Commit 6efb8a30 authored by michael.simon's avatar michael.simon
Browse files

add ssh key approval role and view

parent 9ed7bdc2
......@@ -42,4 +42,6 @@ public interface ServiceDao extends BaseDao<ServiceEntity, Long> {
List<ServiceEntity> findByParentService(ServiceEntity service);
List<ServiceEntity> findBySshPubKeyApproverRole(RoleEntity role);
}
/*******************************************************************************
* Copyright (c) 2014 Michael Simon.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the GNU Public License v3.0
* which accompanies this distribution, and is available at
* http://www.gnu.org/licenses/gpl.html
*
* Contributors:
* Michael Simon - initial
******************************************************************************/
package edu.kit.scc.webreg.dao;
import edu.kit.scc.webreg.entity.SshPubKeyApproverRoleEntity;
public interface SshPubKeyApproverRoleDao extends BaseDao<SshPubKeyApproverRoleEntity, Long> {
}
......@@ -20,4 +20,6 @@ public interface SshPubKeyRegistryDao extends BaseDao<SshPubKeyRegistryEntity, L
List<SshPubKeyRegistryEntity> findByRegistry(Long registryId);
List<SshPubKeyRegistryEntity> findForApproval(Long serviceId);
}
......@@ -81,6 +81,13 @@ public class JpaServiceDao extends JpaBaseDao<ServiceEntity, Long> implements Se
.setParameter("role", role).getResultList();
}
@Override
@SuppressWarnings({"unchecked"})
public List<ServiceEntity> findBySshPubKeyApproverRole(RoleEntity role) {
return em.createQuery("select e from ServiceEntity e where e.sshPubKeyApproverRole = :role")
.setParameter("role", role).getResultList();
}
@Override
@SuppressWarnings({"unchecked"})
public List<ServiceEntity> findByGroupAdminRole(RoleEntity role) {
......
/*******************************************************************************
* Copyright (c) 2014 Michael Simon.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the GNU Public License v3.0
* which accompanies this distribution, and is available at
* http://www.gnu.org/licenses/gpl.html
*
* Contributors:
* Michael Simon - initial
******************************************************************************/
package edu.kit.scc.webreg.dao.jpa;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Named;
import edu.kit.scc.webreg.dao.SshPubKeyApproverRoleDao;
import edu.kit.scc.webreg.entity.SshPubKeyApproverRoleEntity;
@Named
@ApplicationScoped
public class JpaSshPubKeyApproverRoleDao extends JpaBaseDao<SshPubKeyApproverRoleEntity, Long> implements SshPubKeyApproverRoleDao {
@Override
public Class<SshPubKeyApproverRoleEntity> getEntityClass() {
return SshPubKeyApproverRoleEntity.class;
}
}
......@@ -17,6 +17,7 @@ import javax.inject.Named;
import edu.kit.scc.webreg.dao.SshPubKeyRegistryDao;
import edu.kit.scc.webreg.entity.SshPubKeyRegistryEntity;
import edu.kit.scc.webreg.entity.SshPubKeyRegistryStatus;
@Named
@ApplicationScoped
......@@ -39,6 +40,16 @@ public class JpaSshPubKeyRegistryDao extends JpaBaseDao<SshPubKeyRegistryEntity,
.getResultList();
}
@Override
@SuppressWarnings("unchecked")
public List<SshPubKeyRegistryEntity> findForApproval(Long serviceId) {
return em.createQuery("select e from SshPubKeyRegistryEntity e where e.registry.service.id = :serviceId "
+ "and e.keyStatus = :keyStatus")
.setParameter("serviceId", serviceId)
.setParameter("keyStatus", SshPubKeyRegistryStatus.PENDING)
.getResultList();
}
@Override
public Class<SshPubKeyRegistryEntity> getEntityClass() {
return SshPubKeyRegistryEntity.class;
......
......@@ -42,6 +42,7 @@ public enum EventType {
SSH_KEY_DELETED,
SSH_KEY_REGISTRY_APPROVAL,
SSH_KEY_REGISTRY_DEPLOYED,
SSH_KEY_REGISTRY_DENIED,
SSH_KEY_REGISTRY_DELETED,
}
......@@ -57,6 +57,9 @@ public class ServiceEntity extends AbstractBaseEntity {
@ManyToOne(targetEntity = ApproverRoleEntity.class)
private ApproverRoleEntity approverRole;
@ManyToOne(targetEntity = SshPubKeyApproverRoleEntity.class)
private SshPubKeyApproverRoleEntity sshPubKeyApproverRole;
@ManyToOne(targetEntity = GroupAdminRoleEntity.class)
private GroupAdminRoleEntity groupAdminRole;
......@@ -304,4 +307,12 @@ public class ServiceEntity extends AbstractBaseEntity {
this.sshPubKeyCapable = sshPubKeyCapable;
}
public SshPubKeyApproverRoleEntity getSshPubKeyApproverRole() {
return sshPubKeyApproverRole;
}
public void setSshPubKeyApproverRole(SshPubKeyApproverRoleEntity sshPubKeyApproverRole) {
this.sshPubKeyApproverRole = sshPubKeyApproverRole;
}
}
/*******************************************************************************
* Copyright (c) 2014 Michael Simon.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the GNU Public License v3.0
* which accompanies this distribution, and is available at
* http://www.gnu.org/licenses/gpl.html
*
* Contributors:
* Michael Simon - initial
******************************************************************************/
package edu.kit.scc.webreg.entity;
import java.util.Set;
import javax.persistence.Entity;
import javax.persistence.OneToMany;
@Entity(name = "SshPubKeyApproverRoleEntity")
public class SshPubKeyApproverRoleEntity extends RoleEntity {
private static final long serialVersionUID = 1L;
@OneToMany(targetEntity = ServiceEntity.class, mappedBy = "sshPubKeyApproverRole")
private Set<ServiceEntity> sshPubKeyApproverForServices;
public Set<ServiceEntity> getSshPubKeyApproverForServices() {
return sshPubKeyApproverForServices;
}
public void setSshPubKeyApproverForServices(Set<ServiceEntity> sshPubKeyApproverForServices) {
this.sshPubKeyApproverForServices = sshPubKeyApproverForServices;
}
}
......@@ -36,6 +36,15 @@ public class SshPubKeyRegistryEntity extends AbstractBaseEntity {
@Column(name = "comment", length = 1024)
private String comment;
@Column(name = "approver_comment", length = 2048)
private String approverComment;
@Column(name = "approved_at")
private Date approvedAt;
@ManyToOne(targetEntity = UserEntity.class)
private UserEntity approvedBy;
@Column(name = "expires_at")
private Date expiresAt;
......@@ -102,5 +111,29 @@ public class SshPubKeyRegistryEntity extends AbstractBaseEntity {
public void setExpiresAt(Date expiresAt) {
this.expiresAt = expiresAt;
}
public String getApproverComment() {
return approverComment;
}
public void setApproverComment(String approverComment) {
this.approverComment = approverComment;
}
public Date getApprovedAt() {
return approvedAt;
}
public void setApprovedAt(Date approvedAt) {
this.approvedAt = approvedAt;
}
public UserEntity getApprovedBy() {
return approvedBy;
}
public void setApprovedBy(UserEntity approvedBy) {
this.approvedBy = approvedBy;
}
}
......@@ -14,5 +14,6 @@ public enum SshPubKeyRegistryStatus {
ACTIVE,
PENDING,
DENIED,
}
......@@ -42,4 +42,6 @@ public interface ServiceService extends BaseService<ServiceEntity, Long> {
List<ServiceEntity> findByParentService(ServiceEntity service);
List<ServiceEntity> findBySshPubKeyApproverRole(RoleEntity role);
}
/*******************************************************************************
* Copyright (c) 2014 Michael Simon.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the GNU Public License v3.0
* which accompanies this distribution, and is available at
* http://www.gnu.org/licenses/gpl.html
*
* Contributors:
* Michael Simon - initial
******************************************************************************/
package edu.kit.scc.webreg.service;
import edu.kit.scc.webreg.entity.SshPubKeyApproverRoleEntity;
public interface SshPubKeyApproverRoleService extends BaseService<SshPubKeyApproverRoleEntity, Long> {
}
......@@ -84,6 +84,11 @@ public class ServiceServiceImpl extends BaseServiceImpl<ServiceEntity, Long> imp
return dao.findByApproverRole(role);
}
@Override
public List<ServiceEntity> findBySshPubKeyApproverRole(RoleEntity role) {
return dao.findBySshPubKeyApproverRole(role);
}
@Override
public List<ServiceEntity> findByGroupAdminRole(RoleEntity role) {
return dao.findByGroupAdminRole(role);
......
/*******************************************************************************
* Copyright (c) 2014 Michael Simon.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the GNU Public License v3.0
* which accompanies this distribution, and is available at
* http://www.gnu.org/licenses/gpl.html
*
* Contributors:
* Michael Simon - initial
******************************************************************************/
package edu.kit.scc.webreg.service.impl;
import javax.ejb.Stateless;
import javax.inject.Inject;
import edu.kit.scc.webreg.dao.BaseDao;
import edu.kit.scc.webreg.dao.SshPubKeyApproverRoleDao;
import edu.kit.scc.webreg.entity.SshPubKeyApproverRoleEntity;
import edu.kit.scc.webreg.service.SshPubKeyApproverRoleService;
@Stateless
public class SshPubKeyApproverRoleServiceImpl extends BaseServiceImpl<SshPubKeyApproverRoleEntity, Long> implements SshPubKeyApproverRoleService {
private static final long serialVersionUID = 1L;
@Inject
private SshPubKeyApproverRoleDao dao;
@Override
protected BaseDao<SshPubKeyApproverRoleEntity, Long> getDao() {
return dao;
}
}
......@@ -25,4 +25,10 @@ public interface SshPubKeyRegistryService extends BaseService<SshPubKeyRegistryE
void deleteRegistry(SshPubKeyRegistryEntity entity, String executor);
List<SshPubKeyRegistryEntity> findForApproval(Long serviceId);
SshPubKeyRegistryEntity approveRegistry(SshPubKeyRegistryEntity entity, Long approverId);
SshPubKeyRegistryEntity denyRegistry(SshPubKeyRegistryEntity entity, Long approverId);
}
......@@ -10,6 +10,7 @@
******************************************************************************/
package edu.kit.scc.webreg.service.ssh;
import java.util.Date;
import java.util.List;
import javax.ejb.Stateless;
......@@ -19,6 +20,7 @@ import org.slf4j.Logger;
import edu.kit.scc.webreg.dao.BaseDao;
import edu.kit.scc.webreg.dao.SshPubKeyRegistryDao;
import edu.kit.scc.webreg.dao.UserDao;
import edu.kit.scc.webreg.entity.EventType;
import edu.kit.scc.webreg.entity.SshPubKeyRegistryEntity;
import edu.kit.scc.webreg.entity.SshPubKeyRegistryStatus;
......@@ -38,6 +40,9 @@ public class SshPubKeyRegistryServiceImpl extends BaseServiceImpl<SshPubKeyRegis
@Inject
private SshPubKeyRegistryDao dao;
@Inject
private UserDao userDao;
@Inject
private EventSubmitter eventSubmitter;
......@@ -51,6 +56,11 @@ public class SshPubKeyRegistryServiceImpl extends BaseServiceImpl<SshPubKeyRegis
return dao.findByRegistry(registryId);
}
@Override
public List<SshPubKeyRegistryEntity> findForApproval(Long serviceId) {
return dao.findForApproval(serviceId);
}
@Override
public SshPubKeyRegistryEntity deployRegistry(SshPubKeyRegistryEntity entity, String executor) {
entity = dao.persist(entity);
......@@ -69,6 +79,38 @@ public class SshPubKeyRegistryServiceImpl extends BaseServiceImpl<SshPubKeyRegis
return entity;
}
@Override
public SshPubKeyRegistryEntity approveRegistry(SshPubKeyRegistryEntity entity, Long approverId) {
entity = dao.merge(entity);
entity.setKeyStatus(SshPubKeyRegistryStatus.ACTIVE);
entity.setApprovedBy(userDao.findById(approverId));
entity.setApprovedAt(new Date());
SshPubKeyRegistryEvent event = new SshPubKeyRegistryEvent(entity);
try {
eventSubmitter.submit(event, EventType.SSH_KEY_REGISTRY_DEPLOYED, "user-" + approverId);
} catch (EventSubmitException e) {
logger.warn("Could not submit event", e);
}
return entity;
}
@Override
public SshPubKeyRegistryEntity denyRegistry(SshPubKeyRegistryEntity entity, Long approverId) {
entity = dao.merge(entity);
entity.setKeyStatus(SshPubKeyRegistryStatus.DENIED);
entity.setApprovedBy(userDao.findById(approverId));
entity.setApprovedAt(new Date());
SshPubKeyRegistryEvent event = new SshPubKeyRegistryEvent(entity);
try {
eventSubmitter.submit(event, EventType.SSH_KEY_REGISTRY_DENIED, "user-" + approverId);
} catch (EventSubmitException e) {
logger.warn("Could not submit event", e);
}
return entity;
}
@Override
public void deleteRegistry(SshPubKeyRegistryEntity entity, String executor) {
......
......@@ -51,6 +51,7 @@ public class SessionManager implements Serializable {
private Long roleSetCreated;
private List<ServiceEntity> serviceApproverList;
private List<ServiceEntity> serviceSshPubKeyApproverList;
private List<ServiceEntity> serviceAdminList;
private List<ServiceEntity> serviceHotlineList;
private List<ServiceEntity> serviceGroupAdminList;
......@@ -69,6 +70,7 @@ public class SessionManager implements Serializable {
@PostConstruct
public void init() {
serviceApproverList = new ArrayList<ServiceEntity>();
serviceSshPubKeyApproverList = new ArrayList<ServiceEntity>();
serviceAdminList = new ArrayList<ServiceEntity>();
serviceHotlineList = new ArrayList<ServiceEntity>();
serviceGroupAdminList = new ArrayList<ServiceEntity>();
......@@ -79,6 +81,7 @@ public class SessionManager implements Serializable {
public void clearRoleList() {
serviceApproverList.clear();
serviceSshPubKeyApproverList.clear();
serviceAdminList.clear();
serviceHotlineList.clear();
serviceGroupAdminList.clear();
......@@ -258,4 +261,8 @@ public class SessionManager implements Serializable {
public void setAuthnRequestIdpConfigId(Long authnRequestIdpConfigId) {
this.authnRequestIdpConfigId = authnRequestIdpConfigId;
}
public List<ServiceEntity> getServiceSshPubKeyApproverList() {
return serviceSshPubKeyApproverList;
}
}
/*******************************************************************************
* Copyright (c) 2014 Michael Simon.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the GNU Public License v3.0
* which accompanies this distribution, and is available at
* http://www.gnu.org/licenses/gpl.html
*
* Contributors:
* Michael Simon - initial
******************************************************************************/
package edu.kit.scc.webreg.bean;
import java.io.Serializable;
import java.util.List;
import javax.faces.bean.ManagedBean;
import javax.faces.bean.ViewScoped;
import javax.faces.event.ComponentSystemEvent;
import javax.inject.Inject;
import edu.kit.scc.webreg.entity.ServiceEntity;
import edu.kit.scc.webreg.entity.SshPubKeyRegistryEntity;
import edu.kit.scc.webreg.exc.NotAuthorizedException;
import edu.kit.scc.webreg.sec.AuthorizationBean;
import edu.kit.scc.webreg.service.ServiceService;
import edu.kit.scc.webreg.service.ssh.SshPubKeyRegistryService;
import edu.kit.scc.webreg.session.SessionManager;
@ManagedBean
@ViewScoped
public class SshPubKeyApprovalListBean implements Serializable {
private static final long serialVersionUID = 1L;
private List<SshPubKeyRegistryEntity> list;
@Inject
private SshPubKeyRegistryService service;
@Inject
private ServiceService serviceService;
@Inject
private AuthorizationBean authBean;
@Inject
private SessionManager sessionManager;
private ServiceEntity serviceEntity;
private Long serviceId;
private SshPubKeyRegistryEntity selectedKey;
private String approverComment;
public void preRenderView(ComponentSystemEvent ev) {
if (serviceEntity == null) {
serviceEntity = serviceService.findById(serviceId);
}
if (! authBean.isUserServiceSshPubKeyApprover(serviceEntity))
throw new NotAuthorizedException("Nicht autorisiert");
}
public String approve(SshPubKeyRegistryEntity key) {
key.setApproverComment(approverComment);
service.approveRegistry(key, sessionManager.getUserId());
list.remove(selectedKey);
return null;
}
public String deny(SshPubKeyRegistryEntity key) {
key.setApproverComment(approverComment);
service.denyRegistry(key, sessionManager.getUserId());
list.remove(selectedKey);
return null;
}
public List<SshPubKeyRegistryEntity> getList() {
if (list == null) {
list = service.findForApproval(serviceEntity.getId());
}
return list;
}
public ServiceEntity getServiceEntity() {
return serviceEntity;
}
public void setServiceEntity(ServiceEntity serviceEntity) {
this.serviceEntity = serviceEntity;
}
public Long getServiceId() {
return serviceId;
}
public void setServiceId(Long serviceId) {
this.serviceId = serviceId;
}
public SshPubKeyRegistryEntity getSelectedKey() {
return selectedKey;
}
public void setSelectedKey(SshPubKeyRegistryEntity selectedKey) {
this.selectedKey = selectedKey;
}
public String getApproverComment() {
return approverComment;
}
public void setApproverComment(String approverComment) {
this.approverComment = approverComment;
}
}
/*******************************************************************************
* Copyright (c) 2014 Michael Simon.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the GNU Public License v3.0
* which accompanies this distribution, and is available at
* http://www.gnu.org/licenses/gpl.html
*
* Contributors:
* Michael Simon - initial
******************************************************************************/
package edu.kit.scc.webreg.bean.admin.role;
import java.io.Serializable;
import javax.annotation.PostConstruct;
import javax.enterprise.context.RequestScoped;
import javax.inject.Inject;
import javax.inject.Named;
import edu.kit.scc.webreg.entity.SshPubKeyApproverRoleEntity;
import edu.kit.scc.webreg.service.SshPubKeyApproverRoleService;
import edu.kit.scc.webreg.util.ViewIds;
@Named("addSshPubKeyApproverRoleBean")
@RequestScoped
public class AddSshPubKeyApproverRoleBean implements Serializable {
private static final long serialVersionUID = 1L;
@Inject
private SshPubKeyApproverRoleService roleService;
private SshPubKeyApproverRoleEntity entity;
@PostConstruct
public void init() {
entity = roleService.createNew();
}
public String save() {
roleService.save(entity);
return ViewIds.LIST_ROLES;