ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From omal...@apache.org
Subject [24/44] ARGUS-1. Initial code commit (Selvamohan Neethiraj via omalley)
Date Thu, 14 Aug 2014 20:50:35 GMT
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/7defc061/security-admin/src/main/java/com/xasecure/rest/AssetREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/rest/AssetREST.java b/security-admin/src/main/java/com/xasecure/rest/AssetREST.java
new file mode 100644
index 0000000..cd8a45a
--- /dev/null
+++ b/security-admin/src/main/java/com/xasecure/rest/AssetREST.java
@@ -0,0 +1,552 @@
+package com.xasecure.rest;
+
+import java.io.File;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.DELETE;
+import javax.ws.rs.Encoded;
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.PUT;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+
+import org.apache.log4j.Logger;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Scope;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.stereotype.Component;
+import org.springframework.transaction.annotation.Propagation;
+import org.springframework.transaction.annotation.Transactional;
+
+import com.xasecure.biz.AssetMgr;
+import com.xasecure.biz.XABizUtil;
+import com.xasecure.common.PropertiesUtil;
+import com.xasecure.common.RESTErrorUtil;
+import com.xasecure.common.SearchCriteria;
+import com.xasecure.common.StringUtil;
+import com.xasecure.common.XACommonEnums;
+import com.xasecure.common.XASearchUtil;
+import com.xasecure.common.annotation.XAAnnotationClassName;
+import com.xasecure.common.annotation.XAAnnotationJSMgrName;
+import com.xasecure.service.XAccessAuditService;
+import com.xasecure.service.XAgentService;
+import com.xasecure.service.XAssetService;
+import com.xasecure.service.XCredentialStoreService;
+import com.xasecure.service.XPolicyExportAuditService;
+import com.xasecure.service.XResourceService;
+import com.xasecure.service.XTrxLogService;
+import com.xasecure.view.VXAccessAuditList;
+import com.xasecure.view.VXAsset;
+import com.xasecure.view.VXAssetList;
+import com.xasecure.view.VXCredentialStore;
+import com.xasecure.view.VXCredentialStoreList;
+import com.xasecure.view.VXLong;
+import com.xasecure.view.VXPolicyExportAuditList;
+import com.xasecure.view.VXResource;
+import com.xasecure.view.VXResourceList;
+import com.xasecure.view.VXResponse;
+import com.xasecure.view.VXString;
+import com.xasecure.view.VXStringList;
+import com.xasecure.view.VXTrxLogList;
+
+@Path("assets")
+@Component
+@Scope("request")
+@XAAnnotationJSMgrName("AssetMgr")
+@Transactional(propagation = Propagation.REQUIRES_NEW)
+public class AssetREST {
+	static Logger logger = Logger.getLogger(AssetREST.class);
+
+	@Autowired
+	XASearchUtil searchUtil;
+
+	@Autowired
+	AssetMgr assetMgr;
+
+	@Autowired
+	XAssetService xAssetService;
+
+	@Autowired
+	XResourceService xResourceService;
+
+	@Autowired
+	XCredentialStoreService xCredentialStoreService;
+
+	@Autowired
+	XAgentService xAgentService;
+
+	@Autowired
+	RESTErrorUtil restErrorUtil;
+	
+	@Autowired
+	XPolicyExportAuditService xPolicyExportAudits;
+	
+	@Autowired
+	XTrxLogService xTrxLogService;
+	
+	@Autowired
+	XABizUtil msBizUtil;
+
+	@Autowired
+	XAccessAuditService xAccessAuditService;
+	
+	@GET
+	@Path("/assets/{id}")
+	@Produces({ "application/xml", "application/json" })
+	public VXAsset getXAsset(@PathParam("id") Long id) {
+		return assetMgr.getXAsset(id);
+	}
+
+	@POST
+	@Path("/assets")
+	@Produces({ "application/xml", "application/json" })
+	public VXAsset createXAsset(VXAsset vXAsset) {
+		return assetMgr.createXAsset(vXAsset);
+	}
+
+	@PUT
+	@Path("/assets/{id}")
+	@Produces({ "application/xml", "application/json" })
+	public VXAsset updateXAsset(VXAsset vXAsset) {
+		return assetMgr.updateXAsset(vXAsset);
+	}
+
+	@DELETE
+	@Path("/assets/{id}")
+	@PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+	@XAAnnotationClassName(class_name = VXAsset.class)
+	public void deleteXAsset(@PathParam("id") Long id,
+			@Context HttpServletRequest request) {
+		boolean force = true;
+		assetMgr.deleteXAsset(id, force);
+	}
+
+	@POST
+	@Path("/assets/testConfig")
+	@Produces({ "application/xml", "application/json" })
+	public VXResponse testConfig(VXAsset vXAsset) {
+		return assetMgr.testConfig(vXAsset);
+	}
+
+	@GET
+	@Path("/assets")
+	@Produces({ "application/xml", "application/json" })
+	@SuppressWarnings("rawtypes")
+	public VXAssetList searchXAssets(@Context HttpServletRequest request) {
+		SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
+				request, xAssetService.sortFields);
+
+		searchUtil.extractIntList(request, searchCriteria, "status", "status",
+				"status");
+		// searchUtil.extractStringList(request, searchCriteria, "status",
+		// "status", "status", null, StringUtil.VALIDATION_TEXT);
+		Object status = searchCriteria.getParamValue("status");
+		if (status == null || ((Collection) status).size() == 0) {
+			ArrayList<Integer> valueList = new ArrayList<Integer>();
+			valueList.add(XACommonEnums.STATUS_DISABLED);
+			valueList.add(XACommonEnums.STATUS_ENABLED);
+			searchCriteria.addParam("status", valueList);
+		}
+		return assetMgr.searchXAssets(searchCriteria);
+	}
+
+	@GET
+	@Path("/assets/count")
+	@Produces({ "application/xml", "application/json" })
+	public VXLong countXAssets(@Context HttpServletRequest request) {
+		SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
+				request, xAssetService.sortFields);
+		return assetMgr.getXAssetSearchCount(searchCriteria);
+	}
+
+	@GET
+	@Path("/resources/{id}")
+	@Produces({ "application/xml", "application/json" })
+	public VXResource getXResource(@PathParam("id") Long id) {
+		return assetMgr.getXResource(id);
+	}
+
+	@POST
+	@Path("/resources")
+	@Produces({ "application/xml", "application/json" })
+	public VXResource createXResource(VXResource vXResource) {
+		vXResource=assetMgr.createXResource(vXResource);
+		return vXResource;
+		
+	}
+	
+	@PUT
+	@Path("/resources/{id}")
+	@Produces({ "application/xml", "application/json" })
+	public VXResource updateXResource(VXResource vXResource) {
+		return assetMgr.updateXResource(vXResource);
+	}
+
+	@DELETE
+	@Path("/resources/{id}")
+	@PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+	@XAAnnotationClassName(class_name = VXResource.class)
+	public void deleteXResource(@PathParam("id") Long id,
+			@Context HttpServletRequest request) {
+		boolean force = false;
+		assetMgr.deleteXResource(id, force);
+	}
+
+	@GET
+	@Path("/resources")
+	@Produces({ "application/xml", "application/json" })
+	public VXResourceList searchXResources(@Context HttpServletRequest request) {
+		SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
+				request, xResourceService.sortFields);
+		// searchUtil.extractStringList(request, searchCriteria, "name", "Name",
+		// "name", null, StringUtil.VALIDATION_TEXT);
+
+		searchUtil.extractString(request, searchCriteria, "name",
+				"Resource Path", StringUtil.VALIDATION_TEXT);
+		searchUtil.extractString(request, searchCriteria, "policyName",
+				"Policy name", StringUtil.VALIDATION_TEXT);
+		searchUtil.extractString(request, searchCriteria, "columns",
+				"Column name", StringUtil.VALIDATION_TEXT);
+		searchUtil.extractString(request, searchCriteria, "columnFamilies",
+				"Column Family", StringUtil.VALIDATION_TEXT);
+		searchUtil.extractString(request, searchCriteria, "tables", 
+				"Tables", StringUtil.VALIDATION_TEXT);
+		searchUtil.extractString(request, searchCriteria, "udfs", 
+				"UDFs", StringUtil.VALIDATION_TEXT);
+		searchUtil.extractString(request, searchCriteria, "databases",
+				"Databases", StringUtil.VALIDATION_TEXT);
+		searchUtil.extractString(request, searchCriteria, "groupName",
+				"Group Name", StringUtil.VALIDATION_TEXT);
+		searchUtil.extractInt(request, searchCriteria, "resourceType",
+				"Resource Type");
+		searchUtil.extractInt(request, searchCriteria, "assetType",
+				"Asset Type");
+		searchUtil.extractInt(request, searchCriteria, "isEncrypt",
+				"Is Encrypt");
+		searchUtil.extractInt(request, searchCriteria, "isRecursive",
+				"Is Recursive");
+		searchUtil.extractLong(request, searchCriteria, "assetId", "Asset Id");
+		searchUtil.extractString(request, searchCriteria, "userName",
+				"User Name", StringUtil.VALIDATION_TEXT);
+
+		searchUtil.extractLongList(request, searchCriteria, "userId",
+				"User Id", "userId");
+		// searchUtil.extractLong(request, searchCriteria, "userId",
+		// "User Id");
+		// searchUtil.extractLong(request, searchCriteria, "groupId",
+		// "Group Id");
+		searchUtil.extractLongList(request, searchCriteria, "groupId",
+				"Group Id", "groupId");
+		
+		searchUtil.extractString(request, searchCriteria, "topologies",
+				"Topology Name", StringUtil.VALIDATION_TEXT);
+		searchUtil.extractString(request, searchCriteria, "services",
+				"Service Name", StringUtil.VALIDATION_TEXT);
+
+		// searchUtil.extractIntList(request, searchCriteria, "status",
+		// "status", "status");
+
+		// SearchGroup outerGroup = new SearchGroup(SearchGroup.CONDITION.OR);
+		// // Get the search fields for objectClassType and objectId
+		// SearchField userId = null;
+		// SearchField groupId = null;
+		// SearchField resourceId = null;
+		// List<SearchField> searchFields = xResourceService.searchFields;
+		// for (SearchField searchField : searchFields) {
+		// if (searchField.getClientFieldName().equals("userId") &&
+		// request.getParameterValues("userId")!=null) {
+		// userId = searchField;
+		// } else if (searchField.getClientFieldName().equals("groupId") &&
+		// request.getParameterValues("groupId")!=null) {
+		// groupId = searchField;
+		// }else if (searchField.getClientFieldName().equals("name") &&
+		// request.getParameterValues("name")!=null) {
+		// resourceId = searchField;
+		// }
+		// }
+		// if (groupId != null || userId != null || resourceId != null) {
+		// SearchGroup innerGroup = new SearchGroup(SearchGroup.CONDITION.AND);
+		// SearchValue searchValue=null;
+		// if(userId!=null){
+		// searchValue = new SearchValue(userId,
+		// searchCriteria.getParamValue("userId"));
+		//
+		// innerGroup.addValue(searchValue);
+		// }
+		// if(groupId!=null){
+		// searchValue = new SearchValue(groupId,
+		// searchCriteria.getParamValue("groupId"));
+		// innerGroup.addValue(searchValue);
+		// }
+		// if(resourceId!=null){
+		//
+		// searchValue = new SearchValue(resourceId,
+		// searchCriteria.getParamValue("name"));
+		// innerGroup.addValue(searchValue);
+		// }
+		//
+		// outerGroup.addSearchGroup(innerGroup);
+		// searchUtil.addSearchGroup(searchCriteria, outerGroup);
+		//
+		// }
+		searchCriteria.setDistinct(true);
+
+		return assetMgr.searchXResources(searchCriteria);
+	}
+
+	@GET
+	@Path("/hdfs/resources")
+	@Produces({ "application/xml", "application/json" })
+	public VXStringList pullHdfsResources(@Context HttpServletRequest request) {
+		String dataSourceName = request.getParameter("dataSourceName");
+		String baseDir = request.getParameter("baseDirectory");
+		return assetMgr.getHdfsResources(dataSourceName, baseDir);
+	}
+
+	@GET
+	@Path("/hive/resources")
+	@Produces({ "application/xml", "application/json" })
+	public VXStringList pullHiveResources(@Context HttpServletRequest request) {
+		String dataSourceName = request.getParameter("dataSourceName");
+		String databaseName = request.getParameter("databaseName");
+		String tableName = request.getParameter("tableName");
+		String columnName = request.getParameter("columnName");
+		return assetMgr.getHiveResources(dataSourceName, databaseName,
+				tableName, columnName);
+	}
+
+	@GET
+	@Path("/hbase/resources")
+	@Produces({ "application/xml", "application/json" })
+	public VXStringList pullHBaseResources(@Context HttpServletRequest request) {
+		String dataSourceName = request.getParameter("dataSourceName");
+		String tableName = request.getParameter("tableName");
+		String columnFamiles = request.getParameter("columnFamilies");
+		return assetMgr.getHBaseResources(dataSourceName, tableName,
+				columnFamiles);
+	}
+
+	@GET
+	@Path("/knox/resources")
+	@Produces({ "application/xml", "application/json" })
+	public VXStringList pullKnoxResources(@Context HttpServletRequest request) {
+		String dataSourceName = request.getParameter("dataSourceName");
+		String topologyName = request.getParameter("topologyName");
+		String serviceName = request.getParameter("serviceName");		
+		return assetMgr.getKnoxResources(dataSourceName, topologyName, serviceName);
+	}
+	
+	@GET
+	@Path("/resources/count")
+	@Produces({ "application/xml", "application/json" })
+	public VXLong countXResources(@Context HttpServletRequest request) {
+		SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
+				request, xResourceService.sortFields);
+
+		return assetMgr.getXResourceSearchCount(searchCriteria);
+	}
+
+	@GET
+	@Path("/credstores/{id}")
+	@Produces({ "application/xml", "application/json" })
+	public VXCredentialStore getXCredentialStore(@PathParam("id") Long id) {
+		return assetMgr.getXCredentialStore(id);
+	}
+
+	@POST
+	@Path("/credstores")
+	@Produces({ "application/xml", "application/json" })
+	public VXCredentialStore createXCredentialStore(
+			VXCredentialStore vXCredentialStore) {
+		return assetMgr.createXCredentialStore(vXCredentialStore);
+	}
+
+	@PUT
+	@Path("/credstores")
+	@Produces({ "application/xml", "application/json" })
+	public VXCredentialStore updateXCredentialStore(
+			VXCredentialStore vXCredentialStore) {
+		return assetMgr.updateXCredentialStore(vXCredentialStore);
+	}
+
+	@DELETE
+	@Path("/credstores/{id}")
+	@PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+	@XAAnnotationClassName(class_name = VXCredentialStore.class)
+	public void deleteXCredentialStore(@PathParam("id") Long id,
+			@Context HttpServletRequest request) {
+		boolean force = false;
+		assetMgr.deleteXCredentialStore(id, force);
+	}
+
+	@GET
+	@Path("/credstores")
+	@Produces({ "application/xml", "application/json" })
+	public VXCredentialStoreList searchXCredentialStores(
+			@Context HttpServletRequest request) {
+		SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
+				request, xCredentialStoreService.sortFields);
+		return assetMgr.searchXCredentialStores(searchCriteria);
+	}
+
+	@GET
+	@Path("/credstores/count")
+	@Produces({ "application/xml", "application/json" })
+	public VXLong countXCredentialStores(@Context HttpServletRequest request) {
+		SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
+				request, xCredentialStoreService.sortFields);
+		return assetMgr.getXCredentialStoreSearchCount(searchCriteria);
+	}
+
+	@GET
+	@Path("/resource/{id}")
+	public Response getXResourceFile(@Context HttpServletRequest request,
+			@PathParam("id") Long id) {
+		String fileType = searchUtil.extractString(request,
+				new SearchCriteria(), "fileType", "File type",
+				StringUtil.VALIDATION_TEXT);
+
+		File file = assetMgr.getXResourceFile(id, fileType);
+		return Response
+				.ok(file, MediaType.APPLICATION_OCTET_STREAM)
+				.header("Content-Disposition",
+						"attachment;filename=" + file.getName()).build();
+	}
+
+	@GET
+	@Path("/policyList/{repository}")
+	@Encoded
+	public String getResourceJSON(@Context HttpServletRequest request,
+			@PathParam("repository") String repository) {
+		
+		boolean httpEnabled = PropertiesUtil.getBooleanProperty("http.enabled",true);
+		String epoch = request.getParameter("epoch");
+
+		X509Certificate[] certchain = (X509Certificate[]) request.getAttribute(
+				"javax.servlet.request.X509Certificate");
+		
+		String ipAddress = request.getHeader("X-FORWARDED-FOR");  
+		if (ipAddress == null) {  
+			ipAddress = request.getRemoteAddr();
+		}
+
+		boolean isSecure = request.isSecure();
+		
+		String policyCount = request.getParameter("policyCount");
+		String agentId = request.getParameter("agentId");
+		
+//		File file = assetMgr.getLatestRepoPolicy(repository, 
+//				certchain, httpEnabled, epoch, ipAddress, isSecure, policyCount, agentId);
+		
+
+//		return Response
+//				.ok(file, MediaType.APPLICATION_OCTET_STREAM)
+//				.header("Content-Disposition",
+//						"attachment;filename=" + file.getName()).build();
+		
+		String file = assetMgr.getLatestRepoPolicy(repository, 
+				certchain, httpEnabled, epoch, ipAddress, isSecure, policyCount, agentId);
+		
+		return file;
+	}
+
+	@GET
+	@Path("/exportAudit")
+	@Produces({ "application/xml", "application/json" })
+	public VXPolicyExportAuditList searchXPolicyExportAudits(
+			@Context HttpServletRequest request) {
+		SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
+				request, xPolicyExportAudits.sortFields);
+		searchUtil.extractString(request, searchCriteria, "agentId", 
+				"The XA agent id pulling the policies.", 
+				StringUtil.VALIDATION_TEXT);
+		searchUtil.extractString(request, searchCriteria, "clientIP", 
+				"The XA agent ip pulling the policies.",
+				StringUtil.VALIDATION_TEXT);		
+		searchUtil.extractString(request, searchCriteria, "repositoryName", 
+				"Repository name for which export was done.",
+				StringUtil.VALIDATION_TEXT);
+		searchUtil.extractInt(request, searchCriteria, "httpRetCode", 
+				"HTTP response code for exported policy.");
+		searchUtil.extractDate(request, searchCriteria, "startDate", 
+				"Start date for search", null);
+		searchUtil.extractDate(request, searchCriteria, "endDate", 
+				"End date for search", null);
+		return assetMgr.searchXPolicyExportAudits(searchCriteria);
+	}
+
+	@GET
+	@Path("/report")
+	@Produces({ "application/xml", "application/json" })
+	public VXTrxLogList getReportLogs(@Context HttpServletRequest request){
+		SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
+				request, xTrxLogService.sortFields);
+		searchUtil.extractInt(request, searchCriteria, "objectClassType", "Class type for report.");
+		searchUtil.extractString(request, searchCriteria, "attributeName", 
+				"Attribute Name", StringUtil.VALIDATION_TEXT);
+		searchUtil.extractString(request, searchCriteria, "action", 
+				"CRUD Action Type", StringUtil.VALIDATION_TEXT);
+		searchUtil.extractString(request, searchCriteria, "sessionId", 
+				"Session Id", StringUtil.VALIDATION_TEXT);
+		searchUtil.extractString(request, searchCriteria, "owner", 
+				"Owner", StringUtil.VALIDATION_TEXT);
+		searchUtil.extractDate(request, searchCriteria, "startDate", "Trasaction date since", "MM/dd/yyyy");
+		searchUtil.extractDate(request, searchCriteria, "endDate", "Trasaction date till", "MM/dd/yyyy");
+		return assetMgr.getReportLogs(searchCriteria);
+	}
+	
+	@GET
+	@Path("/report/{transactionId}")
+	@Produces({ "application/xml", "application/json" })
+	public VXTrxLogList getTransactionReport(@Context HttpServletRequest request, 
+			@PathParam("transactionId") String transactionId){
+		return assetMgr.getTransactionReport(transactionId);
+	}
+	
+	@GET
+	@Path("/accessAudit")
+	@Produces({ "application/xml", "application/json" })
+	public VXAccessAuditList getAccessLogs(@Context HttpServletRequest request){
+		SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
+				request, xAccessAuditService.sortFields);
+		searchUtil.extractString(request, searchCriteria, "accessType",
+				"Access Type", StringUtil.VALIDATION_TEXT);
+		searchUtil.extractString(request, searchCriteria, "aclEnforcer",
+				"Access Type", StringUtil.VALIDATION_TEXT);
+		searchUtil.extractString(request, searchCriteria, "agentId",
+				"Access Type", StringUtil.VALIDATION_TEXT);
+		searchUtil.extractString(request, searchCriteria, "repoName",
+				"Access Type", StringUtil.VALIDATION_TEXT);
+		searchUtil.extractString(request, searchCriteria, "sessionId",
+				"Access Type", StringUtil.VALIDATION_TEXT);
+		searchUtil.extractString(request, searchCriteria, "requestUser",
+				"Access Type", StringUtil.VALIDATION_TEXT);
+		searchUtil.extractString(request, searchCriteria, "requestData",
+				"Access Type", StringUtil.VALIDATION_TEXT);
+		searchUtil.extractString(request, searchCriteria, "resourcePath",
+				"Access Type", StringUtil.VALIDATION_TEXT);
+		searchUtil.extractString(request, searchCriteria, "clientIP",
+				"Client IP", StringUtil.VALIDATION_TEXT);
+
+		searchUtil.extractInt(request, searchCriteria, "auditType", "Audit Type");
+		searchUtil.extractInt(request, searchCriteria, "accessResult", "Audit Type");
+		searchUtil.extractInt(request, searchCriteria, "assetId", "Audit Type");
+		searchUtil.extractLong(request, searchCriteria, "policyId", "Audit Type");
+		searchUtil.extractInt(request, searchCriteria, "repoType", "Audit Type");
+		
+		searchUtil.extractDate(request, searchCriteria, "startDate",
+				"startDate", "MM/dd/yyyy");
+		searchUtil.extractDate(request, searchCriteria, "endDate", "endDate",
+				"MM/dd/yyyy");
+		return assetMgr.getAccessLogs(searchCriteria);
+	}		
+}

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/7defc061/security-admin/src/main/java/com/xasecure/rest/PublicAPIs.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/rest/PublicAPIs.java b/security-admin/src/main/java/com/xasecure/rest/PublicAPIs.java
new file mode 100644
index 0000000..5e721b4
--- /dev/null
+++ b/security-admin/src/main/java/com/xasecure/rest/PublicAPIs.java
@@ -0,0 +1,249 @@
+package com.xasecure.rest;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.DELETE;
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.PUT;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
+
+import org.apache.log4j.Logger;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Scope;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.stereotype.Component;
+import org.springframework.transaction.annotation.Propagation;
+import org.springframework.transaction.annotation.Transactional;
+
+import com.xasecure.biz.AssetMgr;
+import com.xasecure.common.AppConstants;
+import com.xasecure.common.RESTErrorUtil;
+import com.xasecure.common.SearchCriteria;
+import com.xasecure.common.StringUtil;
+import com.xasecure.common.XASearchUtil;
+import com.xasecure.common.annotation.XAAnnotationClassName;
+import com.xasecure.common.annotation.XAAnnotationJSMgrName;
+import com.xasecure.service.AbstractBaseResourceService;
+import com.xasecure.service.XPolicyService;
+import com.xasecure.service.XRepositoryService;
+import com.xasecure.service.XAssetService;
+import com.xasecure.service.XResourceService;
+import com.xasecure.view.VXAsset;
+import com.xasecure.view.VXAssetList;
+import com.xasecure.view.VXLong;
+import com.xasecure.view.VXPolicy;
+import com.xasecure.view.VXPolicyList;
+import com.xasecure.view.VXRepository;
+import com.xasecure.view.VXRepositoryList;
+import com.xasecure.view.VXResource;
+import com.xasecure.view.VXResourceList;
+import com.xasecure.view.VXResponse;
+
+@Path("public")
+@Component
+@Scope("request")
+@XAAnnotationJSMgrName("PublicMgr")
+@Transactional(propagation = Propagation.REQUIRES_NEW)
+public class PublicAPIs {
+	static Logger logger = Logger.getLogger(PublicAPIs.class);
+
+	@Autowired
+	XASearchUtil searchUtil;
+
+	@Autowired
+	AssetMgr assetMgr;
+
+	@Autowired
+	XAssetService xAssetService;
+
+	@Autowired
+	RESTErrorUtil restErrorUtil;
+
+	@Autowired
+	XRepositoryService xRepositoryService;
+
+	@Autowired
+	XResourceService xResourceService;
+
+	@Autowired
+	XPolicyService xPolicyService;
+
+	@Autowired
+	StringUtil stringUtil;
+
+	@GET
+	@Path("/api/repository/{id}")
+	@Produces({ "application/xml", "application/json" })
+	public VXRepository getRepository(@PathParam("id") Long id) {
+		VXAsset vXAsset = assetMgr.getXAsset(id);
+		return xRepositoryService.mapXAToPublicObject(vXAsset);
+	}
+
+	@POST
+	@Path("/api/repository/")
+	@Produces({ "application/xml", "application/json" })
+	public VXRepository createRepository(VXRepository vXRepository) {
+		VXAsset vXAsset = xRepositoryService.mapPublicToXAObject(vXRepository);
+		vXAsset = assetMgr.createXAsset(vXAsset);
+		return xRepositoryService.mapXAToPublicObject(vXAsset);
+	}
+
+	@PUT
+	@Path("/api/repository/")
+	@Produces({ "application/xml", "application/json" })
+	public VXRepository updateRepository(VXRepository vXRepository) {
+		VXAsset vXAsset = xRepositoryService.mapPublicToXAObject(vXRepository);
+		vXAsset = assetMgr.updateXAsset(vXAsset);
+		return xRepositoryService.mapXAToPublicObject(vXAsset);
+	}
+
+	@DELETE
+	@Path("/api/repository/{id}")
+	@PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+	@XAAnnotationClassName(class_name = VXAsset.class)
+	public void deleteRepository(@PathParam("id") Long id,
+			@Context HttpServletRequest request) {
+
+		String forceStr = request.getParameter("force");
+		boolean force = false;
+		if (!stringUtil.isEmpty(forceStr)) {
+			force = Boolean.parseBoolean(forceStr.trim());
+		}
+		assetMgr.deleteXAsset(id, force);
+	}
+
+	@POST
+	@Path("/api/repository/testConfig")
+	@Produces({ "application/xml", "application/json" })
+	public VXResponse testConfig(VXRepository vXRepository) {
+		VXAsset vXAsset = xRepositoryService.mapPublicToXAObject(vXRepository);
+		return assetMgr.testConfig(vXAsset);
+	}
+
+	@GET
+	@Path("/api/repository/")
+	@Produces({ "application/xml", "application/json" })
+	public VXRepositoryList searchRepositories(
+			@Context HttpServletRequest request) {
+		SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
+				request, xAssetService.sortFields);
+		searchUtil.extractString(request, searchCriteria, "name",
+				"Repository Name", null);
+		searchCriteria = xRepositoryService.getMappedSearchParams(request,
+				searchCriteria);
+		VXAssetList vXAssetList = assetMgr.searchXAssets(searchCriteria);
+
+		return xRepositoryService.mapToVXRepositoryList(vXAssetList);
+	}
+
+	@GET
+	@Path("/api/repository/count")
+	@Produces({ "application/xml", "application/json" })
+	public VXLong countRepositories(@Context HttpServletRequest request) {
+		SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
+				request, xAssetService.sortFields);
+		return assetMgr.getXAssetSearchCount(searchCriteria);
+	}
+
+	@GET
+	@Path("/api/policy/{id}")
+	@Produces({ "application/xml", "application/json" })
+	public VXPolicy getPolicy(@PathParam("id") Long id) {
+		VXResource vXResource = assetMgr.getXResource(id);
+		return xPolicyService.mapXAToPublicObject(vXResource);
+	}
+
+	@POST
+	@Path("/api/policy")
+	@Produces({ "application/xml", "application/json" })
+	public VXPolicy createPolicy(VXPolicy vXPolicy) {
+		VXResource vXResource = xPolicyService.mapPublicToXAObject(vXPolicy,
+				AbstractBaseResourceService.OPERATION_CREATE_CONTEXT);
+		vXResource = assetMgr.createXResource(vXResource);
+		return xPolicyService.mapXAToPublicObject(vXResource);
+
+	}
+
+	@PUT
+	@Path("/api/policy")
+	@Produces({ "application/xml", "application/json" })
+	public VXPolicy updatePolicy(VXPolicy vXPolicy) {
+		VXResource vXResource = xPolicyService.mapPublicToXAObject(vXPolicy,
+				AbstractBaseResourceService.OPERATION_UPDATE_CONTEXT);
+		vXResource = assetMgr.updateXResource(vXResource);
+		return xPolicyService.mapXAToPublicObject(vXResource);
+	}
+
+	@DELETE
+	@Path("/api/policy/{id}")
+	@PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+	@XAAnnotationClassName(class_name = VXResource.class)
+	public void deletePolicy(@PathParam("id") Long id,
+			@Context HttpServletRequest request) {
+		String forceStr = request.getParameter("force");
+		boolean force = false;
+		if (!stringUtil.isEmpty(forceStr)) {
+			force = Boolean.parseBoolean(forceStr.trim());
+		}
+		assetMgr.deleteXResource(id, force);
+	}
+
+	@GET
+	@Path("/api/policy")
+	@Produces({ "application/xml", "application/json" })
+	public VXPolicyList searchPolicies(@Context HttpServletRequest request) {
+		SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
+				request, xResourceService.sortFields);
+
+		String resourceName = request.getParameter("resourceName");
+		if (!stringUtil.isEmpty(resourceName)) {
+			searchCriteria.getParamList().put("name", resourceName);
+		}
+		searchUtil.extractString(request, searchCriteria, "policyName",
+				"Policy name", StringUtil.VALIDATION_TEXT);
+		searchUtil.extractString(request, searchCriteria, "columns",
+				"Column name", StringUtil.VALIDATION_TEXT);
+		searchUtil.extractString(request, searchCriteria, "columnFamilies",
+				"Column Family", StringUtil.VALIDATION_TEXT);
+		searchUtil.extractString(request, searchCriteria, "tables", "Tables",
+				StringUtil.VALIDATION_TEXT);
+		searchUtil.extractString(request, searchCriteria, "udfs", "UDFs",
+				StringUtil.VALIDATION_TEXT);
+		searchUtil.extractString(request, searchCriteria, "databases",
+				"Databases", StringUtil.VALIDATION_TEXT);
+		searchUtil.extractString(request, searchCriteria, "groupName",
+				"Group Name", StringUtil.VALIDATION_TEXT);
+
+		String repositoryType = request.getParameter("repositoryType");
+		if (!stringUtil.isEmpty(repositoryType)) {
+			searchCriteria.getParamList().put("assetType",
+					AppConstants.getEnumFor_AssetType(repositoryType));
+		}
+
+		searchUtil.extractInt(request, searchCriteria, "isRecursive",
+				"Is Recursive");
+		searchUtil.extractString(request, searchCriteria, "userName",
+				"User Name", StringUtil.VALIDATION_TEXT);
+		searchUtil.extractString(request, searchCriteria, "repositoryName",
+				"Repository Name", StringUtil.VALIDATION_TEXT);
+		searchCriteria.setDistinct(true);
+
+		VXResourceList vXResourceList = assetMgr
+				.searchXResources(searchCriteria);
+		return xPolicyService.mapToVXPolicyList(vXResourceList);
+	}
+
+	@GET
+	@Path("/api/policy/count")
+	@Produces({ "application/xml", "application/json" })
+	public VXLong countPolicies(@Context HttpServletRequest request) {
+		SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
+				request, xResourceService.sortFields);
+
+		return assetMgr.getXResourceSearchCount(searchCriteria);
+	}
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/7defc061/security-admin/src/main/java/com/xasecure/rest/UserREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/rest/UserREST.java b/security-admin/src/main/java/com/xasecure/rest/UserREST.java
new file mode 100644
index 0000000..e3dd13c
--- /dev/null
+++ b/security-admin/src/main/java/com/xasecure/rest/UserREST.java
@@ -0,0 +1,313 @@
+package com.xasecure.rest;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.Consumes;
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.PUT;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.Produces;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.core.Context;
+
+import com.xasecure.biz.UserMgr;
+import com.xasecure.common.XAConstants;
+import com.xasecure.common.XAConfigUtil;
+import com.xasecure.common.MessageEnums;
+import com.xasecure.common.RESTErrorUtil;
+import com.xasecure.common.SearchCriteria;
+import com.xasecure.common.SearchUtil;
+import com.xasecure.common.StringUtil;
+import com.xasecure.entity.XXPortalUser;
+import com.xasecure.view.VXPasswordChange;
+import com.xasecure.view.VXResponse;
+import com.xasecure.view.VXStringList;
+import com.xasecure.view.VXPortalUser;
+import com.xasecure.view.VXPortalUserList;
+import com.xasecure.util.XARestUtil;
+
+import org.apache.log4j.Logger;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Scope;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.stereotype.Component;
+import org.springframework.transaction.annotation.Propagation;
+import org.springframework.transaction.annotation.Transactional;
+
+import com.xasecure.common.annotation.XAAnnotationClassName;
+import com.xasecure.common.annotation.XAAnnotationJSMgrName;
+import com.xasecure.common.annotation.XAAnnotationRestAPI;
+import com.xasecure.db.XADaoManager;
+
+
+@Path("users")
+@Component
+@Scope("request")
+@XAAnnotationJSMgrName("UserMgr")
+@Transactional(propagation = Propagation.REQUIRES_NEW)
+public class UserREST {
+	static Logger logger = Logger.getLogger(UserREST.class);
+
+	@Autowired
+	StringUtil stringUtil;
+
+	@Autowired
+	XADaoManager daoManager;
+
+	@Autowired
+	XAConfigUtil configUtil;
+
+	@Autowired
+	RESTErrorUtil restErrorUtil;
+
+	@Autowired
+	SearchUtil searchUtil;
+
+	@Autowired
+	UserMgr userManager;
+
+	@Autowired
+	XARestUtil msRestUtil;
+
+	/**
+	 * Implements the traditional search functionalities for UserProfile
+	 * 
+	 * @param request
+	 * @return
+	 */
+	@GET
+	@Produces({ "application/xml", "application/json" })
+	@PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+	public VXPortalUserList searchUsers(@Context HttpServletRequest request) {
+		String[] approvedSortByParams = new String[] { "requestDate",
+				"approvedDate", "activationDate", "emailAddress", "firstName",
+				"lastName" };
+		@SuppressWarnings("deprecation")
+		SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
+				request, approvedSortByParams);
+
+		// userId
+		searchUtil.extractLong(request, searchCriteria, "userId", "User Id");
+
+		// loginId
+		searchUtil.extractString(request, searchCriteria, "loginId",
+				"Login Id", null);
+
+		// emailAddress
+		searchUtil.extractString(request, searchCriteria, "emailAddress",
+				"Email Address", null);
+
+		// firstName
+		searchUtil.extractString(request, searchCriteria, "firstName",
+				"First Name", StringUtil.VALIDATION_NAME);
+
+		// lastName
+		searchUtil.extractString(request, searchCriteria, "lastName",
+				"Last Name", StringUtil.VALIDATION_NAME);
+
+		// status
+		searchUtil.extractEnum(request, searchCriteria, "status", "Status",
+				"statusList", XAConstants.ActivationStatus_MAX);
+
+		// publicScreenName
+		searchUtil.extractString(request, searchCriteria, "publicScreenName",
+				"Public Screen Name", StringUtil.VALIDATION_NAME);
+		// roles
+		searchUtil.extractStringList(request, searchCriteria, "role", "Role",
+				"roleList", configUtil.getRoles(), StringUtil.VALIDATION_NAME);
+
+		return userManager.searchUsers(searchCriteria);
+	}
+
+	/**
+	 * Return the VUserProfile for the given userId
+	 * 
+	 * @param userId
+	 * @return
+	 */
+	@GET
+	@Path("{userId}")
+	@Produces({ "application/xml", "application/json" })
+	public VXPortalUser getUserProfileForUser(@PathParam("userId") Long userId) {
+		try {
+			VXPortalUser userProfile = userManager.getUserProfile(userId);
+			if (userProfile != null) {
+				if (logger.isDebugEnabled()) {
+					logger.debug("getUserProfile() Found User userId=" + userId);
+				}
+			} else {
+				logger.debug("getUserProfile() Not found userId=" + userId);
+			}
+			return userProfile;
+		} catch (Throwable t) {
+			logger.error("getUserProfile() no user session. error="
+					+ t.toString());
+		}
+		return null;
+	}
+
+	@POST
+	@Consumes({ "application/json", "application/xml" })
+	@Produces({ "application/xml", "application/json" })
+	@PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+	public VXPortalUser create(VXPortalUser userProfile,
+			@Context HttpServletRequest servletRequest) {
+		logger.info("create:" + userProfile.getEmailAddress());
+
+		return userManager.createUser(userProfile);
+	}
+	
+	// API to add user with default account
+	@POST
+	@Path("/default")
+	@Consumes({ "application/json", "application/xml" })
+	@Produces({ "application/xml", "application/json" })
+	@PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+	public VXPortalUser createDefaultAccountUser(VXPortalUser userProfile,
+			@Context HttpServletRequest servletRequest) {
+		logger.info("create:" + userProfile.getEmailAddress());
+		return userManager.createDefaultAccountUser(userProfile);
+	}
+
+
+	@PUT
+	@Consumes({ "application/json", "application/xml" })
+	@Produces({ "application/xml", "application/json" })
+	@XAAnnotationRestAPI(updates_classes = "VUserProfile")
+	public VXPortalUser update(VXPortalUser userProfile,
+			@Context HttpServletRequest servletRequest) {
+		logger.info("update:" + userProfile.getEmailAddress());
+		XXPortalUser gjUser = daoManager.getXXPortalUser().getById(userProfile.getId());
+		userManager.checkAccess(gjUser);
+		if (gjUser != null) {
+			msRestUtil.validateVUserProfileForUpdate(gjUser, userProfile);
+			gjUser = userManager.updateUser(userProfile);
+			return userManager.mapXXPortalUserVXPortalUser(gjUser);
+		} else {
+			logger.info("update(): Invalid userId provided: userId="
+					+ userProfile.getId());
+			throw restErrorUtil.createRESTException("serverMsg.userRestUser",
+					MessageEnums.DATA_NOT_FOUND, null, null,
+					userProfile.toString());
+		}
+	}
+
+	@PUT
+	@Path("/{userId}/roles")
+	@Produces({ "application/xml", "application/json" })
+	public VXResponse setUserRoles(@PathParam("userId") Long userId,
+			VXStringList roleList) {
+		userManager.checkAccess(userId);
+		userManager.setUserRoles(userId, roleList.getVXStrings());
+		VXResponse response = new VXResponse();
+		response.setStatusCode(VXResponse.STATUS_SUCCESS);
+		return response;
+	}
+
+	/**
+	 * Deactivate the user
+	 * 
+	 * @param userId
+	 * @return
+	 */
+	@POST
+	@Path("{userId}/deactivate")
+	@Produces({ "application/xml", "application/json" })
+	@PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+	@XAAnnotationClassName(class_name = VXPortalUser.class)
+	public VXPortalUser deactivateUser(@PathParam("userId") Long userId) {
+		XXPortalUser gjUser = daoManager.getXXPortalUser().getById(userId);
+		if (gjUser == null) {
+			logger.info("update(): Invalid userId provided: userId=" + userId);
+			throw restErrorUtil.createRESTException("serverMsg.userRestUser",
+					MessageEnums.DATA_NOT_FOUND, null, null, "" + userId);
+		}
+		return userManager.deactivateUser(gjUser);
+	}
+
+	/**
+	 * This method returns the VUserProfile for the current session
+	 * 
+	 * @param request
+	 * @return
+	 */
+	@GET
+	@Path("/profile")
+	@Produces({ "application/xml", "application/json" })
+	public VXPortalUser getUserProfile(@Context HttpServletRequest request) {
+		try {
+			logger.debug("getUserProfile(). httpSessionId="
+					+ request.getSession().getId());
+			VXPortalUser userProfile = userManager.getUserProfileByLoginId();
+			return userProfile;
+		} catch (Throwable t) {
+			logger.error(
+					"getUserProfile() no user session. error=" + t.toString(),
+					t);
+		}
+		return null;
+	}
+
+	@GET
+	@Path("/firstnames")
+	@Produces({ "application/xml", "application/json" })
+	public String suggestUserFirstName(@QueryParam("letters") String letters,
+			@Context HttpServletRequest req) {
+		return null;
+	}
+
+	/**	  
+	 * @param userId
+	 * @param changePassword
+	 * @return
+	 */
+	@POST
+	@Path("{userId}/passwordchange")
+	@Produces({ "application/xml", "application/json" })
+	public VXResponse changePassword(@PathParam("userId") Long userId,
+			VXPasswordChange changePassword) {
+		logger.info("changePassword:" + userId);
+
+		XXPortalUser gjUser = daoManager.getXXPortalUser().getById(userId);
+		if (gjUser == null) {
+			logger.warn("SECURITY:changePassword(): Invalid userId provided: userId="
+					+ userId);
+			throw restErrorUtil.createRESTException("serverMsg.userRestUser",
+					MessageEnums.DATA_NOT_FOUND, null, null, "" + userId);
+		}
+
+		userManager.checkAccess(gjUser);
+		changePassword.setId(userId);
+ 		VXResponse ret = userManager.changePassword(changePassword);
+		return ret;
+	}
+
+	/**	 
+	 * 
+	 * @param userId
+	 * @param changeEmail
+	 * @return
+	 */
+	@POST
+	@Path("{userId}/emailchange")
+	@Produces({ "application/xml", "application/json" })
+	public VXPortalUser changeEmailAddress(@PathParam("userId") Long userId,
+			VXPasswordChange changeEmail) {
+		logger.info("changeEmail:" + userId);
+
+		XXPortalUser gjUser = daoManager.getXXPortalUser().getById(userId);
+		if (gjUser == null) {
+			logger.warn("SECURITY:changeEmail(): Invalid userId provided: userId="
+					+ userId);
+			throw restErrorUtil.createRESTException("serverMsg.userRestUser",
+					MessageEnums.DATA_NOT_FOUND, null, null, "" + userId);
+		}
+
+		userManager.checkAccess(gjUser);
+		changeEmail.setId(userId);
+		VXPortalUser ret = userManager.changeEmailAddress(gjUser, changeEmail);
+		return ret;
+	}
+
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/7defc061/security-admin/src/main/java/com/xasecure/rest/XAuditREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/rest/XAuditREST.java b/security-admin/src/main/java/com/xasecure/rest/XAuditREST.java
new file mode 100644
index 0000000..4e38281
--- /dev/null
+++ b/security-admin/src/main/java/com/xasecure/rest/XAuditREST.java
@@ -0,0 +1,131 @@
+package com.xasecure.rest;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.*;
+import javax.ws.rs.core.*;
+
+import com.xasecure.common.SearchCriteria;
+import com.xasecure.common.SearchUtil;
+import com.xasecure.service.*;
+import com.xasecure.biz.*;
+import com.xasecure.view.*;
+
+import com.xasecure.rest.*;
+import com.xasecure.biz.*;
+import com.xasecure.common.annotation.XAAnnotationClassName;
+import com.xasecure.common.annotation.XAAnnotationJSMgrName;
+import com.xasecure.view.*;
+import com.xasecure.service.*;
+
+import org.apache.log4j.Logger;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Scope;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.stereotype.Component;
+import org.springframework.transaction.annotation.Propagation;
+import org.springframework.transaction.annotation.Transactional;
+
+@Path("xaudit")
+@Component
+@Scope("request")
+@XAAnnotationJSMgrName("XAuditMgr")
+@Transactional(propagation = Propagation.REQUIRES_NEW)
+public class XAuditREST {
+	static Logger logger = Logger.getLogger(XAuditREST.class);
+
+	@Autowired
+	SearchUtil searchUtil;
+
+	@Autowired
+	XAuditMgr xAuditMgr;
+
+	@Autowired
+	XTrxLogService xTrxLogService;
+
+	@Autowired
+	XAccessAuditService xAccessAuditService;
+	// Handle XTrxLog
+	@GET
+	@Path("/trx_log/{id}")
+	@Produces({ "application/xml", "application/json" })
+	public VXTrxLog getXTrxLog(
+			@PathParam("id") Long id) {
+		 return xAuditMgr.getXTrxLog(id);
+	}
+
+	@POST
+	@Path("/trx_log")
+	@Produces({ "application/xml", "application/json" })
+	public VXTrxLog createXTrxLog(VXTrxLog vXTrxLog) {
+		 return xAuditMgr.createXTrxLog(vXTrxLog);
+	}
+
+	@PUT
+	@Path("/trx_log")
+	@Produces({ "application/xml", "application/json" })
+	public VXTrxLog updateXTrxLog(VXTrxLog vXTrxLog) {
+		 return xAuditMgr.updateXTrxLog(vXTrxLog);
+	}
+
+	@DELETE
+	@Path("/trx_log/{id}")
+	@PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+	@XAAnnotationClassName(class_name = VXTrxLog.class)
+	public void deleteXTrxLog(@PathParam("id") Long id,
+			@Context HttpServletRequest request) {
+		 boolean force = false;
+		 xAuditMgr.deleteXTrxLog(id, force);
+	}
+
+	/**
+	 * Implements the traditional search functionalities for XTrxLogs
+	 *
+	 * @param request
+	 * @return
+	 */
+	@GET
+	@Path("/trx_log")
+	@Produces({ "application/xml", "application/json" })
+	public VXTrxLogList searchXTrxLogs(@Context HttpServletRequest request) {
+		 SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
+		 request, xTrxLogService.sortFields);
+		 return xAuditMgr.searchXTrxLogs(searchCriteria);
+	}
+
+	@GET
+	@Path("/trx_log/count")
+	@Produces({ "application/xml", "application/json" })
+	public VXLong countXTrxLogs(@Context HttpServletRequest request) {
+		 SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
+		 request, xTrxLogService.sortFields);
+
+		 return xAuditMgr.getXTrxLogSearchCount(searchCriteria);
+	}
+
+
+	/**
+	 * Implements the traditional search functionalities for XAccessAudits
+	 *
+	 * @param request
+	 * @return
+	 */
+	@GET
+	@Path("/access_audit")
+	@Produces({ "application/xml", "application/json" })
+	public VXAccessAuditList searchXAccessAudits(@Context HttpServletRequest request) {
+		 SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
+		 request, xAccessAuditService.sortFields);
+		 return xAuditMgr.searchXAccessAudits(searchCriteria);
+	}
+
+	@GET
+	@Path("/access_audit/count")
+	@Produces({ "application/xml", "application/json" })
+	public VXLong countXAccessAudits(@Context HttpServletRequest request) {
+		 SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
+		 request, xAccessAuditService.sortFields);
+
+		 return xAuditMgr.getXAccessAuditSearchCount(searchCriteria);
+	}
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/7defc061/security-admin/src/main/java/com/xasecure/rest/XUserREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/rest/XUserREST.java b/security-admin/src/main/java/com/xasecure/rest/XUserREST.java
new file mode 100644
index 0000000..46a8875
--- /dev/null
+++ b/security-admin/src/main/java/com/xasecure/rest/XUserREST.java
@@ -0,0 +1,575 @@
+package com.xasecure.rest;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.*;
+import javax.ws.rs.core.*;
+
+import com.xasecure.biz.SessionMgr;
+import com.xasecure.common.XAConstants;
+import com.xasecure.common.DateUtil;
+import com.xasecure.common.RESTErrorUtil;
+import com.xasecure.common.SearchCriteria;
+import com.xasecure.common.SearchField;
+import com.xasecure.common.SearchUtil;
+import com.xasecure.common.StringUtil;
+import com.xasecure.entity.XXAuthSession;
+import com.xasecure.service.AuthSessionService;
+import com.xasecure.view.*;
+
+import org.apache.log4j.Logger;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Scope;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.stereotype.Component;
+import org.springframework.transaction.annotation.Propagation;
+import org.springframework.transaction.annotation.Transactional;
+
+import com.xasecure.biz.*;
+import com.xasecure.common.annotation.XAAnnotationClassName;
+import com.xasecure.common.annotation.XAAnnotationJSMgrName;
+import com.xasecure.db.XADaoManager;
+import com.xasecure.service.*;
+import com.xasecure.view.*;
+
+@Path("xusers")
+@Component
+@Scope("request")
+@XAAnnotationJSMgrName("XUserMgr")
+@Transactional(propagation = Propagation.REQUIRES_NEW)
+public class XUserREST {
+	static Logger logger = Logger.getLogger(XUserREST.class);
+
+	@Autowired
+	SearchUtil searchUtil;
+
+	@Autowired
+	XUserMgr xUserMgr;
+
+	@Autowired
+	XGroupService xGroupService;
+
+	@Autowired
+	XUserService xUserService;
+
+	@Autowired
+	XGroupUserService xGroupUserService;
+
+	@Autowired
+	XGroupGroupService xGroupGroupService;
+
+	@Autowired
+	XPermMapService xPermMapService;
+
+	@Autowired
+	XAuditMapService xAuditMapService;
+
+	@Autowired
+	RESTErrorUtil restErrorUtil;
+
+	@Autowired
+	XADaoManager xADaoManager;
+
+	@Autowired
+	SessionMgr sessionMgr;
+	
+	@Autowired
+	AuthSessionService authSessionService;
+	
+	// Handle XGroup
+	@GET
+	@Path("/groups/{id}")
+	@Produces({ "application/xml", "application/json" })
+	public VXGroup getXGroup(@PathParam("id") Long id) {
+		return xUserMgr.getXGroup(id);
+	}
+
+	@GET
+	@Path("/secure/groups/{id}")
+	@Produces({ "application/xml", "application/json" })
+	public VXGroup secureGetXGroup(@PathParam("id") Long id) {
+		return xUserMgr.getXGroup(id);
+	}
+
+	@POST
+	@Path("/groups")
+	@Produces({ "application/xml", "application/json" })
+	public VXGroup createXGroup(VXGroup vXGroup) {
+		return xUserMgr.createXGroupWithoutLogin(vXGroup);
+	}
+
+	@POST
+	@Path("/secure/groups")
+	@Produces({ "application/xml", "application/json" })
+	public VXGroup secureCreateXGroup(VXGroup vXGroup) {
+		return xUserMgr.createXGroup(vXGroup);
+	}
+
+	@PUT
+	@Path("/groups")
+	@Produces({ "application/xml", "application/json" })
+	public VXGroup updateXGroup(VXGroup vXGroup) {
+		return xUserMgr.updateXGroup(vXGroup);
+	}
+
+	@PUT
+	@Path("/secure/groups/{id}")
+	@Produces({ "application/xml", "application/json" })
+	public VXGroup secureUpdateXGroup(VXGroup vXGroup) {
+		return xUserMgr.updateXGroup(vXGroup);
+	}
+
+	
+	@DELETE
+	@Path("/groups/{id}")
+	@PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+	@XAAnnotationClassName(class_name = VXGroup.class)
+	public void deleteXGroup(@PathParam("id") Long id,
+			@Context HttpServletRequest request) {
+		boolean force = true;
+		xUserMgr.deleteXGroup(id, force);
+	}
+
+	/**
+	 * Implements the traditional search functionalities for XGroups
+	 * 
+	 * @param request
+	 * @return
+	 */
+	@GET
+	@Path("/groups")
+	@Produces({ "application/xml", "application/json" })
+	public VXGroupList searchXGroups(@Context HttpServletRequest request) {
+		SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
+				request, xGroupService.sortFields);
+		searchUtil.extractString(request, searchCriteria, "name", "group name", 
+				StringUtil.VALIDATION_NAME);
+		searchUtil.extractString(request, searchCriteria, "groupSource", "group source", 
+				StringUtil.VALIDATION_NAME);
+		return xUserMgr.searchXGroups(searchCriteria);
+	}
+
+	@GET
+	@Path("/groups/count")
+	@Produces({ "application/xml", "application/json" })
+	public VXLong countXGroups(@Context HttpServletRequest request) {
+		SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
+				request, xGroupService.sortFields);
+
+		return xUserMgr.getXGroupSearchCount(searchCriteria);
+	}
+
+	// Handle XUser
+	@GET
+	@Path("/users/{id}")
+	@Produces({ "application/xml", "application/json" })
+	public VXUser getXUser(@PathParam("id") Long id) {
+		return xUserMgr.getXUser(id);
+	}
+
+	@GET
+	@Path("/secure/users/{id}")
+	@Produces({ "application/xml", "application/json" })
+	public VXUser secureGetXUser(@PathParam("id") Long id) {
+		return xUserMgr.getXUser(id);
+	}
+
+	@POST
+	@Path("/users")
+	@Produces({ "application/xml", "application/json" })
+	public VXUser createXUser(VXUser vXUser) {
+		return xUserMgr.createXUserWithOutLogin(vXUser);
+	}
+	
+	@POST
+	@Path("/secure/users")
+	@Produces({ "application/xml", "application/json" })
+	public VXUser secureCreateXUser(VXUser vXUser) {
+		return xUserMgr.createXUser(vXUser);
+	}
+
+	@PUT
+	@Path("/users")
+	@Produces({ "application/xml", "application/json" })
+	public VXUser updateXUser(VXUser vXUser) {
+		return xUserMgr.updateXUser(vXUser);
+	}
+	
+	@PUT
+	@Path("/secure/users/{id}")
+	@Produces({ "application/xml", "application/json" })
+	public VXUser secureUpdateXUser(VXUser vXUser) {
+		return xUserMgr.updateXUser(vXUser);
+	}
+
+	@DELETE
+	@Path("/users/{id}")
+	@PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+	@XAAnnotationClassName(class_name = VXUser.class)
+	public void deleteXUser(@PathParam("id") Long id,
+			@Context HttpServletRequest request) {
+		boolean force = true;
+		xUserMgr.deleteXUser(id, force);
+	}
+
+	/**
+	 * Implements the traditional search functionalities for XUsers
+	 * 
+	 * @param request
+	 * @return
+	 */
+	@GET
+	@Path("/users")
+	@Produces({ "application/xml", "application/json" })
+	public VXUserList searchXUsers(@Context HttpServletRequest request) {
+		SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
+				request, xUserService.sortFields);
+
+		searchUtil.extractString(request, searchCriteria, "name", "User name",
+				StringUtil.VALIDATION_TEXT);
+		searchUtil.extractString(request, searchCriteria, "emailAddress", "Email Address",
+				null);		
+		searchUtil.extractInt(request, searchCriteria, "userSource", "User Source");
+		searchUtil.extractString(request, searchCriteria, "userRoleList", "User Role",
+				null);
+		return xUserMgr.searchXUsers(searchCriteria);
+	}
+
+	@GET
+	@Path("/users/count")
+	@Produces({ "application/xml", "application/json" })
+	public VXLong countXUsers(@Context HttpServletRequest request) {
+		SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
+				request, xUserService.sortFields);
+
+		return xUserMgr.getXUserSearchCount(searchCriteria);
+	}
+
+	// Handle XGroupUser
+	@GET
+	@Path("/groupusers/{id}")
+	@Produces({ "application/xml", "application/json" })
+	public VXGroupUser getXGroupUser(@PathParam("id") Long id) {
+		return xUserMgr.getXGroupUser(id);
+	}
+
+	@POST
+	@Path("/groupusers")
+	@Produces({ "application/xml", "application/json" })
+	public VXGroupUser createXGroupUser(VXGroupUser vXGroupUser) {
+		return xUserMgr.createXGroupUser(vXGroupUser);
+	}
+
+	@PUT
+	@Path("/groupusers")
+	@Produces({ "application/xml", "application/json" })
+	public VXGroupUser updateXGroupUser(VXGroupUser vXGroupUser) {
+		return xUserMgr.updateXGroupUser(vXGroupUser);
+	}
+
+	@DELETE
+	@Path("/groupusers/{id}")
+	@PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+	@XAAnnotationClassName(class_name = VXGroupUser.class)
+	public void deleteXGroupUser(@PathParam("id") Long id,
+			@Context HttpServletRequest request) {
+		boolean force = true;
+		xUserMgr.deleteXGroupUser(id, force);
+	}
+
+	/**
+	 * Implements the traditional search functionalities for XGroupUsers
+	 * 
+	 * @param request
+	 * @return
+	 */
+	@GET
+	@Path("/groupusers")
+	@Produces({ "application/xml", "application/json" })
+	public VXGroupUserList searchXGroupUsers(@Context HttpServletRequest request) {
+		SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
+				request, xGroupUserService.sortFields);
+		return xUserMgr.searchXGroupUsers(searchCriteria);
+	}
+
+	@GET
+	@Path("/groupusers/count")
+	@Produces({ "application/xml", "application/json" })
+	public VXLong countXGroupUsers(@Context HttpServletRequest request) {
+		SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
+				request, xGroupUserService.sortFields);
+
+		return xUserMgr.getXGroupUserSearchCount(searchCriteria);
+	}
+
+	// Handle XGroupGroup
+	@GET
+	@Path("/groupgroups/{id}")
+	@Produces({ "application/xml", "application/json" })
+	public VXGroupGroup getXGroupGroup(@PathParam("id") Long id) {
+		return xUserMgr.getXGroupGroup(id);
+	}
+
+	@POST
+	@Path("/groupgroups")
+	@Produces({ "application/xml", "application/json" })
+	public VXGroupGroup createXGroupGroup(VXGroupGroup vXGroupGroup) {
+		return xUserMgr.createXGroupGroup(vXGroupGroup);
+	}
+
+	@PUT
+	@Path("/groupgroups")
+	@Produces({ "application/xml", "application/json" })
+	public VXGroupGroup updateXGroupGroup(VXGroupGroup vXGroupGroup) {
+		return xUserMgr.updateXGroupGroup(vXGroupGroup);
+	}
+
+	@DELETE
+	@Path("/groupgroups/{id}")
+	@PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+	@XAAnnotationClassName(class_name = VXGroupGroup.class)
+	public void deleteXGroupGroup(@PathParam("id") Long id,
+			@Context HttpServletRequest request) {
+		boolean force = false;
+		xUserMgr.deleteXGroupGroup(id, force);
+	}
+
+	/**
+	 * Implements the traditional search functionalities for XGroupGroups
+	 * 
+	 * @param request
+	 * @return
+	 */
+	@GET
+	@Path("/groupgroups")
+	@Produces({ "application/xml", "application/json" })
+	public VXGroupGroupList searchXGroupGroups(
+			@Context HttpServletRequest request) {
+		SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
+				request, xGroupGroupService.sortFields);
+		return xUserMgr.searchXGroupGroups(searchCriteria);
+	}
+
+	@GET
+	@Path("/groupgroups/count")
+	@Produces({ "application/xml", "application/json" })
+	public VXLong countXGroupGroups(@Context HttpServletRequest request) {
+		SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
+				request, xGroupGroupService.sortFields);
+
+		return xUserMgr.getXGroupGroupSearchCount(searchCriteria);
+	}
+
+	// Handle XPermMap
+	@GET
+	@Path("/permmaps/{id}")
+	@Produces({ "application/xml", "application/json" })
+	public VXPermMap getXPermMap(@PathParam("id") Long id) {
+		return xUserMgr.getXPermMap(id);
+	}
+
+	@POST
+	@Path("/permmaps")
+	@Produces({ "application/xml", "application/json" })
+	public VXPermMap createXPermMap(VXPermMap vXPermMap) {
+		return xUserMgr.createXPermMap(vXPermMap);
+	}
+
+	@PUT
+	@Path("/permmaps")
+	@Produces({ "application/xml", "application/json" })
+	public VXPermMap updateXPermMap(VXPermMap vXPermMap) {
+		return xUserMgr.updateXPermMap(vXPermMap);
+	}
+
+	@DELETE
+	@Path("/permmaps/{id}")
+	@PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+	@XAAnnotationClassName(class_name = VXPermMap.class)
+	public void deleteXPermMap(@PathParam("id") Long id,
+			@Context HttpServletRequest request) {
+		boolean force = false;
+		xUserMgr.deleteXPermMap(id, force);
+	}
+
+	/**
+	 * Implements the traditional search functionalities for XPermMaps
+	 * 
+	 * @param request
+	 * @return
+	 */
+	@GET
+	@Path("/permmaps")
+	@Produces({ "application/xml", "application/json" })
+	public VXPermMapList searchXPermMaps(@Context HttpServletRequest request) {
+		SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
+				request, xPermMapService.sortFields);
+		return xUserMgr.searchXPermMaps(searchCriteria);
+	}
+
+	@GET
+	@Path("/permmaps/count")
+	@Produces({ "application/xml", "application/json" })
+	public VXLong countXPermMaps(@Context HttpServletRequest request) {
+		SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
+				request, xPermMapService.sortFields);
+
+		return xUserMgr.getXPermMapSearchCount(searchCriteria);
+	}
+
+	// Handle XAuditMap
+	@GET
+	@Path("/auditmaps/{id}")
+	@Produces({ "application/xml", "application/json" })
+	public VXAuditMap getXAuditMap(@PathParam("id") Long id) {
+		return xUserMgr.getXAuditMap(id);
+	}
+
+	@POST
+	@Path("/auditmaps")
+	@Produces({ "application/xml", "application/json" })
+	public VXAuditMap createXAuditMap(VXAuditMap vXAuditMap) {
+		return xUserMgr.createXAuditMap(vXAuditMap);
+	}
+
+	@PUT
+	@Path("/auditmaps")
+	@Produces({ "application/xml", "application/json" })
+	public VXAuditMap updateXAuditMap(VXAuditMap vXAuditMap) {
+		return xUserMgr.updateXAuditMap(vXAuditMap);
+	}
+
+	@DELETE
+	@Path("/auditmaps/{id}")
+	@PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+	@XAAnnotationClassName(class_name = VXAuditMap.class)
+	public void deleteXAuditMap(@PathParam("id") Long id,
+			@Context HttpServletRequest request) {
+		boolean force = false;
+		xUserMgr.deleteXAuditMap(id, force);
+	}
+
+	/**
+	 * Implements the traditional search functionalities for XAuditMaps
+	 * 
+	 * @param request
+	 * @return
+	 */
+	@GET
+	@Path("/auditmaps")
+	@Produces({ "application/xml", "application/json" })
+	public VXAuditMapList searchXAuditMaps(@Context HttpServletRequest request) {
+		SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
+				request, xAuditMapService.sortFields);
+		return xUserMgr.searchXAuditMaps(searchCriteria);
+	}
+
+	@GET
+	@Path("/auditmaps/count")
+	@Produces({ "application/xml", "application/json" })
+	public VXLong countXAuditMaps(@Context HttpServletRequest request) {
+		SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
+				request, xAuditMapService.sortFields);
+
+		return xUserMgr.getXAuditMapSearchCount(searchCriteria);
+	}
+
+	// Handle XUser
+	@GET
+	@Path("/users/userName/{userName}")
+	@Produces({ "application/xml", "application/json" })
+	public VXUser getXUserByUserName(@Context HttpServletRequest request,
+			@PathParam("userName") String userName) {
+		return xUserMgr.getXUserByUserName(userName);
+	}
+
+	@GET
+	@Path("/groups/groupName/{groupName}")
+	@Produces({ "application/xml", "application/json" })
+	public VXGroup getXGroupByGroupName(@Context HttpServletRequest request,
+			@PathParam("groupName") String groupName) {
+		return xGroupService.getGroupByGroupName(groupName);
+	}
+
+	@DELETE
+	@Path("/users/userName/{userName}")
+	public void deleteXUserByUserName(@PathParam("userName") String userName,
+			@Context HttpServletRequest request) {
+		boolean force = true;
+		VXUser vxUser = xUserService.getXUserByUserName(userName);
+		xUserMgr.deleteXUser(vxUser.getId(), force);
+	}
+
+	@DELETE
+	@Path("/groups/groupName/{groupName}")
+	public void deleteXGroupByGroupName(
+			@PathParam("groupName") String groupName,
+			@Context HttpServletRequest request) {
+		boolean force = true;
+		VXGroup vxGroup = xGroupService.getGroupByGroupName(groupName);
+		xUserMgr.deleteXGroup(vxGroup.getId(), force);
+	}
+
+	// @POST
+	// @Path("/group/{groupName}/user/{userName}")
+	// @Produces({ "application/xml", "application/json" })
+	// public void createXGroupAndXUser(@PathParam("groupName") String
+	// groupName,
+	// @PathParam("userName") String userName,
+	// @Context HttpServletRequest request) {
+	// xUserMgr.createXGroupAndXUser(groupName, userName);
+	// }
+	//
+	@DELETE
+	@Path("/group/{groupName}/user/{userName}")
+	public void deleteXGroupAndXUser(@PathParam("groupName") String groupName,
+			@PathParam("userName") String userName,
+			@Context HttpServletRequest request) {
+		xUserMgr.deleteXGroupAndXUser(groupName, userName);
+	}
+	
+	@GET
+	@Path("/{userId}/groups")
+	@Produces({ "application/xml", "application/json" })
+	public VXGroupList getXUserGroups(@Context HttpServletRequest request, 
+			@PathParam("userId") Long id){
+		return xUserMgr.getXUserGroups(id);
+	}
+
+	@GET
+	@Path("/{groupId}/users")
+	@Produces({ "application/xml", "application/json" })
+	public VXUserList getXGroupUsers(@Context HttpServletRequest request, 
+			@PathParam("groupId") Long id){
+		return xUserMgr.getXGroupUsers(id);
+	}
+
+	@GET
+	@Path("/authSessions")
+	@Produces({ "application/xml", "application/json" })
+	public VXAuthSessionList getAuthSessions(@Context HttpServletRequest request){
+		SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
+				request, authSessionService.AUTH_SESSION_SORT_FLDS);
+		searchUtil.extractLong(request, searchCriteria, "id", "Auth Session Id");
+		searchUtil.extractLong(request, searchCriteria, "userId", "User Id");
+		searchUtil.extractInt(request, searchCriteria, "authStatus", "Auth Status");
+		searchUtil.extractInt(request, searchCriteria, "authType", "Auth Type");
+		searchUtil.extractInt(request, searchCriteria, "deviceType", "Device Type");
+		searchUtil.extractString(request, searchCriteria, "firstName", "User First Name", StringUtil.VALIDATION_NAME);
+		searchUtil.extractString(request, searchCriteria, "lastName", "User Last Name", StringUtil.VALIDATION_NAME);
+		searchUtil.extractString(request, searchCriteria, "requestUserAgent", "User Agent", StringUtil.VALIDATION_TEXT);
+		searchUtil.extractString(request, searchCriteria, "requestIP", "Request IP Address", StringUtil.VALIDATION_IP_ADDRESS);
+		searchUtil.extractString(request, searchCriteria, "loginId", "Login ID", StringUtil.VALIDATION_TEXT);
+		searchUtil.extractDate(request, searchCriteria, "startDate", "Start date for search", null);
+		searchUtil.extractDate(request, searchCriteria, "endDate", "End date for search", null);						
+		return sessionMgr.searchAuthSessions(searchCriteria);
+	}
+	
+	@GET
+	@Path("/authSessions/info")
+	@Produces({ "application/xml", "application/json" })
+	public VXAuthSession getAuthSession(@Context HttpServletRequest request){
+		String authSessionId = request.getParameter("extSessionId");
+		return sessionMgr.getAuthSessionBySessionId(authSessionId);
+	}
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/7defc061/security-admin/src/main/java/com/xasecure/security/context/XAContextHolder.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/security/context/XAContextHolder.java b/security-admin/src/main/java/com/xasecure/security/context/XAContextHolder.java
new file mode 100644
index 0000000..1c2e508
--- /dev/null
+++ b/security-admin/src/main/java/com/xasecure/security/context/XAContextHolder.java
@@ -0,0 +1,26 @@
+/**
+ *
+ */
+package com.xasecure.security.context;
+
+public class XAContextHolder {
+
+    private static final ThreadLocal<XASecurityContext> securityContextThreadLocal = new ThreadLocal<XASecurityContext>();
+
+    private XAContextHolder() {
+
+    }
+
+    public static XASecurityContext getSecurityContext(){
+	return securityContextThreadLocal.get();
+    }
+
+    public static void setSecurityContext(XASecurityContext context){
+	securityContextThreadLocal.set(context);
+    }
+
+    public static void resetSecurityContext(){
+	securityContextThreadLocal.remove();
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/7defc061/security-admin/src/main/java/com/xasecure/security/context/XASecurityContext.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/security/context/XASecurityContext.java b/security-admin/src/main/java/com/xasecure/security/context/XASecurityContext.java
new file mode 100644
index 0000000..ab2fdde
--- /dev/null
+++ b/security-admin/src/main/java/com/xasecure/security/context/XASecurityContext.java
@@ -0,0 +1,39 @@
+/**
+ *
+ */
+package com.xasecure.security.context;
+
+import java.io.Serializable;
+
+import com.xasecure.common.RequestContext;
+import com.xasecure.common.UserSessionBase;
+
+public class XASecurityContext implements Serializable{
+    private static final long serialVersionUID = 1L;
+    private UserSessionBase userSession;
+    private RequestContext requestContext;
+
+    public UserSessionBase getUserSession() {
+        return userSession;
+    }
+
+    public void setUserSession(UserSessionBase userSession) {
+        this.userSession = userSession;
+    }
+
+    /**
+     * @return the requestContext
+     */
+    public RequestContext getRequestContext() {
+        return requestContext;
+    }
+
+    /**
+     * @param requestContext the requestContext to set
+     */
+    public void setRequestContext(RequestContext requestContext) {
+        this.requestContext = requestContext;
+    }
+
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/7defc061/security-admin/src/main/java/com/xasecure/security/handler/Permission.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/security/handler/Permission.java b/security-admin/src/main/java/com/xasecure/security/handler/Permission.java
new file mode 100644
index 0000000..feac50c
--- /dev/null
+++ b/security-admin/src/main/java/com/xasecure/security/handler/Permission.java
@@ -0,0 +1,34 @@
+package com.xasecure.security.handler;
+public class Permission {
+
+	public static final String CREATE_PERMISSION = "CREATE";
+	public static final String READ_PERMISSION = "READ";
+	public static final String UPDATE_PERMISSION = "UPDATE";
+	public static final String DELETE_PERMISSION = "DELETE";
+
+	public enum permissionType {
+		CREATE, READ, UPDATE, DELETE
+	};
+
+	public static permissionType getPermisson(Object in) {
+		String permString = in.toString();
+
+		if (CREATE_PERMISSION.equals(permString)) {
+			return permissionType.CREATE;
+		}
+
+		if (READ_PERMISSION.equals(permString)) {
+			return permissionType.READ;
+		}
+
+		if (UPDATE_PERMISSION.equals(permString)) {
+			return permissionType.UPDATE;
+		}
+
+		if (DELETE_PERMISSION.equals(permString)) {
+			return permissionType.DELETE;
+		}
+
+		return null;
+	}
+}

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/7defc061/security-admin/src/main/java/com/xasecure/security/handler/XADomainObjectSecurityHandler.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/security/handler/XADomainObjectSecurityHandler.java b/security-admin/src/main/java/com/xasecure/security/handler/XADomainObjectSecurityHandler.java
new file mode 100644
index 0000000..bf65f3e
--- /dev/null
+++ b/security-admin/src/main/java/com/xasecure/security/handler/XADomainObjectSecurityHandler.java
@@ -0,0 +1,93 @@
+package com.xasecure.security.handler;
+
+/**
+ *
+ */
+
+import java.io.Serializable;
+import org.apache.log4j.Logger;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import com.xasecure.biz.XABizUtil;
+import com.xasecure.common.ContextUtil;
+import com.xasecure.common.PropertiesUtil;
+import com.xasecure.common.UserSessionBase;
+import com.xasecure.db.XADaoManager;
+import com.xasecure.entity.XXDBBase;
+
+@Component
+public class XADomainObjectSecurityHandler {
+
+	public static Logger logger = Logger
+			.getLogger(XADomainObjectSecurityHandler.class);
+
+	@Autowired
+	public XADaoManager daoManager;
+
+	@Autowired
+	XABizUtil msBizUtil;
+
+	boolean checkParentObject = false;
+
+	public XADomainObjectSecurityHandler() {
+		checkParentObject = PropertiesUtil.getBooleanProperty(
+				"xa.db.access.filter.check.parentobject", checkParentObject);
+	}
+
+	/**
+	 * @return the daoManager
+	 */
+	public XADaoManager getDaoManager() {
+		return daoManager;
+	}
+
+	public <T extends XXDBBase> boolean hasAccess(T targetDomainObject,
+			Permission.permissionType permission) {
+		//TODO: Need to review this method and reimplement it properly
+		return true;
+	}
+
+	public boolean hasAccess(String targetType, Serializable targetId,
+			Permission.permissionType permission) {
+		try {
+			Class<?> clazz = Class.forName(targetType);
+			Class<? extends XXDBBase> gjClazz = clazz.asSubclass(XXDBBase.class);
+			return hasAccess(gjClazz, targetId, permission);
+
+		} catch (ClassNotFoundException cfe) {
+			logger.error("class not found:" + targetType, cfe);
+		} catch (Exception e) {
+			logger.error("Excepion targetType:" + targetType + " targetId:"
+					+ targetId, e);
+		}
+
+		return false;
+	}
+
+	public boolean hasAccess(Class<? extends XXDBBase> targetClass,
+			Serializable targetId, Permission.permissionType permission) {
+		try {
+			Class<? extends XXDBBase> gjClazz = targetClass
+					.asSubclass(XXDBBase.class);
+			XXDBBase base = getDaoManager().getEntityManager().find(gjClazz,
+					targetId);
+			return hasAccess(base, permission);
+
+		} catch (Exception e) {
+			logger.error("Excepion targetType:" + targetClass + " targetId:"
+					+ targetId, e);
+		}
+
+		return false;
+	}
+
+	public boolean hasModeratorPermission() {
+		UserSessionBase sess = ContextUtil.getCurrentUserSession();
+		if (sess != null && sess.isUserAdmin()) {
+			return true;
+		}
+		return false;
+	}
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/7defc061/security-admin/src/main/java/com/xasecure/security/listener/SpringEventListener.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/security/listener/SpringEventListener.java b/security-admin/src/main/java/com/xasecure/security/listener/SpringEventListener.java
new file mode 100644
index 0000000..926d132
--- /dev/null
+++ b/security-admin/src/main/java/com/xasecure/security/listener/SpringEventListener.java
@@ -0,0 +1,94 @@
+package com.xasecure.security.listener;
+
+import com.xasecure.biz.SessionMgr;
+import com.xasecure.entity.XXAuthSession;
+
+import org.apache.log4j.Logger;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationListener;
+import org.springframework.security.authentication.event.AbstractAuthenticationEvent;
+import org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent;
+import org.springframework.security.authentication.event.AuthenticationFailureDisabledEvent;
+import org.springframework.security.authentication.event.AuthenticationSuccessEvent;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.authentication.WebAuthenticationDetails;
+
+
+public class SpringEventListener implements
+	ApplicationListener<AbstractAuthenticationEvent> {
+
+    static Logger logger = Logger.getLogger(SpringEventListener.class);
+
+    @Autowired
+    SessionMgr sessionMgr;
+
+    @Override
+    public void onApplicationEvent(AbstractAuthenticationEvent event) {
+	try {
+	    if (event instanceof AuthenticationSuccessEvent) {
+		process((AuthenticationSuccessEvent) event);
+	    } else if (event instanceof AuthenticationFailureBadCredentialsEvent) {
+		process((AuthenticationFailureBadCredentialsEvent) event);
+	    } else if (event instanceof AuthenticationFailureDisabledEvent) {
+		process((AuthenticationFailureDisabledEvent) event);
+	    } else {
+		// igonre all other events
+	    }
+
+	} catch (Exception e) {
+	    logger.error("Exception in Spring Event Listener.", e);
+	}
+    }
+
+    protected void process(AuthenticationSuccessEvent authSuccessEvent) {
+	Authentication auth = authSuccessEvent.getAuthentication();
+	WebAuthenticationDetails details = (WebAuthenticationDetails) auth
+		.getDetails();
+	String remoteAddress = details != null ? details.getRemoteAddress()
+		: "";
+	String sessionId = details != null ? details.getSessionId() : "";
+
+	logger.info("Login Successful:" + auth.getName() + " | Ip Address:"
+		+ remoteAddress + " | sessionId=" + sessionId);
+
+	// success logins are processed further in
+	// AKASecurityContextFormationFilter
+    }
+
+    protected void process(
+	    AuthenticationFailureBadCredentialsEvent authFailEvent) {
+	Authentication auth = authFailEvent.getAuthentication();
+	WebAuthenticationDetails details = (WebAuthenticationDetails) auth
+		.getDetails();
+	String remoteAddress = details != null ? details.getRemoteAddress()
+		: "";
+	String sessionId = details != null ? details.getSessionId() : "";
+
+	logger.info("Login Unsuccessful:" + auth.getName() + " | Ip Address:"
+		+ remoteAddress + " | Bad Credentials");
+
+	sessionMgr.processFailureLogin(
+		XXAuthSession.AUTH_STATUS_WRONG_PASSWORD,
+		XXAuthSession.AUTH_TYPE_PASSWORD, auth.getName(),
+		remoteAddress, sessionId);
+    }
+
+    protected void process(AuthenticationFailureDisabledEvent authFailEvent) {
+	Authentication auth = authFailEvent.getAuthentication();
+	WebAuthenticationDetails details = (WebAuthenticationDetails) auth
+		.getDetails();
+	String remoteAddress = details != null ? details.getRemoteAddress()
+		: "";
+	String sessionId = details != null ? details.getSessionId() : "";
+
+	logger.info("Login Unsuccessful:" + auth.getName() + " | Ip Address:"
+		+ remoteAddress);
+
+	sessionMgr.processFailureLogin(XXAuthSession.AUTH_STATUS_DISABLED,
+		XXAuthSession.AUTH_TYPE_PASSWORD, auth.getName(),
+		remoteAddress, sessionId);
+
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/7defc061/security-admin/src/main/java/com/xasecure/security/standalone/StandaloneSecurityHandler.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/security/standalone/StandaloneSecurityHandler.java b/security-admin/src/main/java/com/xasecure/security/standalone/StandaloneSecurityHandler.java
new file mode 100644
index 0000000..898b703
--- /dev/null
+++ b/security-admin/src/main/java/com/xasecure/security/standalone/StandaloneSecurityHandler.java
@@ -0,0 +1,60 @@
+/**
+ *
+ */
+package com.xasecure.security.standalone;
+
+import java.net.InetAddress;
+import java.util.ArrayList;
+import java.util.Collection;
+
+import com.xasecure.biz.SessionMgr;
+import com.xasecure.common.XAConstants;
+import com.xasecure.entity.XXAuthSession;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
+import org.springframework.security.access.ConfigAttribute;
+import org.springframework.security.access.SecurityConfig;
+import org.springframework.security.access.vote.AffirmativeBased;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Component;
+
+@Component
+public class StandaloneSecurityHandler {
+	public static final String AUTH_MANAGER_BEAN_NAME = "authenticationManager";
+	public static final String ACCESS_DECISION_MANAGER_BEAN_NAME = "customAccessDecisionManager";
+
+	@Autowired
+	SessionMgr sessionMgr;
+
+	public void login(String userName, String password,
+			ApplicationContext context) throws Exception {
+		// [1] Create AUTH Token
+		Authentication token = new UsernamePasswordAuthenticationToken(
+				userName, password);
+
+		// [2] Authenticate User
+		AuthenticationManager am = (AuthenticationManager) context
+				.getBean(AUTH_MANAGER_BEAN_NAME);
+		token = am.authenticate(token);
+
+		// [3] Check User Access
+		AffirmativeBased accessDecisionManager = (AffirmativeBased) context
+				.getBean(ACCESS_DECISION_MANAGER_BEAN_NAME);
+		Collection<ConfigAttribute> list = new ArrayList<ConfigAttribute>();
+		SecurityConfig config = new SecurityConfig(XAConstants.ROLE_SYS_ADMIN);
+		list.add(config);
+		accessDecisionManager.decide(token, null, list);
+
+		// [4] set token in spring context
+		SecurityContextHolder.getContext().setAuthentication(token);
+
+		// [5] Process Success login
+		InetAddress thisIp = InetAddress.getLocalHost();
+		sessionMgr.processStandaloneSuccessLogin(
+				XXAuthSession.AUTH_TYPE_PASSWORD, thisIp.getHostAddress());
+	}
+}

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/7defc061/security-admin/src/main/java/com/xasecure/security/web/authentication/XAAuthFailureHandler.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/security/web/authentication/XAAuthFailureHandler.java b/security-admin/src/main/java/com/xasecure/security/web/authentication/XAAuthFailureHandler.java
new file mode 100644
index 0000000..84a0b5e
--- /dev/null
+++ b/security-admin/src/main/java/com/xasecure/security/web/authentication/XAAuthFailureHandler.java
@@ -0,0 +1,90 @@
+/**
+ *
+ */
+package com.xasecure.security.web.authentication;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import com.xasecure.common.JSONUtil;
+import com.xasecure.common.PropertiesUtil;
+import com.xasecure.view.VXResponse;
+
+import org.apache.log4j.Logger;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler;
+
+/**
+ * 
+ *
+ */
+public class XAAuthFailureHandler extends
+ExceptionMappingAuthenticationFailureHandler {
+    static Logger logger = Logger.getLogger(XAAuthFailureHandler.class);
+
+    String ajaxLoginfailurePage = null;
+    
+    @Autowired
+    JSONUtil jsonUtil;
+
+    public XAAuthFailureHandler() {
+	super();
+	if (ajaxLoginfailurePage == null) {
+	    ajaxLoginfailurePage = PropertiesUtil.getProperty(
+		    "xa.ajax.auth.failure.page", "/ajax_failure.jsp");
+	}
+    }
+
+    /*
+     * (non-Javadoc)
+     *
+     * @see org.springframework.security.web.authentication.
+     * ExceptionMappingAuthenticationFailureHandler
+     * #onAuthenticationFailure(javax.servlet.http.HttpServletRequest,
+     * javax.servlet.http.HttpServletResponse,
+     * org.springframework.security.core.AuthenticationException)
+     */
+    @Override
+    public void onAuthenticationFailure(HttpServletRequest request,
+	    HttpServletResponse response, AuthenticationException exception)
+    throws IOException, ServletException {
+	String ajaxRequestHeader = request.getHeader("X-Requested-With");
+	if (logger.isDebugEnabled()) {
+	    logger.debug("commence() X-Requested-With=" + ajaxRequestHeader);
+	}
+	
+		response.setContentType("application/json;charset=UTF-8");
+		response.setHeader("Cache-Control", "no-cache");
+		String jsonResp = "";
+		try {
+			VXResponse vXResponse = new VXResponse();
+			vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED);
+			vXResponse.setMsgDesc("Bad Credentials");
+
+			jsonResp = jsonUtil.writeObjectAsString(vXResponse);
+			response.getWriter().write(jsonResp);
+			response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+		} catch (IOException e) {
+			logger.info("Error while writing JSON in HttpServletResponse");
+		}
+	
+	if (ajaxRequestHeader != null && ajaxRequestHeader.equalsIgnoreCase("XMLHttpRequest")) {
+//	    if (logger.isDebugEnabled()) {
+//		logger.debug("Forwarding AJAX login request failure to "
+//			+ ajaxLoginfailurePage);
+//	    }
+//	    request.getRequestDispatcher(ajaxLoginfailurePage).forward(request,
+//		    response);
+		if (logger.isDebugEnabled()) {
+			logger.debug("Sending login failed response : " + jsonResp);
+		}
+	} else {
+//	    super.onAuthenticationFailure(request, response, exception);
+	}
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/7defc061/security-admin/src/main/java/com/xasecure/security/web/authentication/XAAuthSuccessHandler.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/security/web/authentication/XAAuthSuccessHandler.java b/security-admin/src/main/java/com/xasecure/security/web/authentication/XAAuthSuccessHandler.java
new file mode 100644
index 0000000..4a6dda6
--- /dev/null
+++ b/security-admin/src/main/java/com/xasecure/security/web/authentication/XAAuthSuccessHandler.java
@@ -0,0 +1,143 @@
+/**
+ *
+ */
+package com.xasecure.security.web.authentication;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import com.xasecure.biz.SessionMgr;
+import com.xasecure.common.JSONUtil;
+import com.xasecure.common.PropertiesUtil;
+import com.xasecure.entity.XXAuthSession;
+import com.xasecure.view.VXResponse;
+
+import org.apache.log4j.Logger;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
+import org.springframework.security.web.authentication.WebAuthenticationDetails;
+
+/**
+ * 
+ *
+ */
+public class XAAuthSuccessHandler extends
+SavedRequestAwareAuthenticationSuccessHandler {
+    static Logger logger = Logger.getLogger(XAAuthSuccessHandler.class);
+
+    String ajaxLoginSuccessPage = null;
+    
+    @Autowired
+    SessionMgr sessionMgr;
+    
+    @Autowired
+    JSONUtil jsonUtil;
+
+    public XAAuthSuccessHandler() {
+	super();
+	if (ajaxLoginSuccessPage == null) {
+	    ajaxLoginSuccessPage = PropertiesUtil.getProperty(
+		    "xa.ajax.auth.success.page", "/ajax_success.html");
+	}
+    }
+
+    /*
+     * (non-Javadoc)
+     *
+     * @see org.springframework.security.web.authentication.
+     * SavedRequestAwareAuthenticationSuccessHandler
+     * #onAuthenticationSuccess(javax.servlet.http.HttpServletRequest,
+     * javax.servlet.http.HttpServletResponse,
+     * org.springframework.security.core.Authentication)
+     */
+    @Override
+    public void onAuthenticationSuccess(HttpServletRequest request,
+	    HttpServletResponse response, Authentication authentication)
+    throws ServletException, IOException {
+    	
+    	WebAuthenticationDetails details = (WebAuthenticationDetails) authentication
+    		.getDetails();
+    	String remoteAddress = details != null ? details.getRemoteAddress()
+    		: "";
+    	String sessionId = details != null ? details.getSessionId() : "";
+    	
+    	boolean isValidUser = sessionMgr.isValidXAUser(authentication.getName());
+    	
+    	response.setContentType("application/json;charset=UTF-8");
+		response.setHeader("Cache-Control", "no-cache");
+
+		VXResponse vXResponse = new VXResponse();
+    	
+    	if(!isValidUser) {
+    		sessionMgr.processFailureLogin(
+    				XXAuthSession.AUTH_STATUS_USER_NOT_FOUND,
+    				XXAuthSession.AUTH_TYPE_PASSWORD, authentication.getName(),
+    				remoteAddress, sessionId);
+    		authentication.setAuthenticated(false);
+    		
+			vXResponse.setStatusCode(HttpServletResponse.SC_PRECONDITION_FAILED);
+			vXResponse.setMsgDesc("Auth Succeeded but user is not synced yet for " + authentication.getName());
+
+			response.setStatus(HttpServletResponse.SC_PRECONDITION_FAILED);
+			response.getWriter().write(jsonUtil.writeObjectAsString(vXResponse));
+
+			// response.sendError(HttpServletResponse.SC_PRECONDITION_FAILED);
+			logger.info("Auth Succeeded but user is not synced yet for "
+					+ authentication.getName());
+    		
+    	} else {
+    	
+			String ajaxRequestHeader = request.getHeader("X-Requested-With");
+			if (logger.isDebugEnabled()) {
+			    logger.debug("commence() X-Requested-With=" + ajaxRequestHeader);
+			}
+			if (ajaxRequestHeader != null && ajaxRequestHeader.equalsIgnoreCase("XMLHttpRequest")) {
+				// if (logger.isDebugEnabled()) {
+				// logger.debug("Forwarding AJAX login request success to "
+				// + ajaxLoginSuccessPage + " for user "
+				// + authentication.getName());
+				// }
+				// request.getRequestDispatcher(ajaxLoginSuccessPage).forward(request,
+				// response);
+				
+				String jsonResp = "";
+				try {
+					vXResponse.setStatusCode(HttpServletResponse.SC_OK);
+					vXResponse.setMsgDesc("Login Successful");
+
+					response.setStatus(HttpServletResponse.SC_OK);
+					jsonResp = jsonUtil.writeObjectAsString(vXResponse);
+					response.getWriter().write(jsonResp);
+				} catch (IOException e) {
+					logger.info("Error while writing JSON in HttpServletResponse");
+				}
+				if (logger.isDebugEnabled()) {
+					logger.debug("Sending login success response : " + jsonResp);
+				}
+			    clearAuthenticationAttributes(request);
+			} else {
+				String jsonResp = "";
+				try {
+					vXResponse.setStatusCode(HttpServletResponse.SC_OK);
+					vXResponse.setMsgDesc("Login Successful");
+
+					response.setStatus(HttpServletResponse.SC_OK);
+					jsonResp = jsonUtil.writeObjectAsString(vXResponse);
+					response.getWriter().write(jsonResp);
+				} catch (IOException e) {
+					logger.info("Error while writing JSON in HttpServletResponse");
+				}
+				if (logger.isDebugEnabled()) {
+					logger.debug("Sending login success response : " + jsonResp);
+				}
+				// super.onAuthenticationSuccess(request, response,
+				// authentication);
+			}
+    	}
+    }
+
+}


Mime
View raw message