Skip to content

Commit

Permalink
feat(rest): Added basic username and password based authenticarion
Browse files Browse the repository at this point in the history 
Signed-off-by: Smruti Prakash Sahoo <[email protected]>
  • Loading branch information
@smrutis1
smrutis1 committed Mar 14, 2023
1 parent 5081686 commit 7f4fd43
Show file tree
Hide file tree
Showing 17 changed files with 321 additions and 12 deletions.
3 changes: 2 additions & 1 deletion backend/src/src-users/src/main/java/org/eclipse/sw360/users/UserHandler.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
import org.apache.logging.log4j.Logger;
import org.apache.thrift.TException;
import org.eclipse.sw360.datahandler.common.DatabaseSettings;
import org.eclipse.sw360.datahandler.thrift.AddDocumentRequestSummary;
import org.eclipse.sw360.datahandler.thrift.PaginationData;
import org.eclipse.sw360.datahandler.thrift.RequestStatus;
import org.eclipse.sw360.datahandler.thrift.users.User;
Expand Down Expand Up @@ -101,7 +102,7 @@ public List<User> getAllUsers() {
}

@Override
public RequestStatus addUser(User user) throws TException {
public AddDocumentRequestSummary addUser(User user) throws TException {
assertNotNull(user);
assertNotNull(user.getEmail());
return db.addUser(user);
Expand Down
25 changes: 23 additions & 2 deletions backend/src/src-users/src/main/java/org/eclipse/sw360/users/db/UserDatabaseHandler.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,13 @@
package org.eclipse.sw360.users.db;

import org.eclipse.sw360.datahandler.cloudantclient.DatabaseConnectorCloudant;
import org.eclipse.sw360.datahandler.common.CommonUtils;
import org.eclipse.sw360.datahandler.common.DatabaseSettings;
import org.eclipse.sw360.datahandler.couchdb.DatabaseConnector;
import org.eclipse.sw360.datahandler.db.UserRepository;
import org.eclipse.sw360.datahandler.db.UserSearchHandler;
import org.eclipse.sw360.datahandler.thrift.AddDocumentRequestStatus;
import org.eclipse.sw360.datahandler.thrift.AddDocumentRequestSummary;
import org.eclipse.sw360.datahandler.thrift.PaginationData;
import org.eclipse.sw360.datahandler.thrift.RequestStatus;
import org.eclipse.sw360.datahandler.thrift.SW360Exception;
Expand All @@ -39,6 +42,9 @@
*/
public class UserDatabaseHandler {

private static final String LAST_NAME_IS_MANDATORY = "Last Name is mandatory";
private static final String GIVEN_NAME_IS_MANDATORY = "Given Name is mandatory";
private static final String EMAIL_ID_IS_MANDATORY = "Email Id is mandatory";
/**
* Connection to the couchDB database
*/
Expand Down Expand Up @@ -76,12 +82,27 @@ private void prepareUser(User user) throws SW360Exception {
ThriftValidate.prepareUser(user);
}

public RequestStatus addUser(User user) throws SW360Exception {
public AddDocumentRequestSummary addUser(User user) throws SW360Exception {
prepareUser(user);
AddDocumentRequestSummary addDocReqSummarry = new AddDocumentRequestSummary();
User existingUserInDB = getByEmail(user.getEmail());

if (CommonUtils.isNullEmptyOrWhitespace(user.getEmail())) {
return addDocReqSummarry.setMessage(EMAIL_ID_IS_MANDATORY).setRequestStatus(AddDocumentRequestStatus.INVALID_INPUT);
} else if (CommonUtils.isNullEmptyOrWhitespace(user.getGivenname())) {
return addDocReqSummarry.setMessage(GIVEN_NAME_IS_MANDATORY).setRequestStatus(AddDocumentRequestStatus.INVALID_INPUT);
} else if (CommonUtils.isNullEmptyOrWhitespace(user.getLastname())) {
return addDocReqSummarry.setMessage(LAST_NAME_IS_MANDATORY).setRequestStatus(AddDocumentRequestStatus.INVALID_INPUT);
}

if (null != existingUserInDB) {
return addDocReqSummarry.setId(existingUserInDB.getId())
.setRequestStatus(AddDocumentRequestStatus.DUPLICATE);
}
// Add to database
db.add(user);

return RequestStatus.SUCCESS;
return addDocReqSummarry.setId(user.getId()).setRequestStatus(AddDocumentRequestStatus.SUCCESS);
}

public RequestStatus updateUser(User user) throws SW360Exception {
Expand Down
4 changes: 3 additions & 1 deletion libraries/datahandler/src/main/thrift/users.thrift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ include "sw360.thrift"
namespace java org.eclipse.sw360.datahandler.thrift.users
namespace php sw360.thrift.users

typedef sw360.AddDocumentRequestSummary AddDocumentRequestSummary
typedef sw360.RequestStatus RequestStatus
typedef sw360.PaginationData PaginationData

Expand Down Expand Up @@ -68,6 +69,7 @@ struct User {
23: optional list<string> primaryRoles,
24: optional bool deactivated
25: optional map<string, ClientMetadata> oidcClientInfos,
26: optional string password
}

struct ClientMetadata {
Expand Down Expand Up @@ -123,7 +125,7 @@ service UserService {
/**
* add SW360-user to database, user.email is used as id
**/
RequestStatus addUser(1: User user);
AddDocumentRequestSummary addUser(1: User user);

/**
* update SW360-user in database
Expand Down
2 changes: 1 addition & 1 deletion ...in/java/org/eclipse/sw360/rest/authserver/security/Sw360GrantedAuthoritiesCalculator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ public List<GrantedAuthority> generateFromUser(User user) {
List<GrantedAuthority> grantedAuthorities = new ArrayList<>();

grantedAuthorities.add(new SimpleGrantedAuthority(READ.getAuthority()));
if(user != null) {
if (user != null) {
if (PermissionUtils.isUserAtLeast(Sw360AuthorizationServer.CONFIG_WRITE_ACCESS_USERGROUP, user)) {
grantedAuthorities.add(new SimpleGrantedAuthority(Sw360GrantedAuthority.WRITE.getAuthority()));
}
Expand Down
3 changes: 3 additions & 0 deletions rest/resource-server/src/docs/asciidoc/api-guide.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -250,6 +250,9 @@ Token response elements
| `Write Access`
| rest.write.access.usergroup
| SW360_ADMIN
| `Admin Access`
| rest.admin.access.usergroup
| SW360_ADMIN
| `Enable Token Generator`
| rest.apitoken.generator.enable
| false
Expand Down
13 changes: 11 additions & 2 deletions rest/resource-server/src/docs/asciidoc/users.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,16 @@ include::{snippets}/should_document_get_user/links.adoc[]
[[resources-users-create]]
==== Creating a user

Creating a user is currently not supported by the REST API.
A `POST` request will result in an error.
A `POST` request will create a user(not in Liferay).

===== Request structure
include::{snippets}/should_document_create_user/request-fields.adoc[]

===== Response structure
include::{snippets}/should_document_create_user/response-fields.adoc[]

===== Example request
include::{snippets}/should_document_create_user/curl-request.adoc[]

===== Example response
include::{snippets}/should_document_create_user/http-response.adoc[]
7 changes: 7 additions & 0 deletions ...ource-server/src/main/java/org/eclipse/sw360/rest/resourceserver/Sw360ResourceServer.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
import java.util.Set;

import org.eclipse.sw360.datahandler.common.CommonUtils;
import org.eclipse.sw360.datahandler.thrift.users.UserGroup;
import org.eclipse.sw360.rest.common.PropertyUtils;
import org.eclipse.sw360.rest.common.Sw360CORSFilter;
import org.eclipse.sw360.rest.resourceserver.core.RestControllerHelper;
Expand Down Expand Up @@ -54,6 +55,10 @@ public class Sw360ResourceServer extends SpringBootServletInitializer {
public static final String JWKS_ISSUER_URL;
public static final String JWKS_ENDPOINT_URL;
public static final Boolean IS_JWKS_VALIDATION_ENABLED;
public static final UserGroup CONFIG_WRITE_ACCESS_USERGROUP;
public static final UserGroup CONFIG_ADMIN_ACCESS_USERGROUP;
private static final String DEFAULT_WRITE_ACCESS_USERGROUP = UserGroup.SW360_ADMIN.name();
private static final String DEFAULT_ADMIN_ACCESS_USERGROUP = UserGroup.SW360_ADMIN.name();

static {
Properties props = CommonUtils.loadProperties(Sw360ResourceServer.class, SW360_PROPERTIES_FILE_PATH);
Expand All @@ -66,6 +71,8 @@ public class Sw360ResourceServer extends SpringBootServletInitializer {
JWKS_ISSUER_URL = props.getProperty("jwks.issuer.url", null);
JWKS_ENDPOINT_URL = props.getProperty("jwks.endpoint.url", null);
IS_JWKS_VALIDATION_ENABLED = Boolean.parseBoolean(props.getProperty("jwks.validation.enabled", "false"));
CONFIG_WRITE_ACCESS_USERGROUP = UserGroup.valueOf(props.getProperty("rest.write.access.usergroup", DEFAULT_WRITE_ACCESS_USERGROUP));
CONFIG_ADMIN_ACCESS_USERGROUP = UserGroup.valueOf(props.getProperty("rest.admin.access.usergroup", DEFAULT_ADMIN_ACCESS_USERGROUP));
}

@Bean
Expand Down
5 changes: 5 additions & 0 deletions ...erver/src/main/java/org/eclipse/sw360/rest/resourceserver/core/JacksonCustomizations.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -254,6 +254,7 @@ static abstract class EmbeddedProjectMixin extends ProjectMixin {
@JsonIgnoreProperties({
"id",
"revision",
"setPassword",
"externalid",
"wantsMailNotification",
"setWantsMailNotification",
Expand Down Expand Up @@ -301,6 +302,10 @@ static abstract class UserMixin extends User {
@Override
@JsonProperty("lastName")
abstract public String getLastname();

@Override
@JsonProperty(access = Access.WRITE_ONLY)
abstract public String getPassword();
}

@JsonInclude(JsonInclude.Include.NON_NULL)
Expand Down
9 changes: 8 additions & 1 deletion ...server/src/main/java/org/eclipse/sw360/rest/resourceserver/core/RestControllerHelper.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,14 @@ public class RestControllerHelper<T> {

public User getSw360UserFromAuthentication() {
try {
String userId = (String) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
String userId;
Object principle = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
if (principle instanceof String) {
userId = principle.toString();
} else {
org.springframework.security.core.userdetails.User user = (org.springframework.security.core.userdetails.User) principle;
userId = user.getUsername();
}
return userService.getUserByEmailOrExternalId(userId);
} catch (RuntimeException e) {
throw new AuthenticationServiceException("Could not load user from authentication.");
Expand Down
24 changes: 23 additions & 1 deletion ...main/java/org/eclipse/sw360/rest/resourceserver/security/ResourceServerConfiguration.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,11 +10,15 @@

package org.eclipse.sw360.rest.resourceserver.security;

import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.eclipse.sw360.rest.resourceserver.core.SimpleAuthenticationEntryPoint;
import org.eclipse.sw360.rest.resourceserver.security.apiToken.ApiTokenAuthenticationFilter;
import org.eclipse.sw360.rest.resourceserver.security.apiToken.ApiTokenAuthenticationProvider;
import org.eclipse.sw360.rest.resourceserver.security.basic.Sw360CustomUserDetailsService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.security.oauth2.resource.ResourceServerProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile;
import org.springframework.http.HttpMethod;
Expand All @@ -24,10 +28,12 @@
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;

@Profile("!SECURITY_MOCK")
Expand All @@ -37,12 +43,17 @@
@EnableGlobalMethodSecurity(prePostEnabled = true, proxyTargetClass = true)
public class ResourceServerConfiguration extends WebSecurityConfigurerAdapter implements ResourceServerConfigurer {

private final Logger log = LogManager.getLogger(this.getClass());

@Autowired
private ApiTokenAuthenticationFilter filter;

@Autowired
private ApiTokenAuthenticationProvider authProvider;

@Autowired
private Sw360CustomUserDetailsService userDetailsService;

@Autowired
private ResourceServerProperties resourceServerProperties;

Expand All @@ -53,6 +64,11 @@ public ResourceServerConfiguration(ResourceServerProperties resourceServerProper
@Override
protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) {
authenticationManagerBuilder.authenticationProvider(this.authProvider);
try {
authenticationManagerBuilder.userDetailsService(userDetailsService);
} catch (Exception e) {
log.error("Error in Authentication", e);
}
}

@Override
Expand All @@ -73,6 +89,7 @@ public void configure(HttpSecurity http) throws Exception {
http
.addFilterBefore(filter, BasicAuthenticationFilter.class)
.authenticationProvider(authProvider)
.userDetailsService(userDetailsService)
.httpBasic()
.and()
.authorizeRequests()
Expand All @@ -86,4 +103,9 @@ public void configure(HttpSecurity http) throws Exception {
.antMatchers(HttpMethod.PATCH, "/api/**").hasAuthority("WRITE").and()
.csrf().disable().exceptionHandling().authenticationEntryPoint(saep);
}

@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
38 changes: 38 additions & 0 deletions ...a/org/eclipse/sw360/rest/resourceserver/security/basic/Sw360CustomUserDetailsService.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
/*
SPDX-FileCopyrightText: © 2022 Siemens AG
SPDX-License-Identifier: EPL-2.0
*/
package org.eclipse.sw360.rest.resourceserver.security.basic;

import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.eclipse.sw360.datahandler.thrift.users.User;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Profile;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Component;

import lombok.RequiredArgsConstructor;

@Profile("!SECURITY_MOCK")
@Component
@RequiredArgsConstructor(onConstructor = @__(@Autowired))
public class Sw360CustomUserDetailsService implements UserDetailsService {

private static final Logger log = LogManager.getLogger(Sw360CustomUserDetailsService.class);

@Autowired
Sw360UserDetailsProvider sw360UserDetailsProvider;

@Override
public UserDetails loadUserByUsername(String userid) {
log.info("Authenticating for the user with username {}", userid);
User user = sw360UserDetailsProvider.provideUserDetails(userid, null);
return new org.springframework.security.core.userdetails.User(user.getEmail(), user.getPassword(),
Sw360GrantedAuthoritiesCalculator.generateFromUser(user));
}
}
37 changes: 37 additions & 0 deletions ...g/eclipse/sw360/rest/resourceserver/security/basic/Sw360GrantedAuthoritiesCalculator.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
/*
SPDX-FileCopyrightText: © 2022 Siemens AG
SPDX-License-Identifier: EPL-2.0
*/
package org.eclipse.sw360.rest.resourceserver.security.basic;

import java.util.ArrayList;
import java.util.List;

import org.eclipse.sw360.datahandler.permissions.PermissionUtils;
import org.eclipse.sw360.datahandler.thrift.users.User;
import org.eclipse.sw360.rest.resourceserver.Sw360ResourceServer;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;

/**
* This class offer helper methods to calculate the {@GrantedAuthority} for a
* user.
*/
public class Sw360GrantedAuthoritiesCalculator {

public static List<GrantedAuthority> generateFromUser(User user) {
List<GrantedAuthority> grantedAuthorities = new ArrayList<>();

grantedAuthorities.add(new SimpleGrantedAuthority(Sw360GrantedAuthority.READ.getAuthority()));
if (user != null) {
if (PermissionUtils.isUserAtLeast(Sw360ResourceServer.CONFIG_WRITE_ACCESS_USERGROUP, user)) {
grantedAuthorities.add(new SimpleGrantedAuthority(Sw360GrantedAuthority.WRITE.getAuthority()));
}
if (PermissionUtils.isUserAtLeast(Sw360ResourceServer.CONFIG_ADMIN_ACCESS_USERGROUP, user)) {
grantedAuthorities.add(new SimpleGrantedAuthority(Sw360GrantedAuthority.ADMIN.getAuthority()));
}
}

return grantedAuthorities;
}
}
17 changes: 17 additions & 0 deletions ...main/java/org/eclipse/sw360/rest/resourceserver/security/basic/Sw360GrantedAuthority.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
/*
SPDX-FileCopyrightText: © 2022 Siemens AG
SPDX-License-Identifier: EPL-2.0
*/
package org.eclipse.sw360.rest.resourceserver.security.basic;

import org.springframework.security.core.GrantedAuthority;

public enum Sw360GrantedAuthority implements GrantedAuthority {

BASIC, READ, WRITE, ADMIN;

@Override
public String getAuthority() {
return toString();
}
}
Loading

0 comments on commit 7f4fd43

Please sign in to comment.