nheron/kie-platform
nheron/kie-platform
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

work on security uberfire security extension with mongodb

Browse source
This commit is contained in:
Nicolas Héron 2020-08-08 22:44:30 +02:00
commit d79f1affc8
6 changed files with 83 additions and 50 deletions
Download patch file Download diff file Expand all files Collapse all files

13
drools-framework-base-tools-parent/drools-framework-kie-wb-parent/drools-framework-uberfire-security-service/pom.xml
View file

@ -12,65 +12,78 @@
<artifactId>drools-framework-uberfire-security-service</artifactId> <artifactId>drools-framework-uberfire-security-service</artifactId>
<dependencies> <dependencies>
<dependency> <dependency>
<groupId>org.uberfire</groupId> <groupId>org.uberfire</groupId>
<artifactId>uberfire-api</artifactId> <artifactId>uberfire-api</artifactId>
<scope>provided</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.uberfire</groupId> <groupId>org.uberfire</groupId>
<artifactId>uberfire-commons</artifactId> <artifactId>uberfire-commons</artifactId>
<scope>provided</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.kie.soup</groupId> <groupId>org.kie.soup</groupId>
<artifactId>kie-soup-commons</artifactId> <artifactId>kie-soup-commons</artifactId>
<scope>provided</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.uberfire</groupId> <groupId>org.uberfire</groupId>
<artifactId>uberfire-security-management-api</artifactId> <artifactId>uberfire-security-management-api</artifactId>
<scope>provided</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.uberfire</groupId> <groupId>org.uberfire</groupId>
<artifactId>uberfire-security-management-backend</artifactId> <artifactId>uberfire-security-management-backend</artifactId>
<scope>provided</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>javax.inject</groupId> <groupId>javax.inject</groupId>
<artifactId>javax.inject</artifactId> <artifactId>javax.inject</artifactId>
<scope>provided</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.jboss.errai</groupId> <groupId>org.jboss.errai</groupId>
<artifactId>errai-javax-enterprise</artifactId> <artifactId>errai-javax-enterprise</artifactId>
<scope>provided</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.jboss.errai</groupId> <groupId>org.jboss.errai</groupId>
<artifactId>errai-security-server</artifactId> <artifactId>errai-security-server</artifactId>
<scope>provided</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.jboss.errai</groupId> <groupId>org.jboss.errai</groupId>
<artifactId>errai-bus</artifactId> <artifactId>errai-bus</artifactId>
<scope>provided</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.slf4j</groupId> <groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId> <artifactId>slf4j-api</artifactId>
<scope>provided</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>javax.inject</groupId> <groupId>javax.inject</groupId>
<artifactId>javax.inject</artifactId> <artifactId>javax.inject</artifactId>
<scope>provided</scope>
<version>1</version> <version>1</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.mongodb</groupId> <groupId>org.mongodb</groupId>
<artifactId>mongodb-driver</artifactId> <artifactId>mongodb-driver</artifactId>
<scope>provided</scope>
<version>${version.mongodb.driver}</version> <version>${version.mongodb.driver}</version>
</dependency> </dependency>

33
drools-framework-base-tools-parent/drools-framework-kie-wb-parent/drools-framework-uberfire-security-service/src/main/java/org/chtijbug/guvnor/uberfire/security/KiePlatformGroupManager.java
View file

@ -20,21 +20,19 @@ import com.mongodb.client.MongoClient;
import com.mongodb.client.MongoDatabase; import com.mongodb.client.MongoDatabase;
import org.bson.codecs.configuration.CodecRegistry; import org.bson.codecs.configuration.CodecRegistry;
import org.jboss.errai.security.shared.api.Group; import org.jboss.errai.security.shared.api.Group;
import org.jboss.errai.security.shared.api.GroupImpl;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.uberfire.commons.config.ConfigProperties; import org.uberfire.commons.config.ConfigProperties;
import org.uberfire.ext.security.management.api.*; import org.uberfire.ext.security.management.api.*;
import org.uberfire.ext.security.management.api.exception.SecurityManagementException; import org.uberfire.ext.security.management.api.exception.SecurityManagementException;
import org.uberfire.ext.security.management.api.exception.UnsupportedServiceCapabilityException;
import org.uberfire.ext.security.management.impl.GroupManagerSettingsImpl; import org.uberfire.ext.security.management.impl.GroupManagerSettingsImpl;
import org.uberfire.ext.security.management.impl.SearchResponseImpl;
import org.uberfire.ext.security.management.search.GroupsIdentifierRuntimeSearchEngine; import org.uberfire.ext.security.management.search.GroupsIdentifierRuntimeSearchEngine;
import org.uberfire.ext.security.management.search.IdentifierRuntimeSearchEngine; import org.uberfire.ext.security.management.search.IdentifierRuntimeSearchEngine;
import org.uberfire.ext.security.management.util.SecurityManagementUtils; import org.uberfire.ext.security.management.util.SecurityManagementUtils;
import java.util.Collection; import java.util.*;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
/** /**
* <p>Groups manager service provider implementation for Apache tomcat, when using default realm based on properties files.</p> * <p>Groups manager service provider implementation for Apache tomcat, when using default realm based on properties files.</p>
@ -84,37 +82,41 @@ public class KiePlatformGroupManager implements GroupManager, ContextualManager
@Override @Override
public SearchResponse<Group> search(SearchRequest request) throws SecurityManagementException { public SearchResponse<Group> search(SearchRequest request) throws SecurityManagementException {
throw new UnsupportedServiceCapabilityException(Capability.CAN_SEARCH_GROUPS); SearchResponse<Group> result = new SearchResponseImpl<>();
return result;
} }
@Override @Override
public Group get(String identifier) throws SecurityManagementException { public Group get(String identifier) throws SecurityManagementException {
throw new UnsupportedServiceCapabilityException(Capability.CAN_READ_GROUP); Group group = new GroupImpl(identifier);
return group;
} }
@Override @Override
public List<Group> getAll() throws SecurityManagementException { public List<Group> getAll() throws SecurityManagementException {
return null; List<Group> groups = new ArrayList<>();
groups.add(new GroupImpl("main"));
return groups;
} }
@Override @Override
public Group create(Group entity) throws SecurityManagementException { public Group create(Group entity) throws SecurityManagementException {
throw new UnsupportedServiceCapabilityException(Capability.CAN_ADD_GROUP); return entity;
} }
@Override @Override
public Group update(Group entity) throws SecurityManagementException { public Group update(Group entity) throws SecurityManagementException {
throw new UnsupportedServiceCapabilityException(Capability.CAN_UPDATE_GROUP); return entity;
} }
@Override @Override
public void delete(String... identifiers) throws SecurityManagementException { public void delete(String... identifiers) throws SecurityManagementException {
throw new UnsupportedServiceCapabilityException(Capability.CAN_DELETE_GROUP);
} }
@Override @Override
public GroupManagerSettings getSettings() { public GroupManagerSettings getSettings() {
final Map<Capability, CapabilityStatus> capabilityStatusMap = new HashMap<Capability, CapabilityStatus>(8); final Map<Capability, CapabilityStatus> capabilityStatusMap = new HashMap<Capability, CapabilityStatus>(8);
for (final Capability capability : SecurityManagementUtils.GROUPS_CAPABILITIES) { for (final Capability capability : SecurityManagementUtils.GROUPS_CAPABILITIES) {
capabilityStatusMap.put(capability, capabilityStatusMap.put(capability,
getCapabilityStatus(capability)); getCapabilityStatus(capability));
@ -124,7 +126,7 @@ public class KiePlatformGroupManager implements GroupManager, ContextualManager
} }
protected CapabilityStatus getCapabilityStatus(Capability capability) { protected CapabilityStatus getCapabilityStatus(Capability capability) {
/**
if (capability != null) { if (capability != null) {
switch (capability) { switch (capability) {
case CAN_SEARCH_GROUPS: case CAN_SEARCH_GROUPS:
@ -135,13 +137,12 @@ public class KiePlatformGroupManager implements GroupManager, ContextualManager
return CapabilityStatus.ENABLED; return CapabilityStatus.ENABLED;
} }
} }
**/ return CapabilityStatus.UNSUPPORTED;
return CapabilityStatus.UNSUPPORTED;
} }
@Override @Override
public void assignUsers(String name, public void assignUsers(String name,
Collection<String> users) throws SecurityManagementException { Collection<String> users) throws SecurityManagementException {
throw new UnsupportedServiceCapabilityException(Capability.CAN_ASSIGN_GROUPS);
} }
} }

40
drools-framework-base-tools-parent/drools-framework-kie-wb-parent/drools-framework-uberfire-security-service/src/main/java/org/chtijbug/guvnor/uberfire/security/KiePlatformUserManager.java
View file

@ -20,15 +20,14 @@ import com.mongodb.client.MongoClient;
import com.mongodb.client.MongoDatabase; import com.mongodb.client.MongoDatabase;
import org.bson.codecs.configuration.CodecRegistry; import org.bson.codecs.configuration.CodecRegistry;
import org.jboss.errai.security.shared.api.identity.User; import org.jboss.errai.security.shared.api.identity.User;
import org.jboss.errai.security.shared.api.identity.UserImpl;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.uberfire.commons.config.ConfigProperties; import org.uberfire.commons.config.ConfigProperties;
import org.uberfire.ext.security.management.api.*; import org.uberfire.ext.security.management.api.*;
import org.uberfire.ext.security.management.api.exception.SecurityManagementException; import org.uberfire.ext.security.management.api.exception.SecurityManagementException;
import org.uberfire.ext.security.management.api.exception.UnsupportedServiceCapabilityException; import org.uberfire.ext.security.management.impl.SearchResponseImpl;
import org.uberfire.ext.security.management.impl.UserManagerSettingsImpl; import org.uberfire.ext.security.management.impl.UserManagerSettingsImpl;
import org.uberfire.ext.security.management.search.IdentifierRuntimeSearchEngine;
import org.uberfire.ext.security.management.search.UsersIdentifierRuntimeSearchEngine;
import org.uberfire.ext.security.management.util.SecurityManagementUtils; import org.uberfire.ext.security.management.util.SecurityManagementUtils;
import java.util.*; import java.util.*;
@ -42,8 +41,7 @@ public class KiePlatformUserManager implements UserManager, ContextualManager {
private static final Logger LOG = LoggerFactory.getLogger(KiePlatformUserManager.class); private static final Logger LOG = LoggerFactory.getLogger(KiePlatformUserManager.class);
UserSystemManager userSystemManager;
IdentifierRuntimeSearchEngine<User> usersSearchEngine;
private MongoClient mongoClient; private MongoClient mongoClient;
private CodecRegistry pojoCodecRegistry; private CodecRegistry pojoCodecRegistry;
@ -70,8 +68,7 @@ public class KiePlatformUserManager implements UserManager, ContextualManager {
@Override @Override
public void initialize(final UserSystemManager userSystemManager) throws Exception { public void initialize(final UserSystemManager userSystemManager) throws Exception {
this.userSystemManager = userSystemManager;
usersSearchEngine = new UsersIdentifierRuntimeSearchEngine();
} }
@Override @Override
@ -81,32 +78,34 @@ public class KiePlatformUserManager implements UserManager, ContextualManager {
@Override @Override
public SearchResponse<User> search(SearchRequest request) throws SecurityManagementException { public SearchResponse<User> search(SearchRequest request) throws SecurityManagementException {
throw new UnsupportedServiceCapabilityException(Capability.CAN_SEARCH_USERS); SearchResponse<User> response = new SearchResponseImpl<>();
return response;
} }
@Override @Override
public User get(String identifier) throws SecurityManagementException { public User get(String identifier) throws SecurityManagementException {
throw new UnsupportedServiceCapabilityException(Capability.CAN_READ_USER); return new UserImpl(identifier);
} }
@Override @Override
public List<User> getAll() throws SecurityManagementException { public List<User> getAll() throws SecurityManagementException {
return null; List<User> users = new ArrayList<>();
return users;
} }
@Override @Override
public User create(User entity) throws SecurityManagementException { public User create(User entity) throws SecurityManagementException {
throw new UnsupportedServiceCapabilityException(Capability.CAN_ADD_USER); return entity;
} }
@Override @Override
public User update(User entity) throws SecurityManagementException { public User update(User entity) throws SecurityManagementException {
throw new UnsupportedServiceCapabilityException(Capability.CAN_UPDATE_USER); return entity;
} }
@Override @Override
public void delete(String... identifiers) throws SecurityManagementException { public void delete(String... identifiers) throws SecurityManagementException {
throw new UnsupportedServiceCapabilityException(Capability.CAN_DELETE_USER);
} }
@ -124,17 +123,14 @@ public class KiePlatformUserManager implements UserManager, ContextualManager {
@Override @Override
public void assignGroups(String username, public void assignGroups(String username,
Collection<String> groups) throws SecurityManagementException { Collection<String> groups) throws SecurityManagementException {
Set<String> userRoles = SecurityManagementUtils.rolesToString(SecurityManagementUtils.getRoles(userSystemManager,
username));
userRoles.addAll(groups);
doAssignGroups(username,
userRoles);
} }
@Override @Override
public void assignRoles(String username, public void assignRoles(String username,
Collection<String> roles) throws SecurityManagementException { Collection<String> roles) throws SecurityManagementException {
throw new UnsupportedServiceCapabilityException(Capability.CAN_ASSIGN_ROLES);
} }
private void doAssignGroups(String username, private void doAssignGroups(String username,
@ -145,12 +141,12 @@ public class KiePlatformUserManager implements UserManager, ContextualManager {
@Override @Override
public void changePassword(String username, public void changePassword(String username,
String newPassword) throws SecurityManagementException { String newPassword) throws SecurityManagementException {
throw new UnsupportedServiceCapabilityException(Capability.CAN_CHANGE_PASSWORD);
} }
protected CapabilityStatus getCapabilityStatus(Capability capability) { protected CapabilityStatus getCapabilityStatus(Capability capability) {
/**
if (capability != null) { if (capability != null) {
switch (capability) { switch (capability) {
case CAN_SEARCH_USERS: case CAN_SEARCH_USERS:
@ -166,7 +162,7 @@ public class KiePlatformUserManager implements UserManager, ContextualManager {
return CapabilityStatus.ENABLED; return CapabilityStatus.ENABLED;
} }
} }
**/
return CapabilityStatus.UNSUPPORTED; return CapabilityStatus.UNSUPPORTED;
} }
} }

2
drools-framework-base-tools-parent/drools-framework-kie-wb-parent/kie-wb/pom.xml
View file

@ -139,7 +139,7 @@
<goal>copy-resources</goal> <goal>copy-resources</goal>
</goals> </goals>
<configuration> <configuration>
<outputDirectory>${basedir}/target//unpack-tmp/WEB-INF/classes/META-INF</outputDirectory> <outputDirectory>${basedir}/target/unpack-tmp/</outputDirectory>
<resources> <resources>
<resource> <resource>
<directory>src/main/resources</directory> <directory>src/main/resources</directory>

34
drools-framework-base-tools-parent/drools-framework-kie-wb-parent/kie-wb/src/main/resources/META-INF/jboss-deployment-structure.xml Normal file
View file

@ -0,0 +1,34 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ JBoss, Home of Professional Open Source
~ Copyright 2017 Red Hat Inc. and/or its affiliates and other contributors
~ as indicated by the @author tags. All rights reserved.
~ See the copyright.txt in the distribution for a
~ full listing of individual contributors.
~
~ This copyrighted material is made available to anyone wishing to use,
~ modify, copy, or redistribute it subject to the terms and conditions
~ of the GNU Lesser General Public License, v. 2.1.
~ This program is distributed in the hope that it will be useful, but WITHOUT A
~ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
~ PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
~ You should have received a copy of the GNU Lesser General Public License,
~ v.2.1 along with this distribution; if not, write to the Free Software
~ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
~ MA 02110-1301, USA.
-->
<jboss-deployment-structure xmlns="urn:jboss:deployment-structure:1.1">
<deployment>
<dependencies>
<!-- IMPORTANT: when adding dependency (module) here, make sure it is a public one.
Do not add private modules as there is no guarantee they won't be changed or
removed in future. WildFly also generates warning(s) during the deployment if
the WAR depends on private modules. -->
<!-- Keep the alphabetical order! -->
<!-- JMS API required by kie-server-client as there is an runtime API dependency
(even though the JMS is not being used for the communication itself). -->
<module name="javax.jms.api"/>
<module name="com.pymmasoftware.pymma-kie-loginmodule"/>
</dependencies>
</deployment>
</jboss-deployment-structure>

11
drools-framework-base-tools-parent/drools-framework-kie-wb-parent/kie-wb/src/main/resources/WEB-INF/jboss-deployment-structure.xml
View file

@ -1,11 +0,0 @@
<jboss-deployment-structure>
<deployment>
<dependencies>
<module name="com.pymmasoftware.pymma-kie-loginmodule" export="TRUE" />
</dependencies>
</deployment>
</jboss-deployment-structure>