Skip to content

Commit

Permalink
Merge pull request #3759 from DedunuKarunarathne/master
Browse files Browse the repository at this point in the history 
Make non-admin user read-only with a config
  • Loading branch information
@DedunuKarunarathne
DedunuKarunarathne authored Dec 4, 2024
2 parents ef7d56f + 08751f3 commit ea9fbc5
Show file tree
Hide file tree
Showing 16 changed files with 330 additions and 133 deletions.
15 changes: 14 additions & 1 deletion ....management.apis/src/main/java/org/wso2/micro/integrator/management/apis/ApiResource.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,8 @@
import org.json.JSONObject;
import org.wso2.carbon.inbound.endpoint.internal.http.api.APIResource;
import org.wso2.micro.core.util.NetworkUtils;
import org.wso2.micro.integrator.management.apis.security.handler.SecurityUtils;
import org.wso2.micro.integrator.security.user.api.UserStoreException;

import java.io.IOException;
import java.net.MalformedURLException;
Expand All @@ -51,6 +53,7 @@
import java.util.stream.Collectors;

import static org.wso2.micro.integrator.management.apis.Constants.SEARCH_KEY;
import static org.wso2.micro.integrator.management.apis.Constants.USERNAME_PROPERTY;

public class ApiResource extends APIResource {

Expand Down Expand Up @@ -90,7 +93,17 @@ public boolean invoke(MessageContext messageContext) {
populateApiList(messageContext);
}
} else {
handlePost(messageContext, axisMsgCtx);
String userName = (String) messageContext.getProperty(USERNAME_PROPERTY);
try {
if (SecurityUtils.canUserEdit(userName)) {
handlePost(messageContext, axisMsgCtx);
} else {
Utils.sendForbiddenFaultResponse(axisMsgCtx);
}
} catch (UserStoreException e) {
LOG.error("Error occurred while retrieving the user data", e);
Utils.setJsonPayLoad(axisMsgCtx, Utils.createJsonErrorObject("Error occurred while retrieving the user data"));
}
}
return true;
}
Expand Down
25 changes: 23 additions & 2 deletions ...ement.apis/src/main/java/org/wso2/micro/integrator/management/apis/CarbonAppResource.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@
import org.wso2.micro.core.util.AuditLogger;
import org.wso2.micro.integrator.initializer.deployment.application.deployer.CappDeployer;
import org.wso2.micro.integrator.management.apis.security.handler.SecurityUtils;
import org.wso2.micro.integrator.security.user.api.UserStoreException;

import java.io.BufferedInputStream;
import java.io.File;
Expand Down Expand Up @@ -71,6 +72,7 @@
import static org.wso2.micro.integrator.management.apis.Constants.LIST;
import static org.wso2.micro.integrator.management.apis.Constants.NOT_FOUND;
import static org.wso2.micro.integrator.management.apis.Constants.SEARCH_KEY;
import static org.wso2.micro.integrator.management.apis.Constants.USERNAME_PROPERTY;

public class CarbonAppResource extends APIResource {

Expand Down Expand Up @@ -111,6 +113,7 @@ public boolean invoke(MessageContext messageContext) {
if (messageContext.getProperty(Constants.USERNAME_PROPERTY) != null) {
performedBy = messageContext.getProperty(Constants.USERNAME_PROPERTY).toString();
}
String userName = (String) messageContext.getProperty(USERNAME_PROPERTY);
switch (httpMethod) {
case Constants.HTTP_GET: {
String param = Utils.getQueryParameter(messageContext, "carbonAppName");
Expand All @@ -131,11 +134,29 @@ public boolean invoke(MessageContext messageContext) {
break;
}
case Constants.HTTP_POST: {
handlePost(performedBy, axis2MessageContext);
try {
if (SecurityUtils.canUserEdit(userName)) {
handlePost(performedBy, axis2MessageContext);
} else {
Utils.sendForbiddenFaultResponse(axis2MessageContext);
}
} catch (UserStoreException e) {
log.error("Error occurred while retrieving the user data", e);
Utils.setJsonPayLoad(axis2MessageContext,Utils.createJsonErrorObject("Error occurred while retrieving the user data"));
}
break;
}
case Constants.HTTP_DELETE: {
handleDelete(performedBy, messageContext, axis2MessageContext);
try {
if (SecurityUtils.canUserEdit(userName)) {
handleDelete(performedBy, messageContext, axis2MessageContext);
} else {
Utils.sendForbiddenFaultResponse(axis2MessageContext);
}
} catch (UserStoreException e) {
log.error("Error occurred while retrieving the user data", e);
Utils.setJsonPayLoad(axis2MessageContext,Utils.createJsonErrorObject("Error occurred while retrieving the user data"));
}
break;
}
default: {
Expand Down
16 changes: 15 additions & 1 deletion ...agement.apis/src/main/java/org/wso2/micro/integrator/management/apis/ConfigsResource.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,11 +24,15 @@
import org.apache.synapse.config.SynapseConfiguration;
import org.apache.synapse.transport.passthru.config.PassThroughCorrelationConfigDataHolder;
import org.json.JSONObject;
import org.wso2.micro.integrator.management.apis.security.handler.SecurityUtils;
import org.wso2.micro.integrator.security.user.api.UserStoreException;

import java.io.IOException;
import java.util.HashSet;
import java.util.Set;

import static org.wso2.micro.integrator.management.apis.Constants.USERNAME_PROPERTY;

/**
* This resource will handle requests coming to configs/.
*/
Expand Down Expand Up @@ -63,14 +67,20 @@ public boolean invoke(MessageContext messageContext,
LOG.debug("Handling" + httpMethod + "request");
}
JSONObject response;
String userName = (String) messageContext.getProperty(USERNAME_PROPERTY);
try {
switch (httpMethod) {
case Constants.HTTP_GET: {
response = handleGet(messageContext);
break;
}
case Constants.HTTP_PUT: {
response = handlePut(axis2MessageContext);
if (SecurityUtils.canUserEdit(userName)) {
response = handlePut(axis2MessageContext);
} else {
Utils.sendForbiddenFaultResponse(axis2MessageContext);
response = Utils.createJsonError("", axis2MessageContext, Constants.FORBIDDEN);
}
break;
}
default: {
Expand All @@ -85,6 +95,10 @@ public boolean invoke(MessageContext messageContext,
} catch (IOException e) {
LOG.error("Error when parsing JSON payload", e);
response = Utils.createJsonErrorObject("Error while parsing JSON payload");
} catch (UserStoreException e) {
LOG.error("Error occurred while retrieving the user data", e);
response = Utils.createJsonError("Error occurred while retrieving the user data",
axis2MessageContext, Constants.FORBIDDEN);
}
Utils.setJsonPayLoad(axis2MessageContext, response);
return true;
Expand Down
34 changes: 22 additions & 12 deletions ...ement.apis/src/main/java/org/wso2/micro/integrator/management/apis/ConnectorResource.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,8 @@
import org.wso2.micro.integrator.initializer.ServiceBusUtils;
import org.wso2.micro.integrator.initializer.persistence.MediationPersistenceManager;
import org.wso2.micro.integrator.initializer.deployment.synapse.deployer.SynapseAppDeployer;
import org.wso2.micro.integrator.management.apis.security.handler.SecurityUtils;
import org.wso2.micro.integrator.security.user.api.UserStoreException;

import java.io.IOException;

Expand All @@ -50,6 +52,7 @@

import static org.wso2.micro.integrator.management.apis.Constants.ITEM_TYPE_IMPORT;
import static org.wso2.micro.integrator.management.apis.Constants.SEARCH_KEY;
import static org.wso2.micro.integrator.management.apis.Constants.USERNAME_PROPERTY;

/**
* API Resource to manage connectors deployed
Expand Down Expand Up @@ -98,28 +101,35 @@ public boolean invoke(MessageContext messageContext,
}
axis2MessageContext.removeProperty(Constants.NO_ENTITY_BODY);
} else {

String userName = (String) messageContext.getProperty(USERNAME_PROPERTY);
try {
if (!JsonUtil.hasAJsonPayload(axis2MessageContext)) {
Utils.setJsonPayLoad(axis2MessageContext, Utils.createJsonErrorObject("POST method required json payload"));
} else {
JsonObject payload = Utils.getJsonPayload(axis2MessageContext);
String performedBy = Constants.ANONYMOUS_USER;
if (messageContext.getProperty(Constants.USERNAME_PROPERTY) != null) {
performedBy = messageContext.getProperty(Constants.USERNAME_PROPERTY).toString();
}
if (payload.has(NAME_ATTRIBUTE) && payload.has(STATUS_ATTRIBUTE) && payload.has(PACKAGE_ATTRIBUTE)) {
changeConnectorState(performedBy, axis2MessageContext, payload, synapseConfiguration);
if (SecurityUtils.canUserEdit(userName)) {
if (!JsonUtil.hasAJsonPayload(axis2MessageContext)) {
Utils.setJsonPayLoad(axis2MessageContext, Utils.createJsonErrorObject("POST method required json payload"));
} else {
Utils.setJsonPayLoad(axis2MessageContext, Utils.createJsonErrorObject("Missing parameters in payload"));
JsonObject payload = Utils.getJsonPayload(axis2MessageContext);
String performedBy = Constants.ANONYMOUS_USER;
if (messageContext.getProperty(Constants.USERNAME_PROPERTY) != null) {
performedBy = messageContext.getProperty(Constants.USERNAME_PROPERTY).toString();
}
if (payload.has(NAME_ATTRIBUTE) && payload.has(STATUS_ATTRIBUTE) && payload.has(PACKAGE_ATTRIBUTE)) {
changeConnectorState(performedBy, axis2MessageContext, payload, synapseConfiguration);
} else {
Utils.setJsonPayLoad(axis2MessageContext, Utils.createJsonErrorObject("Missing parameters in payload"));
}
}
} else {
Utils.sendForbiddenFaultResponse(axis2MessageContext);
}
} catch (AxisFault axisFault) {
LOG.error("Error when updating connector status", axisFault);
Utils.setJsonPayLoad(axis2MessageContext, Utils.createJsonErrorObject("Error when updating connector status"));
} catch (IOException e) {
LOG.error("Error when parsing JSON payload", e);
Utils.setJsonPayLoad(axis2MessageContext, Utils.createJsonErrorObject("Error when parsing JSON payload"));
} catch (UserStoreException e) {
LOG.error("Error occurred while retrieving the user data", e);
Utils.setJsonPayLoad(axis2MessageContext, Utils.createJsonErrorObject("Error occurred while retrieving the user data"));
}
}
return true;
Expand Down
1 change: 1 addition & 0 deletions ...or.management.apis/src/main/java/org/wso2/micro/integrator/management/apis/Constants.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -155,6 +155,7 @@ public class Constants {

// toml properties
public static String FILE_BASED_USER_STORE_ENABLE = "internal_apis.file_user_store.enable";
public static String MAKE_NON_ADMIN_USERS_READ_ONLY = "user_access.make_non_admin_users_read_only";

public static final String AUDIT_LOG_TYPE_ENDPOINT = "endpoint";
public static final String AUDIT_LOG_TYPE_USER = "user";
Expand Down
28 changes: 19 additions & 9 deletions ...gement.apis/src/main/java/org/wso2/micro/integrator/management/apis/EndpointResource.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,8 @@
import org.apache.synapse.endpoints.Endpoint;
import org.json.JSONObject;
import org.wso2.micro.core.util.AuditLogger;
import org.wso2.micro.integrator.management.apis.security.handler.SecurityUtils;
import org.wso2.micro.integrator.security.user.api.UserStoreException;

import javax.xml.namespace.QName;
import java.io.IOException;
Expand All @@ -50,7 +52,7 @@
import static org.wso2.micro.integrator.management.apis.Constants.SEARCH_KEY;
import static org.wso2.micro.integrator.management.apis.Constants.STATUS;
import static org.wso2.micro.integrator.management.apis.Constants.TRACING;

import static org.wso2.micro.integrator.management.apis.Constants.USERNAME_PROPERTY;

public class EndpointResource implements MiApiResource {

Expand Down Expand Up @@ -93,20 +95,28 @@ public boolean invoke(MessageContext messageContext,
populateEndpointList(messageContext, synapseConfiguration);
}
} else {
String userName = (String) messageContext.getProperty(USERNAME_PROPERTY);
try {
if (!JsonUtil.hasAJsonPayload(axis2MessageContext)) {
Utils.setJsonPayLoad(axis2MessageContext, Utils.createJsonErrorObject("JSON payload is missing"));
return true;
}
JsonObject payload = Utils.getJsonPayload(axis2MessageContext);
if (payload.has(Constants.NAME) && payload.has(STATUS)) {
changeEndpointStatus(performedBy, axis2MessageContext, synapseConfiguration, payload);
if (SecurityUtils.canUserEdit(userName)) {
if (!JsonUtil.hasAJsonPayload(axis2MessageContext)) {
Utils.setJsonPayLoad(axis2MessageContext, Utils.createJsonErrorObject("JSON payload is missing"));
return true;
}
JsonObject payload = Utils.getJsonPayload(axis2MessageContext);
if (payload.has(Constants.NAME) && payload.has(STATUS)) {
changeEndpointStatus(performedBy, axis2MessageContext, synapseConfiguration, payload);
} else {
handleTracing(performedBy, payload, messageContext, axis2MessageContext);
}
} else {
handleTracing(performedBy, payload, messageContext, axis2MessageContext);
Utils.sendForbiddenFaultResponse(axis2MessageContext);
}
} catch (IOException e) {
LOG.error("Error when parsing JSON payload", e);
Utils.setJsonPayLoad(axis2MessageContext, Utils.createJsonErrorObject("Error when parsing JSON payload"));
} catch (UserStoreException e) {
LOG.error("Error occurred while retrieving the user data", e);
Utils.setJsonPayLoad(axis2MessageContext, Utils.createJsonErrorObject("Error occurred while retrieving the user data"));
}
}

Expand Down
15 changes: 14 additions & 1 deletion ...t.apis/src/main/java/org/wso2/micro/integrator/management/apis/ExternalVaultResource.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,15 +25,18 @@
import org.apache.synapse.core.axis2.Axis2MessageContext;
import org.json.JSONObject;
import org.wso2.carbon.inbound.endpoint.internal.http.api.APIResource;
import org.wso2.micro.integrator.management.apis.security.handler.SecurityUtils;
import org.wso2.micro.integrator.mediation.security.vault.external.ExternalVaultException;
import org.wso2.micro.integrator.mediation.security.vault.external.hashicorp.HashiCorpVaultLookupHandlerImpl;
import org.wso2.micro.integrator.security.user.api.UserStoreException;

import java.io.IOException;
import java.util.HashSet;
import java.util.Set;

import static org.wso2.micro.integrator.management.apis.Constants.BAD_REQUEST;
import static org.wso2.micro.integrator.management.apis.Constants.NOT_FOUND;
import static org.wso2.micro.integrator.management.apis.Constants.USERNAME_PROPERTY;

public class ExternalVaultResource extends APIResource {

Expand Down Expand Up @@ -64,7 +67,17 @@ public boolean invoke(MessageContext messageContext) {

if ("hashicorp".equalsIgnoreCase(pathParam)) {
if (Utils.isDoingPOST(axis2MessageContext)) {
handleHashiCorpPost(axis2MessageContext);
String userName = (String) messageContext.getProperty(USERNAME_PROPERTY);
try {
if (SecurityUtils.canUserEdit(userName)) {
handleHashiCorpPost(axis2MessageContext);
} else {
Utils.sendForbiddenFaultResponse(axis2MessageContext);
}
} catch (UserStoreException e) {
LOG.error("Error occurred while retrieving the user data", e);
Utils.setJsonPayLoad(axis2MessageContext, Utils.createJsonErrorObject("Error occurred while retrieving the user data"));
}
} else {
JSONObject response = Utils.createJsonError("No such method for management/external-vault/"
+ pathParam, axis2MessageContext, NOT_FOUND);
Expand Down
15 changes: 14 additions & 1 deletion ...apis/src/main/java/org/wso2/micro/integrator/management/apis/InboundEndpointResource.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,8 @@
import org.json.JSONArray;
import org.json.JSONObject;
import org.wso2.carbon.inbound.endpoint.internal.http.api.APIResource;
import org.wso2.micro.integrator.management.apis.security.handler.SecurityUtils;
import org.wso2.micro.integrator.security.user.api.UserStoreException;

import java.io.IOException;

Expand All @@ -43,6 +45,7 @@

import static org.wso2.micro.integrator.management.apis.Constants.SEARCH_KEY;
import static org.wso2.micro.integrator.management.apis.Constants.SYNAPSE_CONFIGURATION;
import static org.wso2.micro.integrator.management.apis.Constants.USERNAME_PROPERTY;

public class InboundEndpointResource extends APIResource {

Expand Down Expand Up @@ -80,7 +83,17 @@ public boolean invoke(MessageContext messageContext) {
populateInboundEndpointList(messageContext);
}
} else {
handlePost(messageContext, axisMsgCtx);
String userName = (String) messageContext.getProperty(USERNAME_PROPERTY);
try {
if (SecurityUtils.canUserEdit(userName)) {
handlePost(messageContext, axisMsgCtx);
} else {
Utils.sendForbiddenFaultResponse(axisMsgCtx);
}
} catch (UserStoreException e) {
LOG.error("Error occurred while retrieving the user data", e);
Utils.setJsonPayLoad(axisMsgCtx, Utils.createJsonErrorObject("Error occurred while retrieving the user data"));
}
}
return true;
}
Expand Down
Loading

0 comments on commit ea9fbc5

Please sign in to comment.