diff --git a/shared/src/main/java/com/inteligr8/alfresco/asie/model/PersistedNode.java b/shared/src/main/java/com/inteligr8/alfresco/asie/model/PersistedNode.java new file mode 100644 index 0000000..9eeab4a --- /dev/null +++ b/shared/src/main/java/com/inteligr8/alfresco/asie/model/PersistedNode.java @@ -0,0 +1,36 @@ +package com.inteligr8.alfresco.asie.model; + +import java.io.Serializable; + +public class PersistedNode implements Serializable { + + private static final long serialVersionUID = 4105196543023419818L; + + private final SolrHost node; + private final long persistMillis; + private long expireTimeMillis; + + public PersistedNode(SolrHost node, int persistMinutes) { + this.node = node; + this.persistMillis = persistMinutes * 60L * 1000L; + this.reset(); + } + + public void reset() { + this.expireTimeMillis = System.currentTimeMillis() + this.persistMillis; + } + + public boolean isExpired() { + return this.expireTimeMillis < System.currentTimeMillis(); + } + + public SolrHost getNode() { + return this.node; + } + + @Override + public String toString() { + return "node: " + this.node + "; expires in: " + (System.currentTimeMillis() - this.expireTimeMillis) + " ms"; + } + +} diff --git a/shared/src/main/java/com/inteligr8/alfresco/asie/rest/AbstractAsieWebScript.java b/shared/src/main/java/com/inteligr8/alfresco/asie/rest/AbstractAsieWebScript.java index bf48032..66dd013 100644 --- a/shared/src/main/java/com/inteligr8/alfresco/asie/rest/AbstractAsieWebScript.java +++ b/shared/src/main/java/com/inteligr8/alfresco/asie/rest/AbstractAsieWebScript.java @@ -1,13 +1,10 @@ package com.inteligr8.alfresco.asie.rest; import java.io.IOException; -import java.util.HashSet; -import java.util.Set; import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.InitializingBean; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.beans.factory.annotation.Value; @@ -23,7 +20,7 @@ import com.inteligr8.rs.ClientCxfImpl; import jakarta.ws.rs.client.ClientRequestContext; -public abstract class AbstractAsieWebScript extends AbstractWebScript implements InitializingBean { +public abstract class AbstractAsieWebScript extends AbstractWebScript { private final Logger logger = LoggerFactory.getLogger(this.getClass()); @@ -42,9 +39,6 @@ public abstract class AbstractAsieWebScript extends AbstractWebScript implements @Value("${solr.sharedSecret}") private String solrSharedSecret; - @Value("${inteligr8.asie.allowedAuthorities}") - private String authorizedAuthoritiesStr; - @Value("${inteligr8.asie.basePath}") private String solrBaseUrl; @@ -52,28 +46,11 @@ public abstract class AbstractAsieWebScript extends AbstractWebScript implements @Qualifier(Constants.QUALIFIER_ASIE) private ObjectMapper objectMapper; - private Set authorizedAuthorities; - @Override public void afterPropertiesSet() throws Exception { - this.authorizedAuthorities = new HashSet<>(); - String[] authorities = this.authorizedAuthoritiesStr.split(","); - for (String authority : authorities) { - authority = StringUtils.trimToNull(authority); - if (authority != null) - this.authorizedAuthorities.add(authority); - } - - if (this.authorizedAuthorities.isEmpty()) - this.logger.warn("All authenticated users will be authorized to access ASIE web scripts"); - + super.afterPropertiesSet(); this.solrSharedSecret = StringUtils.trimToNull(this.solrSharedSecret); } - - @Override - protected Set getAuthorities() { - return this.authorizedAuthorities; - } protected ObjectMapper getObjectMapper() { return this.objectMapper; diff --git a/shared/src/main/java/com/inteligr8/alfresco/asie/rest/AbstractWebScript.java b/shared/src/main/java/com/inteligr8/alfresco/asie/rest/AbstractWebScript.java index e361f15..230a640 100644 --- a/shared/src/main/java/com/inteligr8/alfresco/asie/rest/AbstractWebScript.java +++ b/shared/src/main/java/com/inteligr8/alfresco/asie/rest/AbstractWebScript.java @@ -4,11 +4,19 @@ import java.io.IOException; import java.lang.reflect.Constructor; import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; +import java.util.Collections; +import java.util.HashSet; import java.util.Set; import org.alfresco.repo.security.authentication.AuthenticationUtil; +import org.alfresco.service.cmr.security.AuthorityService; import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.extensions.webscripts.Description.RequiredAuthentication; +import org.springframework.beans.factory.InitializingBean; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; import org.springframework.extensions.webscripts.WebScriptException; import org.springframework.extensions.webscripts.WebScriptRequest; import org.springframework.extensions.webscripts.WebScriptResponse; @@ -16,9 +24,38 @@ import org.springframework.http.HttpStatus; import net.sf.acegisecurity.GrantedAuthority; -public abstract class AbstractWebScript extends org.springframework.extensions.webscripts.AbstractWebScript { +public abstract class AbstractWebScript extends org.springframework.extensions.webscripts.AbstractWebScript implements InitializingBean { - protected abstract Set getAuthorities(); + private final Logger logger = LoggerFactory.getLogger(this.getClass()); + + @Value("${inteligr8.asie.allowedAuthorities}") + private String authorizedAuthoritiesStr; + + @Autowired + private AuthorityService authorityService; + + private Set authorizedAuthorities; + + @Override + public void afterPropertiesSet() throws Exception { + this.authorizedAuthorities = new HashSet<>(); + String[] authorities = this.authorizedAuthoritiesStr.split(","); + for (String authority : authorities) { + authority = StringUtils.trimToNull(authority); + if (authority != null) + this.authorizedAuthorities.add(authority); + } + + if (this.authorizedAuthorities.isEmpty()) { + this.logger.warn("All authenticated users will be authorized to access web scripts"); + } else { + this.logger.debug("Allowing only authorities: {}", this.authorizedAuthorities); + } + } + + protected Set getAuthorities() { + return this.authorizedAuthorities; + } @Override public final void execute(WebScriptRequest request, WebScriptResponse response) throws IOException { @@ -38,6 +75,13 @@ public abstract class AbstractWebScript extends org.springframework.extensions.w return true; } + Set authorities = this.authorityService.getAuthoritiesForUser(AuthenticationUtil.getFullyAuthenticatedUser()); + if (authorities != null) { + if (!Collections.disjoint(this.getAuthorities(), authorities)) + return true; + } + + this.logger.trace("Not authorized: user '{}'; authorities: {} + {}", AuthenticationUtil.getFullyAuthenticatedUser(), AuthenticationUtil.getFullAuthentication().getAuthorities(), authorities); return false; } diff --git a/shared/src/main/java/com/inteligr8/alfresco/asie/rest/ClearRegistryWebScript.java b/shared/src/main/java/com/inteligr8/alfresco/asie/rest/ClearRegistryWebScript.java index 38b4889..ad4c26f 100644 --- a/shared/src/main/java/com/inteligr8/alfresco/asie/rest/ClearRegistryWebScript.java +++ b/shared/src/main/java/com/inteligr8/alfresco/asie/rest/ClearRegistryWebScript.java @@ -3,7 +3,6 @@ package com.inteligr8.alfresco.asie.rest; import java.io.IOException; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.extensions.webscripts.AbstractWebScript; import org.springframework.extensions.webscripts.WebScriptRequest; import org.springframework.extensions.webscripts.WebScriptResponse; import org.springframework.http.HttpStatus; @@ -20,13 +19,13 @@ public class ClearRegistryWebScript extends AbstractWebScript { @Autowired private ShardStateService sss; - - @Override - public void execute(WebScriptRequest req, WebScriptResponse res) throws IOException { + + @Override + public void executeAuthorized(WebScriptRequest request, WebScriptResponse response) throws IOException { this.sss.clear(); this.sbs.forget(); - res.setStatus(HttpStatus.OK.value()); + response.setStatus(HttpStatus.OK.value()); } } diff --git a/shared/src/main/java/com/inteligr8/alfresco/asie/service/ShardBackupService.java b/shared/src/main/java/com/inteligr8/alfresco/asie/service/ShardBackupService.java index d9ac37c..bb887c0 100644 --- a/shared/src/main/java/com/inteligr8/alfresco/asie/service/ShardBackupService.java +++ b/shared/src/main/java/com/inteligr8/alfresco/asie/service/ShardBackupService.java @@ -1,7 +1,5 @@ package com.inteligr8.alfresco.asie.service; -import java.io.Serializable; - import org.alfresco.service.cmr.attributes.AttributeService; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -11,6 +9,7 @@ import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Component; import com.inteligr8.alfresco.asie.Constants; +import com.inteligr8.alfresco.asie.model.PersistedNode; import com.inteligr8.alfresco.asie.model.ShardSet; import com.inteligr8.alfresco.asie.model.SolrHost; @@ -31,13 +30,13 @@ public class ShardBackupService implements com.inteligr8.alfresco.asie.spi.Shard String shardKey = shardSet.getCore() + "-" + shardId; PersistedNode backupNode = (PersistedNode) this.attributeService.getAttribute(Constants.ATTR_ASIE, ATTR_BACKUP_NODE, shardKey); - this.logger.debug("Found backup node: {}", backupNode); + logger.debug("Found backup node: {}", backupNode); if (backupNode == null || backupNode.isExpired()) { - backupNode = new PersistedNode(node); + backupNode = new PersistedNode(node, this.persistTimeMinutes); this.attributeService.setAttribute(backupNode, Constants.ATTR_ASIE, ATTR_BACKUP_NODE, shardKey); } - + return backupNode.getNode(); } @@ -49,38 +48,5 @@ public class ShardBackupService implements com.inteligr8.alfresco.asie.spi.Shard String shardKey = shardSet.getCore() + "-" + shardId; this.attributeService.removeAttribute(Constants.ATTR_ASIE, ATTR_BACKUP_NODE, shardKey); } - - - - private class PersistedNode implements Serializable { - - private static final long serialVersionUID = 4105196543023419818L; - - private final SolrHost node; - private long expireTimeMillis; - - PersistedNode(SolrHost node) { - this.node = node; - this.reset(); - } - - void reset() { - this.expireTimeMillis = System.currentTimeMillis() + persistTimeMinutes * 60L * 1000L; - } - - boolean isExpired() { - return this.expireTimeMillis < System.currentTimeMillis(); - } - - SolrHost getNode() { - return this.node; - } - - @Override - public String toString() { - return "node: " + this.node + "; expires in: " + (System.currentTimeMillis() - this.expireTimeMillis) + " ms"; - } - - } } diff --git a/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/backupNode.get.desc.xml b/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/backupNode.get.desc.xml index 87e2c02..234dc86 100644 --- a/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/backupNode.get.desc.xml +++ b/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/backupNode.get.desc.xml @@ -38,6 +38,9 @@ none + + required + false diff --git a/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/leadNode.get.desc.xml b/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/leadNode.get.desc.xml index c1e839f..8fb445c 100644 --- a/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/leadNode.get.desc.xml +++ b/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/leadNode.get.desc.xml @@ -34,6 +34,9 @@ none + + required + false diff --git a/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/node.delete.desc.xml b/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/node.delete.desc.xml index f1ece9d..4d2bac5 100644 --- a/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/node.delete.desc.xml +++ b/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/node.delete.desc.xml @@ -29,7 +29,10 @@ /inteligr8/asie/node/{nodeEndpoint} - admin + user + + + required diff --git a/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/node.get.desc.xml b/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/node.get.desc.xml index 8cc7b8a..e8253f6 100644 --- a/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/node.get.desc.xml +++ b/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/node.get.desc.xml @@ -58,7 +58,7 @@ any - admin + user diff --git a/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/node.post.desc.xml b/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/node.post.desc.xml index 5e3463e..a33889e 100644 --- a/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/node.post.desc.xml +++ b/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/node.post.desc.xml @@ -31,7 +31,7 @@ /inteligr8/asie/node/{nodeEndpoint}?coreName={coreName?}&shardRange={shardRange?}&template={template?}&shardCount={shardCount?}&nodeId={nodeId?}&nodeCount={nodeCount?} - admin + user diff --git a/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/nodeShard.delete.desc.xml b/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/nodeShard.delete.desc.xml index 22b59f9..c9d197d 100644 --- a/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/nodeShard.delete.desc.xml +++ b/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/nodeShard.delete.desc.xml @@ -32,7 +32,10 @@ /inteligr8/asie/node/{nodeEndpoint}/shard/{shardCore}/{shardId} - admin + user + + + required diff --git a/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/nodeShard.get.desc.xml b/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/nodeShard.get.desc.xml index 0c2f08d..b81dd5a 100644 --- a/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/nodeShard.get.desc.xml +++ b/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/nodeShard.get.desc.xml @@ -30,7 +30,7 @@ /inteligr8/asie/node/{nodeEndpoint}/shard/{shardCore}/{shardId} - admin + user diff --git a/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/nodeShard.post.desc.xml b/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/nodeShard.post.desc.xml index b502ed3..8992a72 100644 --- a/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/nodeShard.post.desc.xml +++ b/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/nodeShard.post.desc.xml @@ -30,7 +30,10 @@ /inteligr8/asie/node/{nodeEndpoint}/shard/{shardCore}/{shardId} - admin + user + + + required diff --git a/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/nodes.get.desc.xml b/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/nodes.get.desc.xml index c3501e5..c2d30cb 100644 --- a/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/nodes.get.desc.xml +++ b/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/nodes.get.desc.xml @@ -54,7 +54,7 @@ any - admin + user diff --git a/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/propertyHashShards.get.desc.xml b/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/propertyHashShards.get.desc.xml index 3274f7a..b16169b 100644 --- a/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/propertyHashShards.get.desc.xml +++ b/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/propertyHashShards.get.desc.xml @@ -61,7 +61,7 @@ any - admin + user diff --git a/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/registry.delete.desc.xml b/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/registry.delete.desc.xml index 721c459..833661e 100644 --- a/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/registry.delete.desc.xml +++ b/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/registry.delete.desc.xml @@ -21,7 +21,10 @@ /inteligr8/asie/nodes - admin + user + + + required diff --git a/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/sampleHashes.get.desc.xml b/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/sampleHashes.get.desc.xml index 87121d0..5cf5b97 100644 --- a/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/sampleHashes.get.desc.xml +++ b/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/sampleHashes.get.desc.xml @@ -47,7 +47,7 @@ any - admin + user diff --git a/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/shard.get.desc.xml b/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/shard.get.desc.xml index 28f19b1..bc1d750 100644 --- a/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/shard.get.desc.xml +++ b/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/shard.get.desc.xml @@ -60,7 +60,7 @@ any - admin + user diff --git a/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/shards.get.desc.xml b/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/shards.get.desc.xml index b3101ce..f89f59f 100644 --- a/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/shards.get.desc.xml +++ b/shared/src/main/resources/alfresco/extension/templates/webscripts/com/inteligr8/alfresco/asie/shards.get.desc.xml @@ -57,7 +57,7 @@ any - admin + user diff --git a/shared/src/main/resources/alfresco/module/com_inteligr8_alfresco_asie-shared/alfresco-global.properties b/shared/src/main/resources/alfresco/module/com_inteligr8_alfresco_asie-shared/alfresco-global.properties index a29c9b1..8f2e2fc 100644 --- a/shared/src/main/resources/alfresco/module/com_inteligr8_alfresco_asie-shared/alfresco-global.properties +++ b/shared/src/main/resources/alfresco/module/com_inteligr8_alfresco_asie-shared/alfresco-global.properties @@ -2,7 +2,7 @@ # defaulting to 3 days = 60 * 24 * 3 = 4320 inteligr8.asie.backup.persistTimeMinutes=4320 -inteligr8.asie.allowedAuthorities=ALFRESCO_ADMINISTRATORS +inteligr8.asie.allowedAuthorities=GROUP_ALFRESCO_ADMINISTRATORS # same as solr.baseUrl, but that property is private to the Search subsystem inteligr8.asie.basePath=/solr