Commit a05ae9d6 authored by Valentin Suhnjov's avatar Valentin Suhnjov

RIHAKB-130. Remove authentication related services

parent f3902ba6
package ee.eesti.riha.rest.service;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
/**
* The Interface ApiAuthService.
*/
@Produces(MediaType.APPLICATION_JSON + "; charset=UTF-8")
public interface ApiAuthService {
/**
* Method to call 3rd party authentication service with sessionId to find whether user is authenticated or not. If
* user exists then cache for later use.
*
* Respond with given user AuthInfo.
*
* @param sessionId B9756007F...3D
* @return operation result
*/
@Path("/token/{sessionId}")
@GET
Response checkToken(@PathParam("sessionId") String sessionId);
}
......@@ -9,8 +9,6 @@ import javax.ws.rs.QueryParam;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import ee.eesti.riha.rest.auth.AuthService;
import ee.eesti.riha.rest.auth.AuthServiceImpl;
import ee.eesti.riha.rest.logic.Finals;
// TODO: Auto-generated Javadoc
......@@ -58,22 +56,4 @@ public interface ApiCGIService<T> {
// this is needed to use fake AuthService in integration tests
// TODO find if better solution exists, maybe ignore those paths?
/**
* Getter needed for integration tests.
*
* @return the auth service
*/
@Path("/not/to/be/called/by/url/x")
@GET
AuthService getAuthService();
/**
* Setter needed for integration tests.
*
* @param authService the new auth service
*/
@Path("/not/to/be/called/by/url2/x")
@GET
void setAuthService(@QueryParam(value = "authService") AuthServiceImpl authService);
}
......@@ -12,9 +12,6 @@ import javax.ws.rs.QueryParam;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import ee.eesti.riha.rest.auth.AuthService;
import ee.eesti.riha.rest.auth.AuthServiceImpl;
/**
* This class contains all allowed rest resource paths that are following classical approach.
*
......@@ -107,22 +104,4 @@ public interface ApiClassicService {
// this is needed to use fake AuthService in integration tests
// TODO find if better solution exists, maybe ignore those paths?
/**
* Getter needed for integration tests.
*
* @return the auth service
*/
@Path("/not/to/be/called/by/url")
@GET
AuthService getAuthService();
/**
* Setter needed for integration tests.
*
* @param authService the new auth service
*/
@Path("/not/to/be/called/by/url2")
@GET
void setAuthService(@QueryParam(value = "authService") AuthServiceImpl authService);
}
package ee.eesti.riha.rest.service.impl;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import ee.eesti.riha.rest.auth.AuthInfo;
import ee.eesti.riha.rest.auth.AuthInfo3rdParty;
import ee.eesti.riha.rest.auth.AuthServiceProvider;
import ee.eesti.riha.rest.auth.TokenStore;
import ee.eesti.riha.rest.error.RihaRestException;
import ee.eesti.riha.rest.logic.AuthInfoCreator;
import ee.eesti.riha.rest.logic.Finals;
import ee.eesti.riha.rest.logic.MyExceptionHandler;
import ee.eesti.riha.rest.logic.TokenValidator;
import ee.eesti.riha.rest.logic.util.StringHelper;
import ee.eesti.riha.rest.service.ApiAuthService;
/**
* The Class ApiAuthServiceImpl.
*/
@Component
public class ApiAuthServiceImpl implements ApiAuthService {
AuthServiceProvider authServiceProvider = AuthServiceProvider.getInstance();
@Autowired
TokenStore tokenStore;
@Autowired
AuthInfoCreator authInfoCreator;
private static final Logger LOG = LoggerFactory.getLogger(ApiAuthServiceImpl.class);
private static final AuthInfo3rdParty TEST_AUTHINFO = new AuthInfo3rdParty("38312280240", "70009646",
"ROLL_RIHA_ADMINISTRAATOR", "testToken");
@Override
public Response checkToken(String sessionId) {
LOG.info("URL: " + AuthServiceProvider.AUTH_SERVICE_URL);
LOG.info("TokenStore " + tokenStore);
try {
if (Finals.IS_TEST && StringHelper.areEqual(Finals.TEST_TOKEN, sessionId)) {
AuthInfo authInfo = authInfoCreator.convert(TEST_AUTHINFO);
tokenStore.addToken(sessionId, authInfo);
return Response.ok(authInfo).build();
}
// send cookie to 3rd party authentication service
// AuthInfo user = (AuthInfo) TokenValidator.isTokenOk3rdParty(sessionId, authServiceProvider.get());
AuthInfo3rdParty user3rdParty = (AuthInfo3rdParty) TokenValidator.isTokenOk3rdParty(sessionId,
authServiceProvider.get());
if (user3rdParty == null) {
// should not happen, TokenValidator.isTokenOk3rdPary should throw error if null
return Response.status(Status.UNAUTHORIZED).entity("Not authenticated").build();
}
user3rdParty.setToken(sessionId);
// AuthInfo user = new AuthInfo(user3rdParty);
AuthInfo user = authInfoCreator.convert(user3rdParty);
tokenStore.addToken(sessionId, user);
// return Response.ok(user3rdParty).build();
return Response.ok(user).build();
} catch (RihaRestException e) {
e.printStackTrace();
return Response.ok(e.getError()).build();
} catch (Exception e) {
return Response.status(Status.BAD_REQUEST).entity(MyExceptionHandler.unmapped(e)).build();
}
}
}
......@@ -7,9 +7,6 @@ import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import ee.eesti.riha.rest.auth.AuthService;
import ee.eesti.riha.rest.auth.AuthServiceImpl;
import ee.eesti.riha.rest.auth.AuthServiceProvider;
import ee.eesti.riha.rest.logic.ServiceLogic;
import ee.eesti.riha.rest.service.ApiCGIService;
......@@ -26,8 +23,6 @@ public class ApiCGIServiceImpl<T, K> implements ApiCGIService<T> {
@Autowired
ServiceLogic<T, K> serviceLogic;
AuthServiceProvider authServiceProvider = AuthServiceProvider.getInstance();
private static final Logger LOG = LoggerFactory.getLogger(ApiCGIServiceImpl.class);
/*
......@@ -67,24 +62,4 @@ public class ApiCGIServiceImpl<T, K> implements ApiCGIService<T> {
}
/*
* (non-Javadoc)
*
* @see ee.eesti.riha.rest.service.ApiCGIService#getAuthService()
*/
@Override
public AuthService getAuthService() {
return authServiceProvider.get();
}
/*
* (non-Javadoc)
*
* @see ee.eesti.riha.rest.service.ApiCGIService#setAuthService(ee.eesti.riha.rest.auth.AuthServiceImpl)
*/
@Override
public void setAuthService(AuthServiceImpl authService) {
authServiceProvider.set(authService);
}
}
package ee.eesti.riha.rest.service.impl;
import java.util.Arrays;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
......@@ -14,11 +12,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import ee.eesti.riha.rest.auth.AuthInfo;
import ee.eesti.riha.rest.auth.AuthService;
import ee.eesti.riha.rest.auth.AuthServiceImpl;
import ee.eesti.riha.rest.auth.AuthServiceProvider;
import ee.eesti.riha.rest.auth.TokenStore;
import ee.eesti.riha.rest.auth.TokenStoreImpl;
import ee.eesti.riha.rest.error.RihaRestError;
import ee.eesti.riha.rest.error.RihaRestException;
import ee.eesti.riha.rest.logic.ServiceLogic;
......@@ -41,8 +35,6 @@ public class ApiClassicServiceImpl<T, K> implements ApiClassicService {
@Context
HttpHeaders httpHeaders;
AuthServiceProvider authServiceProvider = AuthServiceProvider.getInstance();
@Autowired
TokenStore tokenStore;
......@@ -176,32 +168,6 @@ public class ApiClassicServiceImpl<T, K> implements ApiClassicService {
}
/*
* (non-Javadoc)
*
* @see ee.eesti.riha.rest.service.ApiClassicService#getAuthService()
*/
@Override
public AuthService getAuthService() {
return authServiceProvider.get();
}
/*
* (non-Javadoc)
*
* @see ee.eesti.riha.rest.service.ApiClassicService#setAuthService(ee.eesti.riha.rest.auth.AuthServiceImpl)
*/
@Override
public void setAuthService(AuthServiceImpl authService) {
authServiceProvider.set(authService);
if (authService == null) {
// use actual
TokenStoreImpl.setTest(false);
} else {
TokenStoreImpl.setTest(true);
}
}
/**
* Helper class to reuse code with command pattern.
*/
......
......@@ -13,7 +13,6 @@ import org.springframework.beans.factory.annotation.Autowired;
import com.fasterxml.jackson.databind.node.ObjectNode;
import ee.eesti.riha.rest.auth.AuthInfo;
import ee.eesti.riha.rest.auth.AuthServiceProvider;
import ee.eesti.riha.rest.auth.TokenStore;
import ee.eesti.riha.rest.error.RihaRestException;
import ee.eesti.riha.rest.logic.ChangeLogic;
......@@ -31,8 +30,6 @@ import ee.eesti.riha.rest.service.FileService;
*/
public class FileServiceImpl implements FileService {
AuthServiceProvider authServiceProvider = AuthServiceProvider.getInstance();
private static final Logger LOG = LoggerFactory.getLogger(FileServiceImpl.class);
@Autowired
......
......@@ -31,7 +31,6 @@
<bean class="ee.eesti.riha.rest.service.impl.ApiClassicServiceImpl" />
<bean class="ee.eesti.riha.rest.service.impl.ApiCGIServiceImpl" />
<bean class="ee.eesti.riha.rest.service.impl.FileServiceImpl" />
<bean class="ee.eesti.riha.rest.service.impl.ApiAuthServiceImpl" />
<bean class="ee.eesti.riha.rest.service.impl.ApiTableServiceImpl" />
<bean class="ee.eesti.riha.rest.service.impl.ApiImportServiceImpl" />
</util:list>
......
......@@ -34,9 +34,6 @@ public class MyTestRunListener extends RunListener {
if (numOfTestRuns == 0) {
System.out.println("TESTING STARTING... ");
// use fake auth token validation service in tests
service.setAuthService(new AuthServiceImpl());
System.out.println("TESTING STARTED!");
}
super.testRunStarted(description);
......@@ -49,11 +46,6 @@ public class MyTestRunListener extends RunListener {
super.testRunFinished(result);
if (numOfTestRuns == 0) {
System.out.println("ALL TESTS ARE FINISHED!");
// use actual auth token validation service outside tests
service.setAuthService(null);
System.out.println("AUTH SERVICE SET TO NULL");
}
}
......
......@@ -195,8 +195,6 @@ public class TestApiCGIServiceImpl_GET_opGet_LIMIT<T> {
@Ignore("Using fake")
@Test
public void testGetList_with3rdPartyAuthValidation_expectCantConnect() throws IOException {
// turn off fake validation
serviceUnderTest.setAuthService(null);
String path = pathToUse;
Response response = serviceUnderTest.getCGI(Finals.GET, path, "testToken", null, null, null, null, null);
// TODO currently expect that 3rd party token validation service not found
......@@ -204,8 +202,5 @@ public class TestApiCGIServiceImpl_GET_opGet_LIMIT<T> {
RihaRestError error = TestHelper.getObjectFromClient((InputStream) response.getEntity(), RihaRestError.class);
assertEquals(ErrorCodes.CANT_CONNECT_TO_AUTH, error.getErrcode());
assertEquals(ErrorCodes.CANT_CONNECT_TO_AUTH_MSG, error.getErrmsg());
// turn on fake validation
serviceUnderTest.setAuthService(new AuthServiceImpl());
}
}
......@@ -373,8 +373,6 @@ public class TestApiCGIServiceImpl_POST_opPost<T> {
String json = "{\"op\":\"post\", \"path\": \"" + pathToUse + "\", " + "\"token\":\"\",\"data\":{}}";
// use actual validation
serviceHelpingCreateDeleteTestData.setAuthService(null);
// send query
Response response = serviceUnderTest.postCGI(json);
......@@ -383,17 +381,10 @@ public class TestApiCGIServiceImpl_POST_opPost<T> {
assertNotNull(error);
assertEquals(ErrorCodes.NO_AUTH_TOKEN_PROVIDED, error.getErrcode());
assertTrue(error.getErrmsg().contains(ErrorCodes.NO_AUTH_TOKEN_PROVIDED_MSG));
// use fake validation
serviceHelpingCreateDeleteTestData.setAuthService(new AuthServiceImpl());
}
@Test
public void testCreate_withTestToken() throws Exception {
// use actual validation
serviceHelpingCreateDeleteTestData.setAuthService(null);
String json = "{\r\n" + " \"op\":\"post\", \r\n" + " \"path\": \"" + pathToUse + "\", \r\n"
+ "\"token\":\"testToken\", \"data\": " + jsonToUseForCreate + "}";
......@@ -407,9 +398,5 @@ public class TestApiCGIServiceImpl_POST_opPost<T> {
String id1 = resultKey.replace(".0", "");
assertTrue(org.apache.commons.lang3.StringUtils.isNumeric(id1));
idUnderTestList.add(new Integer(id1));
// use fake validation
serviceHelpingCreateDeleteTestData.setAuthService(new AuthServiceImpl());
}
}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment