Integrate Spring Security

apolloconfig · Apr 18, 2016 · 43653a6 · 43653a6
1 parent ab54e42
commit 43653a6
Show file tree

Hide file tree

Showing 17 changed files with 150 additions and 59 deletions.
diff --git a/...lo-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/AppController.java b/...lo-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/AppController.java
@@ -6,6 +6,7 @@
 import org.springframework.data.domain.Pageable;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -16,6 +17,7 @@
 import com.ctrip.apollo.biz.entity.App;
 import com.ctrip.apollo.biz.service.AdminService;
 import com.ctrip.apollo.biz.service.AppService;
+import com.ctrip.apollo.common.controller.ActiveUser;
 import com.ctrip.apollo.common.utils.BeanUtils;
 import com.ctrip.apollo.core.dto.AppDTO;
 import com.ctrip.apollo.core.exception.NotFoundException;
@@ -30,18 +32,19 @@ public class AppController {
   private AdminService adminService;
 
   @RequestMapping(path = "/apps", method = RequestMethod.POST)
-  public ResponseEntity<AppDTO> create(@RequestBody AppDTO dto) {
+  public ResponseEntity<AppDTO> create(@RequestBody AppDTO dto, @ActiveUser UserDetails user) {
     App entity = BeanUtils.transfrom(App.class, dto);
+    entity.setDataChangeCreatedBy(user.getUsername());
     entity = adminService.createNewApp(entity);
     dto = BeanUtils.transfrom(AppDTO.class, entity);
     return ResponseEntity.status(HttpStatus.CREATED).body(dto);
   }
 
   @RequestMapping(path = "/apps/{appId}", method = RequestMethod.DELETE)
-  public void delete(@PathVariable("appId") String appId) {
+  public void delete(@PathVariable("appId") String appId, @ActiveUser UserDetails user) {
     App entity = appService.findOne(appId);
     if (entity == null) throw new NotFoundException("app not found for appId " + appId);
-    appService.delete(entity.getId(), "who");
+    appService.delete(entity.getId(), user.getUsername());
   }
 
   @RequestMapping("/apps")
@@ -64,13 +67,15 @@ public AppDTO get(@PathVariable("appId") String appId) {
   }
 
   @RequestMapping(path = "/apps/{appId}", method = RequestMethod.PUT)
-  public AppDTO update(@PathVariable("appId") String appId, @RequestBody AppDTO dto) {
+  public AppDTO update(@PathVariable("appId") String appId, @RequestBody AppDTO dto,
+      @ActiveUser UserDetails user) {
     if (!appId.equals(dto.getAppId())) {
       throw new IllegalArgumentException(String
           .format("Path variable %s is not equals to object field %s", appId, dto.getAppId()));
     }
     App entity = appService.findOne(appId);
     if (entity == null) throw new NotFoundException("app not found for appId " + appId);
+    entity.setDataChangeLastModifiedBy(user.getUsername());
     entity = appService.update(BeanUtils.transfrom(App.class, dto));
     return BeanUtils.transfrom(AppDTO.class, entity);
   }

diff --git a/...dminservice/src/main/java/com/ctrip/apollo/adminservice/controller/ClusterController.java b/...dminservice/src/main/java/com/ctrip/apollo/adminservice/controller/ClusterController.java
@@ -5,6 +5,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -14,6 +15,7 @@
 import com.ctrip.apollo.biz.entity.Cluster;
 import com.ctrip.apollo.biz.service.ClusterService;
 import com.ctrip.apollo.biz.service.ViewService;
+import com.ctrip.apollo.common.controller.ActiveUser;
 import com.ctrip.apollo.common.utils.BeanUtils;
 import com.ctrip.apollo.core.dto.ClusterDTO;
 import com.ctrip.apollo.core.exception.NotFoundException;
@@ -29,20 +31,21 @@ public class ClusterController {
 
   @RequestMapping(path = "/apps/{appId}/clusters", method = RequestMethod.POST)
   public ResponseEntity<ClusterDTO> create(@PathVariable("appId") String appId,
-      @RequestBody ClusterDTO dto) {
+      @RequestBody ClusterDTO dto, @ActiveUser UserDetails user) {
     Cluster entity = BeanUtils.transfrom(Cluster.class, dto);
+    entity.setDataChangeCreatedBy(user.getUsername());
     entity = clusterService.save(entity);
     dto = BeanUtils.transfrom(ClusterDTO.class, entity);
     return ResponseEntity.status(HttpStatus.CREATED).body(dto);
   }
 
   @RequestMapping(path = "/apps/{appId}/clusters/{clusterName}", method = RequestMethod.DELETE)
   public void delete(@PathVariable("appId") String appId,
-      @PathVariable("clusterName") String clusterName) {
+      @PathVariable("clusterName") String clusterName, @ActiveUser UserDetails user) {
     Cluster entity = clusterService.findOne(appId, clusterName);
     if (entity == null)
       throw new NotFoundException("cluster not found for clusterName " + clusterName);
-    clusterService.delete(entity.getId(), "who");
+    clusterService.delete(entity.getId(), user.getUsername());
   }
 
   @RequestMapping("/apps/{appId}/clusters")
@@ -55,18 +58,21 @@ public List<ClusterDTO> find(@PathVariable("appId") String appId) {
   public ClusterDTO get(@PathVariable("appId") String appId,
       @PathVariable("clusterName") String clusterName) {
     Cluster cluster = clusterService.findOne(appId, clusterName);
+    if (cluster == null) throw new NotFoundException("cluster not found for name " + clusterName);
     return BeanUtils.transfrom(ClusterDTO.class, cluster);
   }
 
   @RequestMapping(path = "/apps/{appId}/clusters/{clusterName}", method = RequestMethod.PUT)
   public ClusterDTO update(@PathVariable("appId") String appId,
-      @PathVariable("clusterName") String clusterName, @RequestBody ClusterDTO dto) {
+      @PathVariable("clusterName") String clusterName, @RequestBody ClusterDTO dto,
+      @ActiveUser UserDetails user) {
     if (!clusterName.equals(dto.getName())) {
       throw new IllegalArgumentException(String
           .format("Path variable %s is not equals to object field %s", clusterName, dto.getName()));
     }
     Cluster entity = clusterService.findOne(appId, clusterName);
     if (entity == null) throw new NotFoundException("cluster not found for name " + clusterName);
+    entity.setDataChangeLastModifiedBy(user.getUsername());
     entity = clusterService.update(BeanUtils.transfrom(Cluster.class, dto));
     return BeanUtils.transfrom(ClusterDTO.class, entity);
   }

diff --git a/...o-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/ItemController.java b/...o-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/ItemController.java
@@ -5,6 +5,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -14,6 +15,7 @@
 import com.ctrip.apollo.biz.entity.Item;
 import com.ctrip.apollo.biz.service.ItemService;
 import com.ctrip.apollo.biz.service.ViewService;
+import com.ctrip.apollo.common.controller.ActiveUser;
 import com.ctrip.apollo.common.utils.BeanUtils;
 import com.ctrip.apollo.core.dto.ItemDTO;
 import com.ctrip.apollo.core.exception.NotFoundException;
@@ -28,18 +30,19 @@ public class ItemController {
   private ItemService itemService;
 
   @RequestMapping(path = "/items/", method = RequestMethod.POST)
-  public ResponseEntity<ItemDTO> create(@RequestBody ItemDTO dto) {
+  public ResponseEntity<ItemDTO> create(@RequestBody ItemDTO dto, @ActiveUser UserDetails user) {
     Item entity = BeanUtils.transfrom(Item.class, dto);
+    entity.setDataChangeCreatedBy(user.getUsername());
     entity = itemService.save(entity);
     dto = BeanUtils.transfrom(ItemDTO.class, entity);
     return ResponseEntity.status(HttpStatus.CREATED).body(dto);
   }
 
   @RequestMapping(path = "/items/{itemId}", method = RequestMethod.DELETE)
-  public void delete(@PathVariable("itemId") long itemId) {
+  public void delete(@PathVariable("itemId") long itemId, @ActiveUser UserDetails user) {
     Item entity = itemService.findOne(itemId);
     if (entity == null) throw new NotFoundException("item not found for itemId " + itemId);
-    itemService.delete(entity.getId(), "who");
+    itemService.delete(entity.getId(), user.getUsername());
   }
 
   @RequestMapping("/apps/{appId}/clusters/{clusterName}/namespaces/{namespaceName}/items")
@@ -53,13 +56,16 @@ public List<ItemDTO> findItems(@PathVariable("appId") String appId,
   @RequestMapping("/items/{itemId}")
   public ItemDTO get(@PathVariable("itemId") long itemId) {
     Item item = itemService.findOne(itemId);
+    if (item == null) throw new NotFoundException("item not found for itemId " + itemId);
     return BeanUtils.transfrom(ItemDTO.class, item);
   }
 
   @RequestMapping(path = "/item/{itemId}", method = RequestMethod.PUT)
-  public ItemDTO update(@PathVariable("itemId") long itemId, @RequestBody ItemDTO dto) {
+  public ItemDTO update(@PathVariable("itemId") long itemId, @RequestBody ItemDTO dto,
+      @ActiveUser UserDetails user) {
     Item entity = itemService.findOne(itemId);
     if (entity == null) throw new NotFoundException("item not found for itemId " + itemId);
+    entity.setDataChangeLastModifiedBy(user.getUsername());
     entity = itemService.update(BeanUtils.transfrom(Item.class, dto));
     return BeanUtils.transfrom(ItemDTO.class, entity);
   }

diff --git a/...dminservice/src/main/java/com/ctrip/apollo/adminservice/controller/ItemSetController.java b/...dminservice/src/main/java/com/ctrip/apollo/adminservice/controller/ItemSetController.java
@@ -3,12 +3,14 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RestController;
 
 import com.ctrip.apollo.biz.service.ItemSetService;
+import com.ctrip.apollo.common.controller.ActiveUser;
 import com.ctrip.apollo.core.dto.ItemChangeSets;
 
 @RestController
@@ -18,8 +20,8 @@ public class ItemSetController {
   private ItemSetService itemSetService;
 
   @RequestMapping(path = "/apps/{appId}/clusters/{clusterName}/namespaces/{namespaceName}/itemset", method = RequestMethod.POST)
-  public ResponseEntity<Void> create(@RequestBody ItemChangeSets changeSet) {
-    itemSetService.updateSet(changeSet);
+  public ResponseEntity<Void> create(@RequestBody ItemChangeSets changeSet, @ActiveUser UserDetails user) {
+    itemSetService.updateSet(changeSet, user.getUsername());
     return ResponseEntity.status(HttpStatus.OK).build();
   }
 }
diff --git a/...inservice/src/main/java/com/ctrip/apollo/adminservice/controller/NamespaceController.java b/...inservice/src/main/java/com/ctrip/apollo/adminservice/controller/NamespaceController.java
@@ -5,6 +5,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -14,6 +15,7 @@
 import com.ctrip.apollo.biz.entity.Namespace;
 import com.ctrip.apollo.biz.service.NamespaceService;
 import com.ctrip.apollo.biz.service.ViewService;
+import com.ctrip.apollo.common.controller.ActiveUser;
 import com.ctrip.apollo.common.utils.BeanUtils;
 import com.ctrip.apollo.core.dto.NamespaceDTO;
 import com.ctrip.apollo.core.exception.NotFoundException;
@@ -29,7 +31,8 @@ public class NamespaceController {
 
   @RequestMapping(path = "/apps/{appId}/clusters/{clusterName}/namespaces", method = RequestMethod.POST)
   public ResponseEntity<NamespaceDTO> create(@PathVariable("appId") String appId,
-      @PathVariable("clusterName") String clusterName, @RequestBody NamespaceDTO dto) {
+      @PathVariable("clusterName") String clusterName, @RequestBody NamespaceDTO dto,
+      @ActiveUser UserDetails user) {
     if (!appId.equals(dto.getAppId())) {
       throw new IllegalArgumentException(String
           .format("Path variable %s is not equals to object field %s", appId, dto.getAppId()));
@@ -39,6 +42,7 @@ public ResponseEntity<NamespaceDTO> create(@PathVariable("appId") String appId,
           "Path variable %s is not equals to object field %s", clusterName, dto.getClusterName()));
     }
     Namespace entity = BeanUtils.transfrom(Namespace.class, dto);
+    entity.setDataChangeCreatedBy(user.getUsername());
     entity = namespaceService.save(entity);
     dto = BeanUtils.transfrom(NamespaceDTO.class, entity);
     return ResponseEntity.status(HttpStatus.CREATED).body(dto);
@@ -47,11 +51,11 @@ public ResponseEntity<NamespaceDTO> create(@PathVariable("appId") String appId,
   @RequestMapping(path = "/apps/{appId}/clusters/{clusterName}/namespaces/{namespaceName}", method = RequestMethod.DELETE)
   public void delete(@PathVariable("appId") String appId,
       @PathVariable("clusterName") String clusterName,
-      @PathVariable("namespaceName") String namespaceName) {
+      @PathVariable("namespaceName") String namespaceName, @ActiveUser UserDetails user) {
     Namespace entity = namespaceService.findOne(appId, clusterName, namespaceName);
     if (entity == null) throw new NotFoundException(
         String.format("namespace not found for %s %s %s", appId, clusterName, namespaceName));
-    namespaceService.delete(entity.getId(), "who");
+    namespaceService.delete(entity.getId(), user.getUsername());
   }
 
   @RequestMapping("/apps/{appId}/clusters/{clusterName}/namespaces")
@@ -82,7 +86,8 @@ public NamespaceDTO get(@PathVariable("appId") String appId,
   @RequestMapping(path = "/apps/{appId}/clusters/{clusterName}/namespaces/{namespaceName}", method = RequestMethod.PUT)
   public NamespaceDTO update(@PathVariable("appId") String appId,
       @PathVariable("clusterName") String clusterName,
-      @PathVariable("namespaceName") String namespaceName, @RequestBody NamespaceDTO dto) {
+      @PathVariable("namespaceName") String namespaceName, @RequestBody NamespaceDTO dto,
+      @ActiveUser UserDetails user) {
     if (!appId.equals(dto.getAppId())) {
       throw new IllegalArgumentException(String
           .format("Path variable %s is not equals to object field %s", appId, dto.getAppId()));
@@ -99,6 +104,7 @@ public NamespaceDTO update(@PathVariable("appId") String appId,
     Namespace entity = namespaceService.findOne(appId, clusterName, namespaceName);
     if (entity == null) throw new NotFoundException(
         String.format("namespace not found for %s %s %s", appId, clusterName, namespaceName));
+    entity.setDataChangeLastModifiedBy(user.getUsername());
     entity = namespaceService.update(BeanUtils.transfrom(Namespace.class, dto));
     return BeanUtils.transfrom(NamespaceDTO.class, entity);
   }

diff --git a/...dminservice/src/main/java/com/ctrip/apollo/adminservice/controller/ReleaseController.java b/...dminservice/src/main/java/com/ctrip/apollo/adminservice/controller/ReleaseController.java
@@ -3,6 +3,7 @@
 import java.util.List;
 
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -13,6 +14,7 @@
 import com.ctrip.apollo.biz.service.ConfigService;
 import com.ctrip.apollo.biz.service.ReleaseService;
 import com.ctrip.apollo.biz.service.ViewService;
+import com.ctrip.apollo.common.controller.ActiveUser;
 import com.ctrip.apollo.common.utils.BeanUtils;
 import com.ctrip.apollo.core.dto.ReleaseDTO;
 import com.ctrip.apollo.core.exception.NotFoundException;
@@ -47,12 +49,12 @@ public List<ReleaseDTO> find(@PathVariable("appId") String appId,
 
   @RequestMapping("/apps/{appId}/clusters/{clusterName}/namespaces/{namespaceName}/releases/latest")
   public ReleaseDTO getLatest(@PathVariable("appId") String appId,
-                              @PathVariable("clusterName") String clusterName,
-                              @PathVariable("namespaceName") String namespaceName) {
+      @PathVariable("clusterName") String clusterName,
+      @PathVariable("namespaceName") String namespaceName) {
     Release release = configService.findRelease(appId, clusterName, namespaceName);
     if (release == null) {
-      throw new NotFoundException(
-          String.format("latest release not found for %s %s %s", appId, clusterName, namespaceName));
+      throw new NotFoundException(String.format("latest release not found for %s %s %s", appId,
+          clusterName, namespaceName));
     } else {
       return BeanUtils.transfrom(ReleaseDTO.class, release);
     }
@@ -62,8 +64,10 @@ public ReleaseDTO getLatest(@PathVariable("appId") String appId,
   public ReleaseDTO buildRelease(@PathVariable("appId") String appId,
       @PathVariable("clusterName") String clusterName,
       @PathVariable("namespaceName") String namespaceName, @RequestParam("name") String name,
-      @RequestParam(name = "comment", required = false) String comment) {
-    Release release = releaseService.buildRelease(name, comment, appId, clusterName, namespaceName, "who");
+      @RequestParam(name = "comment", required = false) String comment,
+      @ActiveUser UserDetails user) {
+    Release release = releaseService.buildRelease(name, comment, appId, clusterName, namespaceName,
+        user.getUsername());
     return BeanUtils.transfrom(ReleaseDTO.class, release);
   }
 }
diff --git a/...ervice/src/test/java/com/ctrip/apollo/adminservice/controller/AbstractControllerTest.java b/...ervice/src/test/java/com/ctrip/apollo/adminservice/controller/AbstractControllerTest.java
@@ -15,7 +15,7 @@
 @WebIntegrationTest(randomPort = true)
 public abstract class AbstractControllerTest {
 
-  RestTemplate restTemplate = new TestRestTemplate();
+  RestTemplate restTemplate = new TestRestTemplate("user", "");
 
   @Value("${local.server.port}")
   int port;

diff --git a/...service/src/test/java/com/ctrip/apollo/adminservice/controller/ItemSetControllerTest.java b/...service/src/test/java/com/ctrip/apollo/adminservice/controller/ItemSetControllerTest.java
@@ -5,6 +5,7 @@
 import org.junit.Assert;
 import org.junit.Test;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.TestRestTemplate;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.test.context.jdbc.Sql;
@@ -44,7 +45,7 @@ public void testItemSetCreated() {
     Assert.assertEquals("application", namespace.getNamespaceName());
 
     ItemChangeSets itemSet = new ItemChangeSets();
-    itemSet.setModifyBy("created");
+    restTemplate = new TestRestTemplate("created", "");
 
     int createdSize = 3;
     for (int i = 0; i < createdSize; i++) {
@@ -91,8 +92,8 @@ public void testItemSetUpdated() {
     Assert.assertEquals("application", namespace.getNamespaceName());
 
     ItemChangeSets createChangeSet = new ItemChangeSets();
-    createChangeSet.setModifyBy("created");
-
+    restTemplate = new TestRestTemplate("created", "");
+    
     int createdSize = 3;
     for (int i = 0; i < createdSize; i++) {
       ItemDTO item = new ItemDTO();
@@ -115,8 +116,8 @@ public void testItemSetUpdated() {
             ItemDTO[].class);
 
     ItemChangeSets udpateChangeSet = new ItemChangeSets();
-    udpateChangeSet.setModifyBy("updated");
-
+    restTemplate = new TestRestTemplate("updated", "");
+    
     int updatedSize = 2;
     for (int i = 0; i < updatedSize; i++) {
       items[i].setValue("updated_value_" + i);
@@ -160,8 +161,8 @@ public void testItemSetDeleted() {
     Assert.assertEquals("application", namespace.getNamespaceName());
 
     ItemChangeSets createChangeSet = new ItemChangeSets();
-    createChangeSet.setModifyBy("created");
-
+    restTemplate = new TestRestTemplate("created", "");
+    
     int createdSize = 3;
     for (int i = 0; i < createdSize; i++) {
       ItemDTO item = new ItemDTO();
@@ -184,8 +185,8 @@ public void testItemSetDeleted() {
             ItemDTO[].class);
 
     ItemChangeSets deleteChangeSet = new ItemChangeSets();
-    deleteChangeSet.setModifyBy("deleted");
-
+    restTemplate = new TestRestTemplate("deleted", "");
+    
     int deletedSize = 1;
     for (int i = 0; i < deletedSize; i++) {
       items[i].setValue("deleted_value_" + i);