Esempio n. 1
0
  /**
   * This method serves the same purpose of rebuildProxyChain, but does not require any kind of
   * security authentication so it should only ever be used by the activator, which does not have an
   * authentication object.
   */
  public void initializeProxyChain() {
    LOGGER.info("Initializing proxy chain");

    MotechSecurityConfiguration securityConfiguration =
        securityRulesDAO.getMotechSecurityConfiguration();
    List<MotechURLSecurityRule> securityRules = securityConfiguration.getSecurityRules();
    List<MotechURLSecurityRule> systemRules = getDefaultSecurityConfiguration().getSecurityRules();

    for (MotechURLSecurityRule rule : systemRules) {
      if (!securityRules.contains(rule)) {
        LOGGER.debug("Found new rule, not present in database. Adding.");
        securityRules.add(rule);
      }
    }

    // remove rules that have origin set to SYSTEM_PLATFORM and are no longer in the default
    // configuration
    Iterator<MotechURLSecurityRule> it = securityRules.iterator();
    while (it.hasNext()) {
      MotechURLSecurityRule ruleFromDb = it.next();
      if (SYSTEM_ORIGIN.equals(ruleFromDb.getOrigin()) && !systemRules.contains(ruleFromDb)) {
        it.remove();
      }
    }

    securityRulesDAO.addOrUpdate(securityConfiguration);

    updateSecurityChain(securityRules);
    LOGGER.info("Initialized proxy chain");
  }
Esempio n. 2
0
  /**
   * Updates security chain with given {@link
   * org.motechproject.security.domain.MotechURLSecurityRule}
   *
   * @param securityRules list that contains new security rules
   */
  private void updateSecurityChain(List<MotechURLSecurityRule> securityRules) {
    LOGGER.debug("Updating security chain");

    // sort rules by priority descending
    TreeSet<MotechURLSecurityRule> sortedRules = new TreeSet<>(new SecurityRuleComparator());
    sortedRules.addAll(securityRules);

    List<SecurityFilterChain> newFilterChains = new ArrayList<>();

    for (MotechURLSecurityRule securityRule : sortedRules) {
      if (securityRule.isActive() && !securityRule.isDeleted()) {
        LOGGER.debug("Creating SecurityFilterChain for: {}", securityRule.getPattern());
        for (HTTPMethod method : securityRule.getMethodsRequired()) {
          newFilterChains.add(securityRuleBuilder.buildSecurityChain(securityRule, method));
        }
        LOGGER.debug("Created SecurityFilterChain for: {}", securityRule.getPattern());
      }
    }

    proxy = new FilterChainProxy(newFilterChains);
    LOGGER.debug("Updated security chain.");
  }
  public static MotechSecurityConfiguration buildConfig(
      String testOption, Object configOption, String configOption2) {
    List<MotechURLSecurityRule> newRules = new ArrayList<MotechURLSecurityRule>();
    List<Scheme> supportedSchemes = new ArrayList<>();
    List<HTTPMethod> methodsRequired = new ArrayList<>();
    List<String> permissionAccess = new ArrayList<>();
    List<String> userAccess = new ArrayList<>();

    MotechURLSecurityRule rule1 = new MotechURLSecurityRule();
    MotechURLSecurityRule rule2 = new MotechURLSecurityRule();

    rule1.setPattern("/**/web-api/**");
    rule1.setOrigin("test");
    rule1.setProtocol(HTTP);
    rule1.setRest(true);
    rule1.setVersion("1");

    rule2.setPattern("/**");
    rule2.setOrigin("test");
    rule2.setProtocol(HTTP);
    rule2.setRest(true);
    rule2.setVersion("1");

    newRules.add(rule1);
    newRules.add(rule2);

    switch (testOption) {
      case USER_ACCESS_TEST:
        userAccess.add((String) configOption);
        rule1.setUserAccess(userAccess);
        supportedSchemes.add(Scheme.BASIC);
        methodsRequired.add(HTTPMethod.ANY);
        break;
      case PERMISSION_ACCESS_TEST:
        permissionAccess.add((String) configOption);
        rule1.setPermissionAccess(permissionAccess);
        supportedSchemes.add(Scheme.BASIC);
        methodsRequired.add(HTTPMethod.ANY);
        break;
      case METHOD_SPECIFIC_TEST:
        supportedSchemes.add(Scheme.BASIC);
        methodsRequired.add((HTTPMethod) configOption);
        permissionAccess.add(configOption2);
        rule1.setPermissionAccess(permissionAccess);
        break;
      case LOGIN_ACCESS_TEST:
        supportedSchemes.add(Scheme.USERNAME_PASSWORD);
        supportedSchemes.add(Scheme.OPEN_ID);
        methodsRequired.add(HTTPMethod.ANY);
        rule1.setRest(false);
        break;
      case NO_SECURITY_TEST:
        newRules.remove(rule1);
        supportedSchemes.add(Scheme.NO_SECURITY);
        methodsRequired.add(HTTPMethod.ANY);
        break;
      default:
        break;
    }

    rule1.setMethodsRequired(methodsRequired);
    rule1.setSupportedSchemes(supportedSchemes);
    rule1.setActive(true);

    rule2.setMethodsRequired(methodsRequired);
    rule2.setSupportedSchemes(supportedSchemes);
    rule2.setActive(true);

    return new MotechSecurityConfiguration(newRules);
  }