usergrid-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From snoopd...@apache.org
Subject [2/5] usergrid git commit: Merge branch 'release' of https://git-wip-us.apache.org/repos/asf/usergrid
Date Tue, 15 Dec 2015 15:46:07 GMT
Merge branch 'release' of https://git-wip-us.apache.org/repos/asf/usergrid


Project: http://git-wip-us.apache.org/repos/asf/usergrid/repo
Commit: http://git-wip-us.apache.org/repos/asf/usergrid/commit/c6945e3d
Tree: http://git-wip-us.apache.org/repos/asf/usergrid/tree/c6945e3d
Diff: http://git-wip-us.apache.org/repos/asf/usergrid/diff/c6945e3d

Branch: refs/heads/USERGRID-872
Commit: c6945e3d6f608d1333c269657eb47064866d3e0b
Parents: 3c8a308 fdc0d80
Author: Michael Russo <michaelarusso@gmail.com>
Authored: Sat Dec 5 00:13:37 2015 -0800
Committer: Michael Russo <michaelarusso@gmail.com>
Committed: Sat Dec 5 00:13:37 2015 -0800

----------------------------------------------------------------------
 .../shard/impl/NodeShardAllocationImpl.java     |   2 +-
 .../rest/applications/ApplicationResource.java  |   1 +
 .../rest/applications/AuthResource.java         |  10 +-
 .../applications/assets/AssetsResource.java     |   8 +-
 .../rest/applications/queues/QueueResource.java |  10 ++
 .../queues/QueueSubscriberResource.java         |   5 +
 .../queues/QueueSubscriptionResource.java       |   5 +
 .../queues/QueueTransactionsResource.java       |   4 +
 .../security/SecuredResourceFilterFactory.java  |  93 ++++++++++++++-
 .../annotations/CheckPermissionsForPath.java    |  32 ++++++
 .../usergrid/rest/applications/SecurityIT.java  | 115 +++++++++++++++++++
 11 files changed, 274 insertions(+), 11 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/usergrid/blob/c6945e3d/stack/rest/src/main/java/org/apache/usergrid/rest/applications/ApplicationResource.java
----------------------------------------------------------------------

http://git-wip-us.apache.org/repos/asf/usergrid/blob/c6945e3d/stack/rest/src/main/java/org/apache/usergrid/rest/applications/assets/AssetsResource.java
----------------------------------------------------------------------
diff --cc stack/rest/src/main/java/org/apache/usergrid/rest/applications/assets/AssetsResource.java
index a8a106e,f748ee9..f1647b1
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/applications/assets/AssetsResource.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/applications/assets/AssetsResource.java
@@@ -22,8 -23,8 +22,9 @@@ import com.fasterxml.jackson.jaxrs.json
  import org.apache.usergrid.persistence.EntityManager;
  import org.apache.usergrid.persistence.entities.Asset;
  import org.apache.usergrid.rest.AbstractContextResource;
 +import org.apache.usergrid.rest.ApiResponse;
  import org.apache.usergrid.rest.applications.ServiceResource;
+ import org.apache.usergrid.rest.security.annotations.CheckPermissionsForPath;
  import org.apache.usergrid.rest.security.annotations.RequireApplicationAccess;
  import org.apache.usergrid.services.assets.data.AssetUtils;
  import org.apache.usergrid.services.assets.data.AwsSdkS3BinaryStore;

http://git-wip-us.apache.org/repos/asf/usergrid/blob/c6945e3d/stack/rest/src/main/java/org/apache/usergrid/rest/applications/queues/QueueResource.java
----------------------------------------------------------------------
diff --cc stack/rest/src/main/java/org/apache/usergrid/rest/applications/queues/QueueResource.java
index 98edf1c,de71073..609b860
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/applications/queues/QueueResource.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/applications/queues/QueueResource.java
@@@ -17,11 -17,25 +17,12 @@@
  package org.apache.usergrid.rest.applications.queues;
  
  
 -import java.util.HashMap;
 -import java.util.List;
 -import java.util.Map;
 -
 -import javax.ws.rs.Consumes;
 -import javax.ws.rs.DELETE;
 -import javax.ws.rs.DefaultValue;
 -import javax.ws.rs.GET;
 -import javax.ws.rs.POST;
 -import javax.ws.rs.PUT;
 -import javax.ws.rs.Path;
 -import javax.ws.rs.PathParam;
 -import javax.ws.rs.Produces;
 -import javax.ws.rs.QueryParam;
 -import javax.ws.rs.core.Context;
 -import javax.ws.rs.core.MediaType;
 -import javax.ws.rs.core.UriInfo;
 -
 +import com.fasterxml.jackson.jaxrs.json.annotation.JSONP;
 +import org.apache.commons.lang.StringUtils;
 +import org.apache.usergrid.exception.NotImplementedException;
 +import org.apache.usergrid.mq.*;
 +import org.apache.usergrid.rest.AbstractContextResource;
+ import org.apache.usergrid.rest.security.annotations.CheckPermissionsForPath;
  import org.slf4j.Logger;
  import org.slf4j.LoggerFactory;
  import org.springframework.context.annotation.Scope;
@@@ -88,11 -107,10 +91,12 @@@ public class QueueResource extends Abst
      }
  
  
+     @CheckPermissionsForPath
      @Path("properties")
      @GET
 -    public JSONWithPadding getProperties( @Context UriInfo ui,
 +    @JSONP
 +    @Produces({MediaType.APPLICATION_JSON, "application/javascript"})
 +    public Queue getProperties( @Context UriInfo ui,
                                            @QueryParam("callback") @DefaultValue("callback")
String callback )
              throws Exception {
  
@@@ -117,10 -134,9 +122,11 @@@
      }
  
  
+     @CheckPermissionsForPath
      @GET
 -    public JSONWithPadding executeGet( @Context UriInfo ui, @QueryParam("start") String
firstQueuePath,
 +    @JSONP
 +    @Produces({MediaType.APPLICATION_JSON, "application/javascript"})
 +    public Object executeGet( @Context UriInfo ui, @QueryParam("start") String firstQueuePath,
                                         @QueryParam("limit") @DefaultValue("10") int limit,
                                         @QueryParam("callback") @DefaultValue("callback")
String callback )
              throws Exception {
@@@ -162,11 -180,10 +169,12 @@@
      }
  
  
+     @CheckPermissionsForPath
      @PUT
      @Consumes(MediaType.APPLICATION_JSON)
 -    public JSONWithPadding executePut( @Context UriInfo ui, Map<String, Object> json,
 +    @JSONP
 +    @Produces({MediaType.APPLICATION_JSON, "application/javascript"})
 +    public Map<String, Object> executePut( @Context UriInfo ui, Map<String, Object>
json,
                                         @QueryParam("callback") @DefaultValue("callback")
String callback )
              throws Exception {
  
@@@ -178,11 -195,11 +186,12 @@@
      }
  
  
+     @CheckPermissionsForPath
      @DELETE
 -    public JSONWithPadding executeDelete( @Context UriInfo ui,
 -                                          @QueryParam("callback") @DefaultValue("callback")
String callback )
 -            throws Exception {
 +    @JSONP
 +    @Produces({MediaType.APPLICATION_JSON, "application/javascript"})
 +    public Queue executeDelete(
 +            @Context UriInfo ui, @QueryParam("callback") @DefaultValue("callback") String
callback ) throws Exception {
          throw new NotImplementedException( "Queue delete is not implemented yet" );
      }
  

http://git-wip-us.apache.org/repos/asf/usergrid/blob/c6945e3d/stack/rest/src/main/java/org/apache/usergrid/rest/applications/queues/QueueSubscriberResource.java
----------------------------------------------------------------------
diff --cc stack/rest/src/main/java/org/apache/usergrid/rest/applications/queues/QueueSubscriberResource.java
index baa9535,7f32be0..b264e8f
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/applications/queues/QueueSubscriberResource.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/applications/queues/QueueSubscriberResource.java
@@@ -17,11 -17,24 +17,12 @@@
  package org.apache.usergrid.rest.applications.queues;
  
  
 -import java.util.List;
 -import java.util.Map;
 -
 -import javax.ws.rs.Consumes;
 -import javax.ws.rs.DELETE;
 -import javax.ws.rs.DefaultValue;
 -import javax.ws.rs.GET;
 -import javax.ws.rs.POST;
 -import javax.ws.rs.PUT;
 -import javax.ws.rs.Path;
 -import javax.ws.rs.PathParam;
 -import javax.ws.rs.Produces;
 -import javax.ws.rs.QueryParam;
 -import javax.ws.rs.core.Context;
 -import javax.ws.rs.core.MediaType;
 -import javax.ws.rs.core.UriInfo;
 -
 +import com.fasterxml.jackson.jaxrs.json.annotation.JSONP;
 +import org.apache.commons.lang.StringUtils;
 +import org.apache.usergrid.mq.QueueManager;
 +import org.apache.usergrid.mq.QueueSet;
 +import org.apache.usergrid.rest.AbstractContextResource;
+ import org.apache.usergrid.rest.security.annotations.CheckPermissionsForPath;
  import org.slf4j.Logger;
  import org.slf4j.LoggerFactory;
  import org.springframework.context.annotation.Scope;
@@@ -79,10 -93,9 +80,11 @@@ public class QueueSubscriberResource ex
      }
  
  
+     @CheckPermissionsForPath
      @GET
 -    public JSONWithPadding executeGet( @Context UriInfo ui, @QueryParam("start") String
firstSubscriberQueuePath,
 +    @JSONP
 +    @Produces({MediaType.APPLICATION_JSON, "application/javascript"})
 +    public QueueSet executeGet( @Context UriInfo ui, @QueryParam("start") String firstSubscriberQueuePath,
                                         @QueryParam("limit") @DefaultValue("10") int limit,
                                         @QueryParam("callback") @DefaultValue("callback")
String callback )
              throws Exception {
@@@ -95,11 -108,10 +97,12 @@@
      }
  
  
+     @CheckPermissionsForPath
      @POST
      @Consumes(MediaType.APPLICATION_JSON)
 -    public JSONWithPadding executePost( @Context UriInfo ui, EntityHolder<Map<String,
Object>> body,
 +    @JSONP
 +    @Produces({MediaType.APPLICATION_JSON, "application/javascript"})
 +    public QueueSet executePost( @Context UriInfo ui, Map<String, Object> body,
                                          @QueryParam("callback") @DefaultValue("callback")
String callback )
              throws Exception {
  
@@@ -109,11 -121,10 +112,12 @@@
      }
  
  
+     @CheckPermissionsForPath
      @PUT
      @Consumes(MediaType.APPLICATION_JSON)
 -    public JSONWithPadding executePut( @Context UriInfo ui, EntityHolder<Map<String,
Object>> body,
 +    @JSONP
 +    @Produces({MediaType.APPLICATION_JSON, "application/javascript"})
 +    public QueueSet executePut( @Context UriInfo ui, Map<String, Object> body,
                                         @QueryParam("callback") @DefaultValue("callback")
String callback )
              throws Exception {
  
@@@ -136,10 -147,9 +140,11 @@@
      }
  
  
+     @CheckPermissionsForPath
      @DELETE
 -    public JSONWithPadding executeDelete( @Context UriInfo ui,
 +    @JSONP
 +    @Produces({MediaType.APPLICATION_JSON, "application/javascript"})
 +    public QueueSet executeDelete( @Context UriInfo ui,
                                            @QueryParam("callback") @DefaultValue("callback")
String callback )
              throws Exception {
  

http://git-wip-us.apache.org/repos/asf/usergrid/blob/c6945e3d/stack/rest/src/main/java/org/apache/usergrid/rest/applications/queues/QueueSubscriptionResource.java
----------------------------------------------------------------------
diff --cc stack/rest/src/main/java/org/apache/usergrid/rest/applications/queues/QueueSubscriptionResource.java
index a21cd66,c488095..778b57d
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/applications/queues/QueueSubscriptionResource.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/applications/queues/QueueSubscriptionResource.java
@@@ -17,11 -17,24 +17,12 @@@
  package org.apache.usergrid.rest.applications.queues;
  
  
 -import java.util.List;
 -import java.util.Map;
 -
 -import javax.ws.rs.Consumes;
 -import javax.ws.rs.DELETE;
 -import javax.ws.rs.DefaultValue;
 -import javax.ws.rs.GET;
 -import javax.ws.rs.POST;
 -import javax.ws.rs.PUT;
 -import javax.ws.rs.Path;
 -import javax.ws.rs.PathParam;
 -import javax.ws.rs.Produces;
 -import javax.ws.rs.QueryParam;
 -import javax.ws.rs.core.Context;
 -import javax.ws.rs.core.MediaType;
 -import javax.ws.rs.core.UriInfo;
 -
 +import com.fasterxml.jackson.jaxrs.json.annotation.JSONP;
 +import org.apache.commons.lang.StringUtils;
 +import org.apache.usergrid.mq.QueueManager;
 +import org.apache.usergrid.mq.QueueSet;
 +import org.apache.usergrid.rest.AbstractContextResource;
+ import org.apache.usergrid.rest.security.annotations.CheckPermissionsForPath;
  import org.slf4j.Logger;
  import org.slf4j.LoggerFactory;
  import org.springframework.context.annotation.Scope;
@@@ -81,10 -95,9 +82,11 @@@ public class QueueSubscriptionResource 
      }
  
  
+     @CheckPermissionsForPath
      @GET
 -    public JSONWithPadding executeGet( @Context UriInfo ui, @QueryParam("start") String
firstSubscriptionQueuePath,
 +    @JSONP
 +    @Produces({MediaType.APPLICATION_JSON, "application/javascript"})
 +    public QueueSet executeGet( @Context UriInfo ui, @QueryParam("start") String firstSubscriptionQueuePath,
                                         @QueryParam("limit") @DefaultValue("10") int limit,
                                         @QueryParam("callback") @DefaultValue("callback")
String callback )
              throws Exception {
@@@ -97,11 -110,10 +99,12 @@@
      }
  
  
+     @CheckPermissionsForPath
      @POST
      @Consumes(MediaType.APPLICATION_JSON)
 -    public JSONWithPadding executePost( @Context UriInfo ui, EntityHolder<Map<String,
Object>> body,
 +    @JSONP
 +    @Produces({MediaType.APPLICATION_JSON, "application/javascript"})
 +    public QueueSet executePost( @Context UriInfo ui, Map<String, Object> body,
                                          @QueryParam("callback") @DefaultValue("callback")
String callback )
              throws Exception {
  
@@@ -111,11 -123,10 +114,12 @@@
      }
  
  
+     @CheckPermissionsForPath
      @PUT
      @Consumes(MediaType.APPLICATION_JSON)
 -    public JSONWithPadding executePut( @Context UriInfo ui, EntityHolder<Map<String,
Object>> body,
 +    @JSONP
 +    @Produces({MediaType.APPLICATION_JSON, "application/javascript"})
 +    public QueueSet executePut( @Context UriInfo ui, Map<String, Object> body,
                                         @QueryParam("callback") @DefaultValue("callback")
String callback )
              throws Exception {
  
@@@ -138,10 -149,9 +142,11 @@@
      }
  
  
+     @CheckPermissionsForPath
      @DELETE
 -    public JSONWithPadding executeDelete( @Context UriInfo ui,
 +    @JSONP
 +    @Produces({MediaType.APPLICATION_JSON, "application/javascript"})
 +    public QueueSet executeDelete( @Context UriInfo ui,
                                            @QueryParam("callback") @DefaultValue("callback")
String callback )
              throws Exception {
  

http://git-wip-us.apache.org/repos/asf/usergrid/blob/c6945e3d/stack/rest/src/main/java/org/apache/usergrid/rest/applications/queues/QueueTransactionsResource.java
----------------------------------------------------------------------
diff --cc stack/rest/src/main/java/org/apache/usergrid/rest/applications/queues/QueueTransactionsResource.java
index 199e7f8,56cca2c..678daae
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/applications/queues/QueueTransactionsResource.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/applications/queues/QueueTransactionsResource.java
@@@ -17,21 -17,30 +17,23 @@@
  package org.apache.usergrid.rest.applications.queues;
  
  
 -import java.util.UUID;
 -
 -import javax.ws.rs.DELETE;
 -import javax.ws.rs.DefaultValue;
 -import javax.ws.rs.PUT;
 -import javax.ws.rs.Path;
 -import javax.ws.rs.PathParam;
 -import javax.ws.rs.Produces;
 -import javax.ws.rs.QueryParam;
 -import javax.ws.rs.core.Context;
 -import javax.ws.rs.core.MediaType;
 -import javax.ws.rs.core.UriInfo;
 -
 +import com.fasterxml.jackson.jaxrs.json.annotation.JSONP;
 +import org.apache.usergrid.mq.QueueManager;
 +import org.apache.usergrid.mq.QueueQuery;
 +import org.apache.usergrid.persistence.Results;
 +import org.apache.usergrid.rest.AbstractContextResource;
+ import org.apache.usergrid.rest.security.annotations.CheckPermissionsForPath;
  import org.slf4j.Logger;
  import org.slf4j.LoggerFactory;
  import org.springframework.context.annotation.Scope;
  import org.springframework.stereotype.Component;
 -import org.apache.usergrid.mq.QueueManager;
 -import org.apache.usergrid.mq.QueueQuery;
 -import org.apache.usergrid.persistence.Results;
 -import org.apache.usergrid.rest.AbstractContextResource;
  
 -import com.sun.jersey.api.json.JSONWithPadding;
++
 +import javax.ws.rs.*;
 +import javax.ws.rs.core.Context;
 +import javax.ws.rs.core.MediaType;
 +import javax.ws.rs.core.UriInfo;
 +import java.util.UUID;
  
  import static org.apache.usergrid.utils.MapUtils.hashMap;
  
@@@ -62,11 -71,10 +64,12 @@@ public class QueueTransactionsResource 
      }
  
  
+     @CheckPermissionsForPath
      @Path("{id}")
      @PUT
 -    public JSONWithPadding updateTransaction( @Context UriInfo ui, @PathParam("id") UUID
transactionId,
 +    @JSONP
 +    @Produces({MediaType.APPLICATION_JSON, "application/javascript"})
 +    public Results updateTransaction( @Context UriInfo ui, @PathParam("id") UUID transactionId,
                                                @QueryParam("callback") @DefaultValue("callback")
String callback )
              throws Exception {
  
@@@ -78,11 -86,10 +81,12 @@@
      }
  
  
+     @CheckPermissionsForPath
      @Path("{id}")
      @DELETE
 -    public JSONWithPadding removeTransaction( @Context UriInfo ui, @PathParam("id") UUID
transactionId,
 +    @JSONP
 +    @Produces({MediaType.APPLICATION_JSON, "application/javascript"})
 +    public Results removeTransaction( @Context UriInfo ui, @PathParam("id") UUID transactionId,
                                                @QueryParam("callback") @DefaultValue("callback")
String callback )
              throws Exception {
  

http://git-wip-us.apache.org/repos/asf/usergrid/blob/c6945e3d/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java
----------------------------------------------------------------------
diff --cc stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java
index 04f0fc4,d867e1b..d57e84c
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java
@@@ -17,16 -17,28 +17,14 @@@
  package org.apache.usergrid.rest.security;
  
  
 -import java.util.Collections;
 -import java.util.List;
 -import java.util.Map;
 -import java.util.Properties;
 -
 -import javax.ws.rs.core.Context;
 -import javax.ws.rs.core.MultivaluedMap;
 -import javax.ws.rs.core.UriInfo;
 -
+ import org.apache.shiro.subject.Subject;
 -import org.apache.usergrid.rest.security.annotations.*;
 -import org.slf4j.Logger;
 -import org.slf4j.LoggerFactory;
 -import org.springframework.beans.factory.annotation.Autowired;
 -import org.springframework.beans.factory.annotation.Qualifier;
 -import org.springframework.stereotype.Component;
  import org.apache.usergrid.management.ApplicationInfo;
  import org.apache.usergrid.management.ManagementService;
  import org.apache.usergrid.persistence.EntityManager;
  import org.apache.usergrid.persistence.EntityManagerFactory;
  import org.apache.usergrid.persistence.index.query.Identifier;
  import org.apache.usergrid.rest.exceptions.SecurityException;
- import org.apache.usergrid.rest.security.annotations.RequireAdminUserAccess;
- import org.apache.usergrid.rest.security.annotations.RequireApplicationAccess;
- import org.apache.usergrid.rest.security.annotations.RequireOrganizationAccess;
- import org.apache.usergrid.rest.security.annotations.RequireSystemAccess;
++import org.apache.usergrid.rest.security.annotations.*;
  import org.apache.usergrid.rest.utils.PathingUtils;
  import org.apache.usergrid.security.shiro.utils.SubjectUtils;
  import org.apache.usergrid.services.ServiceManagerFactory;
@@@ -113,40 -114,46 +111,43 @@@ public class SecuredResourceFilterFacto
  
  
      @Override
 -    public List<ResourceFilter> create( AbstractMethod am ) {
 +    public void configure(ResourceInfo resourceInfo, FeatureContext featureContext) {
 +        Method am = resourceInfo.getResourceMethod();
 +
 +        logger.debug( "configure {} method {}",
 +            resourceInfo.getResourceClass().getSimpleName(), resourceInfo.getResourceMethod().getName()
);
 +
          if ( am.isAnnotationPresent( RequireApplicationAccess.class ) ) {
 -            return Collections.<ResourceFilter>singletonList( new ApplicationFilter()
);
 +            featureContext.register( ApplicationFilter.class );
          }
          else if ( am.isAnnotationPresent( RequireOrganizationAccess.class ) ) {
 -            return Collections.<ResourceFilter>singletonList( new OrganizationFilter()
);
 +
 +            featureContext.register( OrganizationFilter.class );
          }
          else if ( am.isAnnotationPresent( RequireSystemAccess.class ) ) {
 -            return Collections.<ResourceFilter>singletonList( new SystemFilter() );
 +            featureContext.register( SystemFilter.class );
          }
          else if ( am.isAnnotationPresent( RequireAdminUserAccess.class ) ) {
 -            return Collections.<ResourceFilter>singletonList( new AdminUserFilter()
);
 +            featureContext.register( SystemFilter.AdminUserFilter.class );
          }
+         else if ( am.isAnnotationPresent( CheckPermissionsForPath.class ) ) {
 -            return Collections.<ResourceFilter>singletonList( new PathPermissionsFilter()
);
++            featureContext.register( PathPermissionsFilter.class );
+         }
 -        return null;
 -    }
  
 +    }
  
 -    public abstract class AbstractFilter implements ResourceFilter, ContainerRequestFilter
{
 -        public AbstractFilter() {
 -        }
 +    public static abstract class AbstractFilter implements ContainerRequestFilter {
  
 +        private UriInfo uriInfo;
  
 -        @Override
 -        public ContainerRequestFilter getRequestFilter() {
 -            return this;
 +        public AbstractFilter( UriInfo uriInfo ) {
 +            this.uriInfo = uriInfo;
          }
  
 -
          @Override
 -        public ContainerResponseFilter getResponseFilter() {
 -            return null;
 -        }
 +        public void filter(ContainerRequestContext request) throws IOException {
  
 -
 -        @Override
 -        public ContainerRequest filter( ContainerRequest request ) {
 -            logger.debug( "Filtering {}", request.getRequestUri().toString() );
 +            logger.debug( "Filtering {}", request.getUriInfo().getRequestUri().toString()
);
  
              if ( request.getMethod().equalsIgnoreCase( "OPTIONS" ) ) {
                  logger.debug( "Skipping option request" );
@@@ -328,23 -313,81 +329,107 @@@
                  }
              }
          }
 -    }
  
 +        @Resource
 +        public static class AdminUserFilter extends AbstractFilter {
  
 -    public class AdminUserFilter extends AbstractFilter {
 -        public AdminUserFilter() {
 -        }
 -
 +            @Inject
 +            public AdminUserFilter(UriInfo uriInfo) {
 +                super( uriInfo );
 +            }
  
 -        @Override
 -        public void authorize( ContainerRequest request ) {
 -            logger.debug( "AdminUserFilter.authorize" );
 -            if ( !isUser( getUserIdentifier() ) ) {
 -                throw mappableSecurityException( "unauthorized", "No admin user access authorized"
);
 +            @Override
 +            public void authorize(ContainerRequestContext request) {
 +                logger.debug( "AdminUserFilter.authorize" );
 +                if (!isUser( getUserIdentifier() )) {
 +                    throw mappableSecurityException( "unauthorized", "No admin user access
authorized" );
 +                }
              }
          }
 +
      }
+ 
+     // This filter is created in REST from logic in org.apache.usergrid.services.AbstractService.checkPermissionsForPath
 -    public class PathPermissionsFilter extends AbstractFilter {
++    @Resource
++    public static class PathPermissionsFilter extends AbstractFilter {
++
++        EntityManagerFactory emf;
++        ManagementService management;
+ 
 -        public PathPermissionsFilter() {}
++        @Autowired
++        public void setEntityManagerFactory( EntityManagerFactory emf ) {
++            this.emf = emf;
++        }
++
++
++        public EntityManagerFactory getEntityManagerFactory() {
++            return emf;
++        }
++
++        @Autowired
++        public void setManagementService( ManagementService management ) {
++            this.management = management;
++        }
++
++        @Inject
++        public PathPermissionsFilter(UriInfo uriInfo) {
++            super( uriInfo );
++        }
+ 
+ 
+         @Override
 -        public void authorize( ContainerRequest request ) {
++        public void authorize( ContainerRequestContext request ) {
+             if(logger.isDebugEnabled()){
+                 logger.debug( "PathPermissionsFilter.authorize" );
+             }
+ 
+             final String PATH_MSG =
+                 "---- Checked permissions for path --------------------------------------------\n"
+ "Requested path: {} \n"
+                     + "Requested action: {} \n" + "Requested permission: {} \n" + "Permitted:
{} \n";
+ 
+             ApplicationInfo application;
+ 
+             try {
+ 
+                 application = management.getApplicationInfo( getApplicationIdentifier()
);
+                 EntityManager em = emf.getEntityManager( application.getId() );
+                 Subject currentUser = SubjectUtils.getSubject();
+ 
+                 if ( currentUser == null ) {
+                     return;
+                 }
+                 String applicationName = application.getName().toLowerCase();
+                 String operation = request.getMethod().toLowerCase();
 -                String path = request.getPath().toLowerCase().replace(applicationName, "");
++                String path = request.getUriInfo().getPath().toLowerCase().replace(applicationName,
"");
+                 String perm =  getPermissionFromPath( em.getApplicationRef().getUuid(),
operation, path );
+ 
+                 boolean permitted = currentUser.isPermitted( perm );
+                 if ( logger.isDebugEnabled() ) {
+                     logger.debug( PATH_MSG, new Object[] { path, operation, perm, permitted
} );
+                 }
+ 
+                 if(!permitted){
+                     // throwing this so we can raise a proper mapped REST exception
+                     throw new Exception("Subject not permitted");
+                 }
+ 
+ 
+                 SubjectUtils.checkPermission( perm );
+                 Subject subject = SubjectUtils.getSubject();
+ 
+                 if ( logger.isDebugEnabled() ) {
+                     logger.debug("Checked subject {} for perm {}", subject != null ? subject.toString()
: "", perm);
+                     logger.debug("------------------------------------------------------------------------------");
+                 }
+ 
+ 
+             } catch (Exception e){
+                 throw mappableSecurityException( "unauthorized",
+                     "Subject does not have permission to access this resource" );
+             }
+ 
+         }
+     }
+ 
++
  }

http://git-wip-us.apache.org/repos/asf/usergrid/blob/c6945e3d/stack/rest/src/test/java/org/apache/usergrid/rest/applications/SecurityIT.java
----------------------------------------------------------------------
diff --cc stack/rest/src/test/java/org/apache/usergrid/rest/applications/SecurityIT.java
index 0000000,c5b06b5..f64afe8
mode 000000,100644..100644
--- a/stack/rest/src/test/java/org/apache/usergrid/rest/applications/SecurityIT.java
+++ b/stack/rest/src/test/java/org/apache/usergrid/rest/applications/SecurityIT.java
@@@ -1,0 -1,113 +1,115 @@@
+ /*
+  * Licensed to the Apache Software Foundation (ASF) under one or more
+  * contributor license agreements.  See the NOTICE file distributed with
+  * this work for additional information regarding copyright ownership.
+  * The ASF licenses this file to You under the Apache License, Version 2.0
+  * (the "License"); you may not use this file except in compliance with
+  * the License.  You may obtain a copy of the License at
+  *
+  *      http://www.apache.org/licenses/LICENSE-2.0
+  *
+  * Unless required by applicable law or agreed to in writing, software
+  * distributed under the License is distributed on an "AS IS" BASIS,
+  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  * See the License for the specific language governing permissions and
+  * limitations under the License.
+  */
+ package org.apache.usergrid.rest.applications;
+ 
+ 
+ import com.sun.jersey.api.client.UniformInterfaceException;
+ import org.apache.usergrid.rest.test.resource.AbstractRestIT;
+ import org.apache.usergrid.rest.test.resource.model.ApiResponse;
+ import org.apache.usergrid.utils.UUIDUtils;
+ import org.junit.Test;
+ 
++import javax.ws.rs.WebApplicationException;
+ import java.util.UUID;
+ 
+ import static org.junit.Assert.assertEquals;
+ 
+ /**
+  * These tests will execute requests against certain paths (with or without credentials)
to ensure access is being
+  * allowed according to the REST and Services permissions defined for the resource.
+  */
+ public class SecurityIT extends AbstractRestIT {
+ 
+     public SecurityIT() throws Exception {}
+ 
+     @Test
+     public void testAssetsNoCredentials(){
+ 
+         final UUID uuid = UUIDUtils.newTimeUUID();
++        int responseStatus = 0;
+         try {
+             //use false in get() for no token
+             this.pathResource(getOrgAppPath("assets/" + uuid + "/data")).get(ApiResponse.class,
false);
+ 
 -        } catch (UniformInterfaceException ui){
 -            assertEquals(401, ui.getResponse().getStatus());
++        } catch (WebApplicationException ex) {
++            responseStatus = ex.getResponse().getStatus();
+         }
++        assertEquals(401, responseStatus);
+     }
+ 
+ 
+     @Test
+     public void testFacebookAuthNoCredentials(){
+ 
+         int responseStatus = 0;
+         try {
+             //use false in get() for no token
+             this.pathResource(getOrgAppPath("auth/facebook")).get(ApiResponse.class, false);
+ 
 -        } catch (UniformInterfaceException ui){
 -            responseStatus = ui.getResponse().getStatus();
 -
++        } catch (WebApplicationException ex) {
++            responseStatus = ex.getResponse().getStatus();
+         }
+         assertEquals(401, responseStatus);
+     }
+ 
+     @Test
+     public void testPingIdentityAuthNoCredentials(){
+ 
+         int responseStatus = 0;
+         try {
+             //use false in get() for no token
+             this.pathResource(getOrgAppPath("auth/pingident")).get(ApiResponse.class, false);
+ 
 -        } catch (UniformInterfaceException ui){
 -            responseStatus = ui.getResponse().getStatus();
++        } catch (WebApplicationException ex) {
++            responseStatus = ex.getResponse().getStatus();
+         }
+         assertEquals(401, responseStatus);
+ 
+     }
+ 
+     @Test
+     public void testFoursquareAuthNoCredentials(){
+ 
+         int responseStatus = 0;
+         try {
+             //use false in get() for no token
+             this.pathResource(getOrgAppPath("auth/foursquare")).get(ApiResponse.class, false);
+ 
 -        } catch (UniformInterfaceException ui){
 -            responseStatus = ui.getResponse().getStatus();
++        } catch (WebApplicationException ex) {
++            responseStatus = ex.getResponse().getStatus();
+         }
+         assertEquals(401, responseStatus);
+ 
+     }
+ 
+     @Test
+     public void testQueuesNoCredentials(){
+ 
+         int responseStatus = 0;
+         try {
+             //use false in get() for no token
+             this.pathResource(getOrgAppPath("queues")).get(ApiResponse.class, false);
+ 
 -        } catch (UniformInterfaceException ui){
 -            responseStatus = ui.getResponse().getStatus();
++        } catch (WebApplicationException ex) {
++            responseStatus = ex.getResponse().getStatus();
+         }
+         assertEquals(401, responseStatus);
+ 
+     }
+ 
+ 
+ }


Mime
View raw message