use of org.motechproject.security.domain.MotechSecurityConfiguration in project motech by motech.
the class SecurityTestConfigBuilder method buildConfig.
public static MotechSecurityConfiguration buildConfig(String testOption, Object configOption, String configOption2) {
List<MotechURLSecurityRule> newRules = new ArrayList<MotechURLSecurityRule>();
List<Scheme> supportedSchemes = new ArrayList<>();
List<HTTPMethod> methodsRequired = new ArrayList<>();
List<String> permissionAccess = new ArrayList<>();
List<String> userAccess = new ArrayList<>();
MotechURLSecurityRule rule1 = new MotechURLSecurityRule();
MotechURLSecurityRule rule2 = new MotechURLSecurityRule();
rule1.setPattern("/**/web-api/**");
rule1.setOrigin("test");
rule1.setProtocol(HTTP);
rule1.setRest(true);
rule1.setVersion("1");
rule2.setPattern("/**");
rule2.setOrigin("test");
rule2.setProtocol(HTTP);
rule2.setRest(true);
rule2.setVersion("1");
newRules.add(rule1);
newRules.add(rule2);
switch(testOption) {
case USER_ACCESS_TEST:
userAccess.add((String) configOption);
rule1.setUserAccess(userAccess);
supportedSchemes.add(Scheme.BASIC);
methodsRequired.add(HTTPMethod.ANY);
break;
case PERMISSION_ACCESS_TEST:
permissionAccess.add((String) configOption);
rule1.setPermissionAccess(permissionAccess);
supportedSchemes.add(Scheme.BASIC);
methodsRequired.add(HTTPMethod.ANY);
break;
case METHOD_SPECIFIC_TEST:
supportedSchemes.add(Scheme.BASIC);
methodsRequired.add((HTTPMethod) configOption);
permissionAccess.add(configOption2);
rule1.setPermissionAccess(permissionAccess);
break;
case LOGIN_ACCESS_TEST:
supportedSchemes.add(Scheme.USERNAME_PASSWORD);
supportedSchemes.add(Scheme.OPEN_ID);
methodsRequired.add(HTTPMethod.ANY);
rule1.setRest(false);
break;
case NO_SECURITY_TEST:
newRules.remove(rule1);
supportedSchemes.add(Scheme.NO_SECURITY);
methodsRequired.add(HTTPMethod.ANY);
break;
default:
break;
}
rule1.setMethodsRequired(methodsRequired);
rule1.setSupportedSchemes(supportedSchemes);
rule1.setActive(true);
rule2.setMethodsRequired(methodsRequired);
rule2.setSupportedSchemes(supportedSchemes);
rule2.setActive(true);
return new MotechSecurityConfiguration(newRules);
}
use of org.motechproject.security.domain.MotechSecurityConfiguration in project motech by motech.
the class MotechURLSecurityServiceImpl method updateSecurityConfiguration.
@Override
@Transactional
public void updateSecurityConfiguration(SecurityConfigDto configuration) {
LOGGER.info("Updating security configuration");
List<MotechURLSecurityRule> newRules = toMotechURLSecurityRuleList(configuration.getSecurityRules());
Collection newRulesIDs = CollectionUtils.collect(newRules, IDTransformer.INSTANCE);
for (MotechURLSecurityRule rule : proxyManager.getDefaultSecurityConfiguration().getSecurityRules()) {
if (!newRulesIDs.contains(rule.getId())) {
rule.setDeleted(true);
newRules.add(rule);
}
}
allSecurityRules.addOrUpdate(new MotechSecurityConfiguration(newRules));
proxyManager.rebuildProxyChain();
LOGGER.info("Updated security configuration");
}
use of org.motechproject.security.domain.MotechSecurityConfiguration in project motech by motech.
the class SecurityRuleLoaderServiceImpl method updateSecurityConfig.
/**
* Updates existing Security config with new rules
* if there're already rules with the same origin
* as the first one since it means that it was
* already loaded. Also update won't happen if
* {@link org.motechproject.security.domain.MotechSecurityConfiguration}
* cannot be set
*
* @param newRules list that contains new rules
*/
private void updateSecurityConfig(List<MotechURLSecurityRule> newRules) {
LOGGER.debug("Updating security config");
String origin = newRules.get(0).getOrigin();
String version = newRules.get(0).getVersion();
LOGGER.debug("Rules origin: {}, version: {}", origin, version);
List<MotechURLSecurityRule> moduleRules = allSecurityRules.getRulesByOriginAndVersion(origin, version);
if (moduleRules.size() > 0) {
// Don't update security if rules from this origin and the same version have already been loaded
LOGGER.debug("Rules from the origin {} [version: {}] have already been loaded", origin, version);
return;
}
LOGGER.debug("Updating config with rules from origin: {}", origin);
MotechSecurityConfiguration securityConfig = allSecurityRules.getMotechSecurityConfiguration();
if (securityConfig == null) {
LOGGER.error("No security config found in the database");
securityConfig = new MotechSecurityConfiguration();
}
List<MotechURLSecurityRule> oldRules = securityConfig.getSecurityRules();
LOGGER.debug("Found " + oldRules.size() + " old rules in the database");
newRules.addAll(rulesWithDifferentOrigin(oldRules, origin));
LOGGER.debug("Saving rules from origin {} in the database", origin);
securityConfig.setSecurityRules(newRules);
allSecurityRules.addOrUpdate(securityConfig);
LOGGER.debug("Initializing chain after security config update");
proxyManager.initializeProxyChain();
}
use of org.motechproject.security.domain.MotechSecurityConfiguration in project motech by motech.
the class MotechProxyManager method loadDefaultSecurityConfiguration.
/**
* Loads {@link org.motechproject.security.domain.MotechSecurityConfiguration}
* from {@link MotechProxyManager#DEFAULT_SECURITY_CONFIG_FILE}
*
* @return loaded security configuration
*/
private MotechSecurityConfiguration loadDefaultSecurityConfiguration() {
try (InputStream in = this.getClass().getClassLoader().getResourceAsStream(DEFAULT_SECURITY_CONFIG_FILE)) {
LOGGER.debug("Load default security rules from: {}", DEFAULT_SECURITY_CONFIG_FILE);
MotechSecurityConfiguration config = (MotechSecurityConfiguration) motechJsonReader.readFromStream(in, MotechSecurityConfiguration.class);
loadedDefaultSecurityConfiguration = true;
return config;
} catch (IOException e) {
throw new MotechException("Error while loading json file", e);
}
}
use of org.motechproject.security.domain.MotechSecurityConfiguration in project motech by motech.
the class WebSecurityBundleIT method testUpdatingProxyOnRestart.
@Test
public void testUpdatingProxyOnRestart() throws InterruptedException, BundleException, IOException, ClassNotFoundException, InvalidSyntaxException {
getLogger().info("Build 1st custom security configuration");
MotechSecurityConfiguration config = SecurityTestConfigBuilder.buildConfig("noSecurity", null, null);
updateSecurity(config);
restartSecurityBundle();
restartOsgiIntegrationTestBundle();
// Give it some time to process rules from resource files
Thread.sleep(5000);
MotechProxyManager manager = getFromContext(MotechProxyManager.class);
// Receives one chain from config built in test, and two from OSGi IT bundle being scanned for two rules
// Additionaly, several default rules are merged with the config
int defaultSize = manager.getDefaultSecurityConfiguration().getSecurityRules().size();
getLogger().info("Number of default security rules: " + defaultSize);
assertEquals(3 + defaultSize, manager.getFilterChainProxy().getFilterChains().size());
getLogger().info("Build 2nd custom security configuration");
MotechSecurityConfiguration updatedConfig = SecurityTestConfigBuilder.buildConfig("addPermissionAccess", "anyPermission", null);
updateSecurity(updatedConfig);
restartSecurityBundle();
restartOsgiIntegrationTestBundle();
// Give it some time to process rules from resource files
Thread.sleep(5000);
manager = getFromContext(MotechProxyManager.class);
assertEquals(4 + defaultSize, manager.getFilterChainProxy().getFilterChains().size());
}
Aggregations