Commit 740d7f8c authored by Anuj Gupta's avatar Anuj Gupta
Browse files

Merge branch 'security-fix-ibm' into 'master'

IBM security code fix

See merge request !8
parents c7b2c889 772e50ab
Pipeline #14344 passed with stages
in 13 minutes and 33 seconds
// Copyright 2017-2019, Schlumberger
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
/**
* Copyright 2020 IBM Corp. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* begin_generated_IBM_copyright_prolog
*
* *******************************************
* IBM Confidential.
* OCO Source Materials
* 5900-AEB
* © Copyright IBM Corp. 2020
* The source code for this program is not published or otherwise divested of its trade secrets, irrespective of what has
* been deposited with the U.S. Copyright Office.
*
* end_generated_IBM_copyright_prolog
*/
package org.opengroup.osdu.core.common.model.entitlements;
......
// Copyright 2017-2019, Schlumberger
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
/**
* Copyright 2020 IBM Corp. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* begin_generated_IBM_copyright_prolog
*
* *******************************************
* IBM Confidential.
* OCO Source Materials
* 5900-AEB
* © Copyright IBM Corp. 2020
* The source code for this program is not published or otherwise divested of its trade secrets, irrespective of what has
* been deposited with the U.S. Copyright Office.
*
* end_generated_IBM_copyright_prolog
*/
package org.opengroup.osdu.core.common.model.entitlements;
......
// Copyright 2017-2019, Schlumberger
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
/**
* Copyright 2020 IBM Corp. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* begin_generated_IBM_copyright_prolog
*
* *******************************************
* IBM Confidential.
* OCO Source Materials
* 5900-AEB
* © Copyright IBM Corp. 2020
* The source code for this program is not published or otherwise divested of its trade secrets, irrespective of what has
* been deposited with the U.S. Copyright Office.
*
* end_generated_IBM_copyright_prolog
*/
package org.opengroup.osdu.core.common.model.entitlements;
......
// Copyright 2017-2019, Schlumberger
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
/**
* Copyright 2020 IBM Corp. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* begin_generated_IBM_copyright_prolog
*
* *******************************************
* IBM Confidential.
* OCO Source Materials
* 5900-AEB
* © Copyright IBM Corp. 2020
* The source code for this program is not published or otherwise divested of its trade secrets, irrespective of what has
* been deposited with the U.S. Copyright Office.
*
* end_generated_IBM_copyright_prolog
*/
package org.opengroup.osdu.core.common.model.entitlements;
......
/**
* Copyright 2020 IBM Corp. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* begin_generated_IBM_copyright_prolog
*
* *******************************************
* IBM Confidential.
* OCO Source Materials
* 5900-AEB
* © Copyright IBM Corp. 2020
* The source code for this program is not published or otherwise divested of its trade secrets, irrespective of what has
* been deposited with the U.S. Copyright Office.
*
* end_generated_IBM_copyright_prolog
*/
package org.opengroup.osdu.ibm.entitlements;
......
// Copyright 2020 IBM Corp. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
/**
* Copyright 2020 IBM Corp. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* begin_generated_IBM_copyright_prolog
*
* *******************************************
* IBM Confidential.
* OCO Source Materials
* 5900-AEB
* © Copyright IBM Corp. 2020
* The source code for this program is not published or otherwise divested of its trade secrets, irrespective of what has
* been deposited with the U.S. Copyright Office.
*
* end_generated_IBM_copyright_prolog
*/
package org.opengroup.osdu.ibm.entitlements;
......
// Copyright 2020 IBM Corp. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
/**
* Copyright 2020 IBM Corp. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* begin_generated_IBM_copyright_prolog
*
* *******************************************
* IBM Confidential.
* OCO Source Materials
* 5900-AEB
* © Copyright IBM Corp. 2020
* The source code for this program is not published or otherwise divested of its trade secrets, irrespective of what has
* been deposited with the U.S. Copyright Office.
*
* end_generated_IBM_copyright_prolog
*/
package org.opengroup.osdu.ibm.entitlements;
......@@ -59,12 +73,12 @@ public class GlobalExceptionMapper extends ResponseEntityExceptionHandler {
new AppException(HttpStatus.FORBIDDEN.value(), "Access denied", e.getMessage(), e));
}
@ExceptionHandler(Exception.class)
protected ResponseEntity<Object> handleGeneralException(Exception e) {
return this.getErrorResponse(
new AppException(HttpStatus.INTERNAL_SERVER_ERROR.value(), "Server error.",
"An unknown error has occurred.", e));
}
/*
* @ExceptionHandler(Exception.class) protected ResponseEntity<Object>
* handleGeneralException(Exception e) { return this.getErrorResponse( new
* AppException(HttpStatus.INTERNAL_SERVER_ERROR.value(), "Server error.",
* "An unknown error has occurred.", e)); }
*/
private ResponseEntity<Object> getErrorResponse(AppException e) {
......
// Copyright 2020 IBM Corp. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
/**
* Copyright 2020 IBM Corp. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* begin_generated_IBM_copyright_prolog
*
* *******************************************
* IBM Confidential.
* OCO Source Materials
* 5900-AEB
* © Copyright IBM Corp. 2020
* The source code for this program is not published or otherwise divested of its trade secrets, irrespective of what has
* been deposited with the U.S. Copyright Office.
*
* end_generated_IBM_copyright_prolog
*/
package org.opengroup.osdu.ibm.entitlements.api;
......@@ -25,8 +39,10 @@ import org.opengroup.osdu.core.common.model.entitlements.Groups;
import org.opengroup.osdu.core.common.model.entitlements.MemberInfo;
import org.opengroup.osdu.core.common.model.entitlements.Members;
import org.opengroup.osdu.core.common.model.http.AppException;
import org.opengroup.osdu.core.common.model.tenant.TenantInfo;
import org.opengroup.osdu.ibm.entitlements.model.EntitlementsRole;
import org.opengroup.osdu.ibm.entitlements.service.EntitlementsIBM;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.validation.annotation.Validated;
......@@ -46,6 +62,9 @@ public class EntitlementsApi {
@Inject
private EntitlementsIBM entitlementsIBM;
@Autowired
TenantInfo tenantInfo;
public void setEntitlementsService(EntitlementsIBM entitlementsIBM) {
this.entitlementsIBM = entitlementsIBM;
......@@ -60,6 +79,7 @@ public class EntitlementsApi {
@PostMapping("/groups")
@RolesAllowed(EntitlementsRole.ROLE_ADMIN)
public ResponseEntity<GroupInfo> postGroup(@RequestBody CreateGroup newGroup) {
tenantInfo.getName();
GroupInfo groupInfo = entitlementsIBM.createGroup(newGroup);
return new ResponseEntity<GroupInfo>(groupInfo, HttpStatus.OK);
}
......@@ -75,6 +95,7 @@ public class EntitlementsApi {
if (Strings.isNullOrEmpty(limit)) {
limit = "0";
}
tenantInfo.getName();
GetMembers getMembers = new GetMembers(cursor, Integer.parseInt(limit));
return new ResponseEntity<Members>(entitlementsIBM.getMembers(groupEmail, getMembers), HttpStatus.OK);
......@@ -85,7 +106,7 @@ public class EntitlementsApi {
public ResponseEntity<MemberInfo> postMembers(
@PathVariable("groupEmail") GroupEmail groupEmail,
@RequestBody MemberInfo memberInfo) {
tenantInfo.getName();
try {
return new ResponseEntity<MemberInfo>(entitlementsIBM.addMember(groupEmail, memberInfo), HttpStatus.OK);
} catch (AppException e) {
......@@ -102,7 +123,8 @@ public class EntitlementsApi {
public ResponseEntity<Void> deleteMember(
@PathVariable("groupEmail") String groupEmail,
@PathVariable("memberEmail") String memberEmail) {
tenantInfo.getName();
entitlementsIBM.deleteMember(groupEmail, memberEmail);
return new ResponseEntity<Void>(HttpStatus.NO_CONTENT);
......
/**
* Copyright 2020 IBM Corp. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* begin_generated_IBM_copyright_prolog
*
* *******************************************
* IBM Confidential.
* OCO Source Materials
* 5900-AEB
* © Copyright IBM Corp. 2020
* The source code for this program is not published or otherwise divested of its trade secrets, irrespective of what has
* been deposited with the U.S. Copyright Office.
*
* end_generated_IBM_copyright_prolog
*/
package org.opengroup.osdu.ibm.entitlements.api;
import javax.annotation.security.PermitAll;
......
/**
* Copyright 2020 IBM Corp. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* begin_generated_IBM_copyright_prolog
*
* *******************************************
* IBM Confidential.
* OCO Source Materials
* 5900-AEB
* © Copyright IBM Corp. 2020
* The source code for this program is not published or otherwise divested of its trade secrets, irrespective of what has
* been deposited with the U.S. Copyright Office.
*
* end_generated_IBM_copyright_prolog
*/
package org.opengroup.osdu.ibm.entitlements.api;
import org.springframework.security.core.Authentication;
......
// Copyright 2020 IBM Corp. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
/**
* Copyright 2020 IBM Corp. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* begin_generated_IBM_copyright_prolog
*
* *******************************************
* IBM Confidential.
* OCO Source Materials
* 5900-AEB
* © Copyright IBM Corp. 2020
* The source code for this program is not published or otherwise divested of its trade secrets, irrespective of what has
* been deposited with the U.S. Copyright Office.
*
* end_generated_IBM_copyright_prolog
*/
package org.opengroup.osdu.ibm.entitlements.di;
......
// Copyright 2020 IBM Corp. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
/**
* Copyright 2020 IBM Corp. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* begin_generated_IBM_copyright_prolog
*
* *******************************************
* IBM Confidential.
* OCO Source Materials
* 5900-AEB
* © Copyright IBM Corp. 2020
* The source code for this program is not published or otherwise divested of its trade secrets, irrespective of what has
* been deposited with the U.S. Copyright Office.
*
* end_generated_IBM_copyright_prolog
*/
package org.opengroup.osdu.ibm.entitlements.model;
......
// Copyright 2020 IBM Corp. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.