Remove @RequireFooAccess annotations from all resource methods that lack HTTP annotations (i.e. @GET, @PUT, etc.) and add test logic to ensure that cross-org access is restricted to org users and apps.
Project: http://git-wip-us.apache.org/repos/asf/usergrid/repo Commit: http://git-wip-us.apache.org/repos/asf/usergrid/commit/1bfa32a9 Tree: http://git-wip-us.apache.org/repos/asf/usergrid/tree/1bfa32a9 Diff: http://git-wip-us.apache.org/repos/asf/usergrid/diff/1bfa32a9 Branch: refs/heads/usergrid-1007-shiro-cache Commit: 1bfa32a9eabd1a2bcc7c945d34423423167e6489 Parents: 8081401 Author: Dave Johnson <[email protected]> Authored: Thu Sep 10 15:18:50 2015 -0400 Committer: Dave Johnson <[email protected]> Committed: Thu Sep 10 15:18:50 2015 -0400 ---------------------------------------------------------------------- .../organizations/OrganizationResource.java | 3 -- .../organizations/OrganizationsResource.java | 2 - .../applications/ApplicationResource.java | 1 - .../applications/ApplicationsResource.java | 2 - .../rest/management/ManagementResourceIT.java | 50 ++++++++++++++++++-- .../endpoints/mgmt/OrganizationResource.java | 4 ++ 6 files changed, 51 insertions(+), 11 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/usergrid/blob/1bfa32a9/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationResource.java ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationResource.java b/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationResource.java index 8c5328e..8055849 100644 --- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationResource.java +++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationResource.java @@ -85,21 +85,18 @@ public class OrganizationResource extends AbstractContextResource { } - @RequireOrganizationAccess @Path("users") public UsersResource getOrganizationUsers( @Context UriInfo ui ) throws Exception { return getSubResource( UsersResource.class ).init( organization ); } - @RequireOrganizationAccess @Path("applications") public ApplicationsResource getOrganizationApplications( @Context UriInfo ui ) throws Exception { return getSubResource( ApplicationsResource.class ).init( organization ); } - @RequireOrganizationAccess @Path("apps") public ApplicationsResource getOrganizationApplications2( @Context UriInfo ui ) throws Exception { return getSubResource( ApplicationsResource.class ).init( organization ); http://git-wip-us.apache.org/repos/asf/usergrid/blob/1bfa32a9/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationsResource.java ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationsResource.java b/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationsResource.java index 27d8d6a..28d8c87 100644 --- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationsResource.java +++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationsResource.java @@ -68,7 +68,6 @@ public class OrganizationsResource extends AbstractContextResource { } @Path(RootResource.ORGANIZATION_ID_PATH) - @RequireOrganizationAccess public OrganizationResource getOrganizationById( @Context UriInfo ui, @PathParam( "organizationId" ) String organizationIdStr ) throws Exception { @@ -83,7 +82,6 @@ public class OrganizationsResource extends AbstractContextResource { } @Path( "{organizationName}" ) - @RequireOrganizationAccess public OrganizationResource getOrganizationByName( @Context UriInfo ui, @PathParam( "organizationName" ) String organizationName ) throws Exception { http://git-wip-us.apache.org/repos/asf/usergrid/blob/1bfa32a9/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/applications/ApplicationResource.java ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/applications/ApplicationResource.java b/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/applications/ApplicationResource.java index 8ac44de..cf575a5 100644 --- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/applications/ApplicationResource.java +++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/applications/ApplicationResource.java @@ -414,7 +414,6 @@ public class ApplicationResource extends AbstractContextResource { @Path( "imports" ) - @RequireOrganizationAccess public ImportsResource importGetJson( @Context UriInfo ui, @QueryParam( "callback" ) @DefaultValue( "" ) String callback ) throws Exception { http://git-wip-us.apache.org/repos/asf/usergrid/blob/1bfa32a9/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/applications/ApplicationsResource.java ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/applications/ApplicationsResource.java b/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/applications/ApplicationsResource.java index 3b609b8..86584c3 100644 --- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/applications/ApplicationsResource.java +++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/applications/ApplicationsResource.java @@ -128,7 +128,6 @@ public class ApplicationsResource extends AbstractContextResource { } - @RequireOrganizationAccess @Path(RootResource.APPLICATION_ID_PATH) public ApplicationResource applicationFromOrganizationByApplicationId( @Context UriInfo ui, @PathParam( "applicationId" ) String applicationIdStr ) throws Exception { @@ -138,7 +137,6 @@ public class ApplicationsResource extends AbstractContextResource { } - @RequireOrganizationAccess @Path( "{applicationName}" ) public ApplicationResource applicationFromOrganizationByApplicationName( @Context UriInfo ui, @PathParam( "applicationName" ) String applicationName ) throws Exception { http://git-wip-us.apache.org/repos/asf/usergrid/blob/1bfa32a9/stack/rest/src/test/java/org/apache/usergrid/rest/management/ManagementResourceIT.java ---------------------------------------------------------------------- diff --git a/stack/rest/src/test/java/org/apache/usergrid/rest/management/ManagementResourceIT.java b/stack/rest/src/test/java/org/apache/usergrid/rest/management/ManagementResourceIT.java index 68fc172..c54fa0c 100644 --- a/stack/rest/src/test/java/org/apache/usergrid/rest/management/ManagementResourceIT.java +++ b/stack/rest/src/test/java/org/apache/usergrid/rest/management/ManagementResourceIT.java @@ -116,19 +116,42 @@ public class ManagementResourceIT extends AbstractRestIT { // check that the test admin cannot access the new org info + // management/organizations/{orgName} Response.Status status = null; - String returnVal = ""; + try { + this.management().orgs().org( orgName ).get(String.class); + } + catch ( ClientErrorException uie ) { + status = Response.Status.fromStatusCode( uie.getResponse().getStatus() ); + } + assertNotNull( status ); + assertEquals( Response.Status.UNAUTHORIZED, status ); + + // management/organizations/{orgName}/users + status = null; try { - returnVal = this.management().orgs().org( orgName ).get(String.class); + this.management().orgs().org( orgName ).users().get( String.class ); } catch ( ClientErrorException uie ) { status = Response.Status.fromStatusCode( uie.getResponse().getStatus() ); } + assertNotNull( status ); + assertEquals( Response.Status.UNAUTHORIZED, status ); + + // management/organizations/{orgName}/applications + status = null; + try { + this.management().orgs().org( orgName ).applications().get( String.class ); + } + catch ( ClientErrorException uie ) { + status = Response.Status.fromStatusCode( uie.getResponse().getStatus() ); + } assertNotNull( status ); assertEquals( Response.Status.UNAUTHORIZED, status ); + // this admin should have access to test org status = null; try { @@ -137,11 +160,32 @@ public class ManagementResourceIT extends AbstractRestIT { catch ( ClientErrorException uie ) { status = Response.Status.fromStatusCode( uie.getResponse().getStatus() ); } + assertNull( status ); + + // this admin should have access to test org - users + status = null; + try { + this.management().orgs().org( this.clientSetup.getOrganizationName() ).users().get( String.class ); + } + catch ( ClientErrorException uie ) { + status = Response.Status.fromStatusCode( uie.getResponse().getStatus() ); + } + assertNull(status); + + + // this admin should have access to test org - apps + status = null; + try { + this.management().orgs().org( this.clientSetup.getOrganizationName() ).applications().get( String.class ); + } + catch ( ClientErrorException uie ) { + status = Response.Status.fromStatusCode( uie.getResponse().getStatus() ); + } assertNull(status); - //test getting the organization by org + // test getting the organization by org status = null; try { this.management().orgs().org( this.clientSetup.getOrganizationName() ).get( String.class ); http://git-wip-us.apache.org/repos/asf/usergrid/blob/1bfa32a9/stack/rest/src/test/java/org/apache/usergrid/rest/test/resource/endpoints/mgmt/OrganizationResource.java ---------------------------------------------------------------------- diff --git a/stack/rest/src/test/java/org/apache/usergrid/rest/test/resource/endpoints/mgmt/OrganizationResource.java b/stack/rest/src/test/java/org/apache/usergrid/rest/test/resource/endpoints/mgmt/OrganizationResource.java index b9bd35e..20ea98f 100644 --- a/stack/rest/src/test/java/org/apache/usergrid/rest/test/resource/endpoints/mgmt/OrganizationResource.java +++ b/stack/rest/src/test/java/org/apache/usergrid/rest/test/resource/endpoints/mgmt/OrganizationResource.java @@ -42,6 +42,10 @@ public class OrganizationResource extends NamedResource { return new UsersResource(context, this); } + public ApplicationsResource applications() { + return new ApplicationsResource(context, this); + } + public Organization get() { ApiResponse rep = getTarget( true ).request() .accept(MediaType.APPLICATION_JSON)
