys2.server.exception.UserException;
import org.genesys.blocks.security.UserException;
import org.genesys.blocks.security.service.PasswordPolicy.PasswordPolicyException;
import org.genesys2.server.listener.RunAsAdminListener;
import org.genesys2.server.model.UserRole;
import org.genesys2.server.model.impl.User;
import org.genesys2.server.service.PasswordPolicy.PasswordPolicyException;
import org.genesys2.server.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.domain.PageRequest;
......@@ -58,7 +58,7 @@ public class CreateAdminListener extends RunAsAdminListener {
user.setSystemAccount(systemAccount);
user.setEmail(email);
user.setPassword(passwd);
user.setName(name);
user.setFullName(name);
final Set<UserRole> userRoles = new HashSet<UserRole>();
userRoles.add(UserRole.ADMINISTRATOR);
user.setRoles(userRoles);
......
......@@ -16,7 +16,9 @@
package org.genesys2.server.model;
public enum UserRole {
import org.springframework.security.core.GrantedAuthority;
public enum UserRole implements GrantedAuthority {
USER("User"), ADMINISTRATOR("Administrator"), VALIDATEDUSER("Validated user"), VETTEDUSER("Vetted user"), CONTENTMANAGER("Content Manager");
String label;
......@@ -41,4 +43,9 @@ public enum UserRole {
public String getName() {
return name();
}
@Override
public String getAuthority() {
return "ROLE_" + getName();
}
}
......@@ -17,181 +17,47 @@
package org.genesys2.server.model.impl;
import java.beans.Transient;
import java.util.Date;
import java.util.HashSet;
import java.util.Set;
import java.util.UUID;
import javax.persistence.Cacheable;
import javax.persistence.CollectionTable;
import javax.persistence.Column;
import javax.persistence.ElementCollection;
import javax.persistence.Entity;
import javax.persistence.EnumType;
import javax.persistence.Enumerated;
import javax.persistence.JoinColumn;
import javax.persistence.PrePersist;
import javax.persistence.Table;
import javax.persistence.Temporal;
import javax.persistence.TemporalType;
import net.sf.oval.constraint.Email;
import net.sf.oval.constraint.NotEmpty;
import net.sf.oval.constraint.NotNull;
import com.fasterxml.jackson.databind.annotation.JsonSerialize;
import org.genesys2.server.model.BusinessModel;
import org.genesys.blocks.security.model.BasicUser;
import org.genesys2.server.model.UserRole;
import org.genesys2.server.servlet.controller.rest.serialization.UserSerializer;
import org.hibernate.annotations.Cache;
import org.hibernate.annotations.CacheConcurrencyStrategy;
import com.fasterxml.jackson.databind.annotation.JsonSerialize;
@Cacheable
@Entity
@Table(name = "\"user\"")
@JsonSerialize(using = UserSerializer.class)
public class User extends BusinessModel {
public class User extends BasicUser<UserRole> {
private static final long serialVersionUID = 4564013753931115445L;
@Column(length = 36, unique = true)
private String uuid;
// validation
@NotNull(message = "sample.error.not.null")
@NotEmpty(message = "sample.error.not.empty")
@Email(message = "sample.error.wrong.email")
// hibernate
@Column(name = "email", nullable = false, unique = true)
private String email;
// validation
@NotNull(message = "sample.error.not.null")
@NotEmpty(message = "sample.error.not.empty")
// hibernate
@Column(name = "password", nullable = false)
private String password;
// validation
@NotNull(message = "sample.error.not.null")
@NotEmpty(message = "sample.error.not.empty")
// hibernate
@Column(name = "name", nullable = false)
private String name;
@Enumerated(EnumType.STRING)
@Column(name = "loginType", length=10, nullable=false, columnDefinition="VARCHAR(10) DEFAULT 'PASSWORD'")
private LoginType loginType = LoginType.PASSWORD;
// validation
@Cache(usage = CacheConcurrencyStrategy.READ_WRITE)
@ElementCollection
@Enumerated(EnumType.STRING)
@CollectionTable(name = "user_role", joinColumns = @JoinColumn(name = "user_id"))
@Column(name = "user_role")
private Set<UserRole> roles = new HashSet<UserRole>();
/**
* System accounts cannot log in through web or otherwise.
*/
@Column(nullable = false, updatable = false, name = "sys")
private boolean systemAccount = false;
@Column
private boolean enabled = true;
@Temporal(TemporalType.TIMESTAMP)
@Column(nullable = true)
private Date lockedUntil;
@PrePersist
void ensureUUID() {
if (this.uuid == null) {
this.uuid = UUID.nameUUIDFromBytes(email.getBytes()).toString();
}
this.uuid = UUID.nameUUIDFromBytes(getEmail().getBytes()).toString();
}
public String getEmail() {
return email;
}
public void setEmail(String email) {
this.email = email;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public LoginType getLoginType() {
return loginType;
}
public void setLoginType(LoginType loginType) {
this.loginType = loginType;
}
public Set<UserRole> getRoles() {
return roles;
}
public void setRoles(Set<UserRole> roles) {
this.roles = roles;
}
@Override
public boolean equals(Object o) {
if (this == o) {
return true;
}
if (!(o instanceof User)) {
return false;
}
final User user = (User) o;
if (email != null ? !email.equals(user.email) : user.email != null) {
return false;
}
if (name != null ? !name.equals(user.name) : user.name != null) {
return false;
}
if (password != null ? !password.equals(user.password) : user.password != null) {
return false;
}
if (roles != null ? !roles.equals(user.roles) : user.roles != null) {
return false;
}
return true;
}
@Override
public int hashCode() {
int result = email != null ? email.hashCode() : 0;
result = 31 * result + (password != null ? password.hashCode() : 0);
result = 31 * result + (name != null ? name.hashCode() : 0);
result = 31 * result + (roles != null ? roles.hashCode() : 0);
return result;
}
@Override
public String toString() {
return "User id=" + id + " email=" + email;
return "User id=" + getId() + " email=" + getEmail();
}
public String getUuid() {
......@@ -210,28 +76,6 @@ public class User extends BusinessModel {
return systemAccount;
}
public boolean isEnabled() {
return this.enabled;
}
public void setEnabled(boolean enabled) {
this.enabled = enabled;
}
public Date getLockedUntil() {
return this.lockedUntil;
}
public void setLockedUntil(Date lockedUntil) {
this.lockedUntil = lockedUntil;
}
@Transient
public boolean isAccountLocked() {
return this.lockedUntil != null && this.lockedUntil.after(new Date());
}
@Transient
public boolean isAccountExpired() {
// We don't support account expiration
return false;
......
......@@ -25,7 +25,7 @@ import org.springframework.data.jpa.repository.Query;
import org.springframework.transaction.annotation.Transactional;
@Transactional
public interface UserPersistence extends JpaRepository<User, Long> {
public interface UserRepository extends JpaRepository<User, Long> {
@Query("select u from User u where u.email = ?1 and u.systemAccount = false")
User findByEmail(String email);
......
/**
* Copyright 2014 Global Crop Diversity Trust
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
package org.genesys2.server.security;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.acls.domain.AuditLogger;
import org.springframework.security.acls.model.AccessControlEntry;
import org.springframework.security.acls.model.AuditableAccessControlEntry;
import org.springframework.util.Assert;
// TODO Not using slf4j, rename
public class ApacheLogAuditLogger implements AuditLogger {
private static final Log LOG = LogFactory.getLog(ApacheLogAuditLogger.class);
@Override
public void logIfNeeded(boolean granted, AccessControlEntry ace) {
Assert.notNull(ace, "AccessControlEntry required");
if (ace instanceof AuditableAccessControlEntry) {
final AuditableAccessControlEntry auditableAce = (AuditableAccessControlEntry) ace;
if (granted && auditableAce.isAuditSuccess()) {
LOG.debug("GRANTED due to ACE: " + ace);
} else if (!granted && auditableAce.isAuditFailure()) {
LOG.debug("DENIED due to ACE: " + ace);
}
}
}
}
/**
* Copyright 2014 Global Crop Diversity Trust
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0