/**
* This method serves the same purpose of rebuildProxyChain, but does not require any kind of
* security authentication so it should only ever be used by the activator, which does not have an
* authentication object.
*/
public void initializeProxyChain() {
LOGGER.info("Initializing proxy chain");
MotechSecurityConfiguration securityConfiguration =
securityRulesDAO.getMotechSecurityConfiguration();
List<MotechURLSecurityRule> securityRules = securityConfiguration.getSecurityRules();
List<MotechURLSecurityRule> systemRules = getDefaultSecurityConfiguration().getSecurityRules();
for (MotechURLSecurityRule rule : systemRules) {
if (!securityRules.contains(rule)) {
LOGGER.debug("Found new rule, not present in database. Adding.");
securityRules.add(rule);
}
}
// remove rules that have origin set to SYSTEM_PLATFORM and are no longer in the default
// configuration
Iterator<MotechURLSecurityRule> it = securityRules.iterator();
while (it.hasNext()) {
MotechURLSecurityRule ruleFromDb = it.next();
if (SYSTEM_ORIGIN.equals(ruleFromDb.getOrigin()) && !systemRules.contains(ruleFromDb)) {
it.remove();
}
}
securityRulesDAO.addOrUpdate(securityConfiguration);
updateSecurityChain(securityRules);
LOGGER.info("Initialized proxy chain");
}
/**
* Updates security chain with given {@link
* org.motechproject.security.domain.MotechURLSecurityRule}
*
* @param securityRules list that contains new security rules
*/
private void updateSecurityChain(List<MotechURLSecurityRule> securityRules) {
LOGGER.debug("Updating security chain");
// sort rules by priority descending
TreeSet<MotechURLSecurityRule> sortedRules = new TreeSet<>(new SecurityRuleComparator());
sortedRules.addAll(securityRules);
List<SecurityFilterChain> newFilterChains = new ArrayList<>();
for (MotechURLSecurityRule securityRule : sortedRules) {
if (securityRule.isActive() && !securityRule.isDeleted()) {
LOGGER.debug("Creating SecurityFilterChain for: {}", securityRule.getPattern());
for (HTTPMethod method : securityRule.getMethodsRequired()) {
newFilterChains.add(securityRuleBuilder.buildSecurityChain(securityRule, method));
}
LOGGER.debug("Created SecurityFilterChain for: {}", securityRule.getPattern());
}
}
proxy = new FilterChainProxy(newFilterChains);
LOGGER.debug("Updated security chain.");
}
public static MotechSecurityConfiguration buildConfig(
String testOption, Object configOption, String configOption2) {
List<MotechURLSecurityRule> newRules = new ArrayList<MotechURLSecurityRule>();
List<Scheme> supportedSchemes = new ArrayList<>();
List<HTTPMethod> methodsRequired = new ArrayList<>();
List<String> permissionAccess = new ArrayList<>();
List<String> userAccess = new ArrayList<>();
MotechURLSecurityRule rule1 = new MotechURLSecurityRule();
MotechURLSecurityRule rule2 = new MotechURLSecurityRule();
rule1.setPattern("/**/web-api/**");
rule1.setOrigin("test");
rule1.setProtocol(HTTP);
rule1.setRest(true);
rule1.setVersion("1");
rule2.setPattern("/**");
rule2.setOrigin("test");
rule2.setProtocol(HTTP);
rule2.setRest(true);
rule2.setVersion("1");
newRules.add(rule1);
newRules.add(rule2);
switch (testOption) {
case USER_ACCESS_TEST:
userAccess.add((String) configOption);
rule1.setUserAccess(userAccess);
supportedSchemes.add(Scheme.BASIC);
methodsRequired.add(HTTPMethod.ANY);
break;
case PERMISSION_ACCESS_TEST:
permissionAccess.add((String) configOption);
rule1.setPermissionAccess(permissionAccess);
supportedSchemes.add(Scheme.BASIC);
methodsRequired.add(HTTPMethod.ANY);
break;
case METHOD_SPECIFIC_TEST:
supportedSchemes.add(Scheme.BASIC);
methodsRequired.add((HTTPMethod) configOption);
permissionAccess.add(configOption2);
rule1.setPermissionAccess(permissionAccess);
break;
case LOGIN_ACCESS_TEST:
supportedSchemes.add(Scheme.USERNAME_PASSWORD);
supportedSchemes.add(Scheme.OPEN_ID);
methodsRequired.add(HTTPMethod.ANY);
rule1.setRest(false);
break;
case NO_SECURITY_TEST:
newRules.remove(rule1);
supportedSchemes.add(Scheme.NO_SECURITY);
methodsRequired.add(HTTPMethod.ANY);
break;
default:
break;
}
rule1.setMethodsRequired(methodsRequired);
rule1.setSupportedSchemes(supportedSchemes);
rule1.setActive(true);
rule2.setMethodsRequired(methodsRequired);
rule2.setSupportedSchemes(supportedSchemes);
rule2.setActive(true);
return new MotechSecurityConfiguration(newRules);
}