This is an automated email from the git hooks/post-receive script. New commit to branch feature/7493 in repository observe. See http://git.codelutin.com/observe.git commit dae69741631bfc41af6896c8385fa244697d5507 Author: Tony CHEMIT <chemit@codelutin.com> Date: Wed Sep 2 02:28:34 2015 +0200 Ajout d'une option pour configurer l'adminApiKey qui autorise d'accéder à la configuration --- .../web/InvalidAdminKeyApiException.java | 21 +++++++++++++++++++++ .../application/web/ObserveWebMotionFilter.java | 13 +++++++++++-- .../ObserveWebApplicationConfiguration.java | 3 +++ .../ObserveWebApplicationConfigurationOption.java | 1 + .../web/controller/v1/ConfigurationController.java | 7 +++++++ .../web/request/ObserveWebRequestContext.java | 14 +++++++++++++- observe-application-web/src/main/resources/mapping | 2 +- 7 files changed, 57 insertions(+), 4 deletions(-) diff --git a/observe-application-web/src/main/java/fr/ird/observe/application/web/InvalidAdminKeyApiException.java b/observe-application-web/src/main/java/fr/ird/observe/application/web/InvalidAdminKeyApiException.java new file mode 100644 index 0000000..331ce44 --- /dev/null +++ b/observe-application-web/src/main/java/fr/ird/observe/application/web/InvalidAdminKeyApiException.java @@ -0,0 +1,21 @@ +package fr.ird.observe.application.web; + +/** + * Created on 02/09/15. + * + * @author Tony Chemit - chemit@codelutin.com + */ +public class InvalidAdminKeyApiException extends Exception { + + private static final long serialVersionUID = 1L; + + protected final String adminApiKey; + + public InvalidAdminKeyApiException(String adminApiKey) { + this.adminApiKey = adminApiKey; + } + + public String getAdminApiKey() { + return adminApiKey; + } +} diff --git a/observe-application-web/src/main/java/fr/ird/observe/application/web/ObserveWebMotionFilter.java b/observe-application-web/src/main/java/fr/ird/observe/application/web/ObserveWebMotionFilter.java index c54892e..e34a42d 100644 --- a/observe-application-web/src/main/java/fr/ird/observe/application/web/ObserveWebMotionFilter.java +++ b/observe-application-web/src/main/java/fr/ird/observe/application/web/ObserveWebMotionFilter.java @@ -24,7 +24,7 @@ import java.util.Locale; */ public class ObserveWebMotionFilter extends WebMotionFilter { - public void inject(HttpContext context) throws InvalidAuthenticationTokenException, UnknownObserveWebUserException, BadObserveWebUserPasswordException, DataSourceConfigurationAlreadyRegistredException, UnknownObserveWebUserForDatabaseException { + public void inject(HttpContext context) throws InvalidAuthenticationTokenException, UnknownObserveWebUserException, BadObserveWebUserPasswordException, DataSourceConfigurationAlreadyRegistredException, UnknownObserveWebUserForDatabaseException, InvalidAdminKeyApiException { ObserveWebApplicationContext applicationContext = ObserveWebApplicationContext.getApplicationContext(context); @@ -34,7 +34,16 @@ public class ObserveWebMotionFilter extends WebMotionFilter { Locale applicationLocale = getApplicationLocale(request); ReferentialLocale referentialLocale = getReferentialLocale(request); - ObserveWebRequestContext requestContext = new ObserveWebRequestContext(applicationContext, securityContext, applicationLocale, referentialLocale); + + String adminApiKey = getRequestHeaderOrParameterValueOrNull(request, "adminApiKey"); + + if (adminApiKey != null) { + String configurationAdminKey = applicationContext.getApplicationConfiguration().getAdminApiKey(); + if (!configurationAdminKey.equals(adminApiKey)) { + throw new InvalidAdminKeyApiException(adminApiKey); + } + } + ObserveWebRequestContext requestContext = new ObserveWebRequestContext(applicationContext, securityContext, applicationLocale, referentialLocale, adminApiKey); ObserveWebRequestContext.setRequestContext(context, requestContext); diff --git a/observe-application-web/src/main/java/fr/ird/observe/application/web/configuration/ObserveWebApplicationConfiguration.java b/observe-application-web/src/main/java/fr/ird/observe/application/web/configuration/ObserveWebApplicationConfiguration.java index eea7653..8570f7b 100644 --- a/observe-application-web/src/main/java/fr/ird/observe/application/web/configuration/ObserveWebApplicationConfiguration.java +++ b/observe-application-web/src/main/java/fr/ird/observe/application/web/configuration/ObserveWebApplicationConfiguration.java @@ -98,6 +98,9 @@ public class ObserveWebApplicationConfiguration { return applicationConfig.getOptionAsInt(ObserveWebApplicationConfigurationOption.SESSION_EXPIRATION_DELAY.getKey()); } + public String getAdminApiKey() { + return applicationConfig.getOption(ObserveWebApplicationConfigurationOption.ADMIN_API_KEY.getKey()); + } public void init(String... args) { if (log.isInfoEnabled()) { diff --git a/observe-application-web/src/main/java/fr/ird/observe/application/web/configuration/ObserveWebApplicationConfigurationOption.java b/observe-application-web/src/main/java/fr/ird/observe/application/web/configuration/ObserveWebApplicationConfigurationOption.java index b863bc8..3783ac2 100644 --- a/observe-application-web/src/main/java/fr/ird/observe/application/web/configuration/ObserveWebApplicationConfigurationOption.java +++ b/observe-application-web/src/main/java/fr/ird/observe/application/web/configuration/ObserveWebApplicationConfigurationOption.java @@ -25,6 +25,7 @@ public enum ObserveWebApplicationConfigurationOption implements ConfigOptionDef BUILD_VERSION("observeweb.build.version", n("observeweb.build.version.description"), "", Version.class), BUILD_DATE("observeweb.build.date", n("observeweb.build.date.description"), "", String.class), BUILD_NUMBER("observeweb.build.number", n("observeweb.build.number.description"), "", String.class), + ADMIN_API_KEY("observeweb.adminApiKey", n("observeweb.adminApiKey.description"), "changeme", String.class), DEV_MODE("observeweb.devMode", n("observeweb.devMode.description"), "true", boolean.class), BASE_DIRECTORY("observeweb.baseDirectory", n("observeweb.baseDirectory.description"), "/var/local/observeweb", File.class), diff --git a/observe-application-web/src/main/java/fr/ird/observe/application/web/controller/v1/ConfigurationController.java b/observe-application-web/src/main/java/fr/ird/observe/application/web/controller/v1/ConfigurationController.java index 5a2d4da..7803048 100644 --- a/observe-application-web/src/main/java/fr/ird/observe/application/web/controller/v1/ConfigurationController.java +++ b/observe-application-web/src/main/java/fr/ird/observe/application/web/controller/v1/ConfigurationController.java @@ -6,6 +6,7 @@ import fr.ird.observe.application.web.configuration.user.ObserveWebUsers; import fr.ird.observe.application.web.configuration.user.ObserveWebUsersHelper; import fr.ird.observe.application.web.controller.ObserveWebMotionController; import org.apache.commons.io.IOUtils; +import org.debux.webmotion.server.WebMotionContextable; import org.debux.webmotion.server.render.Render; import java.io.IOException; @@ -19,6 +20,12 @@ import java.io.StringWriter; */ public class ConfigurationController extends ObserveWebMotionController { + @Override + public void setContextable(WebMotionContextable contextable) { + super.setContextable(contextable); + getRequestContext().checkAdminApiKeyIsPresent(); + } + public Render mapping() { InputStream mappingUrl = getClass().getResourceAsStream("/mapping"); diff --git a/observe-application-web/src/main/java/fr/ird/observe/application/web/request/ObserveWebRequestContext.java b/observe-application-web/src/main/java/fr/ird/observe/application/web/request/ObserveWebRequestContext.java index 4dc0c8e..0eec00b 100644 --- a/observe-application-web/src/main/java/fr/ird/observe/application/web/request/ObserveWebRequestContext.java +++ b/observe-application-web/src/main/java/fr/ird/observe/application/web/request/ObserveWebRequestContext.java @@ -38,18 +38,26 @@ public class ObserveWebRequestContext { protected final ReferentialLocale referentialLocale; + protected final Optional<String> optionalAdminApiKey; + protected final Optional<ObserveWebRequestSecurityContext> optionalSecurityContext; public ObserveWebRequestContext(ObserveWebApplicationContext applicationContext, ObserveWebRequestSecurityContext optionalSecurityContext, Locale applicationLocale, - ReferentialLocale referentialLocale) { + ReferentialLocale referentialLocale, + String adminApiKey) { this.applicationContext = applicationContext; this.applicationLocale = applicationLocale; this.referentialLocale = referentialLocale; + this.optionalAdminApiKey = Optional.fromNullable(adminApiKey); this.optionalSecurityContext = Optional.fromNullable(optionalSecurityContext); } + public Optional<String> getOptionalAdminApiKey() { + return optionalAdminApiKey; + } + public ObserveWebApplicationContext getApplicationContext() { return applicationContext; } @@ -78,6 +86,10 @@ public class ObserveWebRequestContext { Preconditions.checkState(optionalSecurityContext.isPresent()); } + public void checkAdminApiKeyIsPresent() { + Preconditions.checkState(optionalAdminApiKey.isPresent()); + } + public ObserveDataSourceConfiguration getDataSourceConfiguration() { checkSecurityContextIsPresent(); return optionalSecurityContext.get().getDataSourceConfiguration(); diff --git a/observe-application-web/src/main/resources/mapping b/observe-application-web/src/main/resources/mapping index df7804d..0fdc07a 100644 --- a/observe-application-web/src/main/resources/mapping +++ b/observe-application-web/src/main/resources/mapping @@ -40,7 +40,7 @@ default.render=fr.ird.observe.application.web.ObserveWebMotionRender [actions] -GET /api/v1/configuration/{method} ConfigurationController.{method} +GET /admin/configuration/{method} ConfigurationController.{method} GET,POST /api/v1/referential/{method} ReferentialServiceController.{method} GET,POST /api/v1/dataSource/{method} DataSourceServiceController.{method} -- To stop receiving notification emails like this one, please contact codelutin.com SCM administrator <admin+scm@list.forge.codelutin.com>.