Project

General

Profile

« Previous | Next » 

Revision 60501

[Trunk | Admin Tools]:
1. pom.xml: Added dependency for spring security.
2. UoaAdminToolsApplication.java: Import AuthorizationConfiguration.class | Remove SecurityConfig.class from @EnableConfigurationProperties.
3. UoaAdminToolsConfiguration.java: Comment "addInterceptors()" method calling AuthorizationHandler with SecurityConfig.
4. SecurityConfig.java & AuthorizationHandler.java & AuthorizationUtils.java & CommunityInfo.java & UserInfo.java: Commented all contents of these files (files will be deleted in coming commit).
5. PortalSubscribersController.java: Comment imports from commeted files.
6. Notifications.java: Added field "aaiId" get getters and setters.
7. NotificationsController.java:
a. Method "getNotifications()" is replaced by "getNotificationsForUser()" (/community/{pid}/notifications) - returns notification settings only for user who made the request (uoa-authorization-li$
b. Path changed for method "getNotifications()": /community/{pid}/notifications/all
c. Remove "@RequestBody String email" parameter from method "deleteNotification()" - get email from user who made the request (uoa-authorization-library).
d. In method "saveNotification()" get aaiId and email from user who made the request (uoa-authorization-library).
e. Added checks and throw Exceptions in all methods.
f. Added @PreAuthorize
Portal Admins: "getNotifications()" (/community/{pid}/notifications/all)
Portal Admins - Curators - Managers: "getNotificationsForUser()" (/community/{pid}/notifications), "deleteNotification()" (/community/{pid}/notifications), "saveNotification()" (/communit$
8. ExploreController.java:
a. Added checks and throw Exceptions in all methods.
b. Added @PreAuthorize
Portal Admins: "updateExplore()" (/explore/update), "insertExplore()" (/explore/save), "deleteExplore()" (/explore/delete).
9. ConnectController.java:
a. Added checks and throw Exceptions in all methods.
b. Added @PreAuthorize
Portal Admins: "updateConnect()" (/connect/update), "insertConnect()" (/connect/save), "deleteConnect()" (/connect/delete).
c. Commented methods "getLayoutForConnect()" and "updateLayoutForConnect()" (/connect/{pid}/layout).
10. CommunityController.java:
a. Added checks and throw Exceptions in all methods.
b. Added @PreAuthorize
Portal Admins: "updateCommunity()" (/community/update), "insertCommunity()" (/community/save), "deleteCommunity()" (/community/delete).
Portal Admin - Curators - Managers: "updateLayoutForCommunity()" (/community/{pid}/layout).
11. CuratorController.java:
a. In "insertCurator() (/curator) set _id field with aaiId from user who made the request (uoa-authorization-library).
b. Added @PreAuthorize
Authenticated users: "getCuratorById()" (/curator/{id}), "insertCurator()" (/curator).
Portal Admins: "deleteCurators()" (/curator).

View differences:

modules/uoa-admin-tools/trunk/src/main/java/eu/dnetlib/uoaadmintools/handlers/utils/CommunityInfo.java
1
package eu.dnetlib.uoaadmintools.handlers.utils;
2

  
3
import com.google.gson.Gson;
4
import org.apache.log4j.Logger;
5

  
6
import java.io.BufferedReader;
7
import java.io.InputStreamReader;
8
import java.io.StringReader;
9
import java.net.HttpURLConnection;
10
import java.net.URL;
11
import java.util.ArrayList;
12
import java.util.List;
13

  
14
/**
15
 * Created by argirok on 27/2/2018.
16
 */
17
public class CommunityInfo {
18

  
19
    List<String> managers = new ArrayList<String>();
20
    private final Logger log = Logger.getLogger(this.getClass());
21

  
22
    public List<String> getManagers() {
23
        return managers;
24
    }
25

  
26
    public void setManagers(List<String> managers) {
27
        this.managers = managers;
28
    }
29

  
30
    private CommunityInfo getCommunityInfo(String communityAPI, String community) {
31
        String url = communityAPI + community;
32
        URL obj = null;
33
        String responseStr = null;
34
        log.debug("Community info url is " + url);
35

  
36
        try {
37
            obj = new URL(url);
38
            HttpURLConnection con = (HttpURLConnection) obj.openConnection();
39
            log.debug("User info response code is: " + con.getResponseCode());
40
            if (con.getResponseCode() != 200) {
41
                return null;
42
            }
43
            BufferedReader in = new BufferedReader(new InputStreamReader(con.getInputStream()));
44
            StringBuffer response = new StringBuffer();
45
            String inputLine;
46
            while ((inputLine = in.readLine()) != null) {
47
                response.append(inputLine).append("\n");
48
            }
49
            in.close();
50
            responseStr = response.toString();
51
        } catch (Exception e) {
52
            log.error("An error occured while trying to fetch user info ", e);
53
            return null;
54
        }
55
        return json2CommunityInfo(community);
56
    }
57
    private  CommunityInfo json2CommunityInfo(String json){
58

  
59
        log.debug("Try to create CommunityInfo class from json: "+json);
60
        if (json == null){
61
            return null;
62
        }
63

  
64
        BufferedReader br = new BufferedReader(new StringReader(json));
65
        //convert the json string back to object
66
        Gson gson = new Gson();
67
        CommunityInfo communityInfo = null;
68
        try {
69
            communityInfo = gson.fromJson(br, CommunityInfo.class);
70
        }catch(Exception e){
71
            log.debug("Error in parsing json response. Given json is : "+json, e);
72
            return null;
73
        }
74

  
75
        log.debug("Original response.........: "+communityInfo.toString());
76

  
77

  
78

  
79
        return communityInfo;
80
    }
81
}
1
//package eu.dnetlib.uoaadmintools.handlers.utils;
2
//
3
//import com.google.gson.Gson;
4
//import org.apache.log4j.Logger;
5
//
6
//import java.io.BufferedReader;
7
//import java.io.InputStreamReader;
8
//import java.io.StringReader;
9
//import java.net.HttpURLConnection;
10
//import java.net.URL;
11
//import java.util.ArrayList;
12
//import java.util.List;
13
//
14
///**
15
// * Created by argirok on 27/2/2018.
16
// */
17
//public class CommunityInfo {
18
//
19
//    List<String> managers = new ArrayList<String>();
20
//    private final Logger log = Logger.getLogger(this.getClass());
21
//
22
//    public List<String> getManagers() {
23
//        return managers;
24
//    }
25
//
26
//    public void setManagers(List<String> managers) {
27
//        this.managers = managers;
28
//    }
29
//
30
//    private CommunityInfo getCommunityInfo(String communityAPI, String community) {
31
//        String url = communityAPI + community;
32
//        URL obj = null;
33
//        String responseStr = null;
34
//        log.debug("Community info url is " + url);
35
//
36
//        try {
37
//            obj = new URL(url);
38
//            HttpURLConnection con = (HttpURLConnection) obj.openConnection();
39
//            log.debug("User info response code is: " + con.getResponseCode());
40
//            if (con.getResponseCode() != 200) {
41
//                return null;
42
//            }
43
//            BufferedReader in = new BufferedReader(new InputStreamReader(con.getInputStream()));
44
//            StringBuffer response = new StringBuffer();
45
//            String inputLine;
46
//            while ((inputLine = in.readLine()) != null) {
47
//                response.append(inputLine).append("\n");
48
//            }
49
//            in.close();
50
//            responseStr = response.toString();
51
//        } catch (Exception e) {
52
//            log.error("An error occured while trying to fetch user info ", e);
53
//            return null;
54
//        }
55
//        return json2CommunityInfo(community);
56
//    }
57
//    private  CommunityInfo json2CommunityInfo(String json){
58
//
59
//        log.debug("Try to create CommunityInfo class from json: "+json);
60
//        if (json == null){
61
//            return null;
62
//        }
63
//
64
//        BufferedReader br = new BufferedReader(new StringReader(json));
65
//        //convert the json string back to object
66
//        Gson gson = new Gson();
67
//        CommunityInfo communityInfo = null;
68
//        try {
69
//            communityInfo = gson.fromJson(br, CommunityInfo.class);
70
//        }catch(Exception e){
71
//            log.debug("Error in parsing json response. Given json is : "+json, e);
72
//            return null;
73
//        }
74
//
75
//        log.debug("Original response.........: "+communityInfo.toString());
76
//
77
//
78
//
79
//        return communityInfo;
80
//    }
81
//}
modules/uoa-admin-tools/trunk/src/main/java/eu/dnetlib/uoaadmintools/handlers/utils/AuthorizationUtils.java
1
package eu.dnetlib.uoaadmintools.handlers.utils;
2

  
3
import org.apache.log4j.Logger;
4

  
5
import javax.servlet.http.Cookie;
6
import javax.servlet.http.HttpServletRequest;
7
import java.io.BufferedReader;
8
import java.io.InputStreamReader;
9
import java.io.StringReader;
10
import java.net.HttpURLConnection;
11
import java.net.URL;
12
import java.util.Enumeration;
13

  
14
import com.google.gson.Gson;
15

  
16
/**
17
 * Created by argirok on 27/2/2018.
18
 */
19
public class AuthorizationUtils {
20
    private final Logger log = Logger.getLogger(this.getClass());
21
    private String userInfoUrl = null;
22
//    private String communityAPI ="";
23
//    List<String> adminRoles = new ArrayList<String>(Arrays.asList("Super Administrator",  "Portal Administrator"));
24
    private String originServer= null;
25
    public Boolean checkCookies(HttpServletRequest request){
26
        Boolean valid = true;
27
        String cookieValue = this.getCookie(request,"AccessToken");
28
        if(cookieValue == null || cookieValue.isEmpty()){
29
            log.info("no cookie available ");
30
            valid = false;
31
        }else {
32
            String headerValue = this.getHeadersInfo(request, "x-xsrf-token");
33
            if(headerValue == null || headerValue.isEmpty()){
34
                log.info("no header available ");
35
                valid = false;
36
            }else{
37
                if(!cookieValue.equals(headerValue)){
38
                    log.info("no proper header or cookie ");
39
                    valid = false;
40
                }else if(!hasValidOrigin(this.getHeadersInfo(request, "origin"))){
41
                    log.info("no proper origin ");
42
                    valid = false;
43
                }
44
            }
45
        }
46
        return valid;
47
    }
48
    public String getToken(HttpServletRequest request){
49
        return this.getHeadersInfo(request, "x-xsrf-token");
50
    }
51
    private String getCookie(HttpServletRequest request, String cookieName){
52
        if(request.getCookies() == null){
53
            return null;
54
        }
55
        for(Cookie c: request.getCookies()){
56
//            log.debug("cookie "+ c.getName()+ " "+ c.getValue());
57
            if(c.getName().equals(cookieName)){
58
                return c.getValue();
59
            }
60

  
61
        }
62
        return null;
63
    }
64
    private String getHeadersInfo(HttpServletRequest request, String name) {
65

  
66
        Enumeration headerNames = request.getHeaderNames();
67
        while (headerNames.hasMoreElements()) {
68
            String key = (String) headerNames.nextElement();
69
            String value = request.getHeader(key);
70
//            log.debug(" key: "+ key+" value: "+ value);
71
            if(name.equals(key)){
72
                return value;
73
            }
74
        }
75
        return null;
76
    }
77
    public boolean hasValidOrigin(String origin) {
78
        if (origin != null && origin.indexOf(originServer)!=-1) {
79
            return true;
80
        }
81
        log.debug("Not valid origin. Origin server is \"" + origin + "\", but expected value is \"" + originServer + "\". If the expec cted value is not right, check properties file. ");
82
        return false;
83
    }
84
    public  UserInfo getUserInfo(String accessToken){
85
        String url=userInfoUrl+accessToken;
86
        URL obj = null;
87
        String responseStr=null;
88
//        log.debug("User info url is "+url);
89

  
90
        try {
91
            obj = new URL(url);
92
            HttpURLConnection con = (HttpURLConnection) obj.openConnection();
93
            if (con.getResponseCode() != 200) {
94
                log.debug("User info response code is: " + con.getResponseCode());
95
                return null;
96
            }
97
            BufferedReader in = new BufferedReader(new InputStreamReader(con.getInputStream()));
98
            StringBuffer response = new StringBuffer();
99
            String inputLine;
100
            while ((inputLine = in.readLine()) != null) {
101
                response.append(inputLine).append("\n");
102
            }
103
            in.close();
104
            responseStr = response.toString();
105
        }catch(Exception e){
106
            log.error("An error occured while trying to fetch user info ",e);
107
            return null;
108
        }
109
        return json2UserInfo(responseStr);
110
    }
111
    private  UserInfo json2UserInfo(String json) {
112

  
113
//        log.debug("Try to create userInfo class from json: "+json);
114
        if (json == null){
115
            return null;
116
        }
117

  
118
        BufferedReader br = new BufferedReader(new StringReader(json));
119
        //convert the json string back to object
120
        Gson gson = new Gson();
121
        UserInfo userInfo = null;
122
        try {
123
            userInfo = gson.fromJson(br, UserInfo.class);
124
        }catch(Exception e){
125
            log.debug("Error in parsing json response. Given json is : "+json, e);
126
            return null;
127
        }
128

  
129
//        log.debug("Original response.........: "+userInfo.toString());
130
        try {
131
            if(userInfo != null && userInfo.getEdu_person_entitlements() != null ) {
132

  
133
                for (int i = 0; i < userInfo.getEdu_person_entitlements().size(); i++) {
134
                    String role = userInfo.getEdu_person_entitlements().get(i);
135
//                    log.debug("AAI role: "+role);
136
                    role = role.split(":")[role.split(":").length-1];
137
                    role = role.replace("+"," ");
138
//                    log.debug("Adding parsed role : "+role);
139
                    userInfo.getEdu_person_entitlements().set(i,role);
140
                }
141
            }
142
        }catch(Exception e){
143
            log.debug("Error in parsing  Edu_person_entitlements : ",e);
144
            return null;
145
        }
146
//        log.debug("After handling roles : "+userInfo.toString());
147

  
148

  
149
        return userInfo;
150
    }
151
    public boolean isAuthorized(String token) {
152
        UserInfo userInfo = getUserInfo(token);
153
        if (userInfo != null ) {
154
            return true;
155
        } else {
156
            log.debug(" User has no Valid UserInfo");
157
            return false;
158
        }
159

  
160
    }
161

  
162
    public String getUserInfoUrl() {
163
        return userInfoUrl;
164
    }
165

  
166
    public String getOriginServer() {
167
        return originServer;
168
    }
169

  
170
    public void setUserInfoUrl(String userInfoUrl) {
171
        this.userInfoUrl = userInfoUrl;
172
    }
173

  
174
    public void setOriginServer(String originServer) {
175
        this.originServer = originServer;
176
    }
177
    //    private boolean hasRole(List<String> givenRoles, List<String> authorizedRoles) {
178
//        log.debug("It's  registered with role " + givenRoles);
179
//        for (String gRole : givenRoles) {
180
//            if (authorizedRoles.indexOf(gRole) != -1) {
181
//                return true;
1
//package eu.dnetlib.uoaadmintools.handlers.utils;
2
//
3
//import org.apache.log4j.Logger;
4
//
5
//import javax.servlet.http.Cookie;
6
//import javax.servlet.http.HttpServletRequest;
7
//import java.io.BufferedReader;
8
//import java.io.InputStreamReader;
9
//import java.io.StringReader;
10
//import java.net.HttpURLConnection;
11
//import java.net.URL;
12
//import java.util.Enumeration;
13
//
14
//import com.google.gson.Gson;
15
//
16
///**
17
// * Created by argirok on 27/2/2018.
18
// */
19
//public class AuthorizationUtils {
20
//    private final Logger log = Logger.getLogger(this.getClass());
21
//    private String userInfoUrl = null;
22
////    private String communityAPI ="";
23
////    List<String> adminRoles = new ArrayList<String>(Arrays.asList("Super Administrator",  "Portal Administrator"));
24
//    private String originServer= null;
25
//    public Boolean checkCookies(HttpServletRequest request){
26
//        Boolean valid = true;
27
//        String cookieValue = this.getCookie(request,"AccessToken");
28
//        if(cookieValue == null || cookieValue.isEmpty()){
29
//            log.info("no cookie available ");
30
//            valid = false;
31
//        }else {
32
//            String headerValue = this.getHeadersInfo(request, "x-xsrf-token");
33
//            if(headerValue == null || headerValue.isEmpty()){
34
//                log.info("no header available ");
35
//                valid = false;
36
//            }else{
37
//                if(!cookieValue.equals(headerValue)){
38
//                    log.info("no proper header or cookie ");
39
//                    valid = false;
40
//                }else if(!hasValidOrigin(this.getHeadersInfo(request, "origin"))){
41
//                    log.info("no proper origin ");
42
//                    valid = false;
43
//                }
182 44
//            }
183 45
//        }
184
//        log.debug("Not Authorized. Authorized roles are" + authorizedRoles);
185
//        return false;
46
//        return valid;
47
//    }
48
//    public String getToken(HttpServletRequest request){
49
//        return this.getHeadersInfo(request, "x-xsrf-token");
50
//    }
51
//    private String getCookie(HttpServletRequest request, String cookieName){
52
//        if(request.getCookies() == null){
53
//            return null;
54
//        }
55
//        for(Cookie c: request.getCookies()){
56
////            log.debug("cookie "+ c.getName()+ " "+ c.getValue());
57
//            if(c.getName().equals(cookieName)){
58
//                return c.getValue();
59
//            }
186 60
//
61
//        }
62
//        return null;
187 63
//    }
188
//    private boolean isCommunityManager(String community, String email) {
64
//    private String getHeadersInfo(HttpServletRequest request, String name) {
189 65
//
190
//        CommunityInfo communityInfo = getCommunityInfo(community);
191
//        if(communityInfo != null && communityInfo.getManagers() != null ) {
192
//
193
//            for (int i = 0; i < communityInfo.getManagers().size(); i++) {
194
//                String manager = communityInfo.getManagers().get(i);
195
//                log.debug("Community manager: "+manager);
196
//
66
//        Enumeration headerNames = request.getHeaderNames();
67
//        while (headerNames.hasMoreElements()) {
68
//            String key = (String) headerNames.nextElement();
69
//            String value = request.getHeader(key);
70
////            log.debug(" key: "+ key+" value: "+ value);
71
//            if(name.equals(key)){
72
//                return value;
197 73
//            }
198 74
//        }
75
//        return null;
76
//    }
77
//    public boolean hasValidOrigin(String origin) {
78
//        if (origin != null && origin.indexOf(originServer)!=-1) {
79
//            return true;
80
//        }
81
//        log.debug("Not valid origin. Origin server is \"" + origin + "\", but expected value is \"" + originServer + "\". If the expec cted value is not right, check properties file. ");
199 82
//        return false;
200
//
201 83
//    }
202
//    private CommunityInfo getCommunityInfo(String community) {
203
//        String url = userInfoUrl + community;
84
//    public  UserInfo getUserInfo(String accessToken){
85
//        String url=userInfoUrl+accessToken;
204 86
//        URL obj = null;
205
//        String responseStr = null;
206
//        log.debug("Community info url is " + url);
87
//        String responseStr=null;
88
////        log.debug("User info url is "+url);
207 89
//
208 90
//        try {
209 91
//            obj = new URL(url);
210 92
//            HttpURLConnection con = (HttpURLConnection) obj.openConnection();
211
//            log.debug("User info response code is: " + con.getResponseCode());
212 93
//            if (con.getResponseCode() != 200) {
94
//                log.debug("User info response code is: " + con.getResponseCode());
213 95
//                return null;
214 96
//            }
215 97
//            BufferedReader in = new BufferedReader(new InputStreamReader(con.getInputStream()));
......
220 102
//            }
221 103
//            in.close();
222 104
//            responseStr = response.toString();
223
//        } catch (Exception e) {
224
//            log.error("An error occured while trying to fetch user info ", e);
105
//        }catch(Exception e){
106
//            log.error("An error occured while trying to fetch user info ",e);
225 107
//            return null;
226 108
//        }
227
//        return json2CommunityInfo(community);
109
//        return json2UserInfo(responseStr);
228 110
//    }
229
//    private  CommunityInfo json2CommunityInfo(String json){
111
//    private  UserInfo json2UserInfo(String json) {
230 112
//
231
//        log.debug("Try to create CommunityInfo class from json: "+json);
113
////        log.debug("Try to create userInfo class from json: "+json);
232 114
//        if (json == null){
233 115
//            return null;
234 116
//        }
......
236 118
//        BufferedReader br = new BufferedReader(new StringReader(json));
237 119
//        //convert the json string back to object
238 120
//        Gson gson = new Gson();
239
//        CommunityInfo communityInfo = null;
121
//        UserInfo userInfo = null;
240 122
//        try {
241
//            communityInfo = gson.fromJson(br, CommunityInfo.class);
123
//            userInfo = gson.fromJson(br, UserInfo.class);
242 124
//        }catch(Exception e){
243 125
//            log.debug("Error in parsing json response. Given json is : "+json, e);
244 126
//            return null;
245 127
//        }
246 128
//
247
//        log.debug("Original response.........: "+communityInfo.toString());
129
////        log.debug("Original response.........: "+userInfo.toString());
130
//        try {
131
//            if(userInfo != null && userInfo.getEdu_person_entitlements() != null ) {
248 132
//
133
//                for (int i = 0; i < userInfo.getEdu_person_entitlements().size(); i++) {
134
//                    String role = userInfo.getEdu_person_entitlements().get(i);
135
////                    log.debug("AAI role: "+role);
136
//                    role = role.split(":")[role.split(":").length-1];
137
//                    role = role.replace("+"," ");
138
////                    log.debug("Adding parsed role : "+role);
139
//                    userInfo.getEdu_person_entitlements().set(i,role);
140
//                }
141
//            }
142
//        }catch(Exception e){
143
//            log.debug("Error in parsing  Edu_person_entitlements : ",e);
144
//            return null;
145
//        }
146
////        log.debug("After handling roles : "+userInfo.toString());
249 147
//
250 148
//
251
//        return communityInfo;
149
//        return userInfo;
252 150
//    }
253
}
151
//    public boolean isAuthorized(String token) {
152
//        UserInfo userInfo = getUserInfo(token);
153
//        if (userInfo != null ) {
154
//            return true;
155
//        } else {
156
//            log.debug(" User has no Valid UserInfo");
157
//            return false;
158
//        }
159
//
160
//    }
161
//
162
//    public String getUserInfoUrl() {
163
//        return userInfoUrl;
164
//    }
165
//
166
//    public String getOriginServer() {
167
//        return originServer;
168
//    }
169
//
170
//    public void setUserInfoUrl(String userInfoUrl) {
171
//        this.userInfoUrl = userInfoUrl;
172
//    }
173
//
174
//    public void setOriginServer(String originServer) {
175
//        this.originServer = originServer;
176
//    }
177
//    //    private boolean hasRole(List<String> givenRoles, List<String> authorizedRoles) {
178
////        log.debug("It's  registered with role " + givenRoles);
179
////        for (String gRole : givenRoles) {
180
////            if (authorizedRoles.indexOf(gRole) != -1) {
181
////                return true;
182
////            }
183
////        }
184
////        log.debug("Not Authorized. Authorized roles are" + authorizedRoles);
185
////        return false;
186
////
187
////    }
188
////    private boolean isCommunityManager(String community, String email) {
189
////
190
////        CommunityInfo communityInfo = getCommunityInfo(community);
191
////        if(communityInfo != null && communityInfo.getManagers() != null ) {
192
////
193
////            for (int i = 0; i < communityInfo.getManagers().size(); i++) {
194
////                String manager = communityInfo.getManagers().get(i);
195
////                log.debug("Community manager: "+manager);
196
////
197
////            }
198
////        }
199
////        return false;
200
////
201
////    }
202
////    private CommunityInfo getCommunityInfo(String community) {
203
////        String url = userInfoUrl + community;
204
////        URL obj = null;
205
////        String responseStr = null;
206
////        log.debug("Community info url is " + url);
207
////
208
////        try {
209
////            obj = new URL(url);
210
////            HttpURLConnection con = (HttpURLConnection) obj.openConnection();
211
////            log.debug("User info response code is: " + con.getResponseCode());
212
////            if (con.getResponseCode() != 200) {
213
////                return null;
214
////            }
215
////            BufferedReader in = new BufferedReader(new InputStreamReader(con.getInputStream()));
216
////            StringBuffer response = new StringBuffer();
217
////            String inputLine;
218
////            while ((inputLine = in.readLine()) != null) {
219
////                response.append(inputLine).append("\n");
220
////            }
221
////            in.close();
222
////            responseStr = response.toString();
223
////        } catch (Exception e) {
224
////            log.error("An error occured while trying to fetch user info ", e);
225
////            return null;
226
////        }
227
////        return json2CommunityInfo(community);
228
////    }
229
////    private  CommunityInfo json2CommunityInfo(String json){
230
////
231
////        log.debug("Try to create CommunityInfo class from json: "+json);
232
////        if (json == null){
233
////            return null;
234
////        }
235
////
236
////        BufferedReader br = new BufferedReader(new StringReader(json));
237
////        //convert the json string back to object
238
////        Gson gson = new Gson();
239
////        CommunityInfo communityInfo = null;
240
////        try {
241
////            communityInfo = gson.fromJson(br, CommunityInfo.class);
242
////        }catch(Exception e){
243
////            log.debug("Error in parsing json response. Given json is : "+json, e);
244
////            return null;
245
////        }
246
////
247
////        log.debug("Original response.........: "+communityInfo.toString());
248
////
249
////
250
////
251
////        return communityInfo;
252
////    }
253
//}
modules/uoa-admin-tools/trunk/src/main/java/eu/dnetlib/uoaadmintools/handlers/utils/UserInfo.java
1
package eu.dnetlib.uoaadmintools.handlers.utils;
2

  
3
import java.util.ArrayList;
4
import java.util.List;
5

  
6
/**
7
 * Created by argirok on 23/6/2017.
8
 */
9
public class UserInfo {
10
    String name;
11
    String email;
12
    List<String> edu_person_entitlements =  new ArrayList<String>();
13

  
14
    @Override
15
    public String toString() {
16
        return "UserInfo{" +
17
                "name='" + name + '\'' +
18
                ", email='" + email + '\'' +
19
                ", edu_person_entitlements=" + edu_person_entitlements +
20
                '}';
21
    }
22

  
23
    public String getName() {
24
        return name;
25
    }
26

  
27
    public void setName(String name) {
28
        this.name = name;
29
    }
30

  
31
    public String getEmail() {
32
        return email;
33
    }
34

  
35
    public void setEmail(String email) {
36
        this.email = email;
37
    }
38

  
39
    public List<String> getEdu_person_entitlements() {
40
        return edu_person_entitlements;
41
    }
42

  
43
    public void setEdu_person_entitlements(List<String> edu_person_entitlements) {
44
        this.edu_person_entitlements = edu_person_entitlements;
45
    }
46
}
1
//package eu.dnetlib.uoaadmintools.handlers.utils;
2
//
3
//import java.util.ArrayList;
4
//import java.util.List;
5
//
6
///**
7
// * Created by argirok on 23/6/2017.
8
// */
9
//public class UserInfo {
10
//    String name;
11
//    String email;
12
//    List<String> edu_person_entitlements =  new ArrayList<String>();
13
//
14
//    @Override
15
//    public String toString() {
16
//        return "UserInfo{" +
17
//                "name='" + name + '\'' +
18
//                ", email='" + email + '\'' +
19
//                ", edu_person_entitlements=" + edu_person_entitlements +
20
//                '}';
21
//    }
22
//
23
//    public String getName() {
24
//        return name;
25
//    }
26
//
27
//    public void setName(String name) {
28
//        this.name = name;
29
//    }
30
//
31
//    public String getEmail() {
32
//        return email;
33
//    }
34
//
35
//    public void setEmail(String email) {
36
//        this.email = email;
37
//    }
38
//
39
//    public List<String> getEdu_person_entitlements() {
40
//        return edu_person_entitlements;
41
//    }
42
//
43
//    public void setEdu_person_entitlements(List<String> edu_person_entitlements) {
44
//        this.edu_person_entitlements = edu_person_entitlements;
45
//    }
46
//}
modules/uoa-admin-tools/trunk/src/main/java/eu/dnetlib/uoaadmintools/handlers/AuthorizationHandler.java
1
package eu.dnetlib.uoaadmintools.handlers;
2

  
3
import eu.dnetlib.uoaadmintools.handlers.utils.AuthorizationUtils;
4
import org.apache.log4j.Logger;
5
import org.springframework.beans.factory.annotation.Value;
6
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
7

  
8
import javax.servlet.http.HttpServletRequest;
9
import javax.servlet.http.HttpServletResponse;
10
import java.util.List;
11

  
12
/**
13
 * Created by argirok on 23/2/2018.
14
 */
15
public class AuthorizationHandler extends HandlerInterceptorAdapter {
16
    private final Logger log = Logger.getLogger(this.getClass());
17
    private AuthorizationUtils helper = new AuthorizationUtils();
18
    private List<String> allowedPostRequests;
19

  
20
    public AuthorizationHandler(String userInfoUrl, String originServer, List<String> allowedPostRequests){
21
        helper.setOriginServer(originServer);
22
        helper.setUserInfoUrl(userInfoUrl);
23
        this.allowedPostRequests = allowedPostRequests;
24
    }
25
    @Override
26
    public boolean preHandle(
27
            HttpServletRequest request,
28
            HttpServletResponse response,
29
            Object handler) throws Exception {
30
//        log.debug("request method " + request.getRemoteHost());
31
//        log.debug("properties: " + helper.getOriginServer() + " "+ helper.getUserInfoUrl());
32
//        log.debug(allowedPostRequests);
33
//        log.debug(allowedPostRequests.contains(request.getServletPath()));
34
//        log.debug(request.getServletPath());
35
        if((request.getMethod().equals("POST") || request.getMethod().equals("DELETE")) &&
36
        !allowedPostRequests.contains(request.getServletPath())) {
37
            //TODO check domain & check user info
38
            if(!this.helper.checkCookies(request) || !helper.isAuthorized(helper.getToken(request))){
39

  
40
                response.setHeader("Access-Control-Allow-Credentials","true");
41
                response.setHeader("Access-Control-Allow-Origin","*");
42
                response.setHeader("Vary","Origin");
43

  
44
                response.setStatus(403);
45
                response.sendError(403, "Forbidden: You don't have permission to access. Maybe you are not registered.");
46
                return false;
47
            }
48

  
49
        }
50
        return true;
51
    }
52

  
53

  
1
//package eu.dnetlib.uoaadmintools.handlers;
2
//
3
//import eu.dnetlib.uoaadmintools.handlers.utils.AuthorizationUtils;
4
//import org.apache.log4j.Logger;
5
//import org.springframework.beans.factory.annotation.Value;
6
//import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
7
//
8
//import javax.servlet.http.HttpServletRequest;
9
//import javax.servlet.http.HttpServletResponse;
10
//import java.util.List;
11
//
12
///**
13
// * Created by argirok on 23/2/2018.
14
// */
15
//public class AuthorizationHandler extends HandlerInterceptorAdapter {
16
//    private final Logger log = Logger.getLogger(this.getClass());
17
//    private AuthorizationUtils helper = new AuthorizationUtils();
18
//    private List<String> allowedPostRequests;
19
//
20
//    public AuthorizationHandler(String userInfoUrl, String originServer, List<String> allowedPostRequests){
21
//        helper.setOriginServer(originServer);
22
//        helper.setUserInfoUrl(userInfoUrl);
23
//        this.allowedPostRequests = allowedPostRequests;
24
//    }
54 25
//    @Override
55
//    public void postHandle(
26
//    public boolean preHandle(
56 27
//            HttpServletRequest request,
57 28
//            HttpServletResponse response,
58
//            Object handler,
59
//            ModelAndView modelAndView) throws Exception {
60
//        log.info("I am here - postHandle ");
29
//            Object handler) throws Exception {
30
////        log.debug("request method " + request.getRemoteHost());
31
////        log.debug("properties: " + helper.getOriginServer() + " "+ helper.getUserInfoUrl());
32
////        log.debug(allowedPostRequests);
33
////        log.debug(allowedPostRequests.contains(request.getServletPath()));
34
////        log.debug(request.getServletPath());
35
//        if((request.getMethod().equals("POST") || request.getMethod().equals("DELETE")) &&
36
//        !allowedPostRequests.contains(request.getServletPath())) {
37
//            //TODO check domain & check user info
38
//            if(!this.helper.checkCookies(request) || !helper.isAuthorized(helper.getToken(request))){
39
//
40
//                response.setHeader("Access-Control-Allow-Credentials","true");
41
//                response.setHeader("Access-Control-Allow-Origin","*");
42
//                response.setHeader("Vary","Origin");
43
//
44
//                response.setStatus(403);
45
//                response.sendError(403, "Forbidden: You don't have permission to access. Maybe you are not registered.");
46
//                return false;
47
//            }
48
//
49
//        }
50
//        return true;
61 51
//    }
62 52
//
63
//    @Override
64
//    public void afterCompletion(
65
//            HttpServletRequest request,
66
//            HttpServletResponse response,
67
//            Object handler, Exception ex) {
68
//        log.info("I am here - afterCompletion ");
69
//    }
70

  
71
}
53
//
54
////    @Override
55
////    public void postHandle(
56
////            HttpServletRequest request,
57
////            HttpServletResponse response,
58
////            Object handler,
59
////            ModelAndView modelAndView) throws Exception {
60
////        log.info("I am here - postHandle ");
61
////    }
62
////
63
////    @Override
64
////    public void afterCompletion(
65
////            HttpServletRequest request,
66
////            HttpServletResponse response,
67
////            Object handler, Exception ex) {
68
////        log.info("I am here - afterCompletion ");
69
////    }
70
//
71
//}
modules/uoa-admin-tools/trunk/src/main/java/eu/dnetlib/uoaadmintools/UoaAdminToolsApplication.java
1 1
package eu.dnetlib.uoaadmintools;
2 2

  
3 3
import eu.dnetlib.uoaadmintools.configuration.properties.MongoConfig;
4
import eu.dnetlib.uoaadmintools.configuration.properties.SecurityConfig;
4
//import eu.dnetlib.uoaadmintools.configuration.properties.SecurityConfig;
5 5
//import eu.dnetlib.uoaauthorizationlibrary.configuration.AuthorizationConfiguration;
6
import eu.dnetlib.uoaauthorizationlibrary.configuration.AuthorizationConfiguration;
6 7
import org.springframework.boot.SpringApplication;
7 8
import org.springframework.boot.autoconfigure.SpringBootApplication;
8 9
import org.springframework.boot.context.properties.EnableConfigurationProperties;
......
15 16
        @PropertySource("classpath:admintools.properties"),
16 17
        @PropertySource(value = "classpath:dnet-override.properties", ignoreResourceNotFound = true)
17 18
})
18
@EnableConfigurationProperties({SecurityConfig.class, MongoConfig.class})
19
//@Import(AuthorizationConfiguration.class)
19
//SecurityConfig.class,
20
@EnableConfigurationProperties({MongoConfig.class})
21
@Import(AuthorizationConfiguration.class)
20 22
public class UoaAdminToolsApplication {
21 23

  
22 24
    public static void main(String[] args) {
modules/uoa-admin-tools/trunk/src/main/java/eu/dnetlib/uoaadmintools/entities/Notifications.java
14 14
    Boolean notifyForNewSubscribers = true;
15 15
    String managerEmail;
16 16
    String portalPid;
17
    String aaiId;
18

  
17 19
    public Notifications(){
18 20

  
19 21
    }
......
62 64
        this.portalPid = portalPid;
63 65
    }
64 66

  
67
    public String getAaiId() {
68
        return aaiId;
69
    }
70

  
71
    public void setAaiId(String aaiId) {
72
        this.aaiId = aaiId;
73
    }
74

  
65 75
    @Override
66 76
    public String toString() {
67 77
        return "Notifications{" +
modules/uoa-admin-tools/trunk/src/main/java/eu/dnetlib/uoaadmintools/UoaAdminToolsConfiguration.java
1 1
package eu.dnetlib.uoaadmintools;
2 2

  
3
import eu.dnetlib.uoaadmintools.configuration.properties.SecurityConfig;
4
import eu.dnetlib.uoaadmintools.handlers.AuthorizationHandler;
3
//import eu.dnetlib.uoaadmintools.configuration.properties.SecurityConfig;
4
//import eu.dnetlib.uoaadmintools.handlers.AuthorizationHandler;
5 5
import org.apache.log4j.Logger;
6 6
import org.springframework.beans.factory.annotation.Autowired;
7 7
import org.springframework.context.annotation.Bean;
......
18 18
public class UoaAdminToolsConfiguration extends WebMvcConfigurerAdapter {
19 19
    private final Logger log = Logger.getLogger(this.getClass());
20 20

  
21
    @Autowired
22
    private SecurityConfig securityConfig;
21
//    @Autowired
22
//    private SecurityConfig securityConfig;
23 23

  
24 24

  
25 25
    @Bean
......
27 27
        return new PropertySourcesPlaceholderConfigurer();
28 28
    }
29 29

  
30
    @Override
31
    public void addInterceptors(InterceptorRegistry registry) {
32
        registry.addInterceptor(new AuthorizationHandler(securityConfig.getUserInfoUrl(), securityConfig.getOriginServer(), securityConfig.getPostsAllowed()))
33
                .addPathPatterns("/**");
30
//    @Override
31
//    public void addInterceptors(InterceptorRegistry registry) {
32
//        registry.addInterceptor(new AuthorizationHandler(securityConfig.getUserInfoUrl(), securityConfig.getOriginServer(), securityConfig.getPostsAllowed()))
33
//                .addPathPatterns("/**");
34
//
35
//    }
34 36

  
35
    }
36

  
37 37
}
modules/uoa-admin-tools/trunk/src/main/java/eu/dnetlib/uoaadmintools/controllers/ExploreController.java
2 2

  
3 3
import eu.dnetlib.uoaadmintoolslibrary.entities.Portal;
4 4
import eu.dnetlib.uoaadmintoolslibrary.entities.fullEntities.*;
5
import eu.dnetlib.uoaadmintoolslibrary.handlers.ContentNotFoundException;
6
import eu.dnetlib.uoaadmintoolslibrary.handlers.MismatchingContentException;
5 7
import eu.dnetlib.uoaadmintoolslibrary.services.PortalService;
6 8
import org.apache.log4j.Logger;
9
import org.springframework.security.access.prepost.PreAuthorize;
7 10
import org.springframework.web.bind.annotation.*;
8 11
import org.springframework.beans.factory.annotation.Autowired;
9 12

  
......
12 15
@RestController
13 16
@RequestMapping("/explore")
14 17
@CrossOrigin(origins = "*")
15
//@PreAuthorize("hasAnyAuthority(@AuthorizationService.SUPER_ADMIN, @AuthorizationService.PORTAL_ADMIN)")
18
@PreAuthorize("hasAnyAuthority(@AuthorizationService.PORTAL_ADMIN)")
16 19
public class ExploreController {
17 20
    private final Logger log = Logger.getLogger(this.getClass());
18 21

  
19 22
    @Autowired
20 23
    private PortalService portalService;
21 24

  
22
//    @PreAuthorize("hasAnyAuthority(@AuthorizationService.SUPER_ADMIN, @AuthorizationService.PORTAL_ADMIN)")
23 25
    @RequestMapping(value = "/update", method = RequestMethod.POST)
24 26
    public PortalResponse updateExplore(@RequestBody Portal portal) {
27
        if(!portal.getType().equals("explore")) {
28
            // EXCEPTION - MismatchingContent
29
            throw new MismatchingContentException("Update Explore: Portal with id: "+portal.getId()+" has type: "+portal.getType()+" instead of explore");
30
        }
25 31
        PortalResponse portalResponse = portalService.updatePortal(portal);
26 32
        return portalResponse;
27 33
    }
28 34

  
29
//    @PreAuthorize("hasAnyAuthority(@AuthorizationService.SUPER_ADMIN, @AuthorizationService.PORTAL_ADMIN)")
30 35
    @RequestMapping(value = "/save", method = RequestMethod.POST)
31 36
    public PortalResponse insertExplore(@RequestBody Portal portal) {
37
        if(!portal.getType().equals("explore")) {
38
            // EXCEPTION - MismatchingContent
39
            throw new MismatchingContentException("Save Explore: Portal with id: "+portal.getId()+" has type: "+portal.getType()+" instead of explore");
40
        }
32 41
        PortalResponse portalResponse = portalService.insertPortal(portal);
33 42
        return portalResponse;
34 43
    }
35 44

  
36 45
    // cannot handle MismatchingContent
37
//    @PreAuthorize("hasAnyAuthority(@AuthorizationService.SUPER_ADMIN, @AuthorizationService.PORTAL_ADMIN)")
38 46
    @RequestMapping(value = "/delete", method = RequestMethod.POST)
39 47
    public Boolean deleteExplore(@RequestBody List<String> portals) throws Exception {
40 48
        for (String id : portals) {
49
            Portal portal = portalService.getPortalById(id);
50
            if(portal == null) {
51
                // EXCEPTION - Entity Not Found
52
                throw new ContentNotFoundException("Delete Explore: Portal with id: " + id + " not found");
53
            }
54
            if(!portal.getType().equals("explore")) {
55
                // EXCEPTION - MismatchingContent
56
                throw new MismatchingContentException("Delete Explore: Portal with id: "+id+" has type: "+portal.getType()+" instead of explore");
57
            }
41 58
            portalService.deletePortal(id);
42 59
        }
43 60

  
modules/uoa-admin-tools/trunk/src/main/java/eu/dnetlib/uoaadmintools/controllers/CuratorController.java
3 3
import eu.dnetlib.uoaadmintools.dao.CuratorDAO;
4 4
import eu.dnetlib.uoaadmintools.entities.curator.Curator;
5 5
import eu.dnetlib.uoaadmintools.entities.curator.CuratorResponse;
6
import eu.dnetlib.uoaadmintoolslibrary.handlers.utils.RolesUtils;
6 7
import org.apache.log4j.Logger;
7 8
import org.springframework.beans.factory.annotation.Autowired;
9
import org.springframework.security.access.prepost.PreAuthorize;
8 10
import org.springframework.web.bind.annotation.*;
9 11

  
10 12
import java.util.ArrayList;
......
19 21
    @Autowired
20 22
    private CuratorDAO curatorDAO;
21 23

  
24
    @Autowired
25
    private RolesUtils rolesUtils;
22 26

  
23 27
    /**
24 28
     * Return a list with curator. If list of emails does not existed return all curators, else return
......
51 55
     * @param id
52 56
     * @return
53 57
     */
58
    @PreAuthorize("isAuthenticated()")
54 59
    @RequestMapping(value = "/curator/{id}", method = RequestMethod.GET)
55 60
    public Curator getCuratorById(@PathVariable String id) {
56 61
        return curatorDAO.findById(id);
......
62 67
     * @param curator
63 68
     * @return
64 69
     */
70
    @PreAuthorize("isAuthenticated()")
65 71
    @RequestMapping(value = "/curator", method = RequestMethod.POST)
66 72
    public Curator insertCurator(@RequestBody Curator curator) {
73
        String aaiId = rolesUtils.getAaiId();
74
        curator.setId(aaiId);
67 75
        return curatorDAO.save(curator);
68 76
    }
69 77

  
......
73 81
     *
74 82
     * @param emails
75 83
     */
84
    @PreAuthorize("hasAnyAuthority(@AuthorizationService.PORTAL_ADMIN)")
76 85
    @RequestMapping(value = "/curator", method = RequestMethod.DELETE)
77 86
    public void deleteCurators(@RequestBody(required = false) Optional<List<String>> emails) {
78 87
        if(emails.isPresent()) {
modules/uoa-admin-tools/trunk/src/main/java/eu/dnetlib/uoaadmintools/controllers/CommunityController.java
7 7
import eu.dnetlib.uoaadmintools.services.SubscriberService;
8 8
import eu.dnetlib.uoaadmintoolslibrary.entities.Portal;
9 9
import eu.dnetlib.uoaadmintoolslibrary.entities.fullEntities.*;
10
import eu.dnetlib.uoaadmintoolslibrary.handlers.ContentNotFoundException;
11
import eu.dnetlib.uoaadmintoolslibrary.handlers.ForbiddenException;
12
import eu.dnetlib.uoaadmintoolslibrary.handlers.MismatchingContentException;
13
import eu.dnetlib.uoaadmintoolslibrary.handlers.utils.RolesUtils;
10 14
import eu.dnetlib.uoaadmintoolslibrary.services.PortalService;
11 15
import org.apache.log4j.Logger;
12 16
import org.springframework.web.bind.annotation.*;
13 17
import org.springframework.beans.factory.annotation.Autowired;
14 18

  
15 19
import java.util.*;
20
import org.springframework.security.access.prepost.PreAuthorize;
16 21

  
17 22
@RestController
18 23
@RequestMapping("/community")
......
21 26
    private final Logger log = Logger.getLogger(this.getClass());
22 27

  
23 28
    @Autowired
29
    private RolesUtils rolesUtils;
30

  
31
    @Autowired
24 32
    private LayoutService layoutService;
25 33

  
26 34
    @Autowired
......
45 53
        return portalService.getAllPortalsFullByType("community");
46 54
    }
47 55

  
48
//    @PreAuthorize("hasAnyAuthority(@AuthorizationService.SUPER_ADMIN, @AuthorizationService.PORTAL_ADMIN)")
56
    @PreAuthorize("hasAnyAuthority(@AuthorizationService.PORTAL_ADMIN)")
49 57
    @RequestMapping(value = "/update", method = RequestMethod.POST)
50 58
    public PortalResponse updateCommunity(@RequestBody Portal portal) {
59
        if(!portal.getType().equals("community")) {
60
            // EXCEPTION - MismatchingContent
61
            throw new MismatchingContentException("Update Community: Portal with id: "+portal.getId()+" has type: "+portal.getType()+" instead of community");
62
        }
63

  
51 64
        String old_pid = portalService.getPortalById(portal.getId()).getPid();
52 65
        String new_pid = portal.getPid();
53 66

  
......
64 77
        return portalResponse;
65 78
    }
66 79

  
67
//    @PreAuthorize("hasAnyAuthority(@AuthorizationService.SUPER_ADMIN, @AuthorizationService.PORTAL_ADMIN)")
80
    @PreAuthorize("hasAnyAuthority(@AuthorizationService.PORTAL_ADMIN)")
68 81
    @RequestMapping(value = "/save", method = RequestMethod.POST)
69 82
    public PortalResponse insertCommunity(@RequestBody Portal portal) {
83
        if(!portal.getType().equals("community")) {
84
            // EXCEPTION - MismatchingContent
85
            throw new MismatchingContentException("Save Community: Portal with id: "+portal.getId()+" has type: "+portal.getType()+" instead of community");
86
        }
87

  
70 88
        PortalResponse portalResponse = portalService.insertPortal(portal);
71 89

  
72 90
        statisticsService.createPortalStatistics(portal.getPid());
......
75 93
        return portalResponse;
76 94
    }
77 95

  
78
    // cannot handle MismatchingContent
79
//    @PreAuthorize("hasAnyAuthority(@AuthorizationService.SUPER_ADMIN, @AuthorizationService.PORTAL_ADMIN)")
96
    @PreAuthorize("hasAnyAuthority(@AuthorizationService.PORTAL_ADMIN)")
80 97
    @RequestMapping(value = "/delete", method = RequestMethod.POST)
81 98
    public Boolean deleteCommunities(@RequestBody List<String> portals) {
99
        List<String> roles = rolesUtils.getRoles();
100

  
82 101
        for (String id: portals) {
102
            Portal portal = portalService.getPortalById(id);
103
            if(portal == null) {
104
                // EXCEPTION - Entity Not Found
105
                throw new ContentNotFoundException("Delete community: Portal with id: " + id + " not found");
106
            }
107
            if(!portal.getType().equals("community")) {
108
                // EXCEPTION - MismatchingContent
109
                throw new MismatchingContentException("Delete Community: Portal with id: "+id+" has type: "+portal.getType()+" instead of community");
110
            }
111

  
83 112
            String pid = portalService.deletePortal(id);
84 113

  
85 114
            statisticsService.deleteByPid(pid);
......
93 122

  
94 123
    @RequestMapping(value = "/{pid}/layout", method = RequestMethod.GET)
95 124
    public Layout getLayoutForCommunity(@PathVariable(value = "pid") String pid) {
125
        Portal portal = portalService.getPortal(pid);
126
        if(portal == null) {
127
            // EXCEPTION - Entity Not Found
128
            throw new ContentNotFoundException("CommunityController - Get layout: Portal with pid: " + pid + " not found");
129
        }
130
        if(!portal.getType().equals("community")) {
131
            // EXCEPTION - MismatchingContent
132
            throw new MismatchingContentException("CommunityController - Get layout: Portal with pid: "+pid+" has type: "+portal.getType()+" instead of community");
133
        }
96 134
        return layoutService.findByPid(pid);
97 135
    }
98 136

  
99
//    @PreAuthorize("hasAnyAuthority(" +
100
//            "@AuthorizationService.SUPER_ADMIN, @AuthorizationService.PORTAL_ADMIN, " +
101
//            "@AuthorizationService.curator(#portalType), @AuthorizationService.manager(#portalType, #pid))")
137
    @PreAuthorize("hasAnyAuthority(" +
138
            "@AuthorizationService.PORTAL_ADMIN, " +
139
            "@AuthorizationService.curator('community'), @AuthorizationService.manager('community', #pid))")
102 140
    @RequestMapping(value = "/{pid}/layout", method = RequestMethod.POST)
103 141
    public Layout updateLayoutForCommunity(@PathVariable(value = "pid") String pid, @RequestBody Layout layout) {
142
        Portal portal = portalService.getPortal(pid);
143
        if(portal == null) {
144
            // EXCEPTION - Entity Not Found
145
            throw new ContentNotFoundException("CommunityController - Update layout: Portal with pid: " + pid + " not found");
146
        }
147
        if(!portal.getType().equals("community")) {
148
            // EXCEPTION - MismatchingContent
149
            throw new MismatchingContentException("CommunityController - Update layout: Portal with pid: "+pid+" has type: "+portal.getType()+" instead of community");
150
        }
151
        if(!pid.equals(layout.getPortalPid())) {
152
            // EXCEPTION - MismatchingContent
153
            throw new MismatchingContentException("CommunityController - Update layout: Portal has pid: "+pid+" while layout has portalPid: "+layout.getPortalPid());
154
        }
104 155
        return layoutService.save(layout);
105 156
    }
106 157
}
modules/uoa-admin-tools/trunk/src/main/java/eu/dnetlib/uoaadmintools/controllers/PortalSubscribersController.java
6 6
import eu.dnetlib.uoaadmintools.entities.subscriber.PortalSubscribers;
7 7
import eu.dnetlib.uoaadmintools.entities.subscriber.Subscriber;
8 8
import eu.dnetlib.uoaadmintoolslibrary.handlers.ContentNotFoundException;
9
import eu.dnetlib.uoaadmintools.handlers.utils.AuthorizationUtils;
10
import eu.dnetlib.uoaadmintools.handlers.utils.UserInfo;
9
//import eu.dnetlib.uoaadmintools.handlers.utils.AuthorizationUtils;
10
//import eu.dnetlib.uoaadmintools.handlers.utils.UserInfo;
11 11
import eu.dnetlib.uoaadmintoolslibrary.responses.SingleValueWrapperResponse;
12 12
import eu.dnetlib.uoaadmintoolslibrary.dao.PortalDAO;
13 13
import org.apache.log4j.Logger;
modules/uoa-admin-tools/trunk/src/main/java/eu/dnetlib/uoaadmintools/controllers/ConnectController.java
4 4
import eu.dnetlib.uoaadmintools.services.LayoutService;
5 5
import eu.dnetlib.uoaadmintoolslibrary.entities.Portal;
6 6
import eu.dnetlib.uoaadmintoolslibrary.entities.fullEntities.*;
7
import eu.dnetlib.uoaadmintoolslibrary.handlers.ContentNotFoundException;
8
import eu.dnetlib.uoaadmintoolslibrary.handlers.MismatchingContentException;
7 9
import eu.dnetlib.uoaadmintoolslibrary.services.PortalService;
8 10
import org.apache.log4j.Logger;
11
import org.springframework.security.access.prepost.PreAuthorize;
9 12
import org.springframework.web.bind.annotation.*;
10 13
import org.springframework.beans.factory.annotation.Autowired;
11 14

  
......
14 17
@RestController
15 18
@RequestMapping("/connect")
16 19
@CrossOrigin(origins = "*")
20
@PreAuthorize("hasAnyAuthority(@AuthorizationService.PORTAL_ADMIN)")
17 21
public class ConnectController {
18 22
    private final Logger log = Logger.getLogger(this.getClass());
19 23

  
......
23 27
    @Autowired
24 28
    private PortalService portalService;
25 29

  
26
//    @PreAuthorize("hasAnyAuthority(@AuthorizationService.SUPER_ADMIN, @AuthorizationService.PORTAL_ADMIN)")
27 30
    @RequestMapping(value = "/update", method = RequestMethod.POST)
28
    public PortalResponse updateCommunity(@RequestBody Portal portal) {
31
    public PortalResponse updateConnect(@RequestBody Portal portal) {
32
        if(!portal.getType().equals("connect")) {
33
            // EXCEPTION - MismatchingContent
34
            throw new MismatchingContentException("Update Connect: Portal with id: "+portal.getId()+" has type: "+portal.getType()+" instead of connect");
35
        }
36

  
29 37
        PortalResponse portalResponse = portalService.updatePortal(portal);
30 38

  
31 39
        String old_pid = portalResponse.getPid();
......
37 45
        return portalResponse;
38 46
    }
39 47

  
40
//    @PreAuthorize("hasAnyAuthority(@AuthorizationService.SUPER_ADMIN, @AuthorizationService.PORTAL_ADMIN)")
41 48
    @RequestMapping(value = "/save", method = RequestMethod.POST)
42
    public PortalResponse insertCommunity(@RequestBody Portal portal) {
49
    public PortalResponse insertConnect(@RequestBody Portal portal) {
50
        if(!portal.getType().equals("connect")) {
51
            // EXCEPTION - MismatchingContent
52
            throw new MismatchingContentException("Save Connect: Portal with id: "+portal.getId()+" has type: "+portal.getType()+" instead of connect");
53
        }
54

  
43 55
        PortalResponse portalResponse = portalService.insertPortal(portal);
44 56
        return portalResponse;
45 57
    }
46 58

  
47
    // cannot handle MismatchingContent
48
//    @PreAuthorize("hasAnyAuthority(@AuthorizationService.SUPER_ADMIN, @AuthorizationService.PORTAL_ADMIN)")
49 59
    @RequestMapping(value = "/delete", method = RequestMethod.POST)
50
    public Boolean deleteCommunities(@RequestBody List<String> portals) {
60
    public Boolean deleteConnect(@RequestBody List<String> portals) {
51 61
        for (String id: portals) {
62
            Portal portal = portalService.getPortalById(id);
63
            if(portal == null) {
64
                // EXCEPTION - Entity Not Found
65
                throw new ContentNotFoundException("Delete connect: Portal with id: " + id + " not found");
66
            }
67
            if(!portal.getType().equals("connect")) {
68
                // EXCEPTION - MismatchingContent
69
                throw new MismatchingContentException("Delete Connect: Portal with id: "+id+" has type: "+portal.getType()+" instead of connect");
70
            }
71

  
52 72
            String pid = portalService.deletePortal(id);
53 73
            layoutService.deleteByPid(pid);
54 74
        }
......
56 76
        return true;
57 77
    }
58 78

  
59
    @RequestMapping(value = "/{pid}/layout", method = RequestMethod.GET)
60
    public Layout getLayoutForCommunity(@PathVariable(value = "pid") String pid) {
61
        return layoutService.findByPid(pid);
62
    }
63

  
64
//    @PreAuthorize("hasAnyAuthority(" +
65
//            "@AuthorizationService.SUPER_ADMIN, @AuthorizationService.PORTAL_ADMIN, " +
66
//            "@AuthorizationService.curator(#portalType), @AuthorizationService.manager(#portalType, #pid))")
67
    @RequestMapping(value = "/{pid}/layout", method = RequestMethod.POST)
68
    public Layout updateLayoutForCommunity(@PathVariable(value = "pid") String pid, @RequestBody Layout layout) {
69
        return layoutService.save(layout);
70
    }
79
//    @RequestMapping(value = "/{pid}/layout", method = RequestMethod.GET)
80
//    public Layout getLayoutForConnect(@PathVariable(value = "pid") String pid) {
81
//        return layoutService.findByPid(pid);
82
//    }
83
//
84
//    @PreAuthorize("hasAnyAuthority(@AuthorizationService.PORTAL_ADMIN)")
85
//    @RequestMapping(value = "/{pid}/layout", method = RequestMethod.POST)
86
//    public Layout updateLayoutForConnect(@PathVariable(value = "pid") String pid, @RequestBody Layout layout) {
87
//        return layoutService.save(layout);
88
//    }
71 89
}
72 90

  
modules/uoa-admin-tools/trunk/src/main/java/eu/dnetlib/uoaadmintools/controllers/NotificationsController.java
2 2

  
3 3
import eu.dnetlib.uoaadmintools.dao.NotificationsDAO;
4 4
import eu.dnetlib.uoaadmintools.entities.Notifications;
5
import eu.dnetlib.uoaadmintoolslibrary.entities.Portal;
6
import eu.dnetlib.uoaadmintoolslibrary.entities.PortalType;
5 7
import eu.dnetlib.uoaadmintoolslibrary.handlers.ContentNotFoundException;
6 8
import eu.dnetlib.uoaadmintoolslibrary.dao.PortalDAO;
9
import eu.dnetlib.uoaadmintoolslibrary.handlers.MismatchingContentException;
10
import eu.dnetlib.uoaadmintoolslibrary.handlers.utils.RolesUtils;
7 11
import org.apache.log4j.Logger;
8 12
import org.springframework.beans.factory.annotation.Autowired;
13
import org.springframework.security.access.prepost.PreAuthorize;
9 14
import org.springframework.web.bind.annotation.*;
10 15

  
11 16
import java.util.List;
......
22 27
    private NotificationsDAO notificationsDAO;
23 28
    @Autowired
24 29
    private PortalDAO portalDAO;
30
    @Autowired
31
    private RolesUtils rolesUtils;
25 32

  
26
    @RequestMapping(value = "/community/{pid}/notifications", method = RequestMethod.GET)
33
    @PreAuthorize("hasAnyAuthority(@AuthorizationService.PORTAL_ADMIN)")
34
    @RequestMapping(value = "/community/{pid}/notifications/all", method = RequestMethod.GET)
27 35
    public List<Notifications> getNotifications(@PathVariable(value = "pid") String pid ) throws ContentNotFoundException {
28
        if(portalDAO.findByPid(pid) == null){
29
            throw new ContentNotFoundException("Portal not found");
36
        Portal portal = portalDAO.findByPid(pid);
37
        if(portal == null){
38
            throw new ContentNotFoundException("Portal with pid: "+pid+" not found");
30 39
        }
40
        if(!portal.getType().equals("community")) {
41
            // EXCEPTION - MismatchingContent
42
            throw new MismatchingContentException("Get Notifications: Portal with id: "+portal.getId()+" has type: "+portal.getType()+" instead of community");
43
        }
44

  
31 45
        List<Notifications> notifications = notificationsDAO.findByPortalPid(pid);
32 46
        if(notifications == null || notifications.size() == 0){
33
            throw new ContentNotFoundException("Notifications settings not found");
47
            throw new ContentNotFoundException("Notifications settings for community with pid: "+pid+" not found");
34 48
        }
35 49
        return notifications;
36 50
    }
51

  
52
    @PreAuthorize("hasAnyAuthority(" +
53
            "@AuthorizationService.PORTAL_ADMIN, " +
54
            "@AuthorizationService.curator('community'), @AuthorizationService.manager('community', #pid))")
55
    @RequestMapping(value = "/community/{pid}/notifications", method = RequestMethod.GET)
56
    public Notifications getNotificationsForUser(@PathVariable(value = "pid") String pid) throws ContentNotFoundException {
57
        Portal portal = portalDAO.findByPid(pid);
58
        if(portal == null){
59
            throw new ContentNotFoundException("Portal with pid: "+pid+" not found");
60
        }
61
        if(!portal.getType().equals("community")) {
62
            // EXCEPTION - MismatchingContent
63
            throw new MismatchingContentException("Get Notifications: Portal with id: "+portal.getId()+" has type: "+portal.getType()+" instead of community");
64
        }
65

  
66
        String email = rolesUtils.getEmail();
67

  
68
        Notifications notifications = notificationsDAO.findByManagerEmailAndPortalPid(email, pid);
69
        if(notifications == null){
70
            throw new ContentNotFoundException("Notifications settings for community with pid: "+pid+" and user email: "+email+" not found");
71
        }
72
        return notifications;
73
    }
74

  
75
    @PreAuthorize("hasAnyAuthority(" +
76
            "@AuthorizationService.PORTAL_ADMIN, " +
77
            "@AuthorizationService.curator('community'), @AuthorizationService.manager('community', #pid))")
37 78
    @RequestMapping(value = "/community/{pid}/notifications", method = RequestMethod.DELETE)
38
    public void deleteEntity(@PathVariable(value = "pid") String pid, @RequestBody String email) throws ContentNotFoundException {
79
    public void deleteNotification(@PathVariable(value = "pid") String pid) throws ContentNotFoundException {
80
        Portal portal = portalDAO.findByPid(pid);
81
        if(portal == null){
82
            throw new ContentNotFoundException("Portal with pid: "+pid+" not found");
83
        }
84
        if(!portal.getType().equals("community")) {
85
            // EXCEPTION - MismatchingContent
86
            throw new MismatchingContentException("Delete Notifications: Portal with id: "+portal.getId()+" has type: "+portal.getType()+" instead of community");
87
        }
88
        String email = rolesUtils.getEmail();
39 89
        Notifications notifications = notificationsDAO.findByManagerEmailAndPortalPid(email,pid);
40 90
        if(notifications!= null){
41 91
            notificationsDAO.delete(notifications.getId());
42 92
        }else{
43
            throw new ContentNotFoundException("Notifications not found");
93
            throw new ContentNotFoundException("Notifications settings for community with pid: "+pid+" and user email: "+email+" not found");
44 94
        }
45 95

  
46 96
    }
47 97

  
98
    @PreAuthorize("hasAnyAuthority(" +
99
            "@AuthorizationService.PORTAL_ADMIN, " +
100
            "@AuthorizationService.curator('community'), @AuthorizationService.manager('community', #pid))")
48 101
    @RequestMapping(value = "/community/{pid}/notifications", method = RequestMethod.POST)
49
    public Notifications saveEntity(@PathVariable(value = "pid") String pid, @RequestBody Notifications notifications) throws ContentNotFoundException {
50
        if(portalDAO.findByPid(pid) == null){
51
            throw new ContentNotFoundException("Portal not found");
102
    public Notifications saveNotification(@PathVariable(value = "pid") String pid, @RequestBody Notifications notifications) throws ContentNotFoundException {
103
        Portal portal = portalDAO.findByPid(pid);
104
        if(portal == null){
105
            throw new ContentNotFoundException("Portal with pid: "+pid+" not found");
52 106
        }
107
        if(!portal.getType().equals("community")) {
108
            // EXCEPTION - MismatchingContent
109
            throw new MismatchingContentException("Save Notifications: Portal with id: "+portal.getId()+" has type: "+portal.getType()+" instead of community");
110
        }
53 111

  
54
        if(notifications.getManagerEmail() != null && !notifications.getManagerEmail().isEmpty()){
112
        notifications.setManagerEmail(rolesUtils.getEmail());
113
        notifications.setAaiId(rolesUtils.getAaiId());
114

  
115
//        if(notifications.getManagerEmail() != null && !notifications.getManagerEmail().isEmpty()){
55 116
            Notifications saved = notificationsDAO.findByManagerEmailAndPortalPid(notifications.getManagerEmail(),pid);
56 117
            log.debug(saved);
57 118
            if(saved!= null){
......
62 123
            log.debug(notifications);
63 124
            Notifications savedNotifications = notificationsDAO.save(notifications);
64 125
            return savedNotifications;
65
        }else{
66
            log.error("No user e-mail specified");
67
            return null;
68
        }
126
//        } else{
127
//            log.error("Save notifications: No user e-mail specified");
128
//            return null;
129
//        }
69 130

  
70 131

  
71 132
    }
modules/uoa-admin-tools/trunk/src/main/java/eu/dnetlib/uoaadmintools/configuration/properties/SecurityConfig.java
1
package eu.dnetlib.uoaadmintools.configuration.properties;
2

  
3
import org.springframework.boot.context.properties.ConfigurationProperties;
4

  
5
import java.util.ArrayList;
6
import java.util.List;
7

  
8
@ConfigurationProperties("admintool.security")
9
public class SecurityConfig {
10

  
11
    private String userInfoUrl;
12
    private String originServer;
13
    private List<String> postsAllowed = new ArrayList<>();
14

  
15
    public void setUserInfoUrl(String userInfoUrl) {
16
        this.userInfoUrl = userInfoUrl;
17
    }
18

  
19
    public void setOriginServer(String originServer) {
20
        this.originServer = originServer;
21
    }
22

  
23

  
... This diff was truncated because it exceeds the maximum size that can be displayed.

Also available in: Unified diff