From f51ba582560b66b104c74870f01159af7ff6dfc0 Mon Sep 17 00:00:00 2001 From: Andre Date: Thu, 22 Nov 2018 14:56:29 +0100 Subject: [PATCH] #28: add static role names and automatic role adder --- .../core/sec/AdminToolCoreRoles.java | 26 ++++++++++++++++ .../admintool/core/sec/AdminToolRoles.java | 14 +++++++++ .../admintool/db/AdminToolDBBrowserRoles.java | 26 ++++++++++++++++ .../AdminToolFileBrowserRoles.java | 26 ++++++++++++++++ .../fileviewer/AdminToolFileViewerRoles.java | 26 ++++++++++++++++ .../admintool/jminix/AdminToolJmxRoles.java | 26 ++++++++++++++++ .../admintool/log4j2/AdminToolLog4jRoles.java | 29 ++++++++++++++++++ .../melody/AdminToolMelodyRoles.java | 26 ++++++++++++++++ .../properties/AdminToolPropertiesRoles.java | 26 ++++++++++++++++ .../quartz/AdminToolQuartzRoles.java | 29 ++++++++++++++++++ .../security/dbuser/AdminToolSecDBLoader.java | 22 +++++++++----- .../security/dbuser/AdminToolSecDBRoles.java | 30 +++++++++++++++++++ .../security/dbuser/repo/RoleRepository.java | 2 ++ .../service/AdminToolSecDBRoleService.java | 2 ++ .../AdminToolSecDBRoleServiceImpl.java | 27 +++++++++++++++++ pom.xml | 4 +-- 16 files changed, 332 insertions(+), 9 deletions(-) create mode 100644 admin-tools-core/src/main/java/de/chandre/admintool/core/sec/AdminToolCoreRoles.java create mode 100644 admin-tools-core/src/main/java/de/chandre/admintool/core/sec/AdminToolRoles.java create mode 100644 admin-tools-dbbrowser/src/main/java/de/chandre/admintool/db/AdminToolDBBrowserRoles.java create mode 100644 admin-tools-filebrowser/src/main/java/de/chandre/admintool/filebrowser/AdminToolFileBrowserRoles.java create mode 100644 admin-tools-filebrowser/src/main/java/de/chandre/admintool/fileviewer/AdminToolFileViewerRoles.java create mode 100644 admin-tools-jminix/src/main/java/de/chandre/admintool/jminix/AdminToolJmxRoles.java create mode 100644 admin-tools-log4j2/src/main/java/de/chandre/admintool/log4j2/AdminToolLog4jRoles.java create mode 100644 admin-tools-melody/src/main/java/de/chandre/admintool/melody/AdminToolMelodyRoles.java create mode 100644 admin-tools-properties/src/main/java/de/chandre/admintool/properties/AdminToolPropertiesRoles.java create mode 100644 admin-tools-quartz/src/main/java/de/chandre/admintool/quartz/AdminToolQuartzRoles.java create mode 100644 admin-tools-security/admin-tools-security-dbuser/src/main/java/de/chandre/admintool/security/dbuser/AdminToolSecDBRoles.java diff --git a/admin-tools-core/src/main/java/de/chandre/admintool/core/sec/AdminToolCoreRoles.java b/admin-tools-core/src/main/java/de/chandre/admintool/core/sec/AdminToolCoreRoles.java new file mode 100644 index 0000000..f10b45f --- /dev/null +++ b/admin-tools-core/src/main/java/de/chandre/admintool/core/sec/AdminToolCoreRoles.java @@ -0,0 +1,26 @@ +package de.chandre.admintool.core.sec; + +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; + +import org.springframework.stereotype.Component; + +import de.chandre.admintool.core.sec.AdminToolRoles; + +/** + * + * @author Andre + * @since 1.2.0 + */ +@Component +public class AdminToolCoreRoles implements AdminToolRoles { + + public static String ROLE_ATCORE = "ATCORE"; + + @Override + public Collection getRoles() { + return Collections.unmodifiableList(Arrays.asList(ROLE_ATCORE)); + } + +} diff --git a/admin-tools-core/src/main/java/de/chandre/admintool/core/sec/AdminToolRoles.java b/admin-tools-core/src/main/java/de/chandre/admintool/core/sec/AdminToolRoles.java new file mode 100644 index 0000000..0e32005 --- /dev/null +++ b/admin-tools-core/src/main/java/de/chandre/admintool/core/sec/AdminToolRoles.java @@ -0,0 +1,14 @@ +package de.chandre.admintool.core.sec; + +import java.util.Collection; + +/** + * interface for roles of a admintool component + * (placed in core to avoid interdependencies) + * @author Andre + * @since 1.2.0 + */ +public interface AdminToolRoles { + + Collection getRoles(); +} diff --git a/admin-tools-dbbrowser/src/main/java/de/chandre/admintool/db/AdminToolDBBrowserRoles.java b/admin-tools-dbbrowser/src/main/java/de/chandre/admintool/db/AdminToolDBBrowserRoles.java new file mode 100644 index 0000000..7e6bf0e --- /dev/null +++ b/admin-tools-dbbrowser/src/main/java/de/chandre/admintool/db/AdminToolDBBrowserRoles.java @@ -0,0 +1,26 @@ +package de.chandre.admintool.db; + +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; + +import org.springframework.stereotype.Component; + +import de.chandre.admintool.core.sec.AdminToolRoles; + +/** + * + * @author Andre + * @since 1.2.0 + */ +@Component +public class AdminToolDBBrowserRoles implements AdminToolRoles { + + public static String ROLE_DBBROWSER = "DBBROWSER"; + + @Override + public Collection getRoles() { + return Collections.unmodifiableList(Arrays.asList(ROLE_DBBROWSER)); + } + +} diff --git a/admin-tools-filebrowser/src/main/java/de/chandre/admintool/filebrowser/AdminToolFileBrowserRoles.java b/admin-tools-filebrowser/src/main/java/de/chandre/admintool/filebrowser/AdminToolFileBrowserRoles.java new file mode 100644 index 0000000..ab69891 --- /dev/null +++ b/admin-tools-filebrowser/src/main/java/de/chandre/admintool/filebrowser/AdminToolFileBrowserRoles.java @@ -0,0 +1,26 @@ +package de.chandre.admintool.filebrowser; + +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; + +import org.springframework.stereotype.Component; + +import de.chandre.admintool.core.sec.AdminToolRoles; + +/** + * + * @author Andre + * @since 1.2.0 + */ +@Component +public class AdminToolFileBrowserRoles implements AdminToolRoles { + + public static String ROLE_FILEBROWSER = "FILEBROWSER"; + + @Override + public Collection getRoles() { + return Collections.unmodifiableList(Arrays.asList(ROLE_FILEBROWSER)); + } + +} diff --git a/admin-tools-filebrowser/src/main/java/de/chandre/admintool/fileviewer/AdminToolFileViewerRoles.java b/admin-tools-filebrowser/src/main/java/de/chandre/admintool/fileviewer/AdminToolFileViewerRoles.java new file mode 100644 index 0000000..458d577 --- /dev/null +++ b/admin-tools-filebrowser/src/main/java/de/chandre/admintool/fileviewer/AdminToolFileViewerRoles.java @@ -0,0 +1,26 @@ +package de.chandre.admintool.fileviewer; + +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; + +import org.springframework.stereotype.Component; + +import de.chandre.admintool.core.sec.AdminToolRoles; + +/** + * + * @author Andre + * @since 1.2.0 + */ +@Component +public class AdminToolFileViewerRoles implements AdminToolRoles { + + public static String ROLE_FILEVIEWER = "FILEVIEWER"; + + @Override + public Collection getRoles() { + return Collections.unmodifiableList(Arrays.asList(ROLE_FILEVIEWER)); + } + +} diff --git a/admin-tools-jminix/src/main/java/de/chandre/admintool/jminix/AdminToolJmxRoles.java b/admin-tools-jminix/src/main/java/de/chandre/admintool/jminix/AdminToolJmxRoles.java new file mode 100644 index 0000000..8faff14 --- /dev/null +++ b/admin-tools-jminix/src/main/java/de/chandre/admintool/jminix/AdminToolJmxRoles.java @@ -0,0 +1,26 @@ +package de.chandre.admintool.jminix; + +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; + +import org.springframework.stereotype.Component; + +import de.chandre.admintool.core.sec.AdminToolRoles; + +/** + * + * @author Andre + * @since 1.2.0 + */ +@Component +public class AdminToolJmxRoles implements AdminToolRoles { + + public static String ROLE_JMX = "JMX"; + + @Override + public Collection getRoles() { + return Collections.unmodifiableList(Arrays.asList(ROLE_JMX)); + } + +} diff --git a/admin-tools-log4j2/src/main/java/de/chandre/admintool/log4j2/AdminToolLog4jRoles.java b/admin-tools-log4j2/src/main/java/de/chandre/admintool/log4j2/AdminToolLog4jRoles.java new file mode 100644 index 0000000..f16f583 --- /dev/null +++ b/admin-tools-log4j2/src/main/java/de/chandre/admintool/log4j2/AdminToolLog4jRoles.java @@ -0,0 +1,29 @@ +package de.chandre.admintool.log4j2; + +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; + +import org.springframework.stereotype.Component; + +import de.chandre.admintool.core.sec.AdminToolRoles; + +/** + * + * @author Andre + * @since 1.2.0 + */ +@Component +public class AdminToolLog4jRoles implements AdminToolRoles { + + public static String ROLE_LOG4J = "LOG4J"; + + public static String ROLE_LOG4J_LOGGERS = "LOG4J_LOGGERS"; + public static String ROLE_LOG4J_CONSOLE = "LOG4J_CONSOLE"; + + @Override + public Collection getRoles() { + return Collections.unmodifiableList(Arrays.asList(ROLE_LOG4J, ROLE_LOG4J_LOGGERS, ROLE_LOG4J_CONSOLE)); + } + +} diff --git a/admin-tools-melody/src/main/java/de/chandre/admintool/melody/AdminToolMelodyRoles.java b/admin-tools-melody/src/main/java/de/chandre/admintool/melody/AdminToolMelodyRoles.java new file mode 100644 index 0000000..80db755 --- /dev/null +++ b/admin-tools-melody/src/main/java/de/chandre/admintool/melody/AdminToolMelodyRoles.java @@ -0,0 +1,26 @@ +package de.chandre.admintool.melody; + +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; + +import org.springframework.stereotype.Component; + +import de.chandre.admintool.core.sec.AdminToolRoles; + +/** + * + * @author Andre + * @since 1.2.0 + */ +@Component +public class AdminToolMelodyRoles implements AdminToolRoles { + + public static String ROLE_MELODY = "MELODY"; + + @Override + public Collection getRoles() { + return Collections.unmodifiableList(Arrays.asList(ROLE_MELODY)); + } + +} diff --git a/admin-tools-properties/src/main/java/de/chandre/admintool/properties/AdminToolPropertiesRoles.java b/admin-tools-properties/src/main/java/de/chandre/admintool/properties/AdminToolPropertiesRoles.java new file mode 100644 index 0000000..3bf52df --- /dev/null +++ b/admin-tools-properties/src/main/java/de/chandre/admintool/properties/AdminToolPropertiesRoles.java @@ -0,0 +1,26 @@ +package de.chandre.admintool.properties; + +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; + +import org.springframework.stereotype.Component; + +import de.chandre.admintool.core.sec.AdminToolRoles; + +/** + * + * @author Andre + * @since 1.2.0 + */ +@Component +public class AdminToolPropertiesRoles implements AdminToolRoles { + + public static String ROLE_PROPS = "PROPS"; + + @Override + public Collection getRoles() { + return Collections.unmodifiableList(Arrays.asList(ROLE_PROPS)); + } + +} diff --git a/admin-tools-quartz/src/main/java/de/chandre/admintool/quartz/AdminToolQuartzRoles.java b/admin-tools-quartz/src/main/java/de/chandre/admintool/quartz/AdminToolQuartzRoles.java new file mode 100644 index 0000000..74fd1d0 --- /dev/null +++ b/admin-tools-quartz/src/main/java/de/chandre/admintool/quartz/AdminToolQuartzRoles.java @@ -0,0 +1,29 @@ +package de.chandre.admintool.quartz; + +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; + +import org.springframework.stereotype.Component; + +import de.chandre.admintool.core.sec.AdminToolRoles; + +/** + * + * @author Andre + * @since 1.2.0 + */ +@Component +public class AdminToolQuartzRoles implements AdminToolRoles { + + public static String ROLE_QUARTZ = "QUARTZ"; + + public static String ROLE_QUARTZ_CONFIG = "QUARTZ_CONFIG"; + public static String ROLE_QUARTZ_JOBS = "QUARTZ_JOBS"; + + @Override + public Collection getRoles() { + return Collections.unmodifiableList(Arrays.asList(ROLE_QUARTZ, ROLE_QUARTZ_CONFIG, ROLE_QUARTZ_JOBS)); + } + +} diff --git a/admin-tools-security/admin-tools-security-dbuser/src/main/java/de/chandre/admintool/security/dbuser/AdminToolSecDBLoader.java b/admin-tools-security/admin-tools-security-dbuser/src/main/java/de/chandre/admintool/security/dbuser/AdminToolSecDBLoader.java index a59aac4..df159d0 100644 --- a/admin-tools-security/admin-tools-security-dbuser/src/main/java/de/chandre/admintool/security/dbuser/AdminToolSecDBLoader.java +++ b/admin-tools-security/admin-tools-security-dbuser/src/main/java/de/chandre/admintool/security/dbuser/AdminToolSecDBLoader.java @@ -1,6 +1,7 @@ package de.chandre.admintool.security.dbuser; -import java.util.HashSet; +import java.util.Collection; +import java.util.stream.Collectors; import javax.annotation.PostConstruct; @@ -17,6 +18,8 @@ import de.chandre.admintool.core.component.AdminComponent; import de.chandre.admintool.core.component.AdminComponentImpl; import de.chandre.admintool.core.component.MenuEntry; +import de.chandre.admintool.core.sec.AdminToolRoles; +import de.chandre.admintool.security.dbuser.service.AdminToolSecDBRoleService; /** * @@ -37,6 +40,11 @@ public class AdminToolSecDBLoader extends AbstractAdminToolLoader { @Autowired private TemplateEngine templateEngine; + @Autowired + private AdminToolSecDBRoleService roleService; + + @Autowired Collection atRoles; + @PostConstruct public void configureAdminTool() { @@ -51,13 +59,13 @@ public void configureAdminTool() templateEngine.addDialect(timeDialect); } - LOGGER.info("adding database user management view to admin tool"); + int roleInterfaceSize = atRoles != null ? atRoles.size() : 0; + LOGGER.info("found " + roleInterfaceSize + " interfaces with roles"); + if (roleInterfaceSize > 0) { + roleService.addRolesIfNotExists(atRoles.stream().flatMap(roleI -> roleI.getRoles().stream()).collect(Collectors.toSet())); + } - HashSet allRoles = new HashSet<>(); - allRoles.addAll(config.getSecurityRolesClients()); - allRoles.addAll(config.getSecurityRolesGroups()); - allRoles.addAll(config.getSecurityRolesRoles()); - allRoles.addAll(config.getSecurityRolesUsers()); + LOGGER.info("adding database user management view to admin tool"); AdminComponent component = new AdminComponentImpl.AdminComponentBuilder() .displayName("User-Management") diff --git a/admin-tools-security/admin-tools-security-dbuser/src/main/java/de/chandre/admintool/security/dbuser/AdminToolSecDBRoles.java b/admin-tools-security/admin-tools-security-dbuser/src/main/java/de/chandre/admintool/security/dbuser/AdminToolSecDBRoles.java new file mode 100644 index 0000000..f6cbddd --- /dev/null +++ b/admin-tools-security/admin-tools-security-dbuser/src/main/java/de/chandre/admintool/security/dbuser/AdminToolSecDBRoles.java @@ -0,0 +1,30 @@ +package de.chandre.admintool.security.dbuser; + +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; + +import org.springframework.stereotype.Component; + +import de.chandre.admintool.core.sec.AdminToolRoles; + +/** + * + * @author Andre + * @since 1.2.0 + */ +@Component +public class AdminToolSecDBRoles implements AdminToolRoles { + + public static String ROLE_CLIENT = "CLIENT"; + public static String ROLE_ROLES = "ROLES"; + public static String ROLE_USERS = "USERS"; + public static String ROLE_GROUPS = "GROUPS"; + public static String ROLE_ACCMGMT = "ACCMGMT"; + + @Override + public Collection getRoles() { + return Collections.unmodifiableList(Arrays.asList(ROLE_CLIENT, ROLE_ROLES, ROLE_USERS, ROLE_GROUPS, ROLE_ACCMGMT)); + } + +} diff --git a/admin-tools-security/admin-tools-security-dbuser/src/main/java/de/chandre/admintool/security/dbuser/repo/RoleRepository.java b/admin-tools-security/admin-tools-security-dbuser/src/main/java/de/chandre/admintool/security/dbuser/repo/RoleRepository.java index 681282d..7d39c76 100644 --- a/admin-tools-security/admin-tools-security-dbuser/src/main/java/de/chandre/admintool/security/dbuser/repo/RoleRepository.java +++ b/admin-tools-security/admin-tools-security-dbuser/src/main/java/de/chandre/admintool/security/dbuser/repo/RoleRepository.java @@ -22,6 +22,8 @@ public interface RoleRepository extends JpaRepository { @Query("SELECT r.name FROM ATRole r") List findAllRoleNames(); + List findByNameIn(Set ids); + List findByIdIn(Set ids); void deleteByName(String name); diff --git a/admin-tools-security/admin-tools-security-dbuser/src/main/java/de/chandre/admintool/security/dbuser/service/AdminToolSecDBRoleService.java b/admin-tools-security/admin-tools-security-dbuser/src/main/java/de/chandre/admintool/security/dbuser/service/AdminToolSecDBRoleService.java index 8949353..cddc55e 100644 --- a/admin-tools-security/admin-tools-security-dbuser/src/main/java/de/chandre/admintool/security/dbuser/service/AdminToolSecDBRoleService.java +++ b/admin-tools-security/admin-tools-security-dbuser/src/main/java/de/chandre/admintool/security/dbuser/service/AdminToolSecDBRoleService.java @@ -26,4 +26,6 @@ public interface AdminToolSecDBRoleService { Set updateRole(AccessRelationTO accessRelationTO); + Set addRolesIfNotExists(Set roles); + } diff --git a/admin-tools-security/admin-tools-security-dbuser/src/main/java/de/chandre/admintool/security/dbuser/service/AdminToolSecDBRoleServiceImpl.java b/admin-tools-security/admin-tools-security-dbuser/src/main/java/de/chandre/admintool/security/dbuser/service/AdminToolSecDBRoleServiceImpl.java index 986278a..5acf738 100644 --- a/admin-tools-security/admin-tools-security-dbuser/src/main/java/de/chandre/admintool/security/dbuser/service/AdminToolSecDBRoleServiceImpl.java +++ b/admin-tools-security/admin-tools-security-dbuser/src/main/java/de/chandre/admintool/security/dbuser/service/AdminToolSecDBRoleServiceImpl.java @@ -1,8 +1,11 @@ package de.chandre.admintool.security.dbuser.service; +import java.time.LocalDateTime; +import java.time.format.DateTimeFormatter; import java.util.HashSet; import java.util.List; import java.util.Set; +import java.util.stream.Collectors; import org.apache.commons.lang3.StringUtils; import org.apache.commons.logging.Log; @@ -56,6 +59,30 @@ public ATRole saveRole(ATRole role) { return roleRepository.saveAndFlush(role); } + @Override + public Set addRolesIfNotExists(Set roles) { + + Set rolesToAdd = roles.stream().map(role -> ATRole.checkForPrefix(role)).collect(Collectors.toSet()); + + List existingRoles = roleRepository.findByNameIn(rolesToAdd); + if (!CollectionUtils.isEmpty(existingRoles)) { + existingRoles.forEach(role -> { + if(rolesToAdd.contains(role.getName())) { + rolesToAdd.remove(role.getName()); + } + }); + } + Set errors = new HashSet<>(); + LOGGER.info("there are " + rolesToAdd.size() + " roles to add"); + if (!CollectionUtils.isEmpty(rolesToAdd)) { + rolesToAdd.forEach(roleToAdd -> { + errors.addAll(addRole(roleToAdd, roleToAdd, + "automatically created: " + LocalDateTime.now().format(DateTimeFormatter.ISO_DATE_TIME), false)); + }); + } + return errors; + } + @Override public Set updateRole(AccessRelationTO accessRelationTO) { Set errors = null; diff --git a/pom.xml b/pom.xml index 8c3fb20..52e6b17 100644 --- a/pom.xml +++ b/pom.xml @@ -69,12 +69,12 @@ admin-tools-properties admin-tools-demo-core admin-tools-demo-jar admin-tools-demo-war - + admin-tools-demo-fileserver