This is an automated email from the git hooks/post-receive script. New commit to branch feature/7463-3 in repository observe. See http://git.codelutin.com/observe.git commit 695639ac672ebe6e7982244131b53dce70be714e Author: Tony CHEMIT <chemit@codelutin.com> Date: Mon Sep 7 23:47:48 2015 +0200 Simplification de la sécurité + Gestion des erreurs au niveau du serveur web (reste à gérer le retour dans le client REST) --- .../application/web/ObserveWebMotionFilter.java | 52 ++---------- .../web/controller/v1/ConfigurationController.java | 2 +- .../controller/v1/DataSourceServiceController.java | 3 - .../controller/v1/ObserveWebErrorController.java | 97 ++++++++++++++++++++++ .../v1/ReferentialServiceController.java | 7 -- .../web/request/ObserveWebRequestContext.java | 63 +++++--------- .../request/ObserveWebRequestSecurityContext.java | 54 ------------ .../web/security/AdminApiKeyNotFoundException.java | 11 +++ .../AuthenticationTokenNotFoundException.java | 11 +++ .../BadObserveWebUserPasswordException.java | 2 +- .../InvalidAdminKeyApiException.java | 4 +- .../InvalidAuthenticationTokenException.java | 2 +- .../ObserveWebSecurityApplicationContext.java | 13 ++- .../ObserveWebSecurityExceptionSupport.java | 26 ++++++ .../SecurityRequestContextNotFoundException.java | 11 +++ .../security/UnknownObserveWebUserException.java | 2 +- .../UnknownObserveWebUserForDatabaseException.java | 2 +- .../web/security/UserLoginNotFoundException.java | 11 +++ .../security/UserPasswordNotFoundException.java | 11 +++ observe-application-web/src/main/resources/mapping | 3 + 20 files changed, 230 insertions(+), 157 deletions(-) diff --git a/observe-application-web/src/main/java/fr/ird/observe/application/web/ObserveWebMotionFilter.java b/observe-application-web/src/main/java/fr/ird/observe/application/web/ObserveWebMotionFilter.java index b67c3fc..aabdd5d 100644 --- a/observe-application-web/src/main/java/fr/ird/observe/application/web/ObserveWebMotionFilter.java +++ b/observe-application-web/src/main/java/fr/ird/observe/application/web/ObserveWebMotionFilter.java @@ -1,11 +1,7 @@ package fr.ird.observe.application.web; +import com.google.common.base.Strings; import fr.ird.observe.application.web.request.ObserveWebRequestContext; -import fr.ird.observe.application.web.request.ObserveWebRequestSecurityContext; -import fr.ird.observe.application.web.security.BadObserveWebUserPasswordException; -import fr.ird.observe.application.web.security.InvalidAuthenticationTokenException; -import fr.ird.observe.application.web.security.UnknownObserveWebUserException; -import fr.ird.observe.application.web.security.UnknownObserveWebUserForDatabaseException; import fr.ird.observe.services.configuration.ObserveDataSourceConfigurationRestConstants; import fr.ird.observe.services.dto.constants.ReferentialLocale; import org.apache.commons.lang3.StringUtils; @@ -21,27 +17,26 @@ import java.util.Locale; */ public class ObserveWebMotionFilter extends WebMotionFilter implements ObserveDataSourceConfigurationRestConstants { - public void inject(HttpContext context) throws InvalidAuthenticationTokenException, UnknownObserveWebUserException, BadObserveWebUserPasswordException, UnknownObserveWebUserForDatabaseException, InvalidAdminKeyApiException { + public void inject(HttpContext context) { ObserveWebApplicationContext applicationContext = ObserveWebApplicationContext.getApplicationContext(context); HttpServletRequest request = context.getRequest(); - ObserveWebRequestSecurityContext securityContext = createSecurityContext(request); - Locale applicationLocale = getApplicationLocale(request); ReferentialLocale referentialLocale = getReferentialLocale(request); String adminApiKey = getRequestHeaderOrParameterValueOrNull(request, REQUEST_ADMIN_API_KEY); + if (Strings.isNullOrEmpty(adminApiKey)) { + adminApiKey = null; + } - if (adminApiKey != null) { - String configurationAdminKey = applicationContext.getApplicationConfiguration().getAdminApiKey(); - if (!configurationAdminKey.equals(adminApiKey)) { - throw new InvalidAdminKeyApiException(adminApiKey); - } + String authenticationToken = getRequestHeaderOrParameterValueOrNull(request, REQUEST_AUTHENTICATION_TOKEN); + if (Strings.isNullOrEmpty(authenticationToken)) { + authenticationToken = null; } - ObserveWebRequestContext requestContext = new ObserveWebRequestContext(applicationContext, securityContext, applicationLocale, referentialLocale, adminApiKey); + ObserveWebRequestContext requestContext = new ObserveWebRequestContext(applicationContext, applicationLocale, referentialLocale, adminApiKey, authenticationToken); ObserveWebRequestContext.setRequestContext(context, requestContext); doProcess(); @@ -71,35 +66,6 @@ public class ObserveWebMotionFilter extends WebMotionFilter implements ObserveDa } - protected ObserveWebRequestSecurityContext createSecurityContext(HttpServletRequest request) throws InvalidAuthenticationTokenException, UnknownObserveWebUserForDatabaseException, BadObserveWebUserPasswordException, UnknownObserveWebUserException { - - ObserveWebRequestSecurityContext securityContext = null; - - String authenticationToken = getRequestHeaderOrParameterValueOrNull(request, REQUEST_AUTHENTICATION_TOKEN); - if (StringUtils.isNotBlank(authenticationToken)) { - - securityContext = ObserveWebRequestSecurityContext.createAuthenticated(authenticationToken); - - } else { - - // Cas où on l'utilisateur n'est pas connecté - - String userLogin = getRequestHeaderOrParameterValueOrNull(request, REQUEST_USER_LOGIN); - String userPassword = getRequestHeaderOrParameterValueOrNull(request, REQUEST_USER_PASSWORD); - String userDatabaseName = getRequestHeaderOrParameterValueOrNull(request, REQUEST_USER_DATABASE_NAME); - - if (!(userLogin == null && userPassword == null)) { - - securityContext = ObserveWebRequestSecurityContext.create(userLogin, userPassword, userDatabaseName); - - } - - } - - return securityContext; - - } - protected String getRequestHeaderOrParameterValueOrNull(HttpServletRequest request, String parameterName) { String result = request.getHeader(parameterName); diff --git a/observe-application-web/src/main/java/fr/ird/observe/application/web/controller/v1/ConfigurationController.java b/observe-application-web/src/main/java/fr/ird/observe/application/web/controller/v1/ConfigurationController.java index ca4815e..6684a6d 100644 --- a/observe-application-web/src/main/java/fr/ird/observe/application/web/controller/v1/ConfigurationController.java +++ b/observe-application-web/src/main/java/fr/ird/observe/application/web/controller/v1/ConfigurationController.java @@ -27,7 +27,7 @@ public class ConfigurationController extends ObserveWebMotionController { @Override public void setContextable(WebMotionContextable contextable) { super.setContextable(contextable); - getRequestContext().checkAdminApiKeyIsPresent(); + getRequestContext().checkAdminApiKeyIsValid(); } public Render mapping() { diff --git a/observe-application-web/src/main/java/fr/ird/observe/application/web/controller/v1/DataSourceServiceController.java b/observe-application-web/src/main/java/fr/ird/observe/application/web/controller/v1/DataSourceServiceController.java index 9d0728c..5ffd414 100644 --- a/observe-application-web/src/main/java/fr/ird/observe/application/web/controller/v1/DataSourceServiceController.java +++ b/observe-application-web/src/main/java/fr/ird/observe/application/web/controller/v1/DataSourceServiceController.java @@ -2,7 +2,6 @@ package fr.ird.observe.application.web.controller.v1; import com.google.common.base.Optional; import com.google.common.base.Preconditions; -import com.rometools.utils.Strings; import fr.ird.observe.application.web.request.ObserveWebRequestContext; import fr.ird.observe.application.web.security.ObserveWebSecurityApplicationContext; import fr.ird.observe.services.configuration.ObserveDataSourceConfiguration; @@ -91,10 +90,8 @@ public class DataSourceServiceController extends ObserveServiceControllerSupport ObserveDataSourceConfigurationRest dataSourceConfigurationRest = (ObserveDataSourceConfigurationRest) dataSourceConfigurationFromRequest; String login = dataSourceConfigurationRest.getLogin(); - Preconditions.checkState(Strings.isNotEmpty(login), "Pas de login fournit"); String password = new String(dataSourceConfigurationRest.getPassword()); - Preconditions.checkState(Strings.isNotEmpty(password), "Pas de mot de passe fournit"); Optional<String> optionalDatabaseName = dataSourceConfigurationRest.getOptionalDatabaseName(); diff --git a/observe-application-web/src/main/java/fr/ird/observe/application/web/controller/v1/ObserveWebErrorController.java b/observe-application-web/src/main/java/fr/ird/observe/application/web/controller/v1/ObserveWebErrorController.java new file mode 100644 index 0000000..7eb0731 --- /dev/null +++ b/observe-application-web/src/main/java/fr/ird/observe/application/web/controller/v1/ObserveWebErrorController.java @@ -0,0 +1,97 @@ +package fr.ird.observe.application.web.controller.v1; + +import fr.ird.observe.application.web.security.ObserveWebSecurityExceptionSupport; +import org.debux.webmotion.server.WebMotionController; +import org.debux.webmotion.server.WebMotionException; +import org.debux.webmotion.server.call.HttpContext; + +import java.lang.reflect.InvocationTargetException; +import java.util.LinkedHashSet; +import java.util.Set; + +/** + * Pour gérer les erreurs. + * + * On retourne un rendu json avec le status http, l'erreur déclanchée... + * Created on 07/09/15. + * + * @author Tony Chemit - chemit@codelutin.com + */ +public class ObserveWebErrorController extends WebMotionController { + + class Error { + + protected final Integer httpCode; + + protected final Class<?> exceptionType; + + protected final String message; + + protected final Throwable exception; + + Error(Integer httpCode, Class<?> exceptionType, String message, Throwable exception) { + this.httpCode = httpCode; + this.exceptionType = exceptionType; + this.message = message; + this.exception = exception; + } + } + + public Error error(HttpContext.ErrorData errorData) { + + @SuppressWarnings("ThrowableResultOfMethodCallIgnored") + Throwable exception = errorData.getException(); + + if (exception instanceof WebMotionException) { + + if (exception.getCause() == exception) { + exception.initCause(null); + } else { + exception = exception.getCause(); + } + + } + + if (exception instanceof InvocationTargetException) { + + exception = exception.getCause(); + + } + + Integer statusCode = errorData.getStatusCode(); + + String message = errorData.getMessage(); + + if (exception != null) { + + Set<StackTraceElement> stackTraceElements = new LinkedHashSet<>(); + if (exception.getStackTrace() != null) { + for (StackTraceElement stackTraceElement : exception.getStackTrace()) { + if (stackTraceElement.getClassName().contains("sun.reflect.")) { + continue; + } + stackTraceElements.add(stackTraceElement); + } + } + + if (exception instanceof ObserveWebSecurityExceptionSupport) { + statusCode = 403; + } + + exception.setStackTrace(stackTraceElements.toArray(new StackTraceElement[stackTraceElements.size()])); + exception.initCause(null); + + message = exception.getMessage(); + + } + + Error error = new Error(statusCode, + exception == null ? null : exception.getClass(), + message, + exception); + + return error; + + } + +} diff --git a/observe-application-web/src/main/java/fr/ird/observe/application/web/controller/v1/ReferentialServiceController.java b/observe-application-web/src/main/java/fr/ird/observe/application/web/controller/v1/ReferentialServiceController.java index 678425a..6189071 100644 --- a/observe-application-web/src/main/java/fr/ird/observe/application/web/controller/v1/ReferentialServiceController.java +++ b/observe-application-web/src/main/java/fr/ird/observe/application/web/controller/v1/ReferentialServiceController.java @@ -5,7 +5,6 @@ import fr.ird.observe.services.dto.ReferenceSetDto; import fr.ird.observe.services.dto.referential.ReferentialDto; import fr.ird.observe.services.service.DataNotFoundException; import fr.ird.observe.services.service.ReferentialService; -import org.debux.webmotion.server.WebMotionContextable; import java.util.Collection; @@ -21,12 +20,6 @@ public class ReferentialServiceController extends ObserveAuthenticatedServiceCon } @Override - public void setContextable(WebMotionContextable contextable) { - super.setContextable(contextable); - getRequestContext().checkIsAuthenticated(); - } - - @Override public <R extends ReferentialDto> ReferenceSetDto<R> getReferentialReferenceSet(Class<R> type) { return service.getReferentialReferenceSet(type); } diff --git a/observe-application-web/src/main/java/fr/ird/observe/application/web/request/ObserveWebRequestContext.java b/observe-application-web/src/main/java/fr/ird/observe/application/web/request/ObserveWebRequestContext.java index e21c48a..c2d71c2 100644 --- a/observe-application-web/src/main/java/fr/ird/observe/application/web/request/ObserveWebRequestContext.java +++ b/observe-application-web/src/main/java/fr/ird/observe/application/web/request/ObserveWebRequestContext.java @@ -1,8 +1,10 @@ package fr.ird.observe.application.web.request; import com.google.common.base.Optional; -import com.google.common.base.Preconditions; import fr.ird.observe.application.web.ObserveWebApplicationContext; +import fr.ird.observe.application.web.security.AdminApiKeyNotFoundException; +import fr.ird.observe.application.web.security.AuthenticationTokenNotFoundException; +import fr.ird.observe.application.web.security.InvalidAdminKeyApiException; import fr.ird.observe.services.ObserveService; import fr.ird.observe.services.ObserveServiceInitializer; import fr.ird.observe.services.configuration.ObserveDataSourceConfiguration; @@ -40,22 +42,18 @@ public class ObserveWebRequestContext { protected final Optional<String> optionalAdminApiKey; - protected final Optional<ObserveWebRequestSecurityContext> optionalSecurityContext; + protected final Optional<String> optionalAuthenticationToken; public ObserveWebRequestContext(ObserveWebApplicationContext applicationContext, - ObserveWebRequestSecurityContext optionalSecurityContext, Locale applicationLocale, ReferentialLocale referentialLocale, - String adminApiKey) { + String adminApiKey, + String authenticationToken) { this.applicationContext = applicationContext; this.applicationLocale = applicationLocale; this.referentialLocale = referentialLocale; this.optionalAdminApiKey = Optional.fromNullable(adminApiKey); - this.optionalSecurityContext = Optional.fromNullable(optionalSecurityContext); - } - - public Optional<String> getOptionalAdminApiKey() { - return optionalAdminApiKey; + this.optionalAuthenticationToken = Optional.fromNullable(authenticationToken); } public ObserveWebApplicationContext getApplicationContext() { @@ -74,46 +72,29 @@ public class ObserveWebRequestContext { } - public void checkIsAuthenticated() { - checkSecurityContextIsPresent(); - Preconditions.checkState(getSecurityContext().isAuthenticationTokenPresent()); - } - - public void checkSecurityContextIsPresent() { - Preconditions.checkState(optionalSecurityContext.isPresent()); - } - public void checkAdminApiKeyIsPresent() { - Preconditions.checkState(optionalAdminApiKey.isPresent()); - } - - public String getUserLogin() { - checkSecurityContextIsPresent(); - ObserveWebRequestSecurityContext securityContext = getSecurityContext(); - Preconditions.checkState(securityContext.getOptionalUserLogin().isPresent()); - return securityContext.getOptionalUserLogin().get(); + if (!optionalAdminApiKey.isPresent()) { + throw new AdminApiKeyNotFoundException(); + } } - public String getUserPassword() { - checkSecurityContextIsPresent(); - ObserveWebRequestSecurityContext securityContext = getSecurityContext(); - Preconditions.checkState(securityContext.getOptionalUserPassword().isPresent()); - return securityContext.getOptionalUserPassword().get(); + public void checkAdminApiKeyIsValid() { + checkAdminApiKeyIsPresent(); + String configurationAdminKey = applicationContext.getApplicationConfiguration().getAdminApiKey(); + if (!configurationAdminKey.equals(optionalAdminApiKey.get())) { + throw new InvalidAdminKeyApiException(optionalAdminApiKey.get()); + } } - public Optional<String> getOptionalDatabaseName() { - checkSecurityContextIsPresent(); - return optionalSecurityContext.get().getOptionalUserDatabaseName(); + public void checkAuthenticationTokenIsPresent() { + if (!optionalAuthenticationToken.isPresent()) { + throw new AuthenticationTokenNotFoundException(); + } } public String getAuthenticationToken() { - checkSecurityContextIsPresent(); - ObserveWebRequestSecurityContext securityContext = getSecurityContext(); - Preconditions.checkState(securityContext.getOptionalAuthenticationToken().isPresent()); - return securityContext.getOptionalAuthenticationToken().get(); + checkAuthenticationTokenIsPresent(); + return optionalAuthenticationToken.get(); } - protected ObserveWebRequestSecurityContext getSecurityContext() { - return optionalSecurityContext.get(); - } } diff --git a/observe-application-web/src/main/java/fr/ird/observe/application/web/request/ObserveWebRequestSecurityContext.java b/observe-application-web/src/main/java/fr/ird/observe/application/web/request/ObserveWebRequestSecurityContext.java deleted file mode 100644 index 9ee4bdc..0000000 --- a/observe-application-web/src/main/java/fr/ird/observe/application/web/request/ObserveWebRequestSecurityContext.java +++ /dev/null @@ -1,54 +0,0 @@ -package fr.ird.observe.application.web.request; - -import com.google.common.base.Optional; - -/** - * Created on 31/08/15. - * - * @author Tony Chemit - chemit@codelutin.com - */ -public class ObserveWebRequestSecurityContext { - - public static ObserveWebRequestSecurityContext create(String userLogin, String userPassword, String userDatabaseName) { - return new ObserveWebRequestSecurityContext(Optional.<String>absent(), Optional.fromNullable(userLogin), Optional.fromNullable(userPassword), Optional.fromNullable(userDatabaseName)); - } - - public static ObserveWebRequestSecurityContext createAuthenticated(String authenticationToken) { - return new ObserveWebRequestSecurityContext(Optional.of(authenticationToken), Optional.<String>absent(), Optional.<String>absent(), Optional.<String>absent()); - } - - protected final Optional<String> optionalAuthenticationToken; - - protected final Optional<String> optionalUserLogin; - - protected final Optional<String> optionalUserPassword; - - protected final Optional<String> optionalUserDatabaseName; - - public boolean isAuthenticationTokenPresent() { - return optionalAuthenticationToken.isPresent(); - } - - public Optional<String> getOptionalAuthenticationToken() { - return optionalAuthenticationToken; - } - - public Optional<String> getOptionalUserLogin() { - return optionalUserLogin; - } - - public Optional<String> getOptionalUserPassword() { - return optionalUserPassword; - } - - public Optional<String> getOptionalUserDatabaseName() { - return optionalUserDatabaseName; - } - - protected ObserveWebRequestSecurityContext(Optional<String> optionalAuthenticationToken, Optional<String> optionalUserLogin, Optional<String> optionalUserPassword, Optional<String> optionalUserDatabaseName) { - this.optionalAuthenticationToken = optionalAuthenticationToken; - this.optionalUserLogin = optionalUserLogin; - this.optionalUserPassword = optionalUserPassword; - this.optionalUserDatabaseName = optionalUserDatabaseName; - } -} diff --git a/observe-application-web/src/main/java/fr/ird/observe/application/web/security/AdminApiKeyNotFoundException.java b/observe-application-web/src/main/java/fr/ird/observe/application/web/security/AdminApiKeyNotFoundException.java new file mode 100644 index 0000000..aaa8b69 --- /dev/null +++ b/observe-application-web/src/main/java/fr/ird/observe/application/web/security/AdminApiKeyNotFoundException.java @@ -0,0 +1,11 @@ +package fr.ird.observe.application.web.security; + +/** + * Created on 07/09/15. + * + * @author Tony Chemit - chemit@codelutin.com + */ +public class AdminApiKeyNotFoundException extends ObserveWebSecurityExceptionSupport{ + + private static final long serialVersionUID = 1L; +} diff --git a/observe-application-web/src/main/java/fr/ird/observe/application/web/security/AuthenticationTokenNotFoundException.java b/observe-application-web/src/main/java/fr/ird/observe/application/web/security/AuthenticationTokenNotFoundException.java new file mode 100644 index 0000000..d24ebd5 --- /dev/null +++ b/observe-application-web/src/main/java/fr/ird/observe/application/web/security/AuthenticationTokenNotFoundException.java @@ -0,0 +1,11 @@ +package fr.ird.observe.application.web.security; + +/** + * Created on 07/09/15. + * + * @author Tony Chemit - chemit@codelutin.com + */ +public class AuthenticationTokenNotFoundException extends ObserveWebSecurityExceptionSupport{ + + private static final long serialVersionUID = 1L; +} diff --git a/observe-application-web/src/main/java/fr/ird/observe/application/web/security/BadObserveWebUserPasswordException.java b/observe-application-web/src/main/java/fr/ird/observe/application/web/security/BadObserveWebUserPasswordException.java index 7fdd8ff..9bcea8d 100644 --- a/observe-application-web/src/main/java/fr/ird/observe/application/web/security/BadObserveWebUserPasswordException.java +++ b/observe-application-web/src/main/java/fr/ird/observe/application/web/security/BadObserveWebUserPasswordException.java @@ -5,7 +5,7 @@ package fr.ird.observe.application.web.security; * * @author Tony Chemit - chemit@codelutin.com */ -public class BadObserveWebUserPasswordException extends RuntimeException { +public class BadObserveWebUserPasswordException extends ObserveWebSecurityExceptionSupport { private static final long serialVersionUID = 1L; diff --git a/observe-application-web/src/main/java/fr/ird/observe/application/web/InvalidAdminKeyApiException.java b/observe-application-web/src/main/java/fr/ird/observe/application/web/security/InvalidAdminKeyApiException.java similarity index 72% rename from observe-application-web/src/main/java/fr/ird/observe/application/web/InvalidAdminKeyApiException.java rename to observe-application-web/src/main/java/fr/ird/observe/application/web/security/InvalidAdminKeyApiException.java index 331ce44..2c9c3ac 100644 --- a/observe-application-web/src/main/java/fr/ird/observe/application/web/InvalidAdminKeyApiException.java +++ b/observe-application-web/src/main/java/fr/ird/observe/application/web/security/InvalidAdminKeyApiException.java @@ -1,11 +1,11 @@ -package fr.ird.observe.application.web; +package fr.ird.observe.application.web.security; /** * Created on 02/09/15. * * @author Tony Chemit - chemit@codelutin.com */ -public class InvalidAdminKeyApiException extends Exception { +public class InvalidAdminKeyApiException extends ObserveWebSecurityExceptionSupport { private static final long serialVersionUID = 1L; diff --git a/observe-application-web/src/main/java/fr/ird/observe/application/web/security/InvalidAuthenticationTokenException.java b/observe-application-web/src/main/java/fr/ird/observe/application/web/security/InvalidAuthenticationTokenException.java index 1b48e74..dbd94e1 100644 --- a/observe-application-web/src/main/java/fr/ird/observe/application/web/security/InvalidAuthenticationTokenException.java +++ b/observe-application-web/src/main/java/fr/ird/observe/application/web/security/InvalidAuthenticationTokenException.java @@ -5,7 +5,7 @@ package fr.ird.observe.application.web.security; * * @author Tony Chemit - chemit@codelutin.com */ -public class InvalidAuthenticationTokenException extends RuntimeException { +public class InvalidAuthenticationTokenException extends ObserveWebSecurityExceptionSupport { private static final long serialVersionUID = 1L; diff --git a/observe-application-web/src/main/java/fr/ird/observe/application/web/security/ObserveWebSecurityApplicationContext.java b/observe-application-web/src/main/java/fr/ird/observe/application/web/security/ObserveWebSecurityApplicationContext.java index f07d941..d0ffb77 100644 --- a/observe-application-web/src/main/java/fr/ird/observe/application/web/security/ObserveWebSecurityApplicationContext.java +++ b/observe-application-web/src/main/java/fr/ird/observe/application/web/security/ObserveWebSecurityApplicationContext.java @@ -2,6 +2,7 @@ package fr.ird.observe.application.web.security; import com.google.common.base.Optional; import com.google.common.base.Preconditions; +import com.google.common.base.Strings; import com.google.common.collect.ImmutableMap; import fr.ird.observe.application.web.configuration.db.ObserveWebDatabase; import fr.ird.observe.application.web.configuration.db.ObserveWebDatabaseRole; @@ -167,7 +168,15 @@ public class ObserveWebSecurityApplicationContext implements Closeable { } - public ObserveDataSourceConfiguration getDataSourceConfiguration(String userLogin, String userPassword, Optional<String> optionalDatabaseName) throws UnknownObserveWebUserException, BadObserveWebUserPasswordException, UnknownObserveWebUserForDatabaseException { + public ObserveDataSourceConfiguration getDataSourceConfiguration(String userLogin, String userPassword, Optional<String> optionalDatabaseName) { + + if (Strings.isNullOrEmpty(userLogin)) { + throw new UserLoginNotFoundException(); + } + + if (Strings.isNullOrEmpty(userPassword)) { + throw new UserPasswordNotFoundException(); + } // Get user Optional<? extends ObserveWebUser> optionalUser = users.getUserByLogin(userLogin); @@ -190,7 +199,7 @@ public class ObserveWebSecurityApplicationContext implements Closeable { * @return la configuration de la data source associée au jeton * @throws InvalidAuthenticationTokenException si le jeton n'est pas connu */ - public ObserveDataSourceConfiguration getDataSourceConfiguration(String authenticationToken) throws InvalidAuthenticationTokenException { + public ObserveDataSourceConfiguration getDataSourceConfiguration(String authenticationToken) { ObserveDataSourceConfiguration dataSourceConfiguration = authenticateCache.getDataSourceConfigurationIfPresent(authenticationToken); if (dataSourceConfiguration == null) { throw new InvalidAuthenticationTokenException(authenticationToken); diff --git a/observe-application-web/src/main/java/fr/ird/observe/application/web/security/ObserveWebSecurityExceptionSupport.java b/observe-application-web/src/main/java/fr/ird/observe/application/web/security/ObserveWebSecurityExceptionSupport.java new file mode 100644 index 0000000..a0c90be --- /dev/null +++ b/observe-application-web/src/main/java/fr/ird/observe/application/web/security/ObserveWebSecurityExceptionSupport.java @@ -0,0 +1,26 @@ +package fr.ird.observe.application.web.security; + +/** + * Created on 07/09/15. + * + * @author Tony Chemit - chemit@codelutin.com + */ +public abstract class ObserveWebSecurityExceptionSupport extends RuntimeException { + + private static final long serialVersionUID = 1L; + + public ObserveWebSecurityExceptionSupport() { + } + + public ObserveWebSecurityExceptionSupport(String message) { + super(message); + } + + public ObserveWebSecurityExceptionSupport(String message, Throwable cause) { + super(message, cause); + } + + public ObserveWebSecurityExceptionSupport(Throwable cause) { + super(cause); + } +} diff --git a/observe-application-web/src/main/java/fr/ird/observe/application/web/security/SecurityRequestContextNotFoundException.java b/observe-application-web/src/main/java/fr/ird/observe/application/web/security/SecurityRequestContextNotFoundException.java new file mode 100644 index 0000000..4bb116a --- /dev/null +++ b/observe-application-web/src/main/java/fr/ird/observe/application/web/security/SecurityRequestContextNotFoundException.java @@ -0,0 +1,11 @@ +package fr.ird.observe.application.web.security; + +/** + * Created on 07/09/15. + * + * @author Tony Chemit - chemit@codelutin.com + */ +public class SecurityRequestContextNotFoundException extends ObserveWebSecurityExceptionSupport{ + + private static final long serialVersionUID = 1L; +} diff --git a/observe-application-web/src/main/java/fr/ird/observe/application/web/security/UnknownObserveWebUserException.java b/observe-application-web/src/main/java/fr/ird/observe/application/web/security/UnknownObserveWebUserException.java index 674300e..362880e 100644 --- a/observe-application-web/src/main/java/fr/ird/observe/application/web/security/UnknownObserveWebUserException.java +++ b/observe-application-web/src/main/java/fr/ird/observe/application/web/security/UnknownObserveWebUserException.java @@ -5,7 +5,7 @@ package fr.ird.observe.application.web.security; * * @author Tony Chemit - chemit@codelutin.com */ -public class UnknownObserveWebUserException extends RuntimeException { +public class UnknownObserveWebUserException extends ObserveWebSecurityExceptionSupport { private static final long serialVersionUID = 1L; diff --git a/observe-application-web/src/main/java/fr/ird/observe/application/web/security/UnknownObserveWebUserForDatabaseException.java b/observe-application-web/src/main/java/fr/ird/observe/application/web/security/UnknownObserveWebUserForDatabaseException.java index 401113a..a31573d 100644 --- a/observe-application-web/src/main/java/fr/ird/observe/application/web/security/UnknownObserveWebUserForDatabaseException.java +++ b/observe-application-web/src/main/java/fr/ird/observe/application/web/security/UnknownObserveWebUserForDatabaseException.java @@ -5,7 +5,7 @@ package fr.ird.observe.application.web.security; * * @author Tony Chemit - chemit@codelutin.com */ -public class UnknownObserveWebUserForDatabaseException extends RuntimeException { +public class UnknownObserveWebUserForDatabaseException extends ObserveWebSecurityExceptionSupport { private static final long serialVersionUID = 1L; diff --git a/observe-application-web/src/main/java/fr/ird/observe/application/web/security/UserLoginNotFoundException.java b/observe-application-web/src/main/java/fr/ird/observe/application/web/security/UserLoginNotFoundException.java new file mode 100644 index 0000000..958922c --- /dev/null +++ b/observe-application-web/src/main/java/fr/ird/observe/application/web/security/UserLoginNotFoundException.java @@ -0,0 +1,11 @@ +package fr.ird.observe.application.web.security; + +/** + * Created on 07/09/15. + * + * @author Tony Chemit - chemit@codelutin.com + */ +public class UserLoginNotFoundException extends ObserveWebSecurityExceptionSupport{ + + private static final long serialVersionUID = 1L; +} diff --git a/observe-application-web/src/main/java/fr/ird/observe/application/web/security/UserPasswordNotFoundException.java b/observe-application-web/src/main/java/fr/ird/observe/application/web/security/UserPasswordNotFoundException.java new file mode 100644 index 0000000..98ee672 --- /dev/null +++ b/observe-application-web/src/main/java/fr/ird/observe/application/web/security/UserPasswordNotFoundException.java @@ -0,0 +1,11 @@ +package fr.ird.observe.application.web.security; + +/** + * Created on 07/09/15. + * + * @author Tony Chemit - chemit@codelutin.com + */ +public class UserPasswordNotFoundException extends ObserveWebSecurityExceptionSupport{ + + private static final long serialVersionUID = 1L; +} diff --git a/observe-application-web/src/main/resources/mapping b/observe-application-web/src/main/resources/mapping index 60d2791..ec98670 100644 --- a/observe-application-web/src/main/resources/mapping +++ b/observe-application-web/src/main/resources/mapping @@ -39,6 +39,9 @@ default.render=fr.ird.observe.application.web.ObserveWebMotionRender [filters] * /* ObserveWebMotionFilter.inject +[errors] +* ObserveWebErrorController.error + [actions] GET /admin/configuration/{method} ConfigurationController.{method} -- To stop receiving notification emails like this one, please contact codelutin.com SCM administrator <admin+scm@list.forge.codelutin.com>.