mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-08-14 17:58:59 +00:00
Merged HEAD (5.2) to 5.2.N (5.2.1)
127560 jkaabimofrad: Merged API-STRIKES-BACK (5.2.0) to HEAD (5.2)
125666 jkaabimofrad: RA-933: Fixed API tests failures by refactoring the noAuth functionality.
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/BRANCHES/DEV/5.2.N/root@127654 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Alan Davis
@@ -33,12 +33,14 @@ import java.util.Map;
|
||||
import java.util.ResourceBundle;
|
||||
import java.util.Set;
|
||||
|
||||
import org.alfresco.rest.api.authentications.AuthenticationTicketsEntityResource;
|
||||
import org.alfresco.rest.framework.Api;
|
||||
import org.alfresco.rest.framework.core.ResourceLocator;
|
||||
import org.alfresco.rest.framework.core.ResourceWithMetadata;
|
||||
import org.alfresco.rest.framework.resource.actions.interfaces.BinaryResourceAction;
|
||||
import org.alfresco.rest.framework.resource.actions.interfaces.EntityResourceAction;
|
||||
import org.alfresco.rest.framework.resource.actions.interfaces.RelationshipResourceBinaryAction;
|
||||
import org.alfresco.rest.framework.resource.actions.interfaces.ResourceAction;
|
||||
import org.apache.commons.lang.StringUtils;
|
||||
import org.springframework.extensions.webscripts.ArgumentTypeDescription;
|
||||
import org.springframework.extensions.webscripts.Container;
|
||||
@@ -100,13 +102,12 @@ public class PublicApiDeclarativeRegistry extends DeclarativeRegistry
|
||||
*/
|
||||
public Match findWebScript(String method, String uri)
|
||||
{
|
||||
Match match = null;
|
||||
Match match;
|
||||
|
||||
HttpMethod httpMethod = HttpMethod.valueOf(method);
|
||||
boolean isPost = httpMethod.equals(HttpMethod.POST);
|
||||
if (httpMethod.equals(HttpMethod.GET) || isPost)
|
||||
if (HttpMethod.GET.equals(httpMethod))
|
||||
{
|
||||
if (!isPost && uri.equals(PublicApiTenantWebScriptServletRequest.NETWORKS_PATH))
|
||||
if (uri.equals(PublicApiTenantWebScriptServletRequest.NETWORKS_PATH))
|
||||
{
|
||||
Map<String, String> templateVars = new HashMap<>();
|
||||
templateVars.put("apiScope", "public");
|
||||
@@ -114,7 +115,7 @@ public class PublicApiDeclarativeRegistry extends DeclarativeRegistry
|
||||
templateVars.put("apiName", "networks");
|
||||
match = new Match("", templateVars, "", getNetworksWebScript);
|
||||
}
|
||||
else if (!isPost && uri.equals(PublicApiTenantWebScriptServletRequest.NETWORK_PATH))
|
||||
else if (uri.equals(PublicApiTenantWebScriptServletRequest.NETWORK_PATH))
|
||||
{
|
||||
Map<String, String> templateVars = new HashMap<>();
|
||||
templateVars.put("apiScope", "public");
|
||||
@@ -125,22 +126,17 @@ public class PublicApiDeclarativeRegistry extends DeclarativeRegistry
|
||||
else
|
||||
{
|
||||
match = super.findWebScript(method, uri);
|
||||
|
||||
Map<String, String> templateVars = match.getTemplateVars();
|
||||
|
||||
if (templateVars.get("apiName") != null)
|
||||
if (match == null)
|
||||
{
|
||||
// NOTE: noAuth currently only exposed for GET
|
||||
Api api = determineApi(templateVars);
|
||||
|
||||
// TODO can we avoid locating resource more than once (or at least provide a common code to determine the GET resourceAction) ?
|
||||
ResourceWithMetadata rwm = locator.locateResource(api, templateVars, HttpMethod.valueOf(method));
|
||||
|
||||
Class resAction = null;
|
||||
return null;
|
||||
}
|
||||
Map<String, String> templateVars = match.getTemplateVars();
|
||||
ResourceWithMetadata rwm = getResourceWithMetadataOrNull(templateVars, httpMethod);
|
||||
if (rwm != null)
|
||||
{
|
||||
Class<? extends ResourceAction> resAction = null;
|
||||
|
||||
String entityId = templateVars.get(ResourceLocator.ENTITY_ID);
|
||||
String relationshipId = templateVars.get(ResourceLocator.RELATIONSHIP_ID);
|
||||
|
||||
switch (rwm.getMetaData().getType())
|
||||
{
|
||||
case ENTITY:
|
||||
@@ -157,10 +153,6 @@ public class PublicApiDeclarativeRegistry extends DeclarativeRegistry
|
||||
{
|
||||
resAction = EntityResourceAction.Read.class;
|
||||
}
|
||||
else if (EntityResourceAction.Create.class.isAssignableFrom(rwm.getResource().getClass()))
|
||||
{
|
||||
resAction = EntityResourceAction.Create.class;
|
||||
}
|
||||
}
|
||||
break;
|
||||
case PROPERTY:
|
||||
@@ -176,45 +168,77 @@ public class PublicApiDeclarativeRegistry extends DeclarativeRegistry
|
||||
}
|
||||
}
|
||||
break;
|
||||
case RELATIONSHIP:
|
||||
if (StringUtils.isNotBlank(relationshipId))
|
||||
{
|
||||
if (RelationshipResourceAction.ReadById.class.isAssignableFrom(rwm.getResource().getClass()))
|
||||
{
|
||||
resAction = RelationshipResourceAction.ReadById.class;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
if (RelationshipResourceAction.Read.class.isAssignableFrom(rwm.getResource().getClass()))
|
||||
{
|
||||
resAction = RelationshipResourceAction.Read.class;
|
||||
}
|
||||
}
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
||||
final boolean noAuth = (resAction != null && rwm.getMetaData().isNoAuth(resAction));
|
||||
|
||||
if (noAuth)
|
||||
{
|
||||
final WebScript webScript = match.getWebScript();
|
||||
// override match with noAuth
|
||||
match = overrideMatch(match);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
else if (HttpMethod.POST.equals(httpMethod))
|
||||
{
|
||||
match = super.findWebScript(method, uri);
|
||||
if (match != null && uri.endsWith(AuthenticationTicketsEntityResource.COLLECTION_RESOURCE_NAME))
|
||||
{
|
||||
ResourceWithMetadata rwm = getResourceWithMetadataOrNull(match.getTemplateVars(), httpMethod);
|
||||
if (rwm != null && AuthenticationTicketsEntityResource.class.equals(rwm.getResource().getClass()))
|
||||
{
|
||||
Class<? extends ResourceAction> resAction = null;
|
||||
if (EntityResourceAction.Create.class.isAssignableFrom(rwm.getResource().getClass()))
|
||||
{
|
||||
resAction = EntityResourceAction.Create.class;
|
||||
}
|
||||
final boolean noAuth = (resAction != null && rwm.getMetaData().isNoAuth(resAction));
|
||||
if (noAuth)
|
||||
{
|
||||
// override match with noAuth
|
||||
match = overrideMatch(match);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
match = super.findWebScript(method, uri);
|
||||
}
|
||||
|
||||
return match;
|
||||
}
|
||||
|
||||
private ResourceWithMetadata getResourceWithMetadataOrNull(Map<String, String> templateVars, HttpMethod method)
|
||||
{
|
||||
if (templateVars.get("apiName") != null)
|
||||
{
|
||||
// NOTE: noAuth currently only exposed for GET or Create Ticket (login)
|
||||
Api api = determineApi(templateVars);
|
||||
|
||||
// TODO can we avoid locating resource more than once (or at least provide a common code to determine the GET resourceAction) ?
|
||||
return locator.locateResource(api, templateVars, method);
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
private Match overrideMatch(final Match match)
|
||||
{
|
||||
// TODO is there a better way (to dynamically override "requiredAuthentication") or handle noAuth check earlier ?
|
||||
WebScript noAuthWebScriptWrapper = new WebScript()
|
||||
{
|
||||
@Override
|
||||
public void init(Container container, Description description)
|
||||
{
|
||||
webScript.init(container, description);
|
||||
match.getWebScript().init(container, description);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Description getDescription()
|
||||
{
|
||||
final Description d = webScript.getDescription();
|
||||
final Description d = match.getWebScript().getDescription();
|
||||
return new Description()
|
||||
{
|
||||
@Override
|
||||
@@ -384,34 +408,24 @@ public class PublicApiDeclarativeRegistry extends DeclarativeRegistry
|
||||
@Override
|
||||
public ResourceBundle getResources()
|
||||
{
|
||||
return webScript.getResources();
|
||||
return match.getWebScript().getResources();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void execute(WebScriptRequest webScriptRequest, WebScriptResponse webScriptResponse) throws IOException
|
||||
{
|
||||
webScript.execute(webScriptRequest, webScriptResponse);
|
||||
match.getWebScript().execute(webScriptRequest, webScriptResponse);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setURLModelFactory(URLModelFactory urlModelFactory)
|
||||
{
|
||||
webScript.setURLModelFactory(urlModelFactory);
|
||||
match.getWebScript().setURLModelFactory(urlModelFactory);
|
||||
}
|
||||
};
|
||||
|
||||
// override match with noAuth
|
||||
match = new Match(match.getTemplate(), match.getTemplateVars(), match.getPath(), noAuthWebScriptWrapper);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
match = super.findWebScript(method, uri);
|
||||
}
|
||||
|
||||
return match;
|
||||
return new Match(match.getTemplate(), match.getTemplateVars(), match.getPath(), noAuthWebScriptWrapper);
|
||||
}
|
||||
|
||||
// note: same as ApiWebscript (apiName must not be null)
|
||||
|
||||
@@ -43,6 +43,9 @@ public class AuthenticationTicketsEntityResource implements EntityResourceAction
|
||||
EntityResourceAction.DeleteWithResponse,
|
||||
InitializingBean
|
||||
{
|
||||
// tickets => @EntityResource(name = "tickets" ...
|
||||
public static final String COLLECTION_RESOURCE_NAME = "tickets";
|
||||
|
||||
private Authentications authentications;
|
||||
|
||||
public void setAuthentications(Authentications authentications)
|
||||
|
||||
@@ -310,7 +310,7 @@ public class ResourceInspector
|
||||
{
|
||||
if (! (httpMethod.equals(HttpMethod.GET) || httpMethod.equals(HttpMethod.POST)))
|
||||
{
|
||||
throw new IllegalArgumentException("@WebApiNoAuth should only be on GET methods: "+operation.getTitle());
|
||||
throw new IllegalArgumentException("@WebApiNoAuth should only be on GET methods: "+operation.getTitle()+" Or POST method for creating a ticket.");
|
||||
}
|
||||
helper.whenOperationNoAuth(resourceInterfaceWithOneMethod, aMethod);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user