xan/awips2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Omaha #3211 changes to support improved authentication/authorization

Browse source 
Change-Id: If793dcbe3bed741f1b75ce338b152eb69d845172

Former-commit-id: e4a56b76a1 [formerly 9ccfc0efa1] [formerly e4029da3dc] [formerly e4029da3dc [formerly 4fdb6df9a1]] [formerly e4a56b76a1 [formerly 9ccfc0efa1] [formerly e4029da3dc] [formerly e4029da3dc [formerly 4fdb6df9a1]] [formerly 1e362625e5 [formerly e4029da3dc [formerly 4fdb6df9a1] [formerly 1e362625e5 [formerly c4eeb1730778f7f18aa4d74587ebcddb3932c6e6]]]]]
Former-commit-id: 1e362625e5
Former-commit-id: 8ca0435854 [formerly c66b2e486c] [formerly 4351e8a13d] [formerly 7a09a061c08811f08fc30b5553651381453fc322 [formerly c8f547ffed0986988a03c40defe10b5313cef154] [formerly 4351e8a13d [formerly 5a484063ac]]]
Former-commit-id: 73503dbd6ae28da23ce6455bf03279a8ea695368 [formerly 5cc3f86bc2510cf3f797f0166c48e5765f961573] [formerly c3e98aca83 [formerly a834abb826]]
Former-commit-id: 085fef1edb1ca88d76db3a3599ab8e0b5c5098db [formerly c3e98aca83]
Former-commit-id: d6b551c9b6
This commit is contained in:
Nate Jensen 2014-05-28 16:59:19 -05:00
parent ce28944567
commit a8a1bc960c
10 changed files with 37 additions and 85 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
edexOsgi/com.raytheon.edex.plugin.gfe/src/com/raytheon/edex/plugin/gfe/svcbackup/SvcBackupUtil.java
View file

@ -43,8 +43,8 @@ import com.raytheon.uf.common.status.UFStatus.Priority;
import com.raytheon.uf.common.util.RunProcess;
import com.raytheon.uf.edex.auth.AuthManager;
import com.raytheon.uf.edex.auth.AuthManagerFactory;
import com.raytheon.uf.edex.auth.authorization.IAuthorizer;
import com.raytheon.uf.edex.auth.resp.AuthorizationResponse;
import com.raytheon.uf.edex.auth.roles.IRoleStorage;
import com.raytheon.uf.edex.core.EDEXUtil;
import com.raytheon.uf.edex.core.props.PropertiesFactory;
import com.raytheon.uf.edex.site.SiteAwareRegistry;
@ -65,6 +65,7 @@ import com.raytheon.uf.edex.site.SiteAwareRegistry;
* May 02, 2013 #1762 dgilling Remove check for national center, add
* method to retrieve list of svcbu
* sites.
* May 28, 2014 3211 njensen Use IAuthorizer instead of IRoleStorage
*
* </pre>
*
@ -264,10 +265,9 @@ public class SvcBackupUtil {
public static AuthorizationResponse authorizeWithLocalization(IUser user,
AbstractGfePrivilegedRequest request) throws AuthorizationException {
AuthManager manager = AuthManagerFactory.getInstance().getManager();
IRoleStorage roles = manager.getRoleStorage();
IAuthorizer auth = manager.getAuthorizer();
String roleId = request.getRoleId();
if (roles
.isAuthorized(roleId, user.uniqueId().toString(), LOCALIZATION)) {
if (auth.isAuthorized(roleId, user.uniqueId().toString(), LOCALIZATION)) {
return new AuthorizationResponse(true);
}

24
edexOsgi/com.raytheon.uf.common.plugin.nwsauth/src/com/raytheon/uf/common/plugin/nwsauth/user/AuthenticationData.java
View file

@ -1,24 +0,0 @@
package com.raytheon.uf.common.plugin.nwsauth.user;
import com.raytheon.uf.common.auth.user.IAuthenticationData;
import com.raytheon.uf.common.serialization.annotations.DynamicSerialize;
/**
* Implementation of IAuthenticationData
*
* <pre>
*
* SOFTWARE HISTORY
* Date Ticket# Engineer Description
* ------------ ---------- ----------- --------------------------
* May 26, 2010 rgeorge Initial creation
*
* </pre>
*
* @author rgeorge
* @version 1.0
*/
@DynamicSerialize
public class AuthenticationData implements IAuthenticationData {
}

1
edexOsgi/com.raytheon.uf.common.plugin.nwsauth/src/com/raytheon/uf/common/plugin/nwsauth/user/User.java
View file

@ -1,5 +1,6 @@
package com.raytheon.uf.common.plugin.nwsauth.user;
import com.raytheon.uf.common.auth.user.AuthenticationData;
import com.raytheon.uf.common.auth.user.IAuthenticationData;
import com.raytheon.uf.common.auth.user.IUser;
import com.raytheon.uf.common.serialization.annotations.DynamicSerialize;

7
edexOsgi/com.raytheon.uf.edex.archive/src/com/raytheon/uf/edex/archive/useradmin/ArchiveAdminPrivilegedRequestHandler.java
View file

@ -24,9 +24,9 @@ import com.raytheon.uf.common.auth.exception.AuthorizationException;
import com.raytheon.uf.common.auth.user.IUser;
import com.raytheon.uf.edex.auth.AuthManager;
import com.raytheon.uf.edex.auth.AuthManagerFactory;
import com.raytheon.uf.edex.auth.authorization.IAuthorizer;
import com.raytheon.uf.edex.auth.req.AbstractPrivilegedRequestHandler;
import com.raytheon.uf.edex.auth.resp.AuthorizationResponse;
import com.raytheon.uf.edex.auth.roles.IRoleStorage;
/**
* Handler for Archive Admin Privileged Requests.
@ -38,6 +38,7 @@ import com.raytheon.uf.edex.auth.roles.IRoleStorage;
* Date Ticket# Engineer Description
* ------------ ---------- ----------- --------------------------
* Oct 02, 2013 2326 rferrel Initial creation.
* May 28, 2014 3211 njensen Use IAuthorizer instead of IRoleStorage
*
* </pre>
*
@ -85,9 +86,9 @@ public class ArchiveAdminPrivilegedRequestHandler extends
ArchiveAdminAuthRequest request) throws AuthorizationException {
AuthManager manager = AuthManagerFactory.getInstance().getManager();
IRoleStorage roleStorage = manager.getRoleStorage();
IAuthorizer auth = manager.getAuthorizer();
boolean authorized = roleStorage.isAuthorized(request.getRoleId(), user
boolean authorized = auth.isAuthorized(request.getRoleId(), user
.uniqueId().toString(), APPLICATION);
if (authorized) {

14
edexOsgi/com.raytheon.uf.edex.dissemination/src/com/raytheon/uf/edex/dissemination/OUPHandler.java
View file

@ -42,9 +42,9 @@ import com.raytheon.uf.common.status.UFStatus;
import com.raytheon.uf.common.status.UFStatus.Priority;
import com.raytheon.uf.edex.auth.AuthManager;
import com.raytheon.uf.edex.auth.AuthManagerFactory;
import com.raytheon.uf.edex.auth.authorization.IAuthorizer;
import com.raytheon.uf.edex.auth.req.AbstractPrivilegedRequestHandler;
import com.raytheon.uf.edex.auth.resp.AuthorizationResponse;
import com.raytheon.uf.edex.auth.roles.IRoleStorage;
import com.raytheon.uf.edex.dissemination.transmitted.TransProdHeader;
/**
@ -58,7 +58,8 @@ import com.raytheon.uf.edex.dissemination.transmitted.TransProdHeader;
* Oct 22, 2009 njensen Initial creation
* Oct 12, 2012 DR 15418 D. Friedman Use clustered TransmittedProductList
* Jun 07, 2013 1981 mpduff This is now a priviledged request handler.
# Nov 20, 2013 DR 16777 D. Friedman Add a test mode.
* Nov 20, 2013 DR 16777 D. Friedman Add a test mode.
* May 28, 2014 3211 njensen Use IAuthorizer instead of IRoleStorage
*
* </pre>
*
@ -80,7 +81,8 @@ public class OUPHandler extends AbstractPrivilegedRequestHandler<OUPRequest> {
return handleOUPRequest(request, false);
}
public OUPResponse handleOUPRequest(OUPRequest request, boolean test) throws Exception {
public OUPResponse handleOUPRequest(OUPRequest request, boolean test)
throws Exception {
OfficialUserProduct oup = request.getProduct();
OUPResponse resp = new OUPResponse();
boolean changedBbb = false;
@ -90,7 +92,7 @@ public class OUPHandler extends AbstractPrivilegedRequestHandler<OUPRequest> {
request = ModifyProduct.addWmoHeader(request);
}
TransProdHeader header = ModifyProduct.getProductHeader(oup);
if (request.isCheckBBB() && ! test) {
if (request.isCheckBBB() && !test) {
changedBbb = ModifyProduct.checkBBBField(oup, header);
if (changedBbb) {
resp.setChangedBBB(request.getProduct().getWmoType());
@ -197,9 +199,9 @@ public class OUPHandler extends AbstractPrivilegedRequestHandler<OUPRequest> {
authorized = true;
} else {
AuthManager manager = AuthManagerFactory.getInstance().getManager();
IRoleStorage roleStorage = manager.getRoleStorage();
IAuthorizer auth = manager.getAuthorizer();
authorized = roleStorage.isAuthorized((request).getRoleId(), user
authorized = auth.isAuthorized((request).getRoleId(), user
.uniqueId().toString(), APPLICATION);
}

6
edexOsgi/com.raytheon.uf.edex.plugin.nwsauth/res/spring/nwsauth-request.xml
View file

@ -4,14 +4,14 @@
<bean id="roleStorage" class="com.raytheon.uf.edex.plugin.nwsauth.NwsRoleStorage" />
<bean id="authenticator"
class="com.raytheon.uf.edex.plugin.nwsauth.authentication.Authenticator" />
class="com.raytheon.uf.edex.auth.authentication.HonorSystemAuthenticator" />
<bean id="authStorage"
class="com.raytheon.uf.edex.plugin.nwsauth.authentication.AuthenticationStorage" />
class="com.raytheon.uf.edex.auth.authentication.EmptyAuthenticationStorage" />
<bean id="authManager" class="com.raytheon.uf.edex.auth.AuthManager">
<property name="authenticationStorage" ref="authStorage" />
<property name="authenticator" ref="authenticator" />
<property name="roleStorage" ref="roleStorage" />
<property name="authorizer" ref="roleStorage" />
</bean>
<bean id="authFactory" class="com.raytheon.uf.edex.auth.AuthManagerFactory"

15
edexOsgi/com.raytheon.uf.edex.plugin.nwsauth/src/com/raytheon/uf/edex/plugin/nwsauth/authentication/AuthenticationStorage.java
View file

@ -1,15 +0,0 @@
package com.raytheon.uf.edex.plugin.nwsauth.authentication;
import com.raytheon.uf.common.auth.user.IAuthenticationData;
import com.raytheon.uf.common.auth.user.IUser;
import com.raytheon.uf.common.plugin.nwsauth.user.AuthenticationData;
import com.raytheon.uf.edex.auth.authentication.IAuthenticationStorage;
public class AuthenticationStorage implements IAuthenticationStorage {
@Override
public IAuthenticationData getAuthenticationDataForUser(IUser user) {
return new AuthenticationData();
}
}

15
edexOsgi/com.raytheon.uf.edex.plugin.nwsauth/src/com/raytheon/uf/edex/plugin/nwsauth/authentication/Authenticator.java
View file

@ -1,15 +0,0 @@
package com.raytheon.uf.edex.plugin.nwsauth.authentication;
import com.raytheon.uf.common.auth.user.IUser;
import com.raytheon.uf.common.plugin.nwsauth.user.AuthenticationData;
import com.raytheon.uf.edex.auth.authentication.IAuthenticator;
import com.raytheon.uf.edex.auth.resp.AuthenticationResponse;
public class Authenticator implements IAuthenticator {
@Override
public AuthenticationResponse authenticate(IUser user) {
return new AuthenticationResponse(true, new AuthenticationData());
}
}

9
edexOsgi/com.raytheon.uf.edex.tafqueue/src/com/raytheon/uf/edex/tafqueue/TafQueueRequestHandler.java
View file

@ -34,9 +34,9 @@ import com.raytheon.uf.common.tafqueue.TafQueueRequest;
import com.raytheon.uf.common.tafqueue.TafQueueRequest.Type;
import com.raytheon.uf.edex.auth.AuthManager;
import com.raytheon.uf.edex.auth.AuthManagerFactory;
import com.raytheon.uf.edex.auth.authorization.IAuthorizer;
import com.raytheon.uf.edex.auth.req.AbstractPrivilegedRequestHandler;
import com.raytheon.uf.edex.auth.resp.AuthorizationResponse;
import com.raytheon.uf.edex.auth.roles.IRoleStorage;
import com.raytheon.uf.edex.core.EDEXUtil;
import com.raytheon.uf.edex.core.EdexException;
import com.raytheon.uf.edex.database.DataAccessLayerException;
@ -54,6 +54,7 @@ import com.raytheon.uf.edex.database.DataAccessLayerException;
* May 08, 2013 1814 rjpeter Added time to live to topic
* Jun 07, 2013 1981 mpduff TafQueueRequest is now protected.
* May 08, 2014 3091 rferrel Added CHECK_AUTHORIZED.
* May 28, 2014 3211 njensen Use IAuthorizer instead of IRoleStorage
* </pre>
*
* @author rferrel
@ -217,10 +218,10 @@ public class TafQueueRequestHandler extends
public AuthorizationResponse authorized(IUser user, TafQueueRequest request)
throws AuthorizationException {
AuthManager manager = AuthManagerFactory.getInstance().getManager();
IRoleStorage roleStorage = manager.getRoleStorage();
IAuthorizer auth = manager.getAuthorizer();
boolean authorized = roleStorage.isAuthorized((request).getRoleId(),
user.uniqueId().toString(), APPLICATION);
boolean authorized = auth.isAuthorized((request).getRoleId(), user
.uniqueId().toString(), APPLICATION);
if (authorized) {
return new AuthorizationResponse(authorized);

23
edexOsgi/com.raytheon.uf.edex.useradmin/src/com/raytheon/uf/edex/useradmin/services/UserAdminPrivilegedRequestHandler.java
View file

@ -24,24 +24,25 @@ import com.raytheon.uf.common.auth.user.IUser;
import com.raytheon.uf.common.useradmin.request.UserAdminAuthRequest;
import com.raytheon.uf.edex.auth.AuthManager;
import com.raytheon.uf.edex.auth.AuthManagerFactory;
import com.raytheon.uf.edex.auth.authorization.IAuthorizer;
import com.raytheon.uf.edex.auth.req.AbstractPrivilegedRequestHandler;
import com.raytheon.uf.edex.auth.resp.AuthorizationResponse;
import com.raytheon.uf.edex.auth.roles.IRoleStorage;
/**
* Handler for User Admin Privileged Requests.
*
*
* <pre>
*
*
* SOFTWARE HISTORY
*
*
* Date Ticket# Engineer Description
* ------------ ---------- ----------- --------------------------
* May 12, 2012 mpduff Initial creation.
* Sep 24, 2012 1157 mpduff Use the application member variable.
*
* May 28, 2014 3211 njensen Use IAuthorizer instead of IRoleStorage
*
* </pre>
*
*
* @author mpduff
* @version 1.0
*/
@ -57,7 +58,7 @@ public class UserAdminPrivilegedRequestHandler extends
/*
* (non-Javadoc)
*
*
* @see
* com.raytheon.uf.common.serialization.comm.IRequestHandler#handleRequest
* (com.raytheon.uf.common.serialization.comm.IServerRequest)
@ -73,7 +74,7 @@ public class UserAdminPrivilegedRequestHandler extends
/*
* (non-Javadoc)
*
*
* @see
* com.raytheon.uf.edex.auth.req.AbstractPrivilegedRequestHandler#authorized
* (com.raytheon.uf.common.auth.user.IUser,
@ -84,10 +85,10 @@ public class UserAdminPrivilegedRequestHandler extends
UserAdminAuthRequest request) throws AuthorizationException {
AuthManager manager = AuthManagerFactory.getInstance().getManager();
IRoleStorage roleStorage = manager.getRoleStorage();
IAuthorizer auth = manager.getAuthorizer();
boolean authorized = roleStorage.isAuthorized((request).getRoleId(),
user.uniqueId().toString(), APPLICATION);
boolean authorized = auth.isAuthorized((request).getRoleId(), user
.uniqueId().toString(), APPLICATION);
if (authorized) {
return new AuthorizationResponse(authorized);