Merge from Security integration to develop

Author: nkef

modules/lsm-light/lsm-light.server/src/main/java/org/openiot/lsm/http/SecurityInitializer.java

@@ -28,6 +28,7 @@ public class SecurityInitializer {
 	private static final long ID_SDUM = 6;
 	private static final long ID_REQ_DEF = 7;
 	private static final long ID_REQ_PRES = 8;
+	private static final long ID_XGSN = 9;
 
 	public static final String ADMIN_USERNAME = "security.initialize.admin.username";
 	public static final String ADMIN_PASSWORD = "security.initialize.admin.password";
@@ -38,6 +39,8 @@ public class SecurityInitializer {
 	public static final String SCHEDULER_PASSWORD = "security.initialize.scheduler.password";
 	public static final String SDUM_USERNAME = "security.initialize.sdum.username";
 	public static final String SDUM_PASSWORD = "security.initialize.sdum.password";
+	public static final String XGSN_USERNAME = "security.initialize.xgsn.username";
+	public static final String XGSN_PASSWORD = "security.initialize.xgsn.password";
 	public static final String CAS_PREFIX = "security.initialize.cas.prefix";
 	public static final String MGMT_PREFIX = "security.initialize.management.prefix";
 	public static final String REQ_DEF_PREFIX = "security.initialize.reqDef.prefix";
@@ -48,9 +51,12 @@ public class SecurityInitializer {
 	public static final String REQ_DEF_KEY = "security.initialize.reqDef.key";
 	public static final String REQ_PRES_SECRET = "security.initialize.reqPres.secret";
 	public static final String REQ_PRES_KEY = "security.initialize.reqPres.key";
-
-	public static final String SERVICE_KEY_PREFIX = "casOauthClient.key.";
-	public static final String SERVICE_SECRET_PREFIX = "casOauthClient.key.";
+	public static final String SCHEDULER_SECRET = "security.initialize.scheduler.secret";
+	public static final String SCHEDULER_KEY = "security.initialize.scheduler.key";
+	public static final String SDUM_SECRET = "security.initialize.sdum.secret";
+	public static final String SDUM_KEY = "security.initialize.sdum.key";
+	public static final String XGSN_SECRET = "security.initialize.xgsn.secret";
+	public static final String XGSN_KEY = "security.initialize.xgsn.key";
 
 	private String lSMOauthGraphURL;
 	private static PropertyManagement props;
@@ -155,7 +161,9 @@ private void generateAuthorizationData() {
 		predefPermissions.add(new Permission(PermissionsUtil.DEL_SENSOR_MAIN, "delete sensor", ID_LSM_SERVER));
 		predefPermissions.add(new Permission(PermissionsUtil.DEL_READING_MAIN, "delete sensor reading", ID_LSM_SERVER));
 		predefPermissions.add(new Permission(PermissionsUtil.DEL_TRIPLES_MAIN, "delete triples", ID_LSM_SERVER));
-		predefPermissions.add(new Permission(PermissionsUtil.LSM_ALL, "all permissions", ID_LSM_SERVER));
+		
+		Permission allPermLSMServer = new Permission(PermissionsUtil.LSM_ALL, "all permissions", ID_LSM_SERVER);
+		predefPermissions.add(allPermLSMServer);
 
 		// Pre-defined permissions and roles for scheduler
 		Permission allPermScheduler = new Permission(PermissionsUtil.SCHEDULER_ALL, "all permissions", ID_SCHEDULER);
@@ -185,6 +193,13 @@ private void generateAuthorizationData() {
 				md5(props.getProperty(SDUM_PASSWORD, "sdumuserpass")));
 		addUser(sdumUser);
 
+		User xgsnUser = generateUser("XGSN User", "xgsn@openiot.eu", props.getProperty(XGSN_USERNAME, "gsnuser"),
+				md5(props.getProperty(XGSN_PASSWORD, "gsnpass")));
+		Role xgsnRoleOnLSM = new Role("xgsn-role", "Default XGSN Role", ID_LSM_SERVER);
+		xgsnRoleOnLSM.addPermission(allPermLSMServer);
+		xgsnUser.addRole(xgsnRoleOnLSM);
+		addUser(xgsnUser);
+
 	}
 
 	private List<LSMRegisteredServiceImpl> createDefaultServices() {
@@ -249,11 +264,11 @@ private List<LSMRegisteredServiceImpl> createDefaultServices() {
 		schedulerService.setId(ID_SCHEDULER);
 		schedulerService.setAllowedToProxy(true);
 		schedulerService.setAnonymousAccess(false);
-		schedulerService.setDescription(props.getProperty(SERVICE_SECRET_PREFIX + "scheduler", "scheduler.secret"));
+		schedulerService.setDescription(props.getProperty(SCHEDULER_SECRET, "scheduler.secret"));
 		schedulerService.setEnabled(true);
 		schedulerService.setEvaluationOrder(0);
 		schedulerService.setIgnoreAttributes(false);
-		schedulerService.setName(props.getProperty(SERVICE_KEY_PREFIX + "scheduler", "scheduler"));
+		schedulerService.setName(props.getProperty(SCHEDULER_KEY, "scheduler"));
 		schedulerService.setServiceId("REST://scheduler");
 		schedulerService.setTheme("Scheduler");
 		schedulerService.setSsoEnabled(true);
@@ -263,15 +278,29 @@ private List<LSMRegisteredServiceImpl> createDefaultServices() {
 		sdumService.setId(ID_SDUM);
 		sdumService.setAllowedToProxy(true);
 		sdumService.setAnonymousAccess(false);
-		sdumService.setDescription(props.getProperty(SERVICE_SECRET_PREFIX + "sdum", "sdum.secret"));
+		sdumService.setDescription(props.getProperty(SDUM_SECRET, "sdum.secret"));
 		sdumService.setEnabled(true);
 		sdumService.setEvaluationOrder(0);
 		sdumService.setIgnoreAttributes(false);
-		sdumService.setName(props.getProperty(SERVICE_KEY_PREFIX + "sdum", "sdum"));
+		sdumService.setName(props.getProperty(SDUM_KEY, "sdum"));
 		sdumService.setServiceId("REST://sdum");
 		sdumService.setTheme("SDUM");
 		sdumService.setSsoEnabled(true);
 
+		// XGSN REST service
+		LSMRegisteredServiceImpl xgsnService = new LSMRegisteredServiceImpl();
+		xgsnService.setId(ID_XGSN);
+		xgsnService.setAllowedToProxy(true);
+		xgsnService.setAnonymousAccess(false);
+		xgsnService.setDescription(props.getProperty(XGSN_SECRET, "xgsn.secret"));
+		xgsnService.setEnabled(true);
+		xgsnService.setEvaluationOrder(0);
+		xgsnService.setIgnoreAttributes(false);
+		xgsnService.setName(props.getProperty(XGSN_KEY, "xgsn"));
+		xgsnService.setServiceId("REST://xgsn");
+		xgsnService.setTheme("XGSN");
+		xgsnService.setSsoEnabled(true);
+
 		// Request Definition service
 		LSMRegisteredServiceImpl reqDefService = new LSMRegisteredServiceImpl();
 		reqDefService.setId(ID_REQ_DEF);
@@ -307,7 +336,7 @@ private List<LSMRegisteredServiceImpl> createDefaultServices() {
 		reqPresService.setSsoEnabled(true);
 
 		return Arrays.asList(new LSMRegisteredServiceImpl[] { defaultService, httpService, lsmServerService, userManagementService, schedulerService,
-				sdumService, reqDefService, reqPresService });
+				sdumService, reqDefService, reqPresService, xgsnService });
 	}
 
 	private void addPermission(Permission permission) {

modules/security/security-client/src/main/java/org/openiot/security/client/AccessControlUtil.java

@@ -43,7 +43,6 @@
 import org.apache.shiro.web.util.WebUtils;
 import org.pac4j.core.exception.RequiresHttpAction;
 import org.pac4j.oauth.client.BaseOAuth20Client;
-import org.pac4j.oauth.client.CasOAuthWrapperClient;
 import org.pac4j.oauth.profile.casoauthwrapper.CasOAuthWrapperProfile;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -109,7 +108,7 @@ public static AccessControlUtil getRestInstance(String moduleName) {
 	 */
 	public static AccessControlUtil getRestInstance(String moduleName, String configDir) {
 		if (instanceRest == null)
-			instanceRest = new AccessControlUtilRest(moduleName);
+			instanceRest = new AccessControlUtilRest(moduleName, configDir);
 		return instanceRest;
 	}
 

modules/security/security-client/src/main/java/org/openiot/security/client/AccessControlUtilRest.java

@@ -23,19 +23,15 @@
 import io.buji.pac4j.ClientToken;
 
 import java.io.IOException;
-import java.nio.file.Files;
-import java.nio.file.Path;
-import java.nio.file.Paths;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.config.Ini;
 import org.apache.shiro.config.IniSecurityManagerFactory;
 import org.apache.shiro.mgt.SecurityManager;
 import org.apache.shiro.subject.Subject;
-import org.openiot.commons.util.PropertyManagement;
-import org.openiot.security.client.rest.CasOAuthWrapperClientRest;
 import org.openiot.security.client.rest.OAuthCredentialsRest;
 import org.pac4j.oauth.client.BaseOAuth20Client;
 import org.slf4j.Logger;
@@ -57,23 +53,18 @@ class AccessControlUtilRest extends AccessControlUtil {
 	}
 
 	AccessControlUtilRest(String moduleName, String configDir) {
-		String key = null;
-		String secret = null;
 
 		IniSecurityManagerFactory factory = null;
-		if (moduleName != null) {
-			if (configDir != null) {
-				String iniFilePath = configDir + "/rest-client-" + moduleName + ".ini";
-				Path path = Paths.get(iniFilePath);
-				if (!Files.exists(path) || Files.isDirectory(path)) {
-					logger.warn("The configuration file {} is not found.", iniFilePath);
-				} else {
-					factory = new IniSecurityManagerFactory("file:" + iniFilePath);
-				}
+		if (moduleName != null && configDir != null) {
+			Ini ini;
+			if (configDir.equals(System.getProperty("jboss.server.config.dir"))) {
+				ini = ConfigFileReader.getIniConfig(configDir, moduleName);
+			} else {
+				ini = ConfigFileReader.getIniConfigByFile(configDir, "rest-client.ini");
+			}
+			if (ini != null) {
+				factory = new IniSecurityManagerFactory(ini);
 			}
-			PropertyManagement props = new PropertyManagement();
-			key = props.getProperty("casOauthClient.key." + moduleName, null);
-			secret = props.getProperty("casOauthClient.secret." + moduleName, null);
 		}
 		if (factory == null) {
 			logger.info("Falling back to the rest-client.ini in the class path");
@@ -83,15 +74,6 @@ class AccessControlUtilRest extends AccessControlUtil {
 
 		SecurityManager securityManager = factory.getInstance();
 		SecurityUtils.setSecurityManager(securityManager);
-
-		if (key != null && secret != null) {
-			CasOAuthWrapperClientRest bean = (CasOAuthWrapperClientRest) factory.getBeans().get("casOauthClient");
-			bean.setKey(key);
-			bean.setSecret(secret);
-		} else if (moduleName != null) {
-			logger.warn("casOauthClient.key.{} or/and casOauthClient.secret.{} is not set in the global properties file", moduleName, moduleName);
-		}
-
 	}
 
 	public OAuthorizationCredentials login(String username, String password) {

modules/security/security-client/src/main/java/org/openiot/security/client/ConfigFileReader.java

@@ -0,0 +1,90 @@
+package org.openiot.security.client;
+
+import java.io.BufferedReader;
+import java.io.FileReader;
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+
+import org.apache.shiro.config.Ini;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class ConfigFileReader {
+	private static Logger logger = LoggerFactory.getLogger(ConfigFileReader.class);
+
+	private final static String CONFIG_FILE_NAME = "security-config.ini";
+	private final static String CONFIG_BEGIN_DELIMITER = "@BEGIN-";
+	private final static String CONFIG_END_DELIMITER = "@END-";
+
+	public static Ini getIniConfigByFile(String configDir, String fileName) {
+		if (configDir == null || fileName == null)
+			return null;
+		Ini ini = null;
+		String iniFilePath = configDir + "/" + fileName;
+		Path path = Paths.get(iniFilePath);
+		if (!Files.exists(path) || Files.isDirectory(path)) {
+			logger.warn("The configuration file {} was not found.", iniFilePath);
+		} else {
+			ini = new Ini();
+			logger.debug("Loading ini configuration from {} ", iniFilePath);
+			ini.loadFromPath(iniFilePath);
+		}
+
+		return ini;
+	}
+
+	public static Ini getIniConfig(String configDir, String moduleName) {
+		if (configDir == null || moduleName == null)
+			return null;
+
+		Ini ini = null;
+		String iniFilePath = configDir + "/" + CONFIG_FILE_NAME;
+		Path path = Paths.get(iniFilePath);
+		if (!Files.exists(path) || Files.isDirectory(path)) {
+			logger.warn("The configuration file {} was not found.", iniFilePath);
+		} else {
+			logger.debug("Loading ini configuration from {} ", iniFilePath);
+			BufferedReader reader = null;
+			try {
+				reader = new BufferedReader(new FileReader(iniFilePath));
+				String line = reader.readLine();
+				boolean sectionFound = false;
+				String beginDelim = CONFIG_BEGIN_DELIMITER + moduleName;
+				String endDelim = CONFIG_END_DELIMITER + moduleName;
+				StringBuilder sb = new StringBuilder();
+				while (line != null) {
+					if (!sectionFound && line.startsWith(beginDelim)) {
+						sectionFound = true;
+					} else if (sectionFound) {
+						if (line.startsWith(endDelim)) {
+							break;
+						} else {
+							sb.append(line).append("\n");
+						}
+					}
+					line = reader.readLine();
+				}
+				if (!sectionFound || sb.length() == 0) {
+					logger.error("Could not find the configuration section for module {}", moduleName);
+				} else {
+					ini = new Ini();
+					ini.load(sb.toString());
+				}
+
+			} catch (IOException e) {
+				logger.error("Error reading configuration file", e);
+			} finally {
+				if (reader != null)
+					try {
+						reader.close();
+					} catch (IOException e) {
+						logger.error("IO Error", e);
+					}
+			}
+		}
+
+		return ini;
+	}
+}

modules/security/security-client/src/main/java/org/openiot/security/client/CustomIniWebEnvironment.java

@@ -1,15 +1,9 @@
 package org.openiot.security.client;
 
-import java.nio.file.Files;
-import java.nio.file.Path;
-import java.nio.file.Paths;
-
 import org.apache.shiro.config.Ini;
 import org.apache.shiro.util.CollectionUtils;
 import org.apache.shiro.util.StringUtils;
 import org.apache.shiro.web.env.IniWebEnvironment;
-import org.openiot.commons.util.PropertyManagement;
-import org.openiot.security.client.rest.CasOAuthWrapperClientRest;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -20,24 +14,12 @@ public class CustomIniWebEnvironment extends IniWebEnvironment {
 	@Override
 	public void init() {
 		String jbossConfigDir = System.getProperty("jboss.server.config.dir");
-		String key = null;
-		String secret = null;
 		Ini ini = null;
 
 		String moduleName = getServletContext().getInitParameter(MODULE_NAME_PARAM);
 
 		if (StringUtils.hasText(moduleName) && jbossConfigDir != null) {
-			PropertyManagement props = new PropertyManagement();
-			String iniFilePath = jbossConfigDir + "/web-client-" + moduleName + ".ini";
-			Path path = Paths.get(iniFilePath);
-			if (!Files.exists(path) || Files.isDirectory(path)) {
-				logger.warn("The configuration file {} is not found.", iniFilePath);
-			} else {
-				ini = getSpecifiedIni(new String[] { "file:" + iniFilePath });
-			}
-
-			key = props.getProperty("casOauthClient.key." + moduleName, null);
-			secret = props.getProperty("casOauthClient.secret." + moduleName, null);
+			ini = ConfigFileReader.getIniConfig(jbossConfigDir, moduleName);
 		}
 		if (CollectionUtils.isEmpty(ini)) {
 			logger.info("Falling back to the web-client.ini in the class path");
@@ -48,14 +30,6 @@ public void init() {
 		setIni(ini);
 		configure();
 
-		if (key != null && secret != null) {
-			CasOAuthWrapperClientRest bean = getObject("casOauthClient", CasOAuthWrapperClientRest.class);
-			bean.setKey(key);
-			bean.setSecret(secret);
-		} else {
-			logger.warn("casOauthClient.key.{} or/and casOauthClient.secret.{} is not set in the global properties file", moduleName, moduleName);
-		}
 	}
 
-
 }

modules/security/security-management/src/main/java/org/openiot/security/mgmt/LoginController.java

@@ -66,7 +66,7 @@ public String signInWithOpenIoT() {
 	}
 
 	public String getSignOutOfCASLink() {
-		return AccessControlUtil.getInstance().getLogoutURL();
+		return Utils.getPropertyManagement().getCASLogoutURL();
 	}
 
 }

modules/security/security-management/src/main/webapp/perms.xhtml

@@ -44,7 +44,8 @@
 							<h:panelGrid columns="1" style="width:100%" cellpadding="5">
 								<h:panelGroup id="permissionsPanel" layout="block" style="width:100%">
 									<p:dataTable var="perm" value="#{permissionsController.permissions}" id="permissionsTable" tableStyle="width:100%;" selectionMode="single"
-										selection="#{permissionsController.selectedPermission}" rowKey="#{perm.name}" emptyMessage="Permission list is empty." resizableColumns="true">
+										selection="#{permissionsController.selectedPermission}" rowKey="#{perm.name}" emptyMessage="Permission list is empty." resizableColumns="true" 
+										paginator="true" rows="10" paginatorPosition="bottom">
 
 										<p:ajax event="rowSelect" update=":rolesForm:permissionsTable:removePermBtn :rolesForm:usersTable :permForm:permRolesPanel" />
 										<p:ajax event="rowUnselect" update=":rolesForm:permissionsTable:removePermBtn :rolesForm:usersTable :permForm:permRolesPanel" />
@@ -82,7 +83,7 @@
 										style="table-layout: fixed; font-size:smaller;" emptyMessage="User list is empty.">
 
 										<f:facet name="header">
-											<h:outputText value="Permission Users" />
+											<h:outputText value="#{permissionsController.selectedPermission == null ? 'Permission Users' : 'Permission Users ('.concat(permissionsController.selectedPermission.name).concat(')')}" />
 										</f:facet>
 
 										<p:column headerText="Full name" width="35%">

modules/security/security-management/src/main/webapp/roles.xhtml

@@ -43,7 +43,8 @@
 							<h:panelGrid columns="1" style="width:100%" cellpadding="5">
 								<h:panelGroup layout="block" style="width:100%">
 									<p:dataTable var="role" value="#{rolesController.roles}" rowKey="#{role.name}" id="rolesTable" resizableColumns="true" editable="false"
-										selectionMode="single" selection="#{rolesController.selectedRole}" style="table-layout: fixed">
+										selectionMode="single" selection="#{rolesController.selectedRole}" style="table-layout: fixed"
+										paginator="true" rows="10" paginatorPosition="bottom">
 
 										<p:ajax event="rowEdit" listener="#{rolesController.onEditRole}" update=":messages" />
 										<p:ajax event="rowEditCancel" listener="#{rolesController.onCancelEditRole}" update=":messages" />
@@ -113,7 +114,7 @@
 										<p:ajax event="rowUnselect" update=":rolesForm:usersTable:removeUserBtn" />
 
 										<f:facet name="header">
-											<h:outputText value="Role Users" />
+											<h:outputText value="#{rolesController.selectedRole == null ? 'Role Users' : 'Role Users ('.concat(rolesController.selectedRole.name).concat(')')}" />
 										</f:facet>
 
 										<p:column headerText="Full name" width="35%">