Commit 6e5a7c20 authored by Alexander Dolzhenko's avatar Alexander Dolzhenko
Browse files

add rest OAuthManagementController

parent 2a0b2c22
......@@ -28,6 +28,7 @@ import javax.persistence.OneToMany;
import javax.persistence.Table;
import javax.persistence.UniqueConstraint;
import com.fasterxml.jackson.annotation.JsonIgnore;
import org.genesys2.server.model.BusinessModel;
@Entity
......@@ -55,6 +56,7 @@ public class AclObjectIdentity extends BusinessModel {
@Column(name = "entries_inheriting", nullable = false, length = 1)
private boolean entriesInheriting;
@JsonIgnore
@OneToMany(mappedBy = "aclObjectIdentity", fetch = FetchType.LAZY, cascade = CascadeType.REMOVE, orphanRemoval = true)
private List<AclEntry> aclEntries;
......
......@@ -25,6 +25,7 @@ import javax.persistence.FetchType;
import javax.persistence.OneToMany;
import javax.persistence.Table;
import com.fasterxml.jackson.annotation.JsonIgnore;
import org.genesys2.server.model.BusinessModel;
@Entity
......@@ -40,9 +41,11 @@ public class AclSid extends BusinessModel {
@Column(name = "sid", nullable = false, length = 100)
private String sid;
@JsonIgnore
@OneToMany(mappedBy = "ownerSid", fetch = FetchType.LAZY, cascade = CascadeType.REMOVE, orphanRemoval = true)
private List<AclObjectIdentity> objectIdentities;
@JsonIgnore
@OneToMany(mappedBy = "aclSid", fetch = FetchType.LAZY, cascade = CascadeType.REMOVE, orphanRemoval = true)
private List<AclEntry> aclEntries;
......
/**
* Copyright 2014 Global Crop Diversity Trust
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
**/
package org.genesys2.server.servlet.controller.rest;
import org.genesys2.server.model.acl.AclObjectIdentity;
import org.genesys2.server.model.acl.AclSid;
import org.genesys2.server.model.impl.User;
import org.genesys2.server.model.oauth.OAuthAccessToken;
import org.genesys2.server.model.oauth.OAuthClientDetails;
import org.genesys2.server.model.oauth.OAuthRefreshToken;
import org.genesys2.server.service.AclService;
import org.genesys2.server.service.JPATokenStore;
import org.genesys2.server.service.OAuth2ClientDetailsService;
import org.genesys2.server.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*;
import java.util.*;
@Controller("restOAuthManagementController")
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = {"/api/v0/oauth", "/json/v0/oauth"})
public class OAuthManagementController extends RequestsController {
final static String CLAZZ = OAuthClientDetails.class.getName();
@Autowired
protected UserService userService;
@Autowired
private OAuth2ClientDetailsService clientDetailsService;
@Autowired
private AclService aclService;
@Autowired
@Qualifier("tokenStore")
private JPATokenStore tokenStore;
@PreAuthorize("hasRole('ADMINISTRATOR')")
@RequestMapping("/clientslist")
@ResponseBody
public Object listClients() {
return clientDetailsService.listClientDetails();
}
@RequestMapping("/token/at/{tokenId}/remove")
@PreAuthorize("hasRole('ADMINISTRATOR')")
@ResponseBody
public String removeAccessToken(@PathVariable("tokenId") long tokenId) {
tokenStore.removeAccessToken(tokenId);
return JSON_OK;
}
@PreAuthorize("hasRole('ADMINISTRATOR')")
@RequestMapping("/token/rt/{tokenId}/remove")
@ResponseBody
public String removeRefreshToken(@PathVariable("tokenId") long tokenId) {
tokenStore.removeRefreshToken(tokenId);
return JSON_OK;
}
@PreAuthorize("hasRole('ADMINISTRATOR')")
@RequestMapping("/token/{clientId:.+}/remove-all-at")
@ResponseBody
public String removeAllAccessTokens(@PathVariable("clientId") String clientId) {
final Collection<OAuth2AccessToken> tokens = tokenStore.findTokensByClientId(clientId);
for (final OAuth2AccessToken token : tokens) {
tokenStore.removeAccessToken(token);
}
return JSON_OK;
}
@PreAuthorize("hasRole('ADMINISTRATOR')")
@RequestMapping("/token/{clientId:.+}/remove-all-rt")
@ResponseBody
public String removeAllRefreshTokens(@PathVariable("clientId") String clientId) {
final Collection<OAuthRefreshToken> tokens = tokenStore.findRefreshTokensByClientId(clientId);
for (final OAuthRefreshToken token : tokens) {
tokenStore.removeRefreshToken(token.getId());
}
return JSON_OK;
}
@PreAuthorize("hasAnyRole('VETTEDUSER','ADMINISTRATOR')")
@RequestMapping(value = "/save-client", method = RequestMethod.POST)
@ResponseBody
public String createClientEntry(@RequestBody OAuthClientDetails requestClient) {
OAuthClientDetails clientDetails;
if (requestClient.getId() == null) {
clientDetails = clientDetailsService.addClientDetails(
requestClient.getTitle(),
requestClient.getDescription(),
requestClient.getRedirectUris(),
requestClient.getAccessTokenValiditySeconds(),
requestClient.getRefreshTokenValiditySeconds(),
null);
} else {
clientDetails = clientDetailsService.update(clientDetailsService.getClientDetails(requestClient.getId()),
requestClient.getTitle(),
requestClient.getDescription(),
requestClient.getClientSecret(),
requestClient.getRedirectUris(),
requestClient.getAccessTokenValiditySeconds(),
requestClient.getRefreshTokenValiditySeconds());
}
return "{\"clientId\":\"" + clientDetails.getClientId() + "\"}";
}
@PreAuthorize("hasAnyRole('VETTEDUSER','ADMINISTRATOR')")
@RequestMapping(value = "/delete-client", method = RequestMethod.POST)
@ResponseBody
public String deleteClient(@RequestBody OAuthClientDetails requestClient) {
final OAuthClientDetails clientDetails = clientDetailsService.getClientDetails(requestClient.getId());
LOG.info("Deleting client " + clientDetails.getClientId());
clientDetailsService.removeClient(clientDetails);
return JSON_OK;
}
// @PreAuthorize("hasRole('ADMINISTRATOR')")
// @RequestMapping(value = "/{clientId:.+}", method = RequestMethod.GET)
// @ResponseBody
// public Object clientDetails(@PathVariable("clientId") String clientId) {
// ClientDetails clientDetails = clientDetailsService.loadClientByClientId(clientId);
// return clientDetails;
// }
// id will need for permissions
@PreAuthorize("hasRole('ADMINISTRATOR')")
@RequestMapping(value = "/{id}", method = RequestMethod.GET)
@ResponseBody
public Object clientDetails(@PathVariable("id") long id) {
ClientDetails clientDetails = clientDetailsService.getClientDetails(id);
return clientDetails;
}
@PreAuthorize("hasRole('ADMINISTRATOR')")
@RequestMapping(value = "/tokens/{clientId:.+}", method = RequestMethod.GET)
@ResponseBody
public Object clientTokens(@PathVariable("clientId") String clientId) {
Collection<OAuthAccessToken> tokensByClientId = clientDetailsService.findTokensByClientId(clientId);
Collection<OAuthRefreshToken> refreshTokensByClientId = clientDetailsService.findRefreshTokensClientId(clientId);
HashMap<String, Object> tokensMap = new HashMap<>();
tokensMap.put("accessTokens", tokensByClientId);
tokensMap.put("refreshTokens", refreshTokensByClientId);
return tokensMap;
}
@PreAuthorize("hasRole('ADMINISTRATOR')")
@RequestMapping(value = "/permissions/{id}", method = RequestMethod.GET)
@ResponseBody
public Object getPermissions(@PathVariable("id") long id) {
Map<String, Object> resultMap = new HashMap<>();
final AclObjectIdentity objectIdentity = aclService.ensureObjectIdentity(CLAZZ, id);
resultMap.put("aclObjectIdentity", objectIdentity);
if (objectIdentity != null) {
resultMap.put("aclPermissions", aclService.getAvailablePermissions(CLAZZ));
}
List<AclSid> aclSids = aclService.getSids(id, CLAZZ);
resultMap.put("aclSids", aclSids);
resultMap.put("aclEntries", aclService.getPermissions(id, CLAZZ));
Set<User> users = new HashSet<>();
users.add(userService.getUserByUuid(objectIdentity.getOwnerSid().getSid()));
for (AclSid sid: aclSids){
users.add(userService.getUserByUuid(sid.getSid()));
}
resultMap.put("users", users);
return resultMap;
}
}
......@@ -74,6 +74,13 @@ public class UsersController extends RestController {
return userService.getUserById(id);
}
@RequestMapping(value = "/user/uuid/{id:.+}", method = RequestMethod.GET, produces = {MediaType.APPLICATION_JSON_VALUE})
@ResponseBody
@PreAuthorize("hasRole('ADMINISTRATOR')")
public Object getUserByUuid(@PathVariable String id) throws UserException {
return userService.getUserByUuid(id);
}
@RequestMapping(value = "/user", method = RequestMethod.PUT, consumes = {MediaType.APPLICATION_JSON_VALUE})
@ResponseBody
public void saveUser(@RequestBody @Validated User user) throws UserException {
......@@ -85,8 +92,7 @@ public class UsersController extends RestController {
public void updateUser(@RequestBody @Validated User user) throws UserException {
try {
userService.updateUser(user);
} catch (final DataIntegrityViolationException e) { // for some reasons it's
// not caught in service
} catch (final DataIntegrityViolationException e) {
throw new NotUniqueUserException(e, user.getEmail());
}
}
......@@ -133,15 +139,5 @@ public class UsersController extends RestController {
return JSON_OK;
}
@RequestMapping(value = "/user",
/* method = RequestMethod.DELETE) */
// only GET, POST, PUT allowed
method = RequestMethod.POST)
@PreAuthorize("hasRole('ADMINISTRATOR')")
@ResponseBody
public void removeUser(@RequestParam("id") Long userId) throws UserException {
userService.removeUserById(userId);
}
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment