branch feature/ajout_admin_api_key created (now 7e92780)
This is an automated email from the git hooks/post-receive script. New change to branch feature/ajout_admin_api_key in repository observe. See http://git.codelutin.com/observe.git at 7e92780 Ajout d'une option pour configurer l'adminApiKey qui autorise d'accéder à la configuration This branch includes the following new commits: new 7e92780 Ajout d'une option pour configurer l'adminApiKey qui autorise d'accéder à la configuration The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Detailed log of new commits: commit 7e92780557e18c7daffd2f6d8ecc00b33268b394 Author: Tony CHEMIT <chemit@codelutin.com> Date: Wed Sep 2 02:28:34 2015 +0200 Ajout d'une option pour configurer l'adminApiKey qui autorise d'accéder à la configuration -- To stop receiving notification emails like this one, please contact codelutin.com SCM administrator <admin+scm@list.forge.codelutin.com>.
This is an automated email from the git hooks/post-receive script. New commit to branch feature/ajout_admin_api_key in repository observe. See http://git.codelutin.com/observe.git commit 7e92780557e18c7daffd2f6d8ecc00b33268b394 Author: Tony CHEMIT <chemit@codelutin.com> Date: Wed Sep 2 02:28:34 2015 +0200 Ajout d'une option pour configurer l'adminApiKey qui autorise d'accéder à la configuration --- .../web/InvalidAdminKeyApiException.java | 21 +++++++++++++++++++++ .../application/web/ObserveWebMotionFilter.java | 13 +++++++++++-- .../ObserveWebApplicationConfiguration.java | 3 +++ .../ObserveWebApplicationConfigurationOption.java | 1 + .../web/controller/v1/ConfigurationController.java | 7 +++++++ .../web/request/ObserveWebRequestContext.java | 14 +++++++++++++- observe-application-web/src/main/resources/mapping | 2 +- 7 files changed, 57 insertions(+), 4 deletions(-) diff --git a/observe-application-web/src/main/java/fr/ird/observe/application/web/InvalidAdminKeyApiException.java b/observe-application-web/src/main/java/fr/ird/observe/application/web/InvalidAdminKeyApiException.java new file mode 100644 index 0000000..331ce44 --- /dev/null +++ b/observe-application-web/src/main/java/fr/ird/observe/application/web/InvalidAdminKeyApiException.java @@ -0,0 +1,21 @@ +package fr.ird.observe.application.web; + +/** + * Created on 02/09/15. + * + * @author Tony Chemit - chemit@codelutin.com + */ +public class InvalidAdminKeyApiException extends Exception { + + private static final long serialVersionUID = 1L; + + protected final String adminApiKey; + + public InvalidAdminKeyApiException(String adminApiKey) { + this.adminApiKey = adminApiKey; + } + + public String getAdminApiKey() { + return adminApiKey; + } +} diff --git a/observe-application-web/src/main/java/fr/ird/observe/application/web/ObserveWebMotionFilter.java b/observe-application-web/src/main/java/fr/ird/observe/application/web/ObserveWebMotionFilter.java index c54892e..e34a42d 100644 --- a/observe-application-web/src/main/java/fr/ird/observe/application/web/ObserveWebMotionFilter.java +++ b/observe-application-web/src/main/java/fr/ird/observe/application/web/ObserveWebMotionFilter.java @@ -24,7 +24,7 @@ import java.util.Locale; */ public class ObserveWebMotionFilter extends WebMotionFilter { - public void inject(HttpContext context) throws InvalidAuthenticationTokenException, UnknownObserveWebUserException, BadObserveWebUserPasswordException, DataSourceConfigurationAlreadyRegistredException, UnknownObserveWebUserForDatabaseException { + public void inject(HttpContext context) throws InvalidAuthenticationTokenException, UnknownObserveWebUserException, BadObserveWebUserPasswordException, DataSourceConfigurationAlreadyRegistredException, UnknownObserveWebUserForDatabaseException, InvalidAdminKeyApiException { ObserveWebApplicationContext applicationContext = ObserveWebApplicationContext.getApplicationContext(context); @@ -34,7 +34,16 @@ public class ObserveWebMotionFilter extends WebMotionFilter { Locale applicationLocale = getApplicationLocale(request); ReferentialLocale referentialLocale = getReferentialLocale(request); - ObserveWebRequestContext requestContext = new ObserveWebRequestContext(applicationContext, securityContext, applicationLocale, referentialLocale); + + String adminApiKey = getRequestHeaderOrParameterValueOrNull(request, "adminApiKey"); + + if (adminApiKey != null) { + String configurationAdminKey = applicationContext.getApplicationConfiguration().getAdminApiKey(); + if (!configurationAdminKey.equals(adminApiKey)) { + throw new InvalidAdminKeyApiException(adminApiKey); + } + } + ObserveWebRequestContext requestContext = new ObserveWebRequestContext(applicationContext, securityContext, applicationLocale, referentialLocale, adminApiKey); ObserveWebRequestContext.setRequestContext(context, requestContext); diff --git a/observe-application-web/src/main/java/fr/ird/observe/application/web/configuration/ObserveWebApplicationConfiguration.java b/observe-application-web/src/main/java/fr/ird/observe/application/web/configuration/ObserveWebApplicationConfiguration.java index eea7653..8570f7b 100644 --- a/observe-application-web/src/main/java/fr/ird/observe/application/web/configuration/ObserveWebApplicationConfiguration.java +++ b/observe-application-web/src/main/java/fr/ird/observe/application/web/configuration/ObserveWebApplicationConfiguration.java @@ -98,6 +98,9 @@ public class ObserveWebApplicationConfiguration { return applicationConfig.getOptionAsInt(ObserveWebApplicationConfigurationOption.SESSION_EXPIRATION_DELAY.getKey()); } + public String getAdminApiKey() { + return applicationConfig.getOption(ObserveWebApplicationConfigurationOption.ADMIN_API_KEY.getKey()); + } public void init(String... args) { if (log.isInfoEnabled()) { diff --git a/observe-application-web/src/main/java/fr/ird/observe/application/web/configuration/ObserveWebApplicationConfigurationOption.java b/observe-application-web/src/main/java/fr/ird/observe/application/web/configuration/ObserveWebApplicationConfigurationOption.java index b863bc8..3783ac2 100644 --- a/observe-application-web/src/main/java/fr/ird/observe/application/web/configuration/ObserveWebApplicationConfigurationOption.java +++ b/observe-application-web/src/main/java/fr/ird/observe/application/web/configuration/ObserveWebApplicationConfigurationOption.java @@ -25,6 +25,7 @@ public enum ObserveWebApplicationConfigurationOption implements ConfigOptionDef BUILD_VERSION("observeweb.build.version", n("observeweb.build.version.description"), "", Version.class), BUILD_DATE("observeweb.build.date", n("observeweb.build.date.description"), "", String.class), BUILD_NUMBER("observeweb.build.number", n("observeweb.build.number.description"), "", String.class), + ADMIN_API_KEY("observeweb.adminApiKey", n("observeweb.adminApiKey.description"), "changeme", String.class), DEV_MODE("observeweb.devMode", n("observeweb.devMode.description"), "true", boolean.class), BASE_DIRECTORY("observeweb.baseDirectory", n("observeweb.baseDirectory.description"), "/var/local/observeweb", File.class), diff --git a/observe-application-web/src/main/java/fr/ird/observe/application/web/controller/v1/ConfigurationController.java b/observe-application-web/src/main/java/fr/ird/observe/application/web/controller/v1/ConfigurationController.java index 5a2d4da..7803048 100644 --- a/observe-application-web/src/main/java/fr/ird/observe/application/web/controller/v1/ConfigurationController.java +++ b/observe-application-web/src/main/java/fr/ird/observe/application/web/controller/v1/ConfigurationController.java @@ -6,6 +6,7 @@ import fr.ird.observe.application.web.configuration.user.ObserveWebUsers; import fr.ird.observe.application.web.configuration.user.ObserveWebUsersHelper; import fr.ird.observe.application.web.controller.ObserveWebMotionController; import org.apache.commons.io.IOUtils; +import org.debux.webmotion.server.WebMotionContextable; import org.debux.webmotion.server.render.Render; import java.io.IOException; @@ -19,6 +20,12 @@ import java.io.StringWriter; */ public class ConfigurationController extends ObserveWebMotionController { + @Override + public void setContextable(WebMotionContextable contextable) { + super.setContextable(contextable); + getRequestContext().checkAdminApiKeyIsPresent(); + } + public Render mapping() { InputStream mappingUrl = getClass().getResourceAsStream("/mapping"); diff --git a/observe-application-web/src/main/java/fr/ird/observe/application/web/request/ObserveWebRequestContext.java b/observe-application-web/src/main/java/fr/ird/observe/application/web/request/ObserveWebRequestContext.java index 4dc0c8e..0eec00b 100644 --- a/observe-application-web/src/main/java/fr/ird/observe/application/web/request/ObserveWebRequestContext.java +++ b/observe-application-web/src/main/java/fr/ird/observe/application/web/request/ObserveWebRequestContext.java @@ -38,18 +38,26 @@ public class ObserveWebRequestContext { protected final ReferentialLocale referentialLocale; + protected final Optional<String> optionalAdminApiKey; + protected final Optional<ObserveWebRequestSecurityContext> optionalSecurityContext; public ObserveWebRequestContext(ObserveWebApplicationContext applicationContext, ObserveWebRequestSecurityContext optionalSecurityContext, Locale applicationLocale, - ReferentialLocale referentialLocale) { + ReferentialLocale referentialLocale, + String adminApiKey) { this.applicationContext = applicationContext; this.applicationLocale = applicationLocale; this.referentialLocale = referentialLocale; + this.optionalAdminApiKey = Optional.fromNullable(adminApiKey); this.optionalSecurityContext = Optional.fromNullable(optionalSecurityContext); } + public Optional<String> getOptionalAdminApiKey() { + return optionalAdminApiKey; + } + public ObserveWebApplicationContext getApplicationContext() { return applicationContext; } @@ -78,6 +86,10 @@ public class ObserveWebRequestContext { Preconditions.checkState(optionalSecurityContext.isPresent()); } + public void checkAdminApiKeyIsPresent() { + Preconditions.checkState(optionalAdminApiKey.isPresent()); + } + public ObserveDataSourceConfiguration getDataSourceConfiguration() { checkSecurityContextIsPresent(); return optionalSecurityContext.get().getDataSourceConfiguration(); diff --git a/observe-application-web/src/main/resources/mapping b/observe-application-web/src/main/resources/mapping index df7804d..0fdc07a 100644 --- a/observe-application-web/src/main/resources/mapping +++ b/observe-application-web/src/main/resources/mapping @@ -40,7 +40,7 @@ default.render=fr.ird.observe.application.web.ObserveWebMotionRender [actions] -GET /api/v1/configuration/{method} ConfigurationController.{method} +GET /admin/configuration/{method} ConfigurationController.{method} GET,POST /api/v1/referential/{method} ReferentialServiceController.{method} GET,POST /api/v1/dataSource/{method} DataSourceServiceController.{method} -- To stop receiving notification emails like this one, please contact codelutin.com SCM administrator <admin+scm@list.forge.codelutin.com>.
participants (1)
-
codelutin.com scm