@Override
public String getDeployedURL(
String tenantDomain, String applicationID, String applicationVersion, String stage)
throws AppFactoryException {
String url = (String) this.properties.getProperty(LAUNCH_URL_PATTERN);
String artifactTrunkVersionName =
AppFactoryUtil.getAppfactoryConfiguration()
.getFirstProperty(AppFactoryConstants.TRUNK_WEBAPP_ARTIFACT_VERSION_NAME);
String sourceTrunkVersionName =
AppFactoryUtil.getAppfactoryConfiguration()
.getFirstProperty(AppFactoryConstants.TRUNK_WEBAPP_SOURCE_VERSION_NAME);
if (applicationVersion.equalsIgnoreCase(sourceTrunkVersionName)) {
applicationVersion = artifactTrunkVersionName;
}
String stratosAppId =
CommonUtil.getStratosApplicationId(applicationID, applicationVersion, stage, appType);
url =
url.replace(PARAM_TENANT_DOMAIN, tenantDomain)
.replace(PARAM_APP_ID, applicationID)
.replace(PARAM_APP_VERSION, applicationVersion)
.replace(PARAM_STRATOS_APP_ID, stratosAppId);
return url;
}
/**
* Clear the role authorizations from database
*
* @param role
* @param userName
* @throws AppFactoryException
*/
private void clearRoleAuthorization(String role, String userName) throws AppFactoryException {
boolean errorOccurred = false;
// get base access urls from appfactory.xml
Map<String, String> baseAccessURLs = AppFactoryUtil.getBaseAccessURLs();
if (baseAccessURLs.isEmpty()) {
String msg = "Could not find any remote server URLs configured for cloud environments.";
log.error(msg);
throw new AppFactoryException(msg);
}
for (Map.Entry entry : baseAccessURLs.entrySet()) {
String stage = (String) entry.getKey();
try {
// construct remote service url based on base access url
String remoteServiceURL = (String) entry.getValue();
if (!remoteServiceURL.endsWith("/")) {
remoteServiceURL += "/services/";
} else {
remoteServiceURL += "services/";
}
// create remote authorization management client and authenticate with mutual auth.
RemoteAuthorizationMgtClient authorizationMgtClient =
new RemoteAuthorizationMgtClient(remoteServiceURL);
AppFactoryUtil.setAuthHeaders(
authorizationMgtClient.getStub()._getServiceClient(), userName);
try {
authorizationMgtClient.clearAllRoleAuthorization(role);
} catch (Exception e) {
String errorMsg = "Failed to clear authorization for role:" + role + " on stage:" + stage;
log.error(errorMsg);
if (log.isDebugEnabled()) {
log.debug(errorMsg, e);
}
errorOccurred = true;
// continue to other permissions and throw generic exception at the end of flow.
}
} catch (Exception e) {
String errorMsg = "Failed to clear role:" + role + " on stage:" + stage;
log.error(errorMsg);
if (log.isDebugEnabled()) {
log.debug(errorMsg, e);
}
errorOccurred = true;
// continue to other stages and throw generic exception at the end of flow.
}
}
if (errorOccurred) {
throw new AppFactoryException("Failed to clear role:" + role);
}
}
/**
* Authorize given role with given set of permissions
*
* @param role - role name
* @param userName - authorized user to authorize roles
* @param permissions - set of permissions
* @throws AppFactoryException if remote exceptions or user store exceptions occurred.
*/
private void authorizeRole(String role, String userName, Permission[] permissions)
throws AppFactoryException {
boolean errorOccurred = false;
// get base access urls from appfactory.xml
Map<String, String> baseAccessURLs = AppFactoryUtil.getBaseAccessURLs();
if (baseAccessURLs.isEmpty()) {
String msg = "Could not find any remote server URLs configured for cloud environments.";
log.error(msg);
throw new AppFactoryException(msg);
}
for (Map.Entry entry : baseAccessURLs.entrySet()) {
String stage = (String) entry.getKey();
try {
// construct remote service url based on base access url
String remoteServiceURL = (String) entry.getValue();
// create remote authorization management client and authenticate with mutual auth.
RemoteAuthorizationMgtClient authorizationMgtClient =
new RemoteAuthorizationMgtClient(remoteServiceURL);
AppFactoryUtil.setAuthHeaders(
authorizationMgtClient.getStub()._getServiceClient(), userName);
for (Permission permission : permissions) {
try {
authorizationMgtClient.authorizeRole(
role, permission.getResourceId(), permission.getAction());
} catch (Exception e) {
String errorMsg =
"Failed to authorize role:"
+ role
+ " ,permission:"
+ permission.getResourceId()
+ " ,action:"
+ permission.getAction()
+ " on stage:"
+ stage;
log.error(errorMsg, e);
errorOccurred = true;
// continue to other permissions and throw generic exception at the end of flow.
}
}
} catch (Exception e) {
String errorMsg = "Failed to authorize role:" + role + " on stage:" + stage;
log.error(errorMsg, e);
errorOccurred = true;
// continue to other stages and throw generic exception at the end of flow.
}
}
if (errorOccurred) {
throw new AppFactoryException("Failed to authorize role:" + role);
}
}
@Override
public void onCreation(
Application application, String userName, String tenantDomain, boolean isUploadableAppType)
throws AppFactoryException {
// authorize application specific unique role in all cloud environments.
log.info(
"EnvironmentAuthorizationListener was called for application:"
+ application.getId()
+ " creation event.");
String applicationRoleName = AppFactoryUtil.getRoleNameForApplication(application.getId());
Permission perAppRolePermission =
new Permission(
AppFactoryConstants.PER_APP_ROLE_PERMISSION, CarbonConstants.UI_PERMISSION_ACTION);
authorizeRole(applicationRoleName, userName, new Permission[] {perAppRolePermission});
try {
//
String infoMessageTitle =
"Application "
+ application.getName()
+ " is successfully authorized for all "
+ "Cloud environments";
EventNotifier.getInstance()
.notify(
AppCreationEventBuilderUtil.buildApplicationCreationEvent(
infoMessageTitle, "", Event.Category.INFO));
// EventNotifier.getInstance().notify(EventBuilderUtil.buildApplicationCreationEvent(application.getId(), infoMessage, infoMessage, Event.Category.INFO));
} catch (AppFactoryEventException e) {
log.error("Failed to notify Cloud environment authorization events", e);
// do not throw again.
}
}
@Override
public boolean hasExecuted(Application application, String userName, String tenantDomain)
throws AppFactoryException {
String applicationRoleName = AppFactoryUtil.getRoleNameForApplication(application.getId());
Permission perAppRolePermission =
new Permission(
AppFactoryConstants.PER_APP_ROLE_PERMISSION, CarbonConstants.UI_PERMISSION_ACTION);
return isRoleAuthorized(applicationRoleName, userName, new Permission[] {perAppRolePermission});
}
private static String changeFileName(String name, String changedVersion)
throws AppFactoryException {
String applicationName = name;
String artifactVersionXPath =
"-" + AppFactoryUtil.getAppfactoryConfiguration().getFirstProperty(ARTIFACT_VERSION_XPATH);
if (name.lastIndexOf(artifactVersionXPath) != -1) {
applicationName = name.substring(0, name.lastIndexOf(artifactVersionXPath));
} else if (name.lastIndexOf("-") != -1) {
applicationName = name.substring(0, name.lastIndexOf("-"));
}
return applicationName + "-" + changedVersion;
}
@Override
public void onDeletion(Application application, String userName, String tenantDomain)
throws AppFactoryException {
String applicationRoleName = AppFactoryUtil.getRoleNameForApplication(application.getId());
clearRoleAuthorization(applicationRoleName, userName);
}