This is an automated email from the ASF dual-hosted git repository.
alexoree pushed a commit to branch feature/JUDDI-558
in repository https://gitbox.apache.org/repos/asf/juddi.git
The following commit(s) were added to refs/heads/feature/JUDDI-558 by this push:
new 4c90588 JUDDI-558 amother interface change to better handling the
filtering of publisher assertions
4c90588 is described below
commit 4c90588d54defbb0cdaf7faf5abd5dac6754fe11
Author: Alex O'Ree <[email protected]>
AuthorDate: Wed Jun 26 17:42:40 2019 -0400
JUDDI-558 amother interface change to better handling the filtering of
publisher assertions
---
.../org/apache/juddi/api/impl/UDDIInquiryImpl.java | 9 +-
.../juddi/security/AllowAllAccessControlImpl.java | 5 +-
.../org/apache/juddi/security/IAccessControl.java | 3 +-
.../security/rbac/RoleBasedAccessControlImpl.java | 106 ++++++++++++++++++++-
4 files changed, 114 insertions(+), 9 deletions(-)
diff --git
a/juddi-core/src/main/java/org/apache/juddi/api/impl/UDDIInquiryImpl.java
b/juddi-core/src/main/java/org/apache/juddi/api/impl/UDDIInquiryImpl.java
index 9cd0531..d2dbfa1 100644
--- a/juddi-core/src/main/java/org/apache/juddi/api/impl/UDDIInquiryImpl.java
+++ b/juddi-core/src/main/java/org/apache/juddi/api/impl/UDDIInquiryImpl.java
@@ -52,6 +52,7 @@ import org.uddi.api_v3.GetOperationalInfo;
import org.uddi.api_v3.GetServiceDetail;
import org.uddi.api_v3.GetTModelDetail;
import org.uddi.api_v3.OperationalInfos;
+import org.uddi.api_v3.RelatedBusinessInfos;
import org.uddi.api_v3.RelatedBusinessesList;
import org.uddi.api_v3.ServiceDetail;
import org.uddi.api_v3.ServiceList;
@@ -277,13 +278,13 @@ public class UDDIInquiryImpl extends AuthenticatedService
implements UDDIInquiry
long procTime = System.currentTimeMillis() - startTime;
serviceCounter.update(InquiryQuery.FIND_RELATEDBUSINESSES, QueryStatus.SUCCESS,
procTime);
- List<org.uddi.api_v3.RelatedBusinessInfo>
FilterBindingTemplates =
+ RelatedBusinessInfos FilterBindingTemplates =
AccessControlFactory.getAccessControlInstance().filtedRelatedBusinessInfos(
this.ctx,
entityPublisher,
-
result.getRelatedBusinessInfos().getRelatedBusinessInfo());
-
result.getRelatedBusinessInfos().getRelatedBusinessInfo().clear();
-
result.getRelatedBusinessInfos().getRelatedBusinessInfo().addAll(FilterBindingTemplates);
+ result.getRelatedBusinessInfos());
+
result.setRelatedBusinessInfos(FilterBindingTemplates);
+
return result;
} finally {
diff --git
a/juddi-core/src/main/java/org/apache/juddi/security/AllowAllAccessControlImpl.java
b/juddi-core/src/main/java/org/apache/juddi/security/AllowAllAccessControlImpl.java
index 9891a44..3363e8a 100644
---
a/juddi-core/src/main/java/org/apache/juddi/security/AllowAllAccessControlImpl.java
+++
b/juddi-core/src/main/java/org/apache/juddi/security/AllowAllAccessControlImpl.java
@@ -32,6 +32,7 @@ import org.uddi.api_v3.BusinessInfo;
import org.uddi.api_v3.BusinessService;
import org.uddi.api_v3.OperationalInfo;
import org.uddi.api_v3.RelatedBusinessInfo;
+import org.uddi.api_v3.RelatedBusinessInfos;
import org.uddi.api_v3.ServiceInfo;
import org.uddi.api_v3.TModel;
import org.uddi.api_v3.TModelInfo;
@@ -71,8 +72,8 @@ public class AllowAllAccessControlImpl implements
IAccessControl {
}
@Override
- public List<RelatedBusinessInfo>
filtedRelatedBusinessInfos(WebServiceContext arg0, UddiEntityPublisher user,
List<RelatedBusinessInfo> arg2) {
- return new ArrayList<>(arg2);
+ public RelatedBusinessInfos filtedRelatedBusinessInfos(WebServiceContext
arg0, UddiEntityPublisher user, RelatedBusinessInfos arg1) {
+ return (arg1);
}
@Override
diff --git
a/juddi-core/src/main/java/org/apache/juddi/security/IAccessControl.java
b/juddi-core/src/main/java/org/apache/juddi/security/IAccessControl.java
index e41cdad..588c67c 100644
--- a/juddi-core/src/main/java/org/apache/juddi/security/IAccessControl.java
+++ b/juddi-core/src/main/java/org/apache/juddi/security/IAccessControl.java
@@ -30,6 +30,7 @@ import org.uddi.api_v3.BusinessInfo;
import org.uddi.api_v3.BusinessService;
import org.uddi.api_v3.OperationalInfo;
import org.uddi.api_v3.RelatedBusinessInfo;
+import org.uddi.api_v3.RelatedBusinessInfos;
import org.uddi.api_v3.ServiceInfo;
import org.uddi.api_v3.TModel;
import org.uddi.api_v3.TModelInfo;
@@ -55,7 +56,7 @@ public interface IAccessControl {
public List<BindingTemplate> filterBindingTemplates(WebServiceContext ctx,
UddiEntityPublisher username, List<BindingTemplate> bindings);
- public List<RelatedBusinessInfo>
filtedRelatedBusinessInfos(WebServiceContext ctx, UddiEntityPublisher username,
List<RelatedBusinessInfo> bindings);
+ public RelatedBusinessInfos filtedRelatedBusinessInfos(WebServiceContext
ctx, UddiEntityPublisher username, RelatedBusinessInfos bindings);
public List<ServiceInfo> filterServiceInfo(WebServiceContext ctx,
UddiEntityPublisher authorizedName, List<ServiceInfo> serviceInfo);
diff --git
a/juddi-core/src/main/java/org/apache/juddi/security/rbac/RoleBasedAccessControlImpl.java
b/juddi-core/src/main/java/org/apache/juddi/security/rbac/RoleBasedAccessControlImpl.java
index 99f2ba5..d813834 100644
---
a/juddi-core/src/main/java/org/apache/juddi/security/rbac/RoleBasedAccessControlImpl.java
+++
b/juddi-core/src/main/java/org/apache/juddi/security/rbac/RoleBasedAccessControlImpl.java
@@ -43,8 +43,11 @@ import org.uddi.api_v3.BusinessInfo;
import org.uddi.api_v3.BusinessService;
import org.uddi.api_v3.Name;
import org.uddi.api_v3.OperationalInfo;
+import org.uddi.api_v3.PublisherAssertion;
import org.uddi.api_v3.RelatedBusinessInfo;
+import org.uddi.api_v3.RelatedBusinessInfos;
import org.uddi.api_v3.ServiceInfo;
+import org.uddi.api_v3.SharedRelationships;
import org.uddi.api_v3.TModel;
import org.uddi.api_v3.TModelInfo;
import org.uddi.v3_service.DispositionReportFaultMessage;
@@ -338,9 +341,100 @@ public class RoleBasedAccessControlImpl implements
IAccessControl {
}
@Override
- public List<RelatedBusinessInfo>
filtedRelatedBusinessInfos(WebServiceContext ctx, UddiEntityPublisher username,
List<RelatedBusinessInfo> items) {
+ public RelatedBusinessInfos filtedRelatedBusinessInfos(WebServiceContext
ctx, UddiEntityPublisher username, RelatedBusinessInfos items) {
//TODO
- return new ArrayList(items);
+ if (items == null) {
+ return null;
+ }
+ for (RelatedBusinessInfo bs : items.getRelatedBusinessInfo()) {
+ UddiEntity ue = loadEntity(bs.getBusinessKey(),
org.apache.juddi.model.BusinessService.class);
+ if (ue == null) {
+ redact(bs);
+ continue; //access denied
+ }
+ if (username == null) {
+ redact(bs);
+ continue; //access denied
+
+ }
+ if (username.isOwner(ue)) {
+ //keep it
+ continue;
+ }
+
+ List<RbacRulesModel> rules = getPermissionSet(bs.getBusinessKey());
+ if (rules.isEmpty()) {
+ redact(bs);
+ continue; //access denied
+ }
+ if (!hasReadAccess(ctx, rules)) {
+ redact(bs); //also access denied, either no matching role or
an explicit deny
+ continue;
+ }
+ if (bs.getSharedRelationships() != null) {
+
+ for (SharedRelationships si : bs.getSharedRelationships()) {
+ boolean redact = false;
+ for (PublisherAssertion pa : si.getPublisherAssertion()) {
+ UddiEntity ue2 = loadEntity(pa.getFromKey(),
org.apache.juddi.model.BusinessEntity.class);
+ if (ue2 == null) {
+ redact = true;
+ break;
+ }
+ if (username == null) {
+ redact = true;
+ break; //access denied
+
+ }
+ if (username.isOwner(ue)) {
+ //keep it
+ continue;
+ }
+
+ List<RbacRulesModel> rules2 =
getPermissionSet(pa.getFromKey());
+
+ if (rules2.isEmpty()) {
+ redact = true;
+ break; //access denied
+ }
+ if (!hasReadAccess(ctx, rules)) {
+ redact = true; //also access denied, either no
matching role or an explicit deny
+ break;
+ }
+
+ ue2 = loadEntity(pa.getToKey(),
org.apache.juddi.model.BusinessEntity.class);
+ if (ue2 == null) {
+ redact = true;
+ break;
+ }
+
+ if (username.isOwner(ue2)) {
+ //keep it
+ continue;
+ }
+
+ rules2 = getPermissionSet(pa.getToKey());
+
+ if (rules2.isEmpty()) {
+ redact = true;
+ break; //access denied
+ }
+ if (!hasReadAccess(ctx, rules)) {
+ redact = true; //also access denied, either no
matching role or an explicit deny
+ break;
+ }
+ }
+
+ if (redact){
+
+ }
+
+ }
+
+ }
+ }
+
+ return items;
}
@Override
@@ -506,4 +600,12 @@ public class RoleBasedAccessControlImpl implements
IAccessControl {
bs.setIdentifierBag(null);
}
+ private void redact(RelatedBusinessInfo bs) {
+ bs.setBusinessKey(REDACTED);
+ bs.getDescription().clear();
+ bs.getName().clear();
+ bs.getName().add(new Name(REDACTED, "en"));
+ bs.getSharedRelationships().clear();
+ }
+
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
