nosu
/
taskana
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

TSK-59 ACCESS_ID should always be treated as lowercase

This commit is contained in:
BerndBreier 2017-12-18 12:41:39 +01:00 committed by Holger Hagen
parent 5f64242714
commit 1952807123
7 changed files with 43 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lib/taskana-core/src/main/java/pro/taskana/impl/WorkbasketQueryImpl.java
View File

@ -117,6 +117,13 @@ public class WorkbasketQueryImpl implements WorkbasketQuery {
} }
this.authorization = permission; this.authorization = permission;
this.accessId = accessIds; this.accessId = accessIds;
for (int i = 0; i < accessIds.length; i++) {
String id = accessIds[i];
if (id != null) {
accessIds[i] = id.toLowerCase();
}
}
return this; return this;
} }

4
lib/taskana-core/src/main/java/pro/taskana/model/WorkbasketAccessItem.java
View File

@ -39,11 +39,11 @@ public class WorkbasketAccessItem {
} }
public String getAccessId() { public String getAccessId() {
return accessId; return accessId != null ? accessId.toLowerCase() : null;
} }
public void setAccessId(String accessId) { public void setAccessId(String accessId) {
this.accessId = accessId; this.accessId = accessId != null ? accessId.toLowerCase() : null;
} }
public boolean isPermRead() { public boolean isPermRead() {

41
lib/taskana-core/src/main/java/pro/taskana/security/CurrentUserContext.java
View File

@ -1,9 +1,5 @@
package pro.taskana.security; package pro.taskana.security;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.security.auth.Subject;
import java.lang.reflect.Method; import java.lang.reflect.Method;
import java.security.AccessController; import java.security.AccessController;
import java.security.Principal; import java.security.Principal;
@ -12,9 +8,14 @@ import java.util.ArrayList;
import java.util.List; import java.util.List;
import java.util.Set; import java.util.Set;
import javax.security.auth.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/** /**
* Provides the context information about the current (calling) user. The * Provides the context information about the current (calling) user. The context is gathered from the JAAS subject.
* context is gathered from the JAAS subject. *
* @author Holger Hagen * @author Holger Hagen
*/ */
public final class CurrentUserContext { public final class CurrentUserContext {
@ -32,6 +33,7 @@ public final class CurrentUserContext {
/** /**
* Returns the userid of the current user. * Returns the userid of the current user.
*
* @return String the userid. null if there is no JAAS subject. * @return String the userid. null if there is no JAAS subject.
*/ */
public static String getUserid() { public static String getUserid() {
@ -43,10 +45,9 @@ public final class CurrentUserContext {
} }
/** /**
* Returns the unique security name of the first public credentials found in the * Returns the unique security name of the first public credentials found in the WSSubject as userid.
* WSSubject as userid. *
* @return the userid of the caller. If the userid could not be obtained, null * @return the userid of the caller. If the userid could not be obtained, null is returned.
* is returned.
*/ */
private static String getUseridFromWSSubject() { private static String getUseridFromWSSubject() {
try { try {
@ -59,9 +60,12 @@ public final class CurrentUserContext {
LOGGER.debug("Public credentials of caller: {}", publicCredentials); LOGGER.debug("Public credentials of caller: {}", publicCredentials);
for (Object pC : publicCredentials) { for (Object pC : publicCredentials) {
Object o = pC.getClass().getMethod(GET_UNIQUE_SECURITY_NAME_METHOD, (Class<?>[]) null).invoke(pC, Object o = pC.getClass().getMethod(GET_UNIQUE_SECURITY_NAME_METHOD, (Class<?>[]) null).invoke(pC,
(Object[]) null); (Object[]) null);
LOGGER.debug("Returning the unique security name of first public credential: {}", o); LOGGER.debug("Returning the unique security name of first public credential: {}", o);
return o.toString(); String userIdFound = o.toString();
String userIdUsed = userIdFound != null ? userIdFound.toLowerCase() : null;
LOGGER.trace("Found User id {}. Returning User id {} ", userIdFound, userIdUsed);
return userIdUsed;
} }
} }
} catch (Exception e) { } catch (Exception e) {
@ -72,6 +76,7 @@ public final class CurrentUserContext {
/** /**
* Checks, whether Taskana is running on IBM WebSphere. * Checks, whether Taskana is running on IBM WebSphere.
*
* @return true, if it is running on IBM WebSphere * @return true, if it is running on IBM WebSphere
*/ */
private static boolean runningOnWebSphere() { private static boolean runningOnWebSphere() {
@ -96,8 +101,10 @@ public final class CurrentUserContext {
LOGGER.trace("Public principals of caller: {}", principals); LOGGER.trace("Public principals of caller: {}", principals);
for (Principal pC : principals) { for (Principal pC : principals) {
if (!(pC instanceof Group)) { if (!(pC instanceof Group)) {
LOGGER.trace("Returning the first principal that is no group: {}", pC.getName()); String userIdFound = pC.getName();
return pC.getName(); String userIdUsed = userIdFound != null ? userIdFound.toLowerCase() : null;
LOGGER.trace("Found User id {}. Returning User id {} ", userIdFound, userIdUsed);
return userIdUsed;
} }
} }
} }
@ -113,8 +120,10 @@ public final class CurrentUserContext {
Set<Group> groups = subject.getPrincipals(Group.class); Set<Group> groups = subject.getPrincipals(Group.class);
LOGGER.trace("Public groups of caller: {}", groups); LOGGER.trace("Public groups of caller: {}", groups);
for (Principal group : groups) { for (Principal group : groups) {
LOGGER.trace("Returning the groupId: {}", group.getName()); String groupNameFound = group.getName();
groupIds.add(group.getName()); String groupNameReturned = groupNameFound != null ? groupNameFound.toLowerCase() : null;
LOGGER.trace("Found group id {}. Returning group Id: {}", groupNameFound, groupNameReturned);
groupIds.add(groupNameReturned);
} }
return groupIds; return groupIds;
} }

2
lib/taskana-core/src/test/java/pro/taskana/impl/WorkbasketServiceImplTest.java
View File

@ -335,7 +335,7 @@ public class WorkbasketServiceImplTest {
accessItem.setAccessId("Zaphod Beeblebrox"); accessItem.setAccessId("Zaphod Beeblebrox");
workbasketServiceImpl.updateWorkbasketAuthorization(accessItem); workbasketServiceImpl.updateWorkbasketAuthorization(accessItem);
Assert.assertEquals("Zaphod Beeblebrox", accessItem.getAccessId()); Assert.assertEquals("zaphod beeblebrox", accessItem.getAccessId());
} }
@Test(expected = NotAuthorizedException.class) @Test(expected = NotAuthorizedException.class)

2
lib/taskana-core/src/test/java/pro/taskana/impl/integration/WorkbasketServiceImplIntAutocommitTest.java
View File

@ -299,7 +299,7 @@ public class WorkbasketServiceImplIntAutocommitTest {
accessItem.setAccessId("Zaphod Beeblebrox"); accessItem.setAccessId("Zaphod Beeblebrox");
workBasketService.updateWorkbasketAuthorization(accessItem); workBasketService.updateWorkbasketAuthorization(accessItem);
Assert.assertEquals("Zaphod Beeblebrox", Assert.assertEquals("zaphod beeblebrox",
workBasketService.getWorkbasketAuthorization(accessItem.getId()).getAccessId()); workBasketService.getWorkbasketAuthorization(accessItem.getId()).getAccessId());
} }

4
lib/taskana-core/src/test/java/pro/taskana/impl/integration/WorkbasketServiceImplIntExplicitTest.java
View File

@ -271,6 +271,8 @@ public class WorkbasketServiceImplIntExplicitTest {
workBasketService.getWorkbasket(id2).getModified()); workBasketService.getWorkbasket(id2).getModified());
Assert.assertEquals(workBasketService.getWorkbasket(id1).getCreated(), Assert.assertEquals(workBasketService.getWorkbasket(id1).getCreated(),
workBasketService.getWorkbasket(id1).getModified()); workBasketService.getWorkbasket(id1).getModified());
Assert.assertEquals(workBasketService.getWorkbasket(id3).getCreated(),
workBasketService.getWorkbasket(id3).getModified());
connection.commit(); connection.commit();
} }
@ -307,7 +309,7 @@ public class WorkbasketServiceImplIntExplicitTest {
accessItem.setAccessId("Zaphod Beeblebrox"); accessItem.setAccessId("Zaphod Beeblebrox");
workBasketService.updateWorkbasketAuthorization(accessItem); workBasketService.updateWorkbasketAuthorization(accessItem);
Assert.assertEquals("Zaphod Beeblebrox", Assert.assertEquals("zaphod beeblebrox",
workBasketService.getWorkbasketAuthorization(accessItem.getId()).getAccessId()); workBasketService.getWorkbasketAuthorization(accessItem.getId()).getAccessId());
connection.commit(); connection.commit();
} }

7
rest/src/main/resources/sql/sample-data/workbasket-access-list.sql
View File

@ -1,4 +1,5 @@
INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('1', 'key1', 'Elena', true, true, true, true, true, false, false, false, false, false, false, false, false);
INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('2', 'key2', 'Max', true, true, true, true, true, true, true, true, true, false, false, false, false); INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('1', 'key1', 'elena', true, true, true, true, true, false, false, false, false, false, false, false, false);
INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('3', 'key3', 'Simone', true, true, true, true, true, true, true, true, true, true, true, true, true); INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('2', 'key2', 'max', true, true, true, true, true, true, true, true, true, false, false, false, false);
INSERT INTO WORKBASKET_ACCESS_LIST VALUES ('3', 'key3', 'simone', true, true, true, true, true, true, true, true, true, true, true, true, true);