Search in sources :

Example 1 with PluginApiCallSecurityContext

use of org.thingsboard.server.extensions.api.plugins.PluginApiCallSecurityContext in project thingsboard by thingsboard.

the class PluginApiController method processRequest.

@SuppressWarnings("rawtypes")
@PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN', 'CUSTOMER_USER')")
@RequestMapping(value = "/{pluginToken}/**")
@ResponseStatus(value = HttpStatus.OK)
public DeferredResult<ResponseEntity> processRequest(@PathVariable("pluginToken") String pluginToken, RequestEntity<byte[]> requestEntity, HttpServletRequest request) throws ThingsboardException {
    log.debug("[{}] Going to process requst uri: {}", pluginToken, requestEntity.getUrl());
    DeferredResult<ResponseEntity> result = new DeferredResult<ResponseEntity>();
    PluginMetaData pluginMd = pluginService.findPluginByApiToken(pluginToken);
    if (pluginMd == null) {
        result.setErrorResult(new PluginNotFoundException("Plugin with token: " + pluginToken + " not found!"));
    } else {
        TenantId tenantId = getCurrentUser().getTenantId();
        CustomerId customerId = getCurrentUser().getCustomerId();
        if (validatePluginAccess(pluginMd, tenantId, customerId)) {
            if (tenantId != null && ModelConstants.NULL_UUID.equals(tenantId.getId())) {
                tenantId = null;
            }
            UserId userId = getCurrentUser().getId();
            String userName = getCurrentUser().getName();
            PluginApiCallSecurityContext securityCtx = new PluginApiCallSecurityContext(pluginMd.getTenantId(), pluginMd.getId(), tenantId, customerId, userId, userName);
            actorService.process(new BasicPluginRestMsg(securityCtx, new RestRequest(requestEntity, request), result));
        } else {
            result.setResult(new ResponseEntity<>(HttpStatus.FORBIDDEN));
        }
    }
    return result;
}
Also used : BasicPluginRestMsg(org.thingsboard.server.extensions.api.plugins.rest.BasicPluginRestMsg) PluginMetaData(org.thingsboard.server.common.data.plugin.PluginMetaData) CustomerId(org.thingsboard.server.common.data.id.CustomerId) PluginApiCallSecurityContext(org.thingsboard.server.extensions.api.plugins.PluginApiCallSecurityContext) ResponseEntity(org.springframework.http.ResponseEntity) TenantId(org.thingsboard.server.common.data.id.TenantId) RestRequest(org.thingsboard.server.extensions.api.plugins.rest.RestRequest) UserId(org.thingsboard.server.common.data.id.UserId) DeferredResult(org.springframework.web.context.request.async.DeferredResult) ResponseStatus(org.springframework.web.bind.annotation.ResponseStatus) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 2 with PluginApiCallSecurityContext

use of org.thingsboard.server.extensions.api.plugins.PluginApiCallSecurityContext in project thingsboard by thingsboard.

the class PluginWebSocketHandler method toRef.

private PluginWebsocketSessionRef toRef(WebSocketSession session) throws IOException {
    URI sessionUri = session.getUri();
    String path = sessionUri.getPath();
    path = path.substring(WebSocketConfiguration.WS_PLUGIN_PREFIX.length());
    if (path.length() == 0) {
        throw new IllegalArgumentException("URL should contain plugin token!");
    }
    String[] pathElements = path.split("/");
    String pluginToken = pathElements[0];
    // TODO: cache
    PluginMetaData pluginMd = pluginService.findPluginByApiToken(pluginToken);
    if (pluginMd == null) {
        throw new InvalidParameterException("Can't find plugin with specified token!");
    } else {
        SecurityUser currentUser = (SecurityUser) session.getAttributes().get(WebSocketConfiguration.WS_SECURITY_USER_ATTRIBUTE);
        TenantId tenantId = currentUser.getTenantId();
        CustomerId customerId = currentUser.getCustomerId();
        if (PluginApiController.validatePluginAccess(pluginMd, tenantId, customerId)) {
            UserId userId = currentUser.getId();
            String userName = currentUser.getName();
            PluginApiCallSecurityContext securityCtx = new PluginApiCallSecurityContext(pluginMd.getTenantId(), pluginMd.getId(), tenantId, currentUser.getCustomerId(), userId, userName);
            return new BasicPluginWebsocketSessionRef(UUID.randomUUID().toString(), securityCtx, session.getUri(), session.getAttributes(), session.getLocalAddress(), session.getRemoteAddress());
        } else {
            throw new SecurityException("Current user is not allowed to use this plugin!");
        }
    }
}
Also used : BasicPluginWebsocketSessionRef(org.thingsboard.server.extensions.api.plugins.ws.BasicPluginWebsocketSessionRef) PluginMetaData(org.thingsboard.server.common.data.plugin.PluginMetaData) CustomerId(org.thingsboard.server.common.data.id.CustomerId) URI(java.net.URI) PluginApiCallSecurityContext(org.thingsboard.server.extensions.api.plugins.PluginApiCallSecurityContext) InvalidParameterException(java.security.InvalidParameterException) TenantId(org.thingsboard.server.common.data.id.TenantId) SecurityUser(org.thingsboard.server.service.security.model.SecurityUser) UserId(org.thingsboard.server.common.data.id.UserId)

Aggregations

CustomerId (org.thingsboard.server.common.data.id.CustomerId)2 TenantId (org.thingsboard.server.common.data.id.TenantId)2 UserId (org.thingsboard.server.common.data.id.UserId)2 PluginMetaData (org.thingsboard.server.common.data.plugin.PluginMetaData)2 PluginApiCallSecurityContext (org.thingsboard.server.extensions.api.plugins.PluginApiCallSecurityContext)2 URI (java.net.URI)1 InvalidParameterException (java.security.InvalidParameterException)1 ResponseEntity (org.springframework.http.ResponseEntity)1 PreAuthorize (org.springframework.security.access.prepost.PreAuthorize)1 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)1 ResponseStatus (org.springframework.web.bind.annotation.ResponseStatus)1 DeferredResult (org.springframework.web.context.request.async.DeferredResult)1 BasicPluginRestMsg (org.thingsboard.server.extensions.api.plugins.rest.BasicPluginRestMsg)1 RestRequest (org.thingsboard.server.extensions.api.plugins.rest.RestRequest)1 BasicPluginWebsocketSessionRef (org.thingsboard.server.extensions.api.plugins.ws.BasicPluginWebsocketSessionRef)1 SecurityUser (org.thingsboard.server.service.security.model.SecurityUser)1