Author: [email protected]
Date: Tue Aug 16 14:09:54 2011
New Revision: 1326
Log:
[AMDATUOPENSOCIAL-88] Implemented enabling/disabling the add and remove
buttons, depending on authorization check (for now checking on role
"Administrator")
Modified:
trunk/amdatu-opensocial/opensocial-dashboard/src/main/resources/static/html/templates.html
trunk/amdatu-opensocial/opensocial-gadgetmanagement/pom.xml
trunk/amdatu-opensocial/opensocial-gadgetmanagement/src/main/java/org/amdatu/opensocial/gadgetmanagement/service/GadgetManagementRESTServiceImpl.java
Modified:
trunk/amdatu-opensocial/opensocial-dashboard/src/main/resources/static/html/templates.html
==============================================================================
---
trunk/amdatu-opensocial/opensocial-dashboard/src/main/resources/static/html/templates.html
(original)
+++
trunk/amdatu-opensocial/opensocial-dashboard/src/main/resources/static/html/templates.html
Tue Aug 16 14:09:54 2011
@@ -60,16 +60,23 @@
<input class="macro-button-add addwidget" id="addwidget<%= id %>"
value="Add to dashboard" type="button"><br>
<input class="macro-hidden-uri" value="<%= url %>" type="hidden">
</div>
+
+ <% if(mgmtAuthorization) { %>
<div class="remove-button">
<input class="macro-button-remove removegadget" id="removegadget<%= id
%>" value="Remove from store" type="button">
<input class="macro-hidden-uri" value="<%= url %>" type="hidden">
</div>
-
+ <% } %>
<br clear="all"/>
<br/><hr/>
</li>
-
+ <%
+ if(mgmtAuthorization) {
+ document.getElementById("addtostorediv").style.visibility = "";
+ document.getElementById("addtostorediv").style.display = "";
+ }
+ %>
</script>
<div class="dialog" id="addwidgetdialog" title="Gadget repository"
style="width:1000px">
@@ -80,8 +87,10 @@
<b>Add custom gadget</b>
<div class="new-button">
URI:<input class="macro-hidden-uri" id="newgadgeturi" type="edit"
size="65">
- <input class="macro-button-add newgadget" id="newgadget" value="Add"
type="button"><br/>
- <input type="checkbox" type="button" id="addtostore">Add to store
+ <input class="macro-button-add newgadget" id="newgadget" value="Add"
type="button" visibility="false"><br/>
+ <div id="addtostorediv" style="display:none;visibility:hidden">
+ <input type="checkbox" type="button" id="addtostore">Add to store
+ </div>
<br/><hr/><br/>
</div>
<ol id="category-all" class="widgets">
Modified: trunk/amdatu-opensocial/opensocial-gadgetmanagement/pom.xml
==============================================================================
--- trunk/amdatu-opensocial/opensocial-gadgetmanagement/pom.xml (original)
+++ trunk/amdatu-opensocial/opensocial-gadgetmanagement/pom.xml Tue Aug 16
14:09:54 2011
@@ -40,6 +40,12 @@
</dependency>
<dependency>
+ <groupId>org.amdatu.auth</groupId>
+ <artifactId>org.amdatu.auth.tokenprovider</artifactId>
+ <type>bundle</type>
+ </dependency>
+
+ <dependency>
<groupId>org.amdatu.libraries</groupId>
<artifactId>org.amdatu.libraries.utilities</artifactId>
<scope>compile</scope>
Modified:
trunk/amdatu-opensocial/opensocial-gadgetmanagement/src/main/java/org/amdatu/opensocial/gadgetmanagement/service/GadgetManagementRESTServiceImpl.java
==============================================================================
---
trunk/amdatu-opensocial/opensocial-gadgetmanagement/src/main/java/org/amdatu/opensocial/gadgetmanagement/service/GadgetManagementRESTServiceImpl.java
(original)
+++
trunk/amdatu-opensocial/opensocial-gadgetmanagement/src/main/java/org/amdatu/opensocial/gadgetmanagement/service/GadgetManagementRESTServiceImpl.java
Tue Aug 16 14:09:54 2011
@@ -36,6 +36,9 @@
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
+import org.amdatu.auth.tokenprovider.InvalidTokenException;
+import org.amdatu.auth.tokenprovider.TokenProvider;
+import org.amdatu.auth.tokenprovider.TokenProviderException;
import org.amdatu.core.tenant.Tenant;
import org.amdatu.opensocial.gadgetmanagement.GadgetCategory;
import org.amdatu.opensocial.gadgetmanagement.GadgetDefinition;
@@ -54,6 +57,11 @@
@Path("gadgetstore")
public class GadgetManagementRESTServiceImpl implements RESTService {
+ // FIXME: Temporary fix for AMDATUAUTH-49. Until a generic approach has
been defined
+ // to handle authorization of REST services, we verify that the current
user is in the
+ // role "Administrator"
+ private static final String DEFAULT_ADMIN_GROUP = "Administrators";
+
// HTTP caching for this REST interface
private static CacheControl NO_CACHE_CONTROL;
static {
@@ -81,6 +89,7 @@
private volatile GadgetManagement m_gadgetManagement;
private volatile OpenSocialContainer m_openSocialContainer;
private volatile UserAdmin m_userAdmin;
+ private volatile TokenProvider m_tokenProvider;
public void init() {
// Create tenant specific dependencies with UserAdmin and
OpenSocialContainer
@@ -94,6 +103,9 @@
m_component.add(m_dependencyManager.createServiceDependency()
.setService(UserAdmin.class,
tenantFilter).setRequired(true).setInstanceBound(true));
+
+ m_component.add(m_dependencyManager.createServiceDependency()
+ .setService(TokenProvider.class,
tenantFilter).setRequired(true).setInstanceBound(true));
m_logService.log(LogService.LOG_INFO, getClass().getName() + " service
initialized");
}
@@ -228,9 +240,19 @@
public Response removeGadget(@Context final HttpHeaders headers, @Context
final HttpServletRequest request,
@QueryParam("uri") final String uri) {
try {
+ if (!isAuthorized(request)) {
+ return
Response.status(Response.Status.UNAUTHORIZED).cacheControl(NO_CACHE_CONTROL).build();
+ }
GadgetDefinition removeGadget = null;
for (GadgetDefinition gadget : m_gadgetManagement.getGadgets()) {
- if (gadget.getUrl().equals(uri)) {
+ // The gadget URI might internally be stored as relative URI
+ if (gadget.getUrl().startsWith("/")) {
+ // Relative URI
+ if (uri.endsWith(gadget.getUrl())) {
+ removeGadget = gadget;
+ }
+ } else if (gadget.getUrl().equals(uri)) {
+ // Absolute URI
removeGadget = gadget;
}
}
@@ -246,9 +268,30 @@
throw new WebApplicationException(e,
Response.Status.INTERNAL_SERVER_ERROR);
}
}
+
+ /**
+ * Perform an authorization check, invoked from a REST client.
+ * /rest/gadgetstore/authorized
+ *
+ * @return true or false.
+ */
+ @GET
+ @Path("authorized")
+ public Response checkAuthorized(@Context final HttpServletRequest request)
{
+ try {
+ if (!isAuthorized(request)) {
+ return
Response.status(Response.Status.UNAUTHORIZED).cacheControl(NO_CACHE_CONTROL).build();
+ } else {
+ return
Response.status(Response.Status.OK).cacheControl(NO_CACHE_CONTROL).build();
+ }
+ }
+ catch (Exception e) {
+ throw new WebApplicationException(e,
Response.Status.INTERNAL_SERVER_ERROR);
+ }
+ }
/**
- * Returns gadgets available in the gadget store. URL to this resource:
+ * Adds a gadget to the gadget store. URL to this resource:
* /rest/gadgetstore/gadgets
*
* @return All available gadgets.
@@ -259,6 +302,9 @@
public Response addGadget(@Context final HttpHeaders headers, @Context
final HttpServletRequest request,
@QueryParam("uri") final String uri, @QueryParam("category") final
String categoryId) {
try {
+ if (!isAuthorized(request)) {
+ return
Response.status(Response.Status.UNAUTHORIZED).cacheControl(NO_CACHE_CONTROL).build();
+ }
if (uri == null || "".equals(uri) || categoryId == null ||
"".equals(categoryId)) {
return
Response.status(Response.Status.BAD_REQUEST).cacheControl(NO_CACHE_CONTROL).build();
}
@@ -443,6 +489,7 @@
gadget.put("id", gadgetUrl);
gadget.put("url", "");
+ gadget.put("mgmtAuthorization", isAuthorized(request));
gadget.put("metadata", new JSONObject().put("gadgeturl",
gadgetUrl));
return gadget;
@@ -452,6 +499,7 @@
gadget.put("id", gadgetUrl);
gadget.put("title", "<i><Broken gadget></i>");
gadget.put("url", "");
+ gadget.put("mgmtAuthorization", isAuthorized(request));
// FIXME: the /gadgets alias refers to another bundle; Shindig
gadget.put("screenshot", request.getContextPath() +
"/gadgets/static/images/brokengadget.png");
gadget.put("description", "<i>The gadget XML cannot be
retrieved</i>");
@@ -475,4 +523,36 @@
gadget.put("id", gadgetId);
}
}
+
+ private boolean isAuthorized(final HttpServletRequest request) {
+ try {
+ User user = getCurrentUser(request);
+ if (user != null &&
m_userAdmin.getAuthorization(user).hasRole(DEFAULT_ADMIN_GROUP)) {
+ return true;
+ }
+ }
+ catch (TokenProviderException e) {
+ }
+ catch (InvalidTokenException e) {
+ }
+ return false;
+ }
+
+ private User getCurrentUser(final HttpServletRequest request) throws
TokenProviderException, InvalidTokenException {
+ String token = m_tokenProvider.getTokenFromRequest(request);
+ if (token != null) {
+ // Now decrypt to get the username and signature
+ Map<String, String> attributes =
m_tokenProvider.verifyToken(token);
+ if (attributes != null) {
+ String username = attributes.get(TokenProvider.USERNAME);
+ Role userRole = m_userAdmin.getRole(username);
+ if (userRole != null && userRole.getType() == Role.USER) {
+ User user = (User) userRole;
+ return user;
+ }
+ }
+ }
+
+ return null;
+ }
}
_______________________________________________
Amdatu-commits mailing list
[email protected]
http://lists.amdatu.org/mailman/listinfo/amdatu-commits
