[teiid-commits] teiid SVN: r734 - in trunk: client/src/main/java/com/metamatrix/admin/api/core and 11 other directories.
teiid-commits at lists.jboss.org
teiid-commits at lists.jboss.org
Thu Apr 9 11:53:21 EDT 2009
Author: shawkins
Date: 2009-04-09 11:53:21 -0400 (Thu, 09 Apr 2009)
New Revision: 734
Added:
trunk/client/src/main/java/com/metamatrix/admin/RolesAllowed.java
Removed:
trunk/server/src/main/java/com/metamatrix/platform/admin/apiimpl/AdminHelper.java
trunk/server/src/main/java/com/metamatrix/platform/admin/apiimpl/IAdminHelper.java
trunk/server/src/main/java/com/metamatrix/platform/admin/apiimpl/SubSystemAdminAPIImpl.java
trunk/server/src/test/java/com/metamatrix/common/comm/platform/FakeAdminHelper.java
Modified:
trunk/client/src/main/java/com/metamatrix/admin/api/core/CoreConfigAdmin.java
trunk/client/src/main/java/com/metamatrix/admin/api/core/CoreMonitoringAdmin.java
trunk/client/src/main/java/com/metamatrix/admin/api/core/CoreRuntimeStateAdmin.java
trunk/client/src/main/java/com/metamatrix/admin/api/core/CoreSecurityAdmin.java
trunk/client/src/main/java/com/metamatrix/admin/api/server/AdminRoles.java
trunk/client/src/main/java/com/metamatrix/admin/api/server/ServerAdmin.java
trunk/client/src/main/java/com/metamatrix/admin/api/server/ServerMonitoringAdmin.java
trunk/client/src/main/java/com/metamatrix/client/ExceptionUtil.java
trunk/client/src/main/resources/com/metamatrix/common/comm/platform/i18n.properties
trunk/common-internal/src/main/java/com/metamatrix/platform/admin/api/ConfigurationAdminAPI.java
trunk/common-internal/src/main/java/com/metamatrix/platform/admin/api/ExtensionSourceAdminAPI.java
trunk/common-internal/src/main/java/com/metamatrix/platform/admin/api/SubSystemAdminAPI.java
trunk/console/src/main/java/com/metamatrix/console/models/ExtensionSourceManager.java
trunk/server/src/main/java/com/metamatrix/common/comm/platform/socket/server/AdminAuthorizationInterceptor.java
trunk/server/src/main/java/com/metamatrix/platform/admin/apiimpl/AdminAPIHelper.java
trunk/server/src/main/java/com/metamatrix/platform/admin/apiimpl/AuthorizationAdminAPIImpl.java
trunk/server/src/main/java/com/metamatrix/platform/admin/apiimpl/ConfigurationAdminAPIImpl.java
trunk/server/src/main/java/com/metamatrix/platform/admin/apiimpl/ExtensionSourceAdminAPIImpl.java
trunk/server/src/main/java/com/metamatrix/platform/admin/apiimpl/RuntimeStateAdminAPIHelper.java
trunk/server/src/main/java/com/metamatrix/platform/admin/apiimpl/RuntimeStateAdminAPIImpl.java
trunk/server/src/main/java/com/metamatrix/platform/vm/controller/ProcessController.java
trunk/server/src/main/java/com/metamatrix/server/admin/apiimpl/RuntimeMetadataAdminAPIImpl.java
trunk/server/src/test/java/com/metamatrix/common/comm/platform/server/TestAdminAuthInterceptor.java
Log:
TEIID-275, TEIID-480 removing security boiler-plate code and ensuring subsystem calls must at least have readonly
Added: trunk/client/src/main/java/com/metamatrix/admin/RolesAllowed.java
===================================================================
--- trunk/client/src/main/java/com/metamatrix/admin/RolesAllowed.java (rev 0)
+++ trunk/client/src/main/java/com/metamatrix/admin/RolesAllowed.java 2009-04-09 15:53:21 UTC (rev 734)
@@ -0,0 +1,36 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * See the COPYRIGHT.txt file distributed with this work for information
+ * regarding copyright ownership. Some portions may be licensed
+ * to Red Hat, Inc. under one or more contributor license agreements.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301 USA.
+ */
+
+package com.metamatrix.admin;
+
+import java.lang.annotation.Documented;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+ at Documented
+ at Retention(value=RetentionPolicy.RUNTIME)
+ at Target(value={ElementType.TYPE,ElementType.METHOD})
+public @interface RolesAllowed {
+ String[] value();
+}
Property changes on: trunk/client/src/main/java/com/metamatrix/admin/RolesAllowed.java
___________________________________________________________________
Name: svn:mime-type
+ text/plain
Modified: trunk/client/src/main/java/com/metamatrix/admin/api/core/CoreConfigAdmin.java
===================================================================
--- trunk/client/src/main/java/com/metamatrix/admin/api/core/CoreConfigAdmin.java 2009-04-08 23:00:01 UTC (rev 733)
+++ trunk/client/src/main/java/com/metamatrix/admin/api/core/CoreConfigAdmin.java 2009-04-09 15:53:21 UTC (rev 734)
@@ -24,6 +24,7 @@
import java.util.Properties;
+import com.metamatrix.admin.RolesAllowed;
import com.metamatrix.admin.api.exception.AdminException;
import com.metamatrix.admin.api.objects.AdminObject;
import com.metamatrix.admin.api.objects.AdminOptions;
@@ -32,6 +33,7 @@
import com.metamatrix.admin.api.objects.ExtensionModule;
import com.metamatrix.admin.api.objects.LogConfiguration;
import com.metamatrix.admin.api.objects.VDB;
+import com.metamatrix.admin.api.server.AdminRoles;
/**
@@ -41,6 +43,7 @@
* this administration is common to both the MetaMatrix server and MM Query.</p>
* @since 4.3
*/
+ at RolesAllowed(value=AdminRoles.RoleName.ADMIN_SYSTEM)
public interface CoreConfigAdmin {
/**
@@ -259,6 +262,7 @@
* if there's a system error.
* @since 4.3
*/
+ @RolesAllowed(value=AdminRoles.RoleName.ADMIN_READONLY)
LogConfiguration getLogConfiguration() throws AdminException;
/**
Modified: trunk/client/src/main/java/com/metamatrix/admin/api/core/CoreMonitoringAdmin.java
===================================================================
--- trunk/client/src/main/java/com/metamatrix/admin/api/core/CoreMonitoringAdmin.java 2009-04-08 23:00:01 UTC (rev 733)
+++ trunk/client/src/main/java/com/metamatrix/admin/api/core/CoreMonitoringAdmin.java 2009-04-09 15:53:21 UTC (rev 734)
@@ -24,18 +24,24 @@
import java.util.Collection;
+import com.metamatrix.admin.RolesAllowed;
import com.metamatrix.admin.api.exception.AdminException;
import com.metamatrix.admin.api.objects.AdminObject;
import com.metamatrix.admin.api.objects.Cache;
import com.metamatrix.admin.api.objects.ConnectorBinding;
import com.metamatrix.admin.api.objects.ConnectorType;
+import com.metamatrix.admin.api.objects.DQP;
import com.metamatrix.admin.api.objects.ExtensionModule;
+import com.metamatrix.admin.api.objects.Host;
+import com.metamatrix.admin.api.objects.ProcessObject;
import com.metamatrix.admin.api.objects.QueueWorkerPool;
import com.metamatrix.admin.api.objects.Request;
+import com.metamatrix.admin.api.objects.Resource;
import com.metamatrix.admin.api.objects.Session;
import com.metamatrix.admin.api.objects.SystemObject;
import com.metamatrix.admin.api.objects.Transaction;
import com.metamatrix.admin.api.objects.VDB;
+import com.metamatrix.admin.api.server.AdminRoles;
@@ -50,6 +56,7 @@
*
* @since 4.3
*/
+ at RolesAllowed(value=AdminRoles.RoleName.ADMIN_READONLY)
public interface CoreMonitoringAdmin {
/**
@@ -90,6 +97,7 @@
* @throws AdminException if there's a system error.
* @since 4.3
*/
+ @RolesAllowed(value=AdminRoles.RoleName.ANONYMOUS)
Collection getVDBs(String vdbIdentifier) throws AdminException;
/**
@@ -133,7 +141,7 @@
* @throws AdminException if there's a system error.
* @since 4.3
*/
- Collection getExtensionModules(String extensionModuleIdentifier) throws AdminException;
+ Collection<ExtensionModule> getExtensionModules(String extensionModuleIdentifier) throws AdminException;
/**
* Get the Queue Worker Pools that correspond to the specified identifier pattern.
Modified: trunk/client/src/main/java/com/metamatrix/admin/api/core/CoreRuntimeStateAdmin.java
===================================================================
--- trunk/client/src/main/java/com/metamatrix/admin/api/core/CoreRuntimeStateAdmin.java 2009-04-08 23:00:01 UTC (rev 733)
+++ trunk/client/src/main/java/com/metamatrix/admin/api/core/CoreRuntimeStateAdmin.java 2009-04-09 15:53:21 UTC (rev 734)
@@ -24,7 +24,9 @@
import javax.transaction.xa.Xid;
+import com.metamatrix.admin.RolesAllowed;
import com.metamatrix.admin.api.exception.AdminException;
+import com.metamatrix.admin.api.server.AdminRoles;
/**
@@ -36,6 +38,7 @@
*
* @since 4.3
*/
+ at RolesAllowed(value=AdminRoles.RoleName.ADMIN_PRODUCT)
public interface CoreRuntimeStateAdmin {
/**
@@ -75,6 +78,7 @@
* @throws AdminException if there's a system error.
* @since 4.3
*/
+ @RolesAllowed(value=AdminRoles.RoleName.ADMIN_SYSTEM)
void clearCache(String cacheIdentifier) throws AdminException;
/**
Modified: trunk/client/src/main/java/com/metamatrix/admin/api/core/CoreSecurityAdmin.java
===================================================================
--- trunk/client/src/main/java/com/metamatrix/admin/api/core/CoreSecurityAdmin.java 2009-04-08 23:00:01 UTC (rev 733)
+++ trunk/client/src/main/java/com/metamatrix/admin/api/core/CoreSecurityAdmin.java 2009-04-09 15:53:21 UTC (rev 734)
@@ -22,7 +22,10 @@
package com.metamatrix.admin.api.core;
+import com.metamatrix.admin.RolesAllowed;
+import com.metamatrix.admin.api.server.AdminRoles;
+
/**
* This interface defines the methods available for security administration
* in the MetaMatrix system.
@@ -34,6 +37,7 @@
* for a description of methods to administer MetaMatrix server security.</p>
* @since 4.3
*/
+ at RolesAllowed(value=AdminRoles.RoleName.ADMIN_SYSTEM)
public interface CoreSecurityAdmin {
}
Modified: trunk/client/src/main/java/com/metamatrix/admin/api/server/AdminRoles.java
===================================================================
--- trunk/client/src/main/java/com/metamatrix/admin/api/server/AdminRoles.java 2009-04-08 23:00:01 UTC (rev 733)
+++ trunk/client/src/main/java/com/metamatrix/admin/api/server/AdminRoles.java 2009-04-09 15:53:21 UTC (rev 734)
@@ -73,5 +73,7 @@
public static final String ADMIN_PRODUCT = "Admin.ProductAdmin"; //$NON-NLS-1$
/** Read-only admin role name */
public static final String ADMIN_READONLY = "Admin.ReadOnlyAdmin"; //$NON-NLS-1$
+
+ public static final String ANONYMOUS = "Anonymous"; //$NON-NLS-1$
}
}
Modified: trunk/client/src/main/java/com/metamatrix/admin/api/server/ServerAdmin.java
===================================================================
--- trunk/client/src/main/java/com/metamatrix/admin/api/server/ServerAdmin.java 2009-04-08 23:00:01 UTC (rev 733)
+++ trunk/client/src/main/java/com/metamatrix/admin/api/server/ServerAdmin.java 2009-04-09 15:53:21 UTC (rev 734)
@@ -22,6 +22,7 @@
package com.metamatrix.admin.api.server;
+import com.metamatrix.admin.RolesAllowed;
import com.metamatrix.admin.api.objects.AdminObject;
/**
@@ -47,5 +48,6 @@
* Closes ServerAdmin connection to the server.
* @since 4.3
*/
+ @RolesAllowed(value=AdminRoles.RoleName.ANONYMOUS)
void close();
}
Modified: trunk/client/src/main/java/com/metamatrix/admin/api/server/ServerMonitoringAdmin.java
===================================================================
--- trunk/client/src/main/java/com/metamatrix/admin/api/server/ServerMonitoringAdmin.java 2009-04-08 23:00:01 UTC (rev 733)
+++ trunk/client/src/main/java/com/metamatrix/admin/api/server/ServerMonitoringAdmin.java 2009-04-09 15:53:21 UTC (rev 734)
@@ -24,6 +24,7 @@
import java.util.Collection;
+import com.metamatrix.admin.RolesAllowed;
import com.metamatrix.admin.api.core.CoreMonitoringAdmin;
import com.metamatrix.admin.api.exception.AdminException;
@@ -59,6 +60,7 @@
* @throws AdminException if there's a system error.
* @since 4.3
*/
+ @RolesAllowed(value=AdminRoles.RoleName.ANONYMOUS)
Collection getProcesses(String processIdentifier) throws AdminException;
/**
Modified: trunk/client/src/main/java/com/metamatrix/client/ExceptionUtil.java
===================================================================
--- trunk/client/src/main/java/com/metamatrix/client/ExceptionUtil.java 2009-04-08 23:00:01 UTC (rev 733)
+++ trunk/client/src/main/java/com/metamatrix/client/ExceptionUtil.java 2009-04-09 15:53:21 UTC (rev 734)
@@ -26,7 +26,9 @@
import com.metamatrix.admin.api.exception.AdminComponentException;
import com.metamatrix.admin.api.exception.AdminException;
+import com.metamatrix.admin.api.exception.AdminProcessingException;
import com.metamatrix.api.exception.MetaMatrixComponentException;
+import com.metamatrix.api.exception.MetaMatrixProcessingException;
import com.metamatrix.common.xa.XATransactionException;
import com.metamatrix.core.MetaMatrixRuntimeException;
@@ -53,6 +55,9 @@
return new MetaMatrixComponentException(exception);
}
if (AdminException.class.isAssignableFrom(exceptionClasses[i])) {
+ if (exception instanceof MetaMatrixProcessingException) {
+ return new AdminProcessingException(exception);
+ }
return new AdminComponentException(exception);
}
canThrowXATransactionException |= XATransactionException.class.isAssignableFrom(exceptionClasses[i]);
Modified: trunk/client/src/main/resources/com/metamatrix/common/comm/platform/i18n.properties
===================================================================
--- trunk/client/src/main/resources/com/metamatrix/common/comm/platform/i18n.properties 2009-04-08 23:00:01 UTC (rev 733)
+++ trunk/client/src/main/resources/com/metamatrix/common/comm/platform/i18n.properties 2009-04-09 15:53:21 UTC (rev 734)
@@ -92,8 +92,8 @@
SocketServerInstancePool.No_valid_host_available=No valid host available. Attempted connections to: {0}
AdminAuthorizationInterceptor.Admin_Session_not_valid=Unable to perform the action [{0}]. Unable to validate session.
-AdminAuthorizationInterceptor.Admin_Audit_request=Administrator [{0}], session [{1}] requesting access which requires role [{2}] to method [{3}].
-AdminAuthorizationInterceptor.Admin_not_authorized=Administrator [{0}], session [{1}] does not have the required role [{2}] so is not authorized to perform the action [{3}].
+AdminAuthorizationInterceptor.Admin_Audit_request=Administrator [{0}], session [{1}] requesting access which requires role {2} to method [{3}].
+AdminAuthorizationInterceptor.Admin_not_authorized=Administrator [{0}], session [{1}] does not have any required role {2} so is not authorized to perform the action [{3}].
AdminAuthorizationInterceptor.Admin_granted=Administrator [{0}], session [{1}] granted access to method [{3}].
Modified: trunk/common-internal/src/main/java/com/metamatrix/platform/admin/api/ConfigurationAdminAPI.java
===================================================================
--- trunk/common-internal/src/main/java/com/metamatrix/platform/admin/api/ConfigurationAdminAPI.java 2009-04-08 23:00:01 UTC (rev 733)
+++ trunk/common-internal/src/main/java/com/metamatrix/platform/admin/api/ConfigurationAdminAPI.java 2009-04-09 15:53:21 UTC (rev 734)
@@ -24,7 +24,6 @@
import java.util.Collection;
import java.util.List;
-import java.util.Properties;
import java.util.Set;
import com.metamatrix.admin.api.exception.security.InvalidSessionException;
@@ -284,23 +283,6 @@
throws ModificationException, ConfigurationException, InvalidSessionException, AuthorizationException, MetaMatrixComponentException;
/**
- * Add a host to the Configuration
- *
- * @param hostName String name of Host to add to Configuration
- * @param properties
- * @return Host
- * @throws ConfigurationException if an error occurred within or during communication with the Configuration Service.
- * @throws InvalidSessionException if there is not a valid administrative session
- * @throws AuthorizationException if the administrator does not have privileges to use this method
- * @throws MetaMatrixComponentException if a general remote system problem occurred
- * @since 4.3
- */
- Host addHost(String hostName, Properties properties)
- throws ConfigurationException, InvalidSessionException, AuthorizationException, MetaMatrixComponentException;
-
-
-
- /**
* Check whether the encrypted properties for the specified ComponentDefns can be decrypted.
* @param defns List<ComponentDefn>
* @return List<Boolean> in the same order as the paramater <code>defns</code>.
Modified: trunk/common-internal/src/main/java/com/metamatrix/platform/admin/api/ExtensionSourceAdminAPI.java
===================================================================
--- trunk/common-internal/src/main/java/com/metamatrix/platform/admin/api/ExtensionSourceAdminAPI.java 2009-04-08 23:00:01 UTC (rev 733)
+++ trunk/common-internal/src/main/java/com/metamatrix/platform/admin/api/ExtensionSourceAdminAPI.java 2009-04-09 15:53:21 UTC (rev 734)
@@ -186,20 +186,6 @@
throws InvalidSessionException, AuthorizationException, ExtensionModuleNotFoundException, MetaMatrixComponentException;
/**
- * Retrieves an extension source in byte[] form
- * @param sourceName name (e.g. filename) of extension source
- * @return actual contents of source in byte[] array form
- * @throws InvalidSessionException if there is not a valid administrative session
- * @throws AuthorizationException if the administrator does not have privileges to use this method
- * @throws ExtensionSourceNotFoundException if no extension source with
- * name sourceName can be found
- * @throws MetaMatrixComponentException indicating a non-business-related
- * exception (such as a communication exception)
- */
- byte[] getSource(String sourceName)
- throws InvalidSessionException, AuthorizationException, ExtensionModuleNotFoundException, MetaMatrixComponentException;
-
- /**
* Updates the indicated extension source
* @param sourceName name (e.g. filename) of extension source
* @param source actual contents of source
Modified: trunk/common-internal/src/main/java/com/metamatrix/platform/admin/api/SubSystemAdminAPI.java
===================================================================
--- trunk/common-internal/src/main/java/com/metamatrix/platform/admin/api/SubSystemAdminAPI.java 2009-04-08 23:00:01 UTC (rev 733)
+++ trunk/common-internal/src/main/java/com/metamatrix/platform/admin/api/SubSystemAdminAPI.java 2009-04-09 15:53:21 UTC (rev 734)
@@ -22,13 +22,12 @@
package com.metamatrix.platform.admin.api;
-import java.io.Serializable;
/**
* This is the base interface of all subsystem administrative API interfaces.
* @deprecated
*/
-public interface SubSystemAdminAPI extends Serializable {
+public interface SubSystemAdminAPI {
}
Modified: trunk/console/src/main/java/com/metamatrix/console/models/ExtensionSourceManager.java
===================================================================
--- trunk/console/src/main/java/com/metamatrix/console/models/ExtensionSourceManager.java 2009-04-08 23:00:01 UTC (rev 733)
+++ trunk/console/src/main/java/com/metamatrix/console/models/ExtensionSourceManager.java 2009-04-09 15:53:21 UTC (rev 734)
@@ -26,6 +26,7 @@
import java.io.FileOutputStream;
import java.util.*;
+import com.metamatrix.admin.api.objects.ExtensionModule;
import com.metamatrix.common.extensionmodule.ExtensionModuleDescriptor;
import com.metamatrix.common.extensionmodule.exception.*;
import com.metamatrix.console.connections.ConnectionInfo;
@@ -117,12 +118,13 @@
public void exportToFile(String moduleName, File target) throws
ExtensionModuleNotFoundException, ExternalException {
- ExtensionSourceAdminAPI api = ModelManager.getExtensionSourceAPI(
- getConnection());
try {
- byte[] contents = api.getSource(moduleName);
+ Collection<ExtensionModule> modules = getConnection().getServerAdmin().getExtensionModules(moduleName);
+ if (modules.size() != 1) {
+ throw new ExtensionModuleNotFoundException(moduleName);
+ }
FileOutputStream stream = new FileOutputStream(target);
- stream.write(contents);
+ stream.write(modules.iterator().next().getFileContents());
stream.close();
} catch (ExtensionModuleNotFoundException ex) {
throw ex;
Modified: trunk/server/src/main/java/com/metamatrix/common/comm/platform/socket/server/AdminAuthorizationInterceptor.java
===================================================================
--- trunk/server/src/main/java/com/metamatrix/common/comm/platform/socket/server/AdminAuthorizationInterceptor.java 2009-04-08 23:00:01 UTC (rev 733)
+++ trunk/server/src/main/java/com/metamatrix/common/comm/platform/socket/server/AdminAuthorizationInterceptor.java 2009-04-09 15:53:21 UTC (rev 734)
@@ -25,22 +25,24 @@
import java.lang.reflect.InvocationHandler;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
+import java.util.Arrays;
import org.teiid.dqp.internal.process.DQPWorkContext;
+import com.metamatrix.admin.RolesAllowed;
import com.metamatrix.admin.api.exception.AdminProcessingException;
-import com.metamatrix.admin.api.server.ServerAdmin;
-import com.metamatrix.admin.util.AdminMethodRoleResolver;
-import com.metamatrix.api.exception.ComponentNotFoundException;
+import com.metamatrix.admin.api.server.AdminRoles;
import com.metamatrix.api.exception.MetaMatrixProcessingException;
import com.metamatrix.api.exception.security.AuthorizationException;
+import com.metamatrix.client.ExceptionUtil;
import com.metamatrix.common.comm.platform.CommPlatformPlugin;
import com.metamatrix.common.log.LogManager;
import com.metamatrix.common.util.LogContextsUtil.PlatformAdminConstants;
+import com.metamatrix.core.MetaMatrixRuntimeException;
import com.metamatrix.core.log.MessageLevel;
import com.metamatrix.core.util.ArgCheck;
-import com.metamatrix.platform.admin.apiimpl.IAdminHelper;
import com.metamatrix.platform.security.api.SessionToken;
+import com.metamatrix.platform.security.api.service.AuthorizationServiceInterface;
/**
* Call authorization service to make sure the current admin user has the
@@ -48,10 +50,10 @@
*/
public class AdminAuthorizationInterceptor implements InvocationHandler {
- private final IAdminHelper authorizationService;
- private final AdminMethodRoleResolver methodNames;
- private final ServerAdmin serverAdmin;
-
+ private final Object service;
+ private AuthorizationServiceInterface authAdmin;
+
+
/**
* Ctor.
* @param securityContextFactory
@@ -60,14 +62,10 @@
* @since 4.3
*/
public AdminAuthorizationInterceptor(
- IAdminHelper authorizationService,
- AdminMethodRoleResolver methodNames, ServerAdmin serverAdmin) {
-
+ AuthorizationServiceInterface authorizationService, Object service) {
ArgCheck.isNotNull(authorizationService);
- ArgCheck.isNotNull(methodNames);
- this.authorizationService = authorizationService;
- this.methodNames = methodNames;
- this.serverAdmin = serverAdmin;
+ this.authAdmin = authorizationService;
+ this.service = service;
}
/**
@@ -80,43 +78,56 @@
*/
public Object invoke(Object proxy, Method method, Object[] args)
throws Throwable {
- // Validate user's admin session is active
SessionToken adminToken = DQPWorkContext.getWorkContext().getSessionToken();
- // Verify that the admin user is authorized to perform the given operation
- String requiredRoleName = methodNames.getRoleNameForMethod(method.getName());
-
- if (!AdminMethodRoleResolver.ANONYMOUS_ROLE.equals(requiredRoleName)) {
-
- Object[] msgParts = null;
- boolean msgWillBeRecorded = LogManager.isMessageToBeRecorded(PlatformAdminConstants.CTX_AUDIT_ADMIN, MessageLevel.INFO);
- if (msgWillBeRecorded) {
- msgParts = buildAuditMessage(adminToken, requiredRoleName, method);
- LogManager.logInfo(PlatformAdminConstants.CTX_AUDIT_ADMIN,
- CommPlatformPlugin.Util.getString("AdminAuthorizationInterceptor.Admin_Audit_request", msgParts)); //$NON-NLS-1$
- }
+ Method serviceMethod = service.getClass().getMethod(method.getName(), method.getParameterTypes());
+ RolesAllowed allowed = serviceMethod.getAnnotation(RolesAllowed.class);
+ if (allowed == null) {
+ allowed = method.getAnnotation(RolesAllowed.class);
+ if (allowed == null) {
+ allowed = serviceMethod.getDeclaringClass().getAnnotation(RolesAllowed.class);
+ if (allowed == null) {
+ allowed = method.getDeclaringClass().getAnnotation(RolesAllowed.class);
+ }
+ }
+ }
+ if (allowed == null || allowed.value() == null) {
+ throw new MetaMatrixRuntimeException("Could not determine roles allowed for admin method"); //$NON-NLS-1$
+ }
- try {
- authorizationService.checkForRequiredRole(adminToken, requiredRoleName);
- LogManager.logInfo(PlatformAdminConstants.CTX_AUDIT_ADMIN, CommPlatformPlugin.Util.getString("AdminAuthorizationInterceptor.Admin_granted", msgParts)); //$NON-NLS-1$
- } catch (AuthorizationException err) {
- if ( msgParts == null ) {
- msgParts = buildAuditMessage(adminToken, requiredRoleName, method);
+ boolean authorized = false;
+ boolean msgWillBeRecorded = LogManager.isMessageToBeRecorded(PlatformAdminConstants.CTX_AUDIT_ADMIN, MessageLevel.INFO);
+ Object[] msgParts = null;
+ if (msgWillBeRecorded) {
+ msgParts = buildAuditMessage(adminToken, Arrays.toString(allowed.value()), method);
+ LogManager.logInfo(PlatformAdminConstants.CTX_AUDIT_ADMIN,
+ CommPlatformPlugin.Util.getString("AdminAuthorizationInterceptor.Admin_Audit_request", msgParts)); //$NON-NLS-1$
+ }
+
+ for (int i = 0; i < allowed.value().length; i++) {
+ String requiredRoleName = allowed.value()[i];
+ if (AdminRoles.RoleName.ANONYMOUS.equalsIgnoreCase(requiredRoleName)) {
+ authorized = true;
+ break;
+ }
+
+ if (authAdmin.isCallerInRole(adminToken, requiredRoleName)) {
+ authorized = true;
+ if (msgWillBeRecorded) {
+ LogManager.logInfo(PlatformAdminConstants.CTX_AUDIT_ADMIN, CommPlatformPlugin.Util.getString("AdminAuthorizationInterceptor.Admin_granted", msgParts)); //$NON-NLS-1$
}
- String errMsg = CommPlatformPlugin.Util.getString("AdminAuthorizationInterceptor.Admin_not_authorized", msgParts); //$NON-NLS-1$
- LogManager.logWarning(PlatformAdminConstants.CTX_AUDIT_ADMIN, errMsg);
- throw new AdminProcessingException(errMsg);
- } catch (ComponentNotFoundException err) {
- if ( msgParts == null ) {
- msgParts = buildAuditMessage(adminToken, requiredRoleName, method);
- }
- String errMsg = CommPlatformPlugin.Util.getString("AdminAuthorizationInterceptor.Admin_not_authorized", msgParts); //$NON-NLS-1$
- LogManager.logWarning(PlatformAdminConstants.CTX_AUDIT_ADMIN, errMsg);
- throw new AdminProcessingException(errMsg);
+ break;
}
}
+ if (!authorized) {
+ if (msgParts == null) {
+ msgParts = buildAuditMessage(adminToken, Arrays.toString(allowed.value()), method);
+ }
+ String errMsg = CommPlatformPlugin.Util.getString("AdminAuthorizationInterceptor.Admin_not_authorized", msgParts); //$NON-NLS-1$
+ throw ExceptionUtil.convertException(method, new AuthorizationException(errMsg));
+ }
try {
- return method.invoke(this.serverAdmin, args);
+ return method.invoke(service, args);
} catch (InvocationTargetException e) {
throw e.getTargetException();
}
Modified: trunk/server/src/main/java/com/metamatrix/platform/admin/apiimpl/AdminAPIHelper.java
===================================================================
--- trunk/server/src/main/java/com/metamatrix/platform/admin/apiimpl/AdminAPIHelper.java 2009-04-08 23:00:01 UTC (rev 733)
+++ trunk/server/src/main/java/com/metamatrix/platform/admin/apiimpl/AdminAPIHelper.java 2009-04-09 15:53:21 UTC (rev 734)
@@ -22,14 +22,10 @@
package com.metamatrix.platform.admin.apiimpl;
-import com.metamatrix.admin.AdminPlugin;
+import org.teiid.dqp.internal.process.DQPWorkContext;
+
import com.metamatrix.admin.api.exception.security.InvalidSessionException;
import com.metamatrix.api.exception.ComponentNotFoundException;
-import com.metamatrix.api.exception.security.AuthorizationException;
-import com.metamatrix.common.log.LogManager;
-import com.metamatrix.common.util.LogContextsUtil.PlatformAdminConstants;
-import com.metamatrix.core.log.MessageLevel;
-import com.metamatrix.platform.security.api.MetaMatrixSessionID;
import com.metamatrix.platform.security.api.SessionToken;
/**
@@ -39,70 +35,16 @@
*/
public class AdminAPIHelper {
- // The singleton
- private static AdminHelper adminHelper;
-
- // Get singleton init'ing as nessary
- private synchronized static AdminHelper getAdminHelper() {
-
- if ( adminHelper == null ) {
- initialize();
- }
- return adminHelper;
- }
-
- // Init singleton
- private synchronized static void initialize() {
- adminHelper = new AdminHelper();
- }
-
/**
- * Checks that user is in the necessary role, throws an exception if
- * not. Methods of this administrative API may require that a caller be
- * in one or more security roles.
- * @param adminToken a valid SessionToken object representing the session
- * of the caller attempting an administrative operation
- * @param roleName String name of role to be checked for caller membership
- * @param methodSignature the signature with arguments of the method this admin is attempting to call.
- * @throws AuthorizationException if caller is <i>not</i> in the role, and
- * therefore not authorized to make the operation
- * @throws ComponentNotFoundException if the authorization service could
- * not be communicated with due to a bad service instance or proxy
- */
- public static void checkForRequiredRole(SessionToken adminToken, String roleName, String methodSignature)
- throws AuthorizationException, ComponentNotFoundException {
- Object[] msgParts = null;
- boolean msgWillBeRecorded = LogManager.isMessageToBeRecorded(PlatformAdminConstants.CTX_AUDIT_ADMIN, MessageLevel.INFO);
- if (msgWillBeRecorded) {
- // Audit Admin attempt
- if (methodSignature != null) {
- methodSignature = methodSignature.split("\\(")[0]; //$NON-NLS-1$
- }
- msgParts = new Object[] {adminToken.getUsername(), adminToken.getSessionID().toString(),
- roleName, methodSignature};
- LogManager.logInfo(PlatformAdminConstants.CTX_AUDIT_ADMIN, AdminPlugin.Util.getString("Admin_Audit_request", msgParts)); //$NON-NLS-1$
- }
-
- getAdminHelper().checkForRequiredRole(adminToken, roleName);
-
- // Audit Admin granted
- if (msgWillBeRecorded) {
- LogManager.logInfo(PlatformAdminConstants.CTX_AUDIT_ADMIN,AdminPlugin.Util.getString("Admin_Audit_granted", msgParts)); //$NON-NLS-1$
- }
- }
-
- /**
* Get the <code>SessionToken</code> and validate that the session is active
* for the specified <code>MetaMatrixSessionID</code>.
- * @param sessionID the <code>MetaMatrixSessionID</code> for the session in
- * question.
* @return The <code>SessionToken</code> for the session in question.
* @throws InvalidSessionException If session has expired or doesn't exist
* @throws ComponentNotFoundException If couldn't find needed service component
*/
- public static SessionToken validateSession(MetaMatrixSessionID sessionID)
+ public static SessionToken validateSession()
throws InvalidSessionException, ComponentNotFoundException {
- return getAdminHelper().validateSession(sessionID);
+ return DQPWorkContext.getWorkContext().getSessionToken();
}
}
Deleted: trunk/server/src/main/java/com/metamatrix/platform/admin/apiimpl/AdminHelper.java
===================================================================
--- trunk/server/src/main/java/com/metamatrix/platform/admin/apiimpl/AdminHelper.java 2009-04-08 23:00:01 UTC (rev 733)
+++ trunk/server/src/main/java/com/metamatrix/platform/admin/apiimpl/AdminHelper.java 2009-04-09 15:53:21 UTC (rev 734)
@@ -1,153 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * See the COPYRIGHT.txt file distributed with this work for information
- * regarding copyright ownership. Some portions may be licensed
- * to Red Hat, Inc. under one or more contributor license agreements.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301 USA.
- */
-
-package com.metamatrix.platform.admin.apiimpl;
-
-import org.teiid.dqp.internal.process.DQPWorkContext;
-
-import com.metamatrix.admin.AdminMessages;
-import com.metamatrix.admin.AdminPlugin;
-import com.metamatrix.admin.api.exception.security.InvalidSessionException;
-import com.metamatrix.admin.api.exception.security.MetaMatrixSecurityException;
-import com.metamatrix.api.exception.ComponentNotFoundException;
-import com.metamatrix.api.exception.security.AuthorizationException;
-import com.metamatrix.api.exception.security.SessionServiceException;
-import com.metamatrix.common.log.LogManager;
-import com.metamatrix.core.log.MessageLevel;
-import com.metamatrix.platform.admin.api.PlatformAdminLogConstants;
-import com.metamatrix.platform.security.api.MetaMatrixSessionID;
-import com.metamatrix.platform.security.api.SessionToken;
-import com.metamatrix.platform.security.api.service.AuthorizationServiceInterface;
-import com.metamatrix.platform.security.api.service.SessionServiceInterface;
-import com.metamatrix.platform.service.api.exception.ServiceException;
-import com.metamatrix.platform.util.PlatformProxyHelper;
-
-/**
- * This class is used by all <SubSystem>AdminAPIImpl to do general tasks such as
- * session vlidation and authorization role checking.
- */
-public class AdminHelper implements IAdminHelper {
-
- /**
- * Exception message sent to client if session service is down; indicates
- * that an session service was not available, client
- * privileges are unknown, and therefore a client's session id will not be
- * validated.
- * @see #validateSession(SessionID)
- */
- private static final String SESSION_SERVICE_DOWN_MSG = AdminPlugin.Util.getString(AdminMessages.ADMIN_0010);
-
- // Service Proxies
- private AuthorizationServiceInterface authAdmin;
- private SessionServiceInterface sessionAdmin;
-
-
- /**
- * ctor
- */
- public AdminHelper() {
- // Init authorization svc proxy
- authAdmin = PlatformProxyHelper.getAuthorizationServiceProxy(PlatformProxyHelper.ROUND_ROBIN_LOCAL);
-
- // Init session svc proxy
- sessionAdmin = PlatformProxyHelper.getSessionServiceProxy(PlatformProxyHelper.ROUND_ROBIN_LOCAL);
-
- }
-
- /**
- * Checks that user is in the necessary role, throws an exception if
- * not. Methods of this administrative API may require that a caller be
- * in one or more security roles.
- * @param adminToken a valid SessionToken object representing the session
- * of the caller attempting an administrative operation
- * @param roleName String name of role to be checked for caller membership
- * @throws AuthorizationException if caller is <i>not</i> in the role, and
- * therefore not authorized to make the operation
- * @throws ComponentNotFoundException if the authorization service could
- * not be communicated with due to a bad service instance or proxy
- */
- public void checkForRequiredRole(SessionToken adminToken, String roleName)
- throws AuthorizationException, ComponentNotFoundException {
- if (LogManager.isMessageToBeRecorded(PlatformAdminLogConstants.CTX_ADMIN_API, MessageLevel.TRACE)) {
- LogManager.logTrace(PlatformAdminLogConstants.CTX_ADMIN_API,
- "Checking owner of session token " + adminToken + " for membership in role: " + roleName); //$NON-NLS-1$
- }
- boolean isAuthorized = false;
- try{
- isAuthorized = authAdmin.isCallerInRole(adminToken, roleName);
- } catch (MetaMatrixSecurityException e){
- String msg = AdminPlugin.Util.getString(AdminMessages.ADMIN_0009, adminToken);
- throw new ComponentNotFoundException(e, AdminMessages.ADMIN_0009, msg);
- } catch (ServiceException e){
- String msg = AdminPlugin.Util.getString(AdminMessages.ADMIN_0009, adminToken);
- throw new ComponentNotFoundException(e, AdminMessages.ADMIN_0009, msg);
- } catch (Exception e){
- String msg = AdminPlugin.Util.getString(AdminMessages.ADMIN_0009, adminToken);
- throw new ComponentNotFoundException(e, AdminMessages.ADMIN_0009, msg);
- }
-
- if (!isAuthorized){
- String msg = AdminPlugin.Util.getString(AdminMessages.ADMIN_0008, adminToken, roleName.toString());
- throw new AuthorizationException(AdminMessages.ADMIN_0008, msg);
- }
- if (LogManager.isMessageToBeRecorded(PlatformAdminLogConstants.CTX_ADMIN_API, MessageLevel.TRACE)) {
- LogManager.logTrace(PlatformAdminLogConstants.CTX_ADMIN_API,
- "Verified owner of session token " + adminToken + " is in role: " + roleName); //$NON-NLS-1$
- }
- }
-
- /**
- * Get the <code>SessionToken</code> and validate that the session is active
- * for the specified <code>MetaMatrixSessionID</code>.
- * @param sessionID the <code>MetaMatrixSessionID</code> for the session in
- * question.
- * @return The <code>SessionToken</code> for the session in question.
- * @throws InvalidSessionException If session has expired or doesn't exist
- * @throws ComponentNotFoundException If couldn't find needed service component
- * @deprecated use {@link DQPWorkContext} instead
- */
- public SessionToken validateSession(MetaMatrixSessionID sessionID)
- throws InvalidSessionException, ComponentNotFoundException {
- if (LogManager.isMessageToBeRecorded(PlatformAdminLogConstants.CTX_ADMIN_API, MessageLevel.TRACE)) {
- LogManager.logTrace(PlatformAdminLogConstants.CTX_ADMIN_API,
- "Validating user session with session ID \"" + sessionID + "\""); //$NON-NLS-1$
- }
- SessionToken token = null;
- try {
- token = sessionAdmin.validateSession(sessionID).getSessionToken();
- } catch (InvalidSessionException e) {
- throw e;
- } catch (SessionServiceException e) {
- throw new ComponentNotFoundException(e,AdminMessages.ADMIN_0010, SESSION_SERVICE_DOWN_MSG);
- } catch (ServiceException e) {
- String msg = AdminPlugin.Util.getString(AdminMessages.ADMIN_0013);
- throw new ComponentNotFoundException(e,msg);
- }
-
- if (LogManager.isMessageToBeRecorded(PlatformAdminLogConstants.CTX_ADMIN_API, MessageLevel.TRACE)) {
- LogManager.logTrace(PlatformAdminLogConstants.CTX_ADMIN_API,
- "Validated user session with session ID \"" + sessionID + "\""); //$NON-NLS-1$
- }
- return token;
- }
-
-}
Modified: trunk/server/src/main/java/com/metamatrix/platform/admin/apiimpl/AuthorizationAdminAPIImpl.java
===================================================================
--- trunk/server/src/main/java/com/metamatrix/platform/admin/apiimpl/AuthorizationAdminAPIImpl.java 2009-04-08 23:00:01 UTC (rev 733)
+++ trunk/server/src/main/java/com/metamatrix/platform/admin/apiimpl/AuthorizationAdminAPIImpl.java 2009-04-09 15:53:21 UTC (rev 734)
@@ -29,6 +29,7 @@
import java.util.Map;
import java.util.Set;
+import com.metamatrix.admin.RolesAllowed;
import com.metamatrix.admin.api.exception.security.InvalidSessionException;
import com.metamatrix.admin.api.server.AdminRoles;
import com.metamatrix.api.exception.MetaMatrixComponentException;
@@ -50,7 +51,8 @@
import com.metamatrix.platform.service.api.exception.ServiceException;
import com.metamatrix.platform.util.PlatformProxyHelper;
-public class AuthorizationAdminAPIImpl extends SubSystemAdminAPIImpl implements AuthorizationAdminAPI {
+ at RolesAllowed(value=AdminRoles.RoleName.ADMIN_READONLY)
+public class AuthorizationAdminAPIImpl implements AuthorizationAdminAPI {
AuthorizationRealm roleRealm = RolePermissionFactory.getRealm();
@@ -81,28 +83,23 @@
* submitted to the <code>AuthorizationService</code> for actual updates to occur.
* @return AuthorizationObjectEditor
*/
- public synchronized AuthorizationEditor createEditor()
+ @RolesAllowed(value=AdminRoles.RoleName.ADMIN_SYSTEM)
+ public AuthorizationEditor createEditor()
throws InvalidSessionException, AuthorizationException, MetaMatrixComponentException {
- // Validate caller's session
- SessionToken token = AdminAPIHelper.validateSession(getSessionID());
- // Validate caller's role
- AdminAPIHelper.checkForRequiredRole(token, AdminRoles.RoleName.ADMIN_SYSTEM, "AuthorizationAdminAPIImpl.createEditor()"); //$NON-NLS-1$
return new AuthorizationObjectEditor(true);
}
- public synchronized Map getRoleDescriptions()
+ public Map getRoleDescriptions()
throws AuthorizationException, InvalidSessionException, MetaMatrixComponentException {
// Validate caller's session
- SessionToken token = AdminAPIHelper.validateSession(getSessionID());
- // Any administrator may call this read-only method - no need to validate role
+ SessionToken token = AdminAPIHelper.validateSession();
return authAdmin.getRoleDescriptions(token);
}
- public synchronized Collection getPrincipalsForRole(String roleName)
+ public Collection getPrincipalsForRole(String roleName)
throws AuthorizationException, InvalidSessionException, MetaMatrixComponentException {
// Validate caller's session
- SessionToken token = AdminAPIHelper.validateSession(getSessionID());
- // Any administrator may call this read-only method - no need to validate role
+ SessionToken token = AdminAPIHelper.validateSession();
return authAdmin.getPrincipalsForRole(token, roleName);
}
@@ -115,11 +112,10 @@
* @throws AuthorizationException if administrator does not have the authority to perform the requested operation.
* @throws MetaMatrixComponentException if this service has trouble communicating.
*/
- public synchronized Collection getRoleNamesForPrincipal(MetaMatrixPrincipalName principal)
+ public Collection getRoleNamesForPrincipal(MetaMatrixPrincipalName principal)
throws AuthorizationException, InvalidSessionException, MetaMatrixComponentException {
// Validate caller's session
- SessionToken token = AdminAPIHelper.validateSession(getSessionID());
- // Any administrator may call this read-only method - no need to validate role
+ SessionToken token = AdminAPIHelper.validateSession();
return authAdmin.getRoleNamesForPrincipal(token, principal);
}
@@ -131,12 +127,11 @@
* @throws AuthorizationException if admninistrator does not have the authority to perform the requested operation.
* @throws MetaMatrixComponentException if this service has trouble communicating.
*/
- public synchronized void addPrincipalsToRole(Set principals, String roleName)
+ @RolesAllowed(value=AdminRoles.RoleName.ADMIN_SYSTEM)
+ public void addPrincipalsToRole(Set principals, String roleName)
throws AuthorizationException, InvalidSessionException, MetaMatrixComponentException {
// Validate caller's session
- SessionToken token = AdminAPIHelper.validateSession(getSessionID());
- // Validate caller's role
- AdminAPIHelper.checkForRequiredRole(token, AdminRoles.RoleName.ADMIN_SYSTEM, "AuthorizationAdminAPIImpl.addPrincipalsToRole(" + principals + ", " + roleName + ")"); //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$
+ SessionToken token = AdminAPIHelper.validateSession();
AuthorizationPolicy role = authAdmin.getPolicy(token, new AuthorizationPolicyID(roleName, null, RolePermissionFactory.getRealm()));
@@ -154,12 +149,11 @@
* @throws AuthorizationException if admninistrator does not have the authority to perform the requested operation.
* @throws MetaMatrixComponentException if this service has trouble communicating.
*/
- public synchronized void removePrincipalsFromRole(Set principals, String roleName)
+ @RolesAllowed(value=AdminRoles.RoleName.ADMIN_SYSTEM)
+ public void removePrincipalsFromRole(Set principals, String roleName)
throws AuthorizationException, InvalidSessionException, MetaMatrixComponentException {
// Validate caller's session
- SessionToken token = AdminAPIHelper.validateSession(getSessionID());
- // Validate caller's role
- AdminAPIHelper.checkForRequiredRole(token, AdminRoles.RoleName.ADMIN_SYSTEM, "AuthorizationAdminAPIImpl.removePrincipalsFromRole(" + principals + ", " + roleName + ")"); //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$
+ SessionToken token = AdminAPIHelper.validateSession();
AuthorizationPolicy role = authAdmin.getPolicy(token, new AuthorizationPolicyID(roleName, null, RolePermissionFactory.getRealm()));
@@ -173,11 +167,10 @@
/**
* Get all policyIDs in the system except those that we want to filter from the console.
*/
- public synchronized Collection findAllPolicyIDs()
+ public Collection findAllPolicyIDs()
throws AuthorizationException, InvalidSessionException, MetaMatrixComponentException {
// Validate caller's session
- SessionToken token = AdminAPIHelper.validateSession(getSessionID());
- // Any administrator may call this read-only method - no need to validate role
+ SessionToken token = AdminAPIHelper.validateSession();
Collection allPolicyIDs = authAdmin.findAllPolicyIDs(token);
@@ -196,28 +189,26 @@
return filteredPolicyIDs;
}
- public synchronized Boolean containsPolicy(AuthorizationPolicyID policyID)
+ public Boolean containsPolicy(AuthorizationPolicyID policyID)
throws AuthorizationException, InvalidSessionException, MetaMatrixComponentException {
// Validate caller's session
- SessionToken token = AdminAPIHelper.validateSession(getSessionID());
- // Any administrator may call this read-only method - no need to validate role
+ SessionToken token = AdminAPIHelper.validateSession();
return new Boolean(authAdmin.containsPolicy(token, policyID));
}
- public synchronized AuthorizationPolicy getPolicy(AuthorizationPolicyID policyID)
+ public AuthorizationPolicy getPolicy(AuthorizationPolicyID policyID)
throws AuthorizationException, AuthorizationMgmtException, InvalidSessionException, MetaMatrixComponentException {
// Validate caller's session
- SessionToken token = AdminAPIHelper.validateSession(getSessionID());
+ SessionToken token = AdminAPIHelper.validateSession();
// Any administrator may call this read-only method - no need to validate role
return authAdmin.getPolicy(token, policyID);
}
- public synchronized Set executeTransaction(List actions)
+ @RolesAllowed(value=AdminRoles.RoleName.ADMIN_SYSTEM)
+ public Set executeTransaction(List actions)
throws AuthorizationException, AuthorizationMgmtException, InvalidSessionException, MetaMatrixComponentException {
// Validate caller's session
- SessionToken token = AdminAPIHelper.validateSession(getSessionID());
- // Validate caller's role
- AdminAPIHelper.checkForRequiredRole(token, AdminRoles.RoleName.ADMIN_SYSTEM, "AuthorizationAdminAPIImpl.executeTransaction(" + actions + ")"); //$NON-NLS-1$ //$NON-NLS-2$
+ SessionToken token = AdminAPIHelper.validateSession();
return authAdmin.executeTransaction(token, actions);
}
@@ -237,11 +228,10 @@
* @throws AuthorizationMgmtException if an error occurs in the Authorization store.
* @throws MetaMatrixComponentException if this service has trouble communicating.
*/
- public synchronized Collection getPolicyIDsInRealm(AuthorizationRealm realm)
+ public Collection getPolicyIDsInRealm(AuthorizationRealm realm)
throws AuthorizationException, AuthorizationMgmtException, InvalidSessionException, MetaMatrixComponentException {
// Validate caller's session
- SessionToken token = AdminAPIHelper.validateSession(getSessionID());
- // Any administrator may call this read-only method - no need to validate role
+ SessionToken token = AdminAPIHelper.validateSession();
return authAdmin.getPolicyIDsInRealm(token, realm);
}
Modified: trunk/server/src/main/java/com/metamatrix/platform/admin/apiimpl/ConfigurationAdminAPIImpl.java
===================================================================
--- trunk/server/src/main/java/com/metamatrix/platform/admin/apiimpl/ConfigurationAdminAPIImpl.java 2009-04-08 23:00:01 UTC (rev 733)
+++ trunk/server/src/main/java/com/metamatrix/platform/admin/apiimpl/ConfigurationAdminAPIImpl.java 2009-04-09 15:53:21 UTC (rev 734)
@@ -24,12 +24,11 @@
import java.util.Collection;
import java.util.List;
-import java.util.Properties;
import java.util.Set;
+import com.metamatrix.admin.RolesAllowed;
import com.metamatrix.admin.api.exception.security.InvalidSessionException;
import com.metamatrix.admin.api.server.AdminRoles;
-import com.metamatrix.api.exception.ComponentNotFoundException;
import com.metamatrix.api.exception.MetaMatrixComponentException;
import com.metamatrix.api.exception.security.AuthorizationException;
import com.metamatrix.common.actions.ActionDefinition;
@@ -45,15 +44,14 @@
import com.metamatrix.common.config.api.Host;
import com.metamatrix.common.config.api.HostID;
import com.metamatrix.common.config.api.exceptions.ConfigurationException;
-import com.metamatrix.platform.PlatformPlugin;
import com.metamatrix.platform.admin.api.ConfigurationAdminAPI;
import com.metamatrix.platform.config.api.service.ConfigurationServiceInterface;
import com.metamatrix.platform.registry.ClusteredRegistryState;
import com.metamatrix.platform.security.api.SessionToken;
-import com.metamatrix.platform.service.api.exception.ServiceException;
import com.metamatrix.platform.util.PlatformProxyHelper;
-public class ConfigurationAdminAPIImpl extends SubSystemAdminAPIImpl implements ConfigurationAdminAPI {
+ at RolesAllowed(value=AdminRoles.RoleName.ADMIN_READONLY)
+public class ConfigurationAdminAPIImpl implements ConfigurationAdminAPI {
// Auth svc proxy
private ConfigurationServiceInterface configAdmin;
@@ -62,11 +60,11 @@
/**
* ctor
*/
- private ConfigurationAdminAPIImpl(ClusteredRegistryState registry) throws MetaMatrixComponentException {
+ private ConfigurationAdminAPIImpl(ClusteredRegistryState registry) {
configAdmin = PlatformProxyHelper.getConfigurationServiceProxy(PlatformProxyHelper.ROUND_ROBIN_LOCAL);
}
- public synchronized static ConfigurationAdminAPI getInstance(ClusteredRegistryState registry) throws MetaMatrixComponentException {
+ public synchronized static ConfigurationAdminAPI getInstance(ClusteredRegistryState registry) {
if (configAdminAPI == null) {
configAdminAPI = new ConfigurationAdminAPIImpl(registry);
}
@@ -83,10 +81,10 @@
*
* @return ConfigurationObjectEditor
*/
- public synchronized ConfigurationObjectEditor createEditor()
+ public ConfigurationObjectEditor createEditor()
throws ConfigurationException, InvalidSessionException, AuthorizationException, MetaMatrixComponentException {
// Validate caller's session
- AdminAPIHelper.validateSession(getSessionID());
+ AdminAPIHelper.validateSession();
// Any administrator may call this read-only method - no need to validate role
return configAdmin.createEditor();
}
@@ -107,12 +105,12 @@
* @throws MetaMatrixComponentException
* if a general remote system problem occurred
*/
- public synchronized ConfigurationID getNextStartupConfigurationID() throws ConfigurationException,
+ public ConfigurationID getNextStartupConfigurationID() throws ConfigurationException,
InvalidSessionException,
AuthorizationException,
MetaMatrixComponentException {
// Validate caller's session
- AdminAPIHelper.validateSession(getSessionID());
+ AdminAPIHelper.validateSession();
// Any administrator may call this read-only method - no need to validate role
return configAdmin.getNextStartupConfigurationID();
}
@@ -127,12 +125,12 @@
* @throws ConfigurationException
* if an error occurred within or during communication with the Configuration Service.
*/
- public synchronized Configuration getCurrentConfiguration() throws ConfigurationException,
+ public Configuration getCurrentConfiguration() throws ConfigurationException,
InvalidSessionException,
AuthorizationException,
MetaMatrixComponentException {
// Validate caller's session
- AdminAPIHelper.validateSession(getSessionID());
+ AdminAPIHelper.validateSession();
// Any administrator may call this read-only method - no need to validate role
return configAdmin.getCurrentConfiguration();
}
@@ -147,21 +145,21 @@
* @throws ConfigurationException
* if an error occurred within or during communication with the Configuration Service.
*/
- public synchronized Configuration getNextStartupConfiguration() throws ConfigurationException,
+ public Configuration getNextStartupConfiguration() throws ConfigurationException,
InvalidSessionException,
AuthorizationException,
MetaMatrixComponentException {
// Validate caller's session
- AdminAPIHelper.validateSession(getSessionID());
+ AdminAPIHelper.validateSession();
// Any administrator may call this read-only method - no need to validate role
return configAdmin.getNextStartupConfiguration();
}
- public synchronized ConfigurationModelContainer getConfigurationModel(String configName) throws ConfigurationException,
+ public ConfigurationModelContainer getConfigurationModel(String configName) throws ConfigurationException,
InvalidSessionException,
AuthorizationException,
MetaMatrixComponentException {
- AdminAPIHelper.validateSession(getSessionID());
+ AdminAPIHelper.validateSession();
// Any administrator may call this read-only method - no need to validate role
return configAdmin.getConfigurationModel(configName);
}
@@ -219,13 +217,13 @@
* @throws MetaMatrixComponentException
* if a general remote system problem occurred
*/
- public synchronized Collection getConfigurationAndDependents(ConfigurationID configID) throws ConfigurationException,
+ public Collection getConfigurationAndDependents(ConfigurationID configID) throws ConfigurationException,
InvalidSessionException,
AuthorizationException,
MetaMatrixComponentException {
// Validate caller's session
// SessionToken token =
- AdminAPIHelper.validateSession(getSessionID());
+ AdminAPIHelper.validateSession();
// Any administrator may call this read-only method - no need to validate role
return configAdmin.getConfigurationAndDependents(configID);
}
@@ -239,13 +237,13 @@
* @return Collection of ComponentTypeDefns
* @see getDependentComponentTypeDefinitions(ComponentTypeID)
*/
- public synchronized Collection getComponentTypeDefinitions(ComponentTypeID componentTypeID) throws ConfigurationException,
+ public Collection getComponentTypeDefinitions(ComponentTypeID componentTypeID) throws ConfigurationException,
InvalidSessionException,
AuthorizationException,
MetaMatrixComponentException {
// Validate caller's session
// SessionToken token =
- AdminAPIHelper.validateSession(getSessionID());
+ AdminAPIHelper.validateSession();
// Any administrator may call this read-only method - no need to validate role
return configAdmin.getComponentTypeDefinitions(componentTypeID);
}
@@ -259,12 +257,12 @@
* @return Collection of ComponentTypeDefns
* @see getDependentComponentTypeDefinitions(ComponentTypeID)
*/
- public synchronized Collection getAllComponentTypeDefinitions(ComponentTypeID componentTypeID) throws ConfigurationException,
+ public Collection getAllComponentTypeDefinitions(ComponentTypeID componentTypeID) throws ConfigurationException,
InvalidSessionException,
AuthorizationException,
MetaMatrixComponentException {
// Validate caller's session
- AdminAPIHelper.validateSession(getSessionID());
+ AdminAPIHelper.validateSession();
// Any administrator may call this read-only method - no need to validate role
return configAdmin.getAllComponentTypeDefinitions(componentTypeID);
}
@@ -278,12 +276,12 @@
* @throws ConfigurationException
* if an error occurred within or during communication with the Configuration Service.
*/
- public synchronized ComponentType getComponentType(ComponentTypeID id) throws ConfigurationException,
+ public ComponentType getComponentType(ComponentTypeID id) throws ConfigurationException,
InvalidSessionException,
AuthorizationException,
MetaMatrixComponentException {
// Validate caller's session
- AdminAPIHelper.validateSession(getSessionID());
+ AdminAPIHelper.validateSession();
// Any administrator may call this read-only method - no need to validate role
return configAdmin.getComponentType(id);
}
@@ -299,13 +297,13 @@
* if an error occurred within or during communication with the Configuration Service.
* @see #ComponentType
*/
- public synchronized Collection getAllComponentTypes(boolean includeDeprecated) throws ConfigurationException,
+ public Collection getAllComponentTypes(boolean includeDeprecated) throws ConfigurationException,
InvalidSessionException,
AuthorizationException,
MetaMatrixComponentException {
// Validate caller's session
// SessionToken token =
- AdminAPIHelper.validateSession(getSessionID());
+ AdminAPIHelper.validateSession();
// Any administrator may call this read-only method - no need to validate role
return configAdmin.getAllComponentTypes(includeDeprecated);
}
@@ -318,24 +316,24 @@
* @throws ConfigurationException
* if an error occurred within or during communication with the Configuration Service.
*/
- public synchronized Host getHost(HostID hostID) throws ConfigurationException,
+ public Host getHost(HostID hostID) throws ConfigurationException,
InvalidSessionException,
AuthorizationException,
MetaMatrixComponentException {
// Validate caller's session
- AdminAPIHelper.validateSession(getSessionID());
+ AdminAPIHelper.validateSession();
// Any administrator may call this read-only method - no need to validate role
return configAdmin.getHost(hostID);
}
- public synchronized ComponentDefn getComponentDefn(ConfigurationID configurationID,
+ public ComponentDefn getComponentDefn(ConfigurationID configurationID,
ComponentDefnID componentDefnID) throws ConfigurationException,
InvalidSessionException,
AuthorizationException,
MetaMatrixComponentException {
// Validate caller's session
- AdminAPIHelper.validateSession(getSessionID());
+ AdminAPIHelper.validateSession();
// Any administrator may call this read-only method - no need to validate role
return configAdmin.getComponentDefn(configurationID, componentDefnID);
}
@@ -352,13 +350,13 @@
* @throws MetaMatrixComponentException
* if an error occurred in communicating with a component.
*/
- public synchronized Collection getResources() throws ConfigurationException,
+ public Collection getResources() throws ConfigurationException,
InvalidSessionException,
AuthorizationException,
MetaMatrixComponentException {
// Validate caller's session
- AdminAPIHelper.validateSession(getSessionID());
+ AdminAPIHelper.validateSession();
// Any administrator may call this read-only method - no need to validate role
return configAdmin.getResources();
}
@@ -376,12 +374,12 @@
* @throws MetaMatrixComponentException
* if an error occurred in communicating with a component.
*/
- public synchronized void saveResources(Collection resourceDescriptors) throws ConfigurationException,
+ public void saveResources(Collection resourceDescriptors) throws ConfigurationException,
InvalidSessionException,
AuthorizationException,
MetaMatrixComponentException {
// Validate caller's session
- SessionToken token = AdminAPIHelper.validateSession(getSessionID());
+ SessionToken token = AdminAPIHelper.validateSession();
// Any administrator may call this read-only method - no need to validate role
configAdmin.saveResources(resourceDescriptors, token.getUsername());
}
@@ -409,15 +407,14 @@
* @throws ConfigurationException
* if an error occurred within or during communication with the Metadata Service.
*/
- public synchronized Set executeTransaction(ActionDefinition action) throws ModificationException,
+ @RolesAllowed(value=AdminRoles.RoleName.ADMIN_SYSTEM)
+ public Set executeTransaction(ActionDefinition action) throws ModificationException,
ConfigurationException,
InvalidSessionException,
AuthorizationException,
MetaMatrixComponentException {
// Validate caller's session
- SessionToken token = AdminAPIHelper.validateSession(getSessionID());
- // Validate caller's role
- AdminAPIHelper.checkForRequiredRole(token, AdminRoles.RoleName.ADMIN_SYSTEM, "ConfigurationAdminAPIImpl.executeTransaction(" + action + ")"); //$NON-NLS-1$ //$NON-NLS-2$
+ SessionToken token = AdminAPIHelper.validateSession();
return configAdmin.executeTransaction(action, token.getUsername());
}
@@ -437,49 +434,28 @@
* @throws ConfigurationException
* if an error occurred within or during communication with the Metadata Service.
*/
- public synchronized Set executeTransaction(List actions) throws ModificationException,
+ @RolesAllowed(value=AdminRoles.RoleName.ADMIN_SYSTEM)
+ public Set executeTransaction(List actions) throws ModificationException,
ConfigurationException,
InvalidSessionException,
AuthorizationException,
MetaMatrixComponentException {
// Validate caller's session
- SessionToken token = AdminAPIHelper.validateSession(getSessionID());
- // Validate caller's role
- AdminAPIHelper.checkForRequiredRole(token, AdminRoles.RoleName.ADMIN_SYSTEM, "ConfigurationAdminAPIImpl.executeTransaction(" + actions + ")"); //$NON-NLS-1$ //$NON-NLS-2$
+ SessionToken token = AdminAPIHelper.validateSession();
return configAdmin.executeTransaction(actions, token.getUsername());
}
/**
- * @see com.metamatrix.platform.admin.apiimpl.ConfigurationAdminAPI#addHost(java.lang.String, java.util.Properties)
- * @since 4.3
- */
- public synchronized Host addHost(String hostName,
- Properties properties) throws ConfigurationException,
- InvalidSessionException,
- AuthorizationException,
- MetaMatrixComponentException {
- // Validate caller's session
- SessionToken token = AdminAPIHelper.validateSession(getSessionID());
- // Validate caller's role
- AdminAPIHelper.checkForRequiredRole(token, AdminRoles.RoleName.ADMIN_SYSTEM, "ConfigurationAdminAPIImpl.addHost(" + hostName + ", " + properties + ")"); //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$
- return configAdmin.addHost(hostName, token.getUsername(), properties);
- }
-
-
-
-
- /**
* @see com.metamatrix.platform.admin.api.ConfigurationAdminAPI#checkPropertiesDecryptable(java.util.List)
* @since 4.3
*/
- public synchronized List checkPropertiesDecryptable(List defns) throws ConfigurationException,
+ @RolesAllowed(value=AdminRoles.RoleName.ADMIN_SYSTEM)
+ public List checkPropertiesDecryptable(List defns) throws ConfigurationException,
InvalidSessionException,
AuthorizationException,
MetaMatrixComponentException {
// Validate caller's session
- SessionToken token = AdminAPIHelper.validateSession(getSessionID());
- // Validate caller's role
- AdminAPIHelper.checkForRequiredRole(token, AdminRoles.RoleName.ADMIN_SYSTEM, "ConfigurationAdminAPIImpl.checkPropertiesDecryptable(" + defns + ")"); //$NON-NLS-1$ //$NON-NLS-2$
+ SessionToken token = AdminAPIHelper.validateSession();
return configAdmin.checkPropertiesDecryptable(defns);
}
Modified: trunk/server/src/main/java/com/metamatrix/platform/admin/apiimpl/ExtensionSourceAdminAPIImpl.java
===================================================================
--- trunk/server/src/main/java/com/metamatrix/platform/admin/apiimpl/ExtensionSourceAdminAPIImpl.java 2009-04-08 23:00:01 UTC (rev 733)
+++ trunk/server/src/main/java/com/metamatrix/platform/admin/apiimpl/ExtensionSourceAdminAPIImpl.java 2009-04-09 15:53:21 UTC (rev 734)
@@ -25,6 +25,7 @@
import java.util.Collection;
import java.util.List;
+import com.metamatrix.admin.RolesAllowed;
import com.metamatrix.admin.api.exception.security.InvalidSessionException;
import com.metamatrix.admin.api.server.AdminRoles;
import com.metamatrix.api.exception.MetaMatrixComponentException;
@@ -38,7 +39,8 @@
import com.metamatrix.platform.admin.api.ExtensionSourceAdminAPI;
import com.metamatrix.platform.security.api.SessionToken;
-public class ExtensionSourceAdminAPIImpl extends SubSystemAdminAPIImpl implements ExtensionSourceAdminAPI {
+ at RolesAllowed(value=AdminRoles.RoleName.ADMIN_READONLY)
+public class ExtensionSourceAdminAPIImpl implements ExtensionSourceAdminAPI {
private ExtensionModuleManager extensionSourceManager;
private static ExtensionSourceAdminAPI extensionSourceAdminAPI;
@@ -46,11 +48,11 @@
/**
* ctor
*/
- private ExtensionSourceAdminAPIImpl() throws MetaMatrixComponentException {
+ private ExtensionSourceAdminAPIImpl() {
}
- public synchronized static ExtensionSourceAdminAPI getInstance() throws MetaMatrixComponentException {
+ public synchronized static ExtensionSourceAdminAPI getInstance() {
if (extensionSourceAdminAPI == null) {
extensionSourceAdminAPI = new ExtensionSourceAdminAPIImpl();
}
@@ -92,10 +94,10 @@
* @throws MetaMatrixComponentException indicating a non-business-related
* exception (such as a communication exception)
*/
- public synchronized ExtensionModuleDescriptor addSource(String type, String sourceName, byte[] source, String description, boolean enabled)
+ @RolesAllowed(value=AdminRoles.RoleName.ADMIN_SYSTEM)
+ public ExtensionModuleDescriptor addSource(String type, String sourceName, byte[] source, String description, boolean enabled)
throws InvalidSessionException, AuthorizationException, DuplicateExtensionModuleException, InvalidExtensionModuleTypeException, MetaMatrixComponentException{
- SessionToken token = AdminAPIHelper.validateSession(getSessionID());
- AdminAPIHelper.checkForRequiredRole(token, AdminRoles.RoleName.ADMIN_SYSTEM, "ExtensionSourceAdminAPIImpl.addSource(" + type + ", " + sourceName + ", " + source + ", " + description + ", " + enabled + ")"); //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$ //$NON-NLS-4$ //$NON-NLS-5$ //$NON-NLS-6$
+ SessionToken token = AdminAPIHelper.validateSession();
return getExtensionSourceManager().addSource(token.getUsername(), type, sourceName, source, description, enabled);
}
@@ -109,10 +111,10 @@
* @throws MetaMatrixComponentException indicating a non-business-related
* exception (such as a communication exception)
*/
- public synchronized void removeSource(String sourceName)
+ @RolesAllowed(value=AdminRoles.RoleName.ADMIN_SYSTEM)
+ public void removeSource(String sourceName)
throws InvalidSessionException, AuthorizationException, ExtensionModuleNotFoundException, MetaMatrixComponentException{
- SessionToken token = AdminAPIHelper.validateSession(getSessionID());
- AdminAPIHelper.checkForRequiredRole(token, AdminRoles.RoleName.ADMIN_SYSTEM, "ExtensionSourceAdminAPIImpl.removeSource(" + sourceName + ")"); //$NON-NLS-1$ //$NON-NLS-2$
+ SessionToken token = AdminAPIHelper.validateSession();
getExtensionSourceManager().removeSource(token.getUsername(), sourceName);
}
@@ -126,10 +128,8 @@
* @throws MetaMatrixComponentException indicating a non-business-related
* exception (such as a communication exception)
*/
- public synchronized Collection getSourceTypes()
+ public Collection getSourceTypes()
throws InvalidSessionException, AuthorizationException, MetaMatrixComponentException{
-// SessionToken token =
- AdminAPIHelper.validateSession(getSessionID());
return getExtensionSourceManager().getSourceTypes();
}
@@ -143,10 +143,8 @@
* @throws MetaMatrixComponentException indicating a non-business-related
* exception (such as a communication exception)
*/
- public synchronized List getSourceNames()
+ public List getSourceNames()
throws InvalidSessionException, AuthorizationException, MetaMatrixComponentException{
-// SessionToken token =
- AdminAPIHelper.validateSession(getSessionID());
return getExtensionSourceManager().getSourceNames();
}
@@ -160,10 +158,8 @@
* @throws MetaMatrixComponentException indicating a non-business-related
* exception (such as a communication exception)
*/
- public synchronized List getSourceDescriptors()
+ public List getSourceDescriptors()
throws InvalidSessionException, AuthorizationException, MetaMatrixComponentException{
-// SessionToken token =
- AdminAPIHelper.validateSession(getSessionID());
return getExtensionSourceManager().getSourceDescriptors();
}
@@ -180,10 +176,10 @@
* @throws MetaMatrixComponentException indicating a non-business-related
* exception (such as a communication exception)
*/
- public synchronized ExtensionModuleDescriptor getSourceDescriptor(String sourceName)
+ public ExtensionModuleDescriptor getSourceDescriptor(String sourceName)
throws InvalidSessionException, AuthorizationException, ExtensionModuleNotFoundException, MetaMatrixComponentException{
// SessionToken token =
- AdminAPIHelper.validateSession(getSessionID());
+ AdminAPIHelper.validateSession();
return getExtensionSourceManager().getSourceDescriptor(sourceName);
}
@@ -204,10 +200,10 @@
* @throws MetaMatrixComponentException indicating a non-business-related
* exception (such as a communication exception)
*/
- public synchronized List setSearchOrder(List sourceNames)
+ @RolesAllowed(value=AdminRoles.RoleName.ADMIN_SYSTEM)
+ public List setSearchOrder(List sourceNames)
throws InvalidSessionException, AuthorizationException, ExtensionModuleOrderingException, MetaMatrixComponentException{
- SessionToken token = AdminAPIHelper.validateSession(getSessionID());
- AdminAPIHelper.checkForRequiredRole(token, AdminRoles.RoleName.ADMIN_SYSTEM, "ExtensionSourceAdminAPIImpl.setSearchOrder(" + sourceNames + ")"); //$NON-NLS-1$ //$NON-NLS-2$
+ SessionToken token = AdminAPIHelper.validateSession();
return getExtensionSourceManager().setSearchOrder(token.getUsername(), sourceNames);
}
@@ -228,32 +224,14 @@
* @throws MetaMatrixComponentException indicating a non-business-related
* exception (such as a communication exception)
*/
- public synchronized List setEnabled(Collection sourceNames, boolean enabled)
+ @RolesAllowed(value=AdminRoles.RoleName.ADMIN_SYSTEM)
+ public List setEnabled(Collection sourceNames, boolean enabled)
throws InvalidSessionException, AuthorizationException, ExtensionModuleNotFoundException, MetaMatrixComponentException{
- SessionToken token = AdminAPIHelper.validateSession(getSessionID());
- AdminAPIHelper.checkForRequiredRole(token, AdminRoles.RoleName.ADMIN_SYSTEM, "ExtensionSourceAdminAPIImpl.setEnabled(" + sourceNames + ", " + enabled + ")"); //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$
+ SessionToken token = AdminAPIHelper.validateSession();
return getExtensionSourceManager().setEnabled(token.getUsername(), sourceNames, enabled);
}
/**
- * Retrieves an extension source in byte[] form
- * @param sourceName name (e.g. filename) of extension source
- * @return actual contents of source in byte[] array form
- * @throws InvalidSessionException if there is not a valid administrative session
- * @throws AuthorizationException if the administrator does not have privileges to use this method
- * @throws ExtensionSourceNotFoundException if no extension source with
- * name sourceName can be found
- * @throws MetaMatrixComponentException indicating a non-business-related
- * exception (such as a communication exception)
- */
- public synchronized byte[] getSource(String sourceName)
- throws InvalidSessionException, AuthorizationException, ExtensionModuleNotFoundException, MetaMatrixComponentException{
-// SessionToken token =
- AdminAPIHelper.validateSession(getSessionID());
- return getExtensionSourceManager().getSource(sourceName);
- }
-
- /**
* Updates the indicated extension source
* @param sourceName name (e.g. filename) of extension source
* @param source actual contents of source
@@ -266,10 +244,10 @@
* @throws MetaMatrixComponentException indicating a non-business-related
* exception (such as a communication exception)
*/
- public synchronized ExtensionModuleDescriptor setSource(String sourceName, byte[] source)
+ @RolesAllowed(value=AdminRoles.RoleName.ADMIN_SYSTEM)
+ public ExtensionModuleDescriptor setSource(String sourceName, byte[] source)
throws InvalidSessionException, AuthorizationException, ExtensionModuleNotFoundException, MetaMatrixComponentException{
- SessionToken token = AdminAPIHelper.validateSession(getSessionID());
- AdminAPIHelper.checkForRequiredRole(token, AdminRoles.RoleName.ADMIN_SYSTEM, "ExtensionSourceAdminAPIImpl.setSource(" + sourceName + ", " + source + ")"); //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$
+ SessionToken token = AdminAPIHelper.validateSession();
return getExtensionSourceManager().setSource(token.getUsername(), sourceName, source);
}
@@ -284,10 +262,10 @@
* @throws MetaMatrixComponentException indicating a non-business-related
* exception (such as a communication exception)
*/
- public synchronized ExtensionModuleDescriptor setSourceName(String sourceName, String newName)
+ @RolesAllowed(value=AdminRoles.RoleName.ADMIN_SYSTEM)
+ public ExtensionModuleDescriptor setSourceName(String sourceName, String newName)
throws InvalidSessionException, AuthorizationException, ExtensionModuleNotFoundException, MetaMatrixComponentException{
- SessionToken token = AdminAPIHelper.validateSession(getSessionID());
- AdminAPIHelper.checkForRequiredRole(token, AdminRoles.RoleName.ADMIN_SYSTEM, "ExtensionSourceAdminAPIImpl.setSourceName(" + sourceName + ", " + newName + ")"); //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$
+ SessionToken token = AdminAPIHelper.validateSession();
return getExtensionSourceManager().setSourceName(token.getUsername(), sourceName, newName);
}
@@ -303,10 +281,10 @@
* @throws MetaMatrixComponentException indicating a non-business-related
* exception (such as a communication exception)
*/
- public synchronized ExtensionModuleDescriptor setSourceDescription(String sourceName, String description)
+ @RolesAllowed(value=AdminRoles.RoleName.ADMIN_SYSTEM)
+ public ExtensionModuleDescriptor setSourceDescription(String sourceName, String description)
throws InvalidSessionException, AuthorizationException, ExtensionModuleNotFoundException, MetaMatrixComponentException{
- SessionToken token = AdminAPIHelper.validateSession(getSessionID());
- AdminAPIHelper.checkForRequiredRole(token, AdminRoles.RoleName.ADMIN_SYSTEM, "ExtensionSourceAdminAPIImpl.setSourceDescription(" + sourceName + ", " + description + ")"); //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$
+ SessionToken token = AdminAPIHelper.validateSession();
return getExtensionSourceManager().setSourceDescription(token.getUsername(), sourceName, description);
}
Deleted: trunk/server/src/main/java/com/metamatrix/platform/admin/apiimpl/IAdminHelper.java
===================================================================
--- trunk/server/src/main/java/com/metamatrix/platform/admin/apiimpl/IAdminHelper.java 2009-04-08 23:00:01 UTC (rev 733)
+++ trunk/server/src/main/java/com/metamatrix/platform/admin/apiimpl/IAdminHelper.java 2009-04-09 15:53:21 UTC (rev 734)
@@ -1,62 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * See the COPYRIGHT.txt file distributed with this work for information
- * regarding copyright ownership. Some portions may be licensed
- * to Red Hat, Inc. under one or more contributor license agreements.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301 USA.
- */
-
-package com.metamatrix.platform.admin.apiimpl;
-
-import com.metamatrix.admin.api.exception.security.InvalidSessionException;
-import com.metamatrix.api.exception.ComponentNotFoundException;
-import com.metamatrix.api.exception.security.AuthorizationException;
-import com.metamatrix.platform.security.api.MetaMatrixSessionID;
-import com.metamatrix.platform.security.api.SessionToken;
-
-/**
- * @since 4.3
- */
-public interface IAdminHelper {
-
- /**
- * Checks that user is in the necessary role, throws an exception if
- * not. Methods of this administrative API may require that a caller be
- * in one or more security roles.
- * @param adminToken a valid SessionToken object representing the session
- * of the caller attempting an administrative operation
- * @param roleName String name of role to be checked for caller membership
- * @throws AuthorizationException if caller is <i>not</i> in the role, and
- * therefore not authorized to make the operation
- * @throws ComponentNotFoundException if the authorization service could
- * not be communicated with due to a bad service instance or proxy
- */
- void checkForRequiredRole(SessionToken adminToken, String roleName)
- throws AuthorizationException, ComponentNotFoundException;
-
- /**
- * Get the <code>SessionToken</code> and validate that the session is active
- * for the specified <code>MetaMatrixSessionID</code>.
- * @param sessionID the <code>MetaMatrixSessionID</code> for the session in
- * question.
- * @return The <code>SessionToken</code> for the session in question.
- * @throws InvalidSessionException If session has expired or doesn't exist
- * @throws ComponentNotFoundException If couldn't find needed service component
- */
- SessionToken validateSession(MetaMatrixSessionID sessionID)
- throws InvalidSessionException, ComponentNotFoundException;
-}
\ No newline at end of file
Modified: trunk/server/src/main/java/com/metamatrix/platform/admin/apiimpl/RuntimeStateAdminAPIHelper.java
===================================================================
--- trunk/server/src/main/java/com/metamatrix/platform/admin/apiimpl/RuntimeStateAdminAPIHelper.java 2009-04-08 23:00:01 UTC (rev 733)
+++ trunk/server/src/main/java/com/metamatrix/platform/admin/apiimpl/RuntimeStateAdminAPIHelper.java 2009-04-09 15:53:21 UTC (rev 734)
@@ -113,7 +113,7 @@
* @throws MetaMatrixComponentException
* if an error occurred in communicating with a component.
*/
- public synchronized SystemState getSystemState() throws MetaMatrixComponentException {
+ public SystemState getSystemState() throws MetaMatrixComponentException {
try {
SystemStateBuilder ssm = new SystemStateBuilder(this.registry, this.hostManagement);
return ssm.getSystemState();
@@ -263,7 +263,7 @@
* @throws MetaMatrixComponentException
* if an error occurred in communicating with a component.
*/
- public synchronized void shutdownServer() throws MetaMatrixComponentException {
+ public void shutdownServer() throws MetaMatrixComponentException {
this.hostManagement.killAllServersInCluster();
}
@@ -274,7 +274,7 @@
* @throws MetaMatrixComponentException
* if an error occurred in communicating with a component.
*/
- public synchronized void bounceServer() throws MetaMatrixComponentException {
+ public void bounceServer() throws MetaMatrixComponentException {
this.hostManagement.bounceAllServersInCluster();
}
@@ -287,7 +287,7 @@
* @throws a MultipleException if an error occurs
*/
- public synchronized void synchronizeServer() throws MetaMatrixComponentException,MultipleException {
+ public void synchronizeServer() throws MetaMatrixComponentException,MultipleException {
List exceptions = new ArrayList();
StringBuffer errorMsg = new StringBuffer();
Modified: trunk/server/src/main/java/com/metamatrix/platform/admin/apiimpl/RuntimeStateAdminAPIImpl.java
===================================================================
--- trunk/server/src/main/java/com/metamatrix/platform/admin/apiimpl/RuntimeStateAdminAPIImpl.java 2009-04-08 23:00:01 UTC (rev 733)
+++ trunk/server/src/main/java/com/metamatrix/platform/admin/apiimpl/RuntimeStateAdminAPIImpl.java 2009-04-09 15:53:21 UTC (rev 734)
@@ -25,11 +25,10 @@
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
-import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
-import java.util.Set;
+import com.metamatrix.admin.RolesAllowed;
import com.metamatrix.admin.api.exception.security.InvalidSessionException;
import com.metamatrix.admin.api.server.AdminRoles;
import com.metamatrix.api.exception.MetaMatrixComponentException;
@@ -69,10 +68,9 @@
import com.metamatrix.platform.vm.controller.ProcessStatistics;
import com.metamatrix.server.HostManagement;
-public class RuntimeStateAdminAPIImpl extends SubSystemAdminAPIImpl implements RuntimeStateAdminAPI {
+ at RolesAllowed(value=AdminRoles.RoleName.ADMIN_READONLY)
+public class RuntimeStateAdminAPIImpl implements RuntimeStateAdminAPI {
- protected Set listeners = new HashSet();
-
private RuntimeStateAdminAPIHelper helper;
private LogReader logReader;
@@ -86,12 +84,12 @@
/**
* ctor
*/
- private RuntimeStateAdminAPIImpl(ClusteredRegistryState registry, HostManagement hostManagement) throws MetaMatrixComponentException {
+ private RuntimeStateAdminAPIImpl(ClusteredRegistryState registry, HostManagement hostManagement) {
this.registry = registry;
helper = RuntimeStateAdminAPIHelper.getInstance(registry, hostManagement);
}
- public synchronized static RuntimeStateAdminAPIImpl getInstance(ClusteredRegistryState registry, HostManagement hostManagement) throws MetaMatrixComponentException {
+ public synchronized static RuntimeStateAdminAPIImpl getInstance(ClusteredRegistryState registry, HostManagement hostManagement) {
if (runtimeStateAdminAPI == null) {
runtimeStateAdminAPI = new RuntimeStateAdminAPIImpl(registry, hostManagement);
}
@@ -137,7 +135,7 @@
MetaMatrixComponentException {
// Validate caller's session
- AdminAPIHelper.validateSession(getSessionID());
+ AdminAPIHelper.validateSession();
return helper.getServices();
}
@@ -155,17 +153,15 @@
* @throws MetaMatrixComponentException
* if an error occurred in communicating with a component.
*/
+ @RolesAllowed(value=AdminRoles.RoleName.ADMIN_PRODUCT)
public synchronized void stopService(ServiceID serviceID) throws AuthorizationException,
InvalidSessionException,
MetaMatrixComponentException {
// Validate caller's session
- SessionToken token = AdminAPIHelper.validateSession(getSessionID());
+ SessionToken token = AdminAPIHelper.validateSession();
LogManager.logInfo(LogPlatformConstants.CTX_RUNTIME_ADMIN, ServicePlugin.Util.getString(LogMessageKeys.ADMIN_0003, new Object[] {serviceID, token.getUsername()}));
- // Validate caller's role
- AdminAPIHelper.checkForRequiredRole(token, AdminRoles.RoleName.ADMIN_PRODUCT, "RuntimeStateAdminAPIImpl.stopService(" + serviceID + ")"); //$NON-NLS-1$ //$NON-NLS-2$
-
helper.stopService(serviceID, false);
}
@@ -181,17 +177,15 @@
* @throws MetaMatrixComponentException
* if an error occurred in communicating with a component.
*/
+ @RolesAllowed(value=AdminRoles.RoleName.ADMIN_PRODUCT)
public synchronized void stopServiceNow(ServiceID serviceID) throws AuthorizationException,
InvalidSessionException,
MetaMatrixComponentException {
// Validate caller's session
- SessionToken token = AdminAPIHelper.validateSession(getSessionID());
+ SessionToken token = AdminAPIHelper.validateSession();
LogManager.logInfo(LogPlatformConstants.CTX_RUNTIME_ADMIN, ServicePlugin.Util.getString(LogMessageKeys.ADMIN_0004, new Object[] {serviceID, token.getUsername()}));
- // Validate caller's role
- AdminAPIHelper.checkForRequiredRole(token, AdminRoles.RoleName.ADMIN_PRODUCT, "RuntimeStateAdminAPIImpl.stopServiceNow(" + serviceID + ")"); //$NON-NLS-1$ //$NON-NLS-2$
-
helper.stopService(serviceID, true);
}
@@ -207,18 +201,15 @@
* @throws MetaMatrixComponentException
* if an error occurred in communicating with a component.
*/
- public synchronized void stopHost(String host) throws AuthorizationException,
+ @RolesAllowed(value=AdminRoles.RoleName.ADMIN_PRODUCT)
+ public void stopHost(String host) throws AuthorizationException,
InvalidSessionException,
MetaMatrixComponentException,
MultipleException {
// Validate caller's session
- SessionToken token = AdminAPIHelper.validateSession(getSessionID());
+ SessionToken token = AdminAPIHelper.validateSession();
LogManager.logInfo(LogPlatformConstants.CTX_RUNTIME_ADMIN, ServicePlugin.Util.getString(LogMessageKeys.ADMIN_0005, new Object[] {host, token.getUsername()}));
-
- // Validate caller's role
- AdminAPIHelper.checkForRequiredRole(token, AdminRoles.RoleName.ADMIN_PRODUCT, "RuntimeStateAdminAPIImpl.stopHost(" + host + ")"); //$NON-NLS-1$ //$NON-NLS-2$
-
helper.stopHost(host, false);
}
@@ -234,18 +225,15 @@
* @throws MetaMatrixComponentException
* if an error occurred in communicating with a component.
*/
- public synchronized void stopHostNow(String host) throws AuthorizationException,
+ @RolesAllowed(value=AdminRoles.RoleName.ADMIN_PRODUCT)
+ public void stopHostNow(String host) throws AuthorizationException,
InvalidSessionException,
MetaMatrixComponentException,
MultipleException {
// Validate caller's session
- SessionToken token = AdminAPIHelper.validateSession(getSessionID());
+ SessionToken token = AdminAPIHelper.validateSession();
LogManager.logInfo(LogPlatformConstants.CTX_RUNTIME_ADMIN, ServicePlugin.Util.getString(LogMessageKeys.ADMIN_0006, new Object[] {host, token.getUsername()}));
-
- // Validate caller's role
- AdminAPIHelper.checkForRequiredRole(token, AdminRoles.RoleName.ADMIN_PRODUCT, "RuntimeStateAdminAPIImpl.stopHostNow(" + host + ")"); //$NON-NLS-1$ //$NON-NLS-2$
-
helper.stopHost(host, true);
}
@@ -262,16 +250,13 @@
* @throws MetaMatrixComponentException
* if an error occurred in communicating with a component.
*/
- public synchronized void stopProcess(String hostName, String processName, boolean now)
+ @RolesAllowed(value=AdminRoles.RoleName.ADMIN_PRODUCT)
+ public void stopProcess(String hostName, String processName, boolean now)
throws AuthorizationException,InvalidSessionException, MetaMatrixComponentException {
// Validate caller's session
- SessionToken token = AdminAPIHelper.validateSession(getSessionID());
+ SessionToken token = AdminAPIHelper.validateSession();
LogManager.logInfo(LogPlatformConstants.CTX_RUNTIME_ADMIN, ServicePlugin.Util.getString(LogMessageKeys.ADMIN_0009, new Object[] {hostName+"."+processName, token.getUsername()})); //$NON-NLS-1$
-
- // Validate caller's role
- AdminAPIHelper.checkForRequiredRole(token, AdminRoles.RoleName.ADMIN_PRODUCT, "RuntimeStateAdminAPIImpl.stopProcess(" + hostName+","+ processName + ")"); //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$
-
helper.stopProcess(hostName, processName, now);
}
@@ -286,17 +271,14 @@
* @throws MetaMatrixComponentException
* if an error occurred in communicating with a component.
*/
- public synchronized void shutdownServer() throws AuthorizationException,
+ @RolesAllowed(value=AdminRoles.RoleName.ADMIN_PRODUCT)
+ public void shutdownServer() throws AuthorizationException,
InvalidSessionException,
MetaMatrixComponentException {
// Validate caller's session
- SessionToken token = AdminAPIHelper.validateSession(getSessionID());
+ SessionToken token = AdminAPIHelper.validateSession();
LogManager.logInfo(LogPlatformConstants.CTX_RUNTIME_ADMIN, ServicePlugin.Util.getString(LogMessageKeys.ADMIN_0015, new Object[] {token.getUsername()}));
-
- // Validate caller's role
- AdminAPIHelper.checkForRequiredRole(token, AdminRoles.RoleName.ADMIN_PRODUCT, "RuntimeStateAdminAPIImpl.shutdownServer()"); //$NON-NLS-1$
-
helper.shutdownServer();
}
@@ -313,18 +295,15 @@
* @throws MetaMatrixComponentException
* if an error occurred in communicating with a component.
*/
- public synchronized void restartService(ServiceID serviceID) throws AuthorizationException,
+ @RolesAllowed(value=AdminRoles.RoleName.ADMIN_PRODUCT)
+ public void restartService(ServiceID serviceID) throws AuthorizationException,
InvalidSessionException,
MetaMatrixComponentException {
LogManager.logInfo(LogPlatformConstants.CTX_RUNTIME_ADMIN, ServicePlugin.Util.getString(LogMessageKeys.ADMIN_0019, new Object[] {serviceID}));
// Validate caller's session
- SessionToken token = AdminAPIHelper.validateSession(getSessionID());
- // Validate caller's role
- AdminAPIHelper.checkForRequiredRole(token, AdminRoles.RoleName.ADMIN_PRODUCT, "RuntimeStateAdminAPIImpl.restartService(" + serviceID + ")"); //$NON-NLS-1$ //$NON-NLS-2$
-
-
+ SessionToken token = AdminAPIHelper.validateSession();
helper.restartService(serviceID);
}
@@ -340,16 +319,14 @@
* @throws MetaMatrixComponentException
* if an error occurred in communicating with a component.
*/
- public synchronized void startHost(String host) throws AuthorizationException,
+ @RolesAllowed(value=AdminRoles.RoleName.ADMIN_PRODUCT)
+ public void startHost(String host) throws AuthorizationException,
InvalidSessionException,
MetaMatrixComponentException {
// Validate caller's session
- SessionToken token = AdminAPIHelper.validateSession(getSessionID());
+ SessionToken token = AdminAPIHelper.validateSession();
LogManager.logInfo(LogPlatformConstants.CTX_RUNTIME_ADMIN, ServicePlugin.Util.getString(LogMessageKeys.ADMIN_0020, new Object[] {host, token.getUsername()}));
- // Validate caller's role
- AdminAPIHelper.checkForRequiredRole(token, AdminRoles.RoleName.ADMIN_PRODUCT, "RuntimeStateAdminAPIImpl.startHost(" + host + ")"); //$NON-NLS-1$ //$NON-NLS-2$
-
helper.startHost(host);
}
@@ -367,17 +344,14 @@
* @throws MetaMatrixComponentException
* if an error occurred in communicating with a component.
*/
- public synchronized void startProcess(String host, String process) throws AuthorizationException,
+ @RolesAllowed(value=AdminRoles.RoleName.ADMIN_PRODUCT)
+ public void startProcess(String host, String process) throws AuthorizationException,
InvalidSessionException,
MetaMatrixComponentException {
// Validate caller's session
- SessionToken token = AdminAPIHelper.validateSession(getSessionID());
+ SessionToken token = AdminAPIHelper.validateSession();
LogManager.logInfo(LogPlatformConstants.CTX_RUNTIME_ADMIN, ServicePlugin.Util.getString(LogMessageKeys.ADMIN_0021, new Object[] {process, token.getUsername()}));
-
- // Validate caller's role
- AdminAPIHelper.checkForRequiredRole(token, AdminRoles.RoleName.ADMIN_PRODUCT, "RuntimeStateAdminAPIImpl.startProcess(" + host + ", " + process + ")"); //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$
-
helper.startProcess(host, process);
}
@@ -393,17 +367,15 @@
* @throws MetaMatrixComponentException
* if an error occurred in communicating with a component.
*/
- public synchronized void startPSC(PscID pscID) throws AuthorizationException,
+ @RolesAllowed(value=AdminRoles.RoleName.ADMIN_PRODUCT)
+ public void startPSC(PscID pscID) throws AuthorizationException,
InvalidSessionException,
MetaMatrixComponentException,
MultipleException {
// Validate caller's session
- SessionToken token = AdminAPIHelper.validateSession(getSessionID());
+ SessionToken token = AdminAPIHelper.validateSession();
LogManager.logInfo(LogPlatformConstants.CTX_RUNTIME_ADMIN, ServicePlugin.Util.getString(LogMessageKeys.ADMIN_0022, new Object[] {pscID, token.getUsername()}));
-
- // Validate caller's role
- AdminAPIHelper.checkForRequiredRole(token, AdminRoles.RoleName.ADMIN_PRODUCT, "RuntimeStateAdminAPIImpl.startPSC(" + pscID + ")"); //$NON-NLS-1$ //$NON-NLS-2$
SystemState state = helper.getSystemState();
Iterator hosts = state.getHosts().iterator();
@@ -487,17 +459,20 @@
* @see com.metamatrix.platform.admin.api.RuntimeStateAdminAPI#stopPSC(com.metamatrix.platform.admin.api.runtime.PscID)
* @since 4.3
*/
+ @RolesAllowed(value=AdminRoles.RoleName.ADMIN_PRODUCT)
public void stopPSCNow(PscID pscID) throws AuthorizationException,
InvalidSessionException,
MetaMatrixComponentException,
MultipleException {
+ stopPSC(pscID, true);
}
/**
* @see com.metamatrix.platform.admin.api.RuntimeStateAdminAPI#stopPSCNow(com.metamatrix.platform.admin.api.runtime.PscID)
* @since 4.3
*/
- public synchronized void stopPSC(PscID pscID) throws AuthorizationException,
+ @RolesAllowed(value=AdminRoles.RoleName.ADMIN_PRODUCT)
+ public void stopPSC(PscID pscID) throws AuthorizationException,
InvalidSessionException,
MetaMatrixComponentException,
MultipleException {
@@ -506,19 +481,16 @@
- private synchronized void stopPSC(PscID pscID,
+ private void stopPSC(PscID pscID,
boolean now) throws AuthorizationException,
InvalidSessionException,
MetaMatrixComponentException,
MultipleException {
// Validate caller's session
- SessionToken token = AdminAPIHelper.validateSession(getSessionID());
+ SessionToken token = AdminAPIHelper.validateSession();
LogManager.logInfo(LogPlatformConstants.CTX_RUNTIME_ADMIN, ServicePlugin.Util.getString(LogMessageKeys.ADMIN_0023, new Object[] {pscID, token.getUsername()}));
- // Validate caller's role
- AdminAPIHelper.checkForRequiredRole(token, AdminRoles.RoleName.ADMIN_PRODUCT, "RuntimeStateAdminAPIImpl.stopPSC(" + pscID + ", " + now + ")"); //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$
-
SystemState state = getSystemState();
Iterator hosts = state.getHosts().iterator();
while (hosts.hasNext()) {
@@ -597,20 +569,17 @@
* @throws a
* MultipleException if an error occurs
*/
- public synchronized void synchronizeServer() throws AuthorizationException,
+ @RolesAllowed(value=AdminRoles.RoleName.ADMIN_PRODUCT)
+ public void synchronizeServer() throws AuthorizationException,
InvalidSessionException,
MetaMatrixComponentException,
MultipleException {
// Validate caller's session
- SessionToken token = AdminAPIHelper.validateSession(getSessionID());
+ SessionToken token = AdminAPIHelper.validateSession();
LogManager.logInfo(LogPlatformConstants.CTX_RUNTIME_ADMIN, ServicePlugin.Util.getString(LogMessageKeys.ADMIN_0026, new Object[] {token.getUsername()}));
- // Validate caller's role
- AdminAPIHelper.checkForRequiredRole(token, AdminRoles.RoleName.ADMIN_PRODUCT, "RuntimeStateAdminAPIImpl.synchronizeServer()"); //$NON-NLS-1$
-
helper.synchronizeServer();
-
}
/**
@@ -624,7 +593,7 @@
* @throws MetaMatrixComponentException
* if an error occurred in communicating with a component.
*/
- public synchronized Date getServerStartTime() throws AuthorizationException, InvalidSessionException, MetaMatrixComponentException {
+ public Date getServerStartTime() throws AuthorizationException, InvalidSessionException, MetaMatrixComponentException {
return this.helper.getEldestProcessStartTime();
}
@@ -646,7 +615,8 @@
* @throws MetaMatrixComponentException
* if an error occurred in communicating with a component.
*/
- public synchronized void setLoggingConfiguration(Configuration config,
+ @RolesAllowed(value=AdminRoles.RoleName.ADMIN_PRODUCT)
+ public void setLoggingConfiguration(Configuration config,
LogConfiguration logConfig,
List actions) throws AuthorizationException,
InvalidSessionException,
@@ -654,10 +624,7 @@
LogManager.logInfo(LogPlatformConstants.CTX_RUNTIME_ADMIN, CorePlugin.Util.getString(LogMessageKeys.ADMIN_0027));
// Validate caller's session
- SessionToken token = AdminAPIHelper.validateSession(getSessionID());
- // Validate caller's role
- AdminAPIHelper.checkForRequiredRole(token, AdminRoles.RoleName.ADMIN_PRODUCT, "RuntimeStateAdminAPIImpl.setLoggingConfiguration(" + config + ", " + logConfig + ", " + actions + ")"); //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$ //$NON-NLS-4$
-
+ SessionToken token = AdminAPIHelper.validateSession();
helper.setLogConfiguration(config, logConfig, actions, token.getUsername());
}
@@ -667,34 +634,6 @@
}
/**
- * Sets the <code>LogConfiguration</code> on the <code>LogManager</code> running in the given VM. If
- * <code>null>/code> is passed in for vmID, set log config on the
- * App Server VM - the MetaMatrix registry does not have a handle for that VM.
- * @param logConfig The log configuration with which to affect the log properties.
- * @param vmID The ID of the VM for which to set log configuration
- * used to affect the configuration database. If <code>null</code>, set the
- * App Server VM's log config.
- * @throws AuthorizationException if caller is not authorized to perform this method.
- * @throws InvalidSessionException if the <code>callerSessionID</code> is not valid or is expired.
- * @throws MetaMatrixComponentException if an error occurred in communicating with a component.
- */
- public synchronized void setLoggingConfiguration(LogConfiguration logConfig, String hostName, String processName)
- throws AuthorizationException, InvalidSessionException, MetaMatrixComponentException {
-
- LogManager.logInfo(LogPlatformConstants.CTX_RUNTIME_ADMIN, CorePlugin.Util.getString(LogMessageKeys.ADMIN_0029, new Object[] {buildProcessId(hostName, processName)}));
-
- // Validate caller's session
- SessionToken token = AdminAPIHelper.validateSession(getSessionID());
-
- // Validate caller's role
- AdminAPIHelper.checkForRequiredRole(token, AdminRoles.RoleName.ADMIN_PRODUCT, "RuntimeStateAdminAPIImpl.setLoggingConfiguration(" + logConfig + ", " + buildProcessId(hostName, processName) + ")"); //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$
-
- // Set logging config for given VM
- ProcessManagement vm = helper.getVMControllerInterface(hostName, processName);
- vm.setCurrentLogConfiguration(logConfig);
- }
-
- /**
* Return Collection of QueueStats for service.
*
* @param serviceID
@@ -707,16 +646,12 @@
* @throws MetaMatrixComponentException
* if an error occurred in communicating with a component.
*/
- public synchronized Collection getServiceQueueStatistics(ServiceID serviceID) throws AuthorizationException,
+ public Collection getServiceQueueStatistics(ServiceID serviceID) throws AuthorizationException,
InvalidSessionException,
MetaMatrixComponentException {
LogManager.logDetail(LogPlatformConstants.CTX_RUNTIME_ADMIN, "Getting queue statistics for: " + serviceID); //$NON-NLS-1$
- // Validate caller's session
- AdminAPIHelper.validateSession(getSessionID());
- // Any administrator may call this read-only method - no need to validate role
-
return helper.getServiceQueueStatistics(helper.getServiceBinding(serviceID));
}
@@ -735,7 +670,7 @@
* @throws MetaMatrixComponentException
* if an error occurred in communicating with a component.
*/
- public synchronized WorkerPoolStats getServiceQueueStatistics(ServiceID serviceID,
+ public WorkerPoolStats getServiceQueueStatistics(ServiceID serviceID,
String queueName) throws AuthorizationException,
InvalidSessionException,
MetaMatrixComponentException {
@@ -743,7 +678,7 @@
LogManager.logDetail(LogPlatformConstants.CTX_RUNTIME_ADMIN, "Getting queue statistics for " + queueName + " for service: " + serviceID); //$NON-NLS-1$ //$NON-NLS-2$
// Validate caller's session
- AdminAPIHelper.validateSession(getSessionID());
+ AdminAPIHelper.validateSession();
// Any administrator may call this read-only method - no need to validate role
ServiceInterface service = helper.getServiceBinding(serviceID).getService();
@@ -763,13 +698,13 @@
* @throws MetaMatrixComponentException
* if an error occurred in communicating with a component.
*/
- public synchronized ProcessStatistics getProcessStatistics(String hostName, String processName)
+ public ProcessStatistics getProcessStatistics(String hostName, String processName)
throws AuthorizationException, InvalidSessionException, MetaMatrixComponentException {
LogManager.logDetail(LogPlatformConstants.CTX_RUNTIME_ADMIN, "Getting vm statistics for " + buildProcessId(hostName, processName)); //$NON-NLS-1$
// Validate caller's session
- AdminAPIHelper.validateSession(getSessionID());
+ AdminAPIHelper.validateSession();
// Any administrator may call this read-only method - no need to validate role
return helper.getVMStatistics(hostName, processName);
@@ -785,7 +720,7 @@
String serviceName) throws AuthorizationException,
InvalidSessionException,
MetaMatrixComponentException {
- AdminAPIHelper.validateSession(getSessionID());
+ AdminAPIHelper.validateSession();
ServiceID result = null;
@@ -824,7 +759,7 @@
AuthorizationException,
InvalidSessionException,
MetaMatrixComponentException {
- AdminAPIHelper.validateSession(getSessionID());
+ AdminAPIHelper.validateSession();
PscID result = null;
Iterator vmIter = registry.getVMs(hostName).iterator();
@@ -857,7 +792,7 @@
public List<ProcessRegistryBinding> getVMControllerBindings() throws InvalidSessionException,
AuthorizationException,
MetaMatrixComponentException {
- AdminAPIHelper.validateSession(getSessionID());
+ AdminAPIHelper.validateSession();
return registry.getVMs(null);
}
@@ -873,7 +808,7 @@
int maxRows) throws AuthorizationException,
InvalidSessionException,
MetaMatrixComponentException {
- AdminAPIHelper.validateSession(getSessionID());
+ AdminAPIHelper.validateSession();
return getLogReader().getLogEntries(startTime, endTime, levels, contexts, maxRows);
}
@@ -892,7 +827,7 @@
public SystemState getSystemState() throws AuthorizationException,
InvalidSessionException, MetaMatrixComponentException {
- AdminAPIHelper.validateSession(getSessionID());
+ AdminAPIHelper.validateSession();
return helper.getSystemState();
}
Deleted: trunk/server/src/main/java/com/metamatrix/platform/admin/apiimpl/SubSystemAdminAPIImpl.java
===================================================================
--- trunk/server/src/main/java/com/metamatrix/platform/admin/apiimpl/SubSystemAdminAPIImpl.java 2009-04-08 23:00:01 UTC (rev 733)
+++ trunk/server/src/main/java/com/metamatrix/platform/admin/apiimpl/SubSystemAdminAPIImpl.java 2009-04-09 15:53:21 UTC (rev 734)
@@ -1,43 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * See the COPYRIGHT.txt file distributed with this work for information
- * regarding copyright ownership. Some portions may be licensed
- * to Red Hat, Inc. under one or more contributor license agreements.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301 USA.
- */
-
-package com.metamatrix.platform.admin.apiimpl;
-
-import org.teiid.dqp.internal.process.DQPWorkContext;
-
-import com.metamatrix.platform.admin.api.SubSystemAdminAPI;
-import com.metamatrix.platform.security.api.MetaMatrixSessionID;
-
-/**
- * Base class for subsystem administrative API implementations.
- */
-public abstract class SubSystemAdminAPIImpl implements SubSystemAdminAPI {
-
- /**
- * Get The <code>MetaMatrixSessionID</code> for this Connection
- * @return this Session ID
- */
- protected MetaMatrixSessionID getSessionID() {
- return DQPWorkContext.getWorkContext().getSessionId();
- }
-}
-
Modified: trunk/server/src/main/java/com/metamatrix/platform/vm/controller/ProcessController.java
===================================================================
--- trunk/server/src/main/java/com/metamatrix/platform/vm/controller/ProcessController.java 2009-04-08 23:00:01 UTC (rev 733)
+++ trunk/server/src/main/java/com/metamatrix/platform/vm/controller/ProcessController.java 2009-04-09 15:53:21 UTC (rev 734)
@@ -39,7 +39,6 @@
import com.metamatrix.admin.api.exception.AdminException;
import com.metamatrix.admin.api.server.ServerAdmin;
import com.metamatrix.admin.server.ServerAdminImpl;
-import com.metamatrix.admin.util.AdminMethodRoleResolver;
import com.metamatrix.api.exception.MetaMatrixComponentException;
import com.metamatrix.api.exception.MultipleException;
import com.metamatrix.common.classloader.URLFilteringClassLoader;
@@ -84,7 +83,6 @@
import com.metamatrix.platform.admin.api.ConfigurationAdminAPI;
import com.metamatrix.platform.admin.api.ExtensionSourceAdminAPI;
import com.metamatrix.platform.admin.api.RuntimeStateAdminAPI;
-import com.metamatrix.platform.admin.apiimpl.AdminHelper;
import com.metamatrix.platform.admin.apiimpl.AuthorizationAdminAPIImpl;
import com.metamatrix.platform.admin.apiimpl.ConfigurationAdminAPIImpl;
import com.metamatrix.platform.admin.apiimpl.ExtensionSourceAdminAPIImpl;
@@ -204,14 +202,13 @@
* @throws MetaMatrixComponentException
*/
private void registerSubSystemAdminAPIs(HostManagement hostManagement) throws MetaMatrixComponentException {
- this.clientServices.registerClientService(ConfigurationAdminAPI.class, ConfigurationAdminAPIImpl.getInstance(this.registry), PlatformAdminConstants.CTX_CONFIGURATION_ADMIN_API);
- this.clientServices.registerClientService(RuntimeStateAdminAPI.class, RuntimeStateAdminAPIImpl.getInstance(this.registry, hostManagement), PlatformAdminConstants.CTX_RUNTIME_STATE_ADMIN_API);
- this.clientServices.registerClientService(AuthorizationAdminAPI.class, AuthorizationAdminAPIImpl.getInstance(), PlatformAdminConstants.CTX_AUTHORIZATION_ADMIN_API);
- this.clientServices.registerClientService(ExtensionSourceAdminAPI.class, ExtensionSourceAdminAPIImpl.getInstance(), PlatformAdminConstants.CTX_ADMIN_API);
- this.clientServices.registerClientService(RuntimeMetadataAdminAPI.class, RuntimeMetadataAdminAPIImpl.getInstance(), PlatformAdminConstants.CTX_RUNTIME_METADATA_ADMIN_API);
+ this.clientServices.registerClientService(ConfigurationAdminAPI.class, wrapAdminService(ConfigurationAdminAPI.class, ConfigurationAdminAPIImpl.getInstance(this.registry)), PlatformAdminConstants.CTX_CONFIGURATION_ADMIN_API);
+ this.clientServices.registerClientService(RuntimeStateAdminAPI.class, wrapAdminService(RuntimeStateAdminAPI.class, RuntimeStateAdminAPIImpl.getInstance(this.registry, hostManagement)), PlatformAdminConstants.CTX_RUNTIME_STATE_ADMIN_API);
+ this.clientServices.registerClientService(AuthorizationAdminAPI.class, wrapAdminService(AuthorizationAdminAPI.class, AuthorizationAdminAPIImpl.getInstance()), PlatformAdminConstants.CTX_AUTHORIZATION_ADMIN_API);
+ this.clientServices.registerClientService(ExtensionSourceAdminAPI.class, wrapAdminService(ExtensionSourceAdminAPI.class, ExtensionSourceAdminAPIImpl.getInstance()), PlatformAdminConstants.CTX_ADMIN_API);
+ this.clientServices.registerClientService(RuntimeMetadataAdminAPI.class, wrapAdminService(RuntimeMetadataAdminAPI.class, RuntimeMetadataAdminAPIImpl.getInstance()), PlatformAdminConstants.CTX_RUNTIME_METADATA_ADMIN_API);
}
-
/**
* Register a ServiceInterceptor for the new Admin API, so that the client can access it via messaging.
* @throws AdminException
@@ -220,11 +217,15 @@
*/
private void registerAdmin(HostManagement hostManagement) throws AdminException {
ServerAdminImpl serverAdminImpl = new ServerAdminImpl(this.registry, hostManagement);
- AdminMethodRoleResolver adminMethodRoleResolver = new AdminMethodRoleResolver();
- adminMethodRoleResolver.init();
- ServerAdmin roleCheckedServerAdmin = (ServerAdmin)Proxy.newProxyInstance(Thread.currentThread().getContextClassLoader(), new Class[] {ServerAdmin.class}, new AdminAuthorizationInterceptor(new AdminHelper(), adminMethodRoleResolver, serverAdminImpl));
+ ServerAdmin roleCheckedServerAdmin = wrapAdminService(ServerAdmin.class, serverAdminImpl);
this.clientServices.registerClientService(ServerAdmin.class, roleCheckedServerAdmin, PlatformAdminConstants.CTX_ADMIN);
}
+
+
+ @SuppressWarnings("unchecked")
+ private <T> T wrapAdminService(Class<T> iface, T impl) {
+ return (T)Proxy.newProxyInstance(Thread.currentThread().getContextClassLoader(), new Class[] {iface}, new AdminAuthorizationInterceptor(PlatformProxyHelper.getAuthorizationServiceProxy(PlatformProxyHelper.ROUND_ROBIN_LOCAL), impl));
+ }
/**
* Register ILogonAPI's ServiceInterceptor
Modified: trunk/server/src/main/java/com/metamatrix/server/admin/apiimpl/RuntimeMetadataAdminAPIImpl.java
===================================================================
--- trunk/server/src/main/java/com/metamatrix/server/admin/apiimpl/RuntimeMetadataAdminAPIImpl.java 2009-04-08 23:00:01 UTC (rev 733)
+++ trunk/server/src/main/java/com/metamatrix/server/admin/apiimpl/RuntimeMetadataAdminAPIImpl.java 2009-04-09 15:53:21 UTC (rev 734)
@@ -34,6 +34,7 @@
import java.util.Properties;
import java.util.Set;
+import com.metamatrix.admin.RolesAllowed;
import com.metamatrix.admin.api.exception.security.InvalidSessionException;
import com.metamatrix.admin.api.server.AdminRoles;
import com.metamatrix.api.exception.MetaMatrixComponentException;
@@ -64,7 +65,6 @@
import com.metamatrix.platform.admin.api.PermissionDataNode;
import com.metamatrix.platform.admin.apiimpl.AdminAPIHelper;
import com.metamatrix.platform.admin.apiimpl.PermissionDataNodeImpl;
-import com.metamatrix.platform.admin.apiimpl.SubSystemAdminAPIImpl;
import com.metamatrix.platform.security.api.AuthorizationPolicyID;
import com.metamatrix.platform.security.api.AuthorizationRealm;
import com.metamatrix.platform.security.api.SessionToken;
@@ -74,7 +74,8 @@
import com.metamatrix.server.admin.api.RuntimeMetadataAdminAPI;
import com.metamatrix.server.admin.api.ServerAdminLogConstants;
-public class RuntimeMetadataAdminAPIImpl extends SubSystemAdminAPIImpl implements RuntimeMetadataAdminAPI {
+ at RolesAllowed(value=AdminRoles.RoleName.ADMIN_READONLY)
+public class RuntimeMetadataAdminAPIImpl implements RuntimeMetadataAdminAPI {
@@ -84,11 +85,11 @@
* ctor
* Only defined here so that it doesn't get generated.
*/
- private RuntimeMetadataAdminAPIImpl() throws MetaMatrixComponentException {
+ private RuntimeMetadataAdminAPIImpl() {
}
- public synchronized static RuntimeMetadataAdminAPI getInstance() throws MetaMatrixComponentException {
+ public synchronized static RuntimeMetadataAdminAPI getInstance() {
if (runtimeMetadataAdminAPI == null) {
runtimeMetadataAdminAPI = new RuntimeMetadataAdminAPIImpl();
}
@@ -106,14 +107,12 @@
* @throws VirtualDatabaseException if an error occurs while setting the state.
* @throws MetaMatrixComponentException if an error occurs in communicating with a component.
*/
- public synchronized void updateVirtualDatabase(VirtualDatabase vdb)
+ @RolesAllowed(value=AdminRoles.RoleName.ADMIN_PRODUCT)
+ public void updateVirtualDatabase(VirtualDatabase vdb)
throws AuthorizationException, InvalidSessionException, VirtualDatabaseException, MetaMatrixComponentException {
// Validate caller's session
- SessionToken callerToken = AdminAPIHelper.validateSession(getSessionID());
- // Validate caller's role
- AdminAPIHelper.checkForRequiredRole(callerToken, AdminRoles.RoleName.ADMIN_PRODUCT, "RuntimeMetadataAdminAPIImpl.updateVirtualDatabase(" + vdb.getID() + ")"); //$NON-NLS-1$ //$NON-NLS-2$
-
+ SessionToken callerToken = AdminAPIHelper.validateSession();
RuntimeMetadataCatalog.getInstance().updateVirtualDatabase(vdb, callerToken.getUsername());
}
@@ -128,13 +127,12 @@
* @throws VirtualDatabaseException if an error occurs while updating vdb.
* @throws MetaMatrixComponentException if an error occurs in communicating with a component.
*/
- public synchronized void markVDBForDelete(VirtualDatabaseID vdbID)
+ @RolesAllowed(value=AdminRoles.RoleName.ADMIN_PRODUCT)
+ public void markVDBForDelete(VirtualDatabaseID vdbID)
throws AuthorizationException, InvalidSessionException, VirtualDatabaseException, MetaMatrixComponentException {
// Validate caller's session
- SessionToken callerToken = AdminAPIHelper.validateSession(getSessionID());
- // Validate caller's role
- AdminAPIHelper.checkForRequiredRole(callerToken, AdminRoles.RoleName.ADMIN_PRODUCT, "RuntimeMetadataAdminAPIImpl.markVDBForDelete(" + vdbID + ")"); //$NON-NLS-1$ //$NON-NLS-2$
+ SessionToken callerToken = AdminAPIHelper.validateSession();
// Get VDB's current state
VirtualDatabase theVDB = RuntimeMetadataCatalog.getInstance().getVirtualDatabase(vdbID);
@@ -175,11 +173,11 @@
* @throws VirtualDatabaseException if an error occurs while setting the state.
* @throws MetaMatrixComponentException if an error occurs in communicating with a component.
*/
- public synchronized Map migrateConnectorBindingNames(VirtualDatabase sourceVDB, VDBDefn vdb)
+ public Map migrateConnectorBindingNames(VirtualDatabase sourceVDB, VDBDefn vdb)
throws AuthorizationException, InvalidSessionException, VirtualDatabaseException, MetaMatrixComponentException {
// Validate caller's session
- AdminAPIHelper.validateSession(getSessionID());
+ AdminAPIHelper.validateSession();
Map modelNameToRoutingIDs = new HashMap();
@@ -243,14 +241,13 @@
* @throws VirtualDatabaseException if an error occurs while setting the state.
* @throws MetaMatrixComponentException if an error occurs in communicating with a component.
*/
- public synchronized void setConnectorBindingNames(VirtualDatabaseID vdbID,
+ @RolesAllowed(value=AdminRoles.RoleName.ADMIN_PRODUCT)
+ public void setConnectorBindingNames(VirtualDatabaseID vdbID,
Map modelAndCBNames)
throws AuthorizationException, InvalidSessionException, VirtualDatabaseException, MetaMatrixComponentException {
// Validate caller's session
- SessionToken callerToken = AdminAPIHelper.validateSession(getSessionID());
- // Validate caller's role
- AdminAPIHelper.checkForRequiredRole(callerToken, AdminRoles.RoleName.ADMIN_PRODUCT, "RuntimeMetadataAdminAPIImpl.setConnectorBindingNames(" + vdbID + ", " + modelAndCBNames + ")"); //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$
+ SessionToken callerToken = AdminAPIHelper.validateSession();
RuntimeMetadataCatalog.getInstance().setConnectorBindingNames(vdbID, modelAndCBNames, callerToken.getUsername());
}
@@ -265,10 +262,10 @@
* @throws VirtualDatabaseException if an error occurs while setting the state.
* @throws MetaMatrixComponentException if an error occurs in communicating with a component.
*/
- public synchronized Collection getVDBsForConnectorBinding(String routingID)
+ public Collection getVDBsForConnectorBinding(String routingID)
throws AuthorizationException, InvalidSessionException, VirtualDatabaseException, MetaMatrixComponentException {
// Validate caller's session
- AdminAPIHelper.validateSession(getSessionID());
+ AdminAPIHelper.validateSession();
// Any administrator may call this read-only method - no need to validate role
Collection VDBs = new HashSet();
@@ -307,11 +304,11 @@
* @throws VirtualDatabaseException if an error occurs while setting the state.
* @throws MetaMatrixComponentException if an error occurs in communicating with a component.
*/
- public synchronized VirtualDatabase getVirtualDatabase(VirtualDatabaseID vdbID)
+ public VirtualDatabase getVirtualDatabase(VirtualDatabaseID vdbID)
throws AuthorizationException, InvalidSessionException, VirtualDatabaseException, MetaMatrixComponentException {
// Validate caller's session
- AdminAPIHelper.validateSession(getSessionID());
+ AdminAPIHelper.validateSession();
// Any administrator may call this read-only method - no need to validate role
return RuntimeMetadataCatalog.getInstance().getVirtualDatabase(vdbID);
@@ -328,11 +325,11 @@
* @throws VirtualDatabaseException if an error occurs during retrieval process.
* @throws MetaMatrixComponentException if an error occurs in communicating with a component.
*/
- public synchronized VirtualDatabase getLatestVirtualDatabase(String vdbName)
+ public VirtualDatabase getLatestVirtualDatabase(String vdbName)
throws AuthorizationException, InvalidSessionException, VirtualDatabaseException, MetaMatrixComponentException {
// Validate caller's session
- AdminAPIHelper.validateSession(getSessionID());
+ AdminAPIHelper.validateSession();
// Any administrator may call this read-only method - no need to validate role
VirtualDatabaseID vdbId = RuntimeMetadataCatalog.getInstance().getVirtualDatabaseID(vdbName, null);
@@ -351,11 +348,11 @@
* @throws VirtualDatabaseException if an error occurs while setting the state.
* @throws MetaMatrixComponentException if an error occurs in communicating with a component.
*/
- public synchronized Collection getVirtualDatabases()
+ public Collection getVirtualDatabases()
throws AuthorizationException, InvalidSessionException, VirtualDatabaseException, MetaMatrixComponentException {
// Validate caller's session
- AdminAPIHelper.validateSession(getSessionID());
+ AdminAPIHelper.validateSession();
// Any administrator may call this read-only method - no need to validate role
return RuntimeMetadataCatalog.getInstance().getVirtualDatabases();
@@ -374,11 +371,11 @@
* @throws AuthorizationException if caller is not authorized to perform this method.
* @throws MetaMatrixComponentException if an error occurs in communicating with a component.
*/
- public synchronized Collection getVDBModels(VirtualDatabaseID vdbID)
+ public Collection getVDBModels(VirtualDatabaseID vdbID)
throws AuthorizationException, InvalidSessionException, VirtualDatabaseException, MetaMatrixComponentException {
// Validate caller's session
- AdminAPIHelper.validateSession(getSessionID());
+ AdminAPIHelper.validateSession();
// Any administrator may call this read-only method - no need to validate role
ArrayList models = new ArrayList(RuntimeMetadataCatalog.getInstance().getModels(vdbID));
@@ -432,13 +429,12 @@
* @throws VirtualDatabaseException if an error occurs while setting the state.
* @throws MetaMatrixComponentException if an error occurs in communicating with a component.
*/
- public synchronized void setVDBState(VirtualDatabaseID vdbID, short state)
+ @RolesAllowed(value=AdminRoles.RoleName.ADMIN_PRODUCT)
+ public void setVDBState(VirtualDatabaseID vdbID, short state)
throws AuthorizationException, InvalidSessionException, VirtualDatabaseException, MetaMatrixComponentException {
// Validate caller's session
- SessionToken callerToken = AdminAPIHelper.validateSession(getSessionID());
- // Validate caller's role
- AdminAPIHelper.checkForRequiredRole(callerToken, AdminRoles.RoleName.ADMIN_PRODUCT, "RuntimeMetadataAdminAPIImpl.setVDBState(" + vdbID + ", " + state + ")"); //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$
+ SessionToken callerToken = AdminAPIHelper.validateSession();
// Get VDB's current state
VirtualDatabase theVDB = RuntimeMetadataCatalog.getInstance().getVirtualDatabase(vdbID);
@@ -527,13 +523,12 @@
* @throws AuthorizationException if admninistrator does not have the authority to perform the requested operation.
* @throws MetaMatrixComponentException if this service has trouble communicating.
*/
- public synchronized EntitlementMigrationReport migrateEntitlements(VirtualDatabase sourceVDB,
+ @RolesAllowed(value=AdminRoles.RoleName.ADMIN_PRODUCT)
+ public EntitlementMigrationReport migrateEntitlements(VirtualDatabase sourceVDB,
VirtualDatabase targetVDB)
throws AuthorizationException, InvalidSessionException, MetaMatrixComponentException {
// Validate caller's session
- SessionToken token = AdminAPIHelper.validateSession(getSessionID());
-
- AdminAPIHelper.checkForRequiredRole(token, AdminRoles.RoleName.ADMIN_PRODUCT, "RuntimeMetadataAdminAPIImpl.migrateEntitlements(" + sourceVDB.getID() + ", " + targetVDB.getID() + ")"); //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$
+ SessionToken token = AdminAPIHelper.validateSession();
return RuntimeMetadataHelper.migrateEntitlements(sourceVDB, targetVDB, token);
}
@@ -548,14 +543,13 @@
* @throws AuthorizationException if admninistrator does not have the authority to perform the requested operation.
* @throws MetaMatrixComponentException if this service has trouble communicating.
*/
- public synchronized EntitlementMigrationReport migrateEntitlements(VirtualDatabase targetVDB,
+ @RolesAllowed(value=AdminRoles.RoleName.ADMIN_PRODUCT)
+ public EntitlementMigrationReport migrateEntitlements(VirtualDatabase targetVDB,
char[] dataRoleContents, boolean overwriteExisting)
throws AuthorizationException, InvalidSessionException, MetaMatrixComponentException {
// Validate caller's session
- SessionToken token = AdminAPIHelper.validateSession(getSessionID());
+ SessionToken token = AdminAPIHelper.validateSession();
- AdminAPIHelper.checkForRequiredRole(token, AdminRoles.RoleName.ADMIN_SYSTEM, "RuntimeMetadataAdminAPIImpl.migrateEntitlements(" + targetVDB.getID() + ")"); //$NON-NLS-1$ //$NON-NLS-2$
-
return RuntimeMetadataHelper.migrateEntitlements(targetVDB.getVirtualDatabaseID(), dataRoleContents, overwriteExisting, token);
}
@@ -569,12 +563,12 @@
* @throws AuthorizationException if admninistrator does not have the authority to perform the requested operation.
* @throws MetaMatrixComponentException if this service has trouble communicating.
*/
- public synchronized PermissionDataNode getEntitlementTree(String vDBName,
+ public PermissionDataNode getEntitlementTree(String vDBName,
String vDBVersion,
AuthorizationPolicyID policyID)
throws AuthorizationException, InvalidSessionException, MetaMatrixComponentException {
// Validate caller's session
- AdminAPIHelper.validateSession(getSessionID());
+ AdminAPIHelper.validateSession();
// Any administrator may call this read-only method - no need to validate role
LogManager.logDetail(
@@ -598,10 +592,10 @@
* @throws AuthorizationException if admninistrator does not have the authority to perform the requested operation.
* @throws MetaMatrixComponentException if this service has trouble communicating.
*/
- public synchronized PermissionDataNode getDataNodes(String vDBName, String vDBVersion)
+ public PermissionDataNode getDataNodes(String vDBName, String vDBVersion)
throws AuthorizationException, InvalidSessionException, MetaMatrixComponentException {
// Validate caller's session
- AdminAPIHelper.validateSession(getSessionID());
+ AdminAPIHelper.validateSession();
// Any administrator may call this read-only method - no need to validate role
LogManager.logDetail(
@@ -620,10 +614,10 @@
* @param vdbVersion The version for the VDB.
* @return All element paths in the given VDB version.
*/
- public synchronized Set getAllDataNodeNames(String vdbName, String vdbVersion)
+ public Set getAllDataNodeNames(String vdbName, String vdbVersion)
throws InvalidSessionException, MetaMatrixComponentException {
// Validate caller's session
- AdminAPIHelper.validateSession(getSessionID());
+ AdminAPIHelper.validateSession();
return new HashSet(RuntimeMetadataHelper.getAllDataNodeNames(vdbName, vdbVersion, new HashMap()));
}
@@ -640,14 +634,10 @@
* @throws VirtualDatabaseException if an error occurs while setting the state.
* @throws MetaMatrixComponentException if an error occurs in communicating with a component.
*/
- public synchronized byte[] getVDB(VirtualDatabaseID vdbID)
+ @RolesAllowed(value=AdminRoles.RoleName.ADMIN_PRODUCT)
+ public byte[] getVDB(VirtualDatabaseID vdbID)
throws AuthorizationException, InvalidSessionException,VirtualDatabaseException,MetaMatrixComponentException {
- // Validate caller's session
- SessionToken callerToken = AdminAPIHelper.validateSession(getSessionID());
- // Validate caller's role
- AdminAPIHelper.checkForRequiredRole(callerToken, AdminRoles.RoleName.ADMIN_PRODUCT, "RuntimeMetadataAdminAPIImpl.getVDBDefn(" + vdbID + ")"); //$NON-NLS-1$ //$NON-NLS-2$
-
VDBArchive vdbArchive = null;
try {
vdbArchive = VDBDefnFactory.createVDBArchive(vdbID.getName(), vdbID.getVersion());
@@ -672,14 +662,13 @@
}
}
}
-
- public synchronized VirtualDatabase importVDB(byte[] vdbStream)
+
+ @RolesAllowed(value=AdminRoles.RoleName.ADMIN_PRODUCT)
+ public VirtualDatabase importVDB(byte[] vdbStream)
throws AuthorizationException, InvalidSessionException, VirtualDatabaseException, MetaMatrixComponentException {
// Validate caller's session
- SessionToken callerToken = AdminAPIHelper.validateSession(getSessionID());
- // Validate caller's role
- AdminAPIHelper.checkForRequiredRole(callerToken, AdminRoles.RoleName.ADMIN_PRODUCT, "RuntimeMetadataAdminAPIImpl.importVDB(vdbStream)"); //$NON-NLS-1$
+ SessionToken callerToken = AdminAPIHelper.validateSession();
VDBArchive vdbArchive = null;
try {
@@ -721,11 +710,11 @@
* @throws VirtualDatabaseException if an error occurs while setting the state.
* @throws MetaMatrixComponentException if an error occurs in communicating with a component.
*/
- public synchronized Map getModelVisibilityLevels(VirtualDatabaseID vdbID)
+ public Map getModelVisibilityLevels(VirtualDatabaseID vdbID)
throws AuthorizationException, InvalidSessionException, VirtualDatabaseException, MetaMatrixComponentException {
// Validate caller's session
- AdminAPIHelper.validateSession(getSessionID());
+ AdminAPIHelper.validateSession();
// Any administrator may call this read-only method - no need to validate role
Collection models = RuntimeMetadataCatalog.getInstance().getModels(vdbID);
@@ -747,7 +736,7 @@
* @return a Collection of all <code>VirtualDatabase</code>s in the system.
* @throws VirtualDatabaseException if an error occurs while setting the state.
*/
-// private synchronized static Collection filterVirtualDatabases(Set vdbsToFilter) throws VirtualDatabaseException {
+// private static Collection filterVirtualDatabases(Set vdbsToFilter) throws VirtualDatabaseException {
//
// Collection vdbs = RuntimeMetadataCatalog.getVirtualDatabases();
//
Deleted: trunk/server/src/test/java/com/metamatrix/common/comm/platform/FakeAdminHelper.java
===================================================================
--- trunk/server/src/test/java/com/metamatrix/common/comm/platform/FakeAdminHelper.java 2009-04-08 23:00:01 UTC (rev 733)
+++ trunk/server/src/test/java/com/metamatrix/common/comm/platform/FakeAdminHelper.java 2009-04-09 15:53:21 UTC (rev 734)
@@ -1,93 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * See the COPYRIGHT.txt file distributed with this work for information
- * regarding copyright ownership. Some portions may be licensed
- * to Red Hat, Inc. under one or more contributor license agreements.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
- * 02110-1301 USA.
- */
-
-package com.metamatrix.common.comm.platform;
-
-import java.util.Iterator;
-import java.util.Set;
-
-import com.metamatrix.admin.api.exception.security.InvalidSessionException;
-import com.metamatrix.api.exception.ComponentNotFoundException;
-import com.metamatrix.api.exception.security.AuthorizationException;
-import com.metamatrix.platform.admin.apiimpl.IAdminHelper;
-import com.metamatrix.platform.security.api.MetaMatrixSessionID;
-import com.metamatrix.platform.security.api.SessionToken;
-
-
-/**
- * @since 4.3
- */
-public class FakeAdminHelper implements
- IAdminHelper {
- private String userName;
- private Set userRoleNames;
-
- /**
- *
- * @since 4.3
- */
- public FakeAdminHelper(String userName, Set userRoleNames) {
- this.userName = userName;
- this.userRoleNames = userRoleNames;
- }
-
- /**
- * @see com.metamatrix.platform.admin.apiimpl.IAdminHelper#checkForRequiredRole(com.metamatrix.platform.security.api.SessionToken, java.lang.String)
- * @since 4.3
- */
- public void checkForRequiredRole(SessionToken adminToken,
- String roleName) throws AuthorizationException, ComponentNotFoundException {
- if ( adminToken.getUsername().equals(userName) ) {
- Iterator iter = userRoleNames.iterator();
- while ( iter.hasNext() ) {
- String userRole = (String)iter.next();
- if ( userRole.equals(roleName) ) {
- return;
- }
- }
- throw new AuthorizationException("User does not have required role [" + roleName + "]."); //$NON-NLS-1$ //$NON-NLS-2$
- }
- throw new AuthorizationException("User names are not equal. Incoming [" + adminToken.getUsername() + //$NON-NLS-1$
- "] Expected [" + userName + "]"); //$NON-NLS-1$ //$NON-NLS-2$
- }
-
- /**
- * @see com.metamatrix.platform.admin.apiimpl.IAdminHelper#checkForRequiredRole(com.metamatrix.platform.security.api.SessionToken, java.util.Set)
- * @since 4.3
- */
- public void checkForRequiredRole(SessionToken adminToken,
- Set roleNames) throws AuthorizationException, ComponentNotFoundException {
- Iterator roles = roleNames.iterator();
- while ( roles.hasNext() ) {
- this.checkForRequiredRole(adminToken, (String) roles.next());
- }
- }
-
- /**
- * @see com.metamatrix.platform.admin.apiimpl.IAdminHelper#validateSession(com.metamatrix.platform.security.api.MetaMatrixSessionID)
- * @since 4.3
- */
- public SessionToken validateSession(MetaMatrixSessionID sessionID) throws InvalidSessionException, ComponentNotFoundException {
- return new SessionToken(sessionID, "fake"); //$NON-NLS-1$ //$NON-NLS-2$
- }
-
-}
Modified: trunk/server/src/test/java/com/metamatrix/common/comm/platform/server/TestAdminAuthInterceptor.java
===================================================================
--- trunk/server/src/test/java/com/metamatrix/common/comm/platform/server/TestAdminAuthInterceptor.java 2009-04-08 23:00:01 UTC (rev 733)
+++ trunk/server/src/test/java/com/metamatrix/common/comm/platform/server/TestAdminAuthInterceptor.java 2009-04-09 15:53:21 UTC (rev 734)
@@ -26,85 +26,96 @@
import java.util.HashSet;
import java.util.Set;
+import org.hamcrest.BaseMatcher;
+import org.hamcrest.Description;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.Mockito;
import org.teiid.dqp.internal.process.DQPWorkContext;
-import junit.framework.TestCase;
-
import com.metamatrix.admin.api.exception.AdminException;
+import com.metamatrix.admin.api.exception.AdminProcessingException;
import com.metamatrix.admin.api.server.AdminRoles;
import com.metamatrix.admin.api.server.ServerAdmin;
-import com.metamatrix.admin.util.AdminMethodRoleResolver;
-import com.metamatrix.common.comm.platform.FakeAdminHelper;
+import com.metamatrix.api.exception.security.AuthorizationException;
+import com.metamatrix.api.exception.security.AuthorizationMgmtException;
import com.metamatrix.common.comm.platform.socket.server.AdminAuthorizationInterceptor;
import com.metamatrix.core.util.SimpleMock;
-import com.metamatrix.platform.admin.apiimpl.IAdminHelper;
+import com.metamatrix.platform.admin.api.ExtensionSourceAdminAPI;
+import com.metamatrix.platform.admin.apiimpl.ExtensionSourceAdminAPIImpl;
import com.metamatrix.platform.security.api.MetaMatrixSessionID;
import com.metamatrix.platform.security.api.SessionToken;
+import com.metamatrix.platform.security.api.service.AuthorizationServiceInterface;
/**
* @since 4.3
*/
-public class TestAdminAuthInterceptor extends TestCase {
+public class TestAdminAuthInterceptor {
- /**
- * Constructor for TestAdminMethodRoleResolver.
- * @param name
- */
- public TestAdminAuthInterceptor(String name) {
- super(name);
+ @Before public void setUp() throws Exception {
+ DQPWorkContext.getWorkContext().setSessionToken(new SessionToken(new MetaMatrixSessionID(1), "gojo")); //$NON-NLS-1$
}
- @Override
- protected void setUp() throws Exception {
- DQPWorkContext.getWorkContext().setSessionToken(new SessionToken(new MetaMatrixSessionID(1), "gojo")); //$NON-NLS-1$ //$NON-NLS-2$
+ @After public void tearDown() throws Exception {
+ DQPWorkContext.setWorkContext(new DQPWorkContext());
}
- @Override
- protected void tearDown() throws Exception {
- DQPWorkContext.setWorkContext(new DQPWorkContext());
+ @Test(expected=AdminProcessingException.class) public void testAddUserUDF_fail() throws AdminException {
+ Set<String> userRoles = new HashSet<String>();
+ ServerAdmin serverAdmin = getTestServerAdmin(userRoles, ServerAdmin.class);
+ serverAdmin.addUDF(null, null);
}
- public void testAddUserUDF_fail() throws AdminException {
- Set userRoles = new HashSet();
- ServerAdmin serverAdmin = getTestServerAdmin(userRoles);
- try {
- serverAdmin.addUDF(null, null);
- } catch (AdminException err) {
-
- }
- }
+ private <T> T getTestServerAdmin(final Set<String> userRoles, Class<T> iface) {
+ return getTestServerAdmin(userRoles, iface, SimpleMock.createSimpleMock(iface));
+ }
- private ServerAdmin getTestServerAdmin(Set userRoles) throws AdminException {
- IAdminHelper authHelper = new FakeAdminHelper("gojo", userRoles); //$NON-NLS-1$
- AdminMethodRoleResolver roleResolver = new AdminMethodRoleResolver();
- roleResolver.init();
- AdminAuthorizationInterceptor authInterceptor = new AdminAuthorizationInterceptor(authHelper, roleResolver, SimpleMock.createSimpleMock(ServerAdmin.class));
- ServerAdmin serverAdmin = (ServerAdmin)Proxy.newProxyInstance(Thread.currentThread().getContextClassLoader(), new Class[] {ServerAdmin.class}, authInterceptor);
- return serverAdmin;
+ private <T> T getTestServerAdmin(final Set<String> userRoles, Class<T> iface, T impl) {
+ AuthorizationServiceInterface service = Mockito.mock(AuthorizationServiceInterface.class);
+ try {
+ Mockito.stub(service.isCallerInRole((SessionToken)Mockito.anyObject(), Mockito.argThat(new BaseMatcher<String>() {
+ @Override
+ public boolean matches(Object arg0) {
+ return userRoles.contains(arg0);
+ }
+
+ @Override
+ public void describeTo(Description arg0) {
+
+ }
+ }))).toReturn(Boolean.TRUE);
+ } catch (AuthorizationMgmtException e) {
+ throw new RuntimeException(e);
+ }
+ AdminAuthorizationInterceptor authInterceptor = new AdminAuthorizationInterceptor(service, impl);
+ return (T)Proxy.newProxyInstance(Thread.currentThread().getContextClassLoader(), new Class[] {iface}, authInterceptor);
}
- public void testAddUDF_succeed() throws Exception {
- Set userRoles = new HashSet();
+ @Test public void testAddUDF_succeed() throws Exception {
+ Set<String> userRoles = new HashSet<String>();
userRoles.add(AdminRoles.RoleName.ADMIN_SYSTEM);
- ServerAdmin serverAdmin = getTestServerAdmin(userRoles);
+ ServerAdmin serverAdmin = getTestServerAdmin(userRoles, ServerAdmin.class);
serverAdmin.addUDF(null, null);
}
- public void testGetVDBs() throws Exception {
- Set userRoles = new HashSet();
- ServerAdmin serverAdmin = getTestServerAdmin(userRoles);
+ @Test public void testGetVDBs() throws Exception {
+ Set<String> userRoles = new HashSet<String>();
+ ServerAdmin serverAdmin = getTestServerAdmin(userRoles, ServerAdmin.class);
serverAdmin.getVDBs("*"); //$NON-NLS-1$
}
- public void testReadOnlyFails() throws Exception {
- Set userRoles = new HashSet();
- ServerAdmin serverAdmin = getTestServerAdmin(userRoles);
- try {
- serverAdmin.getSessions("*"); //$NON-NLS-1$
- } catch (AdminException e) {
-
- }
+ @Test(expected=AdminProcessingException.class) public void testReadOnlyFails() throws Exception {
+ Set<String> userRoles = new HashSet<String>();
+ ServerAdmin serverAdmin = getTestServerAdmin(userRoles, ServerAdmin.class);
+ serverAdmin.getSessions("*"); //$NON-NLS-1$
}
+ @Test(expected=AuthorizationException.class) public void testSubsystemReadOnlyFails() throws Exception {
+ Set<String> userRoles = new HashSet<String>();
+ ExtensionSourceAdminAPI serverAdmin = getTestServerAdmin(userRoles, ExtensionSourceAdminAPI.class, ExtensionSourceAdminAPIImpl.getInstance());
+ serverAdmin.getSourceDescriptors();
+ }
+
}
More information about the teiid-commits
mailing list