UpdateService created

Author: mbehlendorf

.gitignore

@@ -21,3 +21,4 @@ src/main/webapp/style/css/
 env/data/settings/
 # vagrant
 .vagrant
+/.project

env/data/cas.xml

@@ -1,10 +1,10 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <cas>
   <service>http://localhost:8084/universeadm/login/cas</service>
-  <server-url>https://localhost:8443/cas</server-url>
+  <server-url>https://192.168.115.52:8443/cas</server-url>
   <failure-url>http://localhost:8084/universeadm/error/auth.html</failure-url>
-  <login-url>https://localhost:8443/cas/login?service=http://localhost:8084/universeadm/login/cas</login-url>
-  <logout-url>https://localhost:8443/cas/logout</logout-url>
+  <login-url>https://192.168.115.52:8443/cas/login?service=http://localhost:8084/universeadm/login/cas</login-url>
+  <logout-url>https://192.168.115.52:8443/cas/logout</logout-url>
   <role-attribute-names>groups</role-attribute-names>
   <administrator-role>admins</administrator-role>
 </cas>

nb-configuration.xml

@@ -15,7 +15,6 @@ Any value defined here will override the pom.xml file value but is only applicab
 -->
         <org-netbeans-modules-maven-j2ee.netbeans_2e_hint_2e_j2eeVersion>1.6-web</org-netbeans-modules-maven-j2ee.netbeans_2e_hint_2e_j2eeVersion>
         <org-netbeans-modules-maven-jaxws.rest_2e_config_2e_type>ide</org-netbeans-modules-maven-jaxws.rest_2e_config_2e_type>
-        <org-netbeans-modules-maven-j2ee.netbeans_2e_deploy_2e_on_2e_save>false</org-netbeans-modules-maven-j2ee.netbeans_2e_deploy_2e_on_2e_save>
         <org-netbeans-modules-css-prep.less_2e_mappings>/style/less:/style/css</org-netbeans-modules-css-prep.less_2e_mappings>
         <org-netbeans-modules-css-prep.less_2e_enabled>true</org-netbeans-modules-css-prep.less_2e_enabled>
         <org-netbeans-modules-css-prep.less_2e_configured>true</org-netbeans-modules-css-prep.less_2e_configured>

package.json

@@ -3,7 +3,7 @@
   "dependencies": {},
   "devDependencies": {
     "bower": "^1.3.12",
-    "gulp": "~3.8.10",
+    "gulp": "^3.8.10",
     "gulp-angular-templatecache": "^1.4.2",
     "gulp-concat": "^2.4.2",
     "gulp-filesize": "^0.0.6",

src/main/java/de/triology/universeadm/BaseSecurityModule.java

@@ -0,0 +1,58 @@
+/* 
+ * Copyright (c) 2013 - 2014, TRIOLOGY GmbH
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * http://www.scm-manager.com
+ */
+
+package de.triology.universeadm;
+
+import javax.servlet.ServletContext;
+import org.apache.shiro.guice.web.ShiroWebModule;
+
+/**
+ *
+ * @author Sebastian Sdorra <[email protected]>
+ */
+public abstract class BaseSecurityModule extends ShiroWebModule
+{
+
+  protected BaseSecurityModule(ServletContext context)
+  {
+    super(context);
+  }
+
+  @Override
+  @SuppressWarnings("unchecked")
+  protected void configureShiroWeb()
+  {
+    addFilterChain("/error/*", ANON);
+    addFilterChain("/style/**", ANON);
+    addFilterChain("/components/**", ANON);
+    addFilterChain("/api/logout", ANON);
+    configureRealm();
+  }
+  
+  protected abstract void configureRealm();
+  
+}

src/main/java/de/triology/universeadm/BootstrapContextListener.java

@@ -81,11 +81,24 @@ protected List<? extends Module> getModules(ServletContext context)
     else
     {
       logger.info("load injection modules");
+      
+      Module securityModule;
+      if (Stage.get() == Stage.PRODUCTION)
+      {
+        logger.info("load cas security module for production stage");
+        securityModule = new CasSecurityModule(context);
+      }
+      else 
+      {
+        logger.info("load development security module for development stage");
+        securityModule = new DevelopmentSecurityModule(context);
+      }
+      
       //J-
       modules = ImmutableList.of(
         ShiroWebModule.guiceFilterModule(),
         new MainModule(ldapConfiguration),
-        new SecurityModule(context)
+        securityModule
       );  
       //J+
     }

src/main/java/de/triology/universeadm/SecurityModule.java src/main/java/de/triology/universeadm/CasSecurityModule.java

@@ -1,4 +1,4 @@
-/* 
+/*
  * Copyright (c) 2013 - 2014, TRIOLOGY GmbH
  * All rights reserved.
  * 
@@ -24,7 +24,6 @@
  * 
  * http://www.scm-manager.com
  */
-
 package de.triology.universeadm;
 
 import com.google.inject.Inject;
@@ -42,7 +41,6 @@
 import org.apache.shiro.cas.CasFilter;
 import org.apache.shiro.cas.CasRealm;
 import org.apache.shiro.cas.CasSubjectFactory;
-import org.apache.shiro.guice.web.ShiroWebModule;
 import org.apache.shiro.mgt.SubjectFactory;
 import org.apache.shiro.realm.Realm;
 import org.apache.shiro.subject.PrincipalCollection;
@@ -53,11 +51,12 @@
 
 /**
  *
- * @author Sebastian Sdorra <[email protected]>
+ * @author mbehlendorf
  */
-public class SecurityModule extends ShiroWebModule
-{
+public class CasSecurityModule extends BaseSecurityModule {
 
+  private static final Logger logger = LoggerFactory.getLogger(CasSecurityModule.class);
+    
   private static final Key<CasFilter> CAS = Key.get(CasFilter.class);
   private static final Key<ApiAuthenticationFilter> API = Key.get(ApiAuthenticationFilter.class);
 
@@ -68,19 +67,10 @@ public class SecurityModule extends ShiroWebModule
   private static final String CAS_FAILURE_URL = "shiro.failureUrl";
   private static final String CAS_SERVICE = "shiro.casService";
 
-  private static final Logger logger = LoggerFactory.getLogger(SecurityModule.class);
-
-  public SecurityModule(ServletContext context)
-  {
+  public CasSecurityModule(ServletContext context) {
     super(context);
   }
-
-  private void config(String key, String value)
-  {
-    logger.debug("bind config {} to {}", key, value);
-    bindConstant().annotatedWith(Names.named(key)).to(value);
-  }
-
+  
   private CasConfiguration getCasConfiguration()
   {
     CasConfiguration casConfiguration = BaseDirectory.getConfiguration(CasConfiguration.FILE, CasConfiguration.class);
@@ -91,10 +81,14 @@ private CasConfiguration getCasConfiguration()
     return casConfiguration;
   }
 
-  @Override
-  @SuppressWarnings("unchecked")
-  protected void configureShiroWeb()
+  private void config(String key, String value)
   {
+    logger.debug("bind config {} to {}", key, value);
+    bindConstant().annotatedWith(Names.named(key)).to(value);
+  }
+
+  @Override
+  protected void configureRealm() {
     CasConfiguration cas = getCasConfiguration();
     bind(CasConfiguration.class).toInstance(cas);
     expose(CasConfiguration.class);
@@ -113,19 +107,16 @@ protected void configureShiroWeb()
     // beacuse it looks like guice does not set constants for multi binding
     bindRealm().toProvider(CasRealmProvider.class).in(Singleton.class);
     bind(SubjectFactory.class).to(CasSubjectFactory.class);
-
-    addFilterChain("/error/*", ANON);
-    addFilterChain("/style/**", ANON);
-    addFilterChain("/components/**", ANON);
+    
+    // protect uris
     addFilterChain("/login/cas", ANON, CAS);
-    addFilterChain("/api/logout", ANON);
     addFilterChain("/api/users", API, config(ROLES, Roles.ADMINISTRATOR));
     addFilterChain("/api/users/*", API, config(ROLES, Roles.ADMINISTRATOR));
     addFilterChain("/api/groups", API, config(ROLES, Roles.ADMINISTRATOR));
     addFilterChain("/api/groups/*", API, config(ROLES, Roles.ADMINISTRATOR));
     addFilterChain("/**", AUTHC);
   }
-
+  
   private static class CasRealmProvider implements Provider<Realm>
   {
 
@@ -144,8 +135,8 @@ public Realm get()
     }
 
   }
-
-  /**
+  
+/**
    * CasRealm with fixed support for multi value attributes
    * 
    * @see https://issues.apache.org/jira/browse/SHIRO-442
@@ -276,5 +267,5 @@ private List<String> split(String s)
     }
 
   }
-
+  
 }

src/main/java/de/triology/universeadm/DevelopmentSecurityModule.java

@@ -0,0 +1,81 @@
+/*
+ * Copyright (c) 2013 - 2014, TRIOLOGY GmbH
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * 
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * 
+ * http://www.scm-manager.com
+ */
+package de.triology.universeadm;
+
+import com.google.common.collect.Sets;
+import javax.servlet.ServletContext;
+import org.apache.shiro.authc.AuthenticationException;
+import org.apache.shiro.authc.AuthenticationInfo;
+import org.apache.shiro.authc.AuthenticationToken;
+import org.apache.shiro.authc.SimpleAuthenticationInfo;
+import org.apache.shiro.authc.UsernamePasswordToken;
+import org.apache.shiro.authz.AuthorizationInfo;
+import org.apache.shiro.authz.SimpleAuthorizationInfo;
+import org.apache.shiro.realm.AuthorizingRealm;
+import org.apache.shiro.subject.PrincipalCollection;
+
+/**
+ *
+ * @author mbehlendorf
+ */
+public class DevelopmentSecurityModule extends BaseSecurityModule {
+
+  public DevelopmentSecurityModule(ServletContext servletContext) {
+    super(servletContext);
+  }
+
+  @Override
+  protected void configureRealm() {
+    bindRealm().to(DummyRealm.class);
+    
+    // protect uris
+    addFilterChain("/api/users**", AUTHC_BASIC, config(ROLES, Roles.ADMINISTRATOR));
+    addFilterChain("/api/groups**", AUTHC_BASIC, config(ROLES, Roles.ADMINISTRATOR));
+    addFilterChain("/**", AUTHC_BASIC);
+  }
+  
+  public static class DummyRealm extends AuthorizingRealm{
+
+    public DummyRealm() {
+          setAuthenticationTokenClass(UsernamePasswordToken.class);
+    }
+    
+    @Override
+    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
+        return new SimpleAuthorizationInfo(Sets.newHashSet(Roles.ADMINISTRATOR));
+    }
+
+    @Override
+    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
+        return new SimpleAuthenticationInfo("admin", "admin", "dummy");
+    }
+   
+  }
+
+  
+  
+}

src/main/java/de/triology/universeadm/Stage.java

@@ -73,13 +73,15 @@ public enum Stage
 
     if (Strings.isNullOrEmpty(stage))
     {
-      current = Stage.PRODUCTION;
+      //WORKAROUND
+      //current = Stage.PRODUCTION;  
+      current = Stage.DEVELOPMENT;
     }
     else
     {
       current = Stage.valueOf(stage.toUpperCase(Locale.ENGLISH));
     }
-
+    
     logger.info("start with stage {}", stage);
   }
 

src/main/java/de/triology/universeadm/account/AccountResource.java

@@ -28,6 +28,7 @@
 package de.triology.universeadm.account;
 
 import com.google.inject.Inject;
+import de.triology.universeadm.Manager;
 import de.triology.universeadm.user.User;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.GET;

src/main/java/de/triology/universeadm/settings/SettingsResource.java

@@ -64,5 +64,5 @@ public Settings getSettings()
   {
     return store.get();
   }
-
+  
 }