Skip to content

Commit

Permalink
merge
Browse files Browse the repository at this point in the history
  • Loading branch information
@rmathis
rmathis committed Jan 23, 2019
2 parents c4043ea + 8d7d375 commit bcbb57b
Show file tree
Hide file tree
Showing 30 changed files with 590 additions and 115 deletions.
12 changes: 6 additions & 6 deletions ...end/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/configuration/DevConfig.groovy
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,12 +71,12 @@ class DevConfig {
emailAddress = 'peter@institution.edu'
roles.add(roleRepository.findByName('ROLE_USER').get())
it
}, new User().with {
username = 'admin2'
password = '{noop}anotheradmin'
firstName = 'Rand'
lastName = 'al\'Thor'
emailAddress = 'rand@institution.edu'
}, new User().with { // allow us to auto-login as an admin
username = 'anonymousUser'
password = '{noop}anonymous'
firstName = 'Anon'
lastName = 'Ymous'
emailAddress = 'anon@institution.edu'
roles.add(roleRepository.findByName('ROLE_ADMIN').get())
it
}]
Expand Down
1 change: 1 addition & 0 deletions ...nternet2/tier/shibboleth/admin/ui/controller/MetadataSourcesUiDefinitionController.groovy
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ class MetadataSourcesUiDefinitionController {
ResponseEntity<?> getUiDefinitionJsonSchema() {
try {
def parsedJson = jacksonObjectMapper.readValue(this.jsonSchemaLocation.url, Map)
jsonSchemaBuilderService.hideServiceEnabledFromNonAdmins(parsedJson)
jsonSchemaBuilderService.addReleaseAttributesToJson(parsedJson['properties']['attributeRelease']['widget'])
jsonSchemaBuilderService.addRelyingPartyOverridesToJson(parsedJson['properties']['relyingPartyOverrides'])
jsonSchemaBuilderService.addRelyingPartyOverridesCollectionDefinitionsToJson(parsedJson["definitions"])
Expand Down
19 changes: 19 additions & 0 deletions ...ain/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JsonSchemaBuilderService.groovy
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
package edu.internet2.tier.shibboleth.admin.ui.service

import edu.internet2.tier.shibboleth.admin.ui.configuration.CustomPropertiesConfiguration
import edu.internet2.tier.shibboleth.admin.ui.security.model.User
import edu.internet2.tier.shibboleth.admin.ui.security.service.UserService
import org.springframework.beans.factory.annotation.Autowired

/**
Expand All @@ -11,6 +13,12 @@ class JsonSchemaBuilderService {
@Autowired
CustomPropertiesConfiguration customPropertiesConfiguration

UserService userService

JsonSchemaBuilderService(UserService userService) {
this.userService = userService
}

void addReleaseAttributesToJson(Object json) {
json['data'] = customPropertiesConfiguration.getAttributes().collect {
[key: it['name'], label: it['displayName']]
Expand Down Expand Up @@ -62,4 +70,15 @@ class JsonSchemaBuilderService {
json[(String) it['name']] = definition
}
}

void hideServiceEnabledFromNonAdmins(Map json) {
User currentUser = userService.getCurrentUser()
if (currentUser != null && currentUser.role != 'ROLE_ADMIN') {
// user isn't an admin, so hide 'ServiceEnabled'
Map<String, String> serviceEnabled = (HashMap) json['properties']['serviceEnabled']
serviceEnabled['widget'] = 'hidden'
serviceEnabled.remove('title')
serviceEnabled.remove('description')
}
}
}
11 changes: 6 additions & 5 deletions ...in/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CoreShibUiConfiguration.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,8 @@
import edu.internet2.tier.shibboleth.admin.ui.scheduled.EntityDescriptorFilesScheduledTasks;
import edu.internet2.tier.shibboleth.admin.ui.scheduled.MetadataProvidersScheduledTasks;
import edu.internet2.tier.shibboleth.admin.ui.security.repository.RoleRepository;
import edu.internet2.tier.shibboleth.admin.ui.security.service.UserRoleService;
import edu.internet2.tier.shibboleth.admin.ui.security.repository.UserRepository;
import edu.internet2.tier.shibboleth.admin.ui.security.service.UserService;
import edu.internet2.tier.shibboleth.admin.ui.service.DefaultMetadataResolversPositionOrderContainerService;
import edu.internet2.tier.shibboleth.admin.ui.service.DirectoryService;
import edu.internet2.tier.shibboleth.admin.ui.service.DirectoryServiceImpl;
Expand Down Expand Up @@ -64,8 +65,8 @@ public EntityService jpaEntityService() {
}

@Bean
public EntityDescriptorService jpaEntityDescriptorService() {
return new JPAEntityDescriptorServiceImpl(openSamlObjects(), jpaEntityService());
public EntityDescriptorService jpaEntityDescriptorService(UserService userService) {
return new JPAEntityDescriptorServiceImpl(openSamlObjects(), jpaEntityService(), userService);
}

@Bean
Expand Down Expand Up @@ -198,7 +199,7 @@ public ModelRepresentationConversions modelRepresentationConversions() {
}

@Bean
public UserRoleService userRoleService(RoleRepository roleRepository) {
return new UserRoleService(roleRepository);
public UserService userService(RoleRepository roleRepository, UserRepository userRepository) {
return new UserService(roleRepository, userRepository);
}
}
10 changes: 8 additions & 2 deletions ...u/internet2/tier/shibboleth/admin/ui/configuration/JsonSchemaComponentsConfiguration.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,11 @@

import com.fasterxml.jackson.databind.ObjectMapper;
import edu.internet2.tier.shibboleth.admin.ui.jsonschema.JsonSchemaResourceLocationRegistry;
import edu.internet2.tier.shibboleth.admin.ui.security.repository.UserRepository;
import edu.internet2.tier.shibboleth.admin.ui.security.service.UserService;
import edu.internet2.tier.shibboleth.admin.ui.service.JsonSchemaBuilderService;
import lombok.Setter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
Expand Down Expand Up @@ -54,6 +57,9 @@ public class JsonSchemaComponentsConfiguration {
@Setter
private String nameIdFormatFilterUiSchemaLocation = "classpath:nameid-filter.schema.json";

@Autowired
UserRepository userRepository;

@Bean
public JsonSchemaResourceLocationRegistry jsonSchemaResourceLocationRegistry(ResourceLoader resourceLoader, ObjectMapper jacksonMapper) {
return JsonSchemaResourceLocationRegistry.inMemory()
Expand Down Expand Up @@ -96,7 +102,7 @@ public JsonSchemaResourceLocationRegistry jsonSchemaResourceLocationRegistry(Res
}

@Bean
public JsonSchemaBuilderService jsonSchemaBuilderService() {
return new JsonSchemaBuilderService();
public JsonSchemaBuilderService jsonSchemaBuilderService(UserService userService) {
return new JsonSchemaBuilderService(userService);
}
}
98 changes: 72 additions & 26 deletions ...in/java/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorController.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,10 @@
import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.EntityDescriptorRepresentation;
import edu.internet2.tier.shibboleth.admin.ui.opensaml.OpenSamlObjects;
import edu.internet2.tier.shibboleth.admin.ui.repository.EntityDescriptorRepository;
import edu.internet2.tier.shibboleth.admin.ui.security.model.User;
import edu.internet2.tier.shibboleth.admin.ui.security.repository.RoleRepository;
import edu.internet2.tier.shibboleth.admin.ui.security.repository.UserRepository;
import edu.internet2.tier.shibboleth.admin.ui.security.service.UserService;
import edu.internet2.tier.shibboleth.admin.ui.service.EntityDescriptorService;
import org.opensaml.core.xml.io.MarshallingException;
import org.slf4j.Logger;
Expand Down Expand Up @@ -45,10 +49,22 @@ public class EntityDescriptorController {
@Autowired
RestTemplateBuilder restTemplateBuilder;

private UserRepository userRepository;

private RoleRepository roleRepository;

private UserService userService;

private RestTemplate restTemplate;

private static Logger LOGGER = LoggerFactory.getLogger(EntityDescriptorController.class);

public EntityDescriptorController(UserRepository userRepository, RoleRepository roleRepository, UserService userService) {
this.userRepository = userRepository;
this.roleRepository = roleRepository;
this.userService = userService;
}

@PostConstruct
public void initRestTemplate() {
this.restTemplate = restTemplateBuilder.build();
Expand Down Expand Up @@ -92,56 +108,85 @@ public ResponseEntity<?> upload(@RequestParam String metadataUrl, @RequestParam

@PutMapping("/EntityDescriptor/{resourceId}")
public ResponseEntity<?> update(@RequestBody EntityDescriptorRepresentation edRepresentation, @PathVariable String resourceId) {
User currentUser = userService.getCurrentUser();
EntityDescriptor existingEd = entityDescriptorRepository.findByResourceId(resourceId);
if (existingEd == null) {
return ResponseEntity.notFound().build();
} else {
if (currentUser.getRole().equals("ROLE_ADMIN") || currentUser.getUsername().equals(existingEd.getCreatedBy())) {
// Verify we're the only one attempting to update the EntityDescriptor
if (edRepresentation.getVersion() != existingEd.hashCode()) {
return new ResponseEntity<Void>(HttpStatus.CONFLICT);
}

EntityDescriptor updatedEd =
EntityDescriptor.class.cast(entityDescriptorService.createDescriptorFromRepresentation(edRepresentation));

updatedEd.setAudId(existingEd.getAudId());
updatedEd.setResourceId(existingEd.getResourceId());
updatedEd.setCreatedDate(existingEd.getCreatedDate());

updatedEd = entityDescriptorRepository.save(updatedEd);

return ResponseEntity.ok().body(entityDescriptorService.createRepresentationFromDescriptor(updatedEd));
} else {
return ResponseEntity.status(HttpStatus.FORBIDDEN).body(new ErrorResponse(HttpStatus.FORBIDDEN,
"You are not authorized to perform the requested operation."));
}
}

// Verify we're the only one attempting to update the EntityDescriptor
if (edRepresentation.getVersion() != existingEd.hashCode()) {
return new ResponseEntity<Void>(HttpStatus.CONFLICT);
}

EntityDescriptor updatedEd =
EntityDescriptor.class.cast(entityDescriptorService.createDescriptorFromRepresentation(edRepresentation));

updatedEd.setAudId(existingEd.getAudId());
updatedEd.setResourceId(existingEd.getResourceId());
updatedEd.setCreatedDate(existingEd.getCreatedDate());

updatedEd = entityDescriptorRepository.save(updatedEd);

return ResponseEntity.ok().body(entityDescriptorService.createRepresentationFromDescriptor(updatedEd));
}

@GetMapping("/EntityDescriptors")
@Transactional(readOnly = true)
public Iterable<EntityDescriptorRepresentation> getAll() {
return entityDescriptorRepository.findAllByCustomQueryAndStream()
.map(ed -> entityDescriptorService.createRepresentationFromDescriptor(ed))
.collect(Collectors.toList());
public ResponseEntity<?> getAll() {
User currentUser = userService.getCurrentUser();
if (currentUser != null) {
if (currentUser.getRole().equals("ROLE_ADMIN")) {
return ResponseEntity.ok(entityDescriptorRepository.findAllByCustomQueryAndStream()
.map(ed -> entityDescriptorService.createRepresentationFromDescriptor(ed))
.collect(Collectors.toList()));
} else {
return ResponseEntity.ok(entityDescriptorRepository.findAllByCreatedBy(currentUser.getUsername())
.map(ed -> entityDescriptorService.createRepresentationFromDescriptor(ed))
.collect(Collectors.toList()));
}
} else {
return ResponseEntity.status(HttpStatus.FORBIDDEN).body(new ErrorResponse(HttpStatus.FORBIDDEN,
"You are not authorized to perform the requested operation."));
}
}

@GetMapping("/EntityDescriptor/{resourceId}")
public ResponseEntity<?> getOne(@PathVariable String resourceId) {
User currentUser = userService.getCurrentUser();
EntityDescriptor ed = entityDescriptorRepository.findByResourceId(resourceId);
if (ed == null) {
return ResponseEntity.notFound().build();
} else {
if (currentUser != null && (currentUser.getRole().equals("ROLE_ADMIN") || currentUser.getUsername().equals(ed.getCreatedBy()))) {
EntityDescriptorRepresentation edr = entityDescriptorService.createRepresentationFromDescriptor(ed);
return ResponseEntity.ok(edr);
} else {
return ResponseEntity.status(HttpStatus.FORBIDDEN).body(new ErrorResponse(HttpStatus.FORBIDDEN,
"You are not authorized to perform the requested operation."));
}
}
EntityDescriptorRepresentation edr = entityDescriptorService.createRepresentationFromDescriptor(ed);

return ResponseEntity.ok(edr);
}

@GetMapping(value = "/EntityDescriptor/{resourceId}", produces = "application/xml")
public ResponseEntity<?> getOneXml(@PathVariable String resourceId) throws MarshallingException {
User currentUser = userService.getCurrentUser();
EntityDescriptor ed = entityDescriptorRepository.findByResourceId(resourceId);
if (ed == null) {
return ResponseEntity.notFound().build();
} else {
if (currentUser != null && (currentUser.getRole().equals("ROLE_ADMIN") || currentUser.getUsername().equals(ed.getCreatedBy()))) {
final String xml = this.openSamlObjects.marshalToXmlString(ed);
return ResponseEntity.ok(xml);
} else {
return ResponseEntity.status(HttpStatus.FORBIDDEN).build();
}
}
final String xml = this.openSamlObjects.marshalToXmlString(ed);

return ResponseEntity.ok(xml);
}

private static URI getResourceUriFor(EntityDescriptor ed) {
Expand Down Expand Up @@ -179,4 +224,5 @@ private ResponseEntity<?> handleUploadingEntityDescriptorXml(byte[] rawXmlBytes,
return ResponseEntity.created(getResourceUriFor(persistedEd))
.body(entityDescriptorService.createRepresentationFromDescriptor(persistedEd));
}

}
6 changes: 6 additions & 0 deletions backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ErrorResponse.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
import lombok.Getter;
import lombok.Setter;
import lombok.ToString;
import org.springframework.http.HttpStatus;

/**
* @author Bill Smith (wsmith@unicon.net)
Expand All @@ -15,4 +16,9 @@
public class ErrorResponse {
private String errorCode;
private String errorMessage;

public ErrorResponse(HttpStatus httpStatus, String errorMessage) {
this.errorCode = String.valueOf(httpStatus.value());
this.errorMessage = errorMessage;
}
}
15 changes: 12 additions & 3 deletions ...du/internet2/tier/shibboleth/admin/ui/domain/frontend/EntityDescriptorRepresentation.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,6 @@

public class EntityDescriptorRepresentation implements Serializable {


private int version;

public EntityDescriptorRepresentation() {
}

Expand Down Expand Up @@ -63,6 +60,10 @@ public EntityDescriptorRepresentation(String id,

private List<String> attributeRelease;

private int version;

private String createdBy;

public String getId() {
return id;
}
Expand Down Expand Up @@ -204,4 +205,12 @@ public int getVersion() {
public void setVersion(int version) {
this.version = version;
}

public String getCreatedBy() {
return createdBy;
}

public void setCreatedBy(String createdBy) {
this.createdBy = createdBy;
}
}
1 change: 1 addition & 0 deletions ...in/java/edu/internet2/tier/shibboleth/admin/ui/repository/EntityDescriptorRepository.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,4 +21,5 @@ public interface EntityDescriptorRepository extends CrudRepository<EntityDescrip
@Query("select e from EntityDescriptor e")
Stream<EntityDescriptor> findAllByCustomQueryAndStream();

Stream<EntityDescriptor> findAllByCreatedBy(String createdBy);
}
23 changes: 17 additions & 6 deletions ...main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/UsersController.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
import edu.internet2.tier.shibboleth.admin.ui.security.model.User;
import edu.internet2.tier.shibboleth.admin.ui.security.repository.RoleRepository;
import edu.internet2.tier.shibboleth.admin.ui.security.repository.UserRepository;
import edu.internet2.tier.shibboleth.admin.ui.security.service.UserRoleService;
import edu.internet2.tier.shibboleth.admin.ui.security.service.UserService;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
Expand Down Expand Up @@ -40,12 +40,12 @@ public class UsersController {

private UserRepository userRepository;
private RoleRepository roleRepository;
private UserRoleService userRoleService;
private UserService userService;

public UsersController(UserRepository userRepository, RoleRepository roleRepository, UserRoleService userRoleService) {
public UsersController(UserRepository userRepository, RoleRepository roleRepository, UserService userService) {
this.userRepository = userRepository;
this.roleRepository = roleRepository;
this.userRoleService = userRoleService;
this.userService = userService;
}

@Transactional(readOnly = true)
Expand All @@ -54,6 +54,17 @@ public List<User> getAll() {
return userRepository.findAll();
}

@Transactional(readOnly = true)
@GetMapping("/current")
public ResponseEntity<?> getCurrentUser() {
User user = userService.getCurrentUser();
if (user != null) {
return ResponseEntity.ok(user);
} else {
return ResponseEntity.notFound().build();
}
}

@Transactional(readOnly = true)
@GetMapping("/{username}")
public ResponseEntity<?> getOne(@PathVariable String username) {
Expand All @@ -80,7 +91,7 @@ ResponseEntity<?> saveOne(@RequestBody User user) {
}
//TODO: modify this such that additional encoders can be used
user.setPassword(BCrypt.hashpw(user.getPassword(), BCrypt.gensalt()));
userRoleService.updateUserRole(user);
userService.updateUserRole(user);
User savedUser = userRepository.save(user);
return ResponseEntity.ok(savedUser);
}
Expand All @@ -103,7 +114,7 @@ ResponseEntity<?> updateOne(@PathVariable(value = "username") String username, @
}
if (StringUtils.isNotBlank(user.getRole())) {
persistedUser.setRole(user.getRole());
userRoleService.updateUserRole(persistedUser);
userService.updateUserRole(persistedUser);
}
User savedUser = userRepository.save(persistedUser);
return ResponseEntity.ok(savedUser);
Expand Down
Loading

0 comments on commit bcbb57b

Please sign in to comment.