Example 1 with PluginApiCallSecurityContext
use of org.thingsboard.server.extensions.api.plugins.PluginApiCallSecurityContext in project thingsboard by thingsboard.
the class PluginApiController method processRequest.
@SuppressWarnings("rawtypes")
@PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN', 'CUSTOMER_USER')")
@RequestMapping(value = "/{pluginToken}/**")
@ResponseStatus(value = HttpStatus.OK)
public DeferredResult<ResponseEntity> processRequest(@PathVariable("pluginToken") String pluginToken, RequestEntity<byte[]> requestEntity, HttpServletRequest request) throws ThingsboardException {
log.debug("[{}] Going to process requst uri: {}", pluginToken, requestEntity.getUrl());
DeferredResult<ResponseEntity> result = new DeferredResult<ResponseEntity>();
PluginMetaData pluginMd = pluginService.findPluginByApiToken(pluginToken);
if (pluginMd == null) {
result.setErrorResult(new PluginNotFoundException("Plugin with token: " + pluginToken + " not found!"));
} else {
TenantId tenantId = getCurrentUser().getTenantId();
CustomerId customerId = getCurrentUser().getCustomerId();
if (validatePluginAccess(pluginMd, tenantId, customerId)) {
if (tenantId != null && ModelConstants.NULL_UUID.equals(tenantId.getId())) {
tenantId = null;
}
UserId userId = getCurrentUser().getId();
String userName = getCurrentUser().getName();
PluginApiCallSecurityContext securityCtx = new PluginApiCallSecurityContext(pluginMd.getTenantId(), pluginMd.getId(), tenantId, customerId, userId, userName);
actorService.process(new BasicPluginRestMsg(securityCtx, new RestRequest(requestEntity, request), result));
} else {
result.setResult(new ResponseEntity<>(HttpStatus.FORBIDDEN));
}
}
return result;
}
Also used :
BasicPluginRestMsg(org.thingsboard.server.extensions.api.plugins.rest.BasicPluginRestMsg)
PluginMetaData(org.thingsboard.server.common.data.plugin.PluginMetaData)
CustomerId(org.thingsboard.server.common.data.id.CustomerId)
PluginApiCallSecurityContext(org.thingsboard.server.extensions.api.plugins.PluginApiCallSecurityContext)
ResponseEntity(org.springframework.http.ResponseEntity)
TenantId(org.thingsboard.server.common.data.id.TenantId)
RestRequest(org.thingsboard.server.extensions.api.plugins.rest.RestRequest)
UserId(org.thingsboard.server.common.data.id.UserId)
DeferredResult(org.springframework.web.context.request.async.DeferredResult)
ResponseStatus(org.springframework.web.bind.annotation.ResponseStatus)
PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Example 2 with PluginApiCallSecurityContext
use of org.thingsboard.server.extensions.api.plugins.PluginApiCallSecurityContext in project thingsboard by thingsboard.
the class PluginWebSocketHandler method toRef.
private PluginWebsocketSessionRef toRef(WebSocketSession session) throws IOException {
URI sessionUri = session.getUri();
String path = sessionUri.getPath();
path = path.substring(WebSocketConfiguration.WS_PLUGIN_PREFIX.length());
if (path.length() == 0) {
throw new IllegalArgumentException("URL should contain plugin token!");
}
String[] pathElements = path.split("/");
String pluginToken = pathElements[0];
// TODO: cache
PluginMetaData pluginMd = pluginService.findPluginByApiToken(pluginToken);
if (pluginMd == null) {
throw new InvalidParameterException("Can't find plugin with specified token!");
} else {
SecurityUser currentUser = (SecurityUser) session.getAttributes().get(WebSocketConfiguration.WS_SECURITY_USER_ATTRIBUTE);
TenantId tenantId = currentUser.getTenantId();
CustomerId customerId = currentUser.getCustomerId();
if (PluginApiController.validatePluginAccess(pluginMd, tenantId, customerId)) {
UserId userId = currentUser.getId();
String userName = currentUser.getName();
PluginApiCallSecurityContext securityCtx = new PluginApiCallSecurityContext(pluginMd.getTenantId(), pluginMd.getId(), tenantId, currentUser.getCustomerId(), userId, userName);
return new BasicPluginWebsocketSessionRef(UUID.randomUUID().toString(), securityCtx, session.getUri(), session.getAttributes(), session.getLocalAddress(), session.getRemoteAddress());
} else {
throw new SecurityException("Current user is not allowed to use this plugin!");
}
}
}
Also used :
BasicPluginWebsocketSessionRef(org.thingsboard.server.extensions.api.plugins.ws.BasicPluginWebsocketSessionRef)
PluginMetaData(org.thingsboard.server.common.data.plugin.PluginMetaData)
CustomerId(org.thingsboard.server.common.data.id.CustomerId)
URI(java.net.URI)
PluginApiCallSecurityContext(org.thingsboard.server.extensions.api.plugins.PluginApiCallSecurityContext)
InvalidParameterException(java.security.InvalidParameterException)
TenantId(org.thingsboard.server.common.data.id.TenantId)
SecurityUser(org.thingsboard.server.service.security.model.SecurityUser)
UserId(org.thingsboard.server.common.data.id.UserId)
Aggregations
CustomerId (org.thingsboard.server.common.data.id.CustomerId)2
TenantId (org.thingsboard.server.common.data.id.TenantId)2
UserId (org.thingsboard.server.common.data.id.UserId)2
PluginMetaData (org.thingsboard.server.common.data.plugin.PluginMetaData)2
PluginApiCallSecurityContext (org.thingsboard.server.extensions.api.plugins.PluginApiCallSecurityContext)2
URI (java.net.URI)1
InvalidParameterException (java.security.InvalidParameterException)1
ResponseEntity (org.springframework.http.ResponseEntity)1
PreAuthorize (org.springframework.security.access.prepost.PreAuthorize)1
RequestMapping (org.springframework.web.bind.annotation.RequestMapping)1
ResponseStatus (org.springframework.web.bind.annotation.ResponseStatus)1
DeferredResult (org.springframework.web.context.request.async.DeferredResult)1
BasicPluginRestMsg (org.thingsboard.server.extensions.api.plugins.rest.BasicPluginRestMsg)1
RestRequest (org.thingsboard.server.extensions.api.plugins.rest.RestRequest)1
BasicPluginWebsocketSessionRef (org.thingsboard.server.extensions.api.plugins.ws.BasicPluginWebsocketSessionRef)1
SecurityUser (org.thingsboard.server.service.security.model.SecurityUser)1
