diff --git a/api/src/main/java/org/gatein/management/api/RuntimeContext.java b/api/src/main/java/org/gatein/management/api/RuntimeContext.java index 8cf22f57..e454d079 100644 --- a/api/src/main/java/org/gatein/management/api/RuntimeContext.java +++ b/api/src/main/java/org/gatein/management/api/RuntimeContext.java @@ -37,4 +37,13 @@ public interface RuntimeContext * @return the runtime component */ T getRuntimeComponent(Class componentClass); + + /** + * Returns a boolean indicating whether the user is included in the specified logical "role". If user is not + * authenticated this returns false. + * + * @param role the name of the role + * @return true if the user belongs to a given role or false if user is not authenticated + */ + boolean isUserInRole(String role); } diff --git a/api/src/main/java/org/gatein/management/api/exceptions/NotAuthorizedException.java b/api/src/main/java/org/gatein/management/api/exceptions/NotAuthorizedException.java new file mode 100644 index 00000000..9ee7ba80 --- /dev/null +++ b/api/src/main/java/org/gatein/management/api/exceptions/NotAuthorizedException.java @@ -0,0 +1,38 @@ +package org.gatein.management.api.exceptions; + +import org.gatein.management.api.ManagedUser; + +/** + * @author Nick Scavelli + */ +public class NotAuthorizedException extends OperationException +{ + private final ManagedUser user; + + public NotAuthorizedException(ManagedUser user, String operationName) + { + super(operationName, createMessage(user, operationName)); + this.user = user; + } + + public NotAuthorizedException(ManagedUser user, String operationName, Throwable cause) + { + super(operationName, createMessage(user, operationName), cause); + this.user = user; + } + + public ManagedUser getUser() + { + return user; + } + + private static String createMessage(ManagedUser user, String operationName) + { + if (user == null) + { + return "Authentication required for operation " + operationName; + } + + return user.getUserName() + " is not authorized to execute operation " + operationName; + } +} \ No newline at end of file diff --git a/api/src/main/java/org/gatein/management/api/operation/OperationContext.java b/api/src/main/java/org/gatein/management/api/operation/OperationContext.java index 5cabb577..3c23581c 100644 --- a/api/src/main/java/org/gatein/management/api/operation/OperationContext.java +++ b/api/src/main/java/org/gatein/management/api/operation/OperationContext.java @@ -43,10 +43,19 @@ public interface OperationContext { /** * - * @return the user if one is associated with the request + * @return the user if one is associated with the request. Returns null if user it not authenticated. */ ManagedUser getUser(); + /** + * Returns a boolean indicating whether the user is included in the specified logical "role". If user is not + * authenticated this returns false. + * + * @param role the name of the role + * @return true if the user belongs to a given role or false if user is not authenticated + */ + boolean isUserInRole(String role); + /** * * @return Path of the current operation. diff --git a/api/src/main/java/org/gatein/management/api/operation/OperationContextDelegate.java b/api/src/main/java/org/gatein/management/api/operation/OperationContextDelegate.java index d304ce40..6d139f2e 100644 --- a/api/src/main/java/org/gatein/management/api/operation/OperationContextDelegate.java +++ b/api/src/main/java/org/gatein/management/api/operation/OperationContextDelegate.java @@ -52,6 +52,12 @@ public ManagedUser getUser() return delegate.getUser(); } + @Override + public boolean isUserInRole(String role) + { + return delegate.isUserInRole(role); + } + @Override public PathAddress getAddress() { diff --git a/cli/src/main/java/org/gatein/management/cli/crash/commands/GateInCommand.java b/cli/src/main/java/org/gatein/management/cli/crash/commands/GateInCommand.java index 59a6039c..c369066c 100644 --- a/cli/src/main/java/org/gatein/management/cli/crash/commands/GateInCommand.java +++ b/cli/src/main/java/org/gatein/management/cli/crash/commands/GateInCommand.java @@ -28,9 +28,7 @@ import org.gatein.common.logging.Logger; import org.gatein.common.logging.LoggerFactory; -import javax.jcr.Repository; -import javax.jcr.Session; -import javax.jcr.SimpleCredentials; +import java.lang.reflect.Constructor; import java.lang.reflect.Method; /** @@ -41,6 +39,8 @@ public class GateInCommand extends CRaSHCommand { private static final Logger log = LoggerFactory.getLogger(GateInCommand.class); + private Object conversationState; + protected GateInCommand() throws IntrospectionException { } @@ -60,63 +60,22 @@ protected T getComponent(String containerName, Class componentClass) thro } } - protected Session login(String userName, String password, String containerName) throws ScriptException + protected void start(String userName, String containerName) { - Object container = getContainer(containerName); - - // TODO: Find better way to "authenticate" - try - { - ClassLoader tccl = Thread.currentThread().getContextClassLoader(); - Method getComponentInstanceOfTypeMethod = container.getClass().getMethod("getComponentInstanceOfType", Class.class); - - // Set current identity (similar to SetCurrentIdentityFilter behavior) - Class authenticatorClass = tccl.loadClass("org.exoplatform.services.security.Authenticator"); - Object authenticator = getComponentInstanceOfTypeMethod.invoke(container, authenticatorClass); - Method createIdentityMethod = authenticatorClass.getMethod("createIdentity", String.class); - Object identity = createIdentityMethod.invoke(authenticator, userName); - Class identityRegistryClass = tccl.loadClass("org.exoplatform.services.security.IdentityRegistry"); - Class identityClass = tccl.loadClass("org.exoplatform.services.security.Identity"); - Object identityRegistry = getComponentInstanceOfTypeMethod.invoke(container, identityRegistryClass); - Method registerIdentityMethod = identityRegistryClass.getMethod("register", identityClass); - registerIdentityMethod.invoke(identityRegistry, identity); - - // Log into the JCR to determine authorization - Class repositoryServiceClass = tccl.loadClass("org.exoplatform.services.jcr.RepositoryService"); - Object repositoryService = getComponentInstanceOfTypeMethod.invoke(container, repositoryServiceClass); - if (repositoryService != null) - { - Method getCurrentRepositoryMethod = repositoryService.getClass().getMethod("getCurrentRepository"); - Repository repository = (Repository) getCurrentRepositoryMethod.invoke(repositoryService); - SimpleCredentials credentials = new SimpleCredentials(userName, password.toCharArray()); - Session session = repository.login(credentials, "portal-system"); - if (session == null) - { - throw new Exception("JCR Session was null."); - } - - // This verifies the user has access to the JCR. - session.getRootNode(); - - return session; - } - else - { - throw new Exception("Repository service was null."); - } - } - catch (Exception e) + if (conversationState == null) { - throw new ScriptException("Could not authenticate for user '" + userName + "'", e); + conversationState = getConversationState(userName, containerName); } - } - protected void start(String containerName) - { try { ClassLoader cl = Thread.currentThread().getContextClassLoader(); + // Set current conversation state + Class conversationStateClass = cl.loadClass("org.exoplatform.services.security.ConversationState"); + Method setCurrent = conversationStateClass.getMethod("setCurrent", conversationStateClass); + setCurrent.invoke(null, conversationState); + // Set the current container Class eXoContainerContextClass = cl.loadClass("org.exoplatform.container.ExoContainerContext"); Class eXoContainerClass = cl.loadClass("org.exoplatform.container.ExoContainer"); @@ -192,4 +151,38 @@ private Object getContainer(String containerName) throws ScriptException return container; } + + private Object getConversationState(String userName, String containerName) throws ScriptException + { + Object container = getContainer(containerName); + + try + { + ClassLoader tccl = Thread.currentThread().getContextClassLoader(); + Method getComponentInstanceOfTypeMethod = container.getClass().getMethod("getComponentInstanceOfType", Class.class); + + // Set current identity (similar to SetCurrentIdentityFilter behavior) + Class identityRegistryClass = tccl.loadClass("org.exoplatform.services.security.IdentityRegistry"); + Method getIdentityMethod = identityRegistryClass.getMethod("getIdentity", String.class); + Class identityClass = tccl.loadClass("org.exoplatform.services.security.Identity"); + Object identityRegistry = getComponentInstanceOfTypeMethod.invoke(container, identityRegistryClass); + Object identity = getIdentityMethod.invoke(identityRegistry, userName); + if (identity == null) + { + Class authenticatorClass = tccl.loadClass("org.exoplatform.services.security.Authenticator"); + Object authenticator = getComponentInstanceOfTypeMethod.invoke(container, authenticatorClass); + Method createIdentityMethod = authenticatorClass.getMethod("createIdentity", String.class); + identity = createIdentityMethod.invoke(authenticator, userName); + Method registerIdentityMethod = identityRegistryClass.getMethod("register", identityClass); + registerIdentityMethod.invoke(identityRegistry, identity); + } + Class conversationStateClass = tccl.loadClass("org.exoplatform.services.security.ConversationState"); + Constructor conversationStateConstructor = conversationStateClass.getConstructor(identityClass); + return conversationStateConstructor.newInstance(identity); + } + catch (Exception e) + { + throw new ScriptException("Could not authenticate for user '" + userName + "'", e); + } + } } diff --git a/cli/src/main/java/org/gatein/management/cli/crash/commands/ManagementCommand.java b/cli/src/main/java/org/gatein/management/cli/crash/commands/ManagementCommand.java index b06605bc..e20f158f 100644 --- a/cli/src/main/java/org/gatein/management/cli/crash/commands/ManagementCommand.java +++ b/cli/src/main/java/org/gatein/management/cli/crash/commands/ManagementCommand.java @@ -26,6 +26,7 @@ import org.crsh.cmdline.IntrospectionException; import org.crsh.cmdline.ParameterDescriptor; import org.crsh.cmdline.spi.Completer; +import org.crsh.command.InvocationContext; import org.crsh.command.ScriptException; import org.gatein.management.api.PathAddress; import org.gatein.management.api.controller.ManagedRequest; diff --git a/cli/src/main/java/org/gatein/management/cli/crash/commands/scp/SCPCommand.java b/cli/src/main/java/org/gatein/management/cli/crash/commands/scp/SCPCommand.java index 600c9590..35489e25 100644 --- a/cli/src/main/java/org/gatein/management/cli/crash/commands/scp/SCPCommand.java +++ b/cli/src/main/java/org/gatein/management/cli/crash/commands/scp/SCPCommand.java @@ -33,6 +33,8 @@ import org.gatein.common.logging.LoggerFactory; import org.gatein.management.api.controller.ManagementController; import org.gatein.management.cli.crash.commands.ManagementCommand; +import org.gatein.management.cli.crash.plugins.CustomWebPluginLifecycle; +import org.gatein.management.cli.crash.plugins.JaasAuthenticationPlugin; import javax.jcr.Session; import java.io.ByteArrayOutputStream; @@ -54,6 +56,7 @@ public abstract class SCPCommand extends AbstractCommand implements Runnable private String path; private String containerName; + private String jaasDomain; private SCPManagementCommand scpManagementCommand; private Thread thread; @@ -69,6 +72,7 @@ public void start(Environment environment) throws IOException try { scpManagementCommand = new SCPManagementCommand(); + jaasDomain = CustomWebPluginLifecycle.getCrashProperties().getProperty("crash.jaas.domain", "gatein-domain"); } catch (IntrospectionException e) { @@ -108,16 +112,20 @@ public void run() private void execute() throws Exception { - // Log in String userName = session.getAttribute(SSHLifeCycle.USERNAME); String password = session.getAttribute(SSHLifeCycle.PASSWORD); + // Log in log.debug("Attempting to authenticate user " + userName); + JaasAuthenticationPlugin jaas = new JaasAuthenticationPlugin(); + boolean authenticated = jaas.login(userName, password, jaasDomain); - Session jcrSession = scpManagementCommand.login(userName, password, containerName); - if (jcrSession == null) throw new Exception("JCR session was null."); + if (!authenticated) + { + throw new Exception("Could not authenticate for user " + userName); + } - scpManagementCommand.start(containerName); + scpManagementCommand.start(userName, containerName); try { // Parse attributes @@ -153,10 +161,6 @@ private void execute() throws Exception finally { scpManagementCommand.end(); - if (jcrSession.isLive()) - { - jcrSession.logout(); - } } } @@ -246,15 +250,9 @@ protected SCPManagementCommand() throws IntrospectionException } @Override - protected Session login(String userName, String password, String containerName) throws ScriptException - { - return super.login(userName, password, containerName); - } - - @Override - protected void start(String containerName) + protected void start(String userName, String containerName) { - super.start(containerName); + super.start(userName, containerName); } @Override diff --git a/cli/src/main/java/org/gatein/management/cli/crash/plugins/CustomWebPluginLifecycle.java b/cli/src/main/java/org/gatein/management/cli/crash/plugins/CustomWebPluginLifecycle.java new file mode 100644 index 00000000..43b726f5 --- /dev/null +++ b/cli/src/main/java/org/gatein/management/cli/crash/plugins/CustomWebPluginLifecycle.java @@ -0,0 +1,62 @@ +package org.gatein.management.cli.crash.plugins; + +import org.crsh.plugin.WebPluginLifeCycle; +import org.gatein.common.logging.Logger; +import org.gatein.common.logging.LoggerFactory; + +import javax.servlet.ServletContextEvent; +import java.io.IOException; +import java.io.InputStream; +import java.util.Properties; + +/** + * Used to bootstrap crash and also provide access to crash.properties data. + * + * @author Nick Scavelli + */ +public class CustomWebPluginLifecycle extends WebPluginLifeCycle +{ + private static final Properties crashProperties = new Properties(); + private static final Logger log = LoggerFactory.getLogger(CustomWebPluginLifecycle.class); + + public static Properties getCrashProperties() + { + return crashProperties; + } + + @Override + public void contextInitialized(ServletContextEvent sce) + { + super.contextInitialized(sce); + String path = "/WEB-INF/crash/crash.properties"; + InputStream in = sce.getServletContext().getResourceAsStream(path); + try + { + crashProperties.load(in); + } + catch (IOException e) + { + log.error("Exception reading file " + path, e); + } + finally + { + if (in != null) + { + try + { + in.close(); + } + catch (IOException e) + { + } + } + } + } + + @Override + public void contextDestroyed(ServletContextEvent sce) + { + super.contextDestroyed(sce); + crashProperties.clear(); + } +} diff --git a/cli/src/main/java/org/gatein/management/cli/crash/plugins/JaasAuthenticationPlugin.java b/cli/src/main/java/org/gatein/management/cli/crash/plugins/JaasAuthenticationPlugin.java index b98265f8..941dc78e 100644 --- a/cli/src/main/java/org/gatein/management/cli/crash/plugins/JaasAuthenticationPlugin.java +++ b/cli/src/main/java/org/gatein/management/cli/crash/plugins/JaasAuthenticationPlugin.java @@ -35,6 +35,7 @@ import javax.security.auth.callback.PasswordCallback; import javax.security.auth.callback.UnsupportedCallbackException; import javax.security.auth.login.LoginContext; +import javax.security.auth.login.LoginException; import java.io.IOException; import java.util.ArrayList; import java.util.List; @@ -75,6 +76,11 @@ protected Iterable> createConfigurationCapabilities() public boolean authenticate(final String username, final String password) throws Exception { String domain = getContext().getProperty(JAAS_DOMAIN); + return login(username, password, domain); + } + + public boolean login(final String username, final String password, final String domain) throws LoginException + { if (domain != null) { log.debug("Will use the JAAS domain '" + domain + "' for authenticating user " + username +" into CRaSH."); diff --git a/cli/src/main/webapp/WEB-INF/crash/commands/gatein/login.groovy b/cli/src/main/webapp/WEB-INF/crash/commands/gatein/login.groovy index 0bf9c905..67823fd2 100644 --- a/cli/src/main/webapp/WEB-INF/crash/commands/gatein/login.groovy +++ b/cli/src/main/webapp/WEB-INF/crash/commands/gatein/login.groovy @@ -30,11 +30,10 @@ import org.gatein.management.api.exceptions.ResourceNotFoundException import org.gatein.management.cli.crash.commands.CliRequest assertConnected = { - if (session == null) throw new ScriptException("Not connected !"); + if (container == null) throw new ScriptException("Not connected to a portal container, try executing mgmt connect first."); }; execute = { String operationName, PathAddress pathAddress, ContentType contentType, Map> attributes, InputStream data, Closure printResult -> - assertConnected(); if (controller == null) throw new ScriptException("Management controller not available."); diff --git a/cli/src/main/webapp/WEB-INF/crash/commands/gatein/logout.groovy b/cli/src/main/webapp/WEB-INF/crash/commands/gatein/logout.groovy index a4128566..1c261a91 100644 --- a/cli/src/main/webapp/WEB-INF/crash/commands/gatein/logout.groovy +++ b/cli/src/main/webapp/WEB-INF/crash/commands/gatein/logout.groovy @@ -19,14 +19,8 @@ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * 02110-1301 USA, or see the FSF site: http://www.fsf.org. */ - -if (session != null) -{ - session.logout(); -} -session = null; +container = null; user = null; controller = null; address = null; -container = null; connectionInfo = null; \ No newline at end of file diff --git a/cli/src/main/webapp/WEB-INF/crash/commands/gatein/mgmt.groovy b/cli/src/main/webapp/WEB-INF/crash/commands/gatein/mgmt.groovy index 28b5ed2c..6c73949e 100644 --- a/cli/src/main/webapp/WEB-INF/crash/commands/gatein/mgmt.groovy +++ b/cli/src/main/webapp/WEB-INF/crash/commands/gatein/mgmt.groovy @@ -40,46 +40,34 @@ class mgmt extends ManagementCommand @Usage("connect to the gatein management system") @Man(""" This command connects you into the gatein management system, allowing you to execute management operations. The default -container is 'portal' if no container option is specified. The default user is the username used to connect to CRaSH. +container is 'portal' if no container option is specified. % mgmt connect -c portal Connect to portal container 'portal'. This is default behavior. -% mgmt connect -c sample-portal -u root -p gtn -Connect to portal container 'sample-portal' using the username 'root' and password 'gtn'. +% mgmt connect -c sample-portal +Connect to portal container 'sample-portal' """) @Command - public Object connect(@UserName String userName, - @Password String password, - @Container String containerName, InvocationContext ctx) throws ScriptException + public Object connect(@Container String containerName, InvocationContext ctx) throws ScriptException { - if (session != null) return "Currently connected: $connectionInfo" - + def userName = ctx.getProperty("USER"); if (userName == null) { - userName = ctx.getProperty("USER"); + throw new ScriptException("User not found, something went wrong during authentication."); } - if (userName == null) + if (containerName == null) { - return "Username is required, and wasn't found while authenticating into CRaSH."; + containerName = "portal"; } - - if (userName != null && password == null) - { - password = readLine("Password: ", false); - } - - if (containerName == null) containerName = "portal"; - session = login(userName, password, containerName); - user = userName; controller = getComponent(containerName, ManagementController.class); logger = LoggerFactory.getLogger("org.gatein.management.cli"); begin = { - start(containerName); + start(userName, containerName); } end = { @@ -87,6 +75,8 @@ Connect to portal container 'sample-portal' using the username 'root' and passwo } connectionInfo = "[user=$userName, container='$containerName', host='$hostName']"; + container = containerName; + user = userName; execute(OperationNames.READ_RESOURCE, PathAddress.EMPTY_ADDRESS, ContentType.JSON, null, null, { ReadResourceModel result, error -> return "Successfully connected to gatein management system: $connectionInfo" @@ -99,11 +89,10 @@ Connect to portal container 'sample-portal' using the username 'root' and passwo public Object disconnect() throws ScriptException { assertConnected(); - session.logout(); - session = null; + container = null; + user = null; controller = null; address = null; - container = null; connectionInfo = null; return "Disconnected from management system."; } diff --git a/cli/src/main/webapp/WEB-INF/web.xml b/cli/src/main/webapp/WEB-INF/web.xml index 94bf700e..c3817dcd 100644 --- a/cli/src/main/webapp/WEB-INF/web.xml +++ b/cli/src/main/webapp/WEB-INF/web.xml @@ -28,7 +28,7 @@ CRaSH - org.crsh.plugin.WebPluginLifeCycle + org.gatein.management.cli.crash.plugins.CustomWebPluginLifecycle diff --git a/core/src/main/java/org/gatein/management/core/api/operation/OperationContextImpl.java b/core/src/main/java/org/gatein/management/core/api/operation/OperationContextImpl.java index 620e388b..f0863bcd 100644 --- a/core/src/main/java/org/gatein/management/core/api/operation/OperationContextImpl.java +++ b/core/src/main/java/org/gatein/management/core/api/operation/OperationContextImpl.java @@ -92,6 +92,12 @@ public ManagedUser getUser() return null; } + @Override + public boolean isUserInRole(String role) + { + return runtimeContext.isUserInRole(role); + } + @Override public ManagedResource getManagedResource() { diff --git a/rest/src/main/java/org/gatein/management/rest/RestController.java b/rest/src/main/java/org/gatein/management/rest/RestController.java index 3987c9cb..04fd27a6 100644 --- a/rest/src/main/java/org/gatein/management/rest/RestController.java +++ b/rest/src/main/java/org/gatein/management/rest/RestController.java @@ -28,6 +28,7 @@ import org.gatein.management.api.PathAddress; import org.gatein.management.api.controller.ManagedResponse; import org.gatein.management.api.controller.ManagementController; +import org.gatein.management.api.exceptions.NotAuthorizedException; import org.gatein.management.api.exceptions.OperationException; import org.gatein.management.api.exceptions.ResourceNotFoundException; import org.gatein.management.api.operation.OperationNames; @@ -35,7 +36,6 @@ import org.gatein.management.api.operation.model.ReadResourceModel; import org.gatein.management.rest.content.Resource; -import javax.annotation.security.RolesAllowed; import javax.ws.rs.Consumes; import javax.ws.rs.DELETE; import javax.ws.rs.GET; @@ -77,7 +77,6 @@ public RestController(ManagementController controller) // Note we add text/html here so we can handle browsers, even though we don't produce text/html @GET @Produces({MediaType.TEXT_HTML, MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML}) - @RolesAllowed("administrators") public Response htmlGetRequest(@Context UriInfo uriInfo, @Context SecurityContext securityContext, @Context HttpHeaders httpHeaders) { return htmlGetRequest(uriInfo, securityContext, httpHeaders, ""); @@ -86,7 +85,6 @@ public Response htmlGetRequest(@Context UriInfo uriInfo, @Context SecurityContex @GET @Path("/{path:.*}") @Produces({MediaType.TEXT_HTML, MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML}) - @RolesAllowed("administrators") public Response htmlGetRequest(@Context UriInfo uriInfo, @Context SecurityContext securityContext, @Context HttpHeaders httpHeaders, @PathParam("path") String path) { HttpManagedRequest request = get() @@ -102,7 +100,6 @@ public Response htmlGetRequest(@Context UriInfo uriInfo, @Context SecurityContex @POST @Consumes(MediaType.TEXT_HTML) @Produces({MediaType.TEXT_HTML, MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML}) - @RolesAllowed("administrators") public Response htmlPostRequest(@Context UriInfo uriInfo, @Context SecurityContext securityContext, @Context HttpHeaders httpHeaders, InputStream data) { return htmlPostRequest(uriInfo, securityContext, httpHeaders, "", data); @@ -112,7 +109,6 @@ public Response htmlPostRequest(@Context UriInfo uriInfo, @Context SecurityConte @Path("/{path:.*}") @Consumes(MediaType.TEXT_HTML) @Produces({MediaType.TEXT_HTML, MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML}) - @RolesAllowed("administrators") public Response htmlPostRequest(@Context UriInfo uriInfo, @Context SecurityContext securityContext, @Context HttpHeaders httpHeaders, @PathParam("path") String path, InputStream data) { HttpManagedRequest request = post(data) @@ -128,7 +124,6 @@ public Response htmlPostRequest(@Context UriInfo uriInfo, @Context SecurityConte @PUT @Consumes(MediaType.TEXT_HTML) @Produces({MediaType.TEXT_HTML, MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML}) - @RolesAllowed("administrators") public Response htmlPutRequest(@Context UriInfo uriInfo, @Context SecurityContext securityContext, @Context HttpHeaders httpHeaders, InputStream data) { return htmlPutRequest(uriInfo, securityContext, httpHeaders, "", data); @@ -138,7 +133,6 @@ public Response htmlPutRequest(@Context UriInfo uriInfo, @Context SecurityContex @Path("/{path:.*}") @Consumes(MediaType.TEXT_HTML) @Produces({MediaType.TEXT_HTML, MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML}) - @RolesAllowed("administrators") public Response htmlPutRequest(@Context UriInfo uriInfo, @Context SecurityContext securityContext, @Context HttpHeaders httpHeaders, @PathParam("path") String path, InputStream data) { HttpManagedRequest request = put(data) @@ -153,7 +147,6 @@ public Response htmlPutRequest(@Context UriInfo uriInfo, @Context SecurityContex @DELETE @Produces({MediaType.TEXT_HTML, MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML}) - @RolesAllowed("administrators") public Response htmlDeleteRequest(@Context UriInfo uriInfo, @Context SecurityContext securityContext, @Context HttpHeaders httpHeaders) { return htmlDeleteRequest(uriInfo, securityContext, httpHeaders); @@ -162,7 +155,6 @@ public Response htmlDeleteRequest(@Context UriInfo uriInfo, @Context SecurityCon @DELETE @Path("/{path:.*}") @Produces({MediaType.TEXT_HTML, MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML}) - @RolesAllowed("administrators") public Response htmlDeleteRequest(@Context UriInfo uriInfo, @Context SecurityContext securityContext, @Context HttpHeaders httpHeaders, @PathParam("path") String path) { HttpManagedRequest request = delete() @@ -178,7 +170,6 @@ public Response htmlDeleteRequest(@Context UriInfo uriInfo, @Context SecurityCon //----------------------------------------- JSON Handlers -----------------------------------------// @GET @Produces(MediaType.APPLICATION_JSON) - @RolesAllowed("administrators") public Response jsonGetRequest(@Context UriInfo uriInfo, @Context SecurityContext securityContext, @Context HttpHeaders httpHeaders) { return jsonGetRequest(uriInfo, securityContext, httpHeaders, ""); @@ -187,7 +178,6 @@ public Response jsonGetRequest(@Context UriInfo uriInfo, @Context SecurityContex @GET @Path("/{path:.*}") @Produces(MediaType.APPLICATION_JSON) - @RolesAllowed("administrators") public Response jsonGetRequest(@Context UriInfo uriInfo, @Context SecurityContext securityContext, @Context HttpHeaders httpHeaders, @PathParam("path") String path) { HttpManagedRequest request = get() @@ -204,7 +194,6 @@ public Response jsonGetRequest(@Context UriInfo uriInfo, @Context SecurityContex @POST @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON) - @RolesAllowed("administrators") public Response jsonPostRequest(@Context UriInfo uriInfo, @Context SecurityContext securityContext, @Context HttpHeaders httpHeaders, InputStream data) { return jsonPostRequest(uriInfo, securityContext, httpHeaders, "", data); @@ -214,7 +203,6 @@ public Response jsonPostRequest(@Context UriInfo uriInfo, @Context SecurityConte @Path("/{path:.*}") @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON) - @RolesAllowed("administrators") public Response jsonPostRequest(@Context UriInfo uriInfo, @Context SecurityContext securityContext, @Context HttpHeaders httpHeaders, @PathParam("path") String path, InputStream data) { HttpManagedRequest request = post(data) @@ -231,7 +219,6 @@ public Response jsonPostRequest(@Context UriInfo uriInfo, @Context SecurityConte @PUT @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON) - @RolesAllowed("administrators") public Response jsonPutRequest(@Context UriInfo uriInfo, @Context SecurityContext securityContext, @Context HttpHeaders httpHeaders, InputStream data) { return jsonPutRequest(uriInfo, securityContext, httpHeaders, "", data); @@ -241,7 +228,6 @@ public Response jsonPutRequest(@Context UriInfo uriInfo, @Context SecurityContex @Path("/{path:.*}") @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON) - @RolesAllowed("administrators") public Response jsonPutRequest(@Context UriInfo uriInfo, @Context SecurityContext securityContext, @Context HttpHeaders httpHeaders, @PathParam("path") String path, InputStream data) { HttpManagedRequest request = put(data) @@ -257,7 +243,6 @@ public Response jsonPutRequest(@Context UriInfo uriInfo, @Context SecurityContex @DELETE @Produces(MediaType.APPLICATION_JSON) - @RolesAllowed("administrators") public Response jsonDeleteRequest(@Context UriInfo uriInfo, @Context SecurityContext securityContext, @Context HttpHeaders httpHeaders) { return jsonDeleteRequest(uriInfo, securityContext, httpHeaders, ""); @@ -266,7 +251,6 @@ public Response jsonDeleteRequest(@Context UriInfo uriInfo, @Context SecurityCon @DELETE @Path("/{path:.*}") @Produces(MediaType.APPLICATION_JSON) - @RolesAllowed("administrators") public Response jsonDeleteRequest(@Context UriInfo uriInfo, @Context SecurityContext securityContext, @Context HttpHeaders httpHeaders, @PathParam("path") String path) { HttpManagedRequest request = delete() @@ -283,7 +267,6 @@ public Response jsonDeleteRequest(@Context UriInfo uriInfo, @Context SecurityCon //----------------------------------------- XML Handlers -----------------------------------------// @GET @Produces(MediaType.APPLICATION_XML) - @RolesAllowed("administrators") public Response xmlGetRequest(@Context UriInfo uriInfo, @Context SecurityContext securityContext, @Context HttpHeaders httpHeaders) { return xmlGetRequest(uriInfo, securityContext, httpHeaders, ""); @@ -292,7 +275,6 @@ public Response xmlGetRequest(@Context UriInfo uriInfo, @Context SecurityContext @GET @Path("/{path:.*}") @Produces(MediaType.APPLICATION_XML) - @RolesAllowed("administrators") public Response xmlGetRequest(@Context UriInfo uriInfo, @Context SecurityContext securityContext, @Context HttpHeaders httpHeaders, @PathParam("path") String path) { HttpManagedRequest request = get() @@ -309,7 +291,6 @@ public Response xmlGetRequest(@Context UriInfo uriInfo, @Context SecurityContext @POST @Consumes(MediaType.APPLICATION_XML) @Produces(MediaType.APPLICATION_XML) - @RolesAllowed("administrators") public Response xmlPostRequest(@Context UriInfo uriInfo, @Context SecurityContext securityContext, @Context HttpHeaders httpHeaders, InputStream data) { return xmlPostRequest(uriInfo, securityContext, httpHeaders, "", data); @@ -319,7 +300,6 @@ public Response xmlPostRequest(@Context UriInfo uriInfo, @Context SecurityContex @Path("/{path:.*}") @Consumes(MediaType.APPLICATION_XML) @Produces(MediaType.APPLICATION_XML) - @RolesAllowed("administrators") public Response xmlPostRequest(@Context UriInfo uriInfo, @Context SecurityContext securityContext, @Context HttpHeaders httpHeaders, @PathParam("path") String path, InputStream data) { HttpManagedRequest request = post(data) @@ -336,7 +316,6 @@ public Response xmlPostRequest(@Context UriInfo uriInfo, @Context SecurityContex @PUT @Consumes(MediaType.APPLICATION_XML) @Produces(MediaType.APPLICATION_XML) - @RolesAllowed("administrators") public Response xmlPutRequest(@Context UriInfo uriInfo, @Context SecurityContext securityContext, @Context HttpHeaders httpHeaders, InputStream data) { return xmlPutRequest(uriInfo, securityContext, httpHeaders, "", data); @@ -346,7 +325,6 @@ public Response xmlPutRequest(@Context UriInfo uriInfo, @Context SecurityContext @Path("/{path:.*}") @Consumes(MediaType.APPLICATION_XML) @Produces(MediaType.APPLICATION_XML) - @RolesAllowed("administrators") public Response xmlPutRequest(@Context UriInfo uriInfo, @Context SecurityContext securityContext, @Context HttpHeaders httpHeaders, @PathParam("path") String path, InputStream data) { HttpManagedRequest request = put(data) @@ -362,7 +340,6 @@ public Response xmlPutRequest(@Context UriInfo uriInfo, @Context SecurityContext @DELETE @Produces(MediaType.APPLICATION_XML) - @RolesAllowed("administrators") public Response xmlDeleteRequest(@Context UriInfo uriInfo, @Context SecurityContext securityContext, @Context HttpHeaders httpHeaders) { return xmlDeleteRequest(uriInfo, securityContext, httpHeaders, ""); @@ -371,7 +348,6 @@ public Response xmlDeleteRequest(@Context UriInfo uriInfo, @Context SecurityCont @DELETE @Path("/{path:.*}") @Produces(MediaType.APPLICATION_XML) - @RolesAllowed("administrators") public Response xmlDeleteRequest(@Context UriInfo uriInfo, @Context SecurityContext securityContext, @Context HttpHeaders httpHeaders, @PathParam("path") String path) { HttpManagedRequest request = delete() @@ -389,7 +365,6 @@ public Response xmlDeleteRequest(@Context UriInfo uriInfo, @Context SecurityCont @GET @Path("/{path:.*}") @Produces("application/zip") - @RolesAllowed("administrators") public Response zipGetRequest(@Context UriInfo uriInfo, @Context SecurityContext securityContext, @Context HttpHeaders httpHeaders, @PathParam("path") String path) { HttpManagedRequest request = get() @@ -408,7 +383,6 @@ public Response zipGetRequest(@Context UriInfo uriInfo, @Context SecurityContext @Path("/{path:.*}") @Consumes("application/zip") @Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON}) - @RolesAllowed("administrators") public Response zipPutRequest(@Context UriInfo uriInfo, @Context SecurityContext securityContext, @Context HttpHeaders httpHeaders, @PathParam("path") String path, InputStream data) { HttpManagedRequest request = put(data) @@ -459,7 +433,14 @@ private Response executeRequest(UriInfo uriInfo, HttpManagedRequest request) catch (OperationException e) { log.error("Operation exception for operation: " + operationName + ", address: " + address + ", content-type: " + contentType, e); - return failure(e.getMessage(), operationName, Status.INTERNAL_SERVER_ERROR, contentType); + if (e instanceof NotAuthorizedException) + { + return failure(e.getMessage(), operationName, Status.UNAUTHORIZED, contentType); + } + else + { + return failure(e.getMessage(), operationName, Status.INTERNAL_SERVER_ERROR, contentType); + } } catch (Exception e) {