Commit 8921a456 authored by Piotr Gawron's avatar Piotr Gawron
Browse files

info about sessionToken<->user mapping is stored via spring security

parent 5e88470c
......@@ -2,7 +2,6 @@ package lcsb.mapviewer.api;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
......@@ -126,31 +125,28 @@ public abstract class BaseRestImpl {
result.put("type", annotation.getDataType().name());
result.put("resource", annotation.getResource());
result.put("id", annotation.getId());
if (annotation.getAnnotator() != null) {
try {
result.put("annotatorClassName", annotation.getAnnotator().getName());
result.put("descriptionByType",
((ElementAnnotator) annotation.getAnnotator().getConstructor().newInstance()).getDescription( annotation.getDataType())
);
result.put("descriptionByTypeRelation",
((ElementAnnotator) annotation.getAnnotator().getConstructor().newInstance()).getDescription(
annotation.getDataType(),
annotation.getRelationType())
);
}catch(Exception e) {
logger.error("Problem with retrieving description from annotator", e);
result.put("annotatorClassName", "");
result.put("descriptionByType", "");
result.put("descriptionByTypeRelation", "");
}
if (annotation.getAnnotator() != null) {
try {
result.put("annotatorClassName", annotation.getAnnotator().getName());
result.put("descriptionByType", ((ElementAnnotator) annotation.getAnnotator().getConstructor().newInstance())
.getDescription(annotation.getDataType()));
result.put("descriptionByTypeRelation",
((ElementAnnotator) annotation.getAnnotator().getConstructor().newInstance())
.getDescription(annotation.getDataType(), annotation.getRelationType()));
} catch (Exception e) {
logger.error("Problem with retrieving description from annotator", e);
result.put("annotatorClassName", "");
result.put("descriptionByType", "");
result.put("descriptionByTypeRelation", "");
}
} else {
result.put("annotatorClassName", "");
result.put("descriptionByType", "");
result.put("descriptionByTypeRelation", "");
result.put("annotatorClassName", "");
result.put("descriptionByType", "");
result.put("descriptionByTypeRelation", "");
}
return result;
} else {
throw new InvalidArgumentException("invalid miriam data: " + annotation);
......@@ -206,7 +202,7 @@ public abstract class BaseRestImpl {
}
protected List<Model> getModels(String projectId, String modelId, String token) throws SecurityException {
Model model = modelService.getLastModelByProjectId(projectId, userService.getToken(token));
Model model = modelService.getLastModelByProjectId(projectId, token);
List<Model> models = new ArrayList<>();
if (!modelId.equals("*")) {
......@@ -384,4 +380,11 @@ public abstract class BaseRestImpl {
}
return this.mathMlTransformer;
}
protected void verifyToken(String token) throws SecurityException {
if (getUserService().getUserByToken(token) == null) {
throw new SecurityException("Invalid token");
}
}
}
......@@ -55,7 +55,7 @@ public class ConfigurationRestImpl extends BaseRestImpl {
private ModelAnnotator modelAnnotator;
public List<ConfigurationView> getAllValues(String token) throws SecurityException {
userService.getToken(token);
verifyToken(token);
return configurationService.getAllValues();
}
......@@ -94,7 +94,7 @@ public class ConfigurationRestImpl extends BaseRestImpl {
}
public List<Map<String, Object>> getImageFormats(String token) throws SecurityException {
userService.getToken(token);
verifyToken(token);
List<Map<String, Object>> result = new ArrayList<>();
ImageGenerators imageGenerators = new ImageGenerators();
......@@ -112,7 +112,7 @@ public class ConfigurationRestImpl extends BaseRestImpl {
}
public List<Map<String, Object>> getModelFormats(String token) throws SecurityException {
userService.getToken(token);
verifyToken(token);
List<IConverter> converters = getModelConverters();
List<Map<String, Object>> result = new ArrayList<>();
......@@ -128,7 +128,7 @@ public class ConfigurationRestImpl extends BaseRestImpl {
}
public List<Map<String, Object>> getOverlayTypes(String token) throws SecurityException {
userService.getToken(token);
verifyToken(token);
List<Map<String, Object>> result = new ArrayList<>();
for (ColorSchemaType type : ColorSchemaType.values()) {
Map<String, Object> map = new HashMap<>();
......@@ -139,7 +139,7 @@ public class ConfigurationRestImpl extends BaseRestImpl {
}
public Set<Map<String, String>> getElementTypes(String token) throws SecurityException {
userService.getToken(token);
verifyToken(token);
return getClassStringTypesList(Element.class);
}
......@@ -171,7 +171,7 @@ public class ConfigurationRestImpl extends BaseRestImpl {
}
public Set<Map<String, String>> getReactionTypes(String token) throws SecurityException {
userService.getToken(token);
verifyToken(token);
return getClassStringTypesList(Reaction.class);
}
......
......@@ -10,49 +10,43 @@ import lcsb.mapviewer.model.map.MiriamType;
import lcsb.mapviewer.model.map.layout.ReferenceGenomeType;
import lcsb.mapviewer.services.SecurityException;
import lcsb.mapviewer.services.interfaces.IReferenceGenomeService;
import lcsb.mapviewer.services.interfaces.IUserService;
import lcsb.mapviewer.services.view.AuthenticationToken;
import lcsb.mapviewer.services.view.ReferenceGenomeView;
@Transactional(value = "txManager")
public class ReferenceGenomeRestImpl {
/**
* Default class logger.
*/
@SuppressWarnings("unused")
private Logger logger = Logger.getLogger(ReferenceGenomeRestImpl.class);
@Autowired
private IUserService userService;
/**
* Service that manages reference genomes.
*/
@Autowired
private IReferenceGenomeService referenceGenomeService;
public ReferenceGenomeView getReferenceGenome(String token, String organismId, String type, String version) throws SecurityException, QueryException {
AuthenticationToken authenticationToken = userService.getToken(token);
MiriamData organism = null;
if (organismId != null && !organismId.isEmpty()) {
organism = new MiriamData(MiriamType.TAXONOMY, organismId);
} else {
throw new QueryException("Unknown taxonomy organism: " + organismId);
}
ReferenceGenomeView result = null;
try {
ReferenceGenomeType genomeType = ReferenceGenomeType.valueOf(type);
version = version.replaceAll("\\*", "");
result = referenceGenomeService.getReferenceGenomeViewByParams(organism, genomeType, version, authenticationToken);
if (result == null) {
throw new QueryException("Cannot find requested reference genome");
}
} catch (IllegalArgumentException e) {
throw new QueryException("Cannot find type: " + type);
}
return result;
}
/**
* Default class logger.
*/
@SuppressWarnings("unused")
private Logger logger = Logger.getLogger(ReferenceGenomeRestImpl.class);
/**
* Service that manages reference genomes.
*/
@Autowired
private IReferenceGenomeService referenceGenomeService;
public ReferenceGenomeView getReferenceGenome(String token, String organismId, String type, String version)
throws SecurityException, QueryException {
MiriamData organism = null;
if (organismId != null && !organismId.isEmpty()) {
organism = new MiriamData(MiriamType.TAXONOMY, organismId);
} else {
throw new QueryException("Unknown taxonomy organism: " + organismId);
}
ReferenceGenomeView result = null;
try {
ReferenceGenomeType genomeType = ReferenceGenomeType.valueOf(type);
version = version.replaceAll("\\*", "");
result = referenceGenomeService.getReferenceGenomeViewByParams(organism, genomeType, version, token);
if (result == null) {
throw new QueryException("Cannot find requested reference genome");
}
} catch (IllegalArgumentException e) {
throw new QueryException("Cannot find type: " + type);
}
return result;
}
}
package lcsb.mapviewer.api.mesh;
import java.io.IOException;
import java.util.Calendar;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
import org.springframework.util.MultiValueMap;
import org.springframework.web.bind.annotation.CookieValue;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import com.fasterxml.jackson.core.JsonParseException;
import com.fasterxml.jackson.databind.JsonMappingException;
import lcsb.mapviewer.api.BaseController;
import lcsb.mapviewer.api.ObjectNotFoundException;
import lcsb.mapviewer.api.QueryException;
import lcsb.mapviewer.common.Configuration;
import lcsb.mapviewer.services.SecurityException;
import lcsb.mapviewer.services.interfaces.IUserService;
import lcsb.mapviewer.services.view.AuthenticationToken;
@RestController
public class MeshController extends BaseController {
......
......@@ -75,7 +75,6 @@ import lcsb.mapviewer.services.utils.ColorSchemaReader;
import lcsb.mapviewer.services.utils.CreateProjectParams;
import lcsb.mapviewer.services.utils.data.BuildInLayout;
import lcsb.mapviewer.services.utils.gmap.CoordinationConverter;
import lcsb.mapviewer.services.view.AuthenticationToken;
import lcsb.mapviewer.services.view.OverviewImageViewFactory;
@Transactional(value = "txManager")
......@@ -114,8 +113,7 @@ public class ProjectRestImpl extends BaseRestImpl {
private UploadedFileEntryDao uploadedFileEntryDao;
public ProjectMetaData getProject(String projectId, String token) throws SecurityException, ObjectNotFoundException {
AuthenticationToken authenticationToken = getUserService().getToken(token);
Project project = getProjectService().getProjectByProjectId(projectId, authenticationToken);
Project project = getProjectService().getProjectByProjectId(projectId, token);
if (project == null) {
throw new ObjectNotFoundException("Project with given id doesn't exist");
}
......@@ -185,8 +183,7 @@ public class ProjectRestImpl extends BaseRestImpl {
}
public FileEntry getSource(String token, String projectId) throws SecurityException, QueryException {
AuthenticationToken authenticationToken = getUserService().getToken(token);
Project project = getProjectService().getProjectByProjectId(projectId, authenticationToken);
Project project = getProjectService().getProjectByProjectId(projectId, token);
if (project == null) {
throw new ObjectNotFoundException("Project with given id doesn't exist");
}
......@@ -200,10 +197,9 @@ public class ProjectRestImpl extends BaseRestImpl {
public FileEntry getModelAsImage(String token, String projectId, String modelId, String handlerClass,
String backgroundOverlayId, String overlayIds, String zoomLevel, String polygonString) throws SecurityException,
QueryException, IOException, InvalidColorSchemaException, CommandExecutionException, DrawingException {
AuthenticationToken authenticationToken = getUserService().getToken(token);
User user = getUserService().getUserByToken(authenticationToken);
User user = getUserService().getUserByToken(token);
Model topModel = getModelService().getLastModelByProjectId(projectId, authenticationToken);
Model topModel = getModelService().getLastModelByProjectId(projectId, token);
if (topModel == null) {
throw new ObjectNotFoundException("Project with given id doesn't exist");
}
......@@ -298,7 +294,7 @@ public class ProjectRestImpl extends BaseRestImpl {
}
List<Integer> visibleLayoutIds = deserializeIdList(overlayIds);
for (Integer integer : visibleLayoutIds) {
Map<Object, ColorSchema> map = layoutService.getElementsForLayout(colorModel, integer, authenticationToken);
Map<Object, ColorSchema> map = layoutService.getElementsForLayout(colorModel, integer, token);
params.addVisibleLayout(map);
}
......@@ -332,9 +328,7 @@ public class ProjectRestImpl extends BaseRestImpl {
String backgroundOverlayId, String overlayIds, String zoomLevel, String polygonString)
throws SecurityException, QueryException, IOException, InvalidColorSchemaException, CommandExecutionException,
ConverterException, InconsistentModelException {
AuthenticationToken authenticationToken = getUserService().getToken(token);
Model topModel = getModelService().getLastModelByProjectId(projectId, authenticationToken);
Model topModel = getModelService().getLastModelByProjectId(projectId, token);
if (topModel == null) {
throw new ObjectNotFoundException("Project with given id doesn't exist");
}
......@@ -367,10 +361,8 @@ public class ProjectRestImpl extends BaseRestImpl {
public Map<String, Object> getStatistics(String projectId, String token)
throws SecurityException, ObjectNotFoundException {
Map<String, Object> result = new HashMap<String, Object>();
AuthenticationToken authenticationToken = getUserService().getToken(token);
Model model = getModelService().getLastModelByProjectId(projectId, authenticationToken);
Map<String, Object> result = new HashMap<>();
Model model = getModelService().getLastModelByProjectId(projectId, token);
if (model == null) {
throw new ObjectNotFoundException("Project with given id doesn't exist");
}
......@@ -416,8 +408,7 @@ public class ProjectRestImpl extends BaseRestImpl {
}
public List<ProjectMetaData> getProjects(String token) throws SecurityException {
AuthenticationToken authenticationToken = getUserService().getToken(token);
List<Project> projects = getProjectService().getAllProjects(authenticationToken);
List<Project> projects = getProjectService().getAllProjects(token);
List<ProjectMetaData> result = new ArrayList<>();
for (Project project : projects) {
result.add(createData(project));
......@@ -427,12 +418,11 @@ public class ProjectRestImpl extends BaseRestImpl {
public ProjectMetaData updateProject(String token, String projectId, Map<String, Object> data)
throws SecurityException, QueryException {
AuthenticationToken authenticationToken = getUserService().getToken(token);
Project project = getProjectService().getProjectByProjectId(projectId, authenticationToken);
Project project = getProjectService().getProjectByProjectId(projectId, token);
if (project == null) {
throw new ObjectNotFoundException("Project with given id doesn't exist");
}
boolean canModify = getUserService().userHasPrivilege(authenticationToken, PrivilegeType.ADD_MAP);
boolean canModify = getUserService().userHasPrivilege(token, PrivilegeType.ADD_MAP);
if (!canModify) {
throw new SecurityException("You cannot update projects");
}
......@@ -497,9 +487,8 @@ public class ProjectRestImpl extends BaseRestImpl {
public ProjectMetaData addProject(String token, String projectId, MultiValueMap<String, Object> data, String path)
throws SecurityException, QueryException, IOException {
AuthenticationToken authenticationToken = getUserService().getToken(token);
User user = getUserService().getUserByToken(authenticationToken);
Project project = getProjectService().getProjectByProjectId(projectId, authenticationToken);
User user = getUserService().getUserByToken(token);
Project project = getProjectService().getProjectByProjectId(projectId, token);
if (project != null) {
logger.debug(project.getProjectId());
throw new ObjectExistsException("Project with given id already exists");
......@@ -532,7 +521,7 @@ public class ProjectRestImpl extends BaseRestImpl {
params.addUser(user.getLogin(), null);
params.async(true);
params.parser(parser);
params.authenticationToken(authenticationToken);
params.authenticationToken(token);
params.autoResize(getFirstValue(data.get("auto-resize")));
params.cacheModel(getFirstValue(data.get("cache")));
params.description(getFirstValue(data.get("description")));
......@@ -640,9 +629,8 @@ public class ProjectRestImpl extends BaseRestImpl {
public ProjectMetaData removeProject(String token, String projectId, String path)
throws ObjectNotFoundException, SecurityException {
AuthenticationToken authenticationToken = getUserService().getToken(token);
Project project = getProjectService().getProjectByProjectId(projectId, authenticationToken);
getProjectService().removeProject(project, path, true, authenticationToken);
Project project = getProjectService().getProjectByProjectId(projectId, token);
getProjectService().removeProject(project, path, true, token);
return getProject(projectId, token);
}
......@@ -684,8 +672,7 @@ public class ProjectRestImpl extends BaseRestImpl {
public Map<String, Object> getLogs(String projectId, String level, String token, String startString, Integer length,
String sortColumn, String sortOrder, String search) throws SecurityException, QueryException {
AuthenticationToken authenticationToken = getUserService().getToken(token);
Project project = getProjectService().getProjectByProjectId(projectId, authenticationToken);
Project project = getProjectService().getProjectByProjectId(projectId, token);
if (project == null) {
throw new ObjectNotFoundException("Project with given id doesn't exist");
}
......
......@@ -25,12 +25,9 @@ import lcsb.mapviewer.model.map.MiriamData;
import lcsb.mapviewer.model.map.model.Model;
import lcsb.mapviewer.model.map.species.Element;
import lcsb.mapviewer.services.SecurityException;
import lcsb.mapviewer.services.interfaces.IModelService;
import lcsb.mapviewer.services.interfaces.IUserService;
import lcsb.mapviewer.services.search.data.ElementIdentifier.ElementIdentifierType;
import lcsb.mapviewer.services.search.db.DbSearchCriteria;
import lcsb.mapviewer.services.search.db.chemical.IChemicalService;
import lcsb.mapviewer.services.view.AuthenticationToken;
@Transactional(value = "txManager")
public class ChemicalRestImpl extends BaseRestImpl {
......@@ -51,8 +48,7 @@ public class ChemicalRestImpl extends BaseRestImpl {
public List<Map<String, Object>> getChemicalsByQuery(String token, String projectId, String columns, String query)
throws SecurityException, QueryException {
AuthenticationToken authenticationToken = getUserService().getToken(token);
Model model = getModelService().getLastModelByProjectId(projectId, authenticationToken);
Model model = getModelService().getLastModelByProjectId(projectId, token);
if (model == null) {
throw new QueryException("Project with given id doesn't exist");
}
......@@ -172,8 +168,7 @@ public class ChemicalRestImpl extends BaseRestImpl {
public List<Map<String, Object>> getChemicalsByTarget(String token, String projectId, String targetType,
String targetId, String columns) throws SecurityException, QueryException {
AuthenticationToken authenticationToken = getUserService().getToken(token);
Model model = getModelService().getLastModelByProjectId(projectId, authenticationToken);
Model model = getModelService().getLastModelByProjectId(projectId, token);
if (model == null) {
throw new QueryException("Project with given id doesn't exist");
}
......@@ -220,9 +215,9 @@ public class ChemicalRestImpl extends BaseRestImpl {
return result;
}
public List<String> getSuggestedQueryList(String projectId, String token) throws SecurityException, ChemicalSearchException {
AuthenticationToken authenticationToken = getUserService().getToken(token);
Project project = getProjectService().getProjectByProjectId(projectId, authenticationToken);
public List<String> getSuggestedQueryList(String projectId, String token)
throws SecurityException, ChemicalSearchException {
Project project = getProjectService().getProjectByProjectId(projectId, token);
return chemicalParser.getSuggestedQueryList(project, project.getDisease());
}
}
......@@ -25,11 +25,8 @@ import lcsb.mapviewer.persist.dao.map.ReactionDao;
import lcsb.mapviewer.persist.dao.map.species.ElementDao;
import lcsb.mapviewer.services.SecurityException;
import lcsb.mapviewer.services.interfaces.ICommentService;
import lcsb.mapviewer.services.interfaces.IModelService;
import lcsb.mapviewer.services.interfaces.IUserService;
import lcsb.mapviewer.services.overlay.IconManager;
import lcsb.mapviewer.services.search.data.ElementIdentifier.ElementIdentifierType;
import lcsb.mapviewer.services.view.AuthenticationToken;
@Transactional(value = "txManager")
public class CommentRestImpl extends BaseRestImpl {
......@@ -50,18 +47,16 @@ public class CommentRestImpl extends BaseRestImpl {
public List<Map<String, Object>> getCommentList(String token, String projectId, String columns, String elementId,
String elementType, String removed) throws SecurityException, QueryException {
AuthenticationToken authenticationToken = getUserService().getToken(token);
Project project = getProjectService().getProjectByProjectId(projectId, authenticationToken);
Project project = getProjectService().getProjectByProjectId(projectId, token);
if (project == null) {
throw new ObjectNotFoundException("Project with given id doesn't exist");
}
boolean isAdmin = getUserService().userHasPrivilege(authenticationToken, PrivilegeType.EDIT_COMMENTS_PROJECT,
project);
boolean isAdmin = getUserService().userHasPrivilege(token, PrivilegeType.EDIT_COMMENTS_PROJECT, project);
Set<String> columnsSet = createCommentColumnSet(columns, isAdmin);
List<Map<String, Object>> result = new ArrayList<>();
List<Comment> comments = commentService.getCommentsByProject(project, authenticationToken);
List<Comment> comments = commentService.getCommentsByProject(project, token);
for (Comment comment : comments) {
boolean reject = false;
if (!"".equals(elementType)) {
......@@ -291,8 +286,7 @@ public class CommentRestImpl extends BaseRestImpl {
public Map<String, Object> addComment(String token, String projectId, String elementType, String elementId,
String name, String email, String content, boolean pinned, Point2D pointCoordinates, String submodelId)
throws QueryException, SecurityException {
AuthenticationToken authenticationToken = getUserService().getToken(token);
Model model = getModelService().getLastModelByProjectId(projectId, authenticationToken);
Model model = getModelService().getLastModelByProjectId(projectId, token);
if (model == null) {
throw new ObjectNotFoundException("Project with given id doesn't exist");
}
......@@ -328,15 +322,13 @@ public class CommentRestImpl extends BaseRestImpl {
submodel);
Project project = model.getProject();
boolean isAdmin = getUserService().userHasPrivilege(authenticationToken, PrivilegeType.EDIT_COMMENTS_PROJECT,
project);
boolean isAdmin = getUserService().userHasPrivilege(token, PrivilegeType.EDIT_COMMENTS_PROJECT, project);
return preparedComment(comment, createCommentColumnSet("", isAdmin), isAdmin);
}
public Map<String, Object> removeComment(String token, String projectId, String commentId, String reason)
throws SecurityException, QueryException {
AuthenticationToken authenticationToken = getUserService().getToken(token);
Project project = getProjectService().getProjectByProjectId(projectId, authenticationToken);
Project project = getProjectService().getProjectByProjectId(projectId, token);
if (project == null) {
throw new ObjectNotFoundException("Project with given id doesn't exist");
}
......@@ -345,7 +337,7 @@ public class CommentRestImpl extends BaseRestImpl {
throw new ObjectNotFoundException("Comment with given id doesn't exist");
}
commentService.deleteComment(comment, authenticationToken, reason);
commentService.deleteComment(comment, token, reason);
return okStatus();
}
......
......@@ -26,7 +26,6 @@ import lcsb.mapviewer.services.interfaces.IUserService;
import lcsb.mapviewer.services.search.data.ElementIdentifier.ElementIdentifierType;
import lcsb.mapviewer.services.search.db.DbSearchCriteria;
import lcsb.mapviewer.services.search.db.drug.IDrugService;
import lcsb.mapviewer.services.view.AuthenticationToken;
@Transactional(value = "txManager")
public class DrugRestImpl extends BaseRestImpl {
......@@ -48,8 +47,7 @@ public class DrugRestImpl extends BaseRestImpl {
public List<Map<String, Object>> getDrugsByQuery(String token, String projectId, String columns, String query)
throws SecurityException, QueryException {
AuthenticationToken authenticationToken = userService.getToken(token);
Model model = modelService.getLastModelByProjectId(projectId, authenticationToken);
Model model = modelService.getLastModelByProjectId(projectId, token);
if (model == null) {
throw new QueryException("Project with given id doesn't exist");
}
......@@ -180,8 +178,7 @@ public class DrugRestImpl extends BaseRestImpl {
public List<Map<String, Object>> getDrugsByTarget(String token, String projectId, String targetType, String targetId,
String columns) throws SecurityException, QueryException {
AuthenticationToken authenticationToken = userService.getToken(token);
Model model = modelService.getLastModelByProjectId(projectId, authenticationToken);
Model model = modelService.getLastModelByProjectId(projectId, token);
if (model == null) {
throw new QueryException("Project with given id doesn't exist");
}
......@@ -225,8 +222,7 @@ public class DrugRestImpl extends BaseRestImpl {
public List<String> getSuggestedQueryList(String projectId, String token)
throws SecurityException, DrugSearchException {
AuthenticationToken authenticationToken = userService.getToken(token);
Project project = getProjectService().getProjectByProjectId(projectId, authenticationToken);
Project project = getProjectService().getProjectByProjectId(projectId, token);
return drugService.getSuggestedQueryList(project, project.getOrganism());
}
......