This is an automated email from the ASF dual-hosted git repository. alexoree pushed a commit to branch feature/JUDDI-558 in repository https://gitbox.apache.org/repos/asf/juddi.git
commit a3cf0c6de7e326e7c1b70586fb9d112a3a43be65 Author: Alex O'Ree <[email protected]> AuthorDate: Wed Jun 26 16:00:27 2019 -0400 [JUDDI-558] inquiry service now filters requst data. can now get/set permissions, however only the read access permission is current implemented. api is still evolving --- .../org/apache/juddi/api/impl/UDDIInquiryImpl.java | 75 +++++----- .../org/apache/juddi/model/BusinessService.java | 4 +- .../org/apache/juddi/security/AccessLevel.java | 46 ------ .../org/apache/juddi/security/IAccessControl.java | 7 +- .../apache/juddi/security/rbac/RbacRulesModel.java | 20 ++- .../security/rbac/RoleBasedAccessControlImpl.java | 154 ++++++++++++++++++++- .../src/main/webapp/WEB-INF/classes/juddiv3.xml | 7 + 7 files changed, 203 insertions(+), 110 deletions(-) diff --git a/juddi-core/src/main/java/org/apache/juddi/api/impl/UDDIInquiryImpl.java b/juddi-core/src/main/java/org/apache/juddi/api/impl/UDDIInquiryImpl.java index c5591ed..9cd0531 100644 --- a/juddi-core/src/main/java/org/apache/juddi/api/impl/UDDIInquiryImpl.java +++ b/juddi-core/src/main/java/org/apache/juddi/api/impl/UDDIInquiryImpl.java @@ -141,7 +141,7 @@ public class UDDIInquiryImpl extends AuthenticatedService implements UDDIInquiry try { tx.begin(); UddiEntityPublisher entityPublisher=null; - if (isAuthenticated()) + if (isAuthenticatedRequired() || (body.getAuthInfo()!=null&& body.getAuthInfo().length()>0)) entityPublisher = this.getEntityPublisher(em, body.getAuthInfo()); LogFindBindingRequest(body); @@ -168,15 +168,14 @@ public class UDDIInquiryImpl extends AuthenticatedService implements UDDIInquiry tx.rollback(); long procTime = System.currentTimeMillis() - startTime; serviceCounter.update(InquiryQuery.FIND_BINDING, QueryStatus.SUCCESS, procTime); - if (isAuthenticated() && entityPublisher!=null) - { + List<org.uddi.api_v3.BindingTemplate> FilterBindingTemplates = AccessControlFactory.getAccessControlInstance().filterBindingTemplates( this.ctx, entityPublisher, result.getBindingTemplate()); result.getBindingTemplate().clear(); result.getBindingTemplate().addAll(FilterBindingTemplates); - } + return result; } finally { if (tx.isActive()) { @@ -212,7 +211,7 @@ public class UDDIInquiryImpl extends AuthenticatedService implements UDDIInquiry } tx.begin(); UddiEntityPublisher entityPublisher=null; - if (isAuthenticated()) + if (isAuthenticatedRequired() || (body.getAuthInfo()!=null&& body.getAuthInfo().length()>0)) entityPublisher = this.getEntityPublisher(em, body.getAuthInfo()); LogFindBusinessRequest(body); @@ -226,8 +225,7 @@ public class UDDIInquiryImpl extends AuthenticatedService implements UDDIInquiry tx.rollback(); long procTime = System.currentTimeMillis() - startTime; serviceCounter.update(InquiryQuery.FIND_BUSINESS, QueryStatus.SUCCESS, procTime); - if (isAuthenticated() && entityPublisher!=null) - { + List<org.uddi.api_v3.BusinessInfo> FilterBindingTemplates = AccessControlFactory.getAccessControlInstance().filterBusinessInfo( this.ctx, @@ -235,7 +233,7 @@ public class UDDIInquiryImpl extends AuthenticatedService implements UDDIInquiry result.getBusinessInfos().getBusinessInfo()); result.getBusinessInfos().getBusinessInfo().clear(); result.getBusinessInfos().getBusinessInfo().addAll(FilterBindingTemplates); - } + return result; } finally { if (tx.isActive()) { @@ -246,6 +244,7 @@ public class UDDIInquiryImpl extends AuthenticatedService implements UDDIInquiry } + @Override public RelatedBusinessesList findRelatedBusinesses(FindRelatedBusinesses body) throws DispositionReportFaultMessage { long startTime = System.currentTimeMillis(); @@ -262,7 +261,7 @@ public class UDDIInquiryImpl extends AuthenticatedService implements UDDIInquiry try { tx.begin(); UddiEntityPublisher entityPublisher=null; - if (isAuthenticated()) + if (isAuthenticatedRequired() || (body.getAuthInfo()!=null&& body.getAuthInfo().length()>0)) entityPublisher = this.getEntityPublisher(em, body.getAuthInfo()); LogFindRelatedBusinessRequest(body); @@ -277,8 +276,7 @@ public class UDDIInquiryImpl extends AuthenticatedService implements UDDIInquiry tx.rollback(); long procTime = System.currentTimeMillis() - startTime; serviceCounter.update(InquiryQuery.FIND_RELATEDBUSINESSES, QueryStatus.SUCCESS, procTime); - if (isAuthenticated() && entityPublisher!=null) - { + List<org.uddi.api_v3.RelatedBusinessInfo> FilterBindingTemplates = AccessControlFactory.getAccessControlInstance().filtedRelatedBusinessInfos( this.ctx, @@ -286,7 +284,7 @@ public class UDDIInquiryImpl extends AuthenticatedService implements UDDIInquiry result.getRelatedBusinessInfos().getRelatedBusinessInfo()); result.getRelatedBusinessInfos().getRelatedBusinessInfo().clear(); result.getRelatedBusinessInfos().getRelatedBusinessInfo().addAll(FilterBindingTemplates); - } + return result; } finally { if (tx.isActive()) { @@ -313,7 +311,7 @@ public class UDDIInquiryImpl extends AuthenticatedService implements UDDIInquiry try { tx.begin(); UddiEntityPublisher entityPublisher=null; - if (isAuthenticated()) + if (isAuthenticatedRequired() || (body.getAuthInfo()!=null&& body.getAuthInfo().length()>0)) entityPublisher = this.getEntityPublisher(em, body.getAuthInfo()); LogFindServiceRequest(body); @@ -342,15 +340,14 @@ public class UDDIInquiryImpl extends AuthenticatedService implements UDDIInquiry tx.rollback(); long procTime = System.currentTimeMillis() - startTime; serviceCounter.update(InquiryQuery.FIND_SERVICE, QueryStatus.SUCCESS, procTime); - if (isAuthenticated() && entityPublisher!=null) - { + List<org.uddi.api_v3.ServiceInfo> FilterBindingTemplates = AccessControlFactory.getAccessControlInstance().filterServiceInfo( this.ctx, entityPublisher, result.getServiceInfos().getServiceInfo()); result.getServiceInfos().getServiceInfo().clear(); result.getServiceInfos().getServiceInfo().addAll(FilterBindingTemplates); - } + return result; } finally { if (tx.isActive()) { @@ -378,7 +375,7 @@ public class UDDIInquiryImpl extends AuthenticatedService implements UDDIInquiry try { tx.begin(); UddiEntityPublisher entityPublisher=null; - if (isAuthenticated()) + if (isAuthenticatedRequired() || (body.getAuthInfo()!=null&& body.getAuthInfo().length()>0)) entityPublisher = this.getEntityPublisher(em, body.getAuthInfo()); LogFindTModelRequest(body); @@ -392,15 +389,14 @@ public class UDDIInquiryImpl extends AuthenticatedService implements UDDIInquiry tx.rollback(); long procTime = System.currentTimeMillis() - startTime; serviceCounter.update(InquiryQuery.FIND_TMODEL, QueryStatus.SUCCESS, procTime); - if (isAuthenticated() && entityPublisher!=null) - { + List<org.uddi.api_v3.TModelInfo> FilterBindingTemplates = AccessControlFactory.getAccessControlInstance().filterTModelInfo( this.ctx,entityPublisher, result.getTModelInfos().getTModelInfo()); result.getTModelInfos().getTModelInfo().clear(); result.getTModelInfos().getTModelInfo().addAll(FilterBindingTemplates); - } + return result; } finally { if (tx.isActive()) { @@ -427,7 +423,7 @@ public class UDDIInquiryImpl extends AuthenticatedService implements UDDIInquiry try { tx.begin(); UddiEntityPublisher entityPublisher=null; - if (isAuthenticated()) + if (isAuthenticatedRequired() || (body.getAuthInfo()!=null&& body.getAuthInfo().length()>0)) entityPublisher = this.getEntityPublisher(em, body.getAuthInfo()); @@ -452,15 +448,14 @@ public class UDDIInquiryImpl extends AuthenticatedService implements UDDIInquiry tx.commit(); long procTime = System.currentTimeMillis() - startTime; serviceCounter.update(InquiryQuery.GET_BINDINGDETAIL, QueryStatus.SUCCESS, procTime); - if (isAuthenticated() && entityPublisher!=null) - { + List<org.uddi.api_v3.BindingTemplate> FilterBindingTemplates = AccessControlFactory.getAccessControlInstance().filterBindingTemplates( this.ctx, entityPublisher, result.getBindingTemplate()); result.getBindingTemplate().clear(); result.getBindingTemplate().addAll(FilterBindingTemplates); - } + return result; } finally { if (tx.isActive()) { @@ -488,7 +483,7 @@ public class UDDIInquiryImpl extends AuthenticatedService implements UDDIInquiry try { tx.begin(); UddiEntityPublisher entityPublisher=null; - if (isAuthenticated()) + if (isAuthenticatedRequired() || (body.getAuthInfo()!=null&& body.getAuthInfo().length()>0)) entityPublisher = this.getEntityPublisher(em, body.getAuthInfo()); @@ -513,14 +508,13 @@ public class UDDIInquiryImpl extends AuthenticatedService implements UDDIInquiry tx.commit(); long procTime = System.currentTimeMillis() - startTime; serviceCounter.update(InquiryQuery.GET_BUSINESSDETAIL, QueryStatus.SUCCESS, procTime); - if (isAuthenticated() && entityPublisher!=null) - { + List<org.uddi.api_v3.BusinessEntity> FilterBindingTemplates = AccessControlFactory.getAccessControlInstance().filterBusinesses( - this.ctx,entityPublisher, result.getBusinessEntity()); + this.ctx, entityPublisher, result.getBusinessEntity()); result.getBusinessEntity().clear(); result.getBusinessEntity().addAll(FilterBindingTemplates); - } + return result; } finally { if (tx.isActive()) { @@ -548,7 +542,7 @@ public class UDDIInquiryImpl extends AuthenticatedService implements UDDIInquiry try { tx.begin(); UddiEntityPublisher entityPublisher=null; - if (isAuthenticated()) + if (isAuthenticatedRequired() || (body.getAuthInfo()!=null&& body.getAuthInfo().length()>0)) entityPublisher = this.getEntityPublisher(em, body.getAuthInfo()); @@ -573,14 +567,13 @@ public class UDDIInquiryImpl extends AuthenticatedService implements UDDIInquiry tx.commit(); long procTime = System.currentTimeMillis() - startTime; serviceCounter.update(InquiryQuery.GET_OPERATIONALINFO, QueryStatus.SUCCESS, procTime); - if (isAuthenticated() && entityPublisher!=null) - { + List<org.uddi.api_v3.OperationalInfo> FilterBindingTemplates = AccessControlFactory.getAccessControlInstance().filterOperationalInfo( this.ctx,entityPublisher, result.getOperationalInfo()); result.getOperationalInfo().clear(); result.getOperationalInfo().addAll(FilterBindingTemplates); - } + return result; } finally { if (tx.isActive()) { @@ -609,7 +602,7 @@ public class UDDIInquiryImpl extends AuthenticatedService implements UDDIInquiry tx.begin(); UddiEntityPublisher entityPublisher=null; - if (isAuthenticated()) + if (isAuthenticatedRequired() || (body.getAuthInfo()!=null&& body.getAuthInfo().length()>0)) entityPublisher = this.getEntityPublisher(em, body.getAuthInfo()); ServiceDetail result = new ServiceDetail(); @@ -632,15 +625,14 @@ public class UDDIInquiryImpl extends AuthenticatedService implements UDDIInquiry tx.commit(); long procTime = System.currentTimeMillis() - startTime; serviceCounter.update(InquiryQuery.GET_SERVICEDETAIL, QueryStatus.SUCCESS, procTime); - if (isAuthenticated() && entityPublisher!=null) - { + List<org.uddi.api_v3.BusinessService> FilterBindingTemplates = AccessControlFactory.getAccessControlInstance().filterServices( this.ctx, entityPublisher, result.getBusinessService()); result.getBusinessService().clear(); result.getBusinessService().addAll(FilterBindingTemplates); - } + return result; } finally { @@ -671,7 +663,7 @@ public class UDDIInquiryImpl extends AuthenticatedService implements UDDIInquiry UddiEntityPublisher entityPublisher=null; - if (isAuthenticated()) + if (isAuthenticatedRequired() || (body.getAuthInfo()!=null&& body.getAuthInfo().length()>0)) entityPublisher = this.getEntityPublisher(em, body.getAuthInfo()); TModelDetail result = new TModelDetail(); @@ -694,15 +686,14 @@ public class UDDIInquiryImpl extends AuthenticatedService implements UDDIInquiry tx.commit(); long procTime = System.currentTimeMillis() - startTime; serviceCounter.update(InquiryQuery.GET_TMODELDETAIL, QueryStatus.SUCCESS, procTime); - if (isAuthenticated() && entityPublisher!=null) - { + List<org.uddi.api_v3.TModel> FilterBindingTemplates = AccessControlFactory.getAccessControlInstance().filterTModels( this.ctx, entityPublisher, result.getTModel()); result.getTModel().clear(); result.getTModel().addAll(FilterBindingTemplates); - } + return result; } finally { if (tx.isActive()) { @@ -712,7 +703,7 @@ public class UDDIInquiryImpl extends AuthenticatedService implements UDDIInquiry } } - private boolean isAuthenticated() { + private boolean isAuthenticatedRequired() { boolean result = false; try { result = AppConfig.getConfiguration().getBoolean(Property.JUDDI_AUTHENTICATE_INQUIRY); diff --git a/juddi-core/src/main/java/org/apache/juddi/model/BusinessService.java b/juddi-core/src/main/java/org/apache/juddi/model/BusinessService.java index f26f5ed..4013391 100644 --- a/juddi-core/src/main/java/org/apache/juddi/model/BusinessService.java +++ b/juddi-core/src/main/java/org/apache/juddi/model/BusinessService.java @@ -43,8 +43,8 @@ public class BusinessService extends UddiEntity implements java.io.Serializable private List<ServiceDescr> serviceDescrs = new ArrayList<ServiceDescr>(0); private List<BindingTemplate> bindingTemplates = new ArrayList<BindingTemplate>(0); private ServiceCategoryBag categoryBag; - private List<ServiceProjection> projectingBusinesses = new ArrayList<ServiceProjection>(0); - private List<Signature> signatures = new ArrayList<Signature>(0); + private List<ServiceProjection> projectingBusinesses = new ArrayList<ServiceProjection>(0); + private List<Signature> signatures = new ArrayList<Signature>(0); public BusinessService() { } diff --git a/juddi-core/src/main/java/org/apache/juddi/security/AccessLevel.java b/juddi-core/src/main/java/org/apache/juddi/security/AccessLevel.java deleted file mode 100644 index 7f72645..0000000 --- a/juddi-core/src/main/java/org/apache/juddi/security/AccessLevel.java +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Copyright 2019 The Apache Software Foundation. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.juddi.security; - - -/** - * @since 3.4 - * @author Alex O'Ree - */ -public enum AccessLevel { - /** - * No access at all - */ - NONE, - /** - * Read only access, cannot make changes - */ - READ, - /** - * Can view, read, make changes, and delete a specific entity - */ - WRITE, - /** - * Can view, read, make changes, delete a specific entity, can initiate a custody transfer, and delegate permissions - * to another user - */ - OWN, - /** - * can create new entities - */ - CREATE - -} \ No newline at end of file diff --git a/juddi-core/src/main/java/org/apache/juddi/security/IAccessControl.java b/juddi-core/src/main/java/org/apache/juddi/security/IAccessControl.java index cfdac64..e41cdad 100644 --- a/juddi-core/src/main/java/org/apache/juddi/security/IAccessControl.java +++ b/juddi-core/src/main/java/org/apache/juddi/security/IAccessControl.java @@ -16,19 +16,14 @@ package org.apache.juddi.security; import java.rmi.RemoteException; -import java.util.ArrayList; import java.util.List; -import javax.persistence.EntityManager; -import javax.persistence.EntityTransaction; -import javax.persistence.Query; import javax.xml.ws.WebServiceContext; +import org.apache.juddi.api_v3.AccessLevel; import org.apache.juddi.api_v3.GetPermissionsMessageRequest; import org.apache.juddi.api_v3.GetPermissionsMessageResponse; import org.apache.juddi.api_v3.SetPermissionsMessageRequest; import org.apache.juddi.api_v3.SetPermissionsMessageResponse; -import org.apache.juddi.config.PersistenceManager; import org.apache.juddi.model.UddiEntityPublisher; -import org.apache.juddi.security.rbac.RbacRulesModel; import org.uddi.api_v3.BindingTemplate; import org.uddi.api_v3.BusinessEntity; import org.uddi.api_v3.BusinessInfo; diff --git a/juddi-core/src/main/java/org/apache/juddi/security/rbac/RbacRulesModel.java b/juddi-core/src/main/java/org/apache/juddi/security/rbac/RbacRulesModel.java index 259296b..a502846 100644 --- a/juddi-core/src/main/java/org/apache/juddi/security/rbac/RbacRulesModel.java +++ b/juddi-core/src/main/java/org/apache/juddi/security/rbac/RbacRulesModel.java @@ -20,7 +20,7 @@ import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.Id; import javax.persistence.Table; -import org.apache.juddi.security.AccessLevel; +import org.apache.juddi.api_v3.AccessLevel; /** * @@ -39,7 +39,7 @@ public class RbacRulesModel implements Serializable { */ private String uddiEntityId; - @Column(name = "entity_id", nullable = false, length = 51) + @Column(name = "entity_id", nullable = false, length = 255) public String getUddiEntityId() { return uddiEntityId; } @@ -48,7 +48,7 @@ public class RbacRulesModel implements Serializable { this.uddiEntityId = uddiEntityId; } - @Column(name = "container_role", nullable = false, length = 51) + @Column(name = "container_role", nullable = false, length = 128) public String getContainerRole() { return containerRole; } @@ -58,12 +58,18 @@ public class RbacRulesModel implements Serializable { } @Column(name = "access_level", nullable = false, length = 51) - public AccessLevel getAccessLevel() { - return AccessLevel.valueOf(level); + public String getAccessLevel() { + return (level); } + + public AccessLevel getAccessLevelAsEnum() { + return AccessLevel.valueOf(getAccessLevel()); + } + + - public void setAccessLevel(AccessLevel level) { - this.level = level.name(); + public void setAccessLevel(String level) { + this.level = level; } @Id diff --git a/juddi-core/src/main/java/org/apache/juddi/security/rbac/RoleBasedAccessControlImpl.java b/juddi-core/src/main/java/org/apache/juddi/security/rbac/RoleBasedAccessControlImpl.java index 852ed96..99f2ba5 100644 --- a/juddi-core/src/main/java/org/apache/juddi/security/rbac/RoleBasedAccessControlImpl.java +++ b/juddi-core/src/main/java/org/apache/juddi/security/rbac/RoleBasedAccessControlImpl.java @@ -18,12 +18,14 @@ package org.apache.juddi.security.rbac; import java.rmi.RemoteException; import java.util.ArrayList; import java.util.List; +import java.util.UUID; import javax.persistence.EntityManager; import javax.persistence.EntityTransaction; import javax.persistence.Query; import javax.xml.ws.WebServiceContext; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.apache.juddi.api_v3.AccessLevel; import org.apache.juddi.api_v3.Action; import org.apache.juddi.api_v3.GetPermissionsMessageRequest; import org.apache.juddi.api_v3.GetPermissionsMessageResponse; @@ -34,7 +36,6 @@ import org.apache.juddi.config.PersistenceManager; import org.apache.juddi.config.ResourceConfig; import org.apache.juddi.model.UddiEntity; import org.apache.juddi.model.UddiEntityPublisher; -import org.apache.juddi.security.AccessLevel; import org.apache.juddi.security.IAccessControl; import org.uddi.api_v3.BindingTemplate; import org.uddi.api_v3.BusinessEntity; @@ -84,7 +85,7 @@ public class RoleBasedAccessControlImpl implements IAccessControl { private boolean hasReadAccess(WebServiceContext ctx, List<RbacRulesModel> rules) { for (RbacRulesModel r : rules) { if (ctx.isUserInRole(r.getContainerRole())) { - if (r.getAccessLevel() == AccessLevel.NONE) //explicit deny + if (r.getAccessLevelAsEnum() == AccessLevel.NONE) //explicit deny { return false; } @@ -157,6 +158,11 @@ public class RoleBasedAccessControlImpl implements IAccessControl { redact(bs); continue; //access denied } + if (username == null) { + redact(bs); + continue; //access denied + + } if (username.isOwner(ue)) { //keep it continue; @@ -193,6 +199,11 @@ public class RoleBasedAccessControlImpl implements IAccessControl { redact(bs); continue; //access denied } + if (username == null) { + redact(bs); + continue; //access denied + + } if (username.isOwner(ue)) { //keep it continue; @@ -216,12 +227,75 @@ public class RoleBasedAccessControlImpl implements IAccessControl { @Override public List<BusinessInfo> filterBusinessInfo(WebServiceContext ctx, UddiEntityPublisher username, List<BusinessInfo> items) { + //load access rules from database + for (BusinessInfo bs : items) { + //get the permission for this entity. + UddiEntity ue = loadEntity(bs.getBusinessKey(), org.apache.juddi.model.BusinessService.class); + if (ue == null) { + redact(bs); + continue; //access denied + } + if (username == null) { + redact(bs); + continue; //access denied + + } + if (username.isOwner(ue)) { + //keep it + continue; + } + + List<RbacRulesModel> rules = getPermissionSet(bs.getBusinessKey()); + if (rules.isEmpty()) { + redact(bs); + continue; //access denied + } + if (!hasReadAccess(ctx, rules)) { + redact(bs); //also access denied, either no matching role or an explicit deny + continue; + } + if (bs.getServiceInfos() != null) { + filterServiceInfo(ctx, username, bs.getServiceInfos().getServiceInfo()); + } + + } return new ArrayList(items); + } @Override public List<TModel> filterTModels(WebServiceContext ctx, UddiEntityPublisher username, List<TModel> items) { + //load access rules from database + for (TModel bs : items) { + //get the permission for this entity. + UddiEntity ue = loadEntity(bs.getTModelKey(), org.apache.juddi.model.Tmodel.class); + if (ue == null) { + redact(bs); + continue; //access denied + } + if (username == null) { + redact(bs); + continue; //access denied + + } + if (username.isOwner(ue)) { + //keep it + continue; + } + + List<RbacRulesModel> rules = getPermissionSet(bs.getTModelKey()); + if (rules.isEmpty()) { + redact(bs); + continue; //access denied + } + if (!hasReadAccess(ctx, rules)) { + redact(bs); //also access denied, either no matching role or an explicit deny + continue; + } + + } return new ArrayList(items); + } @Override @@ -235,6 +309,11 @@ public class RoleBasedAccessControlImpl implements IAccessControl { redact(bs); continue; //access denied } + if (username == null) { + redact(bs); + continue; //access denied + + } if (username.isOwner(ue)) { //keep it continue; @@ -273,6 +352,11 @@ public class RoleBasedAccessControlImpl implements IAccessControl { si.setServiceKey(REDACTED); continue; //access denied } + if (username == null) { + si.setServiceKey(REDACTED); + continue; //access denied + + } if (username.isOwner(ue)) { //keep it continue; @@ -333,12 +417,12 @@ public class RoleBasedAccessControlImpl implements IAccessControl { tx.begin(); Query createQuery = null; if (arg0.getEntityId() != null && arg0.getEntityId().length() > 0) { - createQuery = em.createQuery("select c from RbacRulesModel c where c.uddiEntityId=:id"); + createQuery = em.createQuery("select c from RbacRulesModel c where c.uddiEntityId=:id", RbacRulesModel.class); createQuery.setParameter("id", arg0.getEntityId()); } else { - createQuery = em.createQuery("select c from RbacRulesModel c"); + createQuery = em.createQuery("select c from RbacRulesModel c", RbacRulesModel.class); } - + set = createQuery.getResultList(); } finally { @@ -351,7 +435,7 @@ public class RoleBasedAccessControlImpl implements IAccessControl { for (RbacRulesModel item : set) { Permission permission = new Permission(); permission.setEntityId(item.getUddiEntityId()); - permission.setLevel(org.apache.juddi.api_v3.AccessLevel.fromValue(item.getAccessLevel().name())); + permission.setLevel((item.getAccessLevelAsEnum())); permission.setAction(Action.NOOP); permission.setTarget(item.getContainerRole()); //TODO permission.setType(item.); @@ -363,7 +447,63 @@ public class RoleBasedAccessControlImpl implements IAccessControl { @Override public SetPermissionsMessageResponse setPermissions(SetPermissionsMessageRequest arg0) throws DispositionReportFaultMessage, RemoteException { - throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates. + EntityManager em = PersistenceManager.getEntityManager(); + EntityTransaction tx = em.getTransaction(); + try { + tx.begin(); + + for (Permission perm : arg0.getLevel()) { + if (perm.getAction() != Action.NOOP) { + Query createQuery = null; + + createQuery = em.createQuery("delete from RbacRulesModel c where c.uddiEntityId=:id and c.containerRole=:user"); + createQuery.setParameter("id", perm.getEntityId()); + createQuery.setParameter("user", perm.getTarget()); + createQuery.executeUpdate(); + } + + if (perm.getAction() == Action.ADD) { + RbacRulesModel r = new RbacRulesModel(); + r.setAccessLevel(perm.getLevel().name()); + + r.setContainerRole(perm.getTarget()); + r.setUddiEntityId(perm.getEntityId()); + r.setId(UUID.randomUUID().toString()); + em.persist(r); + } + } + tx.commit(); + + } finally { + if (tx.isActive()) { + tx.rollback(); + } + em.close(); + } + SetPermissionsMessageResponse response = new SetPermissionsMessageResponse(); + return response; + } + + private void redact(BusinessInfo bs) { + + bs.setBusinessKey(REDACTED); + bs.getDescription().clear(); + bs.setServiceInfos(null); + bs.getName().clear(); + bs.getName().add(new Name(REDACTED, "en")); + } + + private void redact(TModel bs) { + + bs.setTModelKey(REDACTED); + bs.getDescription().clear(); + bs.setCategoryBag(null); + + bs.setName(new Name(REDACTED, "en")); + bs.getDescription().clear(); + bs.getOverviewDoc().clear(); + bs.getSignature().clear(); + bs.setIdentifierBag(null); } } diff --git a/juddiv3-war/src/main/webapp/WEB-INF/classes/juddiv3.xml b/juddiv3-war/src/main/webapp/WEB-INF/classes/juddiv3.xml index 39279b0..feeb502 100644 --- a/juddiv3-war/src/main/webapp/WEB-INF/classes/juddiv3.xml +++ b/juddiv3-war/src/main/webapp/WEB-INF/classes/juddiv3.xml @@ -226,5 +226,12 @@ <logging> <logInquirySearchPayloads>false</logInquirySearchPayloads> </logging> + + <!-- additional access control module + provides item level access permissions. + default is everyone can read everything, only owners can change stuff + --> + <accessControlProvider>org.apache.juddi.security.rbac.RoleBasedAccessControlImpl</accessControlProvider> + </juddi> </config> \ No newline at end of file --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
