feat(security): Add multiple security implementations and manage secu…

…rity by plan

Closes gravitee-io/issues#379

gravitee-management-api-model/src/main/java/io/gravitee/management/model/NewPlanEntity.java

@@ -38,6 +38,9 @@ public class NewPlanEntity {
     @NotNull
     private PlanValidationType validation = PlanValidationType.MANUAL;
 
+    @NotNull
+    private PlanSecurityType security = PlanSecurityType.API_KEY;
+
     @NotNull
     private PlanType type = PlanType.API;
 
@@ -104,6 +107,14 @@ public void setCharacteristics(List<String> characteristics) {
         this.characteristics = characteristics;
     }
 
+    public PlanSecurityType getSecurity() {
+        return security;
+    }
+
+    public void setSecurity(PlanSecurityType security) {
+        this.security = security;
+    }
+
     @Override
     public boolean equals(Object o) {
         if (this == o) return true;

gravitee-management-api-model/src/main/java/io/gravitee/management/model/PlanEntity.java

@@ -37,6 +37,8 @@ public class PlanEntity {
      */
     private PlanValidationType validation;
 
+    private PlanSecurityType security;
+
     private PlanType type;
 
     private PlanStatus status;
@@ -186,6 +188,14 @@ public void setClosedAt(Date closedAt) {
         this.closedAt = closedAt;
     }
 
+    public PlanSecurityType getSecurity() {
+        return security;
+    }
+
+    public void setSecurity(PlanSecurityType security) {
+        this.security = security;
+    }
+
     @Override
     public boolean equals(Object o) {
         if (this == o) return true;

gravitee-management-api-model/src/main/java/io/gravitee/management/model/PlanSecurityType.java

@@ -0,0 +1,33 @@
+/**
+ * Copyright (C) 2015 The Gravitee team (http://gravitee.io)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.gravitee.management.model;
+
+/**
+ * @author David BRASSELY (david.brassely at graviteesource.com)
+ * @author GraviteeSource Team
+ */
+public enum PlanSecurityType {
+
+    /**
+     * Plan which is using a key_less (ie. public) security authentication for incoming HTTP requests.
+     */
+    KEY_LESS,
+
+    /**
+     * Plan which is using an api-key security authentication for incoming HTTP requests.
+     */
+    API_KEY
+}

gravitee-management-api-rest/src/main/java/io/gravitee/management/rest/resource/ApplicationSubscriptionsResource.java

@@ -60,7 +60,7 @@ public class ApplicationSubscriptionsResource {
     @Produces(MediaType.APPLICATION_JSON)
     @ApplicationPermissionsRequired(ApplicationPermission.MANAGE_SUBSCRIPTIONS)
     @ApiOperation(value = "Subscribe to a plan",
-            notes = "User must have the MANAGE_PLANS permission to use this service")
+            notes = "User must have the MANAGE_SUBSCRIPTIONS permission to use this service")
     @ApiResponses({
             @ApiResponse(code = 201, message = "Subscription successfully created", response = Subscription.class),
             @ApiResponse(code = 500, message = "Internal server error")})

gravitee-management-api-service/src/main/java/io/gravitee/management/service/exceptions/KeylessPlanAlreadyPublishedException.java

@@ -0,0 +1,41 @@
+/**
+ * Copyright (C) 2015 The Gravitee team (http://gravitee.io)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.gravitee.management.service.exceptions;
+
+import io.gravitee.common.http.HttpStatusCode;
+
+/**
+ * @author David BRASSELY (david.brassely at graviteesource.com)
+ * @author GraviteeSource Team
+ */
+public class KeylessPlanAlreadyPublishedException extends AbstractManagementException {
+
+    private final String plan;
+
+    public KeylessPlanAlreadyPublishedException(String plan) {
+        this.plan = plan;
+    }
+
+    @Override
+    public String getMessage() {
+        return "A key-less plan is already published!";
+    }
+
+    @Override
+    public int getHttpStatusCode() {
+        return HttpStatusCode.BAD_REQUEST_400;
+    }
+}

gravitee-management-api-service/src/main/java/io/gravitee/management/service/exceptions/PlanNotSubscribableException.java

@@ -0,0 +1,41 @@
+/**
+ * Copyright (C) 2015 The Gravitee team (http://gravitee.io)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.gravitee.management.service.exceptions;
+
+import io.gravitee.common.http.HttpStatusCode;
+
+/**
+ * @author David BRASSELY (david.brassely at graviteesource.com)
+ * @author GraviteeSource Team
+ */
+public class PlanNotSubscribableException extends AbstractManagementException {
+
+    private final String plan;
+
+    public PlanNotSubscribableException(String plan) {
+        this.plan = plan;
+    }
+
+    @Override
+    public String getMessage() {
+        return "Plan " + plan + " is not subscribable !";
+    }
+
+    @Override
+    public int getHttpStatusCode() {
+        return HttpStatusCode.BAD_REQUEST_400;
+    }
+}

gravitee-management-api-service/src/main/java/io/gravitee/management/service/impl/AnalyticsServiceImpl.java

@@ -52,6 +52,8 @@ public class AnalyticsServiceImpl implements AnalyticsService {
      */
     private final Logger logger = LoggerFactory.getLogger(AnalyticsServiceImpl.class);
 
+    private static final String APPLICATION_KEYLESS = "1";
+
     @Autowired
     private AnalyticsRepository analyticsRepository;
 
@@ -243,8 +245,13 @@ private Map<String, String> getApplicationMetadata(String application) {
             ApplicationEntity applicationEntity = applicationService.findById(application);
             metadata.put("name", applicationEntity.getName());
         } catch (ApplicationNotFoundException anfe) {
-            metadata.put("name", "Deleted application");
             metadata.put("deleted", "true");
+            if (application.equals(APPLICATION_KEYLESS)) {
+                metadata.put("name", "Unknown application (keyless)");
+            } else {
+                metadata.put("name", "Deleted application");
+
+            }
         }
 
         return metadata;