Example 1 with AuthorizationFramework
use of org.opengrok.indexer.authorization.AuthorizationFramework in project OpenGrok by OpenGrok.
the class WebappListener method contextInitialized.
/**
* {@inheritDoc}
*/
@Override
public void contextInitialized(final ServletContextEvent servletContextEvent) {
Instant start = Instant.now();
ServletContext context = servletContextEvent.getServletContext();
RuntimeEnvironment env = RuntimeEnvironment.getInstance();
LOGGER.log(Level.INFO, "Starting webapp with version {0} ({1})", new Object[] { Info.getVersion(), Info.getRevision() });
String config = context.getInitParameter("CONFIGURATION");
if (config == null) {
throw new Error("CONFIGURATION parameter missing in the web.xml file");
} else {
try {
env.readConfiguration(new File(config), CommandTimeoutType.WEBAPP_START);
} catch (IOException ex) {
LOGGER.log(Level.WARNING, "Configuration error. Failed to read config file: ", ex);
}
}
/*
* Create a new instance of authorization framework. If the code above
* (reading the configuration) failed then the plugin directory is
* possibly {@code null} causing the framework to allow every request.
*/
env.setAuthorizationFramework(new AuthorizationFramework(env.getPluginDirectory(), env.getPluginStack()));
env.getAuthorizationFramework().reload();
if (env.isWebappCtags() && !env.validateUniversalCtags()) {
LOGGER.warning("Didn't find Universal Ctags for --webappCtags");
}
String pluginDirectory = env.getPluginDirectory();
if (pluginDirectory != null && env.isAuthorizationWatchdog()) {
env.getWatchDog().start(new File(pluginDirectory));
}
// Check index(es).
checkIndex(env);
env.startExpirationTimer();
ApiTaskManager.getInstance().setContextPath(context.getContextPath());
// register API task queues
ApiTaskManager.getInstance().addPool(ProjectsController.PROJECTS_PATH, 1);
// Used by ConfigurationController#reloadAuthorization()
ApiTaskManager.getInstance().addPool("authorization", 1);
ApiTaskManager.getInstance().addPool(ConfigurationController.PATH, 1);
startupTimer.record(Duration.between(start, Instant.now()));
}
Also used :
RuntimeEnvironment(org.opengrok.indexer.configuration.RuntimeEnvironment)
AuthorizationFramework(org.opengrok.indexer.authorization.AuthorizationFramework)
Instant(java.time.Instant)
ServletContext(jakarta.servlet.ServletContext)
IOException(java.io.IOException)
File(java.io.File)
Example 2 with AuthorizationFramework
use of org.opengrok.indexer.authorization.AuthorizationFramework in project OpenGrok by OpenGrok.
the class PageConfigTest method testGetResourceFileList.
/**
* Testing the root of /xref for authorization filtering.
*/
@Test
public void testGetResourceFileList() {
RuntimeEnvironment env = RuntimeEnvironment.getInstance();
// backup original values
String oldSourceRootPath = env.getSourceRootPath();
AuthorizationFramework oldAuthorizationFramework = env.getAuthorizationFramework();
Map<String, Project> oldProjects = env.getProjects();
// Set up the source root directory containing some projects.
env.setSourceRoot(repository.getSourceRoot());
env.setProjectsEnabled(true);
// Enable projects.
for (String file : new File(repository.getSourceRoot()).list()) {
Project proj = new Project(file);
proj.setIndexed(true);
env.getProjects().put(file, proj);
}
HttpServletRequest req = createRequest("/source", "/xref", "");
PageConfig cfg = PageConfig.get(req);
List<String> allFiles = new ArrayList<>(cfg.getResourceFileList());
/**
* Check if there are some files (the "5" here is just a sufficient
* value for now which won't break any future repository tests) without
* any authorization.
*/
assertTrue(allFiles.size() > 5);
assertTrue(allFiles.contains("git"));
assertTrue(allFiles.contains("mercurial"));
/**
* Now set up the same projects with authorization plugin enabling only
* some of them.
* <pre>
* - disabling "git"
* - disabling "mercurial"
* </pre>
*/
env.setAuthorizationFramework(new AuthorizationFramework());
env.getAuthorizationFramework().reload();
env.getAuthorizationFramework().getStack().add(new AuthorizationPlugin(AuthControlFlag.REQUIRED, new TestPlugin() {
@Override
public boolean isAllowed(HttpServletRequest request, Project project) {
return !project.getName().startsWith("git") && !project.getName().startsWith("mercurial");
}
}));
req = createRequest("/source", "/xref", "");
cfg = PageConfig.get(req);
List<String> filteredFiles = new ArrayList<>(cfg.getResourceFileList());
// list subtraction - retains only disabled files
allFiles.removeAll(filteredFiles);
assertEquals(2, allFiles.size());
assertTrue(allFiles.contains("git"));
assertTrue(allFiles.contains("mercurial"));
// restore original values
env.setAuthorizationFramework(oldAuthorizationFramework);
env.setSourceRoot(oldSourceRootPath);
env.setProjects(oldProjects);
}
Also used :
HttpServletRequest(jakarta.servlet.http.HttpServletRequest)
DummyHttpServletRequest(org.opengrok.indexer.web.DummyHttpServletRequest)
Project(org.opengrok.indexer.configuration.Project)
RuntimeEnvironment(org.opengrok.indexer.configuration.RuntimeEnvironment)
AuthorizationFramework(org.opengrok.indexer.authorization.AuthorizationFramework)
ArrayList(java.util.ArrayList)
AuthorizationPlugin(org.opengrok.indexer.authorization.AuthorizationPlugin)
TestPlugin(org.opengrok.indexer.authorization.TestPlugin)
File(java.io.File)
Test(org.junit.jupiter.api.Test)
Example 3 with AuthorizationFramework
use of org.opengrok.indexer.authorization.AuthorizationFramework in project OpenGrok by OpenGrok.
the class ProjectHelperTestBase method setUp.
@BeforeEach
public void setUp() {
assertEquals(4, env.getGroups().size(), "Should contain 4 groups");
assertEquals(40, env.getProjects().size(), "Should contain 40 project");
assertEquals(20, env.getRepositories().size(), "Should contain 20 repositories");
assertNotNull(env.getProjectRepositoriesMap(), "Repository map should not be null");
assertEquals(20, env.getProjectRepositoriesMap().size(), "Repository map should contain 20 project");
env.setAuthorizationFramework(new AuthorizationFramework());
env.getAuthorizationFramework().reload();
IAuthorizationPlugin plugin = new TestPlugin() {
@Override
public boolean isAllowed(HttpServletRequest request, Project project) {
return project.getName().startsWith("allowed");
}
@Override
public boolean isAllowed(HttpServletRequest request, Group group) {
return group.getName().startsWith("allowed");
}
};
invokeAddPlugin(plugin);
cfg = PageConfig.get(getRequest());
helper = cfg.getProjectHelper();
}
Also used :
HttpServletRequest(jakarta.servlet.http.HttpServletRequest)
DummyHttpServletRequest(org.opengrok.indexer.web.DummyHttpServletRequest)
Project(org.opengrok.indexer.configuration.Project)
Group(org.opengrok.indexer.configuration.Group)
AuthorizationFramework(org.opengrok.indexer.authorization.AuthorizationFramework)
IAuthorizationPlugin(org.opengrok.indexer.authorization.IAuthorizationPlugin)
TestPlugin(org.opengrok.indexer.authorization.TestPlugin)
BeforeEach(org.junit.jupiter.api.BeforeEach)
Aggregations
AuthorizationFramework (org.opengrok.indexer.authorization.AuthorizationFramework)3
HttpServletRequest (jakarta.servlet.http.HttpServletRequest)2
File (java.io.File)2
TestPlugin (org.opengrok.indexer.authorization.TestPlugin)2
Project (org.opengrok.indexer.configuration.Project)2
RuntimeEnvironment (org.opengrok.indexer.configuration.RuntimeEnvironment)2
DummyHttpServletRequest (org.opengrok.indexer.web.DummyHttpServletRequest)2
ServletContext (jakarta.servlet.ServletContext)1
IOException (java.io.IOException)1
Instant (java.time.Instant)1
ArrayList (java.util.ArrayList)1
BeforeEach (org.junit.jupiter.api.BeforeEach)1
Test (org.junit.jupiter.api.Test)1
AuthorizationPlugin (org.opengrok.indexer.authorization.AuthorizationPlugin)1
IAuthorizationPlugin (org.opengrok.indexer.authorization.IAuthorizationPlugin)1
Group (org.opengrok.indexer.configuration.Group)1
