diff --git a/apollo-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/AppController.java b/apollo-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/AppController.java index 9f389903b88..cb07c50ca95 100644 --- a/apollo-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/AppController.java +++ b/apollo-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/AppController.java @@ -6,6 +6,7 @@ import org.springframework.data.domain.Pageable; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; +import org.springframework.security.core.userdetails.UserDetails; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; @@ -16,6 +17,7 @@ import com.ctrip.apollo.biz.entity.App; import com.ctrip.apollo.biz.service.AdminService; import com.ctrip.apollo.biz.service.AppService; +import com.ctrip.apollo.common.controller.ActiveUser; import com.ctrip.apollo.common.utils.BeanUtils; import com.ctrip.apollo.core.dto.AppDTO; import com.ctrip.apollo.core.exception.NotFoundException; @@ -30,18 +32,19 @@ public class AppController { private AdminService adminService; @RequestMapping(path = "/apps", method = RequestMethod.POST) - public ResponseEntity create(@RequestBody AppDTO dto) { + public ResponseEntity create(@RequestBody AppDTO dto, @ActiveUser UserDetails user) { App entity = BeanUtils.transfrom(App.class, dto); + entity.setDataChangeCreatedBy(user.getUsername()); entity = adminService.createNewApp(entity); dto = BeanUtils.transfrom(AppDTO.class, entity); return ResponseEntity.status(HttpStatus.CREATED).body(dto); } @RequestMapping(path = "/apps/{appId}", method = RequestMethod.DELETE) - public void delete(@PathVariable("appId") String appId) { + public void delete(@PathVariable("appId") String appId, @ActiveUser UserDetails user) { App entity = appService.findOne(appId); if (entity == null) throw new NotFoundException("app not found for appId " + appId); - appService.delete(entity.getId(), "who"); + appService.delete(entity.getId(), user.getUsername()); } @RequestMapping("/apps") @@ -64,13 +67,15 @@ public AppDTO get(@PathVariable("appId") String appId) { } @RequestMapping(path = "/apps/{appId}", method = RequestMethod.PUT) - public AppDTO update(@PathVariable("appId") String appId, @RequestBody AppDTO dto) { + public AppDTO update(@PathVariable("appId") String appId, @RequestBody AppDTO dto, + @ActiveUser UserDetails user) { if (!appId.equals(dto.getAppId())) { throw new IllegalArgumentException(String .format("Path variable %s is not equals to object field %s", appId, dto.getAppId())); } App entity = appService.findOne(appId); if (entity == null) throw new NotFoundException("app not found for appId " + appId); + entity.setDataChangeLastModifiedBy(user.getUsername()); entity = appService.update(BeanUtils.transfrom(App.class, dto)); return BeanUtils.transfrom(AppDTO.class, entity); } diff --git a/apollo-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/ClusterController.java b/apollo-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/ClusterController.java index 389972b0c71..c18ac2c551f 100644 --- a/apollo-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/ClusterController.java +++ b/apollo-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/ClusterController.java @@ -5,6 +5,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; +import org.springframework.security.core.userdetails.UserDetails; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; @@ -14,6 +15,7 @@ import com.ctrip.apollo.biz.entity.Cluster; import com.ctrip.apollo.biz.service.ClusterService; import com.ctrip.apollo.biz.service.ViewService; +import com.ctrip.apollo.common.controller.ActiveUser; import com.ctrip.apollo.common.utils.BeanUtils; import com.ctrip.apollo.core.dto.ClusterDTO; import com.ctrip.apollo.core.exception.NotFoundException; @@ -29,8 +31,9 @@ public class ClusterController { @RequestMapping(path = "/apps/{appId}/clusters", method = RequestMethod.POST) public ResponseEntity create(@PathVariable("appId") String appId, - @RequestBody ClusterDTO dto) { + @RequestBody ClusterDTO dto, @ActiveUser UserDetails user) { Cluster entity = BeanUtils.transfrom(Cluster.class, dto); + entity.setDataChangeCreatedBy(user.getUsername()); entity = clusterService.save(entity); dto = BeanUtils.transfrom(ClusterDTO.class, entity); return ResponseEntity.status(HttpStatus.CREATED).body(dto); @@ -38,11 +41,11 @@ public ResponseEntity create(@PathVariable("appId") String appId, @RequestMapping(path = "/apps/{appId}/clusters/{clusterName}", method = RequestMethod.DELETE) public void delete(@PathVariable("appId") String appId, - @PathVariable("clusterName") String clusterName) { + @PathVariable("clusterName") String clusterName, @ActiveUser UserDetails user) { Cluster entity = clusterService.findOne(appId, clusterName); if (entity == null) throw new NotFoundException("cluster not found for clusterName " + clusterName); - clusterService.delete(entity.getId(), "who"); + clusterService.delete(entity.getId(), user.getUsername()); } @RequestMapping("/apps/{appId}/clusters") @@ -55,18 +58,21 @@ public List find(@PathVariable("appId") String appId) { public ClusterDTO get(@PathVariable("appId") String appId, @PathVariable("clusterName") String clusterName) { Cluster cluster = clusterService.findOne(appId, clusterName); + if (cluster == null) throw new NotFoundException("cluster not found for name " + clusterName); return BeanUtils.transfrom(ClusterDTO.class, cluster); } @RequestMapping(path = "/apps/{appId}/clusters/{clusterName}", method = RequestMethod.PUT) public ClusterDTO update(@PathVariable("appId") String appId, - @PathVariable("clusterName") String clusterName, @RequestBody ClusterDTO dto) { + @PathVariable("clusterName") String clusterName, @RequestBody ClusterDTO dto, + @ActiveUser UserDetails user) { if (!clusterName.equals(dto.getName())) { throw new IllegalArgumentException(String .format("Path variable %s is not equals to object field %s", clusterName, dto.getName())); } Cluster entity = clusterService.findOne(appId, clusterName); if (entity == null) throw new NotFoundException("cluster not found for name " + clusterName); + entity.setDataChangeLastModifiedBy(user.getUsername()); entity = clusterService.update(BeanUtils.transfrom(Cluster.class, dto)); return BeanUtils.transfrom(ClusterDTO.class, entity); } diff --git a/apollo-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/ItemController.java b/apollo-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/ItemController.java index c14c92536b5..d76f477503b 100644 --- a/apollo-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/ItemController.java +++ b/apollo-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/ItemController.java @@ -5,6 +5,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; +import org.springframework.security.core.userdetails.UserDetails; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; @@ -14,6 +15,7 @@ import com.ctrip.apollo.biz.entity.Item; import com.ctrip.apollo.biz.service.ItemService; import com.ctrip.apollo.biz.service.ViewService; +import com.ctrip.apollo.common.controller.ActiveUser; import com.ctrip.apollo.common.utils.BeanUtils; import com.ctrip.apollo.core.dto.ItemDTO; import com.ctrip.apollo.core.exception.NotFoundException; @@ -28,18 +30,19 @@ public class ItemController { private ItemService itemService; @RequestMapping(path = "/items/", method = RequestMethod.POST) - public ResponseEntity create(@RequestBody ItemDTO dto) { + public ResponseEntity create(@RequestBody ItemDTO dto, @ActiveUser UserDetails user) { Item entity = BeanUtils.transfrom(Item.class, dto); + entity.setDataChangeCreatedBy(user.getUsername()); entity = itemService.save(entity); dto = BeanUtils.transfrom(ItemDTO.class, entity); return ResponseEntity.status(HttpStatus.CREATED).body(dto); } @RequestMapping(path = "/items/{itemId}", method = RequestMethod.DELETE) - public void delete(@PathVariable("itemId") long itemId) { + public void delete(@PathVariable("itemId") long itemId, @ActiveUser UserDetails user) { Item entity = itemService.findOne(itemId); if (entity == null) throw new NotFoundException("item not found for itemId " + itemId); - itemService.delete(entity.getId(), "who"); + itemService.delete(entity.getId(), user.getUsername()); } @RequestMapping("/apps/{appId}/clusters/{clusterName}/namespaces/{namespaceName}/items") @@ -53,13 +56,16 @@ public List findItems(@PathVariable("appId") String appId, @RequestMapping("/items/{itemId}") public ItemDTO get(@PathVariable("itemId") long itemId) { Item item = itemService.findOne(itemId); + if (item == null) throw new NotFoundException("item not found for itemId " + itemId); return BeanUtils.transfrom(ItemDTO.class, item); } @RequestMapping(path = "/item/{itemId}", method = RequestMethod.PUT) - public ItemDTO update(@PathVariable("itemId") long itemId, @RequestBody ItemDTO dto) { + public ItemDTO update(@PathVariable("itemId") long itemId, @RequestBody ItemDTO dto, + @ActiveUser UserDetails user) { Item entity = itemService.findOne(itemId); if (entity == null) throw new NotFoundException("item not found for itemId " + itemId); + entity.setDataChangeLastModifiedBy(user.getUsername()); entity = itemService.update(BeanUtils.transfrom(Item.class, dto)); return BeanUtils.transfrom(ItemDTO.class, entity); } diff --git a/apollo-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/ItemSetController.java b/apollo-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/ItemSetController.java index a55eb3d868a..b5bf67efe47 100644 --- a/apollo-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/ItemSetController.java +++ b/apollo-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/ItemSetController.java @@ -3,12 +3,14 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; +import org.springframework.security.core.userdetails.UserDetails; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RestController; import com.ctrip.apollo.biz.service.ItemSetService; +import com.ctrip.apollo.common.controller.ActiveUser; import com.ctrip.apollo.core.dto.ItemChangeSets; @RestController @@ -18,8 +20,8 @@ public class ItemSetController { private ItemSetService itemSetService; @RequestMapping(path = "/apps/{appId}/clusters/{clusterName}/namespaces/{namespaceName}/itemset", method = RequestMethod.POST) - public ResponseEntity create(@RequestBody ItemChangeSets changeSet) { - itemSetService.updateSet(changeSet); + public ResponseEntity create(@RequestBody ItemChangeSets changeSet, @ActiveUser UserDetails user) { + itemSetService.updateSet(changeSet, user.getUsername()); return ResponseEntity.status(HttpStatus.OK).build(); } } diff --git a/apollo-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/NamespaceController.java b/apollo-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/NamespaceController.java index 87cf5268a1c..7fc5d0ffd51 100644 --- a/apollo-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/NamespaceController.java +++ b/apollo-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/NamespaceController.java @@ -5,6 +5,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; +import org.springframework.security.core.userdetails.UserDetails; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; @@ -14,6 +15,7 @@ import com.ctrip.apollo.biz.entity.Namespace; import com.ctrip.apollo.biz.service.NamespaceService; import com.ctrip.apollo.biz.service.ViewService; +import com.ctrip.apollo.common.controller.ActiveUser; import com.ctrip.apollo.common.utils.BeanUtils; import com.ctrip.apollo.core.dto.NamespaceDTO; import com.ctrip.apollo.core.exception.NotFoundException; @@ -29,7 +31,8 @@ public class NamespaceController { @RequestMapping(path = "/apps/{appId}/clusters/{clusterName}/namespaces", method = RequestMethod.POST) public ResponseEntity create(@PathVariable("appId") String appId, - @PathVariable("clusterName") String clusterName, @RequestBody NamespaceDTO dto) { + @PathVariable("clusterName") String clusterName, @RequestBody NamespaceDTO dto, + @ActiveUser UserDetails user) { if (!appId.equals(dto.getAppId())) { throw new IllegalArgumentException(String .format("Path variable %s is not equals to object field %s", appId, dto.getAppId())); @@ -39,6 +42,7 @@ public ResponseEntity create(@PathVariable("appId") String appId, "Path variable %s is not equals to object field %s", clusterName, dto.getClusterName())); } Namespace entity = BeanUtils.transfrom(Namespace.class, dto); + entity.setDataChangeCreatedBy(user.getUsername()); entity = namespaceService.save(entity); dto = BeanUtils.transfrom(NamespaceDTO.class, entity); return ResponseEntity.status(HttpStatus.CREATED).body(dto); @@ -47,11 +51,11 @@ public ResponseEntity create(@PathVariable("appId") String appId, @RequestMapping(path = "/apps/{appId}/clusters/{clusterName}/namespaces/{namespaceName}", method = RequestMethod.DELETE) public void delete(@PathVariable("appId") String appId, @PathVariable("clusterName") String clusterName, - @PathVariable("namespaceName") String namespaceName) { + @PathVariable("namespaceName") String namespaceName, @ActiveUser UserDetails user) { Namespace entity = namespaceService.findOne(appId, clusterName, namespaceName); if (entity == null) throw new NotFoundException( String.format("namespace not found for %s %s %s", appId, clusterName, namespaceName)); - namespaceService.delete(entity.getId(), "who"); + namespaceService.delete(entity.getId(), user.getUsername()); } @RequestMapping("/apps/{appId}/clusters/{clusterName}/namespaces") @@ -82,7 +86,8 @@ public NamespaceDTO get(@PathVariable("appId") String appId, @RequestMapping(path = "/apps/{appId}/clusters/{clusterName}/namespaces/{namespaceName}", method = RequestMethod.PUT) public NamespaceDTO update(@PathVariable("appId") String appId, @PathVariable("clusterName") String clusterName, - @PathVariable("namespaceName") String namespaceName, @RequestBody NamespaceDTO dto) { + @PathVariable("namespaceName") String namespaceName, @RequestBody NamespaceDTO dto, + @ActiveUser UserDetails user) { if (!appId.equals(dto.getAppId())) { throw new IllegalArgumentException(String .format("Path variable %s is not equals to object field %s", appId, dto.getAppId())); @@ -99,6 +104,7 @@ public NamespaceDTO update(@PathVariable("appId") String appId, Namespace entity = namespaceService.findOne(appId, clusterName, namespaceName); if (entity == null) throw new NotFoundException( String.format("namespace not found for %s %s %s", appId, clusterName, namespaceName)); + entity.setDataChangeLastModifiedBy(user.getUsername()); entity = namespaceService.update(BeanUtils.transfrom(Namespace.class, dto)); return BeanUtils.transfrom(NamespaceDTO.class, entity); } diff --git a/apollo-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/ReleaseController.java b/apollo-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/ReleaseController.java index 723086f25ed..d72b10b6247 100644 --- a/apollo-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/ReleaseController.java +++ b/apollo-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/ReleaseController.java @@ -3,6 +3,7 @@ import java.util.List; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.core.userdetails.UserDetails; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; @@ -13,6 +14,7 @@ import com.ctrip.apollo.biz.service.ConfigService; import com.ctrip.apollo.biz.service.ReleaseService; import com.ctrip.apollo.biz.service.ViewService; +import com.ctrip.apollo.common.controller.ActiveUser; import com.ctrip.apollo.common.utils.BeanUtils; import com.ctrip.apollo.core.dto.ReleaseDTO; import com.ctrip.apollo.core.exception.NotFoundException; @@ -47,12 +49,12 @@ public List find(@PathVariable("appId") String appId, @RequestMapping("/apps/{appId}/clusters/{clusterName}/namespaces/{namespaceName}/releases/latest") public ReleaseDTO getLatest(@PathVariable("appId") String appId, - @PathVariable("clusterName") String clusterName, - @PathVariable("namespaceName") String namespaceName) { + @PathVariable("clusterName") String clusterName, + @PathVariable("namespaceName") String namespaceName) { Release release = configService.findRelease(appId, clusterName, namespaceName); if (release == null) { - throw new NotFoundException( - String.format("latest release not found for %s %s %s", appId, clusterName, namespaceName)); + throw new NotFoundException(String.format("latest release not found for %s %s %s", appId, + clusterName, namespaceName)); } else { return BeanUtils.transfrom(ReleaseDTO.class, release); } @@ -62,8 +64,10 @@ public ReleaseDTO getLatest(@PathVariable("appId") String appId, public ReleaseDTO buildRelease(@PathVariable("appId") String appId, @PathVariable("clusterName") String clusterName, @PathVariable("namespaceName") String namespaceName, @RequestParam("name") String name, - @RequestParam(name = "comment", required = false) String comment) { - Release release = releaseService.buildRelease(name, comment, appId, clusterName, namespaceName, "who"); + @RequestParam(name = "comment", required = false) String comment, + @ActiveUser UserDetails user) { + Release release = releaseService.buildRelease(name, comment, appId, clusterName, namespaceName, + user.getUsername()); return BeanUtils.transfrom(ReleaseDTO.class, release); } } diff --git a/apollo-adminservice/src/test/java/com/ctrip/apollo/adminservice/controller/AbstractControllerTest.java b/apollo-adminservice/src/test/java/com/ctrip/apollo/adminservice/controller/AbstractControllerTest.java index e5a8e4f312b..42431826030 100644 --- a/apollo-adminservice/src/test/java/com/ctrip/apollo/adminservice/controller/AbstractControllerTest.java +++ b/apollo-adminservice/src/test/java/com/ctrip/apollo/adminservice/controller/AbstractControllerTest.java @@ -15,7 +15,7 @@ @WebIntegrationTest(randomPort = true) public abstract class AbstractControllerTest { - RestTemplate restTemplate = new TestRestTemplate(); + RestTemplate restTemplate = new TestRestTemplate("user", ""); @Value("${local.server.port}") int port; diff --git a/apollo-adminservice/src/test/java/com/ctrip/apollo/adminservice/controller/ItemSetControllerTest.java b/apollo-adminservice/src/test/java/com/ctrip/apollo/adminservice/controller/ItemSetControllerTest.java index 5c3e956ec0c..c93cfa225c5 100644 --- a/apollo-adminservice/src/test/java/com/ctrip/apollo/adminservice/controller/ItemSetControllerTest.java +++ b/apollo-adminservice/src/test/java/com/ctrip/apollo/adminservice/controller/ItemSetControllerTest.java @@ -5,6 +5,7 @@ import org.junit.Assert; import org.junit.Test; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.TestRestTemplate; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.test.context.jdbc.Sql; @@ -44,7 +45,7 @@ public void testItemSetCreated() { Assert.assertEquals("application", namespace.getNamespaceName()); ItemChangeSets itemSet = new ItemChangeSets(); - itemSet.setModifyBy("created"); + restTemplate = new TestRestTemplate("created", ""); int createdSize = 3; for (int i = 0; i < createdSize; i++) { @@ -91,8 +92,8 @@ public void testItemSetUpdated() { Assert.assertEquals("application", namespace.getNamespaceName()); ItemChangeSets createChangeSet = new ItemChangeSets(); - createChangeSet.setModifyBy("created"); - + restTemplate = new TestRestTemplate("created", ""); + int createdSize = 3; for (int i = 0; i < createdSize; i++) { ItemDTO item = new ItemDTO(); @@ -115,8 +116,8 @@ public void testItemSetUpdated() { ItemDTO[].class); ItemChangeSets udpateChangeSet = new ItemChangeSets(); - udpateChangeSet.setModifyBy("updated"); - + restTemplate = new TestRestTemplate("updated", ""); + int updatedSize = 2; for (int i = 0; i < updatedSize; i++) { items[i].setValue("updated_value_" + i); @@ -160,8 +161,8 @@ public void testItemSetDeleted() { Assert.assertEquals("application", namespace.getNamespaceName()); ItemChangeSets createChangeSet = new ItemChangeSets(); - createChangeSet.setModifyBy("created"); - + restTemplate = new TestRestTemplate("created", ""); + int createdSize = 3; for (int i = 0; i < createdSize; i++) { ItemDTO item = new ItemDTO(); @@ -184,8 +185,8 @@ public void testItemSetDeleted() { ItemDTO[].class); ItemChangeSets deleteChangeSet = new ItemChangeSets(); - deleteChangeSet.setModifyBy("deleted"); - + restTemplate = new TestRestTemplate("deleted", ""); + int deletedSize = 1; for (int i = 0; i < deletedSize; i++) { items[i].setValue("deleted_value_" + i); diff --git a/apollo-adminservice/src/test/java/com/ctrip/apollo/adminservice/controller/TestWebSecurityConfig.java b/apollo-adminservice/src/test/java/com/ctrip/apollo/adminservice/controller/TestWebSecurityConfig.java new file mode 100644 index 00000000000..7654901cc3e --- /dev/null +++ b/apollo-adminservice/src/test/java/com/ctrip/apollo/adminservice/controller/TestWebSecurityConfig.java @@ -0,0 +1,28 @@ +package com.ctrip.apollo.adminservice.controller; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Configuration; +import org.springframework.core.annotation.Order; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; + +@Configuration +@Order(99) +public class TestWebSecurityConfig extends WebSecurityConfigurerAdapter { + + @Override + protected void configure(HttpSecurity http) throws Exception { + http.httpBasic(); + http.csrf().disable(); + } + + @Autowired + public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { + auth.inMemoryAuthentication().withUser("user").password("").roles("USER"); + auth.inMemoryAuthentication().withUser("apollo").password("").roles("USER", "ADMIN"); + auth.inMemoryAuthentication().withUser("created").password("").roles("TEST"); + auth.inMemoryAuthentication().withUser("updated").password("").roles("TEST"); + auth.inMemoryAuthentication().withUser("deleted").password("").roles("TEST"); + } +} diff --git a/apollo-biz/src/main/java/com/ctrip/apollo/biz/service/ItemSetService.java b/apollo-biz/src/main/java/com/ctrip/apollo/biz/service/ItemSetService.java index b3ada646569..ab287be2c12 100644 --- a/apollo-biz/src/main/java/com/ctrip/apollo/biz/service/ItemSetService.java +++ b/apollo-biz/src/main/java/com/ctrip/apollo/biz/service/ItemSetService.java @@ -21,15 +21,15 @@ public class ItemSetService { private AuditService auditService; @Transactional - public void updateSet(ItemChangeSets changeSet) { + public void updateSet(ItemChangeSets changeSet, String owner) { if (changeSet.getCreateItems() != null) { for (ItemDTO item : changeSet.getCreateItems()) { Item entity = BeanUtils.transfrom(Item.class, item); - entity.setDataChangeCreatedBy(changeSet.getModifyBy()); - entity.setDataChangeLastModifiedBy(changeSet.getModifyBy()); + entity.setDataChangeCreatedBy(owner); + entity.setDataChangeLastModifiedBy(owner); itemRepository.save(entity); } - auditService.audit("ItemSet", null, Audit.OP.INSERT, changeSet.getModifyBy()); + auditService.audit("ItemSet", null, Audit.OP.INSERT, owner); } if (changeSet.getUpdateItems() != null) { @@ -37,20 +37,20 @@ public void updateSet(ItemChangeSets changeSet) { Item entity = BeanUtils.transfrom(Item.class, item); Item managedItem = itemRepository.findOne(entity.getId()); BeanUtils.copyEntityProperties(entity, managedItem); - managedItem.setDataChangeLastModifiedBy(changeSet.getModifyBy()); + managedItem.setDataChangeLastModifiedBy(owner); itemRepository.save(managedItem); } - auditService.audit("ItemSet", null, Audit.OP.UPDATE, changeSet.getModifyBy()); + auditService.audit("ItemSet", null, Audit.OP.UPDATE, owner); } if (changeSet.getDeleteItems() != null) { for (ItemDTO item : changeSet.getDeleteItems()) { Item entity = BeanUtils.transfrom(Item.class, item); - entity.setDataChangeLastModifiedBy(changeSet.getModifyBy()); + entity.setDataChangeLastModifiedBy(owner); itemRepository.save(entity); itemRepository.delete(item.getId()); } - auditService.audit("ItemSet", null, Audit.OP.DELETE, changeSet.getModifyBy()); + auditService.audit("ItemSet", null, Audit.OP.DELETE, owner); } } } diff --git a/apollo-biz/src/test/java/com/ctrip/apollo/biz/service/AdminServiceTest.java b/apollo-biz/src/test/java/com/ctrip/apollo/biz/service/AdminServiceTest.java index fe1ad6c78a4..38aa7aa3a4c 100644 --- a/apollo-biz/src/test/java/com/ctrip/apollo/biz/service/AdminServiceTest.java +++ b/apollo-biz/src/test/java/com/ctrip/apollo/biz/service/AdminServiceTest.java @@ -59,9 +59,6 @@ public void testCreateNewApp() { List audits = auditService.findByOwner(owner); Assert.assertEquals(4, audits.size()); - for(Audit audit : audits){ - System.out.println(audit); - } } } diff --git a/apollo-common/pom.xml b/apollo-common/pom.xml index 72de4c65d90..d87a2121478 100644 --- a/apollo-common/pom.xml +++ b/apollo-common/pom.xml @@ -22,6 +22,10 @@ org.springframework.boot spring-boot-starter-web + + org.springframework.boot + spring-boot-starter-security + org.springframework.boot spring-boot-starter-actuator diff --git a/apollo-common/src/main/java/com/ctrip/apollo/common/controller/ActiveUser.java b/apollo-common/src/main/java/com/ctrip/apollo/common/controller/ActiveUser.java new file mode 100644 index 00000000000..2afeded5e25 --- /dev/null +++ b/apollo-common/src/main/java/com/ctrip/apollo/common/controller/ActiveUser.java @@ -0,0 +1,17 @@ +package com.ctrip.apollo.common.controller; + +import java.lang.annotation.Documented; +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; + +import org.springframework.security.core.annotation.AuthenticationPrincipal; + +@Target({ElementType.PARAMETER, ElementType.TYPE}) +@Retention(RetentionPolicy.RUNTIME) +@Documented +@AuthenticationPrincipal +public @interface ActiveUser { + +} diff --git a/apollo-common/src/main/java/com/ctrip/apollo/common/controller/WebMvcConfig.java b/apollo-common/src/main/java/com/ctrip/apollo/common/controller/WebMvcConfig.java index 08cf32339d7..dbeb437e0cc 100644 --- a/apollo-common/src/main/java/com/ctrip/apollo/common/controller/WebMvcConfig.java +++ b/apollo-common/src/main/java/com/ctrip/apollo/common/controller/WebMvcConfig.java @@ -15,11 +15,11 @@ public class WebMvcConfig extends WebMvcConfigurerAdapter { @Override public void addArgumentResolvers(List argumentResolvers) { + PageableHandlerMethodArgumentResolver pageResolver = + new PageableHandlerMethodArgumentResolver(); + pageResolver.setFallbackPageable(new PageRequest(0, 10)); - PageableHandlerMethodArgumentResolver resolver = new PageableHandlerMethodArgumentResolver(); - resolver.setFallbackPageable(new PageRequest(0, 10)); - - argumentResolvers.add(resolver); + argumentResolvers.add(pageResolver); } @Override diff --git a/apollo-common/src/main/java/com/ctrip/apollo/common/controller/WebSecurityConfig.java b/apollo-common/src/main/java/com/ctrip/apollo/common/controller/WebSecurityConfig.java new file mode 100644 index 00000000000..6fa24378805 --- /dev/null +++ b/apollo-common/src/main/java/com/ctrip/apollo/common/controller/WebSecurityConfig.java @@ -0,0 +1,25 @@ +package com.ctrip.apollo.common.controller; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; + +@Configuration +@EnableWebSecurity +public class WebSecurityConfig extends WebSecurityConfigurerAdapter { + + @Override + protected void configure(HttpSecurity http) throws Exception { + http.httpBasic(); + http.csrf().disable(); + } + + @Autowired + public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { + auth.inMemoryAuthentication().withUser("user").password("").roles("USER").and() + .withUser("apollo").password("").roles("USER", "ADMIN"); + } +} diff --git a/apollo-core/src/main/java/com/ctrip/apollo/core/dto/ItemChangeSets.java b/apollo-core/src/main/java/com/ctrip/apollo/core/dto/ItemChangeSets.java index ebcbcfd130b..5935eeab176 100644 --- a/apollo-core/src/main/java/com/ctrip/apollo/core/dto/ItemChangeSets.java +++ b/apollo-core/src/main/java/com/ctrip/apollo/core/dto/ItemChangeSets.java @@ -8,7 +8,6 @@ */ public class ItemChangeSets { - private String modifyBy; private List createItems = new LinkedList<>(); private List updateItems = new LinkedList<>(); private List deleteItems = new LinkedList<>(); @@ -49,12 +48,4 @@ public void setDeleteItems(List deleteItems) { this.deleteItems = deleteItems; } - public String getModifyBy() { - return modifyBy; - } - - public void setModifyBy(String modifyBy) { - this.modifyBy = modifyBy; - } - } diff --git a/apollo-portal/src/main/java/com/ctrip/apollo/portal/service/ConfigService.java b/apollo-portal/src/main/java/com/ctrip/apollo/portal/service/ConfigService.java index 8e1a0a9c526..72edbfdfa41 100644 --- a/apollo-portal/src/main/java/com/ctrip/apollo/portal/service/ConfigService.java +++ b/apollo-portal/src/main/java/com/ctrip/apollo/portal/service/ConfigService.java @@ -147,7 +147,6 @@ public void updateConfigItemByText(NamespaceTextModel model) { ItemChangeSets changeSets = resolver.resolve(namespaceId, configText, itemAPI.findItems(appId, env, clusterName, namespaceName)); try { - changeSets.setModifyBy(model.getModifyBy()); enrichChangeSetBaseInfo(changeSets); itemAPI.updateItems(appId, env, clusterName, namespaceName, changeSets); } catch (Exception e) {