-
Notifications
You must be signed in to change notification settings - Fork 5
feat: show how to secure api by using scope #81
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from all commits
Commits
Show all changes
2 commits
Select commit
Hold shift + click to select a range
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| # Jahia Filter with OSGi | ||
|
|
||
| This repository contains samples of Jahia Filter declared with OSGi | ||
|
|
||
| ## How to test it | ||
|
|
||
| - Deploy the module on your server | ||
| - You should see servlet filter activate successfully from the logs | ||
| - Go to any page on jahia and check response headers | ||
| - You should be able to see header value injected ("x-sample-filter-header": "some-test-value") |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,53 @@ | ||
| <?xml version="1.0" encoding="UTF-8"?> | ||
| <project xmlns="http://maven.apache.org/POM/4.0.0" | ||
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
| xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> | ||
| <modelVersion>4.0.0</modelVersion> | ||
|
|
||
| <parent> | ||
| <artifactId>jahia-modules</artifactId> | ||
| <groupId>org.jahia.modules</groupId> | ||
| <version>8.1.8.0</version> | ||
| </parent> | ||
|
|
||
| <artifactId>protected-servlet-samples</artifactId> | ||
| <groupId>org.foo.modules</groupId> | ||
| <version>1.0.0-SNAPSHOT</version> | ||
| <packaging>bundle</packaging> | ||
| <name>Jahia protected API samples</name> | ||
| <description>This is a module providing a servlet protected by scope</description> | ||
|
|
||
| <scm> | ||
| <connection>scm:git:git@github.com:Jahia/OSGi-modules-samples.git</connection> | ||
| <developerConnection>scm:git:git@github.com:Jahia/OSGi-modules-samples.git</developerConnection> | ||
| <url>https://github.com/Jahia/OSGi-modules-samples</url> | ||
| <tag>HEAD</tag> | ||
| </scm> | ||
|
|
||
| <repositories> | ||
| <repository> | ||
| <id>jahia-public</id> | ||
| <name>Jahia public Repository</name> | ||
| <url>https://devtools.jahia.com/nexus/content/groups/public/</url> | ||
| <releases> | ||
| <enabled>true</enabled> | ||
| <updatePolicy>never</updatePolicy> | ||
| </releases> | ||
| </repository> | ||
| </repositories> | ||
|
|
||
| <build> | ||
| <plugins> | ||
| <plugin> | ||
| <groupId>org.apache.felix</groupId> | ||
| <artifactId>maven-bundle-plugin</artifactId> | ||
| <extensions>true</extensions> | ||
| <configuration> | ||
| <instructions> | ||
| <_dsannotations>*</_dsannotations> | ||
| </instructions> | ||
| </configuration> | ||
| </plugin> | ||
| </plugins> | ||
| </build> | ||
| </project> |
79 changes: 79 additions & 0 deletions
79
protected-servlet-sample/src/main/java/org/sample/modules/sampleservlet/SampleServlet.java
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,79 @@ | ||
| package org.sample.modules.sampleservlet; | ||
|
|
||
| import org.jahia.exceptions.JahiaException; | ||
| import org.jahia.services.securityfilter.PermissionService; | ||
| import org.osgi.service.component.annotations.Component; | ||
| import org.osgi.service.component.annotations.Reference; | ||
| import org.slf4j.Logger; | ||
| import org.slf4j.LoggerFactory; | ||
|
|
||
| import javax.jcr.RepositoryException; | ||
| import javax.servlet.*; | ||
| import javax.servlet.http.HttpServlet; | ||
| import javax.servlet.http.HttpServletRequest; | ||
| import javax.servlet.http.HttpServletResponse; | ||
| import java.io.IOException; | ||
|
|
||
| /** | ||
| * Example servlet which is accessible for users having the scope sampleApi | ||
| * This scope is automatically applied for user having the admin permission. | ||
| */ | ||
| @Component(service = { javax.servlet.http.HttpServlet.class, javax.servlet.Servlet.class }, property = { "alias=/sample" }) | ||
| public class SampleServlet extends HttpServlet { | ||
|
|
||
| private static final String SCOPE = "sampleApi"; | ||
| private static final Logger LOGGER = LoggerFactory.getLogger(SampleServlet.class); | ||
|
|
||
| private PermissionService permissionService; | ||
|
|
||
| @Reference | ||
| public void setPermissionService(PermissionService permissionService) { | ||
| this.permissionService = permissionService; | ||
| } | ||
|
|
||
| @Override | ||
| public void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { | ||
| LOGGER.info("Received request"); | ||
| String api = request.getPathInfo().substring(1); | ||
| try { | ||
| checkUserAccess(api); | ||
| } catch (RepositoryException e) { | ||
| response.sendError(500, "Error while calling api, check logs for more details"); | ||
| LOGGER.error("Error while calling action, check logs for more details", e); | ||
| return; | ||
| } catch (JahiaException e) { | ||
| LOGGER.debug("Access denied to call api {}", api, e); | ||
| response.sendError(404, "Entrypoint not found: " + api); | ||
| return; | ||
| } | ||
|
|
||
| response.setStatus(HttpServletResponse.SC_OK); | ||
| response.setContentType("text/plain; charset=UTF-8"); | ||
| switch (api) { | ||
| case "sayHello": | ||
| response.getWriter().write("Hello!"); | ||
| break; | ||
| case "sayHi": | ||
| response.getWriter().write("Hi!"); | ||
| break; | ||
| case "sayBye": | ||
| response.getWriter().write("Bye!"); | ||
| break; | ||
| default: | ||
| response.getWriter().write("Unknown API"); | ||
| } | ||
|
|
||
| } | ||
|
|
||
| public SampleServlet() { | ||
| LOGGER.info("Sample servlet started"); | ||
| } | ||
|
|
||
| public void checkUserAccess(String api) throws RepositoryException, JahiaException { | ||
| if (!this.permissionService.hasPermission(SCOPE + "." + api)) { | ||
| LOGGER.warn("Access not permitted to call api {}", api); | ||
| throw new JahiaException(SCOPE + "." + api, "Access to api [" + api + "] is secured and restricted", | ||
| JahiaException.SECURITY_ERROR, JahiaException.WARNING_SEVERITY); | ||
| } | ||
| } | ||
| } |
17 changes: 17 additions & 0 deletions
17
...rc/main/resources/META-INF/configurations/org.jahia.bundles.api.authorization-sample.yaml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| # This file is an example of a scope configuration file that can be used to define access control rules for an API in Jahia. | ||
| # It defines a scope called "sampleScope" that grants access to the "sampleApi" API | ||
| # for users with the "admin" permission. | ||
| # The scope is automatically applied to all requests. | ||
| # To go further and see more advanced configurations, please refer to the following page: | ||
| # https://academy.jahia.com/documentation/jahia-cms/jahia-8.2/developer/working-with-our-apis/security-service-and-filter | ||
| sampleScope: | ||
| description: Can access to the sample API | ||
| metadata: | ||
| visible: true | ||
| constraints: | ||
| - user_permission: admin | ||
| path: / | ||
| auto_apply: | ||
| - always: true | ||
| grants: | ||
| - api: sampleApi |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could we add some comments here to explain values and options ?