Révision 96454bcd
Ajouté par Sylvain Sauvage il y a plus de 11 ans
IoTa-DiscoveryWS/IoTa-DiscoveryWS/src/main/java/fr/unicaen/iota/discovery/server/querycontrol/DSControler.java | ||
---|---|---|
*
|
||
* Copyright © 2008-2012 Université de Caen Basse-Normandie, GREYC
|
||
* Copyright © 2008-2012 Orange Labs
|
||
*
|
||
*
|
||
* This program is free software: you can redistribute it and/or modify
|
||
* it under the terms of the GNU General Public License as published by
|
||
* the Free Software Foundation, either version 3 of the License, or
|
||
... | ... | |
*/
|
||
package fr.unicaen.iota.discovery.server.querycontrol;
|
||
|
||
import com.sun.xacml.ctx.Result;
|
||
import fr.unicaen.iota.discovery.server.hibernate.Event;
|
||
import fr.unicaen.iota.discovery.server.hibernate.EventToPublish;
|
||
import fr.unicaen.iota.discovery.server.hibernate.Partner;
|
||
import fr.unicaen.iota.discovery.server.hibernate.User;
|
||
import fr.unicaen.iota.discovery.server.query.DSPEP;
|
||
import fr.unicaen.iota.discovery.server.query.QueryOperationsModule;
|
||
import fr.unicaen.iota.discovery.server.util.EPCUtilities.InvalidFormatException;
|
||
import fr.unicaen.iota.discovery.server.util.*;
|
||
import fr.unicaen.iota.xacml.policy.Module;
|
||
import fr.unicaen.iota.discovery.server.util.Constants;
|
||
import fr.unicaen.iota.discovery.server.util.ProtocolException;
|
||
import fr.unicaen.iota.discovery.server.util.Session;
|
||
import fr.unicaen.iota.discovery.server.util.XACMLUtils;
|
||
import fr.unicaen.iota.nu.EPCUtilities;
|
||
import fr.unicaen.iota.nu.EPCUtilities.InvalidFormatException;
|
||
import fr.unicaen.iota.xi.client.DSPEP;
|
||
import fr.unicaen.iota.xi.utils.Utils;
|
||
import java.sql.Timestamp;
|
||
import java.util.ArrayList;
|
||
import java.util.Date;
|
||
... | ... | |
|
||
private static final Log log = LogFactory.getLog(DSControler.class);
|
||
private QueryOperationsModule queryOperationsModule = new QueryOperationsModule();
|
||
private DSPEP dspep = new DSPEP();
|
||
private DSPEP dspep = new DSPEP(Constants.XACML_URL);
|
||
|
||
public String hello() {
|
||
return Constants.SERVICE_ID;
|
||
... | ... | |
public List<Event> eventLookup(String sessionId, String epc) throws ProtocolException {
|
||
log.trace("eventLookup method called.");
|
||
try {
|
||
new EPCUtilities().checkEpcOrUri(epc);
|
||
EPCUtilities.checkEpcOrUri(epc);
|
||
} catch (InvalidFormatException ex) {
|
||
throw new ProtocolException(2000, ex.getMessage());
|
||
}
|
||
... | ... | |
List<Event> eventList = new ArrayList<Event>();
|
||
User u = Session.getUser(sessionId);
|
||
for (Event e : eventListTmp) {
|
||
int resp = dspep.eventLookup(u.getUserID(), XACMLUtils.createXACMLEvent(e), Module.queryModule.getValue());
|
||
if (resp == Result.DECISION_PERMIT) {
|
||
int resp = dspep.eventLookup(u.getUserID(), XACMLUtils.createXACMLEvent(e));
|
||
if (Utils.responseIsPermit(resp)) {
|
||
eventList.add(e);
|
||
}
|
||
}
|
||
... | ... | |
User u = Session.getUser(sessionId);
|
||
List<User> uList = queryOperationsModule.userLookup(userID);
|
||
for (User u2 : uList) {
|
||
int resp = dspep.userLookup(u.getUserID(), u2.getPartner().getPartnerID(), Module.administrationModule.getValue());
|
||
if (resp != Result.DECISION_PERMIT && !dspep.isRootAccess(sessionId, Module.administrationModule.getValue())) {
|
||
int resp = dspep.userLookup(u.getUserID(), u2.getPartner().getPartnerID());
|
||
if (!Utils.responseIsPermit(resp) && !isRootAccess(sessionId)) {
|
||
throw new ProtocolException(2100, "Access denied for user " + userID);
|
||
}
|
||
}
|
||
... | ... | |
throw new ProtocolException(2002, "user not found");
|
||
}
|
||
User u = Session.getUser(sessionID);
|
||
int resp = dspep.userInfo(u.getUserID(), uList.get(0).getPartner().getPartnerID(), Module.administrationModule.getValue());
|
||
if (resp != Result.DECISION_PERMIT && !dspep.isRootAccess(sessionID, Module.administrationModule.getValue())) {
|
||
int resp = dspep.userInfo(u.getUserID(), uList.get(0).getPartner().getPartnerID());
|
||
if (!Utils.responseIsPermit(resp) && !isRootAccess(sessionID)) {
|
||
throw new ProtocolException(2100, "Access denied for user " + userId);
|
||
}
|
||
if (uList.isEmpty()) {
|
||
... | ... | |
public int userCreate(String sessionID, String partnerId, String password, String login) throws ProtocolException {
|
||
log.trace("userCreate method called.");
|
||
User u = Session.getUser(sessionID);
|
||
int resp = dspep.userCreate(u.getUserID(), partnerId, Module.administrationModule.getValue());
|
||
if (resp != Result.DECISION_PERMIT && !dspep.isRootAccess(sessionID, Module.administrationModule.getValue())) {
|
||
int resp = dspep.userCreate(u.getUserID(), partnerId);
|
||
if (!Utils.responseIsPermit(resp) && !isRootAccess(sessionID)) {
|
||
throw new ProtocolException(2100, "Access denied for user " + u.getUserID());
|
||
}
|
||
if (!queryOperationsModule.userLookup(login).isEmpty()) {
|
||
throw new ProtocolException(2002, "user already exists");
|
||
}
|
||
List<Partner> pList = null;
|
||
List<Partner> pList;
|
||
if ((pList = queryOperationsModule.partnerLookup(partnerId)).isEmpty()) {
|
||
throw new ProtocolException(2002, "partner not found");
|
||
}
|
||
... | ... | |
public void userUpdate(String sessionID, String partnerId, int uid, String userId, String password) throws ProtocolException {
|
||
log.trace("userUpdate method called.");
|
||
User u = Session.getUser(sessionID);
|
||
int resp = dspep.userInfo(u.getUserID(), partnerId, Module.administrationModule.getValue());
|
||
if (resp != Result.DECISION_PERMIT && !dspep.isRootAccess(sessionID, Module.administrationModule.getValue())) {
|
||
int resp = dspep.userInfo(u.getUserID(), partnerId);
|
||
if (!Utils.responseIsPermit(resp) && !isRootAccess(sessionID)) {
|
||
throw new ProtocolException(2100, "Access denied for user " + userId);
|
||
}
|
||
User u2 = queryOperationsModule.userLookup(uid);
|
||
... | ... | |
}
|
||
for (User u2 : uList) {
|
||
User u = Session.getUser(sessionID);
|
||
int resp = dspep.userDelete(u.getUserID(), u2.getPartner().getPartnerID(), Module.administrationModule.getValue());
|
||
if (resp != Result.DECISION_PERMIT && !dspep.isRootAccess(sessionID, Module.administrationModule.getValue())) {
|
||
int resp = dspep.userDelete(u.getUserID(), u2.getPartner().getPartnerID());
|
||
if (!Utils.responseIsPermit(resp) && !isRootAccess(sessionID)) {
|
||
throw new ProtocolException(2100, "Access denied for user " + userId);
|
||
}
|
||
queryOperationsModule.userDelete(u2);
|
||
... | ... | |
public List<Partner> partnerLookup(String sessionId, String partnerId) throws ProtocolException {
|
||
log.trace("partnerLookup method called.");
|
||
User u = Session.getUser(sessionId);
|
||
int resp = dspep.partnerLookup(u.getUserID(), partnerId, Module.administrationModule.getValue());
|
||
if (resp != Result.DECISION_PERMIT && !dspep.isRootAccess(sessionId, Module.administrationModule.getValue())) {
|
||
int resp = dspep.partnerLookup(u.getUserID(), partnerId);
|
||
if (!Utils.responseIsPermit(resp) && !isRootAccess(sessionId)) {
|
||
throw new ProtocolException(2100, "Access denied for user " + u.getUserID());
|
||
}
|
||
List<Partner> pList = queryOperationsModule.partnerLookup(partnerId);
|
||
... | ... | |
public Partner partnerInfo(String sessionId, String partnerId) throws ProtocolException {
|
||
log.trace("partnerLookup method called.");
|
||
User u = Session.getUser(sessionId);
|
||
int resp = dspep.partnerInfo(u.getUserID(), partnerId, Module.administrationModule.getValue());
|
||
if (resp != Result.DECISION_PERMIT && !dspep.isRootAccess(sessionId, Module.administrationModule.getValue())) {
|
||
int resp = dspep.partnerInfo(u.getUserID(), partnerId);
|
||
if (!Utils.responseIsPermit(resp) && !isRootAccess(sessionId)) {
|
||
throw new ProtocolException(2100, "Access denied for user " + u.getUserID());
|
||
}
|
||
List<Partner> pList = queryOperationsModule.partnerLookup(partnerId);
|
||
... | ... | |
public int partnerCreate(String sessionId, String partnerId, String partnerServiceType, String partnerServiceURL) throws ProtocolException {
|
||
log.trace("partnerCreate method called: " + partnerId);
|
||
User u = Session.getUser(sessionId);
|
||
int resp = dspep.partnerCreate(u.getUserID(), partnerId, Module.administrationModule.getValue());
|
||
if (resp != Result.DECISION_PERMIT && !dspep.isRootAccess(sessionId, Module.administrationModule.getValue())) {
|
||
int resp = dspep.partnerCreate(u.getUserID(), partnerId);
|
||
if (!Utils.responseIsPermit(resp) && !isRootAccess(sessionId)) {
|
||
throw new ProtocolException(2100, "Access denied for user " + u.getUserID());
|
||
}
|
||
if (!queryOperationsModule.partnerLookup(partnerId).isEmpty()) {
|
||
... | ... | |
public int partnerUpdate(String sessionId, int partnerUID, String partnerId, String serviceType, String serviceUri) throws ProtocolException {
|
||
log.trace("partnerUpdate method called.");
|
||
User u = Session.getUser(sessionId);
|
||
int resp = dspep.partnerUpdate(u.getUserID(), partnerId, Module.administrationModule.getValue());
|
||
if (resp != Result.DECISION_PERMIT && !dspep.isRootAccess(sessionId, Module.administrationModule.getValue())) {
|
||
int resp = dspep.partnerUpdate(u.getUserID(), partnerId);
|
||
if (!Utils.responseIsPermit(resp) && !isRootAccess(sessionId)) {
|
||
throw new ProtocolException(2100, "Access denied for user " + u.getUserID());
|
||
}
|
||
Partner p = queryOperationsModule.partnerLookup(partnerUID);
|
||
... | ... | |
public void partnerDelete(String sessionId, String partnerId) throws ProtocolException {
|
||
log.trace("partnerDelete method called.");
|
||
User u = Session.getUser(sessionId);
|
||
int resp = dspep.partnerCreate(u.getUserID(), partnerId, Module.administrationModule.getValue());
|
||
if (resp != Result.DECISION_PERMIT && !dspep.isRootAccess(sessionId, Module.administrationModule.getValue())) {
|
||
int resp = dspep.partnerCreate(u.getUserID(), partnerId);
|
||
if (!Utils.responseIsPermit(resp) && !isRootAccess(sessionId)) {
|
||
throw new ProtocolException(2100, "Access denied for user " + u.getUserID());
|
||
}
|
||
List<Partner> pList = queryOperationsModule.partnerLookup(partnerId);
|
||
... | ... | |
log.trace("eventInfo method called.");
|
||
Event e = queryOperationsModule.eventLookup(eventId);
|
||
User u = Session.getUser(sessionID);
|
||
int resp = dspep.eventInfo(u.getUserID(), XACMLUtils.createXACMLEvent(e), Module.queryModule.getValue());
|
||
if (resp != Result.DECISION_PERMIT) {
|
||
int resp = dspep.eventInfo(u.getUserID(), XACMLUtils.createXACMLEvent(e));
|
||
if (!Utils.responseIsPermit(resp)) {
|
||
throw new ProtocolException(2100, "Access denied for user " + u.getUserID());
|
||
}
|
||
return e;
|
||
... | ... | |
public int eventCreate(String sessionId, String partnerId, String epc, String eventClass, Timestamp eventTimeStamp,
|
||
Timestamp sourceTimeStamp, String eventType, String bizStep) throws ProtocolException {
|
||
log.trace("eventCreate method called.");
|
||
EPCUtilities ePCUtilities = new EPCUtilities();
|
||
try {
|
||
ePCUtilities.checkEpcOrUri(epc);
|
||
EPCUtilities.checkEpcOrUri(epc);
|
||
} catch (InvalidFormatException ex) {
|
||
throw new ProtocolException(2000, ex.getMessage());
|
||
}
|
||
... | ... | |
event.setBizStep(bizStep);
|
||
event.setPartner(p.get(0));
|
||
User u = Session.getUser(sessionId);
|
||
int resp = dspep.eventCreate(u.getUserID(), XACMLUtils.createXACMLEvent(event), Module.captureModule.getValue());
|
||
if (resp != Result.DECISION_PERMIT) {
|
||
int resp = dspep.eventCreate(u.getUserID(), XACMLUtils.createXACMLEvent(event));
|
||
if (!Utils.responseIsPermit(resp)) {
|
||
throw new ProtocolException(2100, "Access denied for user " + u.getUserID());
|
||
}
|
||
if (ePCUtilities.isReferencable(epc)) {
|
||
if (EPCUtilities.isReferencable(epc)) {
|
||
EventToPublish etp = new EventToPublish();
|
||
etp.setEvent(event);
|
||
etp.setLastupdate(Constants.DEFAULT_EVENT_TOPUBLISH_TIMESTAMP);
|
||
... | ... | |
log.trace("voidEvent method called.");
|
||
Event event = queryOperationsModule.eventLookup(eventId);
|
||
User u = Session.getUser(sessionId);
|
||
int resp = dspep.voidEvent(u.getUserID(), XACMLUtils.createXACMLEvent(event), Module.captureModule.getValue());
|
||
if (resp != Result.DECISION_PERMIT) {
|
||
int resp = dspep.voidEvent(u.getUserID(), XACMLUtils.createXACMLEvent(event));
|
||
if (!Utils.responseIsPermit(resp)) {
|
||
throw new ProtocolException(2100, "Access denied for user " + u.getUserID());
|
||
}
|
||
event.setEventType("void");
|
||
... | ... | |
partnerCreate(sessionId, partnerId, partnerServiceType, partnerServiceURL);
|
||
userCreate("root", partnerId, rootUserPass, rootUserLogin);
|
||
}
|
||
|
||
public boolean isRootAccess(String sessionId) {
|
||
User u = Session.getUser(sessionId);
|
||
return dspep.isRootAccess(u.getUserID(), u.getPartner().getPartnerID());
|
||
}
|
||
}
|
Formats disponibles : Unified diff
Version 1.9-mock
This is version 1.9-mock. 1.9 because the API still have changes pending
(principally relative to the Discovery Services). “mock” because TLS
configuration is not yet available and the signatures (SigMa) are not fully
implemented.
- code cleaned and refactored
- lots of bugs fixed
- dependencies checked and trimmed
- documentation added
- Identity handling added
- code refactored
- new, better APIs
- Identity handling added
- use EPCglobal and DS events (no proxy types anymore)
- ETa-Callback modules are now available as web applications
- filtering rules: if a part of an event is not allowed, now the whole
event is deleted from the result (before only the rejectd part was)
- new temporary User web service
- new Xi module: XACML Interrogation web service (was two modules: TCP and
servlet)
- ETa and its Callback modules
- ActiveMQ
- SigMa
- certificate/signing key
- new simplified figures (sans IoTa and simplified IoTa)
- new figure for ETa modules
- show 3rd party clients
- data flows specified
- TLS and link security added
- IDs and trusted IDs added
- color adjusted for printing
- GREYC logo added