ApiApplicationBean.java
4.82 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
/*
* Copyright Codecrew Ry
*
* All rights reserved.
*
* This license applies to any software containing a notice placed by the
* copyright holder. Such software is herein referred to as the Software.
* This license covers modification, distribution and use of the Software.
*
* Any distribution and use in source and binary forms, with or without
* modification is not permitted without explicit written permission from the
* copyright owner.
*
* A non-exclusive royalty-free right is granted to the copyright owner of the
* Software to use, modify and distribute all modifications to the Software in
* future versions of the Software.
*
*/
package fi.codecrew.moya.beans;
import java.util.Calendar;
import java.util.Date;
import java.util.List;
import javax.annotation.security.DeclareRoles;
import javax.annotation.security.RolesAllowed;
import javax.ejb.EJB;
import javax.ejb.EJBException;
import javax.ejb.LocalBean;
import javax.ejb.Singleton;
import fi.codecrew.moya.enums.apps.SpecialPermission;
import fi.codecrew.moya.facade.ApiApplicationFacade;
import fi.codecrew.moya.facade.ApiApplicationInstanceFacade;
import fi.codecrew.moya.facade.EventUserFacade;
import fi.codecrew.moya.model.ApiApplication;
import fi.codecrew.moya.model.ApiApplicationInstance;
import fi.codecrew.moya.model.EventUser;
import fi.codecrew.moya.model.LanEvent;
import fi.codecrew.moya.utilities.PasswordFunctions;
import fi.codecrew.moya.utilities.moyamessage.MoyaEventType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* Session Bean implementation class RestAuthBean
*/
@Singleton
@LocalBean
@DeclareRoles(SpecialPermission.S_SUPERADMIN)
public class ApiApplicationBean implements ApiApplicationBeanLocal {
@EJB
ApiApplicationFacade applicationFacade;
@EJB
PermissionBean permissionBean;
@EJB
ApiApplicationInstanceFacade instanceFacade;
@EJB
private EventUserFacade eventUserFacade;
@EJB
EventBean eventBean;
@EJB
LoggingBeanLocal loggingBean;
@EJB
UserBean userBean;
private static final Logger logger = LoggerFactory.getLogger(ApiApplicationBean.class);
/**
* Default constructor.
*/
public ApiApplicationBean() {
// TODO Auto-generated constructor stub
}
@Override
@RolesAllowed(SpecialPermission.S_USER)
public ApiApplicationInstance createApplicationInstance(ApiApplication application) {
application = applicationFacade.reload(application);
// ugly as shit sanitation for eventName, sorry
LanEvent currevent = eventBean.getCurrentEvent();
String authname = permissionBean.getCurrentUser().getLogin() + "_" + application.getName() + "_" + currevent.getId() + "_" + currevent.getName();
// Replace all non-valid characters with '_'
authname.replaceAll("[^a-zA-Z0-9._]", "_");
// Ensure authname is unique;
final String origAuthname = authname;
for (int i = 2; instanceFacade.findInstance(application, authname, eventBean.getCurrentEvent()) != null; ++i) {
authname = origAuthname + "_" + i;
}
ApiApplicationInstance instance = new ApiApplicationInstance();
instance.setApplication(application);
instance.setAuthname(authname);
instance.setName(application.getName() + " for user: " + permissionBean.getCurrentUser().getLogin());
instance.setCreated(new Date());
instance.setEnabled(true);
instance.setEventuser(permissionBean.getCurrentUser());
instance.setSecretKey(PasswordFunctions.generateRandomString(30));
instanceFacade.create(instance);
loggingBean.sendMessage(MoyaEventType.APPLICATION_INSTANCE_CREATED,
"New applicationinstance created for software: ", application);
return instance;
}
@Override
public ApiApplication findApplication(String appKey) {
return applicationFacade.findByAppid(appKey);
}
/**
* Note that this function can sould be allowed to be called without principal, ie without domain information.
*
* @param appkey
* @param userkey
* @param domain
* @return
*/
@Override
public String findUsernameForApikey(String appkey, String userkey, String domain) {
LanEvent event = eventBean.getEventForHostname(domain);
if (event == null) {
throw new EJBException("Event not found for domain: " + domain);
}
ApiApplicationInstance instance = instanceFacade.findInstance(appkey, userkey, event);
if (instance == null) {
logger.error("Tried to get Api Application Instance: appkey={}, userkey={}, domain={}, event={}", appkey, userkey, domain, event.getName());
throw new EJBException("ApiApplicationInstance not found");
}
return instance.getEventuser().getUser().getLogin();
}
@Override
@RolesAllowed(SpecialPermission.S_USER)
public List<ApiApplication> findMyApplications() {
EventUser curruser = permissionBean.getCurrentUser();
return applicationFacade.findForUser(curruser);
}
@Override
@RolesAllowed(SpecialPermission.S_SUPERADMIN)
public List<ApiApplication> findAllApplications() {
return applicationFacade.findAll();
}
}