-
Notifications
You must be signed in to change notification settings - Fork 223
Update admin #66
Update admin #66
Changes from all commits
c418263
9f8f9b5
35618ad
54fbbd5
4750299
63f4841
aa15cbe
c894af4
bd144bc
f646984
9946e5a
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,65 @@ | ||
/** | ||
* JBoss, Home of Professional Open Source | ||
* Copyright Red Hat, Inc., and individual contributors. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
package org.jboss.aerogear.connectivity.rest.security; | ||
|
||
import org.jboss.aerogear.connectivity.users.Developer; | ||
import org.jboss.aerogear.security.authz.IdentityManagement; | ||
import org.jboss.aerogear.security.authz.Secure; | ||
import org.picketlink.Identity; | ||
import org.picketlink.idm.IdentityManagementException; | ||
import org.picketlink.idm.IdentityManager; | ||
|
||
import javax.ejb.Stateless; | ||
import javax.inject.Inject; | ||
import javax.ws.rs.Consumes; | ||
import javax.ws.rs.POST; | ||
import javax.ws.rs.Path; | ||
import javax.ws.rs.Produces; | ||
import javax.ws.rs.core.MediaType; | ||
import javax.ws.rs.core.Response; | ||
|
||
@Stateless | ||
@Path("/admin") | ||
public class AdminEndpoint { | ||
|
||
@Inject | ||
private IdentityManagement configuration; | ||
@Inject | ||
private IdentityManager identityManager; | ||
|
||
@Inject | ||
private Identity identity; | ||
|
||
@POST | ||
@Path("/enroll") | ||
@Consumes(MediaType.APPLICATION_JSON) | ||
@Produces(MediaType.APPLICATION_JSON) | ||
@Secure("admin") | ||
public Response enroll(final Developer developer) { | ||
try { | ||
configuration.create(developer, developer.getPassword()); | ||
configuration.grant(developer.getRole()).to(developer.getLoginName()); | ||
|
||
} catch (IdentityManagementException ime) { | ||
return Response.status(Response.Status.BAD_REQUEST).entity("Credential not available").build(); | ||
} | ||
|
||
return Response.ok(developer).build(); | ||
|
||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -17,14 +17,10 @@ | |
package org.jboss.aerogear.connectivity.rest.security; | ||
|
||
import org.jboss.aerogear.connectivity.users.Developer; | ||
import org.jboss.aerogear.connectivity.users.UserRoles; | ||
import org.jboss.aerogear.security.auth.AuthenticationManager; | ||
import org.jboss.aerogear.security.authz.IdentityManagement; | ||
import org.jboss.aerogear.security.authz.Secure; | ||
import org.jboss.aerogear.security.exception.AeroGearSecurityException; | ||
import org.picketlink.idm.IdentityManagementException; | ||
import org.picketlink.idm.IdentityManager; | ||
import org.picketlink.idm.credential.Password; | ||
import org.jboss.aerogear.security.picketlink.auth.CredentialMatcher; | ||
import org.picketlink.idm.model.SimpleUser; | ||
|
||
import javax.ejb.Stateless; | ||
|
@@ -45,48 +41,17 @@ public class AuthenticationEndpoint { | |
@Inject | ||
private AuthenticationManager authenticationManager; | ||
@Inject | ||
private IdentityManagement configuration; | ||
private CredentialMatcher credential; | ||
@Inject | ||
private IdentityManager identityManager; | ||
|
||
private static final String DEFAULT_PASSWORD = "123"; | ||
|
||
@POST | ||
@Path("/enroll") | ||
@Consumes(MediaType.APPLICATION_JSON) | ||
@Produces(MediaType.APPLICATION_JSON) | ||
@Secure("admin") | ||
public Response enroll(final Developer developer) { | ||
// creating a user and granting rights: | ||
try { | ||
configuration.create(developer, developer.getPassword()); | ||
configuration.grant("developer").to(developer.getLoginName()); | ||
|
||
} catch (IdentityManagementException ime) { | ||
return Response.status(Status.BAD_REQUEST).entity("username not available").build(); | ||
} | ||
|
||
return Response.ok(developer).build(); | ||
|
||
} | ||
private IdentityManagement configuration; | ||
|
||
@POST | ||
@Path("/login") | ||
@Consumes(MediaType.APPLICATION_JSON) | ||
@Produces(MediaType.APPLICATION_JSON) | ||
public Response login(final Developer developer) { | ||
|
||
try { | ||
authenticationManager.login(developer, developer.getPassword()); | ||
} catch (AeroGearSecurityException agse) { | ||
return Response.status(Status.UNAUTHORIZED).build(); | ||
} | ||
|
||
// See if the password is still the default. If it is we need them to change it | ||
// Only Temporary until we get scripts in. see https://issues.jboss.org/browse/AGPUSH-107 | ||
if(developer.getPassword().equals(DEFAULT_PASSWORD)) { | ||
return Response.status(Status.FORBIDDEN).build(); | ||
} | ||
authenticationManager.login(developer, developer.getPassword()); | ||
|
||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I think we added the But for a cleaner user management, I do agree that the Looks like @lholmquist needs to update some JS config :-) There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @matzew I can do it if we are in agreement, np at all I will wait for the feedback from @lholmquist too There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. since i haven't written any code to "enroll" anyone yet, i think we can change this ;) i just wanted it to be consistent with the client libs |
||
return Response.ok().build(); | ||
} | ||
|
@@ -102,28 +67,13 @@ public Response logout() { | |
return Response.ok().build(); | ||
} | ||
|
||
// Temporary. see https://issues.jboss.org/browse/AGPUSH-107 | ||
@PUT | ||
@Path("/update") | ||
@Secure("user") | ||
public Response updateUserPasswordAndRole(final Developer developer){ | ||
|
||
//Check to make sure that the user doesn't just re-enter the default password again | ||
if( developer.getPassword().equals(DEFAULT_PASSWORD) ) { | ||
return Response.status(Status.FORBIDDEN).build(); | ||
} | ||
public Response updateUserPasswordAndRole(final Developer developer) { | ||
|
||
SimpleUser user = (SimpleUser)this.configuration.findByUsername(developer.getLoginName()); | ||
this.identityManager.updateCredential(user, new Password(developer.getPassword())); | ||
SimpleUser simpleUser = (SimpleUser) configuration.findByUsername(developer.getLoginName()); | ||
configuration.reset(simpleUser, developer.getPassword(), developer.getNewPassword()); | ||
|
||
//Update the role so they can access all "developer" endpoints | ||
this.configuration.grant(UserRoles.DEVELOPER.getRoleName()).to(user.getLoginName()); | ||
|
||
// remove the temporary "user" role since they no longer need it | ||
// This will then make this endpoint unreachable, which is better for security | ||
// with this temporary fix | ||
this.identityManager.revokeRole(user, this.identityManager.getRole(UserRoles.USER.getRoleName())); | ||
return Response.ok().build(); | ||
} | ||
|
||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
license header