Examples with MotechURLSecurityRule org.motechproject.security.domain.MotechURLSecurityRule used on opensource projects

Search in sources :

Example 16 with MotechURLSecurityRule

use of org.motechproject.security.domain.MotechURLSecurityRule in project motech by motech.

the class MotechSecurityRulesDao method addOrUpdate.

/**
 * Reads rules from {@link org.motechproject.security.domain.MotechSecurityConfiguration}
 * and split them into those to be created, updated or removed.
 * Before updating {@link MotechURLSecurityRuleDataService}
 * is checked for old rule with the same id - update will be done
 * only if it exists. Same thing happens for rules to be removed.
 *
 * @param config
 */
@Transactional
public void addOrUpdate(MotechSecurityConfiguration config) {
    List<MotechURLSecurityRule> newRules = config.getSecurityRules();
    List<MotechURLSecurityRule> oldRules = dataService.retrieveAll();
    final Collection newRulesIDs = CollectionUtils.collect(newRules, IDTransformer.INSTANCE);
    final Collection oldRulesIDs = CollectionUtils.collect(oldRules, IDTransformer.INSTANCE);
    List<MotechURLSecurityRule> create = new ArrayList<>(newRules);
    CollectionUtils.filter(create, new MotechSecurityRulePredicate() {

        @Override
        protected boolean match(MotechURLSecurityRule rule) {
            return null == rule.getId();
        }
    });
    List<MotechURLSecurityRule> update = new ArrayList<>(newRules);
    CollectionUtils.filter(update, new MotechSecurityRulePredicate() {

        @Override
        protected boolean match(MotechURLSecurityRule rule) {
            return null != rule.getId() && oldRulesIDs.contains(rule.getId());
        }
    });
    List<MotechURLSecurityRule> delete = new ArrayList<>(oldRules);
    CollectionUtils.filter(delete, new MotechSecurityRulePredicate() {

        @Override
        protected boolean match(MotechURLSecurityRule rule) {
            return null != rule.getId() && !newRulesIDs.contains(rule.getId());
        }
    });
    LOGGER.debug("Processing rules: {}/{}/{} (Create/Update/Delete)", create.size(), update.size(), delete.size());
    for (MotechURLSecurityRule rule : create) {
        dataService.create(rule);
    }
    for (MotechURLSecurityRule rule : update) {
        dataService.update(rule);
    }
    for (MotechURLSecurityRule rule : delete) {
        dataService.delete(rule);
    }
    LOGGER.debug("Processed rules: {}/{}/{} (Create/Update/Delete)", create.size(), update.size(), delete.size());
}
Also used : MotechURLSecurityRule(org.motechproject.security.domain.MotechURLSecurityRule) ArrayList(java.util.ArrayList) Collection(java.util.Collection) Transactional(org.springframework.transaction.annotation.Transactional)

Example 17 with MotechURLSecurityRule

use of org.motechproject.security.domain.MotechURLSecurityRule in project motech by motech.

the class MotechProxyManager method initializeProxyChain.

/**
 * This method serves the same purpose of rebuildProxyChain, but does not require
 * any kind of security authentication so it should only ever be used by the activator,
 * which does not have an authentication object.
 */
@Transactional
public void initializeProxyChain() {
    LOGGER.info("Initializing proxy chain");
    MotechSecurityConfiguration securityConfiguration = securityRulesDAO.getMotechSecurityConfiguration();
    List<MotechURLSecurityRule> securityRules = securityConfiguration.getSecurityRules();
    List<MotechURLSecurityRule> systemRules = getDefaultSecurityConfiguration().getSecurityRules();
    for (MotechURLSecurityRule rule : systemRules) {
        if (!securityRules.contains(rule)) {
            LOGGER.debug("Found new rule, not present in database. Adding.");
            securityRules.add(rule);
        }
    }
    // remove rules that have origin set to SYSTEM_PLATFORM and are no longer in the default configuration
    Iterator<MotechURLSecurityRule> it = securityRules.iterator();
    while (it.hasNext()) {
        MotechURLSecurityRule ruleFromDb = it.next();
        if (SYSTEM_ORIGIN.equals(ruleFromDb.getOrigin()) && !systemRules.contains(ruleFromDb)) {
            it.remove();
        }
    }
    securityRulesDAO.addOrUpdate(securityConfiguration);
    updateSecurityChain(securityRules);
    LOGGER.info("Initialized proxy chain");
}
Also used : MotechSecurityConfiguration(org.motechproject.security.domain.MotechSecurityConfiguration) MotechURLSecurityRule(org.motechproject.security.domain.MotechURLSecurityRule) Transactional(org.springframework.transaction.annotation.Transactional)

Example 18 with MotechURLSecurityRule

use of org.motechproject.security.domain.MotechURLSecurityRule in project motech by motech.

the class MotechProxyManager method updateSecurityChain.

/**
 * Updates security chain with given {@link org.motechproject.security.domain.MotechURLSecurityRule}
 *
 * @param securityRules list that contains new security rules
 */
private void updateSecurityChain(List<MotechURLSecurityRule> securityRules) {
    LOGGER.debug("Updating security chain");
    // sort rules by priority descending
    TreeSet<MotechURLSecurityRule> sortedRules = new TreeSet<>(new SecurityRuleComparator());
    sortedRules.addAll(securityRules);
    List<SecurityFilterChain> newFilterChains = new ArrayList<>();
    for (MotechURLSecurityRule securityRule : sortedRules) {
        if (securityRule.isActive() && !securityRule.isDeleted()) {
            LOGGER.debug("Creating SecurityFilterChain for: {}", securityRule.getPattern());
            for (HTTPMethod method : securityRule.getMethodsRequired()) {
                newFilterChains.add(securityRuleBuilder.buildSecurityChain(securityRule, method));
            }
            LOGGER.debug("Created SecurityFilterChain for: {}", securityRule.getPattern());
        }
    }
    proxy = new FilterChainProxy(newFilterChains);
    LOGGER.debug("Updated security chain.");
}
Also used : SecurityFilterChain(org.springframework.security.web.SecurityFilterChain) FilterChainProxy(org.springframework.security.web.FilterChainProxy) HTTPMethod(org.motechproject.security.constants.HTTPMethod) MotechURLSecurityRule(org.motechproject.security.domain.MotechURLSecurityRule) TreeSet(java.util.TreeSet) ArrayList(java.util.ArrayList) SecurityRuleComparator(org.motechproject.security.domain.SecurityRuleComparator)

Aggregations

MotechURLSecurityRule (org.motechproject.security.domain.MotechURLSecurityRule)18 ArrayList (java.util.ArrayList)7 Test (org.junit.Test)6 Transactional (org.springframework.transaction.annotation.Transactional)6 HTTPMethod (org.motechproject.security.constants.HTTPMethod)4 MotechSecurityConfiguration (org.motechproject.security.domain.MotechSecurityConfiguration)4 Scheme (org.motechproject.security.constants.Scheme)3 Collection (java.util.Collection)2 SecurityRuleComparator (org.motechproject.security.domain.SecurityRuleComparator)2 SecurityRuleDto (org.motechproject.security.model.SecurityRuleDto)2 SecurityFilterChain (org.springframework.security.web.SecurityFilterChain)2 IOException (java.io.IOException)1 InputStream (java.io.InputStream)1 List (java.util.List)1 TreeSet (java.util.TreeSet)1 InOrder (org.mockito.InOrder)1 Resource (org.springframework.core.io.Resource)1 FilterChainProxy (org.springframework.security.web.FilterChainProxy)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial