diff --git a/cave/com.raytheon.uf.viz.core/src/com/raytheon/uf/viz/core/localization/CAVELocalizationAdapter.java b/cave/com.raytheon.uf.viz.core/src/com/raytheon/uf/viz/core/localization/CAVELocalizationAdapter.java index d4962390be..cb22cd4fc8 100644 --- a/cave/com.raytheon.uf.viz.core/src/com/raytheon/uf/viz/core/localization/CAVELocalizationAdapter.java +++ b/cave/com.raytheon.uf.viz.core/src/com/raytheon/uf/viz/core/localization/CAVELocalizationAdapter.java @@ -250,7 +250,7 @@ public class CAVELocalizationAdapter implements ILocalizationAdapter { return true; } catch (FileNotFoundException e) { throw new LocalizationOpFailedException( - "Error saving file, does not exist"); + "Error saving, file does not exist"); } finally { // Make sure to close input stream if (in != null) { diff --git a/cave/com.raytheon.uf.viz.core/src/com/raytheon/uf/viz/core/localization/LocalizationManager.java b/cave/com.raytheon.uf.viz.core/src/com/raytheon/uf/viz/core/localization/LocalizationManager.java index 43ca8f3a26..ba76881380 100644 --- a/cave/com.raytheon.uf.viz.core/src/com/raytheon/uf/viz/core/localization/LocalizationManager.java +++ b/cave/com.raytheon.uf.viz.core/src/com/raytheon/uf/viz/core/localization/LocalizationManager.java @@ -777,7 +777,7 @@ public class LocalizationManager implements IPropertyChangeListener { } } catch (VizException e) { throw new LocalizationOpFailedException( - "Error storing file contents to server: " + "Error uploading file contents to localization server: " + e.getLocalizedMessage(), e); } diff --git a/cave/com.raytheon.uf.viz.plugin.nwsauth/src/com/raytheon/uf/viz/plugin/nwsauth/NwsNotAuthHandler.java b/cave/com.raytheon.uf.viz.plugin.nwsauth/src/com/raytheon/uf/viz/plugin/nwsauth/NwsNotAuthHandler.java index 646a9bdbbc..cbf3c3616d 100644 --- a/cave/com.raytheon.uf.viz.plugin.nwsauth/src/com/raytheon/uf/viz/plugin/nwsauth/NwsNotAuthHandler.java +++ b/cave/com.raytheon.uf.viz.plugin.nwsauth/src/com/raytheon/uf/viz/plugin/nwsauth/NwsNotAuthHandler.java @@ -63,7 +63,7 @@ public class NwsNotAuthHandler implements INotAuthHandler { + request.getClass(); UFStatus.getHandler(NwsNotAuthHandler.class).handle(Priority.PROBLEM, message); - return null; + throw new VizException(message); } /* @@ -82,7 +82,7 @@ public class NwsNotAuthHandler implements INotAuthHandler { } UFStatus.getHandler(NwsNotAuthHandler.class).handle(Priority.PROBLEM, message); - return null; + throw new VizException(message); } } diff --git a/edexOsgi/com.raytheon.edex.utilitysrv/src/com/raytheon/edex/services/AbstractPrivilegedLocalizationRequestHandler.java b/edexOsgi/com.raytheon.edex.utilitysrv/src/com/raytheon/edex/services/AbstractPrivilegedLocalizationRequestHandler.java index e5709ca09a..d8cadca0bb 100644 --- a/edexOsgi/com.raytheon.edex.utilitysrv/src/com/raytheon/edex/services/AbstractPrivilegedLocalizationRequestHandler.java +++ b/edexOsgi/com.raytheon.edex.utilitysrv/src/com/raytheon/edex/services/AbstractPrivilegedLocalizationRequestHandler.java @@ -19,13 +19,16 @@ **/ package com.raytheon.edex.services; -import java.io.File; +import java.util.HashSet; +import java.util.Set; import com.raytheon.uf.common.auth.exception.AuthorizationException; import com.raytheon.uf.common.auth.req.AbstractPrivilegedRequest; import com.raytheon.uf.common.auth.user.IUser; +import com.raytheon.uf.common.localization.IPathManager; import com.raytheon.uf.common.localization.LocalizationContext; import com.raytheon.uf.common.localization.LocalizationContext.LocalizationLevel; +import com.raytheon.uf.common.localization.LocalizationContext.LocalizationType; import com.raytheon.uf.edex.auth.AuthManager; import com.raytheon.uf.edex.auth.AuthManagerFactory; import com.raytheon.uf.edex.auth.req.AbstractPrivilegedRequestHandler; @@ -51,87 +54,85 @@ import com.raytheon.uf.edex.auth.roles.IRoleStorage; */ public abstract class AbstractPrivilegedLocalizationRequestHandler extends AbstractPrivilegedRequestHandler { - + + private static final String PATH_SEPARATOR = IPathManager.SEPARATOR; + + private static final String SEPARATOR = "."; + + private static final String ROLE_PREFIX = "com.raytheon.localization"; + private static final String APPLICATION = "Localization"; protected AuthorizationResponse getAuthorizationResponse(IUser user, - LocalizationContext context, LocalizationLevel level, - String fileName, String myContextName) + LocalizationContext context, String fileName, String myContextName) throws AuthorizationException { String contextName = context.getContextName(); - + LocalizationLevel level = context.getLocalizationLevel(); + LocalizationType type = context.getLocalizationType(); + boolean contextsMatch = (myContextName != null && myContextName + .equals(contextName)); if (level.isSystemLevel()) { return new AuthorizationResponse(false, "Modification to system level configuration is prohibited."); - } else if (myContextName != null - && myContextName.equals(contextName) - && (context.getLocalizationLevel() == LocalizationLevel.USER || context - .getLocalizationLevel() == LocalizationLevel.WORKSTATION)) { - // If context names match and we are user or workstation file - // request, that is ok + } else if (level == LocalizationLevel.USER && contextsMatch) { + // Don't prevent users from modifying own files return new AuthorizationResponse(true); } AuthManager manager = AuthManagerFactory.getInstance().getManager(); IRoleStorage roleStorage = manager.getRoleStorage(); - String roleId = ""; + String[] permissions = roleStorage + .getAllDefinedPermissions(APPLICATION); + Set definedPermissions = new HashSet(); + for (String permission : permissions) { + definedPermissions.add(permission.toLowerCase()); + } + String absoluteRoleId = buildRoleId(level, type, contextName, fileName); // First round check com.raytheon.localization.level // Second round check com.raytheon.localization.level.name for (int i = 0; i < 2; ++i) { - roleId = "com.raytheon.localization." - + context.getLocalizationLevel().name() - + "/" + context.getLocalizationType().name(); - if (i > 0) { - if (contextName != null) { - roleId += "." + contextName; - } else { - // We already checked this case - break; - } - } - + String contextNameToUse = i > 0 ? contextName : null; + String roleId = buildRoleId(level, type, contextNameToUse, fileName); + // check most specific to least specific // com.raytheon.localization..(.)/type/path/name/ - int minIndex = roleId.length(); - roleId += File.separator + fileName; - int index = roleId.length(); - - while (index > minIndex) { - roleId = roleId.substring(0, index); - - if (roleStorage.isAuthorized(roleId, user.uniqueId().toString(), APPLICATION)) { + int minLength = roleId.length() - fileName.length() - 1; + do { + if (roleStorage.isAuthorized(roleId, + user.uniqueId().toString(), APPLICATION)) { return new AuthorizationResponse(true); + } else if (definedPermissions.contains(roleId.toLowerCase())) { + // User not authorized and this roleId is explicitly defined + return notAuthorized(user, absoluteRoleId); } - index = roleId.lastIndexOf(File.separator, index - 1); - } - - roleId = "com.raytheon.localization." - + context.getLocalizationLevel().name(); - if (i > 0) { - if (contextName != null) { - roleId += "." + contextName; - } else { - // We already checked this case - break; - } - } - - // com.raytheon.localization..() - if (roleStorage.isAuthorized(roleId, user.uniqueId().toString(), APPLICATION)) { - return new AuthorizationResponse(true); - } - - // com.raytheon.localization..(.)/type - roleId += "/" + context.getLocalizationType().name(); - - if (roleStorage.isAuthorized(roleId, user.uniqueId().toString(), APPLICATION)) { - return new AuthorizationResponse(true); - } - + roleId = roleId.substring(0, + roleId.lastIndexOf(PATH_SEPARATOR, roleId.length())); + } while (roleId.length() >= minLength); } - + + if (level == LocalizationLevel.WORKSTATION && contextsMatch) { + // If no rule found and user is attempting to modify workstation + // they are using, default to allow + return new AuthorizationResponse(true); + } + + return notAuthorized(user, absoluteRoleId); + } + + private String buildRoleId(LocalizationLevel level, LocalizationType type, + String contextName, String fileName) { + String roleId = ROLE_PREFIX + SEPARATOR + level; + if (contextName != null) { + roleId += SEPARATOR + contextName; + } + roleId += PATH_SEPARATOR + type; + roleId += PATH_SEPARATOR + fileName; + return roleId; + } + + private AuthorizationResponse notAuthorized(IUser user, String roleId) { return new AuthorizationResponse(false, "User, " + user.uniqueId() + ", is not authorized to perform request needing role: " + roleId); diff --git a/edexOsgi/com.raytheon.edex.utilitysrv/src/com/raytheon/edex/services/LocalizationStreamHandler.java b/edexOsgi/com.raytheon.edex.utilitysrv/src/com/raytheon/edex/services/LocalizationStreamHandler.java index 08d8319ffa..0182e96717 100644 --- a/edexOsgi/com.raytheon.edex.utilitysrv/src/com/raytheon/edex/services/LocalizationStreamHandler.java +++ b/edexOsgi/com.raytheon.edex.utilitysrv/src/com/raytheon/edex/services/LocalizationStreamHandler.java @@ -294,9 +294,8 @@ public class LocalizationStreamHandler return new AuthorizationResponse(true); } else if (request instanceof LocalizationStreamPutRequest) { LocalizationContext context = request.getContext(); - LocalizationLevel level = context.getLocalizationLevel(); String fileName = request.getFileName(); - return getAuthorizationResponse(user, context, level, fileName, + return getAuthorizationResponse(user, context, fileName, request.getMyContextName()); } return new AuthorizationResponse(true); diff --git a/edexOsgi/com.raytheon.edex.utilitysrv/src/com/raytheon/edex/services/PrivilegedUtilityHandler.java b/edexOsgi/com.raytheon.edex.utilitysrv/src/com/raytheon/edex/services/PrivilegedUtilityHandler.java index a4b9df6d99..13fedf2ea9 100644 --- a/edexOsgi/com.raytheon.edex.utilitysrv/src/com/raytheon/edex/services/PrivilegedUtilityHandler.java +++ b/edexOsgi/com.raytheon.edex.utilitysrv/src/com/raytheon/edex/services/PrivilegedUtilityHandler.java @@ -6,7 +6,6 @@ import java.util.List; import com.raytheon.uf.common.auth.exception.AuthorizationException; import com.raytheon.uf.common.auth.user.IUser; import com.raytheon.uf.common.localization.LocalizationContext; -import com.raytheon.uf.common.localization.LocalizationContext.LocalizationLevel; import com.raytheon.uf.common.localization.msgs.AbstractPrivilegedUtilityCommand; import com.raytheon.uf.common.localization.msgs.AbstractUtilityResponse; import com.raytheon.uf.common.localization.msgs.DeleteUtilityCommand; @@ -73,10 +72,9 @@ public class PrivilegedUtilityHandler AbstractPrivilegedUtilityCommand[] commands = request.getCommands(); for (AbstractPrivilegedUtilityCommand abstractUtilityCommand : commands) { LocalizationContext context = abstractUtilityCommand.getContext(); - LocalizationLevel level = context.getLocalizationLevel(); String filename = abstractUtilityCommand.getFilename(); AuthorizationResponse resp = getAuthorizationResponse(user, - context, level, filename, + context, filename, abstractUtilityCommand.getMyContextName()); if (resp.isAuthorized() == false) { // If we are not authorized for any of the commands, break early diff --git a/edexOsgi/com.raytheon.uf.edex.log/src/com/raytheon/uf/edex/log/EdexLogHandler.java b/edexOsgi/com.raytheon.uf.edex.log/src/com/raytheon/uf/edex/log/EdexLogHandler.java index a4b472d85e..54a7d64a16 100644 --- a/edexOsgi/com.raytheon.uf.edex.log/src/com/raytheon/uf/edex/log/EdexLogHandler.java +++ b/edexOsgi/com.raytheon.uf.edex.log/src/com/raytheon/uf/edex/log/EdexLogHandler.java @@ -98,11 +98,11 @@ public class EdexLogHandler implements IUFStatusHandler { */ @Override public void handle(UFStatus status) { - handle(status, this.category); - } + handle(status, this.category); + } - @Override - public void handle(UFStatus status, String category) { + @Override + public void handle(UFStatus status, String category) { Priority p = status.getPriority(); String statusMsg = status.getMessage(); if (category != null) { @@ -154,11 +154,14 @@ public class EdexLogHandler implements IUFStatusHandler { @Override public void handle(Priority p, String msg) { - handle(p, this.category, msg); - } + handle(p, this.category, msg); + } - @Override - public void handle(Priority p, String category, String msg) { + @Override + public void handle(Priority p, String category, String msg) { + // msg has been null if someone does e.getLocalizedMessage() + // and it is null which causes null pointer exception + msg = String.valueOf(msg); if (category != null) { StringBuilder sb = new StringBuilder(msg.length() + 64); sb.append(category); @@ -197,13 +200,13 @@ public class EdexLogHandler implements IUFStatusHandler { @Override public void handle(Priority p, String msg, Throwable t) { - handle(p, category, msg, t); - } + handle(p, category, msg, t); + } - @Override - public void handle(Priority p, String category, String msg, Throwable t) { - // msg has been null if someone does e.getLocalizedMessage() - // and it is null which causes null pointer exception + @Override + public void handle(Priority p, String category, String msg, Throwable t) { + // msg has been null if someone does e.getLocalizedMessage() + // and it is null which causes null pointer exception msg = String.valueOf(msg); if (category != null) { StringBuilder sb = new StringBuilder(msg.length() + 64); @@ -249,21 +252,21 @@ public class EdexLogHandler implements IUFStatusHandler { } @Override - public void debug(String category, String message) { - if (this.clazzLogger.isDebugEnabled()) { - handle(Priority.DEBUG, category, message); - } - } + public void debug(String category, String message) { + if (this.clazzLogger.isDebugEnabled()) { + handle(Priority.DEBUG, category, message); + } + } - @Override + @Override public void info(String message) { handle(Priority.INFO, message); } - @Override - public void info(String category, String message) { - handle(Priority.INFO, category, message); - } + @Override + public void info(String category, String message) { + handle(Priority.INFO, category, message); + } @Override public void warn(String message) { @@ -271,38 +274,38 @@ public class EdexLogHandler implements IUFStatusHandler { } @Override - public void warn(String category, String message) { - handle(Priority.WARN, category, message); - } + public void warn(String category, String message) { + handle(Priority.WARN, category, message); + } - @Override + @Override public void error(String message) { handle(Priority.ERROR, message); } @Override - public void error(String category, String message) { - handle(Priority.ERROR, category, message); - } + public void error(String category, String message) { + handle(Priority.ERROR, category, message); + } - @Override + @Override public void error(String message, Throwable throwable) { handle(Priority.ERROR, message, throwable); } @Override - public void error(String category, String message, Throwable throwable) { - handle(Priority.ERROR, category, message, throwable); - } + public void error(String category, String message, Throwable throwable) { + handle(Priority.ERROR, category, message, throwable); + } - @Override + @Override public void fatal(String message, Throwable throwable) { handle(Priority.FATAL, message, throwable); } - @Override - public void fatal(String category, String message, Throwable throwable) { - handle(Priority.FATAL, category, message, throwable); - } + @Override + public void fatal(String category, String message, Throwable throwable) { + handle(Priority.FATAL, category, message, throwable); + } }