xan/awips2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge "Issue #1485 fixed bug in CAVE localization where a save() operation would appear to work when it actually failed due to user not being authorized." into 13.2.1_delivery

Browse source 
Former-commit-id: 302d33f6a13017905c5668fb12d710ecb29c4298
This commit is contained in:
Nate Jensen 2013-01-22 18:05:00 -06:00 committed by Gerrit Code Review
commit 6e89f547e5
7 changed files with 109 additions and 108 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
cave/com.raytheon.uf.viz.core/src/com/raytheon/uf/viz/core/localization/CAVELocalizationAdapter.java
View file

@ -250,7 +250,7 @@ public class CAVELocalizationAdapter implements ILocalizationAdapter {
return true;
} catch (FileNotFoundException e) {
throw new LocalizationOpFailedException(
"Error saving file, does not exist");
"Error saving, file does not exist");
} finally {
// Make sure to close input stream
if (in != null) {

2
cave/com.raytheon.uf.viz.core/src/com/raytheon/uf/viz/core/localization/LocalizationManager.java
View file

@ -777,7 +777,7 @@ public class LocalizationManager implements IPropertyChangeListener {
}
} catch (VizException e) {
throw new LocalizationOpFailedException(
"Error storing file contents to server: "
"Error uploading file contents to localization server: "
+ e.getLocalizedMessage(), e);
}

4
cave/com.raytheon.uf.viz.plugin.nwsauth/src/com/raytheon/uf/viz/plugin/nwsauth/NwsNotAuthHandler.java
View file

@ -63,7 +63,7 @@ public class NwsNotAuthHandler implements INotAuthHandler {
+ request.getClass();
UFStatus.getHandler(NwsNotAuthHandler.class).handle(Priority.PROBLEM,
message);
return null;
throw new VizException(message);
}
/*
@ -82,7 +82,7 @@ public class NwsNotAuthHandler implements INotAuthHandler {
}
UFStatus.getHandler(NwsNotAuthHandler.class).handle(Priority.PROBLEM,
message);
return null;
throw new VizException(message);
}
}

101
edexOsgi/com.raytheon.edex.utilitysrv/src/com/raytheon/edex/services/AbstractPrivilegedLocalizationRequestHandler.java
View file

@ -19,13 +19,16 @@
**/
package com.raytheon.edex.services;
import java.io.File;
import java.util.HashSet;
import java.util.Set;
import com.raytheon.uf.common.auth.exception.AuthorizationException;
import com.raytheon.uf.common.auth.req.AbstractPrivilegedRequest;
import com.raytheon.uf.common.auth.user.IUser;
import com.raytheon.uf.common.localization.IPathManager;
import com.raytheon.uf.common.localization.LocalizationContext;
import com.raytheon.uf.common.localization.LocalizationContext.LocalizationLevel;
import com.raytheon.uf.common.localization.LocalizationContext.LocalizationType;
import com.raytheon.uf.edex.auth.AuthManager;
import com.raytheon.uf.edex.auth.AuthManagerFactory;
import com.raytheon.uf.edex.auth.req.AbstractPrivilegedRequestHandler;
@ -52,86 +55,84 @@ import com.raytheon.uf.edex.auth.roles.IRoleStorage;
public abstract class AbstractPrivilegedLocalizationRequestHandler<T extends AbstractPrivilegedRequest>
extends AbstractPrivilegedRequestHandler<T> {
private static final String PATH_SEPARATOR = IPathManager.SEPARATOR;
private static final String SEPARATOR = ".";
private static final String ROLE_PREFIX = "com.raytheon.localization";
private static final String APPLICATION = "Localization";
protected AuthorizationResponse getAuthorizationResponse(IUser user,
LocalizationContext context, LocalizationLevel level,
String fileName, String myContextName)
LocalizationContext context, String fileName, String myContextName)
throws AuthorizationException {
String contextName = context.getContextName();
LocalizationLevel level = context.getLocalizationLevel();
LocalizationType type = context.getLocalizationType();
boolean contextsMatch = (myContextName != null && myContextName
.equals(contextName));
if (level.isSystemLevel()) {
return new AuthorizationResponse(false,
"Modification to system level configuration is prohibited.");
} else if (myContextName != null
&& myContextName.equals(contextName)
&& (context.getLocalizationLevel() == LocalizationLevel.USER || context
.getLocalizationLevel() == LocalizationLevel.WORKSTATION)) {
// If context names match and we are user or workstation file
// request, that is ok
} else if (level == LocalizationLevel.USER && contextsMatch) {
// Don't prevent users from modifying own files
return new AuthorizationResponse(true);
}
AuthManager manager = AuthManagerFactory.getInstance().getManager();
IRoleStorage roleStorage = manager.getRoleStorage();
String roleId = "";
String[] permissions = roleStorage
.getAllDefinedPermissions(APPLICATION);
Set<String> definedPermissions = new HashSet<String>();
for (String permission : permissions) {
definedPermissions.add(permission.toLowerCase());
}
String absoluteRoleId = buildRoleId(level, type, contextName, fileName);
// First round check com.raytheon.localization.level
// Second round check com.raytheon.localization.level.name
for (int i = 0; i < 2; ++i) {
roleId = "com.raytheon.localization."
+ context.getLocalizationLevel().name()
+ "/" + context.getLocalizationType().name();
if (i > 0) {
if (contextName != null) {
roleId += "." + contextName;
} else {
// We already checked this case
break;
}
}
String contextNameToUse = i > 0 ? contextName : null;
String roleId = buildRoleId(level, type, contextNameToUse, fileName);
// check most specific to least specific
// com.raytheon.localization.<level>.(<specificLevel>.)/type/path/name/
int minIndex = roleId.length();
roleId += File.separator + fileName;
int index = roleId.length();
int minLength = roleId.length() - fileName.length() - 1;
do {
if (roleStorage.isAuthorized(roleId,
user.uniqueId().toString(), APPLICATION)) {
return new AuthorizationResponse(true);
} else if (definedPermissions.contains(roleId.toLowerCase())) {
// User not authorized and this roleId is explicitly defined
return notAuthorized(user, absoluteRoleId);
}
while (index > minIndex) {
roleId = roleId.substring(0, index);
roleId = roleId.substring(0,
roleId.lastIndexOf(PATH_SEPARATOR, roleId.length()));
} while (roleId.length() >= minLength);
}
if (roleStorage.isAuthorized(roleId, user.uniqueId().toString(), APPLICATION)) {
if (level == LocalizationLevel.WORKSTATION && contextsMatch) {
// If no rule found and user is attempting to modify workstation
// they are using, default to allow
return new AuthorizationResponse(true);
}
index = roleId.lastIndexOf(File.separator, index - 1);
return notAuthorized(user, absoluteRoleId);
}
roleId = "com.raytheon.localization."
+ context.getLocalizationLevel().name();
if (i > 0) {
private String buildRoleId(LocalizationLevel level, LocalizationType type,
String contextName, String fileName) {
String roleId = ROLE_PREFIX + SEPARATOR + level;
if (contextName != null) {
roleId += "." + contextName;
} else {
// We already checked this case
break;
roleId += SEPARATOR + contextName;
}
roleId += PATH_SEPARATOR + type;
roleId += PATH_SEPARATOR + fileName;
return roleId;
}
// com.raytheon.localization.<level>.(<specificLevel>)
if (roleStorage.isAuthorized(roleId, user.uniqueId().toString(), APPLICATION)) {
return new AuthorizationResponse(true);
}
// com.raytheon.localization.<level>.(<specificLevel>.)/type
roleId += "/" + context.getLocalizationType().name();
if (roleStorage.isAuthorized(roleId, user.uniqueId().toString(), APPLICATION)) {
return new AuthorizationResponse(true);
}
}
private AuthorizationResponse notAuthorized(IUser user, String roleId) {
return new AuthorizationResponse(false, "User, " + user.uniqueId()
+ ", is not authorized to perform request needing role: "
+ roleId);

3
edexOsgi/com.raytheon.edex.utilitysrv/src/com/raytheon/edex/services/LocalizationStreamHandler.java
View file

@ -294,9 +294,8 @@ public class LocalizationStreamHandler
return new AuthorizationResponse(true);
} else if (request instanceof LocalizationStreamPutRequest) {
LocalizationContext context = request.getContext();
LocalizationLevel level = context.getLocalizationLevel();
String fileName = request.getFileName();
return getAuthorizationResponse(user, context, level, fileName,
return getAuthorizationResponse(user, context, fileName,
request.getMyContextName());
}
return new AuthorizationResponse(true);

4
edexOsgi/com.raytheon.edex.utilitysrv/src/com/raytheon/edex/services/PrivilegedUtilityHandler.java
View file

@ -6,7 +6,6 @@ import java.util.List;
import com.raytheon.uf.common.auth.exception.AuthorizationException;
import com.raytheon.uf.common.auth.user.IUser;
import com.raytheon.uf.common.localization.LocalizationContext;
import com.raytheon.uf.common.localization.LocalizationContext.LocalizationLevel;
import com.raytheon.uf.common.localization.msgs.AbstractPrivilegedUtilityCommand;
import com.raytheon.uf.common.localization.msgs.AbstractUtilityResponse;
import com.raytheon.uf.common.localization.msgs.DeleteUtilityCommand;
@ -73,10 +72,9 @@ public class PrivilegedUtilityHandler
AbstractPrivilegedUtilityCommand[] commands = request.getCommands();
for (AbstractPrivilegedUtilityCommand abstractUtilityCommand : commands) {
LocalizationContext context = abstractUtilityCommand.getContext();
LocalizationLevel level = context.getLocalizationLevel();
String filename = abstractUtilityCommand.getFilename();
AuthorizationResponse resp = getAuthorizationResponse(user,
context, level, filename,
context, filename,
abstractUtilityCommand.getMyContextName());
if (resp.isAuthorized() == false) {
// If we are not authorized for any of the commands, break early

3
edexOsgi/com.raytheon.uf.edex.log/src/com/raytheon/uf/edex/log/EdexLogHandler.java
View file

@ -159,6 +159,9 @@ public class EdexLogHandler implements IUFStatusHandler {
@Override
public void handle(Priority p, String category, String msg) {
// msg has been null if someone does e.getLocalizedMessage()
// and it is null which causes null pointer exception
msg = String.valueOf(msg);
if (category != null) {
StringBuilder sb = new StringBuilder(msg.length() + 64);
sb.append(category);