made changes for PR comments..
Project: http://git-wip-us.apache.org/repos/asf/usergrid/repo Commit: http://git-wip-us.apache.org/repos/asf/usergrid/commit/930308d7 Tree: http://git-wip-us.apache.org/repos/asf/usergrid/tree/930308d7 Diff: http://git-wip-us.apache.org/repos/asf/usergrid/diff/930308d7 Branch: refs/heads/apigee-sso-provider Commit: 930308d7e30f31f7d9f0f25f0bbb02982c30e86e Parents: b583207 Author: Ayesha Dastagiri <[email protected]> Authored: Fri Jul 8 11:20:36 2016 -0700 Committer: Ayesha Dastagiri <[email protected]> Committed: Fri Jul 8 11:20:36 2016 -0700 ---------------------------------------------------------------------- .../usergrid/rest/exceptions/AuthErrorInfo.java | 2 +- .../rest/management/ManagementResource.java | 7 +++-- .../organizations/OrganizationsResource.java | 5 +--- .../rest/management/users/UserResource.java | 31 +++++++------------- .../rest/management/users/UsersResource.java | 7 ++--- .../OAuth2AccessTokenSecurityFilter.java | 4 +-- ...alSSOProviderAdminUserNotFoundException.java | 11 +++++++ .../tokens/cassandra/TokenServiceImpl.java | 13 +++++--- 8 files changed, 40 insertions(+), 40 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/usergrid/blob/930308d7/stack/rest/src/main/java/org/apache/usergrid/rest/exceptions/AuthErrorInfo.java ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/exceptions/AuthErrorInfo.java b/stack/rest/src/main/java/org/apache/usergrid/rest/exceptions/AuthErrorInfo.java index 8b7b969..c9149e5 100644 --- a/stack/rest/src/main/java/org/apache/usergrid/rest/exceptions/AuthErrorInfo.java +++ b/stack/rest/src/main/java/org/apache/usergrid/rest/exceptions/AuthErrorInfo.java @@ -43,7 +43,7 @@ public enum AuthErrorInfo { INVALID_USERNAME_OR_PASSWORD_ERROR( "auth_invalid_username_or_password", "Unable to authenticate due to username or password being incorrect" ), // UNVERIFIED_OAUTH_ERROR( "auth_unverified_oath", "Unable to authenticate OAuth credentials" ), // - EXTERNALSSOPROVIDER_UNACTIVATED_ADMINUSER("externalssoprovider_unactivated_adminuser","Admin user needs to be activated via the external provider"), + EXTERNALSSOPROVIDER_UNACTIVATED_ADMINUSER("externalssoprovider_unactivated_adminuser","Admin user not found or does not have access to any organizations."), NO_DOMAIN_ERROR( "auth_no_application", "Unable to authenticate due to application not found" ), // NOT_DOMAIN_OWNER_ERROR( "auth_not_application_owner", "" ), // EXPIRED_ACCESS_TOKEN_ERROR( "expired_token", "Unable to authenticate due to expired access token" ), // http://git-wip-us.apache.org/repos/asf/usergrid/blob/930308d7/stack/rest/src/main/java/org/apache/usergrid/rest/management/ManagementResource.java ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/ManagementResource.java b/stack/rest/src/main/java/org/apache/usergrid/rest/management/ManagementResource.java index 3d794d6..056303a 100644 --- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/ManagementResource.java +++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/ManagementResource.java @@ -531,10 +531,11 @@ public class ManagementResource extends AbstractContextResource { return; // we only care about username/password auth } - final boolean externalTokensEnabled = - !StringUtils.isEmpty( properties.getProperty( USERGRID_EXTERNAL_SSO_ENABLED ) ); + //why !isexternal_sso_enabled ? +// final boolean externalTokensEnabled = +// !StringUtils.isEmpty( properties.getProperty( USERGRID_EXTERNAL_SSO_ENABLED ) ); - if ( externalTokensEnabled ) { + if ( tokens.isExternalSSOProviderEnabled() ) { // when external tokens enabled then only superuser can obtain an access token http://git-wip-us.apache.org/repos/asf/usergrid/blob/930308d7/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationsResource.java ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationsResource.java b/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationsResource.java index 0e77d97..476e315 100644 --- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationsResource.java +++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationsResource.java @@ -185,10 +185,7 @@ public class OrganizationsResource extends AbstractContextResource { String email, String password, Map<String, Object> userProperties, Map<String, Object> orgProperties, String callback ) throws Exception { - final boolean externalTokensEnabled = - !StringUtils.isEmpty( properties.getProperty( USERGRID_EXTERNAL_PROVIDER_URL ) ); - - if ( externalTokensEnabled ) { + if ( tokens.isExternalSSOProviderEnabled() ) { throw new IllegalArgumentException( "Organization / Admin Users must be created via " + properties.getProperty( USERGRID_EXTERNAL_PROVIDER_URL ) ); } http://git-wip-us.apache.org/repos/asf/usergrid/blob/930308d7/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java index b16e85c..739ef28 100644 --- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java +++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java @@ -47,7 +47,6 @@ import java.util.UUID; import static org.apache.usergrid.security.shiro.utils.SubjectUtils.isServiceAdmin; import static org.apache.usergrid.security.tokens.cassandra.TokenServiceImpl.USERGRID_EXTERNAL_PROVIDER_URL; -import static org.apache.usergrid.security.tokens.cassandra.TokenServiceImpl.USERGRID_EXTERNAL_SSO_ENABLED; import static org.apache.usergrid.utils.ConversionUtils.string; @@ -216,10 +215,7 @@ public class UserResource extends AbstractContextResource { @Produces( MediaType.TEXT_HTML ) public Viewable showPasswordResetForm( @Context UriInfo ui, @QueryParam( "token" ) String token ) { - final boolean externalTokensEnabled = - Boolean.valueOf( properties.getProperty( USERGRID_EXTERNAL_SSO_ENABLED ) ); - - if ( externalTokensEnabled ) { + if ( tokens.isExternalSSOProviderEnabled() ) { throw new IllegalArgumentException( "Admin Users must reset passwords via " + properties.getProperty( USERGRID_EXTERNAL_PROVIDER_URL ) ); } @@ -263,10 +259,7 @@ public class UserResource extends AbstractContextResource { logger.trace("handlePasswordResetForm"); } - final boolean externalTokensEnabled = - Boolean.valueOf( properties.getProperty( USERGRID_EXTERNAL_SSO_ENABLED ) ); - - if ( externalTokensEnabled ) { + if ( tokens.isExternalSSOProviderEnabled() ) { throw new IllegalArgumentException( "Admin Users must reset passwords via " + properties.getProperty( USERGRID_EXTERNAL_PROVIDER_URL ) ); } @@ -352,10 +345,7 @@ public class UserResource extends AbstractContextResource { @Produces( MediaType.TEXT_HTML ) public Viewable activate( @Context UriInfo ui, @QueryParam( "token" ) String token ) { - final boolean externalTokensEnabled = - Boolean.valueOf( properties.getProperty( USERGRID_EXTERNAL_SSO_ENABLED ) ); - - if ( externalTokensEnabled ) { + if ( tokens.isExternalSSOProviderEnabled() ) { throw new IllegalArgumentException( "Admin Users must activate via " + properties.getProperty( USERGRID_EXTERNAL_PROVIDER_URL ) ); } @@ -385,10 +375,7 @@ public class UserResource extends AbstractContextResource { @Produces( MediaType.TEXT_HTML ) public Viewable confirm( @Context UriInfo ui, @QueryParam( "token" ) String token ) { - final boolean externalTokensEnabled = - Boolean.valueOf( properties.getProperty( USERGRID_EXTERNAL_SSO_ENABLED ) ); - - if ( externalTokensEnabled ) { + if ( tokens.isExternalSSOProviderEnabled() ) { throw new IllegalArgumentException( "Admin Users must confirm via " + properties.getProperty( USERGRID_EXTERNAL_PROVIDER_URL ) ); } @@ -424,10 +411,7 @@ public class UserResource extends AbstractContextResource { @QueryParam( "callback" ) @DefaultValue( "callback" ) String callback ) throws Exception { - final boolean externalTokensEnabled = - Boolean.valueOf( properties.getProperty( USERGRID_EXTERNAL_SSO_ENABLED ) ); - - if ( externalTokensEnabled ) { + if ( tokens.isExternalSSOProviderEnabled() ) { throw new IllegalArgumentException( "Admin Users must reactivate via " + properties.getProperty( USERGRID_EXTERNAL_PROVIDER_URL ) ); } @@ -451,6 +435,11 @@ public class UserResource extends AbstractContextResource { @QueryParam( "callback" ) @DefaultValue( "callback" ) String callback ) throws Exception { + if ( tokens.isExternalSSOProviderEnabled() ) { + throw new IllegalArgumentException( "Admin Users must tokens must be revoked via " + + properties.getProperty( USERGRID_EXTERNAL_PROVIDER_URL ) ); + } + UUID adminId = user.getUuid(); logger.info( "Revoking user tokens for {}", adminId ); http://git-wip-us.apache.org/repos/asf/usergrid/blob/930308d7/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UsersResource.java ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UsersResource.java b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UsersResource.java index 9730e06..64281b6 100644 --- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UsersResource.java +++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UsersResource.java @@ -44,7 +44,6 @@ import java.util.UUID; import static org.apache.commons.lang.StringUtils.isBlank; import static org.apache.usergrid.rest.exceptions.SecurityException.mappableSecurityException; -import static org.apache.usergrid.security.tokens.cassandra.TokenServiceImpl.USERGRID_EXTERNAL_SSO_ENABLED; import static org.apache.usergrid.security.tokens.cassandra.TokenServiceImpl.USERGRID_EXTERNAL_PROVIDER_URL; @@ -115,10 +114,7 @@ public class UsersResource extends AbstractContextResource { @QueryParam( "callback" ) @DefaultValue( "callback" ) String callback ) throws Exception { - final boolean externalTokensEnabled = - Boolean.valueOf( properties.getProperty( USERGRID_EXTERNAL_SSO_ENABLED ) ); - - if ( externalTokensEnabled ) { + if ( tokens.isExternalSSOProviderEnabled() ) { throw new IllegalArgumentException( "Admin Users must signup via " + properties.getProperty( USERGRID_EXTERNAL_PROVIDER_URL ) ); } @@ -141,6 +137,7 @@ public class UsersResource extends AbstractContextResource { UserInfo user = null; if ( tokens.isExternalSSOProviderEnabled() ){ + //autoactivating user, since the activation user = management.createAdminUser(null,username,name,email,password,true,false); } else { http://git-wip-us.apache.org/repos/asf/usergrid/blob/930308d7/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/OAuth2AccessTokenSecurityFilter.java ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/OAuth2AccessTokenSecurityFilter.java b/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/OAuth2AccessTokenSecurityFilter.java index 4132dd3..7b35df6 100644 --- a/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/OAuth2AccessTokenSecurityFilter.java +++ b/stack/rest/src/main/java/org/apache/usergrid/rest/security/shiro/filters/OAuth2AccessTokenSecurityFilter.java @@ -27,7 +27,7 @@ import org.apache.shiro.subject.Subject; import org.apache.usergrid.management.ApplicationInfo; import org.apache.usergrid.management.OrganizationInfo; import org.apache.usergrid.management.UserInfo; -import org.apache.usergrid.management.exceptions.ExternalSSOProviderAdminUserNotFoundExceptions; +import org.apache.usergrid.management.exceptions.ExternalSSOProviderAdminUserNotFoundException; import org.apache.usergrid.management.exceptions.ManagementException; import org.apache.usergrid.security.AuthPrincipalInfo; import org.apache.usergrid.security.AuthPrincipalType; @@ -110,7 +110,7 @@ public class OAuth2AccessTokenSecurityFilter extends SecurityFilter implements C } catch (InvalidTokenException ite) { throw mappableSecurityException( INVALID_AUTH_ERROR ); } - catch (ExternalSSOProviderAdminUserNotFoundExceptions eAdminUserNotFound){ + catch (ExternalSSOProviderAdminUserNotFoundException eAdminUserNotFound){ throw mappableSecurityException(EXTERNALSSOPROVIDER_UNACTIVATED_ADMINUSER); } catch(IndexOutOfBoundsException ioobe) { // token is just some rubbish string http://git-wip-us.apache.org/repos/asf/usergrid/blob/930308d7/stack/services/src/main/java/org/apache/usergrid/management/exceptions/ExternalSSOProviderAdminUserNotFoundException.java ---------------------------------------------------------------------- diff --git a/stack/services/src/main/java/org/apache/usergrid/management/exceptions/ExternalSSOProviderAdminUserNotFoundException.java b/stack/services/src/main/java/org/apache/usergrid/management/exceptions/ExternalSSOProviderAdminUserNotFoundException.java new file mode 100644 index 0000000..67f1b1e --- /dev/null +++ b/stack/services/src/main/java/org/apache/usergrid/management/exceptions/ExternalSSOProviderAdminUserNotFoundException.java @@ -0,0 +1,11 @@ +package org.apache.usergrid.management.exceptions; + +/** + * Created by ayeshadastagiri on 7/8/16. + */ +public class ExternalSSOProviderAdminUserNotFoundException extends ManagementException { + + public ExternalSSOProviderAdminUserNotFoundException(){super();} + public ExternalSSOProviderAdminUserNotFoundException(String arg0){super(arg0);} + +} http://git-wip-us.apache.org/repos/asf/usergrid/blob/930308d7/stack/services/src/main/java/org/apache/usergrid/security/tokens/cassandra/TokenServiceImpl.java ---------------------------------------------------------------------- diff --git a/stack/services/src/main/java/org/apache/usergrid/security/tokens/cassandra/TokenServiceImpl.java b/stack/services/src/main/java/org/apache/usergrid/security/tokens/cassandra/TokenServiceImpl.java index dc61b7f..2234257 100644 --- a/stack/services/src/main/java/org/apache/usergrid/security/tokens/cassandra/TokenServiceImpl.java +++ b/stack/services/src/main/java/org/apache/usergrid/security/tokens/cassandra/TokenServiceImpl.java @@ -332,10 +332,15 @@ public class TokenServiceImpl implements TokenService { // If the token doesn't parse as a Usergrid token, see if an external provider other than Usergrid is // enabled. If so, just validate the external token. - if( isExternalSSOProviderEnabled() && !getExternalSSOProvider().equalsIgnoreCase("usergrid")) { - return validateExternalToken(token, 1, getExternalSSOProvider()); - }else{ - throw e; // re-throw the error + try{ + if( isExternalSSOProviderEnabled() && !getExternalSSOProvider().equalsIgnoreCase("usergrid")) { + return validateExternalToken(token, 1, getExternalSSOProvider()); + }else{ + throw new IllegalArgumentException("invalid external provider : " + getExternalSSOProvider()); // re-throw the error + } + } + catch (NullPointerException npe){ + throw new IllegalArgumentException("The SSO provider in the config is empty."); } }
