Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make non-admin user read-only with a config #3759

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Make non-admin user read-only with a config #3759

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ff5e408
Make non-admin user read-only with a config
DedunuKarunarathne Nov 5, 2024
08751f3
Add toml config
DedunuKarunarathne Nov 5, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 14 additions & 1 deletion ....management.apis/src/main/java/org/wso2/micro/integrator/management/apis/ApiResource.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,8 @@
import org.json.JSONObject;
import org.wso2.carbon.inbound.endpoint.internal.http.api.APIResource;
import org.wso2.micro.core.util.NetworkUtils;
import org.wso2.micro.integrator.management.apis.security.handler.SecurityUtils;
import org.wso2.micro.integrator.security.user.api.UserStoreException;

import java.io.IOException;
import java.net.MalformedURLException;
Expand All @@ -51,6 +53,7 @@
import java.util.stream.Collectors;

import static org.wso2.micro.integrator.management.apis.Constants.SEARCH_KEY;
import static org.wso2.micro.integrator.management.apis.Constants.USERNAME_PROPERTY;

public class ApiResource extends APIResource {

Expand Down Expand Up @@ -90,7 +93,17 @@ public boolean invoke(MessageContext messageContext) {
populateApiList(messageContext);
}
} else {
handlePost(messageContext, axisMsgCtx);
String userName = (String) messageContext.getProperty(USERNAME_PROPERTY);
try {
if (SecurityUtils.canUserEdit(userName)) {
handlePost(messageContext, axisMsgCtx);
} else {
Utils.sendForbiddenFaultResponse(axisMsgCtx);
}
} catch (UserStoreException e) {
LOG.error("Error occurred while retrieving the user data", e);
Utils.setJsonPayLoad(axisMsgCtx, Utils.createJsonErrorObject("Error occurred while retrieving the user data"));
}
}
return true;
}
Expand Down
25 changes: 23 additions & 2 deletions ...ement.apis/src/main/java/org/wso2/micro/integrator/management/apis/CarbonAppResource.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@
import org.wso2.micro.core.util.AuditLogger;
import org.wso2.micro.integrator.initializer.deployment.application.deployer.CappDeployer;
import org.wso2.micro.integrator.management.apis.security.handler.SecurityUtils;
import org.wso2.micro.integrator.security.user.api.UserStoreException;

import java.io.BufferedInputStream;
import java.io.File;
Expand Down Expand Up @@ -71,6 +72,7 @@
import static org.wso2.micro.integrator.management.apis.Constants.LIST;
import static org.wso2.micro.integrator.management.apis.Constants.NOT_FOUND;
import static org.wso2.micro.integrator.management.apis.Constants.SEARCH_KEY;
import static org.wso2.micro.integrator.management.apis.Constants.USERNAME_PROPERTY;

public class CarbonAppResource extends APIResource {

Expand Down Expand Up @@ -111,6 +113,7 @@ public boolean invoke(MessageContext messageContext) {
if (messageContext.getProperty(Constants.USERNAME_PROPERTY) != null) {
performedBy = messageContext.getProperty(Constants.USERNAME_PROPERTY).toString();
}
String userName = (String) messageContext.getProperty(USERNAME_PROPERTY);
switch (httpMethod) {
case Constants.HTTP_GET: {
String param = Utils.getQueryParameter(messageContext, "carbonAppName");
Expand All @@ -131,11 +134,29 @@ public boolean invoke(MessageContext messageContext) {
break;
}
case Constants.HTTP_POST: {
handlePost(performedBy, axis2MessageContext);
try {
if (SecurityUtils.canUserEdit(userName)) {
handlePost(performedBy, axis2MessageContext);
} else {
Utils.sendForbiddenFaultResponse(axis2MessageContext);
}
} catch (UserStoreException e) {
log.error("Error occurred while retrieving the user data", e);
Utils.setJsonPayLoad(axis2MessageContext,Utils.createJsonErrorObject("Error occurred while retrieving the user data"));
}
break;
}
case Constants.HTTP_DELETE: {
handleDelete(performedBy, messageContext, axis2MessageContext);
try {
if (SecurityUtils.canUserEdit(userName)) {
handleDelete(performedBy, messageContext, axis2MessageContext);
} else {
Utils.sendForbiddenFaultResponse(axis2MessageContext);
}
} catch (UserStoreException e) {
log.error("Error occurred while retrieving the user data", e);
Utils.setJsonPayLoad(axis2MessageContext,Utils.createJsonErrorObject("Error occurred while retrieving the user data"));
}
break;
}
default: {
Expand Down
16 changes: 15 additions & 1 deletion ...agement.apis/src/main/java/org/wso2/micro/integrator/management/apis/ConfigsResource.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,11 +24,15 @@
import org.apache.synapse.config.SynapseConfiguration;
import org.apache.synapse.transport.passthru.config.PassThroughCorrelationConfigDataHolder;
import org.json.JSONObject;
import org.wso2.micro.integrator.management.apis.security.handler.SecurityUtils;
import org.wso2.micro.integrator.security.user.api.UserStoreException;

import java.io.IOException;
import java.util.HashSet;
import java.util.Set;

import static org.wso2.micro.integrator.management.apis.Constants.USERNAME_PROPERTY;

/**
* This resource will handle requests coming to configs/.
*/
Expand Down Expand Up @@ -63,14 +67,20 @@ public boolean invoke(MessageContext messageContext,
LOG.debug("Handling" + httpMethod + "request");
}
JSONObject response;
String userName = (String) messageContext.getProperty(USERNAME_PROPERTY);
try {
switch (httpMethod) {
case Constants.HTTP_GET: {
response = handleGet(messageContext);
break;
}
case Constants.HTTP_PUT: {
response = handlePut(axis2MessageContext);
if (SecurityUtils.canUserEdit(userName)) {
response = handlePut(axis2MessageContext);
} else {
Utils.sendForbiddenFaultResponse(axis2MessageContext);
response = Utils.createJsonError("", axis2MessageContext, Constants.FORBIDDEN);
}
break;
}
default: {
Expand All @@ -85,6 +95,10 @@ public boolean invoke(MessageContext messageContext,
} catch (IOException e) {
LOG.error("Error when parsing JSON payload", e);
response = Utils.createJsonErrorObject("Error while parsing JSON payload");
} catch (UserStoreException e) {
LOG.error("Error occurred while retrieving the user data", e);
response = Utils.createJsonError("Error occurred while retrieving the user data",
axis2MessageContext, Constants.FORBIDDEN);
}
Utils.setJsonPayLoad(axis2MessageContext, response);
return true;
Expand Down
34 changes: 22 additions & 12 deletions ...ement.apis/src/main/java/org/wso2/micro/integrator/management/apis/ConnectorResource.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,8 @@
import org.wso2.micro.integrator.initializer.ServiceBusUtils;
import org.wso2.micro.integrator.initializer.persistence.MediationPersistenceManager;
import org.wso2.micro.integrator.initializer.deployment.synapse.deployer.SynapseAppDeployer;
import org.wso2.micro.integrator.management.apis.security.handler.SecurityUtils;
import org.wso2.micro.integrator.security.user.api.UserStoreException;

import java.io.IOException;

Expand All @@ -50,6 +52,7 @@

import static org.wso2.micro.integrator.management.apis.Constants.ITEM_TYPE_IMPORT;
import static org.wso2.micro.integrator.management.apis.Constants.SEARCH_KEY;
import static org.wso2.micro.integrator.management.apis.Constants.USERNAME_PROPERTY;

/**
* API Resource to manage connectors deployed
Expand Down Expand Up @@ -98,28 +101,35 @@ public boolean invoke(MessageContext messageContext,
}
axis2MessageContext.removeProperty(Constants.NO_ENTITY_BODY);
} else {

String userName = (String) messageContext.getProperty(USERNAME_PROPERTY);
try {
if (!JsonUtil.hasAJsonPayload(axis2MessageContext)) {
Utils.setJsonPayLoad(axis2MessageContext, Utils.createJsonErrorObject("POST method required json payload"));
} else {
JsonObject payload = Utils.getJsonPayload(axis2MessageContext);
String performedBy = Constants.ANONYMOUS_USER;
if (messageContext.getProperty(Constants.USERNAME_PROPERTY) != null) {
performedBy = messageContext.getProperty(Constants.USERNAME_PROPERTY).toString();
}
if (payload.has(NAME_ATTRIBUTE) && payload.has(STATUS_ATTRIBUTE) && payload.has(PACKAGE_ATTRIBUTE)) {
changeConnectorState(performedBy, axis2MessageContext, payload, synapseConfiguration);
if (SecurityUtils.canUserEdit(userName)) {
if (!JsonUtil.hasAJsonPayload(axis2MessageContext)) {
Utils.setJsonPayLoad(axis2MessageContext, Utils.createJsonErrorObject("POST method required json payload"));
} else {
Utils.setJsonPayLoad(axis2MessageContext, Utils.createJsonErrorObject("Missing parameters in payload"));
JsonObject payload = Utils.getJsonPayload(axis2MessageContext);
String performedBy = Constants.ANONYMOUS_USER;
if (messageContext.getProperty(Constants.USERNAME_PROPERTY) != null) {
performedBy = messageContext.getProperty(Constants.USERNAME_PROPERTY).toString();
}
if (payload.has(NAME_ATTRIBUTE) && payload.has(STATUS_ATTRIBUTE) && payload.has(PACKAGE_ATTRIBUTE)) {
changeConnectorState(performedBy, axis2MessageContext, payload, synapseConfiguration);
} else {
Utils.setJsonPayLoad(axis2MessageContext, Utils.createJsonErrorObject("Missing parameters in payload"));
}
}
} else {
Utils.sendForbiddenFaultResponse(axis2MessageContext);
}
} catch (AxisFault axisFault) {
LOG.error("Error when updating connector status", axisFault);
Utils.setJsonPayLoad(axis2MessageContext, Utils.createJsonErrorObject("Error when updating connector status"));
} catch (IOException e) {
LOG.error("Error when parsing JSON payload", e);
Utils.setJsonPayLoad(axis2MessageContext, Utils.createJsonErrorObject("Error when parsing JSON payload"));
} catch (UserStoreException e) {
LOG.error("Error occurred while retrieving the user data", e);
Utils.setJsonPayLoad(axis2MessageContext, Utils.createJsonErrorObject("Error occurred while retrieving the user data"));
}
}
return true;
Expand Down
1 change: 1 addition & 0 deletions ...or.management.apis/src/main/java/org/wso2/micro/integrator/management/apis/Constants.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -155,6 +155,7 @@ public class Constants {

// toml properties
public static String FILE_BASED_USER_STORE_ENABLE = "internal_apis.file_user_store.enable";
public static String MAKE_NON_ADMIN_USERS_READ_ONLY = "user_access.make_non_admin_users_read_only";

public static final String AUDIT_LOG_TYPE_ENDPOINT = "endpoint";
public static final String AUDIT_LOG_TYPE_USER = "user";
Expand Down
28 changes: 19 additions & 9 deletions ...gement.apis/src/main/java/org/wso2/micro/integrator/management/apis/EndpointResource.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,8 @@
import org.apache.synapse.endpoints.Endpoint;
import org.json.JSONObject;
import org.wso2.micro.core.util.AuditLogger;
import org.wso2.micro.integrator.management.apis.security.handler.SecurityUtils;
import org.wso2.micro.integrator.security.user.api.UserStoreException;

import javax.xml.namespace.QName;
import java.io.IOException;
Expand All @@ -50,7 +52,7 @@
import static org.wso2.micro.integrator.management.apis.Constants.SEARCH_KEY;
import static org.wso2.micro.integrator.management.apis.Constants.STATUS;
import static org.wso2.micro.integrator.management.apis.Constants.TRACING;

import static org.wso2.micro.integrator.management.apis.Constants.USERNAME_PROPERTY;

public class EndpointResource implements MiApiResource {

Expand Down Expand Up @@ -93,20 +95,28 @@ public boolean invoke(MessageContext messageContext,
populateEndpointList(messageContext, synapseConfiguration);
}
} else {
String userName = (String) messageContext.getProperty(USERNAME_PROPERTY);
try {
if (!JsonUtil.hasAJsonPayload(axis2MessageContext)) {
Utils.setJsonPayLoad(axis2MessageContext, Utils.createJsonErrorObject("JSON payload is missing"));
return true;
}
JsonObject payload = Utils.getJsonPayload(axis2MessageContext);
if (payload.has(Constants.NAME) && payload.has(STATUS)) {
changeEndpointStatus(performedBy, axis2MessageContext, synapseConfiguration, payload);
if (SecurityUtils.canUserEdit(userName)) {
if (!JsonUtil.hasAJsonPayload(axis2MessageContext)) {
Utils.setJsonPayLoad(axis2MessageContext, Utils.createJsonErrorObject("JSON payload is missing"));
return true;
}
JsonObject payload = Utils.getJsonPayload(axis2MessageContext);
if (payload.has(Constants.NAME) && payload.has(STATUS)) {
changeEndpointStatus(performedBy, axis2MessageContext, synapseConfiguration, payload);
} else {
handleTracing(performedBy, payload, messageContext, axis2MessageContext);
}
} else {
handleTracing(performedBy, payload, messageContext, axis2MessageContext);
Utils.sendForbiddenFaultResponse(axis2MessageContext);
}
} catch (IOException e) {
LOG.error("Error when parsing JSON payload", e);
Utils.setJsonPayLoad(axis2MessageContext, Utils.createJsonErrorObject("Error when parsing JSON payload"));
} catch (UserStoreException e) {
LOG.error("Error occurred while retrieving the user data", e);
Utils.setJsonPayLoad(axis2MessageContext, Utils.createJsonErrorObject("Error occurred while retrieving the user data"));
}
}

Expand Down
15 changes: 14 additions & 1 deletion ...t.apis/src/main/java/org/wso2/micro/integrator/management/apis/ExternalVaultResource.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,15 +25,18 @@
import org.apache.synapse.core.axis2.Axis2MessageContext;
import org.json.JSONObject;
import org.wso2.carbon.inbound.endpoint.internal.http.api.APIResource;
import org.wso2.micro.integrator.management.apis.security.handler.SecurityUtils;
import org.wso2.micro.integrator.mediation.security.vault.external.ExternalVaultException;
import org.wso2.micro.integrator.mediation.security.vault.external.hashicorp.HashiCorpVaultLookupHandlerImpl;
import org.wso2.micro.integrator.security.user.api.UserStoreException;

import java.io.IOException;
import java.util.HashSet;
import java.util.Set;

import static org.wso2.micro.integrator.management.apis.Constants.BAD_REQUEST;
import static org.wso2.micro.integrator.management.apis.Constants.NOT_FOUND;
import static org.wso2.micro.integrator.management.apis.Constants.USERNAME_PROPERTY;

public class ExternalVaultResource extends APIResource {

Expand Down Expand Up @@ -64,7 +67,17 @@ public boolean invoke(MessageContext messageContext) {

if ("hashicorp".equalsIgnoreCase(pathParam)) {
if (Utils.isDoingPOST(axis2MessageContext)) {
handleHashiCorpPost(axis2MessageContext);
String userName = (String) messageContext.getProperty(USERNAME_PROPERTY);
try {
if (SecurityUtils.canUserEdit(userName)) {
handleHashiCorpPost(axis2MessageContext);
} else {
Utils.sendForbiddenFaultResponse(axis2MessageContext);
}
} catch (UserStoreException e) {
LOG.error("Error occurred while retrieving the user data", e);
Utils.setJsonPayLoad(axis2MessageContext, Utils.createJsonErrorObject("Error occurred while retrieving the user data"));
}
} else {
JSONObject response = Utils.createJsonError("No such method for management/external-vault/"
+ pathParam, axis2MessageContext, NOT_FOUND);
Expand Down
15 changes: 14 additions & 1 deletion ...apis/src/main/java/org/wso2/micro/integrator/management/apis/InboundEndpointResource.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,8 @@
import org.json.JSONArray;
import org.json.JSONObject;
import org.wso2.carbon.inbound.endpoint.internal.http.api.APIResource;
import org.wso2.micro.integrator.management.apis.security.handler.SecurityUtils;
import org.wso2.micro.integrator.security.user.api.UserStoreException;

import java.io.IOException;

Expand All @@ -43,6 +45,7 @@

import static org.wso2.micro.integrator.management.apis.Constants.SEARCH_KEY;
import static org.wso2.micro.integrator.management.apis.Constants.SYNAPSE_CONFIGURATION;
import static org.wso2.micro.integrator.management.apis.Constants.USERNAME_PROPERTY;

public class InboundEndpointResource extends APIResource {

Expand Down Expand Up @@ -80,7 +83,17 @@ public boolean invoke(MessageContext messageContext) {
populateInboundEndpointList(messageContext);
}
} else {
handlePost(messageContext, axisMsgCtx);
String userName = (String) messageContext.getProperty(USERNAME_PROPERTY);
try {
if (SecurityUtils.canUserEdit(userName)) {
handlePost(messageContext, axisMsgCtx);
} else {
Utils.sendForbiddenFaultResponse(axisMsgCtx);
}
} catch (UserStoreException e) {
LOG.error("Error occurred while retrieving the user data", e);
Utils.setJsonPayLoad(axisMsgCtx, Utils.createJsonErrorObject("Error occurred while retrieving the user data"));
}
}
return true;
}
Expand Down
Loading
Loading