http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/security-admin/src/main/java/com/xasecure/rest/AssetREST.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/com/xasecure/rest/AssetREST.java b/security-admin/src/main/java/com/xasecure/rest/AssetREST.java deleted file mode 100644 index 2662409..0000000 --- a/security-admin/src/main/java/com/xasecure/rest/AssetREST.java +++ /dev/null @@ -1,655 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - - package com.xasecure.rest; - -import java.io.File; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.Collection; -import java.util.List; - -import javax.servlet.http.HttpServletRequest; -import javax.ws.rs.DELETE; -import javax.ws.rs.Encoded; -import javax.ws.rs.GET; -import javax.ws.rs.POST; -import javax.ws.rs.PUT; -import javax.ws.rs.Path; -import javax.ws.rs.PathParam; -import javax.ws.rs.Produces; -import javax.ws.rs.core.Context; -import javax.ws.rs.core.MediaType; -import javax.ws.rs.core.Response; - -import org.apache.log4j.Logger; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.annotation.Scope; -import org.springframework.security.access.prepost.PreAuthorize; -import org.springframework.stereotype.Component; -import org.springframework.transaction.annotation.Propagation; -import org.springframework.transaction.annotation.Transactional; - -import com.xasecure.biz.AssetMgr; -import com.xasecure.biz.XABizUtil; -import com.xasecure.common.PropertiesUtil; -import com.xasecure.common.RESTErrorUtil; -import com.xasecure.common.SearchCriteria; -import com.xasecure.common.StringUtil; -import com.xasecure.common.XACommonEnums; -import com.xasecure.common.XASearchUtil; -import com.xasecure.common.annotation.XAAnnotationClassName; -import com.xasecure.common.annotation.XAAnnotationJSMgrName; -import com.xasecure.service.AbstractBaseResourceService; -import com.xasecure.service.XAccessAuditService; -import com.xasecure.service.XAgentService; -import com.xasecure.service.XAssetService; -import com.xasecure.service.XCredentialStoreService; -import com.xasecure.service.XPolicyExportAuditService; -import com.xasecure.service.XPolicyService; -import com.xasecure.service.XResourceService; -import com.xasecure.service.XTrxLogService; -import com.xasecure.view.VXAccessAuditList; -import com.xasecure.view.VXAsset; -import com.xasecure.view.VXAssetList; -import com.xasecure.view.VXCredentialStore; -import com.xasecure.view.VXCredentialStoreList; -import com.xasecure.view.VXLong; -import com.xasecure.view.VXPermMap; -import com.xasecure.view.VXPolicy; -import com.xasecure.view.VXPolicyExportAuditList; -import com.xasecure.view.VXResource; -import com.xasecure.view.VXResourceList; -import com.xasecure.view.VXResponse; -import com.xasecure.view.VXString; -import com.xasecure.view.VXStringList; -import com.xasecure.view.VXTrxLogList; - -@Path("assets") -@Component -@Scope("request") -@XAAnnotationJSMgrName("AssetMgr") -@Transactional(propagation = Propagation.REQUIRES_NEW) -public class AssetREST { - static Logger logger = Logger.getLogger(AssetREST.class); - - @Autowired - XASearchUtil searchUtil; - - @Autowired - AssetMgr assetMgr; - - @Autowired - XAssetService xAssetService; - - @Autowired - XResourceService xResourceService; - - @Autowired - XPolicyService xPolicyService; - - @Autowired - XCredentialStoreService xCredentialStoreService; - - @Autowired - XAgentService xAgentService; - - @Autowired - RESTErrorUtil restErrorUtil; - - @Autowired - XPolicyExportAuditService xPolicyExportAudits; - - @Autowired - XTrxLogService xTrxLogService; - - @Autowired - XABizUtil msBizUtil; - - @Autowired - XAccessAuditService xAccessAuditService; - - @GET - @Path("/assets/{id}") - @Produces({ "application/xml", "application/json" }) - public VXAsset getXAsset(@PathParam("id") Long id) { - return assetMgr.getXAsset(id); - } - - @POST - @Path("/assets") - @Produces({ "application/xml", "application/json" }) - public VXAsset createXAsset(VXAsset vXAsset) { - return assetMgr.createXAsset(vXAsset); - } - - @PUT - @Path("/assets/{id}") - @Produces({ "application/xml", "application/json" }) - public VXAsset updateXAsset(VXAsset vXAsset) { - return assetMgr.updateXAsset(vXAsset); - } - - @DELETE - @Path("/assets/{id}") - @PreAuthorize("hasRole('ROLE_SYS_ADMIN')") - @XAAnnotationClassName(class_name = VXAsset.class) - public void deleteXAsset(@PathParam("id") Long id, - @Context HttpServletRequest request) { - boolean force = true; - assetMgr.deleteXAsset(id, force); - } - - @POST - @Path("/assets/testConfig") - @Produces({ "application/xml", "application/json" }) - public VXResponse testConfig(VXAsset vXAsset) { - return assetMgr.testConfig(vXAsset); - } - - @GET - @Path("/assets") - @Produces({ "application/xml", "application/json" }) - @SuppressWarnings("rawtypes") - public VXAssetList searchXAssets(@Context HttpServletRequest request) { - SearchCriteria searchCriteria = searchUtil.extractCommonCriterias( - request, xAssetService.sortFields); - - searchUtil.extractIntList(request, searchCriteria, "status", "status", - "status"); - // searchUtil.extractStringList(request, searchCriteria, "status", - // "status", "status", null, StringUtil.VALIDATION_TEXT); - Object status = searchCriteria.getParamValue("status"); - if (status == null || ((Collection) status).size() == 0) { - ArrayList<Integer> valueList = new ArrayList<Integer>(); - valueList.add(XACommonEnums.STATUS_DISABLED); - valueList.add(XACommonEnums.STATUS_ENABLED); - searchCriteria.addParam("status", valueList); - } - return assetMgr.searchXAssets(searchCriteria); - } - - @GET - @Path("/assets/count") - @Produces({ "application/xml", "application/json" }) - public VXLong countXAssets(@Context HttpServletRequest request) { - SearchCriteria searchCriteria = searchUtil.extractCommonCriterias( - request, xAssetService.sortFields); - - searchUtil.extractIntList(request, searchCriteria, "status", "status", - "status"); - Object status = searchCriteria.getParamValue("status"); - if (status == null || ((Collection) status).size() == 0) { - ArrayList<Integer> valueList = new ArrayList<Integer>(); - valueList.add(XACommonEnums.STATUS_DISABLED); - valueList.add(XACommonEnums.STATUS_ENABLED); - searchCriteria.addParam("status", valueList); - } - return assetMgr.getXAssetSearchCount(searchCriteria); - } - - @GET - @Path("/resources/{id}") - @Produces({ "application/xml", "application/json" }) - public VXResource getXResource(@PathParam("id") Long id) { - return assetMgr.getXResource(id); - } - - @POST - @Path("/resources") - @Produces({ "application/xml", "application/json" }) - public VXResource createXResource(VXResource vXResource) { - vXResource=assetMgr.createXResource(vXResource); - return vXResource; - - } - - @PUT - @Path("/resources/{id}") - @Produces({ "application/xml", "application/json" }) - public VXResource updateXResource(VXResource vXResource) { - return assetMgr.updateXResource(vXResource); - } - - @DELETE - @Path("/resources/{id}") - @PreAuthorize("hasRole('ROLE_SYS_ADMIN')") - @XAAnnotationClassName(class_name = VXResource.class) - public void deleteXResource(@PathParam("id") Long id, - @Context HttpServletRequest request) { - boolean force = false; - assetMgr.deleteXResource(id, force); - } - - @GET - @Path("/resources") - @Produces({ "application/xml", "application/json" }) - public VXResourceList searchXResources(@Context HttpServletRequest request) { - SearchCriteria searchCriteria = searchUtil.extractCommonCriterias( - request, xResourceService.sortFields); - // searchUtil.extractStringList(request, searchCriteria, "name", "Name", - // "name", null, StringUtil.VALIDATION_TEXT); - - searchUtil.extractString(request, searchCriteria, "name", - "Resource Path", StringUtil.VALIDATION_TEXT); - searchUtil.extractString(request, searchCriteria, "policyName", - "Policy name", StringUtil.VALIDATION_TEXT); - searchUtil.extractString(request, searchCriteria, "columns", - "Column name", StringUtil.VALIDATION_TEXT); - searchUtil.extractString(request, searchCriteria, "columnFamilies", - "Column Family", StringUtil.VALIDATION_TEXT); - searchUtil.extractString(request, searchCriteria, "tables", - "Tables", StringUtil.VALIDATION_TEXT); - searchUtil.extractString(request, searchCriteria, "udfs", - "UDFs", StringUtil.VALIDATION_TEXT); - searchUtil.extractString(request, searchCriteria, "databases", - "Databases", StringUtil.VALIDATION_TEXT); - searchUtil.extractString(request, searchCriteria, "groupName", - "Group Name", StringUtil.VALIDATION_TEXT); - searchUtil.extractInt(request, searchCriteria, "resourceType", - "Resource Type"); - searchUtil.extractInt(request, searchCriteria, "assetType", - "Asset Type"); - searchUtil.extractInt(request, searchCriteria, "isEncrypt", - "Is Encrypt"); - searchUtil.extractInt(request, searchCriteria, "isRecursive", - "Is Recursive"); - searchUtil.extractLong(request, searchCriteria, "assetId", "Asset Id"); - searchUtil.extractString(request, searchCriteria, "userName", - "User Name", StringUtil.VALIDATION_TEXT); - - searchUtil.extractLongList(request, searchCriteria, "userId", - "User Id", "userId"); - // searchUtil.extractLong(request, searchCriteria, "userId", - // "User Id"); - // searchUtil.extractLong(request, searchCriteria, "groupId", - // "Group Id"); - searchUtil.extractLongList(request, searchCriteria, "groupId", - "Group Id", "groupId"); - - searchUtil.extractString(request, searchCriteria, "topologies", - "Topology Name", StringUtil.VALIDATION_TEXT); - searchUtil.extractString(request, searchCriteria, "services", - "Service Name", StringUtil.VALIDATION_TEXT); - - // searchUtil.extractIntList(request, searchCriteria, "status", - // "status", "status"); - - // SearchGroup outerGroup = new SearchGroup(SearchGroup.CONDITION.OR); - // // Get the search fields for objectClassType and objectId - // SearchField userId = null; - // SearchField groupId = null; - // SearchField resourceId = null; - // List<SearchField> searchFields = xResourceService.searchFields; - // for (SearchField searchField : searchFields) { - // if (searchField.getClientFieldName().equals("userId") && - // request.getParameterValues("userId")!=null) { - // userId = searchField; - // } else if (searchField.getClientFieldName().equals("groupId") && - // request.getParameterValues("groupId")!=null) { - // groupId = searchField; - // }else if (searchField.getClientFieldName().equals("name") && - // request.getParameterValues("name")!=null) { - // resourceId = searchField; - // } - // } - // if (groupId != null || userId != null || resourceId != null) { - // SearchGroup innerGroup = new SearchGroup(SearchGroup.CONDITION.AND); - // SearchValue searchValue=null; - // if(userId!=null){ - // searchValue = new SearchValue(userId, - // searchCriteria.getParamValue("userId")); - // - // innerGroup.addValue(searchValue); - // } - // if(groupId!=null){ - // searchValue = new SearchValue(groupId, - // searchCriteria.getParamValue("groupId")); - // innerGroup.addValue(searchValue); - // } - // if(resourceId!=null){ - // - // searchValue = new SearchValue(resourceId, - // searchCriteria.getParamValue("name")); - // innerGroup.addValue(searchValue); - // } - // - // outerGroup.addSearchGroup(innerGroup); - // searchUtil.addSearchGroup(searchCriteria, outerGroup); - // - // } - searchCriteria.setDistinct(true); - - return assetMgr.searchXResources(searchCriteria); - } - - @GET - @Path("/hdfs/resources") - @Produces({ "application/xml", "application/json" }) - public VXStringList pullHdfsResources(@Context HttpServletRequest request) { - String dataSourceName = request.getParameter("dataSourceName"); - String baseDir = request.getParameter("baseDirectory"); - return assetMgr.getHdfsResources(dataSourceName, baseDir); - } - - @GET - @Path("/hive/resources") - @Produces({ "application/xml", "application/json" }) - public VXStringList pullHiveResources(@Context HttpServletRequest request) { - String dataSourceName = request.getParameter("dataSourceName"); - String databaseName = request.getParameter("databaseName"); - String tableName = request.getParameter("tableName"); - String columnName = request.getParameter("columnName"); - return assetMgr.getHiveResources(dataSourceName, databaseName, - tableName, columnName); - } - - @GET - @Path("/hbase/resources") - @Produces({ "application/xml", "application/json" }) - public VXStringList pullHBaseResources(@Context HttpServletRequest request) { - String dataSourceName = request.getParameter("dataSourceName"); - String tableName = request.getParameter("tableName"); - String columnFamiles = request.getParameter("columnFamilies"); - return assetMgr.getHBaseResources(dataSourceName, tableName, - columnFamiles); - } - - @GET - @Path("/knox/resources") - @Produces({ "application/xml", "application/json" }) - public VXStringList pullKnoxResources(@Context HttpServletRequest request) { - String dataSourceName = request.getParameter("dataSourceName"); - String topologyName = request.getParameter("topologyName"); - String serviceName = request.getParameter("serviceName"); - return assetMgr.getKnoxResources(dataSourceName, topologyName, serviceName); - } - - @GET - @Path("/storm/resources") - @Produces({ "application/xml", "application/json" }) - public VXStringList pullStormResources(@Context HttpServletRequest request) { - String dataSourceName = request.getParameter("dataSourceName"); - String topologyName = request.getParameter("topologyName"); - return assetMgr.getStormResources(dataSourceName, topologyName); - } - - @GET - @Path("/resources/count") - @Produces({ "application/xml", "application/json" }) - public VXLong countXResources(@Context HttpServletRequest request) { - SearchCriteria searchCriteria = searchUtil.extractCommonCriterias( - request, xResourceService.sortFields); - - return assetMgr.getXResourceSearchCount(searchCriteria); - } - - @GET - @Path("/credstores/{id}") - @Produces({ "application/xml", "application/json" }) - public VXCredentialStore getXCredentialStore(@PathParam("id") Long id) { - return assetMgr.getXCredentialStore(id); - } - - @POST - @Path("/credstores") - @Produces({ "application/xml", "application/json" }) - public VXCredentialStore createXCredentialStore( - VXCredentialStore vXCredentialStore) { - return assetMgr.createXCredentialStore(vXCredentialStore); - } - - @PUT - @Path("/credstores") - @Produces({ "application/xml", "application/json" }) - public VXCredentialStore updateXCredentialStore( - VXCredentialStore vXCredentialStore) { - return assetMgr.updateXCredentialStore(vXCredentialStore); - } - - @DELETE - @Path("/credstores/{id}") - @PreAuthorize("hasRole('ROLE_SYS_ADMIN')") - @XAAnnotationClassName(class_name = VXCredentialStore.class) - public void deleteXCredentialStore(@PathParam("id") Long id, - @Context HttpServletRequest request) { - boolean force = false; - assetMgr.deleteXCredentialStore(id, force); - } - - @GET - @Path("/credstores") - @Produces({ "application/xml", "application/json" }) - public VXCredentialStoreList searchXCredentialStores( - @Context HttpServletRequest request) { - SearchCriteria searchCriteria = searchUtil.extractCommonCriterias( - request, xCredentialStoreService.sortFields); - return assetMgr.searchXCredentialStores(searchCriteria); - } - - @GET - @Path("/credstores/count") - @Produces({ "application/xml", "application/json" }) - public VXLong countXCredentialStores(@Context HttpServletRequest request) { - SearchCriteria searchCriteria = searchUtil.extractCommonCriterias( - request, xCredentialStoreService.sortFields); - return assetMgr.getXCredentialStoreSearchCount(searchCriteria); - } - - @GET - @Path("/resource/{id}") - public Response getXResourceFile(@Context HttpServletRequest request, - @PathParam("id") Long id) { - String fileType = searchUtil.extractString(request, - new SearchCriteria(), "fileType", "File type", - StringUtil.VALIDATION_TEXT); - - File file = assetMgr.getXResourceFile(id, fileType); - return Response - .ok(file, MediaType.APPLICATION_OCTET_STREAM) - .header("Content-Disposition", - "attachment;filename=" + file.getName()).build(); - } - - @GET - @Path("/policyList/{repository}") - @Encoded - public String getResourceJSON(@Context HttpServletRequest request, - @PathParam("repository") String repository) { - - boolean httpEnabled = PropertiesUtil.getBooleanProperty("http.enabled",true); - String epoch = request.getParameter("epoch"); - - X509Certificate[] certchain = (X509Certificate[]) request.getAttribute( - "javax.servlet.request.X509Certificate"); - - String ipAddress = request.getHeader("X-FORWARDED-FOR"); - if (ipAddress == null) { - ipAddress = request.getRemoteAddr(); - } - - boolean isSecure = request.isSecure(); - - String policyCount = request.getParameter("policyCount"); - String agentId = request.getParameter("agentId"); - -// File file = assetMgr.getLatestRepoPolicy(repository, -// certchain, httpEnabled, epoch, ipAddress, isSecure, policyCount, agentId); - - -// return Response -// .ok(file, MediaType.APPLICATION_OCTET_STREAM) -// .header("Content-Disposition", -// "attachment;filename=" + file.getName()).build(); - - String file = assetMgr.getLatestRepoPolicy(repository, - certchain, httpEnabled, epoch, ipAddress, isSecure, policyCount, agentId); - - return file; - } - - @GET - @Path("/exportAudit") - @Produces({ "application/xml", "application/json" }) - public VXPolicyExportAuditList searchXPolicyExportAudits( - @Context HttpServletRequest request) { - SearchCriteria searchCriteria = searchUtil.extractCommonCriterias( - request, xPolicyExportAudits.sortFields); - searchUtil.extractString(request, searchCriteria, "agentId", - "The XA agent id pulling the policies.", - StringUtil.VALIDATION_TEXT); - searchUtil.extractString(request, searchCriteria, "clientIP", - "The XA agent ip pulling the policies.", - StringUtil.VALIDATION_TEXT); - searchUtil.extractString(request, searchCriteria, "repositoryName", - "Repository name for which export was done.", - StringUtil.VALIDATION_TEXT); - searchUtil.extractInt(request, searchCriteria, "httpRetCode", - "HTTP response code for exported policy."); - searchUtil.extractDate(request, searchCriteria, "startDate", - "Start date for search", null); - searchUtil.extractDate(request, searchCriteria, "endDate", - "End date for search", null); - return assetMgr.searchXPolicyExportAudits(searchCriteria); - } - - @GET - @Path("/report") - @Produces({ "application/xml", "application/json" }) - public VXTrxLogList getReportLogs(@Context HttpServletRequest request){ - SearchCriteria searchCriteria = searchUtil.extractCommonCriterias( - request, xTrxLogService.sortFields); - searchUtil.extractInt(request, searchCriteria, "objectClassType", "Class type for report."); - searchUtil.extractString(request, searchCriteria, "attributeName", - "Attribute Name", StringUtil.VALIDATION_TEXT); - searchUtil.extractString(request, searchCriteria, "action", - "CRUD Action Type", StringUtil.VALIDATION_TEXT); - searchUtil.extractString(request, searchCriteria, "sessionId", - "Session Id", StringUtil.VALIDATION_TEXT); - searchUtil.extractString(request, searchCriteria, "owner", - "Owner", StringUtil.VALIDATION_TEXT); - searchUtil.extractDate(request, searchCriteria, "startDate", "Trasaction date since", "MM/dd/yyyy"); - searchUtil.extractDate(request, searchCriteria, "endDate", "Trasaction date till", "MM/dd/yyyy"); - return assetMgr.getReportLogs(searchCriteria); - } - - @GET - @Path("/report/{transactionId}") - @Produces({ "application/xml", "application/json" }) - public VXTrxLogList getTransactionReport(@Context HttpServletRequest request, - @PathParam("transactionId") String transactionId){ - return assetMgr.getTransactionReport(transactionId); - } - - @GET - @Path("/accessAudit") - @Produces({ "application/xml", "application/json" }) - public VXAccessAuditList getAccessLogs(@Context HttpServletRequest request){ - SearchCriteria searchCriteria = searchUtil.extractCommonCriterias( - request, xAccessAuditService.sortFields); - searchUtil.extractString(request, searchCriteria, "accessType", - "Access Type", StringUtil.VALIDATION_TEXT); - searchUtil.extractString(request, searchCriteria, "aclEnforcer", - "Access Type", StringUtil.VALIDATION_TEXT); - searchUtil.extractString(request, searchCriteria, "agentId", - "Access Type", StringUtil.VALIDATION_TEXT); - searchUtil.extractString(request, searchCriteria, "repoName", - "Access Type", StringUtil.VALIDATION_TEXT); - searchUtil.extractString(request, searchCriteria, "sessionId", - "Access Type", StringUtil.VALIDATION_TEXT); - searchUtil.extractString(request, searchCriteria, "requestUser", - "Access Type", StringUtil.VALIDATION_TEXT); - searchUtil.extractString(request, searchCriteria, "requestData", - "Access Type", StringUtil.VALIDATION_TEXT); - searchUtil.extractString(request, searchCriteria, "resourcePath", - "Access Type", StringUtil.VALIDATION_TEXT); - searchUtil.extractString(request, searchCriteria, "clientIP", - "Client IP", StringUtil.VALIDATION_TEXT); - - searchUtil.extractInt(request, searchCriteria, "auditType", "Audit Type"); - searchUtil.extractInt(request, searchCriteria, "accessResult", "Audit Type"); - searchUtil.extractInt(request, searchCriteria, "assetId", "Audit Type"); - searchUtil.extractLong(request, searchCriteria, "policyId", "Audit Type"); - searchUtil.extractInt(request, searchCriteria, "repoType", "Audit Type"); - - searchUtil.extractDate(request, searchCriteria, "startDate", - "startDate", "MM/dd/yyyy"); - searchUtil.extractDate(request, searchCriteria, "endDate", "endDate", - "MM/dd/yyyy"); - return assetMgr.getAccessLogs(searchCriteria); - } - - @POST - @Path("/resources/grant") - @Produces({ "application/xml", "application/json" }) - public VXPolicy grantPermission(@Context HttpServletRequest request,VXPolicy vXPolicy) { - boolean httpEnabled = PropertiesUtil.getBooleanProperty("http.enabled",true); - X509Certificate[] certchain = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate"); - String ipAddress = request.getHeader("X-FORWARDED-FOR"); - if (ipAddress == null) { - ipAddress = request.getRemoteAddr(); - } - boolean isSecure = request.isSecure(); - String repository=null; - if(vXPolicy!=null){ - repository=vXPolicy.getRepositoryName(); - vXPolicy.setOwner(vXPolicy.getGrantor()); - vXPolicy.setUpdatedBy(vXPolicy.getGrantor()); - } - boolean isValidAuthentication=assetMgr.isValidHttpsAuthentication(repository,certchain,httpEnabled,ipAddress,isSecure); - if(isValidAuthentication){ - VXResource vXResource = xPolicyService.mapPublicToXAObject(vXPolicy,AbstractBaseResourceService.OPERATION_CREATE_CONTEXT); - vXResource=assetMgr.grantXResource(vXResource,vXPolicy); - vXResource.setPermMapList(xPolicyService.updatePermGroup(vXResource)); - xResourceService.updateResource(vXResource); - vXPolicy=xPolicyService.mapXAToPublicObject(vXResource); - vXPolicy.syncResponseWithJsonRequest(); - } - return vXPolicy; - } - - @POST - @Path("/resources/revoke") - @Produces({ "application/xml", "application/json" }) - public VXPolicy revokePermission(@Context HttpServletRequest request,VXPolicy vXPolicy) { - boolean httpEnabled = PropertiesUtil.getBooleanProperty("http.enabled",true); - X509Certificate[] certchain = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate"); - String ipAddress = request.getHeader("X-FORWARDED-FOR"); - if (ipAddress == null) { - ipAddress = request.getRemoteAddr(); - } - boolean isSecure = request.isSecure(); - String repository=null; - if(vXPolicy!=null){ - repository=vXPolicy.getRepositoryName(); - vXPolicy.setOwner(vXPolicy.getGrantor()); - vXPolicy.setUpdatedBy(vXPolicy.getGrantor()); - } - boolean isValidAuthentication=assetMgr.isValidHttpsAuthentication(repository,certchain,httpEnabled,ipAddress,isSecure); - if(isValidAuthentication){ - VXResource vXResource = xPolicyService.mapPublicToXAObject(vXPolicy,AbstractBaseResourceService.OPERATION_CREATE_CONTEXT); - vXResource=assetMgr.revokeXResource(vXResource); - vXResource.setPermMapList(xPolicyService.updatePermGroup(vXResource)); - xResourceService.updateResource(vXResource); - vXPolicy=xPolicyService.mapXAToPublicObject(vXResource); - vXPolicy.syncResponseWithJsonRequest(); - } - return vXPolicy; - } -}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/security-admin/src/main/java/com/xasecure/rest/PublicAPIs.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/com/xasecure/rest/PublicAPIs.java b/security-admin/src/main/java/com/xasecure/rest/PublicAPIs.java deleted file mode 100644 index 15e3ad8..0000000 --- a/security-admin/src/main/java/com/xasecure/rest/PublicAPIs.java +++ /dev/null @@ -1,319 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - - package com.xasecure.rest; - -import java.util.ArrayList; -import java.util.List; - -import javax.servlet.http.HttpServletRequest; -import javax.ws.rs.DELETE; -import javax.ws.rs.GET; -import javax.ws.rs.POST; -import javax.ws.rs.PUT; -import javax.ws.rs.Path; -import javax.ws.rs.PathParam; -import javax.ws.rs.Produces; -import javax.ws.rs.core.Context; - -import org.apache.log4j.Logger; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.annotation.Scope; -import org.springframework.security.access.prepost.PreAuthorize; -import org.springframework.stereotype.Component; -import org.springframework.transaction.annotation.Propagation; -import org.springframework.transaction.annotation.Transactional; - -import com.xasecure.biz.AssetMgr; -import com.xasecure.common.AppConstants; -import com.xasecure.common.MessageEnums; -import com.xasecure.common.RESTErrorUtil; -import com.xasecure.common.SearchCriteria; -import com.xasecure.common.StringUtil; -import com.xasecure.common.XACommonEnums; -import com.xasecure.common.XAConstants; -import com.xasecure.common.XASearchUtil; -import com.xasecure.common.annotation.XAAnnotationClassName; -import com.xasecure.common.annotation.XAAnnotationJSMgrName; -import com.xasecure.db.XADaoManager; -import com.xasecure.service.AbstractBaseResourceService; -import com.xasecure.service.XPolicyService; -import com.xasecure.service.XRepositoryService; -import com.xasecure.service.XAssetService; -import com.xasecure.service.XResourceService; -import com.xasecure.view.VXAsset; -import com.xasecure.view.VXAssetList; -import com.xasecure.view.VXLong; -import com.xasecure.view.VXPolicy; -import com.xasecure.view.VXPolicyList; -import com.xasecure.view.VXRepository; -import com.xasecure.view.VXRepositoryList; -import com.xasecure.view.VXResource; -import com.xasecure.view.VXResourceList; -import com.xasecure.view.VXResponse; - -@Path("public") -@Component -@Scope("request") -@XAAnnotationJSMgrName("PublicMgr") -@Transactional(propagation = Propagation.REQUIRES_NEW) -public class PublicAPIs { - static Logger logger = Logger.getLogger(PublicAPIs.class); - - @Autowired - XASearchUtil searchUtil; - - @Autowired - AssetMgr assetMgr; - - @Autowired - XAssetService xAssetService; - - @Autowired - RESTErrorUtil restErrorUtil; - - @Autowired - XRepositoryService xRepositoryService; - - @Autowired - XResourceService xResourceService; - - @Autowired - XPolicyService xPolicyService; - - @Autowired - StringUtil stringUtil; - - @Autowired - XADaoManager xaDaoMgr; - - @GET - @Path("/api/repository/{id}") - @Produces({ "application/json", "application/xml" }) - public VXRepository getRepository(@PathParam("id") Long id) { - VXAsset vXAsset = assetMgr.getXAsset(id); - return xRepositoryService.mapXAToPublicObject(vXAsset); - } - - @POST - @Path("/api/repository/") - @Produces({ "application/json", "application/xml" }) - public VXRepository createRepository(VXRepository vXRepository) { - VXAsset vXAsset = xRepositoryService.mapPublicToXAObject(vXRepository); - vXAsset = assetMgr.createXAsset(vXAsset); - return xRepositoryService.mapXAToPublicObject(vXAsset); - } - - @PUT - @Path("/api/repository/{id}") - @Produces({ "application/json", "application/xml" }) - public VXRepository updateRepository(VXRepository vXRepository, - @PathParam("id") Long id) { - vXRepository.setId(id); - VXAsset vXAsset = xRepositoryService.mapPublicToXAObject(vXRepository); - vXAsset = assetMgr.updateXAsset(vXAsset); - return xRepositoryService.mapXAToPublicObject(vXAsset); - } - - @DELETE - @Path("/api/repository/{id}") - @PreAuthorize("hasRole('ROLE_SYS_ADMIN')") - @XAAnnotationClassName(class_name = VXAsset.class) - public void deleteRepository(@PathParam("id") Long id, - @Context HttpServletRequest request) { - - String forceStr = request.getParameter("force"); - boolean force = true; - if (!stringUtil.isEmpty(forceStr)) { - force = Boolean.parseBoolean(forceStr.trim()); - } - assetMgr.deleteXAsset(id, force); - } - - // @POST - // @Path("/api/repository/testConfig") - // @Produces({ "application/xml", "application/json" }) - public VXResponse testConfig(VXRepository vXRepository) { - VXAsset vXAsset = xRepositoryService.mapPublicToXAObject(vXRepository); - return assetMgr.testConfig(vXAsset); - } - - @GET - @Path("/api/repository/") - @Produces({ "application/json", "application/xml" }) - public VXRepositoryList searchRepositories( - @Context HttpServletRequest request) { - SearchCriteria searchCriteria = searchUtil.extractCommonCriterias( - request, xAssetService.sortFields); - searchUtil.extractString(request, searchCriteria, "name", - "Repository Name", null); - searchUtil.extractBoolean(request, searchCriteria, "status", - "Activation Status"); - searchUtil.extractString(request, searchCriteria, "type", - "Repository Type", null); - - searchCriteria = xRepositoryService.getMappedSearchParams(request, - searchCriteria); - VXAssetList vXAssetList = assetMgr.searchXAssets(searchCriteria); - - return xRepositoryService.mapToVXRepositoryList(vXAssetList); - } - - @GET - @Path("/api/repository/count") - @Produces({ "application/json", "application/xml" }) - public VXLong countRepositories(@Context HttpServletRequest request) { - SearchCriteria searchCriteria = searchUtil.extractCommonCriterias( - request, xAssetService.sortFields); - - ArrayList<Integer> valueList = new ArrayList<Integer>(); - valueList.add(XAConstants.STATUS_DISABLED); - valueList.add(XAConstants.STATUS_ENABLED); - searchCriteria.addParam("status", valueList); - - return assetMgr.getXAssetSearchCount(searchCriteria); - } - - @GET - @Path("/api/policy/{id}") - @Produces({ "application/json", "application/xml" }) - public VXPolicy getPolicy(@PathParam("id") Long id) { - VXResource vXResource = assetMgr.getXResource(id); - return xPolicyService.mapXAToPublicObject(vXResource); - } - - @POST - @Path("/api/policy") - @Produces({ "application/json", "application/xml" }) - public VXPolicy createPolicy(VXPolicy vXPolicy) { - VXResource vXResource = xPolicyService.mapPublicToXAObject(vXPolicy, - AbstractBaseResourceService.OPERATION_CREATE_CONTEXT); - vXResource = assetMgr.createXResource(vXResource); - vXResource.setPermMapList(xPolicyService.updatePermGroup(vXResource)); - return xPolicyService.mapXAToPublicObject(vXResource); - - } - - @PUT - @Path("/api/policy/{id}") - @Produces({ "application/json", "application/xml" }) - public VXPolicy updatePolicy(VXPolicy vXPolicy, @PathParam("id") Long id) { - vXPolicy.setId(id); - VXResource vXResource = xPolicyService.mapPublicToXAObject(vXPolicy, - AbstractBaseResourceService.OPERATION_UPDATE_CONTEXT); - vXResource = assetMgr.updateXResource(vXResource); - vXResource.setPermMapList(xPolicyService.updatePermGroup(vXResource)); - return xPolicyService.mapXAToPublicObject(vXResource); - } - - @DELETE - @Path("/api/policy/{id}") - @PreAuthorize("hasRole('ROLE_SYS_ADMIN')") - @XAAnnotationClassName(class_name = VXResource.class) - public void deletePolicy(@PathParam("id") Long id, - @Context HttpServletRequest request) { - String forceStr = request.getParameter("force"); - boolean force = true; - if (!stringUtil.isEmpty(forceStr)) { - force = Boolean.parseBoolean(forceStr.trim()); - } - assetMgr.deleteXResource(id, force); - } - - @GET - @Path("/api/policy") - @Produces({ "application/json", "application/xml" }) - public VXPolicyList searchPolicies(@Context HttpServletRequest request) { - SearchCriteria searchCriteria = searchUtil.extractCommonCriterias( - request, xResourceService.sortFields); - - String resourceName = request.getParameter("resourceName"); - if (!stringUtil.isEmpty(resourceName)) { - searchCriteria.getParamList().put("name", resourceName); - } - searchUtil.extractString(request, searchCriteria, "policyName", - "Policy name", StringUtil.VALIDATION_TEXT); - searchUtil.extractString(request, searchCriteria, "columns", - "Column name", StringUtil.VALIDATION_TEXT); - searchUtil.extractString(request, searchCriteria, "columnFamilies", - "Column Family", StringUtil.VALIDATION_TEXT); - searchUtil.extractString(request, searchCriteria, "tables", "Tables", - StringUtil.VALIDATION_TEXT); - searchUtil.extractString(request, searchCriteria, "udfs", "UDFs", - StringUtil.VALIDATION_TEXT); - searchUtil.extractString(request, searchCriteria, "databases", - "Databases", StringUtil.VALIDATION_TEXT); - searchUtil.extractString(request, searchCriteria, "groupName", - "Group Name", StringUtil.VALIDATION_TEXT); - - String repositoryType = request.getParameter("repositoryType"); - if (!stringUtil.isEmpty(repositoryType)) { - searchCriteria.getParamList().put("assetType", - AppConstants.getEnumFor_AssetType(repositoryType)); - } - - String isRec = request.getParameter("isRecursive"); - if (isRec != null) { - boolean isRecursiveBool = restErrorUtil.parseBoolean(isRec, - "Invalid value for " + "isRecursive", - MessageEnums.INVALID_INPUT_DATA, null, "isRecursive"); - int isRecursive = (isRecursiveBool == true) ? XAConstants.BOOL_TRUE - : XAConstants.BOOL_FALSE; - searchCriteria.getParamList().put("isRecursive", isRecursive); - } - - searchUtil.extractString(request, searchCriteria, "userName", - "User Name", StringUtil.VALIDATION_TEXT); - searchUtil.extractString(request, searchCriteria, "repositoryName", - "Repository Name", StringUtil.VALIDATION_TEXT); - - String resStatus = request.getParameter("isEnabled"); - List<Integer> resList = new ArrayList<Integer>(); - if (stringUtil.isEmpty(resStatus)) { - resList.add(XACommonEnums.STATUS_ENABLED); - resList.add(XACommonEnums.STATUS_DISABLED); - } else { - boolean policyStatus = restErrorUtil.parseBoolean(resStatus, - "Invalid value for " + "isEnabled", - MessageEnums.INVALID_INPUT_DATA, null, "isEnabled"); - int policyStat = (policyStatus) ? XACommonEnums.STATUS_ENABLED - : XACommonEnums.STATUS_DISABLED; - resList.add(policyStat); - } - searchCriteria.getParamList().put("resourceStatus", resList); - - searchCriteria.setDistinct(true); - - VXResourceList vXResourceList = assetMgr - .searchXResources(searchCriteria); - return xPolicyService.mapToVXPolicyList(vXResourceList); - } - - @GET - @Path("/api/policy/count") - @Produces({ "application/xml", "application/json" }) - public VXLong countPolicies(@Context HttpServletRequest request) { - SearchCriteria searchCriteria = searchUtil.extractCommonCriterias( - request, xResourceService.sortFields); - - - return assetMgr.getXResourceSearchCount(searchCriteria); - } - -} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/security-admin/src/main/java/com/xasecure/rest/UserREST.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/com/xasecure/rest/UserREST.java b/security-admin/src/main/java/com/xasecure/rest/UserREST.java deleted file mode 100644 index 3bc6fef..0000000 --- a/security-admin/src/main/java/com/xasecure/rest/UserREST.java +++ /dev/null @@ -1,332 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - - package com.xasecure.rest; - -import javax.servlet.http.HttpServletRequest; -import javax.ws.rs.Consumes; -import javax.ws.rs.GET; -import javax.ws.rs.POST; -import javax.ws.rs.PUT; -import javax.ws.rs.Path; -import javax.ws.rs.PathParam; -import javax.ws.rs.Produces; -import javax.ws.rs.QueryParam; -import javax.ws.rs.core.Context; - -import com.xasecure.biz.UserMgr; -import com.xasecure.common.XAConstants; -import com.xasecure.common.XAConfigUtil; -import com.xasecure.common.MessageEnums; -import com.xasecure.common.RESTErrorUtil; -import com.xasecure.common.SearchCriteria; -import com.xasecure.common.SearchUtil; -import com.xasecure.common.StringUtil; -import com.xasecure.entity.XXPortalUser; -import com.xasecure.view.VXPasswordChange; -import com.xasecure.view.VXResponse; -import com.xasecure.view.VXStringList; -import com.xasecure.view.VXPortalUser; -import com.xasecure.view.VXPortalUserList; -import com.xasecure.util.XARestUtil; - -import org.apache.log4j.Logger; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.annotation.Scope; -import org.springframework.security.access.prepost.PreAuthorize; -import org.springframework.stereotype.Component; -import org.springframework.transaction.annotation.Propagation; -import org.springframework.transaction.annotation.Transactional; - -import com.xasecure.common.annotation.XAAnnotationClassName; -import com.xasecure.common.annotation.XAAnnotationJSMgrName; -import com.xasecure.common.annotation.XAAnnotationRestAPI; -import com.xasecure.db.XADaoManager; - - -@Path("users") -@Component -@Scope("request") -@XAAnnotationJSMgrName("UserMgr") -@Transactional(propagation = Propagation.REQUIRES_NEW) -public class UserREST { - static Logger logger = Logger.getLogger(UserREST.class); - - @Autowired - StringUtil stringUtil; - - @Autowired - XADaoManager daoManager; - - @Autowired - XAConfigUtil configUtil; - - @Autowired - RESTErrorUtil restErrorUtil; - - @Autowired - SearchUtil searchUtil; - - @Autowired - UserMgr userManager; - - @Autowired - XARestUtil msRestUtil; - - /** - * Implements the traditional search functionalities for UserProfile - * - * @param request - * @return - */ - @GET - @Produces({ "application/xml", "application/json" }) - @PreAuthorize("hasRole('ROLE_SYS_ADMIN')") - public VXPortalUserList searchUsers(@Context HttpServletRequest request) { - String[] approvedSortByParams = new String[] { "requestDate", - "approvedDate", "activationDate", "emailAddress", "firstName", - "lastName" }; - @SuppressWarnings("deprecation") - SearchCriteria searchCriteria = searchUtil.extractCommonCriterias( - request, approvedSortByParams); - - // userId - searchUtil.extractLong(request, searchCriteria, "userId", "User Id"); - - // loginId - searchUtil.extractString(request, searchCriteria, "loginId", - "Login Id", null); - - // emailAddress - searchUtil.extractString(request, searchCriteria, "emailAddress", - "Email Address", null); - - // firstName - searchUtil.extractString(request, searchCriteria, "firstName", - "First Name", StringUtil.VALIDATION_NAME); - - // lastName - searchUtil.extractString(request, searchCriteria, "lastName", - "Last Name", StringUtil.VALIDATION_NAME); - - // status - searchUtil.extractEnum(request, searchCriteria, "status", "Status", - "statusList", XAConstants.ActivationStatus_MAX); - - // publicScreenName - searchUtil.extractString(request, searchCriteria, "publicScreenName", - "Public Screen Name", StringUtil.VALIDATION_NAME); - // roles - searchUtil.extractStringList(request, searchCriteria, "role", "Role", - "roleList", configUtil.getRoles(), StringUtil.VALIDATION_NAME); - - return userManager.searchUsers(searchCriteria); - } - - /** - * Return the VUserProfile for the given userId - * - * @param userId - * @return - */ - @GET - @Path("{userId}") - @Produces({ "application/xml", "application/json" }) - public VXPortalUser getUserProfileForUser(@PathParam("userId") Long userId) { - try { - VXPortalUser userProfile = userManager.getUserProfile(userId); - if (userProfile != null) { - if (logger.isDebugEnabled()) { - logger.debug("getUserProfile() Found User userId=" + userId); - } - } else { - logger.debug("getUserProfile() Not found userId=" + userId); - } - return userProfile; - } catch (Throwable t) { - logger.error("getUserProfile() no user session. error=" - + t.toString()); - } - return null; - } - - @POST - @Consumes({ "application/json", "application/xml" }) - @Produces({ "application/xml", "application/json" }) - @PreAuthorize("hasRole('ROLE_SYS_ADMIN')") - public VXPortalUser create(VXPortalUser userProfile, - @Context HttpServletRequest servletRequest) { - logger.info("create:" + userProfile.getEmailAddress()); - - return userManager.createUser(userProfile); - } - - // API to add user with default account - @POST - @Path("/default") - @Consumes({ "application/json", "application/xml" }) - @Produces({ "application/xml", "application/json" }) - @PreAuthorize("hasRole('ROLE_SYS_ADMIN')") - public VXPortalUser createDefaultAccountUser(VXPortalUser userProfile, - @Context HttpServletRequest servletRequest) { - logger.info("create:" + userProfile.getEmailAddress()); - return userManager.createDefaultAccountUser(userProfile); - } - - - @PUT - @Consumes({ "application/json", "application/xml" }) - @Produces({ "application/xml", "application/json" }) - @XAAnnotationRestAPI(updates_classes = "VUserProfile") - public VXPortalUser update(VXPortalUser userProfile, - @Context HttpServletRequest servletRequest) { - logger.info("update:" + userProfile.getEmailAddress()); - XXPortalUser gjUser = daoManager.getXXPortalUser().getById(userProfile.getId()); - userManager.checkAccess(gjUser); - if (gjUser != null) { - msRestUtil.validateVUserProfileForUpdate(gjUser, userProfile); - gjUser = userManager.updateUser(userProfile); - return userManager.mapXXPortalUserVXPortalUser(gjUser); - } else { - logger.info("update(): Invalid userId provided: userId=" - + userProfile.getId()); - throw restErrorUtil.createRESTException("serverMsg.userRestUser", - MessageEnums.DATA_NOT_FOUND, null, null, - userProfile.toString()); - } - } - - @PUT - @Path("/{userId}/roles") - @Produces({ "application/xml", "application/json" }) - public VXResponse setUserRoles(@PathParam("userId") Long userId, - VXStringList roleList) { - userManager.checkAccess(userId); - userManager.setUserRoles(userId, roleList.getVXStrings()); - VXResponse response = new VXResponse(); - response.setStatusCode(VXResponse.STATUS_SUCCESS); - return response; - } - - /** - * Deactivate the user - * - * @param userId - * @return - */ - @POST - @Path("{userId}/deactivate") - @Produces({ "application/xml", "application/json" }) - @PreAuthorize("hasRole('ROLE_SYS_ADMIN')") - @XAAnnotationClassName(class_name = VXPortalUser.class) - public VXPortalUser deactivateUser(@PathParam("userId") Long userId) { - XXPortalUser gjUser = daoManager.getXXPortalUser().getById(userId); - if (gjUser == null) { - logger.info("update(): Invalid userId provided: userId=" + userId); - throw restErrorUtil.createRESTException("serverMsg.userRestUser", - MessageEnums.DATA_NOT_FOUND, null, null, "" + userId); - } - return userManager.deactivateUser(gjUser); - } - - /** - * This method returns the VUserProfile for the current session - * - * @param request - * @return - */ - @GET - @Path("/profile") - @Produces({ "application/xml", "application/json" }) - public VXPortalUser getUserProfile(@Context HttpServletRequest request) { - try { - logger.debug("getUserProfile(). httpSessionId=" - + request.getSession().getId()); - VXPortalUser userProfile = userManager.getUserProfileByLoginId(); - return userProfile; - } catch (Throwable t) { - logger.error( - "getUserProfile() no user session. error=" + t.toString(), - t); - } - return null; - } - - @GET - @Path("/firstnames") - @Produces({ "application/xml", "application/json" }) - public String suggestUserFirstName(@QueryParam("letters") String letters, - @Context HttpServletRequest req) { - return null; - } - - /** - * @param userId - * @param changePassword - * @return - */ - @POST - @Path("{userId}/passwordchange") - @Produces({ "application/xml", "application/json" }) - public VXResponse changePassword(@PathParam("userId") Long userId, - VXPasswordChange changePassword) { - logger.info("changePassword:" + userId); - - XXPortalUser gjUser = daoManager.getXXPortalUser().getById(userId); - if (gjUser == null) { - logger.warn("SECURITY:changePassword(): Invalid userId provided: userId=" - + userId); - throw restErrorUtil.createRESTException("serverMsg.userRestUser", - MessageEnums.DATA_NOT_FOUND, null, null, "" + userId); - } - - userManager.checkAccess(gjUser); - changePassword.setId(userId); - VXResponse ret = userManager.changePassword(changePassword); - return ret; - } - - /** - * - * @param userId - * @param changeEmail - * @return - */ - @POST - @Path("{userId}/emailchange") - @Produces({ "application/xml", "application/json" }) - public VXPortalUser changeEmailAddress(@PathParam("userId") Long userId, - VXPasswordChange changeEmail) { - logger.info("changeEmail:" + userId); - - XXPortalUser gjUser = daoManager.getXXPortalUser().getById(userId); - if (gjUser == null) { - logger.warn("SECURITY:changeEmail(): Invalid userId provided: userId=" - + userId); - throw restErrorUtil.createRESTException("serverMsg.userRestUser", - MessageEnums.DATA_NOT_FOUND, null, null, "" + userId); - } - - userManager.checkAccess(gjUser); - changeEmail.setId(userId); - VXPortalUser ret = userManager.changeEmailAddress(gjUser, changeEmail); - return ret; - } - -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/security-admin/src/main/java/com/xasecure/rest/XAuditREST.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/com/xasecure/rest/XAuditREST.java b/security-admin/src/main/java/com/xasecure/rest/XAuditREST.java deleted file mode 100644 index 9afacba..0000000 --- a/security-admin/src/main/java/com/xasecure/rest/XAuditREST.java +++ /dev/null @@ -1,150 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - - package com.xasecure.rest; - -import javax.servlet.http.HttpServletRequest; -import javax.ws.rs.*; -import javax.ws.rs.core.*; - -import com.xasecure.common.SearchCriteria; -import com.xasecure.common.SearchUtil; -import com.xasecure.service.*; -import com.xasecure.biz.*; -import com.xasecure.view.*; - -import com.xasecure.rest.*; -import com.xasecure.biz.*; -import com.xasecure.common.annotation.XAAnnotationClassName; -import com.xasecure.common.annotation.XAAnnotationJSMgrName; -import com.xasecure.view.*; -import com.xasecure.service.*; - -import org.apache.log4j.Logger; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.annotation.Scope; -import org.springframework.security.access.prepost.PreAuthorize; -import org.springframework.stereotype.Component; -import org.springframework.transaction.annotation.Propagation; -import org.springframework.transaction.annotation.Transactional; - -@Path("xaudit") -@Component -@Scope("request") -@XAAnnotationJSMgrName("XAuditMgr") -@Transactional(propagation = Propagation.REQUIRES_NEW) -public class XAuditREST { - static Logger logger = Logger.getLogger(XAuditREST.class); - - @Autowired - SearchUtil searchUtil; - - @Autowired - XAuditMgr xAuditMgr; - - @Autowired - XTrxLogService xTrxLogService; - - @Autowired - XAccessAuditService xAccessAuditService; - // Handle XTrxLog - @GET - @Path("/trx_log/{id}") - @Produces({ "application/xml", "application/json" }) - public VXTrxLog getXTrxLog( - @PathParam("id") Long id) { - return xAuditMgr.getXTrxLog(id); - } - - @POST - @Path("/trx_log") - @Produces({ "application/xml", "application/json" }) - public VXTrxLog createXTrxLog(VXTrxLog vXTrxLog) { - return xAuditMgr.createXTrxLog(vXTrxLog); - } - - @PUT - @Path("/trx_log") - @Produces({ "application/xml", "application/json" }) - public VXTrxLog updateXTrxLog(VXTrxLog vXTrxLog) { - return xAuditMgr.updateXTrxLog(vXTrxLog); - } - - @DELETE - @Path("/trx_log/{id}") - @PreAuthorize("hasRole('ROLE_SYS_ADMIN')") - @XAAnnotationClassName(class_name = VXTrxLog.class) - public void deleteXTrxLog(@PathParam("id") Long id, - @Context HttpServletRequest request) { - boolean force = false; - xAuditMgr.deleteXTrxLog(id, force); - } - - /** - * Implements the traditional search functionalities for XTrxLogs - * - * @param request - * @return - */ - @GET - @Path("/trx_log") - @Produces({ "application/xml", "application/json" }) - public VXTrxLogList searchXTrxLogs(@Context HttpServletRequest request) { - SearchCriteria searchCriteria = searchUtil.extractCommonCriterias( - request, xTrxLogService.sortFields); - return xAuditMgr.searchXTrxLogs(searchCriteria); - } - - @GET - @Path("/trx_log/count") - @Produces({ "application/xml", "application/json" }) - public VXLong countXTrxLogs(@Context HttpServletRequest request) { - SearchCriteria searchCriteria = searchUtil.extractCommonCriterias( - request, xTrxLogService.sortFields); - - return xAuditMgr.getXTrxLogSearchCount(searchCriteria); - } - - - /** - * Implements the traditional search functionalities for XAccessAudits - * - * @param request - * @return - */ - @GET - @Path("/access_audit") - @Produces({ "application/xml", "application/json" }) - public VXAccessAuditList searchXAccessAudits(@Context HttpServletRequest request) { - SearchCriteria searchCriteria = searchUtil.extractCommonCriterias( - request, xAccessAuditService.sortFields); - return xAuditMgr.searchXAccessAudits(searchCriteria); - } - - @GET - @Path("/access_audit/count") - @Produces({ "application/xml", "application/json" }) - public VXLong countXAccessAudits(@Context HttpServletRequest request) { - SearchCriteria searchCriteria = searchUtil.extractCommonCriterias( - request, xAccessAuditService.sortFields); - - return xAuditMgr.getXAccessAuditSearchCount(searchCriteria); - } - -} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/security-admin/src/main/java/com/xasecure/rest/XUserREST.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/com/xasecure/rest/XUserREST.java b/security-admin/src/main/java/com/xasecure/rest/XUserREST.java deleted file mode 100644 index 8a4f875..0000000 --- a/security-admin/src/main/java/com/xasecure/rest/XUserREST.java +++ /dev/null @@ -1,594 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - - package com.xasecure.rest; - -import javax.servlet.http.HttpServletRequest; -import javax.ws.rs.*; -import javax.ws.rs.core.*; - -import com.xasecure.biz.SessionMgr; -import com.xasecure.common.XAConstants; -import com.xasecure.common.DateUtil; -import com.xasecure.common.RESTErrorUtil; -import com.xasecure.common.SearchCriteria; -import com.xasecure.common.SearchField; -import com.xasecure.common.SearchUtil; -import com.xasecure.common.StringUtil; -import com.xasecure.entity.XXAuthSession; -import com.xasecure.service.AuthSessionService; -import com.xasecure.view.*; - -import org.apache.log4j.Logger; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.annotation.Scope; -import org.springframework.security.access.prepost.PreAuthorize; -import org.springframework.stereotype.Component; -import org.springframework.transaction.annotation.Propagation; -import org.springframework.transaction.annotation.Transactional; - -import com.xasecure.biz.*; -import com.xasecure.common.annotation.XAAnnotationClassName; -import com.xasecure.common.annotation.XAAnnotationJSMgrName; -import com.xasecure.db.XADaoManager; -import com.xasecure.service.*; -import com.xasecure.view.*; - -@Path("xusers") -@Component -@Scope("request") -@XAAnnotationJSMgrName("XUserMgr") -@Transactional(propagation = Propagation.REQUIRES_NEW) -public class XUserREST { - static Logger logger = Logger.getLogger(XUserREST.class); - - @Autowired - SearchUtil searchUtil; - - @Autowired - XUserMgr xUserMgr; - - @Autowired - XGroupService xGroupService; - - @Autowired - XUserService xUserService; - - @Autowired - XGroupUserService xGroupUserService; - - @Autowired - XGroupGroupService xGroupGroupService; - - @Autowired - XPermMapService xPermMapService; - - @Autowired - XAuditMapService xAuditMapService; - - @Autowired - RESTErrorUtil restErrorUtil; - - @Autowired - XADaoManager xADaoManager; - - @Autowired - SessionMgr sessionMgr; - - @Autowired - AuthSessionService authSessionService; - - // Handle XGroup - @GET - @Path("/groups/{id}") - @Produces({ "application/xml", "application/json" }) - public VXGroup getXGroup(@PathParam("id") Long id) { - return xUserMgr.getXGroup(id); - } - - @GET - @Path("/secure/groups/{id}") - @Produces({ "application/xml", "application/json" }) - public VXGroup secureGetXGroup(@PathParam("id") Long id) { - return xUserMgr.getXGroup(id); - } - - @POST - @Path("/groups") - @Produces({ "application/xml", "application/json" }) - public VXGroup createXGroup(VXGroup vXGroup) { - return xUserMgr.createXGroupWithoutLogin(vXGroup); - } - - @POST - @Path("/secure/groups") - @Produces({ "application/xml", "application/json" }) - public VXGroup secureCreateXGroup(VXGroup vXGroup) { - return xUserMgr.createXGroup(vXGroup); - } - - @PUT - @Path("/groups") - @Produces({ "application/xml", "application/json" }) - public VXGroup updateXGroup(VXGroup vXGroup) { - return xUserMgr.updateXGroup(vXGroup); - } - - @PUT - @Path("/secure/groups/{id}") - @Produces({ "application/xml", "application/json" }) - public VXGroup secureUpdateXGroup(VXGroup vXGroup) { - return xUserMgr.updateXGroup(vXGroup); - } - - - @DELETE - @Path("/groups/{id}") - @PreAuthorize("hasRole('ROLE_SYS_ADMIN')") - @XAAnnotationClassName(class_name = VXGroup.class) - public void deleteXGroup(@PathParam("id") Long id, - @Context HttpServletRequest request) { - boolean force = true; - xUserMgr.deleteXGroup(id, force); - } - - /** - * Implements the traditional search functionalities for XGroups - * - * @param request - * @return - */ - @GET - @Path("/groups") - @Produces({ "application/xml", "application/json" }) - public VXGroupList searchXGroups(@Context HttpServletRequest request) { - SearchCriteria searchCriteria = searchUtil.extractCommonCriterias( - request, xGroupService.sortFields); - searchUtil.extractString(request, searchCriteria, "name", "group name", - StringUtil.VALIDATION_NAME); - searchUtil.extractString(request, searchCriteria, "groupSource", "group source", - StringUtil.VALIDATION_NAME); - return xUserMgr.searchXGroups(searchCriteria); - } - - @GET - @Path("/groups/count") - @Produces({ "application/xml", "application/json" }) - public VXLong countXGroups(@Context HttpServletRequest request) { - SearchCriteria searchCriteria = searchUtil.extractCommonCriterias( - request, xGroupService.sortFields); - - return xUserMgr.getXGroupSearchCount(searchCriteria); - } - - // Handle XUser - @GET - @Path("/users/{id}") - @Produces({ "application/xml", "application/json" }) - public VXUser getXUser(@PathParam("id") Long id) { - return xUserMgr.getXUser(id); - } - - @GET - @Path("/secure/users/{id}") - @Produces({ "application/xml", "application/json" }) - public VXUser secureGetXUser(@PathParam("id") Long id) { - return xUserMgr.getXUser(id); - } - - @POST - @Path("/users") - @Produces({ "application/xml", "application/json" }) - public VXUser createXUser(VXUser vXUser) { - return xUserMgr.createXUserWithOutLogin(vXUser); - } - - @POST - @Path("/secure/users") - @Produces({ "application/xml", "application/json" }) - public VXUser secureCreateXUser(VXUser vXUser) { - return xUserMgr.createXUser(vXUser); - } - - @PUT - @Path("/users") - @Produces({ "application/xml", "application/json" }) - public VXUser updateXUser(VXUser vXUser) { - return xUserMgr.updateXUser(vXUser); - } - - @PUT - @Path("/secure/users/{id}") - @Produces({ "application/xml", "application/json" }) - public VXUser secureUpdateXUser(VXUser vXUser) { - return xUserMgr.updateXUser(vXUser); - } - - @DELETE - @Path("/users/{id}") - @PreAuthorize("hasRole('ROLE_SYS_ADMIN')") - @XAAnnotationClassName(class_name = VXUser.class) - public void deleteXUser(@PathParam("id") Long id, - @Context HttpServletRequest request) { - boolean force = true; - xUserMgr.deleteXUser(id, force); - } - - /** - * Implements the traditional search functionalities for XUsers - * - * @param request - * @return - */ - @GET - @Path("/users") - @Produces({ "application/xml", "application/json" }) - public VXUserList searchXUsers(@Context HttpServletRequest request) { - SearchCriteria searchCriteria = searchUtil.extractCommonCriterias( - request, xUserService.sortFields); - - searchUtil.extractString(request, searchCriteria, "name", "User name", - StringUtil.VALIDATION_TEXT); - searchUtil.extractString(request, searchCriteria, "emailAddress", "Email Address", - null); - searchUtil.extractInt(request, searchCriteria, "userSource", "User Source"); - searchUtil.extractString(request, searchCriteria, "userRoleList", "User Role", - null); - return xUserMgr.searchXUsers(searchCriteria); - } - - @GET - @Path("/users/count") - @Produces({ "application/xml", "application/json" }) - public VXLong countXUsers(@Context HttpServletRequest request) { - SearchCriteria searchCriteria = searchUtil.extractCommonCriterias( - request, xUserService.sortFields); - - return xUserMgr.getXUserSearchCount(searchCriteria); - } - - // Handle XGroupUser - @GET - @Path("/groupusers/{id}") - @Produces({ "application/xml", "application/json" }) - public VXGroupUser getXGroupUser(@PathParam("id") Long id) { - return xUserMgr.getXGroupUser(id); - } - - @POST - @Path("/groupusers") - @Produces({ "application/xml", "application/json" }) - public VXGroupUser createXGroupUser(VXGroupUser vXGroupUser) { - return xUserMgr.createXGroupUser(vXGroupUser); - } - - @PUT - @Path("/groupusers") - @Produces({ "application/xml", "application/json" }) - public VXGroupUser updateXGroupUser(VXGroupUser vXGroupUser) { - return xUserMgr.updateXGroupUser(vXGroupUser); - } - - @DELETE - @Path("/groupusers/{id}") - @PreAuthorize("hasRole('ROLE_SYS_ADMIN')") - @XAAnnotationClassName(class_name = VXGroupUser.class) - public void deleteXGroupUser(@PathParam("id") Long id, - @Context HttpServletRequest request) { - boolean force = true; - xUserMgr.deleteXGroupUser(id, force); - } - - /** - * Implements the traditional search functionalities for XGroupUsers - * - * @param request - * @return - */ - @GET - @Path("/groupusers") - @Produces({ "application/xml", "application/json" }) - public VXGroupUserList searchXGroupUsers(@Context HttpServletRequest request) { - SearchCriteria searchCriteria = searchUtil.extractCommonCriterias( - request, xGroupUserService.sortFields); - return xUserMgr.searchXGroupUsers(searchCriteria); - } - - @GET - @Path("/groupusers/count") - @Produces({ "application/xml", "application/json" }) - public VXLong countXGroupUsers(@Context HttpServletRequest request) { - SearchCriteria searchCriteria = searchUtil.extractCommonCriterias( - request, xGroupUserService.sortFields); - - return xUserMgr.getXGroupUserSearchCount(searchCriteria); - } - - // Handle XGroupGroup - @GET - @Path("/groupgroups/{id}") - @Produces({ "application/xml", "application/json" }) - public VXGroupGroup getXGroupGroup(@PathParam("id") Long id) { - return xUserMgr.getXGroupGroup(id); - } - - @POST - @Path("/groupgroups") - @Produces({ "application/xml", "application/json" }) - public VXGroupGroup createXGroupGroup(VXGroupGroup vXGroupGroup) { - return xUserMgr.createXGroupGroup(vXGroupGroup); - } - - @PUT - @Path("/groupgroups") - @Produces({ "application/xml", "application/json" }) - public VXGroupGroup updateXGroupGroup(VXGroupGroup vXGroupGroup) { - return xUserMgr.updateXGroupGroup(vXGroupGroup); - } - - @DELETE - @Path("/groupgroups/{id}") - @PreAuthorize("hasRole('ROLE_SYS_ADMIN')") - @XAAnnotationClassName(class_name = VXGroupGroup.class) - public void deleteXGroupGroup(@PathParam("id") Long id, - @Context HttpServletRequest request) { - boolean force = false; - xUserMgr.deleteXGroupGroup(id, force); - } - - /** - * Implements the traditional search functionalities for XGroupGroups - * - * @param request - * @return - */ - @GET - @Path("/groupgroups") - @Produces({ "application/xml", "application/json" }) - public VXGroupGroupList searchXGroupGroups( - @Context HttpServletRequest request) { - SearchCriteria searchCriteria = searchUtil.extractCommonCriterias( - request, xGroupGroupService.sortFields); - return xUserMgr.searchXGroupGroups(searchCriteria); - } - - @GET - @Path("/groupgroups/count") - @Produces({ "application/xml", "application/json" }) - public VXLong countXGroupGroups(@Context HttpServletRequest request) { - SearchCriteria searchCriteria = searchUtil.extractCommonCriterias( - request, xGroupGroupService.sortFields); - - return xUserMgr.getXGroupGroupSearchCount(searchCriteria); - } - - // Handle XPermMap - @GET - @Path("/permmaps/{id}") - @Produces({ "application/xml", "application/json" }) - public VXPermMap getXPermMap(@PathParam("id") Long id) { - return xUserMgr.getXPermMap(id); - } - - @POST - @Path("/permmaps") - @Produces({ "application/xml", "application/json" }) - public VXPermMap createXPermMap(VXPermMap vXPermMap) { - return xUserMgr.createXPermMap(vXPermMap); - } - - @PUT - @Path("/permmaps") - @Produces({ "application/xml", "application/json" }) - public VXPermMap updateXPermMap(VXPermMap vXPermMap) { - return xUserMgr.updateXPermMap(vXPermMap); - } - - @DELETE - @Path("/permmaps/{id}") - @PreAuthorize("hasRole('ROLE_SYS_ADMIN')") - @XAAnnotationClassName(class_name = VXPermMap.class) - public void deleteXPermMap(@PathParam("id") Long id, - @Context HttpServletRequest request) { - boolean force = false; - xUserMgr.deleteXPermMap(id, force); - } - - /** - * Implements the traditional search functionalities for XPermMaps - * - * @param request - * @return - */ - @GET - @Path("/permmaps") - @Produces({ "application/xml", "application/json" }) - public VXPermMapList searchXPermMaps(@Context HttpServletRequest request) { - SearchCriteria searchCriteria = searchUtil.extractCommonCriterias( - request, xPermMapService.sortFields); - return xUserMgr.searchXPermMaps(searchCriteria); - } - - @GET - @Path("/permmaps/count") - @Produces({ "application/xml", "application/json" }) - public VXLong countXPermMaps(@Context HttpServletRequest request) { - SearchCriteria searchCriteria = searchUtil.extractCommonCriterias( - request, xPermMapService.sortFields); - - return xUserMgr.getXPermMapSearchCount(searchCriteria); - } - - // Handle XAuditMap - @GET - @Path("/auditmaps/{id}") - @Produces({ "application/xml", "application/json" }) - public VXAuditMap getXAuditMap(@PathParam("id") Long id) { - return xUserMgr.getXAuditMap(id); - } - - @POST - @Path("/auditmaps") - @Produces({ "application/xml", "application/json" }) - public VXAuditMap createXAuditMap(VXAuditMap vXAuditMap) { - return xUserMgr.createXAuditMap(vXAuditMap); - } - - @PUT - @Path("/auditmaps") - @Produces({ "application/xml", "application/json" }) - public VXAuditMap updateXAuditMap(VXAuditMap vXAuditMap) { - return xUserMgr.updateXAuditMap(vXAuditMap); - } - - @DELETE - @Path("/auditmaps/{id}") - @PreAuthorize("hasRole('ROLE_SYS_ADMIN')") - @XAAnnotationClassName(class_name = VXAuditMap.class) - public void deleteXAuditMap(@PathParam("id") Long id, - @Context HttpServletRequest request) { - boolean force = false; - xUserMgr.deleteXAuditMap(id, force); - } - - /** - * Implements the traditional search functionalities for XAuditMaps - * - * @param request - * @return - */ - @GET - @Path("/auditmaps") - @Produces({ "application/xml", "application/json" }) - public VXAuditMapList searchXAuditMaps(@Context HttpServletRequest request) { - SearchCriteria searchCriteria = searchUtil.extractCommonCriterias( - request, xAuditMapService.sortFields); - return xUserMgr.searchXAuditMaps(searchCriteria); - } - - @GET - @Path("/auditmaps/count") - @Produces({ "application/xml", "application/json" }) - public VXLong countXAuditMaps(@Context HttpServletRequest request) { - SearchCriteria searchCriteria = searchUtil.extractCommonCriterias( - request, xAuditMapService.sortFields); - - return xUserMgr.getXAuditMapSearchCount(searchCriteria); - } - - // Handle XUser - @GET - @Path("/users/userName/{userName}") - @Produces({ "application/xml", "application/json" }) - public VXUser getXUserByUserName(@Context HttpServletRequest request, - @PathParam("userName") String userName) { - return xUserMgr.getXUserByUserName(userName); - } - - @GET - @Path("/groups/groupName/{groupName}") - @Produces({ "application/xml", "application/json" }) - public VXGroup getXGroupByGroupName(@Context HttpServletRequest request, - @PathParam("groupName") String groupName) { - return xGroupService.getGroupByGroupName(groupName); - } - - @DELETE - @Path("/users/userName/{userName}") - public void deleteXUserByUserName(@PathParam("userName") String userName, - @Context HttpServletRequest request) { - boolean force = true; - VXUser vxUser = xUserService.getXUserByUserName(userName); - xUserMgr.deleteXUser(vxUser.getId(), force); - } - - @DELETE - @Path("/groups/groupName/{groupName}") - public void deleteXGroupByGroupName( - @PathParam("groupName") String groupName, - @Context HttpServletRequest request) { - boolean force = true; - VXGroup vxGroup = xGroupService.getGroupByGroupName(groupName); - xUserMgr.deleteXGroup(vxGroup.getId(), force); - } - - // @POST - // @Path("/group/{groupName}/user/{userName}") - // @Produces({ "application/xml", "application/json" }) - // public void createXGroupAndXUser(@PathParam("groupName") String - // groupName, - // @PathParam("userName") String userName, - // @Context HttpServletRequest request) { - // xUserMgr.createXGroupAndXUser(groupName, userName); - // } - // - @DELETE - @Path("/group/{groupName}/user/{userName}") - public void deleteXGroupAndXUser(@PathParam("groupName") String groupName, - @PathParam("userName") String userName, - @Context HttpServletRequest request) { - xUserMgr.deleteXGroupAndXUser(groupName, userName); - } - - @GET - @Path("/{userId}/groups") - @Produces({ "application/xml", "application/json" }) - public VXGroupList getXUserGroups(@Context HttpServletRequest request, - @PathParam("userId") Long id){ - return xUserMgr.getXUserGroups(id); - } - - @GET - @Path("/{groupId}/users") - @Produces({ "application/xml", "application/json" }) - public VXUserList getXGroupUsers(@Context HttpServletRequest request, - @PathParam("groupId") Long id){ - return xUserMgr.getXGroupUsers(id); - } - - @GET - @Path("/authSessions") - @Produces({ "application/xml", "application/json" }) - public VXAuthSessionList getAuthSessions(@Context HttpServletRequest request){ - SearchCriteria searchCriteria = searchUtil.extractCommonCriterias( - request, authSessionService.AUTH_SESSION_SORT_FLDS); - searchUtil.extractLong(request, searchCriteria, "id", "Auth Session Id"); - searchUtil.extractLong(request, searchCriteria, "userId", "User Id"); - searchUtil.extractInt(request, searchCriteria, "authStatus", "Auth Status"); - searchUtil.extractInt(request, searchCriteria, "authType", "Auth Type"); - searchUtil.extractInt(request, searchCriteria, "deviceType", "Device Type"); - searchUtil.extractString(request, searchCriteria, "firstName", "User First Name", StringUtil.VALIDATION_NAME); - searchUtil.extractString(request, searchCriteria, "lastName", "User Last Name", StringUtil.VALIDATION_NAME); - searchUtil.extractString(request, searchCriteria, "requestUserAgent", "User Agent", StringUtil.VALIDATION_TEXT); - searchUtil.extractString(request, searchCriteria, "requestIP", "Request IP Address", StringUtil.VALIDATION_IP_ADDRESS); - searchUtil.extractString(request, searchCriteria, "loginId", "Login ID", StringUtil.VALIDATION_TEXT); - searchUtil.extractDate(request, searchCriteria, "startDate", "Start date for search", null); - searchUtil.extractDate(request, searchCriteria, "endDate", "End date for search", null); - return sessionMgr.searchAuthSessions(searchCriteria); - } - - @GET - @Path("/authSessions/info") - @Produces({ "application/xml", "application/json" }) - public VXAuthSession getAuthSession(@Context HttpServletRequest request){ - String authSessionId = request.getParameter("extSessionId"); - return sessionMgr.getAuthSessionBySessionId(authSessionId); - } - -} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/security-admin/src/main/java/com/xasecure/security/context/XAContextHolder.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/com/xasecure/security/context/XAContextHolder.java b/security-admin/src/main/java/com/xasecure/security/context/XAContextHolder.java deleted file mode 100644 index 8671a13..0000000 --- a/security-admin/src/main/java/com/xasecure/security/context/XAContextHolder.java +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - - /** - * - */ -package com.xasecure.security.context; - -public class XAContextHolder { - - private static final ThreadLocal<XASecurityContext> securityContextThreadLocal = new ThreadLocal<XASecurityContext>(); - - private XAContextHolder() { - - } - - public static XASecurityContext getSecurityContext(){ - return securityContextThreadLocal.get(); - } - - public static void setSecurityContext(XASecurityContext context){ - securityContextThreadLocal.set(context); - } - - public static void resetSecurityContext(){ - securityContextThreadLocal.remove(); - } - -} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/security-admin/src/main/java/com/xasecure/security/context/XASecurityContext.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/com/xasecure/security/context/XASecurityContext.java b/security-admin/src/main/java/com/xasecure/security/context/XASecurityContext.java deleted file mode 100644 index 5cd8d5d..0000000 --- a/security-admin/src/main/java/com/xasecure/security/context/XASecurityContext.java +++ /dev/null @@ -1,58 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - - /** - * - */ -package com.xasecure.security.context; - -import java.io.Serializable; - -import com.xasecure.common.RequestContext; -import com.xasecure.common.UserSessionBase; - -public class XASecurityContext implements Serializable{ - private static final long serialVersionUID = 1L; - private UserSessionBase userSession; - private RequestContext requestContext; - - public UserSessionBase getUserSession() { - return userSession; - } - - public void setUserSession(UserSessionBase userSession) { - this.userSession = userSession; - } - - /** - * @return the requestContext - */ - public RequestContext getRequestContext() { - return requestContext; - } - - /** - * @param requestContext the requestContext to set - */ - public void setRequestContext(RequestContext requestContext) { - this.requestContext = requestContext; - } - - -} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/security-admin/src/main/java/com/xasecure/security/handler/Permission.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/com/xasecure/security/handler/Permission.java b/security-admin/src/main/java/com/xasecure/security/handler/Permission.java deleted file mode 100644 index f9ab946..0000000 --- a/security-admin/src/main/java/com/xasecure/security/handler/Permission.java +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - - package com.xasecure.security.handler; -public class Permission { - - public static final String CREATE_PERMISSION = "CREATE"; - public static final String READ_PERMISSION = "READ"; - public static final String UPDATE_PERMISSION = "UPDATE"; - public static final String DELETE_PERMISSION = "DELETE"; - - public enum permissionType { - CREATE, READ, UPDATE, DELETE - }; - - public static permissionType getPermisson(Object in) { - String permString = in.toString(); - - if (CREATE_PERMISSION.equals(permString)) { - return permissionType.CREATE; - } - - if (READ_PERMISSION.equals(permString)) { - return permissionType.READ; - } - - if (UPDATE_PERMISSION.equals(permString)) { - return permissionType.UPDATE; - } - - if (DELETE_PERMISSION.equals(permString)) { - return permissionType.DELETE; - } - - return null; - } -} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/security-admin/src/main/java/com/xasecure/security/handler/XADomainObjectSecurityHandler.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/com/xasecure/security/handler/XADomainObjectSecurityHandler.java b/security-admin/src/main/java/com/xasecure/security/handler/XADomainObjectSecurityHandler.java deleted file mode 100644 index 97a8733..0000000 --- a/security-admin/src/main/java/com/xasecure/security/handler/XADomainObjectSecurityHandler.java +++ /dev/null @@ -1,112 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - - package com.xasecure.security.handler; - -/** - * - */ - -import java.io.Serializable; -import org.apache.log4j.Logger; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Component; - -import com.xasecure.biz.XABizUtil; -import com.xasecure.common.ContextUtil; -import com.xasecure.common.PropertiesUtil; -import com.xasecure.common.UserSessionBase; -import com.xasecure.db.XADaoManager; -import com.xasecure.entity.XXDBBase; - -@Component -public class XADomainObjectSecurityHandler { - - public static Logger logger = Logger - .getLogger(XADomainObjectSecurityHandler.class); - - @Autowired - public XADaoManager daoManager; - - @Autowired - XABizUtil msBizUtil; - - boolean checkParentObject = false; - - public XADomainObjectSecurityHandler() { - checkParentObject = PropertiesUtil.getBooleanProperty( - "xa.db.access.filter.check.parentobject", checkParentObject); - } - - /** - * @return the daoManager - */ - public XADaoManager getDaoManager() { - return daoManager; - } - - public <T extends XXDBBase> boolean hasAccess(T targetDomainObject, - Permission.permissionType permission) { - //TODO: Need to review this method and reimplement it properly - return true; - } - - public boolean hasAccess(String targetType, Serializable targetId, - Permission.permissionType permission) { - try { - Class<?> clazz = Class.forName(targetType); - Class<? extends XXDBBase> gjClazz = clazz.asSubclass(XXDBBase.class); - return hasAccess(gjClazz, targetId, permission); - - } catch (ClassNotFoundException cfe) { - logger.error("class not found:" + targetType, cfe); - } catch (Exception e) { - logger.error("Excepion targetType:" + targetType + " targetId:" - + targetId, e); - } - - return false; - } - - public boolean hasAccess(Class<? extends XXDBBase> targetClass, - Serializable targetId, Permission.permissionType permission) { - try { - Class<? extends XXDBBase> gjClazz = targetClass - .asSubclass(XXDBBase.class); - XXDBBase base = getDaoManager().getEntityManager().find(gjClazz, - targetId); - return hasAccess(base, permission); - - } catch (Exception e) { - logger.error("Excepion targetType:" + targetClass + " targetId:" - + targetId, e); - } - - return false; - } - - public boolean hasModeratorPermission() { - UserSessionBase sess = ContextUtil.getCurrentUserSession(); - if (sess != null && sess.isUserAdmin()) { - return true; - } - return false; - } - -} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/security-admin/src/main/java/com/xasecure/security/listener/SpringEventListener.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/com/xasecure/security/listener/SpringEventListener.java b/security-admin/src/main/java/com/xasecure/security/listener/SpringEventListener.java deleted file mode 100644 index 5796eff..0000000 --- a/security-admin/src/main/java/com/xasecure/security/listener/SpringEventListener.java +++ /dev/null @@ -1,113 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - - package com.xasecure.security.listener; - -import com.xasecure.biz.SessionMgr; -import com.xasecure.entity.XXAuthSession; - -import org.apache.log4j.Logger; - -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.ApplicationListener; -import org.springframework.security.authentication.event.AbstractAuthenticationEvent; -import org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent; -import org.springframework.security.authentication.event.AuthenticationFailureDisabledEvent; -import org.springframework.security.authentication.event.AuthenticationSuccessEvent; -import org.springframework.security.core.Authentication; -import org.springframework.security.web.authentication.WebAuthenticationDetails; - - -public class SpringEventListener implements - ApplicationListener<AbstractAuthenticationEvent> { - - static Logger logger = Logger.getLogger(SpringEventListener.class); - - @Autowired - SessionMgr sessionMgr; - - @Override - public void onApplicationEvent(AbstractAuthenticationEvent event) { - try { - if (event instanceof AuthenticationSuccessEvent) { - process((AuthenticationSuccessEvent) event); - } else if (event instanceof AuthenticationFailureBadCredentialsEvent) { - process((AuthenticationFailureBadCredentialsEvent) event); - } else if (event instanceof AuthenticationFailureDisabledEvent) { - process((AuthenticationFailureDisabledEvent) event); - } else { - // igonre all other events - } - - } catch (Exception e) { - logger.error("Exception in Spring Event Listener.", e); - } - } - - protected void process(AuthenticationSuccessEvent authSuccessEvent) { - Authentication auth = authSuccessEvent.getAuthentication(); - WebAuthenticationDetails details = (WebAuthenticationDetails) auth - .getDetails(); - String remoteAddress = details != null ? details.getRemoteAddress() - : ""; - String sessionId = details != null ? details.getSessionId() : ""; - - logger.info("Login Successful:" + auth.getName() + " | Ip Address:" - + remoteAddress + " | sessionId=" + sessionId); - - // success logins are processed further in - // AKASecurityContextFormationFilter - } - - protected void process( - AuthenticationFailureBadCredentialsEvent authFailEvent) { - Authentication auth = authFailEvent.getAuthentication(); - WebAuthenticationDetails details = (WebAuthenticationDetails) auth - .getDetails(); - String remoteAddress = details != null ? details.getRemoteAddress() - : ""; - String sessionId = details != null ? details.getSessionId() : ""; - - logger.info("Login Unsuccessful:" + auth.getName() + " | Ip Address:" - + remoteAddress + " | Bad Credentials"); - - sessionMgr.processFailureLogin( - XXAuthSession.AUTH_STATUS_WRONG_PASSWORD, - XXAuthSession.AUTH_TYPE_PASSWORD, auth.getName(), - remoteAddress, sessionId); - } - - protected void process(AuthenticationFailureDisabledEvent authFailEvent) { - Authentication auth = authFailEvent.getAuthentication(); - WebAuthenticationDetails details = (WebAuthenticationDetails) auth - .getDetails(); - String remoteAddress = details != null ? details.getRemoteAddress() - : ""; - String sessionId = details != null ? details.getSessionId() : ""; - - logger.info("Login Unsuccessful:" + auth.getName() + " | Ip Address:" - + remoteAddress); - - sessionMgr.processFailureLogin(XXAuthSession.AUTH_STATUS_DISABLED, - XXAuthSession.AUTH_TYPE_PASSWORD, auth.getName(), - remoteAddress, sessionId); - - } - -}
