[GitHub] [fineract] adamsaghy commented on a diff in pull request #2308: Filter for instances read, write, batch

GitBox Tue, 31 May 2022 12:41:35 -0700


adamsaghy commented on code in PR #2308:
URL: https://github.com/apache/fineract/pull/2308#discussion_r873772183



##########
fineract-provider/src/main/java/org/apache/fineract/infrastructure/core/config/FineractProperties.java:
##########
@@ -60,5 +60,25 @@ public static class FineractModeProperties {
         public boolean isReadOnlyMode() {
             return readEnabled && !writeEnabled && !batchEnabled;
         }
+
+        public boolean isWriteOnlyMode() {
+            return !readEnabled && writeEnabled && !batchEnabled;
+        }
+
+        public boolean isBatchOnlyMode() {
+            return !readEnabled && !writeEnabled && batchEnabled;
+        }
+
+        public boolean isReadInstance() {
+            return isReadOnlyMode() || readEnabled;

Review Comment:
   This logic is faulty. Just because  the "readEnabled" the instance might not 
be "read instance"...



##########
fineract-provider/src/main/java/org/apache/fineract/infrastructure/core/config/SecurityConfig.java:
##########
@@ -78,6 +85,7 @@ protected void configure(HttpSecurity http) throws Exception {
                 .sessionCreationPolicy(SessionCreationPolicy.STATELESS) //
                 .and() //
                 .addFilterAfter(tenantAwareBasicAuthenticationFilter(), 
SecurityContextPersistenceFilter.class) //
+                .addFilterAfter(fineractInstanceModeApiFilter, 
TenantAwareBasicAuthenticationFilter.class) //

Review Comment:
   Please reorder the filter. Right now the "instance mode filter" is between 
the basic auth and twofactor auth which logically is incorrect. Either it is 
before all authentication or after...



##########
fineract-provider/src/main/java/org/apache/fineract/infrastructure/core/data/ApiGlobalErrorResponse.java:
##########
@@ -187,7 +204,7 @@ public static ApiGlobalErrorResponse 
serviceUnavailable(final String globalisati
     }
 
     protected ApiGlobalErrorResponse() {
-        //
+        timestamp = new Date();

Review Comment:
   This is wrong. You must provide proper timezone (in this case tenant 
timezone) or it will use the system timezone which is not the wanted behaviour.



##########
fineract-provider/src/main/java/org/apache/fineract/infrastructure/core/data/ApiGlobalErrorResponse.java:
##########
@@ -18,15 +18,22 @@
  */
 package org.apache.fineract.infrastructure.core.data;
 
+import com.fasterxml.jackson.annotation.JsonFormat;
 import com.fasterxml.jackson.annotation.JsonProperty;
+import com.google.gson.Gson;
 import java.util.ArrayList;
+import java.util.Date;
 import java.util.List;
+import javax.ws.rs.core.Response.Status;
 
 /**
  *
  */
 public class ApiGlobalErrorResponse {
 
+    @JsonFormat(shape = JsonFormat.Shape.STRING, pattern = "dd-MM-yyyy 
hh:mm:ss")
+    private Date timestamp;

Review Comment:
   It should be not Java util Date, rather  java.time.DateTime
   



##########
fineract-provider/src/main/java/org/apache/fineract/infrastructure/security/filter/FineractInstanceModeApiFilter.java:
##########
@@ -0,0 +1,65 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.fineract.infrastructure.security.filter;
+
+import java.io.IOException;
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.HttpMethod;
+import javax.ws.rs.ext.Provider;
+import org.apache.fineract.infrastructure.core.config.FineractProperties;
+import org.apache.fineract.infrastructure.core.data.ApiGlobalErrorResponse;
+import org.apache.http.HttpStatus;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+@Provider
+@Component
+public class FineractInstanceModeApiFilter extends OncePerRequestFilter {
+
+    @Autowired
+    private FineractProperties fineractProperties;
+
+    @Override
+    public void destroy() {
+
+    }
+
+    @Override
+    protected void doFilterInternal(final HttpServletRequest request, final 
HttpServletResponse response, final FilterChain filterChain)
+            throws ServletException, IOException {
+
+        if (fineractProperties.getMode().isReadInstance() && 
isReadMethod(request)) {

Review Comment:
   @josehernandezfintecheandomx The above use case is still not covered... 



##########
fineract-provider/src/main/java/org/apache/fineract/infrastructure/security/filter/FineractInstanceModeApiFilter.java:
##########
@@ -0,0 +1,65 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.fineract.infrastructure.security.filter;
+
+import java.io.IOException;
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.HttpMethod;
+import javax.ws.rs.ext.Provider;
+import org.apache.fineract.infrastructure.core.config.FineractProperties;
+import org.apache.fineract.infrastructure.core.data.ApiGlobalErrorResponse;
+import org.apache.http.HttpStatus;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+@Provider
+@Component
+public class FineractInstanceModeApiFilter extends OncePerRequestFilter {
+
+    @Autowired
+    private FineractProperties fineractProperties;
+
+    @Override
+    public void destroy() {
+
+    }
+
+    @Override
+    protected void doFilterInternal(final HttpServletRequest request, final 
HttpServletResponse response, final FilterChain filterChain)
+            throws ServletException, IOException {
+
+        if (fineractProperties.getMode().isReadInstance() && 
isReadMethod(request)) {

Review Comment:
   This filter logic is faulty. If the node is neither read instance, neither 
write instance, so it is batch instance, should still be able to accept API 
request, see: Run Job API



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

[GitHub] [fineract] adamsaghy commented on a diff in pull request #2308: Filter for instances read, write, batch

Reply via email to