branch develop updated (2bfa227 -> d2f75e8)
This is an automated email from the git hooks/post-receive script. New change to branch develop in repository observe. See http://git.codelutin.com/observe.git from 2bfa227 Mise à jour du référentiel (Termine #7520). Merge branch 'feature/7520' into develop new eb98b30 recuperation des permission à partir de la BD, et verification de ces permissions à l'execution des service (refs #7523) new d1322f4 gestion des permissions dans la couche serveur REST et client (refs #7523) new 3555d2b Ne pas recréer une configuration topia alors qu'on l'a déjà new d2f75e8 Récupérer les permissions de lecture/écriture sur une source de données PG Termine #7523 The 4 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Detailed log of new commits: commit d2f75e848788034b123dee012571eaf83777f371 Merge: 2bfa227 3555d2b Author: Tony CHEMIT <chemit@codelutin.com> Date: Wed Sep 16 09:30:09 2015 +0200 Récupérer les permissions de lecture/écriture sur une source de données PG Termine #7523 Merge branch 'feature/7523' into develop commit 3555d2bffacfbbf8d925436ff8697dea41017eca Author: Tony CHEMIT <chemit@codelutin.com> Date: Wed Sep 16 09:30:05 2015 +0200 Ne pas recréer une configuration topia alors qu'on l'a déjà commit d1322f4932a331744276bf89d7746a91bc76b0b0 Author: Sylvain Bavencoff <bavencoff@codelutin.com> Date: Tue Sep 15 10:10:22 2015 +0200 gestion des permissions dans la couche serveur REST et client (refs #7523) commit eb98b300a2464634a3ff4686598d551cfa2dba0d Author: Maven Release <maven-release@codelutin.com> Date: Mon Sep 14 16:57:48 2015 +0200 recuperation des permission à partir de la BD, et verification de ces permissions à l'execution des service (refs #7523) Summary of changes: .../web/controller/v1/ConfigurationController.java | 14 +- .../controller/v1/DataSourceServiceController.java | 12 +- .../v1/ObserveServiceControllerSupport.java | 5 +- .../controller/v1/ObserveWebErrorController.java | 7 +- .../web/request/ObserveWebRequestContext.java | 13 ++ .../ObserveWebSecurityApplicationContext.java | 15 +- ...ObserveWebSecurityAuthenticationTokenCache.java | 25 +-- .../services/ObserveServiceInitializer.java | 17 ++ ...bserveDataSourceConfigurationAndConnection.java | 24 +++ .../services/dto/UnauthorizedException.java | 24 +++ .../fr/ird/observe/services/TestClassResource.java | 2 + .../ird/observe/services/TestMethodResource.java | 2 + .../fr/ird/observe/services/ObserveJdbcHelper.java | 59 ++++++ .../services/ObserveServiceFactoryTopia.java | 32 +++ .../ObserveTopiaApplicationContextFactory.java | 10 +- .../services/service/DataSourceServiceTopia.java | 67 ++++++- .../services/service/ReferentialServiceTopia.java | 9 +- .../services/ApplicationContextResource.java | 11 ++ .../ird/observe/services/DataSourceResource.java | 11 ++ .../ObserveDataSourceConnectionTopiaTaiste.java | 15 ++ .../services/service/AbstractServiceTopiaTest.java | 21 +- .../service/DataSourceServiceTopiaTest.java | 5 +- .../fr/ird/observe/services/service/RigthTest.java | 215 +++++++++++++++++++++ 23 files changed, 562 insertions(+), 53 deletions(-) create mode 100644 observe-services-configuration-api/src/main/java/fr/ird/observe/services/configuration/ObserveDataSourceConfigurationAndConnection.java create mode 100644 observe-services-model/src/main/java/fr/ird/observe/services/dto/UnauthorizedException.java create mode 100644 observe-services-topia/src/main/java/fr/ird/observe/services/ObserveJdbcHelper.java create mode 100644 observe-services-topia/src/test/java/fr/ird/observe/services/ObserveDataSourceConnectionTopiaTaiste.java create mode 100644 observe-services-topia/src/test/java/fr/ird/observe/services/service/RigthTest.java -- To stop receiving notification emails like this one, please contact codelutin.com SCM administrator <admin+scm@list.forge.codelutin.com>.
This is an automated email from the git hooks/post-receive script. New commit to branch develop in repository observe. See http://git.codelutin.com/observe.git commit eb98b300a2464634a3ff4686598d551cfa2dba0d Author: Maven Release <maven-release@codelutin.com> Date: Mon Sep 14 16:57:48 2015 +0200 recuperation des permission à partir de la BD, et verification de ces permissions à l'execution des service (refs #7523) --- .../services/dto/UnauthorizedException.java | 24 +++ .../fr/ird/observe/services/TestClassResource.java | 2 + .../ird/observe/services/TestMethodResource.java | 2 + .../fr/ird/observe/services/ObserveJdbcHelper.java | 59 ++++++ .../services/ObserveServiceFactoryTopia.java | 32 +++ .../ObserveTopiaApplicationContextFactory.java | 10 +- .../services/service/DataSourceServiceTopia.java | 67 ++++++- .../services/service/ReferentialServiceTopia.java | 9 +- .../services/ApplicationContextResource.java | 11 ++ .../ird/observe/services/DataSourceResource.java | 11 ++ .../ObserveDataSourceConnectionTopiaTaiste.java | 15 ++ .../services/service/AbstractServiceTopiaTest.java | 21 +- .../service/DataSourceServiceTopiaTest.java | 5 +- .../fr/ird/observe/services/service/RigthTest.java | 215 +++++++++++++++++++++ 14 files changed, 465 insertions(+), 18 deletions(-) diff --git a/observe-services-model/src/main/java/fr/ird/observe/services/dto/UnauthorizedException.java b/observe-services-model/src/main/java/fr/ird/observe/services/dto/UnauthorizedException.java new file mode 100644 index 0000000..b9f15d0 --- /dev/null +++ b/observe-services-model/src/main/java/fr/ird/observe/services/dto/UnauthorizedException.java @@ -0,0 +1,24 @@ +package fr.ird.observe.services.dto; + +/** + * @author Sylvain Bavencoff - bavencoff@codelutin.com + */ +public class UnauthorizedException extends RuntimeException { + + protected final String className; + + protected final String methodName; + + public UnauthorizedException(String className, String methodName) { + this.className = className; + this.methodName = methodName; + } + + public String getClassName() { + return className; + } + + public String getMethodName() { + return methodName; + } +} diff --git a/observe-services-rest/src/test/java/fr/ird/observe/services/TestClassResource.java b/observe-services-rest/src/test/java/fr/ird/observe/services/TestClassResource.java index 31b0523..3ad06b0 100644 --- a/observe-services-rest/src/test/java/fr/ird/observe/services/TestClassResource.java +++ b/observe-services-rest/src/test/java/fr/ird/observe/services/TestClassResource.java @@ -59,6 +59,8 @@ public class TestClassResource implements TestRule { public TestClassResource() { this("http://localhost:8080/observeweb/api/v1"); + // pour les test sur Demo + //this("http://demo.codelutin.com/observeweb-latest/api/v1"); } public TestClassResource(String serverUrl) { diff --git a/observe-services-rest/src/test/java/fr/ird/observe/services/TestMethodResource.java b/observe-services-rest/src/test/java/fr/ird/observe/services/TestMethodResource.java index df82194..c71d292 100644 --- a/observe-services-rest/src/test/java/fr/ird/observe/services/TestMethodResource.java +++ b/observe-services-rest/src/test/java/fr/ird/observe/services/TestMethodResource.java @@ -62,6 +62,8 @@ public class TestMethodResource implements TestRule { public TestMethodResource(TestClassResource testClassResource, String databaseName) { this(testClassResource, databaseName, "admin", 'a'); + // pour les tests sur demo + //this(testClassResource, databaseName, "admin", ";;dm8-admin..".toCharArray()); } public TestMethodResource(TestClassResource testClassResource, String databaseName, String login, char... password) { diff --git a/observe-services-topia/src/main/java/fr/ird/observe/services/ObserveJdbcHelper.java b/observe-services-topia/src/main/java/fr/ird/observe/services/ObserveJdbcHelper.java new file mode 100644 index 0000000..0b8d347 --- /dev/null +++ b/observe-services-topia/src/main/java/fr/ird/observe/services/ObserveJdbcHelper.java @@ -0,0 +1,59 @@ +package fr.ird.observe.services; + +import com.google.common.collect.Sets; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.nuiton.topia.persistence.jdbc.JdbcConfiguration; +import org.nuiton.topia.persistence.jdbc.JdbcHelper; + +import java.sql.Connection; +import java.sql.DatabaseMetaData; +import java.sql.PreparedStatement; +import java.sql.ResultSet; +import java.sql.SQLException; +import java.util.Set; + +/** + * @author Sylvain Bavencoff - bavencoff@codelutin.com + */ +public class ObserveJdbcHelper extends JdbcHelper { + + private static final Log log = LogFactory.getLog(ObserveJdbcHelper.class); + + public ObserveJdbcHelper(JdbcConfiguration jdbcConfiguration) { + super(jdbcConfiguration); + } + + public Set<String> getTablePrivileges(String tableName) { + Connection connection = null; + PreparedStatement preparedStatement = null; + try { + connection = openConnection(); + DatabaseMetaData metaData = connection.getMetaData(); + ResultSet observerDataPrivilege = metaData.getTablePrivileges(null, null, tableName); + + Set<String> tablePrivileges = Sets.newHashSet(); + + while (observerDataPrivilege.next()) { + String security = observerDataPrivilege.getString("PRIVILEGE"); + String grantee = observerDataPrivilege.getString("GRANTEE"); + if (grantee.equals(jdbcConfiguration.getJdbcConnectionUser())) { + if (log.isDebugEnabled()) { + log.debug("for " + tableName + " table " + grantee + '/' + security); + } + tablePrivileges.add(security); + } + } + + return tablePrivileges; + + } catch (SQLException e) { + throw new RuntimeException(e); + } finally { + closeQuietly(preparedStatement); + closeQuietly(connection); + } + + } + +} diff --git a/observe-services-topia/src/main/java/fr/ird/observe/services/ObserveServiceFactoryTopia.java b/observe-services-topia/src/main/java/fr/ird/observe/services/ObserveServiceFactoryTopia.java index afa42cc..9220b3f 100644 --- a/observe-services-topia/src/main/java/fr/ird/observe/services/ObserveServiceFactoryTopia.java +++ b/observe-services-topia/src/main/java/fr/ird/observe/services/ObserveServiceFactoryTopia.java @@ -32,8 +32,13 @@ import fr.ird.observe.services.configuration.ObserveDataSourceConfiguration; import fr.ird.observe.services.configuration.ObserveDataSourceConfigurationTopiaSupport; import fr.ird.observe.services.configuration.ObserveDataSourceConnection; import fr.ird.observe.services.configuration.ObserveDataSourceConnectionTopia; +import fr.ird.observe.services.dto.UnauthorizedException; import fr.ird.observe.services.spi.NoDataAccess; +import fr.ird.observe.services.spi.ReadDataPermission; +import fr.ird.observe.services.spi.ReadReferentialPermission; import fr.ird.observe.services.spi.Write; +import fr.ird.observe.services.spi.WriteDataPermission; +import fr.ird.observe.services.spi.WriteReferentialPermission; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -188,6 +193,33 @@ public class ObserveServiceFactoryTopia extends ObserveServiceFactorySupport { serviceContext.setTopiaApplicationContext(topiaApplicationContext); } + + if (method.isAnnotationPresent(ReadDataPermission.class) + || method.isAnnotationPresent(WriteDataPermission.class) + || method.isAnnotationPresent(ReadReferentialPermission.class) + || method.isAnnotationPresent(WriteReferentialPermission.class)) { + + if (serviceContext.withDataSourceConnection()) { + + ObserveDataSourceConnectionTopia dataSourceConnection = serviceContext.getDataSourceConnection(); + + if (method.isAnnotationPresent(ReadDataPermission.class) && !dataSourceConnection.canReadData() + || method.isAnnotationPresent(WriteDataPermission.class) && !dataSourceConnection.canWriteData() + || method.isAnnotationPresent(ReadReferentialPermission.class) && !dataSourceConnection.canReadReferential() + || method.isAnnotationPresent(WriteReferentialPermission.class) && !dataSourceConnection.canWriteReferential()) { + + throw new UnauthorizedException(method.getClass().getCanonicalName(), method.getName()); + + } + + } else { + + throw new UnauthorizedException(method.getClass().getCanonicalName(), method.getName()); + + } + + } + result = invokeMethodWithTransaction(method, args); } diff --git a/observe-services-topia/src/main/java/fr/ird/observe/services/ObserveTopiaApplicationContextFactory.java b/observe-services-topia/src/main/java/fr/ird/observe/services/ObserveTopiaApplicationContextFactory.java index 6cc4414..88602dc 100644 --- a/observe-services-topia/src/main/java/fr/ird/observe/services/ObserveTopiaApplicationContextFactory.java +++ b/observe-services-topia/src/main/java/fr/ird/observe/services/ObserveTopiaApplicationContextFactory.java @@ -121,7 +121,7 @@ public class ObserveTopiaApplicationContextFactory { } - protected static ObserveTopiaApplicationContext createTopiaApplicationContext(ObserveDataSourceConfigurationTopiaPG configuration, boolean initSchema) { + public static ObserveTopiaConfiguration createTopiaConfiguration(ObserveDataSourceConfigurationTopiaPG configuration, boolean initSchema) { ObserveTopiaConfiguration topiaConfiguration = ObserveTopiaConfigurationFactory.forPostgresqlDatabase( configuration.getJdbcUrl(), @@ -136,6 +136,14 @@ public class ObserveTopiaApplicationContextFactory { if (log.isInfoEnabled()) { log.info("PG Topia configuration: " + topiaConfiguration); } + return topiaConfiguration; + } + + + protected static ObserveTopiaApplicationContext createTopiaApplicationContext(ObserveDataSourceConfigurationTopiaPG configuration, boolean initSchema) { + + ObserveTopiaConfiguration topiaConfiguration = createTopiaConfiguration(configuration, initSchema); + ObserveTopiaApplicationContext topiaApplicationContext = new MyObserveTopiaApplicationContext(topiaConfiguration, configuration); return topiaApplicationContext; diff --git a/observe-services-topia/src/main/java/fr/ird/observe/services/service/DataSourceServiceTopia.java b/observe-services-topia/src/main/java/fr/ird/observe/services/service/DataSourceServiceTopia.java index ca17879..246b848 100644 --- a/observe-services-topia/src/main/java/fr/ird/observe/services/service/DataSourceServiceTopia.java +++ b/observe-services-topia/src/main/java/fr/ird/observe/services/service/DataSourceServiceTopia.java @@ -28,6 +28,7 @@ import com.google.common.collect.ImmutableSet; import fr.ird.observe.ObserveTopiaApplicationContext; import fr.ird.observe.ObserveTopiaConfiguration; import fr.ird.observe.ObserveTopiaConfigurationFactory; +import fr.ird.observe.services.ObserveJdbcHelper; import fr.ird.observe.services.ObserveServiceTopia; import fr.ird.observe.services.ObserveTopiaApplicationContextFactory; import fr.ird.observe.services.configuration.ObserveDataSourceConfiguration; @@ -44,6 +45,7 @@ import org.nuiton.topia.persistence.jdbc.JdbcHelper; import java.io.File; import java.io.IOException; +import java.util.Set; import static org.nuiton.i18n.I18n.l; @@ -294,16 +296,57 @@ public class DataSourceServiceTopia extends ObserveServiceTopia implements DataS writeReferential = false; readData = true; writeData = true; + } else { + ObserveDataSourceConfigurationTopiaPG dataSourceConfigurationPG = (ObserveDataSourceConfigurationTopiaPG) dataSourceConfiguration; + + ObserveTopiaConfiguration topiaConfiguration = ObserveTopiaApplicationContextFactory.createTopiaConfiguration(dataSourceConfigurationPG, false); + + ObserveJdbcHelper observeJdbcHelper = new ObserveJdbcHelper(topiaConfiguration); + + // on recherche les droits de l'utilisateur sur cette base + + //TODO chemit 2010-10-28 : il vaudrait mieux utiliser les fonctions postgres adpéquates qui elle sont fiables... + //FIXME la recuperation des meta-donnees n'est pas fiable! + //FIXME en effet, sur un simple lecteur, on voit apparaître aussi + //FIXME des privileges INSERT ou UPDATE... + + // on pourrait utiliser une requete specifique postgres : + + // select count(*) from information_schema.table_privileges where + // grantee='ROLE' and table_name='maree' and + // privilege_type='INSERT'; + + // cependant cela n'est pas mieux car la requete peut ne pas etre + // extacte si l'utilisateur n'a pas les bons droits.... + + // la meilleure solution serait je pense de poser 2 fonctions + // stockées dans pg canWriteData, canWrite pour etre sur du resultat + + // recherche des droits sur les données observers + Set<String> dataPrivileges = observeJdbcHelper.getTablePrivileges("trip"); + + readData = canRead(dataPrivileges); + writeData = canWrite(dataPrivileges); + + + // recherche des droits sur le referentiel + Set<String> referentielPrivileges = observeJdbcHelper.getTablePrivileges("vessel"); + // Sur une base PG, on regarde en base ce que l'utilisateur peut lire/écrire - //FIXME A remplir apèrs avoir lue les droits sur le schema readReferential = true; - writeReferential = true; - readData = true; - writeData = true; + writeReferential = canWrite(referentielPrivileges); + + } + if (log.isDebugEnabled()) { + log.debug("User can read refererential : " + readReferential + ", " + + "write referential : " + writeReferential + ", " + + "read data : " + readData + ", " + + "write data : " + writeData + "."); } + ObserveDataSourceConnectionTopia dataSourceConnection = new ObserveDataSourceConnectionTopia( authenticationToken, readReferential, @@ -313,4 +356,20 @@ public class DataSourceServiceTopia extends ObserveServiceTopia implements DataS return dataSourceConnection; } + protected static boolean canWrite(Set<?> privileges) { + boolean result = privileges != null && + privileges.contains("DELETE") && + privileges.contains("UPDATE") && + privileges.contains("INSERT"); + return result; + } + + protected static boolean canRead(Set<?> privileges) { + // seul les utilisateurs avec au moins un droit sur les donnes + // observer peut les lire + boolean result = privileges != null && + ! privileges.isEmpty(); + return result; + } + } diff --git a/observe-services-topia/src/main/java/fr/ird/observe/services/service/ReferentialServiceTopia.java b/observe-services-topia/src/main/java/fr/ird/observe/services/service/ReferentialServiceTopia.java index ff11b37..70b7b16 100644 --- a/observe-services-topia/src/main/java/fr/ird/observe/services/service/ReferentialServiceTopia.java +++ b/observe-services-topia/src/main/java/fr/ird/observe/services/service/ReferentialServiceTopia.java @@ -88,8 +88,8 @@ public class ReferentialServiceTopia extends ObserveServiceTopia implements Refe public <D extends ReferentialDto> String save(FormDto<D> form) { Class<D> dtoType = form.getType(); - TopiaEntity entity = referentialDtoToEntity(form.getForm()); Class<TopiaEntity> entityType = getEntityType(dtoType); + TopiaEntity entity = dtoToEntity(dtoType, entityType, form.getForm()); entity = saveEntity(entityType, entity); FormDto<D> model = entityToEditFormDto(dtoType, entityType, entity); return model.getForm().getId(); @@ -107,11 +107,4 @@ public class ReferentialServiceTopia extends ObserveServiceTopia implements Refe deleteEntity(dtoType, entityType, ids); } - protected <D extends ReferentialDto, E extends TopiaEntity> E referentialDtoToEntity(D dto) { - Class<D> aClass = (Class<D>) dto.getClass(); - Class<TopiaEntity> entityType = getEntityType(aClass); - E entity = null; - return null; - } - } diff --git a/observe-services-topia/src/test/java/fr/ird/observe/services/ApplicationContextResource.java b/observe-services-topia/src/test/java/fr/ird/observe/services/ApplicationContextResource.java index a6332fe..cea80a5 100644 --- a/observe-services-topia/src/test/java/fr/ird/observe/services/ApplicationContextResource.java +++ b/observe-services-topia/src/test/java/fr/ird/observe/services/ApplicationContextResource.java @@ -26,6 +26,7 @@ import fr.ird.observe.ObserveTopiaApplicationContext; import fr.ird.observe.ObserveTopiaPersistenceContext; import fr.ird.observe.services.configuration.ObserveDataSourceConfiguration; import fr.ird.observe.services.configuration.ObserveDataSourceConfigurationTopiaH2; +import fr.ird.observe.services.configuration.ObserveDataSourceConnection; import fr.ird.observe.services.dto.constants.ReferentialLocale; import fr.ird.observe.test.TestHelper; import org.apache.commons.logging.Log; @@ -87,6 +88,16 @@ public class ApplicationContextResource implements TestRule { return serviceFactory.newService(observeServiceInitializer, serviceType); } + public <S extends ObserveService> S newService(ObserveDataSourceConnection dataSourceConnection, Class<S> serviceType) { + ObserveServiceInitializer observeServiceInitializer = ObserveServiceInitializer.create( + Locale.FRANCE, + ReferentialLocale.FR, + temporaryDirectoryRoot.toFile(), + dataSourceConnection + ); + return serviceFactory.newService(observeServiceInitializer, serviceType); + } + public void closeServiceFactory() { serviceFactory.close(); } diff --git a/observe-services-topia/src/test/java/fr/ird/observe/services/DataSourceResource.java b/observe-services-topia/src/test/java/fr/ird/observe/services/DataSourceResource.java index 0c8cb8b..4f57135 100644 --- a/observe-services-topia/src/test/java/fr/ird/observe/services/DataSourceResource.java +++ b/observe-services-topia/src/test/java/fr/ird/observe/services/DataSourceResource.java @@ -28,6 +28,7 @@ import com.google.common.io.Resources; import fr.ird.observe.ObserveTopiaApplicationContext; import fr.ird.observe.ObserveTopiaPersistenceContext; import fr.ird.observe.services.configuration.ObserveDataSourceConfigurationTopiaH2; +import fr.ird.observe.services.configuration.ObserveDataSourceConnection; import fr.ird.observe.services.dto.DataSourceCreateConfigurationDto; import fr.ird.observe.services.dto.DataSourceCreateWithNoReferentialImportException; import fr.ird.observe.services.dto.IncompatibleDataSourceCreateConfigurationException; @@ -64,6 +65,8 @@ public class DataSourceResource implements TestRule { protected ObserveDataSourceConfigurationTopiaH2 dataSourceConfiguration; + protected ObserveDataSourceConnection dataSourceConnection; + protected Set<String> testNamesChangeDataBase; protected String scriptName; @@ -78,6 +81,14 @@ public class DataSourceResource implements TestRule { return dataSourceConfiguration; } + public ObserveDataSourceConnection getDataSourceConnection() { + return dataSourceConnection; + } + + public void setDataSourceConnection(ObserveDataSourceConnection dataSourceConnection) { + this.dataSourceConnection = dataSourceConnection; + } + public byte[] getDatabaseToImportContent(String scriptPath) throws IOException { URL url = getClass().getResource(scriptPath); diff --git a/observe-services-topia/src/test/java/fr/ird/observe/services/ObserveDataSourceConnectionTopiaTaiste.java b/observe-services-topia/src/test/java/fr/ird/observe/services/ObserveDataSourceConnectionTopiaTaiste.java new file mode 100644 index 0000000..c106377 --- /dev/null +++ b/observe-services-topia/src/test/java/fr/ird/observe/services/ObserveDataSourceConnectionTopiaTaiste.java @@ -0,0 +1,15 @@ +package fr.ird.observe.services; + +import fr.ird.observe.services.configuration.ObserveDataSourceConnectionTopia; + +/** + * @author Sylvain Bavencoff - bavencoff@codelutin.com + */ +public class ObserveDataSourceConnectionTopiaTaiste extends ObserveDataSourceConnectionTopia { + + public ObserveDataSourceConnectionTopiaTaiste(String authenticationToken) { + // on se donne tout les droit pour pouvoir tout tester + super(authenticationToken, true, true, true, true); + } + +} diff --git a/observe-services-topia/src/test/java/fr/ird/observe/services/service/AbstractServiceTopiaTest.java b/observe-services-topia/src/test/java/fr/ird/observe/services/service/AbstractServiceTopiaTest.java index 1157dce..dd3197d 100644 --- a/observe-services-topia/src/test/java/fr/ird/observe/services/service/AbstractServiceTopiaTest.java +++ b/observe-services-topia/src/test/java/fr/ird/observe/services/service/AbstractServiceTopiaTest.java @@ -28,8 +28,10 @@ import fr.ird.observe.entities.LastUpdateTypeTopiaDao; import fr.ird.observe.entities.migration.H2DataSourceMigration; import fr.ird.observe.services.ApplicationContextResource; import fr.ird.observe.services.DataSourceResource; +import fr.ird.observe.services.ObserveDataSourceConnectionTopiaTaiste; import fr.ird.observe.services.ObserveService; import fr.ird.observe.services.configuration.ObserveDataSourceConfigurationTopiaH2; +import fr.ird.observe.services.configuration.ObserveDataSourceConnection; import fr.ird.observe.services.dto.ReferenceDto; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -100,11 +102,24 @@ public abstract class AbstractServiceTopiaTest { } - public <S extends ObserveService> S newService(Class<S> serviceType) { + public <S extends ObserveService> S newService(Class<S> serviceType) throws DatabaseConnexionNotAuthorizedException, DatabaseNotFoundException { - ObserveDataSourceConfigurationTopiaH2 dataSourceConfiguration = dataSourceResource.getDataSourceConfiguration(); + ObserveDataSourceConnection dataSourceConnection = dataSourceResource.getDataSourceConnection(); - S service = applicationContextResource.newService(dataSourceConfiguration, serviceType); + if (dataSourceConnection == null) { + + ObserveDataSourceConfigurationTopiaH2 dataSourceConfiguration = dataSourceResource.getDataSourceConfiguration(); + + DataSourceService dataSourceService = applicationContextResource.newService(dataSourceConfiguration, DataSourceService.class); + + dataSourceConnection = dataSourceService.open(dataSourceConfiguration); + + dataSourceConnection = new ObserveDataSourceConnectionTopiaTaiste(dataSourceConnection.getAuthenticationToken()); + + dataSourceResource.setDataSourceConnection(dataSourceConnection); + } + + S service = applicationContextResource.newService(dataSourceConnection, serviceType); return service; } diff --git a/observe-services-topia/src/test/java/fr/ird/observe/services/service/DataSourceServiceTopiaTest.java b/observe-services-topia/src/test/java/fr/ird/observe/services/service/DataSourceServiceTopiaTest.java index b41a88c..aba7451 100644 --- a/observe-services-topia/src/test/java/fr/ird/observe/services/service/DataSourceServiceTopiaTest.java +++ b/observe-services-topia/src/test/java/fr/ird/observe/services/service/DataSourceServiceTopiaTest.java @@ -29,6 +29,7 @@ import fr.ird.observe.services.ApplicationContextResource; import fr.ird.observe.services.DataSourceResource; import fr.ird.observe.services.ObserveTopiaApplicationContextFactory; import fr.ird.observe.services.configuration.ObserveDataSourceConfigurationTopiaH2; +import fr.ird.observe.services.configuration.ObserveDataSourceConnection; import fr.ird.observe.services.dto.DataSourceCreateConfigurationDto; import fr.ird.observe.services.dto.DataSourceCreateWithNoReferentialImportException; import fr.ird.observe.services.dto.IncompatibleDataSourceCreateConfigurationException; @@ -126,10 +127,10 @@ public class DataSourceServiceTopiaTest { } dataSourceConfiguration.setPassword(password); - service.open(dataSourceConfiguration); + ObserveDataSourceConnection dataSourceConnection = service.open(dataSourceConfiguration); // La base n'est pas encore lockée - ReferentialService referentialService = applicationContextResource.newService(dataSourceConfiguration, ReferentialService.class); + ReferentialService referentialService = applicationContextResource.newService(dataSourceConnection, ReferentialService.class); referentialService.getReferentialReferenceSet(GearDto.class); // Base déjà en cours d'utilisation diff --git a/observe-services-topia/src/test/java/fr/ird/observe/services/service/RigthTest.java b/observe-services-topia/src/test/java/fr/ird/observe/services/service/RigthTest.java new file mode 100644 index 0000000..c1fe848 --- /dev/null +++ b/observe-services-topia/src/test/java/fr/ird/observe/services/service/RigthTest.java @@ -0,0 +1,215 @@ +package fr.ird.observe.services.service; + +import fr.ird.observe.services.ObserveService; +import fr.ird.observe.services.ObserveServiceContextTopia; +import fr.ird.observe.services.ObserveServiceContextTopiaTaiste; +import fr.ird.observe.services.ObserveServiceFactoryTopia; +import fr.ird.observe.services.ObserveServiceInitializer; +import fr.ird.observe.services.configuration.ObserveDataSourceConfiguration; +import fr.ird.observe.services.configuration.ObserveDataSourceConfigurationTopiaPG; +import fr.ird.observe.services.configuration.ObserveDataSourceConnection; +import fr.ird.observe.services.dto.FormDto; +import fr.ird.observe.services.dto.UnauthorizedException; +import fr.ird.observe.services.dto.constants.ReferentialLocale; +import fr.ird.observe.services.dto.referential.ProgramDto; +import fr.ird.observe.services.dto.seine.TripSeineDto; +import fr.ird.observe.services.service.seine.TripSeineService; +import fr.ird.observe.test.TestHelper; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Ignore; +import org.junit.Test; + +import java.io.File; +import java.util.Locale; + +/** + * @author Sylvain Bavencoff - bavencoff@codelutin.com + */ +@Ignore +public class RigthTest { + + public static final String TRIP_SEINE_ID = "fr.ird.observe.entities.seine.TripSeine#1359167789871#0.6765335978809843"; + + public static final String PROGRAM_ID = "fr.ird.observe.entities.referentiel.Program#1239832686262#0.31033946454061234"; + + + protected File temporaryDirectoryRoot; + + protected ObserveServiceFactoryTopia serviceFactory; + + @Before + public void before() { + temporaryDirectoryRoot = TestHelper.newFile("testWright"); + + this.serviceFactory = new ObserveServiceFactoryTopia() { + + @Override + protected ObserveServiceContextTopia createServiceContext(ObserveServiceInitializer observeServiceInitializer) { + ObserveServiceContextTopiaTaiste serviceContext = new ObserveServiceContextTopiaTaiste(observeServiceInitializer, mainServiceFactory, this); + return serviceContext; + } + }; + serviceFactory.setMainServiceFactory(serviceFactory); + + + } + + + protected ObserveDataSourceConfigurationTopiaPG createDataSourceConfigurationH2(String login) { + + ObserveDataSourceConfigurationTopiaPG configurationTopiaPG = new ObserveDataSourceConfigurationTopiaPG(); + + configurationTopiaPG.setJdbcUrl("jdbc:postgresql://localhost:5432/obstuna"); + configurationTopiaPG.setUsername(login); + configurationTopiaPG.setPassword('a'); + configurationTopiaPG.setAutoMigrate(true); + + return configurationTopiaPG; + + } + + protected ObserveDataSourceConnection getDataSourceConnection(String login) throws DatabaseConnexionNotAuthorizedException, DatabaseNotFoundException { + + ObserveDataSourceConfigurationTopiaPG adminConfig = createDataSourceConfigurationH2(login); + + DataSourceService dataSourceServices = newService(adminConfig, DataSourceService.class); + + return dataSourceServices.open(adminConfig); + + } + + + + public <S extends ObserveService> S newService(ObserveDataSourceConnection dataSourceConnection, Class<S> serviceType) { + ObserveServiceInitializer observeServiceInitializer = ObserveServiceInitializer.create( + Locale.FRANCE, + ReferentialLocale.FR, + temporaryDirectoryRoot, + dataSourceConnection + ); + return serviceFactory.newService(observeServiceInitializer, serviceType); + } + + public <S extends ObserveService> S newService(ObserveDataSourceConfiguration dataSourceConfiguration, Class<S> serviceType) { + ObserveServiceInitializer observeServiceInitializer = ObserveServiceInitializer.create( + Locale.FRANCE, + ReferentialLocale.FR, + temporaryDirectoryRoot, + dataSourceConfiguration + ); + return serviceFactory.newService(observeServiceInitializer, serviceType); + } + + protected void testUser(String login, boolean readData, boolean writeData, boolean readReferential, boolean writeReferential) throws DatabaseConnexionNotAuthorizedException, DatabaseNotFoundException { + + ObserveDataSourceConfigurationTopiaPG adminConfig = createDataSourceConfigurationH2(login); + + DataSourceService service = newService(adminConfig, DataSourceService.class); + + ObserveDataSourceConnection dataSourceConnection = service.open(adminConfig); + + Assert.assertEquals(readData, dataSourceConnection.canReadData()); + Assert.assertEquals(writeData, dataSourceConnection.canWriteData()); + Assert.assertEquals(readReferential, dataSourceConnection.canReadReferential()); + Assert.assertEquals(writeReferential, dataSourceConnection.canWriteReferential()); + + } + + @Test + public void testAdminRight() throws DatabaseConnexionNotAuthorizedException, DatabaseNotFoundException { + testUser("admin", true, true, true, true); + } + + @Test + public void testTechnicienAdminRight() throws DatabaseConnexionNotAuthorizedException, DatabaseNotFoundException { + testUser("technicien", true, true, true, true); + } + + @Test + public void testUtilisateurRight() throws DatabaseConnexionNotAuthorizedException, DatabaseNotFoundException { + testUser("utilisateur", true, false, true, false); + } + + @Test + public void testReferentielRight() throws DatabaseConnexionNotAuthorizedException, DatabaseNotFoundException { + testUser("referentiel", false, false, true, false); + } + + protected void testReadData(String login) throws DatabaseConnexionNotAuthorizedException, DatabaseNotFoundException { + + ObserveDataSourceConnection dataSourceConnection = getDataSourceConnection(login); + + TripSeineService service = newService(dataSourceConnection, TripSeineService.class); + + service.loadToRead(TRIP_SEINE_ID); + } + + protected void testWriteData(String login) throws DatabaseConnexionNotAuthorizedException, DatabaseNotFoundException { + + ObserveDataSourceConnection dataSourceConnection = getDataSourceConnection(login); + + TripSeineService service = newService(dataSourceConnection, TripSeineService.class); + + FormDto<TripSeineDto> tripSeineDtoFormDto = service.loadToEdit(TRIP_SEINE_ID); + + service.save(tripSeineDtoFormDto); + } + + protected void testReadReferential(String login) throws DatabaseConnexionNotAuthorizedException, DatabaseNotFoundException { + + ObserveDataSourceConnection dataSourceConnection = getDataSourceConnection(login); + + ReferentialService service = newService(dataSourceConnection, ReferentialService.class); + + service.loadToRead(ProgramDto.class, PROGRAM_ID); + } + + protected void testWriteReferential(String login) throws DatabaseConnexionNotAuthorizedException, DatabaseNotFoundException { + + ObserveDataSourceConnection dataSourceConnection = getDataSourceConnection(login); + + ReferentialService service = newService(dataSourceConnection, ReferentialService.class); + + FormDto<ProgramDto> formDto = service.loadToEdit(ProgramDto.class, PROGRAM_ID); + + service.save(formDto); + } + + @Test + public void testAdminReadData() throws DatabaseConnexionNotAuthorizedException, DatabaseNotFoundException { + testReadData("admin"); + } + + @Test + public void testAdminWriteData() throws DatabaseConnexionNotAuthorizedException, DatabaseNotFoundException { + testWriteData("admin"); + } + + @Test + public void testAdminReadReferential() throws DatabaseConnexionNotAuthorizedException, DatabaseNotFoundException { + testReadReferential("admin"); + } + + @Test + public void testAdminWriteReferential() throws DatabaseConnexionNotAuthorizedException, DatabaseNotFoundException { + testWriteReferential("admin"); + } + + @Test(expected = UnauthorizedException.class) + public void testReferentielReadData() throws DatabaseConnexionNotAuthorizedException, DatabaseNotFoundException { + testReadData("referentiel"); + } + + @Test(expected = UnauthorizedException.class) + public void testReferentielWriteData() throws DatabaseConnexionNotAuthorizedException, DatabaseNotFoundException { + testWriteData("referentiel"); + } + + @Test(expected = UnauthorizedException.class) + public void testReferentielWriteReferential() throws DatabaseConnexionNotAuthorizedException, DatabaseNotFoundException { + testWriteReferential("referentiel"); + } + + +} -- To stop receiving notification emails like this one, please contact codelutin.com SCM administrator <admin+scm@list.forge.codelutin.com>.
This is an automated email from the git hooks/post-receive script. New commit to branch develop in repository observe. See http://git.codelutin.com/observe.git commit d1322f4932a331744276bf89d7746a91bc76b0b0 Author: Sylvain Bavencoff <bavencoff@codelutin.com> Date: Tue Sep 15 10:10:22 2015 +0200 gestion des permissions dans la couche serveur REST et client (refs #7523) --- .../web/controller/v1/ConfigurationController.java | 14 ++++++------ .../controller/v1/DataSourceServiceController.java | 12 +++++++---- .../v1/ObserveServiceControllerSupport.java | 5 +++-- .../controller/v1/ObserveWebErrorController.java | 7 +++++- .../web/request/ObserveWebRequestContext.java | 13 +++++++++++ .../ObserveWebSecurityApplicationContext.java | 15 +++++++------ ...ObserveWebSecurityAuthenticationTokenCache.java | 25 ++++++++++++---------- .../services/ObserveServiceInitializer.java | 17 +++++++++++++++ ...bserveDataSourceConfigurationAndConnection.java | 24 +++++++++++++++++++++ 9 files changed, 100 insertions(+), 32 deletions(-) diff --git a/observe-application-web/src/main/java/fr/ird/observe/application/web/controller/v1/ConfigurationController.java b/observe-application-web/src/main/java/fr/ird/observe/application/web/controller/v1/ConfigurationController.java index c22ba94..73bfdca 100644 --- a/observe-application-web/src/main/java/fr/ird/observe/application/web/controller/v1/ConfigurationController.java +++ b/observe-application-web/src/main/java/fr/ird/observe/application/web/controller/v1/ConfigurationController.java @@ -29,7 +29,7 @@ import fr.ird.observe.application.web.configuration.user.ObserveWebUsers; import fr.ird.observe.application.web.configuration.user.ObserveWebUsersHelper; import fr.ird.observe.application.web.controller.ObserveWebMotionController; import fr.ird.observe.application.web.security.ObserveWebSecurityApplicationContext; -import fr.ird.observe.services.configuration.ObserveDataSourceConfiguration; +import fr.ird.observe.services.configuration.ObserveDataSourceConfigurationAndConnection; import org.apache.commons.io.IOUtils; import org.debux.webmotion.server.WebMotionContextable; import org.debux.webmotion.server.render.Render; @@ -115,11 +115,11 @@ public class ConfigurationController extends ObserveWebMotionController { ObserveWebSecurityApplicationContext securityApplicationContext = getSecurityApplicationContext(); StringBuilder builder = new StringBuilder(); - ImmutableMap<String, ObserveDataSourceConfiguration> cache = securityApplicationContext.getAuthenticationTokensCache(); + ImmutableMap<String, ObserveDataSourceConfigurationAndConnection> cache = securityApplicationContext.getConfigurationByAuthenticationToken(); builder.append("Number of authentication tokens: ").append(cache.size()); - for (Map.Entry<String, ObserveDataSourceConfiguration> entry : cache.entrySet()) { - builder.append("\n").append(entry.getKey()).append(" - ").append(entry.getValue()); + for (Map.Entry<String, ObserveDataSourceConfigurationAndConnection> entry : cache.entrySet()) { + builder.append("\n").append(entry.getKey()).append(" - ").append(entry.getValue().getConfiguration()); } return renderContent(builder.toString(), "text/plain"); @@ -130,11 +130,11 @@ public class ConfigurationController extends ObserveWebMotionController { ObserveWebSecurityApplicationContext securityApplicationContext = getSecurityApplicationContext(); StringBuilder builder = new StringBuilder(); - ImmutableMap<String, ObserveDataSourceConfiguration> authenticationTokensCache = securityApplicationContext.getAuthenticationTokensCache(); + ImmutableMap<String, ObserveDataSourceConfigurationAndConnection> authenticationTokensCache = securityApplicationContext.getConfigurationByAuthenticationToken(); builder.append("Number of authentication tokens to reset: ").append(authenticationTokensCache.size()); - for (Map.Entry<String, ObserveDataSourceConfiguration> entry : authenticationTokensCache.entrySet()) { - builder.append("\n").append(entry.getKey()).append(" - ").append(entry.getValue()); + for (Map.Entry<String, ObserveDataSourceConfigurationAndConnection> entry : authenticationTokensCache.entrySet()) { + builder.append("\n").append(entry.getKey()).append(" - ").append(entry.getValue().getConfiguration()); } for (String authenticationToken : authenticationTokensCache.keySet()) { diff --git a/observe-application-web/src/main/java/fr/ird/observe/application/web/controller/v1/DataSourceServiceController.java b/observe-application-web/src/main/java/fr/ird/observe/application/web/controller/v1/DataSourceServiceController.java index 3e14395..ab5cf7e 100644 --- a/observe-application-web/src/main/java/fr/ird/observe/application/web/controller/v1/DataSourceServiceController.java +++ b/observe-application-web/src/main/java/fr/ird/observe/application/web/controller/v1/DataSourceServiceController.java @@ -27,6 +27,7 @@ import com.google.common.base.Preconditions; import fr.ird.observe.application.web.request.ObserveWebRequestContext; import fr.ird.observe.application.web.security.ObserveWebSecurityApplicationContext; import fr.ird.observe.services.configuration.ObserveDataSourceConfiguration; +import fr.ird.observe.services.configuration.ObserveDataSourceConfigurationAndConnection; import fr.ird.observe.services.configuration.ObserveDataSourceConfigurationRest; import fr.ird.observe.services.configuration.ObserveDataSourceConnection; import fr.ird.observe.services.configuration.ObserveDataSourceConnectionRest; @@ -68,7 +69,7 @@ public class DataSourceServiceController extends ObserveServiceControllerSupport ObserveDataSourceConnection observeDataSourceConnection = getAnonymousService(dataSourceConfigurationTopia).create(dataSourceConfigurationTopia, dataSourceCreateConfiguration); - String authenticationToken = registerDataSourceConfiguration(dataSourceConfigurationTopia); + String authenticationToken = registerDataSourceConfiguration(dataSourceConfigurationTopia, observeDataSourceConnection); ObserveDataSourceConnectionRest dataSourceConnection = createDataSourceConnection(observeDataSourceConnection, authenticationToken); return dataSourceConnection; @@ -81,7 +82,7 @@ public class DataSourceServiceController extends ObserveServiceControllerSupport ObserveDataSourceConnection observeDataSourceConnection = getAnonymousService(dataSourceConfigurationTopia).open(dataSourceConfigurationTopia); - String authenticationToken = registerDataSourceConfiguration(dataSourceConfigurationTopia); + String authenticationToken = registerDataSourceConfiguration(dataSourceConfigurationTopia, observeDataSourceConnection); ObserveDataSourceConnectionRest dataSourceConnection = createDataSourceConnection(observeDataSourceConnection, authenticationToken); return dataSourceConnection; @@ -123,9 +124,12 @@ public class DataSourceServiceController extends ObserveServiceControllerSupport } - protected String registerDataSourceConfiguration(ObserveDataSourceConfiguration dataSourceConfiguration) { + protected String registerDataSourceConfiguration(ObserveDataSourceConfiguration dataSourceConfiguration, ObserveDataSourceConnection dataSourceConnection) { - String authenticationToken = getSecurityApplicationContext().registerDataSourceConfiguration(dataSourceConfiguration); + ObserveDataSourceConfigurationAndConnection configurationAndConnection = + new ObserveDataSourceConfigurationAndConnection(dataSourceConfiguration, dataSourceConnection); + + String authenticationToken = getSecurityApplicationContext().registerDataSourceConfiguration(configurationAndConnection); return authenticationToken; } diff --git a/observe-application-web/src/main/java/fr/ird/observe/application/web/controller/v1/ObserveServiceControllerSupport.java b/observe-application-web/src/main/java/fr/ird/observe/application/web/controller/v1/ObserveServiceControllerSupport.java index ad24a92..54b880c 100644 --- a/observe-application-web/src/main/java/fr/ird/observe/application/web/controller/v1/ObserveServiceControllerSupport.java +++ b/observe-application-web/src/main/java/fr/ird/observe/application/web/controller/v1/ObserveServiceControllerSupport.java @@ -28,6 +28,7 @@ import fr.ird.observe.application.web.request.ObserveWebRequestContext; import fr.ird.observe.application.web.security.ObserveWebSecurityApplicationContext; import fr.ird.observe.services.ObserveService; import fr.ird.observe.services.configuration.ObserveDataSourceConfiguration; +import fr.ird.observe.services.configuration.ObserveDataSourceConfigurationAndConnection; import fr.ird.observe.services.spi.NoDataAccess; import java.lang.reflect.Method; @@ -59,9 +60,9 @@ public abstract class ObserveServiceControllerSupport<S extends ObserveService> // On recherche la source de données associée ObserveWebSecurityApplicationContext securityApplicationContext = getSecurityApplicationContext(); - ObserveDataSourceConfiguration dataSourceConfiguration = securityApplicationContext.getDataSourceConfiguration(authenticationToken); + ObserveDataSourceConfigurationAndConnection configurationAndConnection = securityApplicationContext.getDataSourceConfigurationAndConnection(authenticationToken); - S service = requestContext.newService(serviceType, dataSourceConfiguration); + S service = requestContext.newService(serviceType, configurationAndConnection); return service; } diff --git a/observe-application-web/src/main/java/fr/ird/observe/application/web/controller/v1/ObserveWebErrorController.java b/observe-application-web/src/main/java/fr/ird/observe/application/web/controller/v1/ObserveWebErrorController.java index d869656..1de298b 100644 --- a/observe-application-web/src/main/java/fr/ird/observe/application/web/controller/v1/ObserveWebErrorController.java +++ b/observe-application-web/src/main/java/fr/ird/observe/application/web/controller/v1/ObserveWebErrorController.java @@ -23,6 +23,7 @@ package fr.ird.observe.application.web.controller.v1; */ import fr.ird.observe.application.web.security.ObserveWebSecurityExceptionSupport; +import fr.ird.observe.services.dto.UnauthorizedException; import org.debux.webmotion.server.WebMotionController; import org.debux.webmotion.server.WebMotionException; import org.debux.webmotion.server.call.HttpContext; @@ -96,10 +97,14 @@ public class ObserveWebErrorController extends WebMotionController { } } - if (exception instanceof ObserveWebSecurityExceptionSupport) { + if (exception instanceof UnauthorizedException) { statusCode = 403; } + if (exception instanceof ObserveWebSecurityExceptionSupport) { + statusCode = 401; + } + exception.setStackTrace(stackTraceElements.toArray(new StackTraceElement[stackTraceElements.size()])); exception.initCause(null); diff --git a/observe-application-web/src/main/java/fr/ird/observe/application/web/request/ObserveWebRequestContext.java b/observe-application-web/src/main/java/fr/ird/observe/application/web/request/ObserveWebRequestContext.java index 972ea66..3b3f221 100644 --- a/observe-application-web/src/main/java/fr/ird/observe/application/web/request/ObserveWebRequestContext.java +++ b/observe-application-web/src/main/java/fr/ird/observe/application/web/request/ObserveWebRequestContext.java @@ -30,6 +30,7 @@ import fr.ird.observe.application.web.security.InvalidAdminKeyApiException; import fr.ird.observe.services.ObserveService; import fr.ird.observe.services.ObserveServiceInitializer; import fr.ird.observe.services.configuration.ObserveDataSourceConfiguration; +import fr.ird.observe.services.configuration.ObserveDataSourceConfigurationAndConnection; import fr.ird.observe.services.dto.constants.ReferentialLocale; import org.debux.webmotion.server.call.HttpContext; @@ -94,6 +95,18 @@ public class ObserveWebRequestContext { } + public <S extends ObserveService> S newService(Class<S> serviceType, ObserveDataSourceConfigurationAndConnection configurationAndConnection) { + + ObserveServiceInitializer observeServiceInitializer = ObserveServiceInitializer.create( + applicationLocale, + referentialLocale, + applicationContext.getApplicationConfiguration().getTemporaryDirectory(), + configurationAndConnection); + S service = applicationContext.newService(observeServiceInitializer, serviceType); + return service; + + } + public void checkAdminApiKeyIsPresent() { if (!optionalAdminApiKey.isPresent()) { throw new AdminApiKeyNotFoundException(); diff --git a/observe-application-web/src/main/java/fr/ird/observe/application/web/security/ObserveWebSecurityApplicationContext.java b/observe-application-web/src/main/java/fr/ird/observe/application/web/security/ObserveWebSecurityApplicationContext.java index 5bd8804..a6e799e 100644 --- a/observe-application-web/src/main/java/fr/ird/observe/application/web/security/ObserveWebSecurityApplicationContext.java +++ b/observe-application-web/src/main/java/fr/ird/observe/application/web/security/ObserveWebSecurityApplicationContext.java @@ -34,6 +34,7 @@ import fr.ird.observe.application.web.configuration.user.ObserveWebUserPermissio import fr.ird.observe.application.web.configuration.user.ObserveWebUsers; import fr.ird.observe.services.ObserveDataSourceConfigurationMainFactory; import fr.ird.observe.services.configuration.ObserveDataSourceConfiguration; +import fr.ird.observe.services.configuration.ObserveDataSourceConfigurationAndConnection; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -182,10 +183,10 @@ public class ObserveWebSecurityApplicationContext implements Closeable { } - public String registerDataSourceConfiguration(ObserveDataSourceConfiguration dataSourceConfiguration) { + public String registerDataSourceConfiguration(ObserveDataSourceConfigurationAndConnection configurationAndConnection) { // Register data source configuration in cache - String authenticationToken = authenticateCache.registerDataSourceConfiguration(dataSourceConfiguration); + String authenticationToken = authenticateCache.registerDataSourceConfiguration(configurationAndConnection); return authenticationToken; } @@ -221,12 +222,12 @@ public class ObserveWebSecurityApplicationContext implements Closeable { * @return la configuration de la data source associée au jeton * @throws InvalidAuthenticationTokenException si le jeton n'est pas connu */ - public ObserveDataSourceConfiguration getDataSourceConfiguration(String authenticationToken) { - ObserveDataSourceConfiguration dataSourceConfiguration = authenticateCache.getDataSourceConfigurationIfPresent(authenticationToken); - if (dataSourceConfiguration == null) { + public ObserveDataSourceConfigurationAndConnection getDataSourceConfigurationAndConnection(String authenticationToken) { + ObserveDataSourceConfigurationAndConnection configurationAndConnection = authenticateCache.getDataSourceConfigurationAndConnectionIfPresent(authenticationToken); + if (configurationAndConnection == null) { throw new InvalidAuthenticationTokenException(authenticationToken); } - return dataSourceConfiguration; + return configurationAndConnection; } @@ -234,7 +235,7 @@ public class ObserveWebSecurityApplicationContext implements Closeable { authenticateCache.removeAuthenticationToken(authenticationToken); } - public ImmutableMap<String, ObserveDataSourceConfiguration> getAuthenticationTokensCache() { + public ImmutableMap<String, ObserveDataSourceConfigurationAndConnection> getConfigurationByAuthenticationToken() { return ImmutableMap.copyOf(authenticateCache.getAuthenticationTokenCache().asMap()); } diff --git a/observe-application-web/src/main/java/fr/ird/observe/application/web/security/ObserveWebSecurityAuthenticationTokenCache.java b/observe-application-web/src/main/java/fr/ird/observe/application/web/security/ObserveWebSecurityAuthenticationTokenCache.java index e5e2687..a38f9d2 100644 --- a/observe-application-web/src/main/java/fr/ird/observe/application/web/security/ObserveWebSecurityAuthenticationTokenCache.java +++ b/observe-application-web/src/main/java/fr/ird/observe/application/web/security/ObserveWebSecurityAuthenticationTokenCache.java @@ -26,7 +26,7 @@ import com.google.common.cache.Cache; import com.google.common.cache.CacheBuilder; import com.google.common.cache.RemovalListener; import com.google.common.cache.RemovalNotification; -import fr.ird.observe.services.configuration.ObserveDataSourceConfiguration; +import fr.ird.observe.services.configuration.ObserveDataSourceConfigurationAndConnection; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -49,17 +49,17 @@ public class ObserveWebSecurityAuthenticationTokenCache implements Closeable { /** * Le cache des jetons de sécurité liés aux configurations de sources de données. */ - protected final Cache<String, ObserveDataSourceConfiguration> authenticationTokenCache; + protected final Cache<String, ObserveDataSourceConfigurationAndConnection> authenticationTokenCache; public ObserveWebSecurityAuthenticationTokenCache() { this.authenticationTokenCache = CacheBuilder.newBuilder() .maximumSize(10000) .expireAfterWrite(20, TimeUnit.MINUTES) .expireAfterAccess(20, TimeUnit.MINUTES) - .removalListener(new RemovalListener<String, ObserveDataSourceConfiguration>() { + .removalListener(new RemovalListener<String, ObserveDataSourceConfigurationAndConnection>() { @Override - public void onRemoval(RemovalNotification<String, ObserveDataSourceConfiguration> notification) { + public void onRemoval(RemovalNotification<String, ObserveDataSourceConfigurationAndConnection> notification) { if (log.isInfoEnabled()) { log.info(String.format("Remove authentication token: %s - %s", notification.getKey(), notification.getValue())); } @@ -68,17 +68,20 @@ public class ObserveWebSecurityAuthenticationTokenCache implements Closeable { .build(); } - public ObserveDataSourceConfiguration getDataSourceConfigurationIfPresent(String authenticationToken) { - ObserveDataSourceConfiguration dataSourceConfiguration = authenticationTokenCache.getIfPresent(authenticationToken); - return dataSourceConfiguration; + public ObserveDataSourceConfigurationAndConnection getDataSourceConfigurationAndConnectionIfPresent(String authenticationToken) { + + ObserveDataSourceConfigurationAndConnection configurationAndConnection = authenticationTokenCache.getIfPresent(authenticationToken); + + return configurationAndConnection; } - public String registerDataSourceConfiguration(ObserveDataSourceConfiguration dataSourceConfiguration) { + + public String registerDataSourceConfiguration(ObserveDataSourceConfigurationAndConnection configurationAndConnection) { String authenticationToken = UUID.randomUUID().toString(); if (log.isInfoEnabled()) { - log.info(String.format("Add authenticationToken: %s for data source configuration: %s", authenticationToken, dataSourceConfiguration)); + log.info(String.format("Add authenticationToken: %s for data source configuration: %s", authenticationToken, configurationAndConnection.getConfiguration())); } - authenticationTokenCache.put(authenticationToken, dataSourceConfiguration); + authenticationTokenCache.put(authenticationToken, configurationAndConnection); return authenticationToken; } @@ -96,7 +99,7 @@ public class ObserveWebSecurityAuthenticationTokenCache implements Closeable { authenticationTokenCache.invalidateAll(); } - public Cache<String, ObserveDataSourceConfiguration> getAuthenticationTokenCache() { + public Cache<String, ObserveDataSourceConfigurationAndConnection> getAuthenticationTokenCache() { return authenticationTokenCache; } diff --git a/observe-services-api/src/main/java/fr/ird/observe/services/ObserveServiceInitializer.java b/observe-services-api/src/main/java/fr/ird/observe/services/ObserveServiceInitializer.java index 686383f..52b318b 100644 --- a/observe-services-api/src/main/java/fr/ird/observe/services/ObserveServiceInitializer.java +++ b/observe-services-api/src/main/java/fr/ird/observe/services/ObserveServiceInitializer.java @@ -24,6 +24,7 @@ package fr.ird.observe.services; import com.google.common.base.Optional; import fr.ird.observe.services.configuration.ObserveDataSourceConfiguration; +import fr.ird.observe.services.configuration.ObserveDataSourceConfigurationAndConnection; import fr.ird.observe.services.configuration.ObserveDataSourceConnection; import fr.ird.observe.services.dto.constants.ReferentialLocale; @@ -71,6 +72,22 @@ public class ObserveServiceInitializer { } + public static ObserveServiceInitializer create(Locale applicationLocale, + ReferentialLocale referentialLocale, + File temporaryDirectoryRoot, + ObserveDataSourceConfigurationAndConnection configurationAndConnection) { + + ObserveServiceInitializer observeServiceInitializer = new ObserveServiceInitializer(); + observeServiceInitializer.setApplicationLocale(applicationLocale); + observeServiceInitializer.setReferentialLocale(referentialLocale); + observeServiceInitializer.setTemporaryDirectoryRoot(temporaryDirectoryRoot); + observeServiceInitializer.setDataSourceConfiguration(null); + observeServiceInitializer.setDataSourceConnection(configurationAndConnection.getConnection()); + observeServiceInitializer.setDataSourceConfiguration(configurationAndConnection.getConfiguration()); + return observeServiceInitializer; + + } + public static ObserveServiceInitializer create(ObserveServiceInitializer otherObserveServiceInitializer) { ObserveServiceInitializer observeServiceInitializer; diff --git a/observe-services-configuration-api/src/main/java/fr/ird/observe/services/configuration/ObserveDataSourceConfigurationAndConnection.java b/observe-services-configuration-api/src/main/java/fr/ird/observe/services/configuration/ObserveDataSourceConfigurationAndConnection.java new file mode 100644 index 0000000..15bd1ac --- /dev/null +++ b/observe-services-configuration-api/src/main/java/fr/ird/observe/services/configuration/ObserveDataSourceConfigurationAndConnection.java @@ -0,0 +1,24 @@ +package fr.ird.observe.services.configuration; + +/** + * @author Sylvain Bavencoff - bavencoff@codelutin.com + */ +public class ObserveDataSourceConfigurationAndConnection { + + protected final ObserveDataSourceConfiguration configuration; + + protected final ObserveDataSourceConnection connection; + + public ObserveDataSourceConfigurationAndConnection(ObserveDataSourceConfiguration configuration, ObserveDataSourceConnection connection) { + this.configuration = configuration; + this.connection = connection; + } + + public ObserveDataSourceConfiguration getConfiguration() { + return configuration; + } + + public ObserveDataSourceConnection getConnection() { + return connection; + } +} -- To stop receiving notification emails like this one, please contact codelutin.com SCM administrator <admin+scm@list.forge.codelutin.com>.
This is an automated email from the git hooks/post-receive script. New commit to branch develop in repository observe. See http://git.codelutin.com/observe.git commit 3555d2bffacfbbf8d925436ff8697dea41017eca Author: Tony CHEMIT <chemit@codelutin.com> Date: Wed Sep 16 09:30:05 2015 +0200 Ne pas recréer une configuration topia alors qu'on l'a déjà --- .../services/service/DataSourceServiceTopia.java | 30 +++++++++------------- 1 file changed, 12 insertions(+), 18 deletions(-) diff --git a/observe-services-topia/src/main/java/fr/ird/observe/services/service/DataSourceServiceTopia.java b/observe-services-topia/src/main/java/fr/ird/observe/services/service/DataSourceServiceTopia.java index 246b848..1d401b2 100644 --- a/observe-services-topia/src/main/java/fr/ird/observe/services/service/DataSourceServiceTopia.java +++ b/observe-services-topia/src/main/java/fr/ird/observe/services/service/DataSourceServiceTopia.java @@ -237,7 +237,7 @@ public class DataSourceServiceTopia extends ObserveServiceTopia implements DataS } - return createDataSourceConnection((ObserveDataSourceConfigurationTopiaSupport) dataSourceConfiguration, topiaApplicationContext.getAuthenticationToken()); + return createDataSourceConnection((ObserveDataSourceConfigurationTopiaSupport) dataSourceConfiguration, topiaApplicationContext.getConfiguration(), topiaApplicationContext.getAuthenticationToken()); } @@ -247,7 +247,7 @@ public class DataSourceServiceTopia extends ObserveServiceTopia implements DataS checkCanConnect(dataSourceConfiguration); ObserveTopiaApplicationContext topiaApplicationContext = ObserveTopiaApplicationContextFactory.getOrCreateTopiaApplicationContext((ObserveDataSourceConfigurationTopiaSupport) dataSourceConfiguration); - return createDataSourceConnection((ObserveDataSourceConfigurationTopiaSupport) dataSourceConfiguration, topiaApplicationContext.getAuthenticationToken()); + return createDataSourceConnection((ObserveDataSourceConfigurationTopiaSupport) dataSourceConfiguration, topiaApplicationContext.getConfiguration(), topiaApplicationContext.getAuthenticationToken()); } @@ -282,7 +282,7 @@ public class DataSourceServiceTopia extends ObserveServiceTopia implements DataS } - protected ObserveDataSourceConnectionTopia createDataSourceConnection(ObserveDataSourceConfigurationTopiaSupport dataSourceConfiguration, String authenticationToken) { + protected ObserveDataSourceConnectionTopia createDataSourceConnection(ObserveDataSourceConfigurationTopiaSupport dataSourceConfiguration, ObserveTopiaConfiguration topiaConfiguration, String authenticationToken) { boolean readReferential; boolean writeReferential; @@ -299,15 +299,11 @@ public class DataSourceServiceTopia extends ObserveServiceTopia implements DataS } else { - ObserveDataSourceConfigurationTopiaPG dataSourceConfigurationPG = (ObserveDataSourceConfigurationTopiaPG) dataSourceConfiguration; - - ObserveTopiaConfiguration topiaConfiguration = ObserveTopiaApplicationContextFactory.createTopiaConfiguration(dataSourceConfigurationPG, false); - ObserveJdbcHelper observeJdbcHelper = new ObserveJdbcHelper(topiaConfiguration); // on recherche les droits de l'utilisateur sur cette base - //TODO chemit 2010-10-28 : il vaudrait mieux utiliser les fonctions postgres adpéquates qui elle sont fiables... + //TODO chemit 2010-10-28 : il vaudrait mieux utiliser des fonctions postgres adéquates qui elle sont fiables... //FIXME la recuperation des meta-donnees n'est pas fiable! //FIXME en effet, sur un simple lecteur, on voit apparaître aussi //FIXME des privileges INSERT ou UPDATE... @@ -342,9 +338,9 @@ public class DataSourceServiceTopia extends ObserveServiceTopia implements DataS if (log.isDebugEnabled()) { log.debug("User can read refererential : " + readReferential + ", " + - "write referential : " + writeReferential + ", " + - "read data : " + readData + ", " + - "write data : " + writeData + "."); + "write referential : " + writeReferential + ", " + + "read data : " + readData + ", " + + "write data : " + writeData + "."); } ObserveDataSourceConnectionTopia dataSourceConnection = new ObserveDataSourceConnectionTopia( @@ -358,17 +354,15 @@ public class DataSourceServiceTopia extends ObserveServiceTopia implements DataS protected static boolean canWrite(Set<?> privileges) { boolean result = privileges != null && - privileges.contains("DELETE") && - privileges.contains("UPDATE") && - privileges.contains("INSERT"); + privileges.contains("DELETE") && + privileges.contains("UPDATE") && + privileges.contains("INSERT"); return result; } protected static boolean canRead(Set<?> privileges) { - // seul les utilisateurs avec au moins un droit sur les donnes - // observer peut les lire - boolean result = privileges != null && - ! privileges.isEmpty(); + // seul les utilisateurs avec au moins un droit sur les donnes observer peut les lire + boolean result = privileges != null && !privileges.isEmpty(); return result; } -- To stop receiving notification emails like this one, please contact codelutin.com SCM administrator <admin+scm@list.forge.codelutin.com>.
This is an automated email from the git hooks/post-receive script. New commit to branch develop in repository observe. See http://git.codelutin.com/observe.git commit d2f75e848788034b123dee012571eaf83777f371 Merge: 2bfa227 3555d2b Author: Tony CHEMIT <chemit@codelutin.com> Date: Wed Sep 16 09:30:09 2015 +0200 Récupérer les permissions de lecture/écriture sur une source de données PG Termine #7523 Merge branch 'feature/7523' into develop .../web/controller/v1/ConfigurationController.java | 14 +- .../controller/v1/DataSourceServiceController.java | 12 +- .../v1/ObserveServiceControllerSupport.java | 5 +- .../controller/v1/ObserveWebErrorController.java | 7 +- .../web/request/ObserveWebRequestContext.java | 13 ++ .../ObserveWebSecurityApplicationContext.java | 15 +- ...ObserveWebSecurityAuthenticationTokenCache.java | 25 +-- .../services/ObserveServiceInitializer.java | 17 ++ ...bserveDataSourceConfigurationAndConnection.java | 24 +++ .../services/dto/UnauthorizedException.java | 24 +++ .../fr/ird/observe/services/TestClassResource.java | 2 + .../ird/observe/services/TestMethodResource.java | 2 + .../fr/ird/observe/services/ObserveJdbcHelper.java | 59 ++++++ .../services/ObserveServiceFactoryTopia.java | 32 +++ .../ObserveTopiaApplicationContextFactory.java | 10 +- .../services/service/DataSourceServiceTopia.java | 67 ++++++- .../services/service/ReferentialServiceTopia.java | 9 +- .../services/ApplicationContextResource.java | 11 ++ .../ird/observe/services/DataSourceResource.java | 11 ++ .../ObserveDataSourceConnectionTopiaTaiste.java | 15 ++ .../services/service/AbstractServiceTopiaTest.java | 21 +- .../service/DataSourceServiceTopiaTest.java | 5 +- .../fr/ird/observe/services/service/RigthTest.java | 215 +++++++++++++++++++++ 23 files changed, 562 insertions(+), 53 deletions(-) -- To stop receiving notification emails like this one, please contact codelutin.com SCM administrator <admin+scm@list.forge.codelutin.com>.
participants (1)
-
codelutin.com scm