Commit 849a4ae4 authored by Anuj Gupta's avatar Anuj Gupta
Browse files

Merge branch 'ibm-ent-fix' into 'master'

merging with lastest ent ibm fix

See merge request !5
parents 7f8aae03 42ecadaa
Pipeline #10198 passed with stages
in 8 minutes and 3 seconds
pipeline {
agent any
tools {
maven '3.6.3'
}
stages {
stage('Build') {
steps {
sh 'mvn clean compile'
}
}
stage('Test') {
steps {
sh 'mvn test'
}
}
}
}
\ No newline at end of file
......@@ -2,13 +2,6 @@
Generated by fossa-cli (https://github.com/fossas/fossa-cli).
This software includes the following software and licenses:
========================================================================
Apache-1.1
========================================================================
The following software have components provided under the terms of this license:
- StAX (from http://stax.codehaus.org/)
========================================================================
Apache-2.0
========================================================================
......@@ -47,6 +40,10 @@ The following software have components provided under the terms of this license:
- Guava: Google Core Libraries for Java (from https://github.com/google/guava.git)
- HPPC Collections (from http://labs.carrotsearch.com)
- Hibernate Validator Engine (from )
- IBM COS Java SDK for Amazon S3 (from https://github.com/ibm/ibm-cos-sdk-java)
- IBM COS Java SDK for COS KMS (from https://github.com/ibm/ibm-cos-sdk-java)
- IBM COS SDK For Java (from https://github.com/ibm/ibm-cos-sdk-java)
- IBM COS SDK for Java - Core (from https://github.com/ibm/ibm-cos-sdk-java)
- J2ObjC Annotations (from https://github.com/google/j2objc/)
- JAX-RS 2.1: The Java(TM) API for RESTful Web Services (from )
- JBoss Logging 3 (from http://www.jboss.org)
......@@ -127,7 +124,6 @@ The following software have components provided under the terms of this license:
- Reactive Object Pool (from https://github.com/reactor/reactor-pool)
- Reactive Streams Netty driver (from https://github.com/reactor/reactor-netty)
- Resteasy Multipart Provider (from )
- Simple XML (from http://simple.sourceforge.net)
- SnakeYAML (from http://www.snakeyaml.org)
- Spring AOP (from https://github.com/spring-projects/spring-framework)
- Spring Beans (from https://github.com/spring-projects/spring-framework)
......@@ -153,8 +149,6 @@ The following software have components provided under the terms of this license:
- Spring Transaction (from https://github.com/spring-projects/spring-framework)
- Spring Web (from https://github.com/spring-projects/spring-framework)
- Spring Web MVC (from https://github.com/spring-projects/spring-framework)
- StAX (from http://stax.codehaus.org/)
- StAX API (from http://stax.codehaus.org/)
- T-Digest (from https://github.com/tdunning/t-digest)
- aggs-matrix-stats (from https://github.com/elastic/elasticsearch)
- cli (from https://github.com/elastic/elasticsearch)
......@@ -162,6 +156,7 @@ The following software have components provided under the terms of this license:
- elasticsearch-core (from https://github.com/elastic/elasticsearch)
- fastinfoset (from http://fi.java.net)
- io.grpc:grpc-context (from https://github.com/grpc/grpc-java)
- ion-java (from https://github.com/amznlabs/ion-java/)
- jackson-databind (from http://github.com/FasterXML/jackson)
- java-cloudant (from https://cloudant.com)
- java-cloudant (from https://cloudant.com)
......@@ -169,7 +164,6 @@ The following software have components provided under the terms of this license:
- json-patch (from https://github.com/fge/json-patch)
- lang-mustache (from https://github.com/elastic/elasticsearch)
- lettuce (from http://github.com/mp911de/lettuce/wiki)
- minio (from https://github.com/minio/minio-java)
- org.xmlunit:xmlunit-core (from http://www.xmlunit.org/)
- parent-join (from https://github.com/elastic/elasticsearch)
- proton-j (from )
......@@ -207,7 +201,6 @@ The following software have components provided under the terms of this license:
- Hamcrest Core (from http://hamcrest.org/)
- Lucene Common Analyzers (from )
- StAX (from http://stax.codehaus.org/)
- fastinfoset (from http://fi.java.net)
========================================================================
......@@ -233,7 +226,6 @@ CC-BY-3.0
========================================================================
The following software have components provided under the terms of this license:
- "Java Concurrency in Practice" book annotations (from http://jcip.net/)
- FindBugs-jsr305 (from http://findbugs.sourceforge.net/)
========================================================================
......@@ -345,7 +337,6 @@ The following software have components provided under the terms of this license:
- Logback Classic Module (from )
- Logback Core Module (from )
- Msg Simple (from https://github.com/fge/msg-simple)
- SpotBugs Annotations (from https://spotbugs.github.io/)
- json-patch (from https://github.com/fge/json-patch)
========================================================================
......@@ -354,7 +345,6 @@ LGPL-2.1-or-later
The following software have components provided under the terms of this license:
- SnakeYAML (from http://www.snakeyaml.org)
- SpotBugs Annotations (from https://spotbugs.github.io/)
========================================================================
LGPL-3.0-only
......
......@@ -21,7 +21,7 @@
<version>2.1.9.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>org.opengroup.osdu.ibm</groupId>
<artifactId>entitlements</artifactId>
<version>0.0.1-SNAPSHOT</version>
......@@ -56,10 +56,10 @@
<version.keycloak>9.0.0</version.keycloak>
<org.jboss.logging.provider>slf4j</org.jboss.logging.provider>
<start-class>org.opengroup.osdu.ibm.entitlements.EntitlementsApplication</start-class>
<os-core-lib-ibm.version>0.0.18</os-core-lib-ibm.version>
<os-core-lib-ibm.version>0.3.6-SNAPSHOT</os-core-lib-ibm.version>
</properties>
<licenses>
<license>
<name>Apache License, Version 2.0</name>
......@@ -69,14 +69,14 @@
</licenses>
<dependencies>
<!-- IBM core services -->
<dependency>
<groupId>org.opengroup.osdu</groupId>
<artifactId>os-core-lib-ibm</artifactId>
<version>${os-core-lib-ibm.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
......@@ -171,7 +171,7 @@
<version>2.5.8</version>
<type>pom</type>
</dependency>
<!-- test -->
<dependency>
<groupId>org.springframework.boot</groupId>
......
// Copyright 2017-2019, Schlumberger
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package org.opengroup.osdu.core.common.model.entitlements;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
import lombok.NoArgsConstructor;
// TODO copy from core common, should be removed after update
@Data
@Builder
@AllArgsConstructor
@NoArgsConstructor
public class CreateGroup {
String name;
String description;
}
\ No newline at end of file
// Copyright 2017-2019, Schlumberger
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package org.opengroup.osdu.core.common.model.entitlements;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
import lombok.NoArgsConstructor;
//TODO copy from core common, should be removed after update
@Data
@Builder
@AllArgsConstructor
@NoArgsConstructor
public class GetMembers {
// String role; IBM just have MEMBERS
String cursor;
int limit;
}
\ No newline at end of file
// Copyright 2017-2019, Schlumberger
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package org.opengroup.osdu.core.common.model.entitlements;
import lombok.Data;
@Data
public class GroupInfo {
String name;
String email;
String description;
String groupEmail;
public void setEmail(String email) {
this.email = email;
this.groupEmail = email;
}
public void setName(String name) {
this.name = name;
}
public void setDescription(String description) {
this.description = description;
}
}
\ No newline at end of file
// Copyright 2020 IBM Corp. All Rights Reserved.
// Copyright 2017-2019, Schlumberger
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
......@@ -12,32 +12,32 @@
// See the License for the specific language governing permissions and
// limitations under the License.
package org.opengroup.osdu.ibm.entitlements.di;
package org.opengroup.osdu.core.common.model.entitlements;
import java.util.Collections;
import java.util.Map;
import java.util.stream.Collectors;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
import lombok.NoArgsConstructor;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
//TODO copy from core common, should be removed after update
@Data
@Builder
@AllArgsConstructor
@NoArgsConstructor
public class MemberInfo {
String email;
//String role;
import org.opengroup.osdu.core.common.model.http.DpsHeaders;
import org.springframework.stereotype.Component;
import org.springframework.web.context.annotation.RequestScope;
@Component("HeaderFactoryIBM")
@RequestScope
public class HeaderFactoryIBM extends DpsHeaders {
@Inject
public HeaderFactoryIBM(HttpServletRequest request) {
/*public static MemberInfo Owner(String email) {
return MemberInfo.builder().email(email).role(Roles.OWNER).build();
}
Map<String, String> headers = Collections
.list(request.getHeaderNames())
.stream()
.collect(Collectors.toMap(h -> h, request::getHeader));
public static MemberInfo Manager(String email) {
return MemberInfo.builder().email(email).role(Roles.MANAGER).build();
}*/
DpsHeaders dps = DpsHeaders.createFromMap(headers);
dps.getHeaders().forEach( (k, v) -> this.put(k,v));
public static MemberInfo Member(String email) {
//return MemberInfo.builder().email(email).role(Roles.MEMBER).build();
return MemberInfo.builder().email(email).build();
}
}
}
\ No newline at end of file
......@@ -14,11 +14,9 @@
package org.opengroup.osdu.ibm.entitlements;
import javax.validation.ValidationException;
import javassist.NotFoundException;
import org.opengroup.osdu.core.common.logging.JaxRsDpsLog;
import org.opengroup.osdu.core.common.model.http.AppException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.Ordered;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpStatus;
......@@ -28,14 +26,16 @@ import org.springframework.web.bind.annotation.ControllerAdvice;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.servlet.mvc.method.annotation.ResponseEntityExceptionHandler;
import javassist.NotFoundException;
import javax.inject.Inject;
import javax.validation.ValidationException;
@Order(Ordered.HIGHEST_PRECEDENCE)
@ControllerAdvice
public class GlobalExceptionMapper extends ResponseEntityExceptionHandler {
private final Logger logger = LoggerFactory.getLogger(GlobalExceptionMapper.class);
@Inject
private JaxRsDpsLog logger;
@ExceptionHandler(AppException.class)
protected ResponseEntity<Object> handleAppException(AppException e) {
return this.getErrorResponse(e);
......@@ -43,12 +43,8 @@ public class GlobalExceptionMapper extends ResponseEntityExceptionHandler {
@ExceptionHandler(ValidationException.class)
protected ResponseEntity<Object> handleValidationException(ValidationException e) {
if (e.getMessage().endsWith("Unauthorized"))
return this.getErrorResponse(
new AppException(HttpStatus.FORBIDDEN.value(), "Access denied", e.getMessage(), e));
else
return this.getErrorResponse(
new AppException(HttpStatus.BAD_REQUEST.value(), "Validation error.", e.getMessage(), e));
return this.getErrorResponse(
new AppException(HttpStatus.BAD_REQUEST.value(), "Validation error.", e.getMessage(), e));
}
@ExceptionHandler(NotFoundException.class)
......@@ -65,7 +61,6 @@ public class GlobalExceptionMapper extends ResponseEntityExceptionHandler {
@ExceptionHandler(Exception.class)
protected ResponseEntity<Object> handleGeneralException(Exception e) {
//e.printStackTrace();
return this.getErrorResponse(
new AppException(HttpStatus.INTERNAL_SERVER_ERROR.value(), "Server error.",
"An unknown error has occurred.", e));
......@@ -78,11 +73,11 @@ public class GlobalExceptionMapper extends ResponseEntityExceptionHandler {
: e.getError().getMessage();
if (e.getError().getCode() > 499) {
this.logger.error(exceptionMsg, e.getOriginalException());
this.logger.error(exceptionMsg, e);
} else {
this.logger.warn(exceptionMsg, e.getOriginalException());
this.logger.warning(exceptionMsg, e);
}
return new ResponseEntity<Object>(e.getError(), HttpStatus.resolve(e.getError().getCode()));
}
}
}
\ No newline at end of file
......@@ -16,8 +16,7 @@ package org.opengroup.osdu.ibm.entitlements.api;
import javax.annotation.security.RolesAllowed;
import javax.inject.Inject;
import javax.validation.Valid;
import javax.validation.constraints.NotEmpty;
import javax.ws.rs.NotFoundException;
import org.opengroup.osdu.core.common.model.entitlements.CreateGroup;
import org.opengroup.osdu.core.common.model.entitlements.GetMembers;
......@@ -26,6 +25,7 @@ import org.opengroup.osdu.core.common.model.entitlements.GroupInfo;
import org.opengroup.osdu.core.common.model.entitlements.Groups;
import org.opengroup.osdu.core.common.model.entitlements.MemberInfo;
import org.opengroup.osdu.core.common.model.entitlements.Members;
import org.opengroup.osdu.ibm.entitlements.model.EntitlementsRole;
import org.opengroup.osdu.ibm.entitlements.service.EntitlementsIBM;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
......@@ -55,37 +55,48 @@ public class EntitlementsApi {
}
@PostMapping("/groups")
@RolesAllowed("ROLE_service.entitlements.admin")
public ResponseEntity<GroupInfo> postGroup(@RequestBody @Valid @NotEmpty CreateGroup newGroup) {
@RolesAllowed(EntitlementsRole.ROLE_ADMIN)
public ResponseEntity<GroupInfo> postGroup(@RequestBody CreateGroup newGroup) {
GroupInfo groupInfo = entitlementsIBM.createGroup(newGroup);
return new ResponseEntity<GroupInfo>(groupInfo, HttpStatus.CREATED);
return new ResponseEntity<GroupInfo>(groupInfo, HttpStatus.OK);
}
@GetMapping("/groups/{groupEmail}/members")
@RolesAllowed("ROLE_service.entitlements.viewer")
@RolesAllowed(EntitlementsRole.ROLE_VIEWER)
public ResponseEntity<Members> getMembers(
@PathVariable("groupEmail") GroupEmail groupEmail,
@RequestBody @Valid @NotEmpty GetMembers getMembers) {
Members members = entitlementsIBM.getMembers(groupEmail, getMembers);
return new ResponseEntity<Members>(members, HttpStatus.OK);
@RequestBody GetMembers getMembers) {
return new ResponseEntity<Members>(entitlementsIBM.getMembers(groupEmail, getMembers), HttpStatus.OK);
}
@PostMapping("/groups/{groupEmail}/members")
@RolesAllowed("ROLE_service.entitlements.admin")
@RolesAllowed(EntitlementsRole.ROLE_ADMIN)
public ResponseEntity<MemberInfo> postMembers(
@PathVariable("groupEmail") GroupEmail groupEmail,
@RequestBody @Valid @NotEmpty MemberInfo memberInfo) {
MemberInfo addedMemberInfo = entitlementsIBM.addMember(groupEmail, memberInfo);
return new ResponseEntity<MemberInfo>(addedMemberInfo, HttpStatus.CREATED);
@RequestBody MemberInfo memberInfo) {
try {
return new ResponseEntity<MemberInfo>(entitlementsIBM.addMember(groupEmail, memberInfo), HttpStatus.OK);
} catch (NotFoundException e) {
if(entitlementsIBM.createUser(memberInfo)) {
return new ResponseEntity<MemberInfo>(entitlementsIBM.addMember(groupEmail, memberInfo), HttpStatus.OK);
}
}
return new ResponseEntity<MemberInfo>(memberInfo,HttpStatus.BAD_REQUEST);
}
@DeleteMapping("/groups/{groupEmail}/members/{memberEmail}")
@RolesAllowed("ROLE_service.entitlements.admin")
@RolesAllowed(EntitlementsRole.ROLE_ADMIN)
public ResponseEntity<Void> deleteMember(
@PathVariable("groupEmail") String groupEmail,
@PathVariable("memberEmail") String memberEmail) {
entitlementsIBM.deleteMember(groupEmail, memberEmail);
return new ResponseEntity<Void>(HttpStatus.NO_CONTENT);
}
}
......@@ -20,7 +20,6 @@ import org.opengroup.osdu.core.common.model.http.DpsHeaders;
import org.opengroup.osdu.core.common.model.tenant.TenantInfo;
import org.opengroup.osdu.core.common.provider.interfaces.ITenantFactory;
import org.springframework.beans.factory.FactoryBean;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Scope;
import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.stereotype.Component;
......@@ -33,7 +32,6 @@ public class TenantInfoProvider implements FactoryBean<TenantInfo> {
private ITenantFactory tenantFactory;
@Inject
@Qualifier("HeaderFactoryIBM")
private DpsHeaders headers;
@Override
......
......@@ -15,13 +15,15 @@
package org.opengroup.osdu.ibm.entitlements.model;
public class EntitlementsRole {
private EntitlementsRole() { }
public static final String PREFIX = "ROLE_";
public static final String ADMIN = "service.entitlements.admin";
public static final String ADMIN = "service.entitlements.admin";
public static final String VIEWER = "service.entitlements.viewer";
public static final String ROLE_ADMIN = PREFIX + ADMIN;
public static final String ROLE_ADMIN = PREFIX + ADMIN;
public static final String ROLE_VIEWER = PREFIX + VIEWER;
}
......@@ -17,25 +17,25 @@ package org.opengroup.osdu.ibm.entitlements.security;
import javax.validation.ConstraintValidator;
import javax.validation.ConstraintValidatorContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.opengroup.osdu.core.common.logging.JaxRsDpsLog;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
public class AppKeyValidator implements ConstraintValidator<ValidAppKey, String> {
private final Logger logger = LoggerFactory.getLogger(AppKeyValidator.class);
@Autowired
private JaxRsDpsLog logger;
@Value("${APP_KEY}")
private String APP_KEY;
@Override
public void initialize(ValidAppKey constraintAnnotation) {
logger.debug("APP_KEY: " + APP_KEY);
logger.info("APP_KEY: " + APP_KEY);
}
@Override
public boolean isValid(String apiKey, ConstraintValidatorContext context) {
logger.debug("isValid: " + apiKey + " = " + APP_KEY);
return apiKey.equals(APP_KEY);
}
}
......@@ -4,14 +4,11 @@ import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import javax.inject.Inject;
import org.keycloak.adapters.springsecurity.account.KeycloakRole;
import org.keycloak.adapters.springsecurity.token.KeycloakAuthenticationToken;
import org.opengroup.osdu.ibm.entitlements.service.EntitlementsIBM;
import org.opengroup.osdu.core.common.logging.JaxRsDpsLog;
import org.opengroup.osdu.ibm.entitlements.service.KeycloakQuery;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
......@@ -19,17 +16,18 @@ import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
public class EntitlementsAuthenticationProvider implements AuthenticationProvider {
private final Logger logger = LoggerFactory.getLogger(EntitlementsAuthenticationProvider.class);
@Autowired
private JaxRsDpsLog logger;
private GrantedAuthoritiesMapper grantedAuthoritiesMapper;
public void setGrantedAuthoritiesMapper(GrantedAuthoritiesMapper grantedAuthoritiesMapper) {
this.grantedAuthoritiesMapper = grantedAuthoritiesMapper;
}
private KeycloakQuery query;
public void setQuery(KeycloakQuery query) {
this.query = query;
}
......@@ -41,7 +39,15 @@ public class EntitlementsAuthenticationProvider implements AuthenticationProvide
for (String role : token.getAccount().getRoles()) {
grantedAuthorities.add(new KeycloakRole(role));
}
if (!token.getAccount().getRoles().contains("service.entitlements.viewer")) {
logger.info("User token does not contain required roles, calling keycloak to look for additional roles");
for (String role : query.getRolesForAuth(authentication)) {
logger.info("Adding role {}", role);
grantedAuthorities.add(new KeycloakRole(role));
}
}
return new KeycloakAuthenticationToken(token.getAccount(), token.isInteractive(), mapAuthorities(grantedAuthorities));
}