Repository: usergrid Updated Branches: refs/heads/master 2a514d4ca -> 32204b9fa
Add hooks for post processing for external integrations. Update security filters to check additional security context for service admin. Project: http://git-wip-us.apache.org/repos/asf/usergrid/repo Commit: http://git-wip-us.apache.org/repos/asf/usergrid/commit/32204b9f Tree: http://git-wip-us.apache.org/repos/asf/usergrid/tree/32204b9f Diff: http://git-wip-us.apache.org/repos/asf/usergrid/diff/32204b9f Branch: refs/heads/master Commit: 32204b9fa5d73acd30a11de970220d3b40f95b65 Parents: 2a514d4 Author: Michael Russo <[email protected]> Authored: Fri Aug 12 13:51:40 2016 -0700 Committer: Michael Russo <[email protected]> Committed: Fri Aug 12 13:51:40 2016 -0700 ---------------------------------------------------------------------- .../organizations/OrganizationsResource.java | 34 ++++++--------- .../organizations/users/UsersResource.java | 45 +++++++++++--------- .../rest/management/users/UserResource.java | 22 ++++++---- .../rest/management/users/UsersResource.java | 34 +++++++-------- .../organizations/OrganizationsResource.java | 24 +++++++++++ .../security/SecuredResourceFilterFactory.java | 16 ++++--- .../usergrid/management/ManagementService.java | 17 ++++++++ .../cassandra/AccountCreationPropsImpl.java | 4 +- .../cassandra/ManagementServiceImpl.java | 24 +++++++++++ 9 files changed, 148 insertions(+), 72 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/usergrid/blob/32204b9f/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationsResource.java ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationsResource.java b/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationsResource.java index b75ca60..6105ce6 100644 --- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationsResource.java +++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationsResource.java @@ -20,6 +20,7 @@ package org.apache.usergrid.rest.management.organizations; import com.fasterxml.jackson.jaxrs.json.annotation.JSONP; import com.google.common.base.Preconditions; import org.apache.commons.lang.StringUtils; +import org.apache.shiro.SecurityUtils; import org.apache.usergrid.management.ApplicationCreator; import org.apache.usergrid.management.OrganizationInfo; import org.apache.usergrid.management.OrganizationOwnerInfo; @@ -28,6 +29,8 @@ import org.apache.usergrid.rest.AbstractContextResource; import org.apache.usergrid.rest.ApiResponse; import org.apache.usergrid.rest.RootResource; import org.apache.usergrid.rest.security.annotations.RequireSystemAccess; +import org.apache.usergrid.security.shiro.principals.PrincipalIdentifier; +import org.apache.usergrid.security.shiro.utils.SubjectUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -40,6 +43,8 @@ import javax.ws.rs.core.MediaType; import javax.ws.rs.core.UriInfo; import java.util.*; +import static org.apache.commons.lang.StringUtils.isBlank; + @Component( "org.apache.usergrid.rest.management.organizations.OrganizationsResource" ) @Scope( "prototype" ) @@ -69,6 +74,7 @@ public class OrganizationsResource extends AbstractContextResource { public ApiResponse getAllOrganizations() throws Exception{ ApiResponse response = createApiResponse(); + //TODO this needs paging at some point List<OrganizationInfo> orgs = management.getOrganizations(null, 10000); List<Object> jsonOrgList = new ArrayList<>(); @@ -185,8 +191,8 @@ public class OrganizationsResource extends AbstractContextResource { String email, String password, Map<String, Object> userProperties, Map<String, Object> orgProperties, String callback ) throws Exception { - // Providing no password in this request signifies that an existing admin users should be associated to the - // newly requested organization. + /* Providing no password in this request signifies that an existing admin users should be associated to the + newly requested organization. */ // Always let the sysadmin create an org, but otherwise follow the behavior specified with // the property 'usergrid.management.allow-public-registration' @@ -221,6 +227,12 @@ public class OrganizationsResource extends AbstractContextResource { applicationCreator.createSampleFor( organizationOwner.getOrganization() ); + // ( DO NOT REMOVE ) Execute any post processing which may be overridden by external classes using UG as + // a dependency + management.createAdminUserPostProcessing(organizationOwner.getOwner(), null); + management.createOrganizationPostProcessing(organizationOwner.getOrganization(), null); + management.addUserToOrganizationPostProcessing(organizationOwner.getOwner(), organizationName, null); + response.setData( organizationOwner ); response.setSuccess(); @@ -228,22 +240,4 @@ public class OrganizationsResource extends AbstractContextResource { return response; } - /* - * @POST - * - * @Consumes(MediaType.MULTIPART_FORM_DATA) public JSONWithPadding - * newOrganizationFromMultipart(@Context UriInfo ui, - * - * @FormDataParam("organization") String organization, - * - * @FormDataParam("username") String username, - * - * @FormDataParam("name") String name, - * - * @FormDataParam("email") String email, - * - * @FormDataParam("password") String password) throws Exception { return - * newOrganizationFromForm(ui, organization, username, name, email, - * password); } - */ } http://git-wip-us.apache.org/repos/asf/usergrid/blob/32204b9f/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/users/UsersResource.java ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/users/UsersResource.java b/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/users/UsersResource.java index dad2c14..3b70c06 100644 --- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/users/UsersResource.java +++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/users/UsersResource.java @@ -141,6 +141,10 @@ public class UsersResource extends AbstractContextResource { management.startAdminUserPasswordResetFlow(organization.getUuid(), user); } } + + // DO NOT REMOVE - used for external classes to hook into any post-processing + management.createAdminUserPostProcessing(user, null); + } if ( user == null ) { @@ -149,6 +153,9 @@ public class UsersResource extends AbstractContextResource { management.addAdminUserToOrganization( user, organization, true ); + // DO NOT REMOVE - used for external classes to hook into any post-processing + management.addUserToOrganizationPostProcessing(user, organization.getName(), null); + Map<String, Object> result = new LinkedHashMap<String, Object>(); result.put( "user", user ); response.setData( result ); @@ -157,26 +164,6 @@ public class UsersResource extends AbstractContextResource { return response; } - /* - * @RequireOrganizationAccess - * - * @POST - * - * @Consumes(MediaType.MULTIPART_FORM_DATA) public JSONWithPadding - * newUserForOrganizationFromMultipart( - * - * @Context UriInfo ui, @FormDataParam("username") String username, - * - * @FormDataParam("name") String name, - * - * @FormDataParam("email") String email, - * - * @FormDataParam("password") String password) throws Exception { - * - * return newUserForOrganizationFromForm(ui, username, name, email, - * password); } - */ - @RequireOrganizationAccess @PUT @@ -196,6 +183,9 @@ public class UsersResource extends AbstractContextResource { } management.addAdminUserToOrganization( user, organization, true ); + // DO NOT REMOVE - used for external classes to hook into any post-processing + management.addUserToOrganizationPostProcessing(user, organization.getName(), null); + Map<String, Object> result = new LinkedHashMap<String, Object>(); result.put( "user", user ); response.setData( result ); @@ -223,6 +213,9 @@ public class UsersResource extends AbstractContextResource { } management.addAdminUserToOrganization( user, organization, true ); + // DO NOT REMOVE - used for external classes to hook into any post-processing + management.addUserToOrganizationPostProcessing(user, organization.getName(), null); + Map<String, Object> result = new LinkedHashMap<String, Object>(); result.put( "user", user ); response.setData( result ); @@ -258,6 +251,9 @@ public class UsersResource extends AbstractContextResource { } management.addAdminUserToOrganization( user, organization, true ); + // DO NOT REMOVE - used for external classes to hook into any post-processing + management.addUserToOrganizationPostProcessing(user, organization.getName(), null); + Map<String, Object> result = new LinkedHashMap<String, Object>(); result.put( "user", user ); response.setData( result ); @@ -284,6 +280,9 @@ public class UsersResource extends AbstractContextResource { } management.removeAdminUserFromOrganization( user.getUuid(), organization.getUuid() ); + // DO NOT REMOVE - used for external classes to hook into any post-processing + management.removeUserFromOrganizationPostProcessing(user, organization.getName(), null); + Map<String, Object> result = new LinkedHashMap<String, Object>(); result.put( "user", user ); response.setData( result ); @@ -320,6 +319,9 @@ public class UsersResource extends AbstractContextResource { } management.removeAdminUserFromOrganization( user.getUuid(), organization.getUuid() ); + // DO NOT REMOVE - used for external classes to hook into any post-processing + management.removeUserFromOrganizationPostProcessing(user, organization.getName(), null); + Map<String, Object> result = new LinkedHashMap<String, Object>(); result.put( "user", user ); response.setData( result ); @@ -347,6 +349,9 @@ public class UsersResource extends AbstractContextResource { } management.removeAdminUserFromOrganization( user.getUuid(), organization.getUuid() ); + // DO NOT REMOVE - used for external classes to hook into any post-processing + management.removeUserFromOrganizationPostProcessing(user, organization.getName(), null); + Map<String, Object> result = new LinkedHashMap<String, Object>(); result.put( "user", user ); response.setData( result ); http://git-wip-us.apache.org/repos/asf/usergrid/blob/32204b9f/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java index 0e89294..af37cf5 100644 --- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java +++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java @@ -102,6 +102,12 @@ public class UserResource extends AbstractContextResource { @QueryParam( "callback" ) @DefaultValue( "callback" ) String callback ) throws Exception { + if ( tokens.isExternalSSOProviderEnabled() && !isServiceAdmin() ) { + throw new IllegalArgumentException( "External SSO integration is enabled, admin users must update" + + " info via provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER) ); + } + + if ( json == null ) { return null; } @@ -136,7 +142,7 @@ public class UserResource extends AbstractContextResource { @QueryParam( "callback" ) @DefaultValue( "callback" ) String callback ) throws Exception { - if ( tokens.isExternalSSOProviderEnabled() ) { + if ( tokens.isExternalSSOProviderEnabled() && !isServiceAdmin() ) { throw new IllegalArgumentException( "External SSO integration is enabled, admin users must reset passwords via" + " provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER) ); } @@ -222,7 +228,7 @@ public class UserResource extends AbstractContextResource { @Produces( MediaType.TEXT_HTML ) public Viewable showPasswordResetForm( @Context UriInfo ui, @QueryParam( "token" ) String token ) { - if ( tokens.isExternalSSOProviderEnabled() ) { + if ( tokens.isExternalSSOProviderEnabled() && !isServiceAdmin() ) { throw new IllegalArgumentException( "External SSO integration is enabled, admin users must reset password via" + " provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER) ); } @@ -266,7 +272,7 @@ public class UserResource extends AbstractContextResource { logger.trace("handlePasswordResetForm"); } - if ( tokens.isExternalSSOProviderEnabled() ) { + if ( tokens.isExternalSSOProviderEnabled() && !isServiceAdmin() ) { throw new IllegalArgumentException( "External SSO integration is enabled, admin users must reset password via" + " provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER) ); } @@ -352,7 +358,7 @@ public class UserResource extends AbstractContextResource { @Produces( MediaType.TEXT_HTML ) public Viewable activate( @Context UriInfo ui, @QueryParam( "token" ) String token ) { - if ( tokens.isExternalSSOProviderEnabled() ) { + if ( tokens.isExternalSSOProviderEnabled() && !isServiceAdmin() ) { throw new IllegalArgumentException( "External SSO integration is enabled, admin users must activate via" + " provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER) ); } @@ -382,7 +388,7 @@ public class UserResource extends AbstractContextResource { @Produces( MediaType.TEXT_HTML ) public Viewable confirm( @Context UriInfo ui, @QueryParam( "token" ) String token ) { - if ( tokens.isExternalSSOProviderEnabled() ) { + if ( tokens.isExternalSSOProviderEnabled() && !isServiceAdmin() ) { throw new IllegalArgumentException( "External SSO integration is enabled, admin users must confirm " + "via provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER ) ); } @@ -418,7 +424,7 @@ public class UserResource extends AbstractContextResource { @QueryParam( "callback" ) @DefaultValue( "callback" ) String callback ) throws Exception { - if ( tokens.isExternalSSOProviderEnabled() ) { + if ( tokens.isExternalSSOProviderEnabled() && !isServiceAdmin() ) { throw new IllegalArgumentException( "External SSO integration is enabled, admin user must re-activate " + "via provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER ) ); } @@ -442,7 +448,7 @@ public class UserResource extends AbstractContextResource { @QueryParam( "callback" ) @DefaultValue( "callback" ) String callback ) throws Exception { - if ( tokens.isExternalSSOProviderEnabled() ) { + if ( tokens.isExternalSSOProviderEnabled() && !isServiceAdmin() ) { throw new IllegalArgumentException( "External SSO integration is enabled, admin user tokens must be revoked " + "via provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER) ); } @@ -479,7 +485,7 @@ public class UserResource extends AbstractContextResource { @QueryParam( "callback" ) @DefaultValue( "callback" ) String callback, @QueryParam( "token" ) String token ) throws Exception { - if ( tokens.isExternalSSOProviderEnabled() ) { + if ( tokens.isExternalSSOProviderEnabled() && !isServiceAdmin() ) { throw new IllegalArgumentException( "External SSO integration is enabled, admin user token must be revoked via " + "via provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER ) ); } http://git-wip-us.apache.org/repos/asf/usergrid/blob/32204b9f/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UsersResource.java ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UsersResource.java b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UsersResource.java index 607c3e0..6999841 100644 --- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UsersResource.java +++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UsersResource.java @@ -45,6 +45,7 @@ import java.util.UUID; import static org.apache.commons.lang.StringUtils.isBlank; import static org.apache.usergrid.rest.exceptions.SecurityException.mappableSecurityException; +import static org.apache.usergrid.security.shiro.utils.SubjectUtils.isServiceAdmin; import static org.apache.usergrid.security.tokens.cassandra.TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER_URL; @@ -115,7 +116,7 @@ public class UsersResource extends AbstractContextResource { @QueryParam( "callback" ) @DefaultValue( "callback" ) String callback ) throws Exception { - if ( tokens.isExternalSSOProviderEnabled() ) { + if ( tokens.isExternalSSOProviderEnabled() && !isServiceAdmin() ) { throw new IllegalArgumentException( "External SSO integration is enabled, admin users registering without an org" + " must do so via provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER) ); } @@ -154,31 +155,23 @@ public class UsersResource extends AbstractContextResource { throw mappableSecurityException( AuthErrorInfo.BAD_CREDENTIALS_SYNTAX_ERROR ); } + // DO NOT REMOVE - used for external classes to hook into any post-processing + management.createAdminUserPostProcessing(user, null); + return response; } - /* - * @POST - * - * @Consumes(MediaType.MULTIPART_FORM_DATA) public JSONWithPadding - * createUserFromMultipart(@Context UriInfo ui, - * - * @FormDataParam("username") String username, - * - * @FormDataParam("name") String name, - * - * @FormDataParam("email") String email, - * - * @FormDataParam("password") String password) throws Exception { - * - * return createUser(ui, username, name, email, password); } - */ - @GET @Path( "resetpw" ) @Produces( MediaType.TEXT_HTML ) public Viewable showPasswordResetForm( @Context UriInfo ui ) { + + if ( tokens.isExternalSSOProviderEnabled() && !isServiceAdmin() ) { + throw new IllegalArgumentException( "External SSO integration is enabled, admin users must reset password via" + + " provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER) ); + } + return handleViewable( "resetpw_email_form", this ); } @@ -191,6 +184,11 @@ public class UsersResource extends AbstractContextResource { @FormParam( "recaptcha_challenge_field" ) String challenge, @FormParam( "recaptcha_response_field" ) String uresponse ) { + if ( tokens.isExternalSSOProviderEnabled() && !isServiceAdmin() ) { + throw new IllegalArgumentException( "External SSO integration is enabled, admin users must reset password via" + + " provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER) ); + } + try { if ( isBlank( email ) ) { errorMsg = "No email provided, try again..."; http://git-wip-us.apache.org/repos/asf/usergrid/blob/32204b9f/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/organizations/OrganizationsResource.java ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/organizations/OrganizationsResource.java b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/organizations/OrganizationsResource.java index dfbe7af..e9a5f53 100644 --- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/organizations/OrganizationsResource.java +++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/organizations/OrganizationsResource.java @@ -95,6 +95,10 @@ public class OrganizationsResource extends AbstractContextResource { management.activateOrganization( organization ); + // DO NOT REMOVE - used for external classes to hook into any post-processing + management.createOrganizationPostProcessing(organization, null); + management.addUserToOrganizationPostProcessing(user, organizationName, null); + return response; } @@ -122,6 +126,10 @@ public class OrganizationsResource extends AbstractContextResource { management.activateOrganization( organization ); + // DO NOT REMOVE - used for external classes to hook into any post-processing + management.createOrganizationPostProcessing(organization, null); + management.addUserToOrganizationPostProcessing(user, organizationName, null); + return response; } @@ -142,6 +150,10 @@ public class OrganizationsResource extends AbstractContextResource { OrganizationInfo organization = management.getOrganizationByName( organizationName ); management.addAdminUserToOrganization( user, organization, true ); + + // DO NOT REMOVE - used for external classes to hook into any post-processing + management.addUserToOrganizationPostProcessing(user, organizationName, null); + response.setData( organization ); return response; } @@ -160,6 +172,10 @@ public class OrganizationsResource extends AbstractContextResource { OrganizationInfo organization = management.getOrganizationByUuid( UUID.fromString( organizationIdStr ) ); management.addAdminUserToOrganization( user, organization, true ); + + // DO NOT REMOVE - used for external classes to hook into any post-processing + management.addUserToOrganizationPostProcessing(user, organization.getName(), null); + response.setData( organization ); return response; } @@ -182,6 +198,10 @@ public class OrganizationsResource extends AbstractContextResource { OrganizationInfo organization = management.getOrganizationByUuid( UUID.fromString( organizationIdStr ) ); management.removeAdminUserFromOrganization( user.getUuid(), organization.getUuid() ); + + // DO NOT REMOVE - used for external classes to hook into any post-processing + management.removeUserFromOrganizationPostProcessing(user, organization.getName(), null); + response.setData( organization ); return response; } @@ -203,6 +223,10 @@ public class OrganizationsResource extends AbstractContextResource { response.setAction( "remove user from organization" ); OrganizationInfo organization = management.getOrganizationByName( organizationName ); management.removeAdminUserFromOrganization( user.getUuid(), organization.getUuid() ); + + // DO NOT REMOVE - used for external classes to hook into any post-processing + management.removeUserFromOrganizationPostProcessing(user, organizationName, null); + response.setData( organization ); return response; http://git-wip-us.apache.org/repos/asf/usergrid/blob/32204b9f/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java b/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java index 85e6210..ede6c35 100644 --- a/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java +++ b/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java @@ -254,7 +254,7 @@ public class SecuredResourceFilterFactory implements DynamicFeature { logger.trace("SysadminLocalhostFilter.authorize"); } - if (!request.getSecurityContext().isUserInRole( ROLE_SERVICE_ADMIN )) { + if ( !isServiceAdmin() && !isBasicAuthServiceAdmin(request)) { // not a sysadmin request return; } @@ -303,7 +303,7 @@ public class SecuredResourceFilterFactory implements DynamicFeature { logger.trace("OrganizationFilter.authorize"); } - if ( !isPermittedAccessToOrganization( getOrganizationIdentifier() ) ) { + if ( !isPermittedAccessToOrganization( getOrganizationIdentifier() ) && !isBasicAuthServiceAdmin(request) ) { if (logger.isTraceEnabled()) { logger.trace("No organization access authorized"); } @@ -375,7 +375,7 @@ public class SecuredResourceFilterFactory implements DynamicFeature { throw mappableSecurityException( "unauthorized", "No application guest access authorized" ); } } - if ( !isPermittedAccessToApplication( getApplicationIdentifier() ) ) { + if ( !isPermittedAccessToApplication( getApplicationIdentifier() ) && !isBasicAuthServiceAdmin(request) ) { throw mappableSecurityException( "unauthorized", "No application access authorized" ); } } @@ -397,7 +397,7 @@ public class SecuredResourceFilterFactory implements DynamicFeature { logger.trace("SystemFilter.authorize"); } try { - if (!request.getSecurityContext().isUserInRole( ROLE_SERVICE_ADMIN )) { + if (!isBasicAuthServiceAdmin(request) && !isServiceAdmin()) { if (logger.isTraceEnabled()) { logger.trace("You are not the system admin."); } @@ -429,7 +429,7 @@ public class SecuredResourceFilterFactory implements DynamicFeature { if (logger.isTraceEnabled()) { logger.trace("AdminUserFilter.authorize"); } - if (!isUser( getUserIdentifier() ) && !isServiceAdmin() ) { + if (!isUser( getUserIdentifier() ) && !isServiceAdmin() && !isBasicAuthServiceAdmin(request) ) { throw mappableSecurityException( "unauthorized", "No admin user access authorized" ); } } @@ -539,5 +539,11 @@ public class SecuredResourceFilterFactory implements DynamicFeature { } } + private static boolean isBasicAuthServiceAdmin(ContainerRequestContext request){ + + return request.getSecurityContext().isUserInRole( ROLE_SERVICE_ADMIN ); + + } + } http://git-wip-us.apache.org/repos/asf/usergrid/blob/32204b9f/stack/services/src/main/java/org/apache/usergrid/management/ManagementService.java ---------------------------------------------------------------------- diff --git a/stack/services/src/main/java/org/apache/usergrid/management/ManagementService.java b/stack/services/src/main/java/org/apache/usergrid/management/ManagementService.java index a161a27..5ac1713 100644 --- a/stack/services/src/main/java/org/apache/usergrid/management/ManagementService.java +++ b/stack/services/src/main/java/org/apache/usergrid/management/ManagementService.java @@ -371,4 +371,21 @@ public interface ManagementService { void updateOrganizationConfig( OrganizationConfig organizationConfig ) throws Exception; Observable<Id> deleteAllEntities(final UUID applicationId,final int limit); + + + // DO NOT REMOVE BELOW METHODS, THEY ARE HERE TO ALLOW EXTERNAL CLASSES TO OVERRIDE AND HOOK INTO POST PROCESSING + void createOrganizationPostProcessing( final OrganizationInfo orgInfo, + final Map<String, String> properties ) throws Exception; + + void createAdminUserPostProcessing( final UserInfo userInfo, + final Map<String, String> properties ) throws Exception; + + void addUserToOrganizationPostProcessing( final UserInfo userInfo, + final String organizationName, + final Map<String, String> properties ) throws Exception; + + void removeUserFromOrganizationPostProcessing( final UserInfo userInfo, + final String organizationName, + final Map<String, String> properties ) throws Exception; + } http://git-wip-us.apache.org/repos/asf/usergrid/blob/32204b9f/stack/services/src/main/java/org/apache/usergrid/management/cassandra/AccountCreationPropsImpl.java ---------------------------------------------------------------------- diff --git a/stack/services/src/main/java/org/apache/usergrid/management/cassandra/AccountCreationPropsImpl.java b/stack/services/src/main/java/org/apache/usergrid/management/cassandra/AccountCreationPropsImpl.java index 7c6a091..552f74b 100644 --- a/stack/services/src/main/java/org/apache/usergrid/management/cassandra/AccountCreationPropsImpl.java +++ b/stack/services/src/main/java/org/apache/usergrid/management/cassandra/AccountCreationPropsImpl.java @@ -86,7 +86,9 @@ public class AccountCreationPropsImpl implements AccountCreationProps { public String getProperty( String name ) { String propertyValue = properties.getProperty( name ); if ( isBlank( propertyValue ) ) { - logger.warn( "Missing value for {}", name ); + if ( logger.isDebugEnabled() ) { + logger.debug("Missing value for {}", name); + } propertyValue = null; } return propertyValue; http://git-wip-us.apache.org/repos/asf/usergrid/blob/32204b9f/stack/services/src/main/java/org/apache/usergrid/management/cassandra/ManagementServiceImpl.java ---------------------------------------------------------------------- diff --git a/stack/services/src/main/java/org/apache/usergrid/management/cassandra/ManagementServiceImpl.java b/stack/services/src/main/java/org/apache/usergrid/management/cassandra/ManagementServiceImpl.java index 4bd2e4f..21c6983 100644 --- a/stack/services/src/main/java/org/apache/usergrid/management/cassandra/ManagementServiceImpl.java +++ b/stack/services/src/main/java/org/apache/usergrid/management/cassandra/ManagementServiceImpl.java @@ -3494,4 +3494,28 @@ public class ManagementServiceImpl implements ManagementService { localShiroCache.invalidateAll(); } + @Override + public void createOrganizationPostProcessing( final OrganizationInfo orgInfo, + final Map<String,String> properties ){ + // do nothing, this is a hook for any classes extending the ManagementServiceInterface + + } + + @Override + public void createAdminUserPostProcessing( final UserInfo userInfo, final Map<String,String> properties){ + // do nothing, this is a hook for any classes extending the ManagementServiceInterface + } + + @Override + public void addUserToOrganizationPostProcessing( final UserInfo userInfo, final String organizationName, + final Map<String,String> properties){ + // do nothing, this is a hook for any classes extending the ManagementServiceInterface + } + + @Override + public void removeUserFromOrganizationPostProcessing( final UserInfo userInfo, final String organizationName, + final Map<String,String> properties){ + // do nothing, this is a hook for any classes extending the ManagementServiceInterface + } + }
