start implementation of a ui for the security system configuration

2025-11-12 16:35:45 +01:00 · 2013-04-14 15:53:23 +02:00
parent 24ee483562
commit 77acba82e1
5 changed files with 239 additions and 2 deletions
--- a/scm-webapp/src/main/java/sonia/scm/api/rest/resources/SecurityConfigurationResource.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/rest/resources/SecurityConfigurationResource.java
@@ -0,0 +1,136 @@
+/**
+ * Copyright (c) 2010, Sebastian Sdorra All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer. 2. Redistributions in
+ * binary form must reproduce the above copyright notice, this list of
+ * conditions and the following disclaimer in the documentation and/or other
+ * materials provided with the distribution. 3. Neither the name of SCM-Manager;
+ * nor the names of its contributors may be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * http://bitbucket.org/sdorra/scm-manager
+ *
+ */
+
+
+
+package sonia.scm.api.rest.resources;
+
+//~--- non-JDK imports --------------------------------------------------------
+
+import com.google.inject.Inject;
+
+import org.apache.shiro.SecurityUtils;
+
+import org.codehaus.enunciate.jaxrs.TypeHint;
+import org.codehaus.enunciate.modules.jersey.ExternallyManagedLifecycle;
+
+import sonia.scm.security.Role;
+import sonia.scm.security.SecurityConfiguration;
+import sonia.scm.security.SecuritySystem;
+
+//~--- JDK imports ------------------------------------------------------------
+
+import javax.ws.rs.Consumes;
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.UriInfo;
+
+/**
+ *
+ * @author Sebastian Sdorra
+ */
+@Path("security")
+@ExternallyManagedLifecycle
+public class SecurityConfigurationResource
+{
+
+  /**
+   * Constructs ...
+   *
+   *
+   * @param system
+   */
+  @Inject
+  public SecurityConfigurationResource(SecuritySystem system)
+  {
+    this.system = system;
+  }
+
+  //~--- get methods ----------------------------------------------------------
+
+  /**
+   * Method description
+   *
+   *
+   * @return
+   */
+  @GET
+  @TypeHint(SecurityConfiguration.class)
+  @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
+  public Response getConfiguration()
+  {
+    Response response = null;
+
+    if (SecurityUtils.getSubject().hasRole(Role.ADMIN))
+    {
+      response = Response.ok(system.getConfiguration()).build();
+    }
+    else
+    {
+      response = Response.status(Response.Status.FORBIDDEN).build();
+    }
+
+    return response;
+  }
+
+  //~--- set methods ----------------------------------------------------------
+
+  /**
+   * Method description
+   *
+   *
+   * @param uriInfo
+   * @param newConfig
+   *
+   * @return
+   */
+  @POST
+  @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
+  public Response setConfig(@Context UriInfo uriInfo,
+    SecurityConfiguration newConfig)
+  {
+
+    // TODO replace by checkRole
+    SecurityUtils.getSubject().checkRole(Role.ADMIN);
+
+    system.setConfiguration(newConfig);
+
+    return Response.created(uriInfo.getRequestUri()).build();
+  }
+
+  //~--- fields ---------------------------------------------------------------
+
+  /** Field description */
+  private SecuritySystem system;
+}