inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-14 17:58:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged WEBAPP-API (5.2.1) to 5.2.N (5.2.1)

Browse Source 
135229 jkaabimofrad: APPSREPO-136: Updated the API framework so that WebApiNoAuth annotation can be used with operations.


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/BRANCHES/DEV/5.2.N/root@135565 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Jamal Kaabi-Mofrad
2017-03-03 11:41:52 +00:00
parent 7ea9dee0b1
commit c149e56623
6 changed files with 154 additions and 88 deletions
Download Patch File Download Diff File Expand all files Collapse all files

164
source/java/org/alfresco/rest/api/PublicApiDeclarativeRegistry.java
View File

@@ -2,7 +2,7 @@
* #%L
* Alfresco Remote API
* %%
* Copyright (C) 2005 - 2016 Alfresco Software Limited
* Copyright (C) 2005 - 2017 Alfresco Software Limited
* %%
* This file is part of the Alfresco software.
* If the software was purchased under a paid Alfresco license, the terms of
@@ -23,14 +23,16 @@
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
* #L%
*/
package org.alfresco.rest.api;
package org.alfresco.rest.api;
import java.io.IOException;
import java.io.InputStream;
import java.io.Serializable;
import java.util.*;
import org.alfresco.rest.api.authentications.AuthenticationTicketsEntityResource;
import java.util.HashMap;
import java.util.Map;
import java.util.ResourceBundle;
import java.util.Set;
import org.alfresco.rest.framework.Api;
import org.alfresco.rest.framework.core.ResourceLocator;
import org.alfresco.rest.framework.core.ResourceWithMetadata;
@@ -43,24 +45,25 @@ import org.alfresco.rest.framework.resource.actions.interfaces.ResourceAction;
import org.alfresco.rest.framework.tools.ApiAssistant;
import org.apache.commons.lang.StringUtils;
import org.springframework.extensions.webscripts.*;
import org.springframework.extensions.webscripts.Description.FormatStyle;
import org.springframework.extensions.webscripts.Description.RequiredAuthentication;
import org.springframework.extensions.webscripts.Description.RequiredTransaction;
import org.springframework.extensions.webscripts.Description.TransactionCapability;
import org.springframework.extensions.webscripts.Description.FormatStyle;
import org.springframework.extensions.webscripts.Description.RequiredAuthentication;
import org.springframework.extensions.webscripts.Description.RequiredTransaction;
import org.springframework.extensions.webscripts.Description.TransactionCapability;
import org.springframework.http.HttpMethod;
/**
*
* @author steveglover
* @author janv
* @author Jamal Kaabi-Mofrad
* @since PublicApi1.0
*/
public class PublicApiDeclarativeRegistry extends DeclarativeRegistry
{
private WebScript getNetworksWebScript;
private WebScript getNetworkWebScript;
private Container container;
public class PublicApiDeclarativeRegistry extends DeclarativeRegistry
{
private WebScript getNetworksWebScript;
private WebScript getNetworkWebScript;
private Container container;
private ResourceLocator locator;
public void setLocator(ResourceLocator locator)
@@ -68,27 +71,27 @@ public class PublicApiDeclarativeRegistry extends DeclarativeRegistry
this.locator = locator;
}
public void setGetNetworksWebScript(WebScript getNetworksWebScript)
{
this.getNetworksWebScript = getNetworksWebScript;
}
public void setGetNetworkWebScript(WebScript getNetworkWebScript)
{
this.getNetworkWebScript = getNetworkWebScript;
}
public void setContainer(Container container)
{
super.setContainer(container);
this.container = container;
}
/* (non-Javadoc)
* @see org.alfresco.web.scripts.Registry#findWebScript(java.lang.String, java.lang.String)
*/
public Match findWebScript(String method, String uri)
{
public void setGetNetworksWebScript(WebScript getNetworksWebScript)
{
this.getNetworksWebScript = getNetworksWebScript;
}
public void setGetNetworkWebScript(WebScript getNetworkWebScript)
{
this.getNetworkWebScript = getNetworkWebScript;
}
public void setContainer(Container container)
{
super.setContainer(container);
this.container = container;
}
/* (non-Javadoc)
* @see org.alfresco.web.scripts.Registry#findWebScript(java.lang.String, java.lang.String)
*/
public Match findWebScript(String method, String uri)
{
Match match;
HttpMethod httpMethod = HttpMethod.valueOf(method);
@@ -189,17 +192,46 @@ public class PublicApiDeclarativeRegistry extends DeclarativeRegistry
else if (HttpMethod.POST.equals(httpMethod))
{
match = super.findWebScript(method, uri);
if (match != null && uri.endsWith(AuthenticationTicketsEntityResource.COLLECTION_RESOURCE_NAME))
if (match != null)
{
ResourceWithMetadata rwm = getResourceWithMetadataOrNull(match.getTemplateVars(), httpMethod);
if (rwm != null && AuthenticationTicketsEntityResource.class.equals(rwm.getResource().getClass()))
if (rwm != null)
{
Class<? extends ResourceAction> resAction = null;
if (EntityResourceAction.Create.class.isAssignableFrom(rwm.getResource().getClass()))
Boolean noAuth = null;
switch (rwm.getMetaData().getType())
{
resAction = EntityResourceAction.Create.class;
case ENTITY:
if (EntityResourceAction.Create.class.isAssignableFrom(rwm.getResource().getClass()))
{
resAction = EntityResourceAction.Create.class;
}
else if (EntityResourceAction.CreateWithResponse.class.isAssignableFrom(rwm.getResource().getClass()))
{
resAction = EntityResourceAction.CreateWithResponse.class;
}
break;
case RELATIONSHIP:
if (RelationshipResourceAction.Create.class.isAssignableFrom(rwm.getResource().getClass()))
{
resAction = RelationshipResourceAction.Create.class;
}
else if (RelationshipResourceAction.CreateWithResponse.class.isAssignableFrom(rwm.getResource().getClass()))
{
resAction = RelationshipResourceAction.CreateWithResponse.class;
}
break;
case OPERATION:
noAuth = rwm.getMetaData().isNoAuth(null);
break;
default:
break;
}
if (noAuth == null)
{
noAuth = (resAction != null && rwm.getMetaData().isNoAuth(resAction));
}
final boolean noAuth = (resAction != null && rwm.getMetaData().isNoAuth(resAction));
if (noAuth)
{
// override match with noAuth
@@ -224,7 +256,7 @@ public class PublicApiDeclarativeRegistry extends DeclarativeRegistry
{
if (templateVars.get("apiName") != null)
{
// NOTE: noAuth currently only exposed for GET or Create Ticket (login)
// NOTE: noAuth currently only exposed for GET or POST
Api api = ApiAssistant.determineApi(templateVars);
// TODO can we avoid locating resource more than once (or at least provide a common code to determine the GET resourceAction) ?
@@ -435,27 +467,27 @@ public class PublicApiDeclarativeRegistry extends DeclarativeRegistry
// override match with noAuth
return new Match(match.getTemplate(), match.getTemplateVars(), match.getPath(), noAuthWebScriptWrapper);
}
}
private void initWebScript(WebScript webScript, String name)
{
DescriptionImpl serviceDesc = new DescriptionImpl(name, name, name, name);
serviceDesc.setRequiredAuthentication(RequiredAuthentication.user);
TransactionParameters transactionParameters = new TransactionParameters();
transactionParameters.setRequired(RequiredTransaction.required);
transactionParameters.setCapability(TransactionCapability.readonly);
serviceDesc.setRequiredTransactionParameters(transactionParameters);
serviceDesc.setFormatStyle(FormatStyle.argument);
serviceDesc.setDefaultFormat("json");
serviceDesc.setUris(new String[] { name });
webScript.init(container, serviceDesc);
}
public void reset()
{
super.reset();
initWebScript(getNetworksWebScript, "networks");
initWebScript(getNetworkWebScript, "network");
}
}
private void initWebScript(WebScript webScript, String name)
{
DescriptionImpl serviceDesc = new DescriptionImpl(name, name, name, name);
serviceDesc.setRequiredAuthentication(RequiredAuthentication.user);
TransactionParameters transactionParameters = new TransactionParameters();
transactionParameters.setRequired(RequiredTransaction.required);
transactionParameters.setCapability(TransactionCapability.readonly);
serviceDesc.setRequiredTransactionParameters(transactionParameters);
serviceDesc.setFormatStyle(FormatStyle.argument);
serviceDesc.setDefaultFormat("json");
serviceDesc.setUris(new String[] { name });
webScript.init(container, serviceDesc);
}
public void reset()
{
super.reset();
initWebScript(getNetworksWebScript, "networks");
initWebScript(getNetworkWebScript, "network");
}
}

20
source/java/org/alfresco/rest/framework/core/OperationResourceMetaData.java
View File

@@ -2,7 +2,7 @@
* #%L
* Alfresco Remote API
* %%
* Copyright (C) 2005 - 2016 Alfresco Software Limited
* Copyright (C) 2005 - 2017 Alfresco Software Limited
* %%
* This file is part of the Alfresco software.
* If the software was purchased under a paid Alfresco license, the terms of
@@ -40,6 +40,7 @@ import java.util.Set;
public class OperationResourceMetaData extends ResourceMetadata
{
private final Method operationMethod;
private final boolean noAuthRequired;
/**
* Use this constructor to create the resource metadata
@@ -47,8 +48,9 @@ public class OperationResourceMetaData extends ResourceMetadata
* @param operations
* @param api
* @param operationMethod
* @param noAuthRequired
*/
public OperationResourceMetaData(String uniqueId, List<ResourceOperation> operations, Api api, Method operationMethod)
public OperationResourceMetaData(String uniqueId, List<ResourceOperation> operations, Api api, Method operationMethod, boolean noAuthRequired)
{
super(uniqueId, RESOURCE_TYPE.OPERATION, operations, api, null, null, null);
if (operations.size()!= 1)
@@ -56,6 +58,7 @@ public class OperationResourceMetaData extends ResourceMetadata
throw new IllegalArgumentException("Only 1 operation per url is supported for an entity");
}
this.operationMethod = operationMethod;
this.noAuthRequired = noAuthRequired;
}
/**
@@ -63,11 +66,13 @@ public class OperationResourceMetaData extends ResourceMetadata
* @param uniqueId
* @param api
* @param apiDeleted
* @param noAuthRequired
*/
public OperationResourceMetaData(String uniqueId, Api api, Set<Class<? extends ResourceAction>> apiDeleted)
public OperationResourceMetaData(String uniqueId, Api api, Set<Class<? extends ResourceAction>> apiDeleted, boolean noAuthRequired)
{
super(uniqueId, RESOURCE_TYPE.OPERATION, null, api, apiDeleted, null, null);
this.operationMethod = null;
this.noAuthRequired = noAuthRequired;
}
public Method getOperationMethod()
@@ -75,6 +80,12 @@ public class OperationResourceMetaData extends ResourceMetadata
return operationMethod;
}
@Override
public boolean isNoAuth(Class<? extends ResourceAction> resourceAction)
{
return this.noAuthRequired;
}
@Override
public String toString()
{
@@ -91,7 +102,8 @@ public class OperationResourceMetaData extends ResourceMetadata
builder.append(this.getOperations());
builder.append(", apiDeleted=");
builder.append(this.getApiDeleted());
builder.append("operationMethod=").append(operationMethod);
builder.append(", operationMethod=").append(operationMethod);
builder.append(", noAuthRequired=").append(noAuthRequired);
builder.append("]");
return builder.toString();
}

16
source/java/org/alfresco/rest/framework/core/ResourceInspector.java
View File

@@ -2,7 +2,7 @@
* #%L
* Alfresco Remote API
* %%
* Copyright (C) 2005 - 2016 Alfresco Software Limited
* Copyright (C) 2005 - 2017 Alfresco Software Limited
* %%
* This file is part of the Alfresco software.
* If the software was purchased under a paid Alfresco license, the terms of
@@ -308,7 +308,7 @@ public class ResourceInspector
{
if (! (httpMethod.equals(HttpMethod.GET) || httpMethod.equals(HttpMethod.POST)))
{
throw new IllegalArgumentException("@WebApiNoAuth should only be on GET methods: "+operation.getTitle()+" Or POST method for creating a ticket.");
throw new IllegalArgumentException("@WebApiNoAuth should only be on GET or POST methods: " + operation.getTitle());
}
helper.whenOperationNoAuth(resourceInterfaceWithOneMethod, aMethod);
}
@@ -327,7 +327,7 @@ public class ResourceInspector
Annotation annot = AnnotationUtils.findAnnotation(aMethod, WebApiDescription.class);
List<ResourceParameter> parameters = new ArrayList<ResourceParameter>();
parameters.addAll(inspectParameters(resource, aMethod, httpMethod));
if (annot != null)
{
Map<String, Object> annotAttribs = AnnotationUtils.getAnnotationAttributes(annot);
@@ -638,6 +638,7 @@ public class ResourceInspector
* Inspect a resource to find operations on it.
* @param api Api
* @param entityPath String
* @param metainfo resource metadata
*/
public static void inspectOperations(Api api, Class<?> resource, final String entityPath, List<ResourceMetadata> metainfo)
{
@@ -646,13 +647,16 @@ public class ResourceInspector
{
for (Entry<String, Pair<ResourceOperation, Method>> opera : operations.entrySet())
{
if (isDeleted(opera.getValue().getSecond()))
Method annotatedMethod = opera.getValue().getSecond();
final boolean isNoAuthRequired = isNoAuth(annotatedMethod);
if (isDeleted(annotatedMethod))
{
metainfo.add(new OperationResourceMetaData(opera.getKey(), api, new HashSet(Arrays.asList(opera.getValue().getFirst()))));
metainfo.add(new OperationResourceMetaData(opera.getKey(), api, new HashSet(Arrays.asList(opera.getValue().getFirst())), isNoAuthRequired));
}
else
{
metainfo.add(new OperationResourceMetaData(opera.getKey(), Arrays.asList(opera.getValue().getFirst()), api, opera.getValue().getSecond()));
metainfo.add(new OperationResourceMetaData(opera.getKey(), Arrays.asList(opera.getValue().getFirst()), api, annotatedMethod, isNoAuthRequired));
}
}
}

14
source/java/org/alfresco/rest/framework/core/ResourceMetadata.java
View File

@@ -1,8 +1,9 @@
/*
/*
* #%L
* Alfresco Remote API
* %%
* Copyright (C) 2005 - 2016 Alfresco Software Limited
* Copyright (C) 2005 - 2017 Alfresco Software Limited
* %%
* This file is part of the Alfresco software.
* If the software was purchased under a paid Alfresco license, the terms of
@@ -86,16 +87,17 @@ public class ResourceMetadata
}
/**
* Indicates if this resource can support the specified HTTPMethod
* @param supportedMethod HttpMethod
* @return true if can support it
* Gets the data type of the resource parameter
*
* @param operation {@code ResourceOperation} object
* @return The data type of the resource parameter
*/
@SuppressWarnings("rawtypes")
public Class getObjectType(ResourceOperation operation)
{
for (ResourceParameter param : operation.getParameters())
{
if (ResourceParameter.KIND.HTTP_BODY_OBJECT.equals(param.getParamType())) {
if (ResourceParameter.KIND.HTTP_BODY_OBJECT.equals(param.getParamType()))
{
return param.getDataType();
}
}