Search in sources :

Example 1 with MotechSecurityConfiguration

use of org.motechproject.security.domain.MotechSecurityConfiguration in project motech by motech.

the class SecurityTestConfigBuilder method buildConfig.

public static MotechSecurityConfiguration buildConfig(String testOption, Object configOption, String configOption2) {
    List<MotechURLSecurityRule> newRules = new ArrayList<MotechURLSecurityRule>();
    List<Scheme> supportedSchemes = new ArrayList<>();
    List<HTTPMethod> methodsRequired = new ArrayList<>();
    List<String> permissionAccess = new ArrayList<>();
    List<String> userAccess = new ArrayList<>();
    MotechURLSecurityRule rule1 = new MotechURLSecurityRule();
    MotechURLSecurityRule rule2 = new MotechURLSecurityRule();
    rule1.setPattern("/**/web-api/**");
    rule1.setOrigin("test");
    rule1.setProtocol(HTTP);
    rule1.setRest(true);
    rule1.setVersion("1");
    rule2.setPattern("/**");
    rule2.setOrigin("test");
    rule2.setProtocol(HTTP);
    rule2.setRest(true);
    rule2.setVersion("1");
    newRules.add(rule1);
    newRules.add(rule2);
    switch(testOption) {
        case USER_ACCESS_TEST:
            userAccess.add((String) configOption);
            rule1.setUserAccess(userAccess);
            supportedSchemes.add(Scheme.BASIC);
            methodsRequired.add(HTTPMethod.ANY);
            break;
        case PERMISSION_ACCESS_TEST:
            permissionAccess.add((String) configOption);
            rule1.setPermissionAccess(permissionAccess);
            supportedSchemes.add(Scheme.BASIC);
            methodsRequired.add(HTTPMethod.ANY);
            break;
        case METHOD_SPECIFIC_TEST:
            supportedSchemes.add(Scheme.BASIC);
            methodsRequired.add((HTTPMethod) configOption);
            permissionAccess.add(configOption2);
            rule1.setPermissionAccess(permissionAccess);
            break;
        case LOGIN_ACCESS_TEST:
            supportedSchemes.add(Scheme.USERNAME_PASSWORD);
            supportedSchemes.add(Scheme.OPEN_ID);
            methodsRequired.add(HTTPMethod.ANY);
            rule1.setRest(false);
            break;
        case NO_SECURITY_TEST:
            newRules.remove(rule1);
            supportedSchemes.add(Scheme.NO_SECURITY);
            methodsRequired.add(HTTPMethod.ANY);
            break;
        default:
            break;
    }
    rule1.setMethodsRequired(methodsRequired);
    rule1.setSupportedSchemes(supportedSchemes);
    rule1.setActive(true);
    rule2.setMethodsRequired(methodsRequired);
    rule2.setSupportedSchemes(supportedSchemes);
    rule2.setActive(true);
    return new MotechSecurityConfiguration(newRules);
}
Also used : MotechSecurityConfiguration(org.motechproject.security.domain.MotechSecurityConfiguration) Scheme(org.motechproject.security.constants.Scheme) HTTPMethod(org.motechproject.security.constants.HTTPMethod) MotechURLSecurityRule(org.motechproject.security.domain.MotechURLSecurityRule) ArrayList(java.util.ArrayList)

Example 2 with MotechSecurityConfiguration

use of org.motechproject.security.domain.MotechSecurityConfiguration in project motech by motech.

the class MotechURLSecurityServiceImpl method updateSecurityConfiguration.

@Override
@Transactional
public void updateSecurityConfiguration(SecurityConfigDto configuration) {
    LOGGER.info("Updating security configuration");
    List<MotechURLSecurityRule> newRules = toMotechURLSecurityRuleList(configuration.getSecurityRules());
    Collection newRulesIDs = CollectionUtils.collect(newRules, IDTransformer.INSTANCE);
    for (MotechURLSecurityRule rule : proxyManager.getDefaultSecurityConfiguration().getSecurityRules()) {
        if (!newRulesIDs.contains(rule.getId())) {
            rule.setDeleted(true);
            newRules.add(rule);
        }
    }
    allSecurityRules.addOrUpdate(new MotechSecurityConfiguration(newRules));
    proxyManager.rebuildProxyChain();
    LOGGER.info("Updated security configuration");
}
Also used : MotechSecurityConfiguration(org.motechproject.security.domain.MotechSecurityConfiguration) MotechURLSecurityRule(org.motechproject.security.domain.MotechURLSecurityRule) Collection(java.util.Collection) Transactional(org.springframework.transaction.annotation.Transactional)

Example 3 with MotechSecurityConfiguration

use of org.motechproject.security.domain.MotechSecurityConfiguration in project motech by motech.

the class SecurityRuleLoaderServiceImpl method updateSecurityConfig.

/**
 * Updates existing Security config with new rules
 * if there're already rules with the same origin
 * as the first one since it means that it was
 * already loaded. Also update won't happen if
 * {@link org.motechproject.security.domain.MotechSecurityConfiguration}
 * cannot be set
 *
 * @param newRules list that contains new rules
 */
private void updateSecurityConfig(List<MotechURLSecurityRule> newRules) {
    LOGGER.debug("Updating security config");
    String origin = newRules.get(0).getOrigin();
    String version = newRules.get(0).getVersion();
    LOGGER.debug("Rules origin: {}, version: {}", origin, version);
    List<MotechURLSecurityRule> moduleRules = allSecurityRules.getRulesByOriginAndVersion(origin, version);
    if (moduleRules.size() > 0) {
        // Don't update security if rules from this origin and the same version have already been loaded
        LOGGER.debug("Rules from the origin {} [version: {}] have already been loaded", origin, version);
        return;
    }
    LOGGER.debug("Updating config with rules from origin: {}", origin);
    MotechSecurityConfiguration securityConfig = allSecurityRules.getMotechSecurityConfiguration();
    if (securityConfig == null) {
        LOGGER.error("No security config found in the database");
        securityConfig = new MotechSecurityConfiguration();
    }
    List<MotechURLSecurityRule> oldRules = securityConfig.getSecurityRules();
    LOGGER.debug("Found " + oldRules.size() + " old rules in the database");
    newRules.addAll(rulesWithDifferentOrigin(oldRules, origin));
    LOGGER.debug("Saving rules from origin {} in the database", origin);
    securityConfig.setSecurityRules(newRules);
    allSecurityRules.addOrUpdate(securityConfig);
    LOGGER.debug("Initializing chain after security config update");
    proxyManager.initializeProxyChain();
}
Also used : MotechSecurityConfiguration(org.motechproject.security.domain.MotechSecurityConfiguration) MotechURLSecurityRule(org.motechproject.security.domain.MotechURLSecurityRule)

Example 4 with MotechSecurityConfiguration

use of org.motechproject.security.domain.MotechSecurityConfiguration in project motech by motech.

the class MotechProxyManager method loadDefaultSecurityConfiguration.

/**
 * Loads {@link org.motechproject.security.domain.MotechSecurityConfiguration}
 * from {@link MotechProxyManager#DEFAULT_SECURITY_CONFIG_FILE}
 *
 * @return loaded security configuration
 */
private MotechSecurityConfiguration loadDefaultSecurityConfiguration() {
    try (InputStream in = this.getClass().getClassLoader().getResourceAsStream(DEFAULT_SECURITY_CONFIG_FILE)) {
        LOGGER.debug("Load default security rules from: {}", DEFAULT_SECURITY_CONFIG_FILE);
        MotechSecurityConfiguration config = (MotechSecurityConfiguration) motechJsonReader.readFromStream(in, MotechSecurityConfiguration.class);
        loadedDefaultSecurityConfiguration = true;
        return config;
    } catch (IOException e) {
        throw new MotechException("Error while loading json file", e);
    }
}
Also used : MotechException(org.motechproject.commons.api.MotechException) MotechSecurityConfiguration(org.motechproject.security.domain.MotechSecurityConfiguration) InputStream(java.io.InputStream) IOException(java.io.IOException)

Example 5 with MotechSecurityConfiguration

use of org.motechproject.security.domain.MotechSecurityConfiguration in project motech by motech.

the class WebSecurityBundleIT method testUpdatingProxyOnRestart.

@Test
public void testUpdatingProxyOnRestart() throws InterruptedException, BundleException, IOException, ClassNotFoundException, InvalidSyntaxException {
    getLogger().info("Build 1st custom security configuration");
    MotechSecurityConfiguration config = SecurityTestConfigBuilder.buildConfig("noSecurity", null, null);
    updateSecurity(config);
    restartSecurityBundle();
    restartOsgiIntegrationTestBundle();
    // Give it some time to process rules from resource files
    Thread.sleep(5000);
    MotechProxyManager manager = getFromContext(MotechProxyManager.class);
    // Receives one chain from config built in test, and two from OSGi IT bundle being scanned for two rules
    // Additionaly, several default rules are merged with the config
    int defaultSize = manager.getDefaultSecurityConfiguration().getSecurityRules().size();
    getLogger().info("Number of default security rules: " + defaultSize);
    assertEquals(3 + defaultSize, manager.getFilterChainProxy().getFilterChains().size());
    getLogger().info("Build 2nd custom security configuration");
    MotechSecurityConfiguration updatedConfig = SecurityTestConfigBuilder.buildConfig("addPermissionAccess", "anyPermission", null);
    updateSecurity(updatedConfig);
    restartSecurityBundle();
    restartOsgiIntegrationTestBundle();
    // Give it some time to process rules from resource files
    Thread.sleep(5000);
    manager = getFromContext(MotechProxyManager.class);
    assertEquals(4 + defaultSize, manager.getFilterChainProxy().getFilterChains().size());
}
Also used : MotechSecurityConfiguration(org.motechproject.security.domain.MotechSecurityConfiguration) MotechProxyManager(org.motechproject.security.service.MotechProxyManager) Test(org.junit.Test)

Aggregations

MotechSecurityConfiguration (org.motechproject.security.domain.MotechSecurityConfiguration)6 MotechURLSecurityRule (org.motechproject.security.domain.MotechURLSecurityRule)4 Transactional (org.springframework.transaction.annotation.Transactional)2 IOException (java.io.IOException)1 InputStream (java.io.InputStream)1 ArrayList (java.util.ArrayList)1 Collection (java.util.Collection)1 Test (org.junit.Test)1 MotechException (org.motechproject.commons.api.MotechException)1 HTTPMethod (org.motechproject.security.constants.HTTPMethod)1 Scheme (org.motechproject.security.constants.Scheme)1 MotechProxyManager (org.motechproject.security.service.MotechProxyManager)1