usergrid-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mru...@apache.org
Subject usergrid git commit: Add hooks for post processing for external integrations. Update security filters to check additional security context for service admin.
Date Fri, 12 Aug 2016 20:52:16 GMT
Repository: usergrid
Updated Branches:
  refs/heads/master 2a514d4ca -> 32204b9fa


Add hooks for post processing for external integrations.  Update security filters to check
additional security context for service admin.


Project: http://git-wip-us.apache.org/repos/asf/usergrid/repo
Commit: http://git-wip-us.apache.org/repos/asf/usergrid/commit/32204b9f
Tree: http://git-wip-us.apache.org/repos/asf/usergrid/tree/32204b9f
Diff: http://git-wip-us.apache.org/repos/asf/usergrid/diff/32204b9f

Branch: refs/heads/master
Commit: 32204b9fa5d73acd30a11de970220d3b40f95b65
Parents: 2a514d4
Author: Michael Russo <mrusso@apigee.com>
Authored: Fri Aug 12 13:51:40 2016 -0700
Committer: Michael Russo <mrusso@apigee.com>
Committed: Fri Aug 12 13:51:40 2016 -0700

----------------------------------------------------------------------
 .../organizations/OrganizationsResource.java    | 34 ++++++---------
 .../organizations/users/UsersResource.java      | 45 +++++++++++---------
 .../rest/management/users/UserResource.java     | 22 ++++++----
 .../rest/management/users/UsersResource.java    | 34 +++++++--------
 .../organizations/OrganizationsResource.java    | 24 +++++++++++
 .../security/SecuredResourceFilterFactory.java  | 16 ++++---
 .../usergrid/management/ManagementService.java  | 17 ++++++++
 .../cassandra/AccountCreationPropsImpl.java     |  4 +-
 .../cassandra/ManagementServiceImpl.java        | 24 +++++++++++
 9 files changed, 148 insertions(+), 72 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/usergrid/blob/32204b9f/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationsResource.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationsResource.java
b/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationsResource.java
index b75ca60..6105ce6 100644
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationsResource.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/OrganizationsResource.java
@@ -20,6 +20,7 @@ package org.apache.usergrid.rest.management.organizations;
 import com.fasterxml.jackson.jaxrs.json.annotation.JSONP;
 import com.google.common.base.Preconditions;
 import org.apache.commons.lang.StringUtils;
+import org.apache.shiro.SecurityUtils;
 import org.apache.usergrid.management.ApplicationCreator;
 import org.apache.usergrid.management.OrganizationInfo;
 import org.apache.usergrid.management.OrganizationOwnerInfo;
@@ -28,6 +29,8 @@ import org.apache.usergrid.rest.AbstractContextResource;
 import org.apache.usergrid.rest.ApiResponse;
 import org.apache.usergrid.rest.RootResource;
 import org.apache.usergrid.rest.security.annotations.RequireSystemAccess;
+import org.apache.usergrid.security.shiro.principals.PrincipalIdentifier;
+import org.apache.usergrid.security.shiro.utils.SubjectUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -40,6 +43,8 @@ import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.UriInfo;
 import java.util.*;
 
+import static org.apache.commons.lang.StringUtils.isBlank;
+
 
 @Component( "org.apache.usergrid.rest.management.organizations.OrganizationsResource" )
 @Scope( "prototype" )
@@ -69,6 +74,7 @@ public class OrganizationsResource extends AbstractContextResource {
     public ApiResponse getAllOrganizations() throws Exception{
 
         ApiResponse response = createApiResponse();
+        //TODO this needs paging at some point
         List<OrganizationInfo> orgs = management.getOrganizations(null, 10000);
         List<Object> jsonOrgList = new ArrayList<>();
 
@@ -185,8 +191,8 @@ public class OrganizationsResource extends AbstractContextResource {
                                              String email, String password, Map<String,
Object> userProperties,
                                              Map<String, Object> orgProperties, String
callback ) throws Exception {
 
-        // Providing no password in this request signifies that an existing admin users should
be associated to the
-        // newly requested organization.
+        /* Providing no password in this request signifies that an existing admin users should
be associated to the
+        newly requested organization. */
 
         // Always let the sysadmin create an org, but otherwise follow the behavior specified
with
         // the property 'usergrid.management.allow-public-registration'
@@ -221,6 +227,12 @@ public class OrganizationsResource extends AbstractContextResource {
 
         applicationCreator.createSampleFor( organizationOwner.getOrganization() );
 
+        // ( DO NOT REMOVE ) Execute any post processing which may be overridden by external
classes using UG as
+        // a dependency
+        management.createAdminUserPostProcessing(organizationOwner.getOwner(), null);
+        management.createOrganizationPostProcessing(organizationOwner.getOrganization(),
null);
+        management.addUserToOrganizationPostProcessing(organizationOwner.getOwner(), organizationName,
null);
+
         response.setData( organizationOwner );
         response.setSuccess();
 
@@ -228,22 +240,4 @@ public class OrganizationsResource extends AbstractContextResource {
         return response;
     }
 
-    /*
-     * @POST
-     *
-     * @Consumes(MediaType.MULTIPART_FORM_DATA) public JSONWithPadding
-     * newOrganizationFromMultipart(@Context UriInfo ui,
-     *
-     * @FormDataParam("organization") String organization,
-     *
-     * @FormDataParam("username") String username,
-     *
-     * @FormDataParam("name") String name,
-     *
-     * @FormDataParam("email") String email,
-     *
-     * @FormDataParam("password") String password) throws Exception { return
-     * newOrganizationFromForm(ui, organization, username, name, email,
-     * password); }
-     */
 }

http://git-wip-us.apache.org/repos/asf/usergrid/blob/32204b9f/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/users/UsersResource.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/users/UsersResource.java
b/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/users/UsersResource.java
index dad2c14..3b70c06 100644
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/users/UsersResource.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/organizations/users/UsersResource.java
@@ -141,6 +141,10 @@ public class UsersResource extends AbstractContextResource {
                     management.startAdminUserPasswordResetFlow(organization.getUuid(), user);
                 }
             }
+
+            // DO NOT REMOVE - used for external classes to hook into any post-processing
+            management.createAdminUserPostProcessing(user, null);
+
         }
 
         if ( user == null ) {
@@ -149,6 +153,9 @@ public class UsersResource extends AbstractContextResource {
 
         management.addAdminUserToOrganization( user, organization, true );
 
+        // DO NOT REMOVE - used for external classes to hook into any post-processing
+        management.addUserToOrganizationPostProcessing(user, organization.getName(), null);
+
         Map<String, Object> result = new LinkedHashMap<String, Object>();
         result.put( "user", user );
         response.setData( result );
@@ -157,26 +164,6 @@ public class UsersResource extends AbstractContextResource {
         return response;
     }
 
-	/*
-     * @RequireOrganizationAccess
-	 *
-	 * @POST
-	 *
-	 * @Consumes(MediaType.MULTIPART_FORM_DATA) public JSONWithPadding
-	 * newUserForOrganizationFromMultipart(
-	 *
-	 * @Context UriInfo ui, @FormDataParam("username") String username,
-	 *
-	 * @FormDataParam("name") String name,
-	 *
-	 * @FormDataParam("email") String email,
-	 *
-	 * @FormDataParam("password") String password) throws Exception {
-	 *
-	 * return newUserForOrganizationFromForm(ui, username, name, email,
-	 * password); }
-	 */
-
 
     @RequireOrganizationAccess
     @PUT
@@ -196,6 +183,9 @@ public class UsersResource extends AbstractContextResource {
         }
         management.addAdminUserToOrganization( user, organization, true );
 
+        // DO NOT REMOVE - used for external classes to hook into any post-processing
+        management.addUserToOrganizationPostProcessing(user, organization.getName(), null);
+
         Map<String, Object> result = new LinkedHashMap<String, Object>();
         result.put( "user", user );
         response.setData( result );
@@ -223,6 +213,9 @@ public class UsersResource extends AbstractContextResource {
         }
         management.addAdminUserToOrganization( user, organization, true );
 
+        // DO NOT REMOVE - used for external classes to hook into any post-processing
+        management.addUserToOrganizationPostProcessing(user, organization.getName(), null);
+
         Map<String, Object> result = new LinkedHashMap<String, Object>();
         result.put( "user", user );
         response.setData( result );
@@ -258,6 +251,9 @@ public class UsersResource extends AbstractContextResource {
         }
         management.addAdminUserToOrganization( user, organization, true );
 
+        // DO NOT REMOVE - used for external classes to hook into any post-processing
+        management.addUserToOrganizationPostProcessing(user, organization.getName(), null);
+
         Map<String, Object> result = new LinkedHashMap<String, Object>();
         result.put( "user", user );
         response.setData( result );
@@ -284,6 +280,9 @@ public class UsersResource extends AbstractContextResource {
         }
         management.removeAdminUserFromOrganization( user.getUuid(), organization.getUuid()
);
 
+        // DO NOT REMOVE - used for external classes to hook into any post-processing
+        management.removeUserFromOrganizationPostProcessing(user, organization.getName(),
null);
+
         Map<String, Object> result = new LinkedHashMap<String, Object>();
         result.put( "user", user );
         response.setData( result );
@@ -320,6 +319,9 @@ public class UsersResource extends AbstractContextResource {
         }
         management.removeAdminUserFromOrganization( user.getUuid(), organization.getUuid()
);
 
+        // DO NOT REMOVE - used for external classes to hook into any post-processing
+        management.removeUserFromOrganizationPostProcessing(user, organization.getName(),
null);
+
         Map<String, Object> result = new LinkedHashMap<String, Object>();
         result.put( "user", user );
         response.setData( result );
@@ -347,6 +349,9 @@ public class UsersResource extends AbstractContextResource {
         }
         management.removeAdminUserFromOrganization( user.getUuid(), organization.getUuid()
);
 
+        // DO NOT REMOVE - used for external classes to hook into any post-processing
+        management.removeUserFromOrganizationPostProcessing(user, organization.getName(),
null);
+
         Map<String, Object> result = new LinkedHashMap<String, Object>();
         result.put( "user", user );
         response.setData( result );

http://git-wip-us.apache.org/repos/asf/usergrid/blob/32204b9f/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java
b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java
index 0e89294..af37cf5 100644
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java
@@ -102,6 +102,12 @@ public class UserResource extends AbstractContextResource {
                                         @QueryParam( "callback" ) @DefaultValue( "callback"
) String callback )
             throws Exception {
 
+        if ( tokens.isExternalSSOProviderEnabled() && !isServiceAdmin() ) {
+            throw new IllegalArgumentException(  "External SSO integration is enabled, admin
users must update" +
+                " info via provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER)
);
+        }
+
+
         if ( json == null ) {
             return null;
         }
@@ -136,7 +142,7 @@ public class UserResource extends AbstractContextResource {
                                                @QueryParam( "callback" ) @DefaultValue( "callback"
) String callback )
             throws Exception {
 
-        if ( tokens.isExternalSSOProviderEnabled() ) {
+        if ( tokens.isExternalSSOProviderEnabled() && !isServiceAdmin() ) {
             throw new IllegalArgumentException( "External SSO integration is enabled, admin
users must reset passwords via" +
                 " provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER)
);
         }
@@ -222,7 +228,7 @@ public class UserResource extends AbstractContextResource {
     @Produces( MediaType.TEXT_HTML )
     public Viewable showPasswordResetForm( @Context UriInfo ui, @QueryParam( "token" ) String
token ) {
 
-        if ( tokens.isExternalSSOProviderEnabled() ) {
+        if ( tokens.isExternalSSOProviderEnabled() && !isServiceAdmin() ) {
             throw new IllegalArgumentException( "External SSO integration is enabled, admin
users must reset password via" +
                 " provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER)
);
         }
@@ -266,7 +272,7 @@ public class UserResource extends AbstractContextResource {
             logger.trace("handlePasswordResetForm");
         }
 
-        if ( tokens.isExternalSSOProviderEnabled() ) {
+        if ( tokens.isExternalSSOProviderEnabled() && !isServiceAdmin() ) {
             throw new IllegalArgumentException(  "External SSO integration is enabled, admin
users must reset password via" +
                 " provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER)
);
         }
@@ -352,7 +358,7 @@ public class UserResource extends AbstractContextResource {
     @Produces( MediaType.TEXT_HTML )
     public Viewable activate( @Context UriInfo ui, @QueryParam( "token" ) String token )
{
 
-        if ( tokens.isExternalSSOProviderEnabled() ) {
+        if ( tokens.isExternalSSOProviderEnabled() && !isServiceAdmin() ) {
             throw new IllegalArgumentException(  "External SSO integration is enabled, admin
users must activate via" +
                 " provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER)
);
         }
@@ -382,7 +388,7 @@ public class UserResource extends AbstractContextResource {
     @Produces( MediaType.TEXT_HTML )
     public Viewable confirm( @Context UriInfo ui, @QueryParam( "token" ) String token ) {
 
-        if ( tokens.isExternalSSOProviderEnabled() ) {
+        if ( tokens.isExternalSSOProviderEnabled() && !isServiceAdmin() ) {
             throw new IllegalArgumentException( "External SSO integration is enabled, admin
users must confirm " +
                 "via provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER
) );
         }
@@ -418,7 +424,7 @@ public class UserResource extends AbstractContextResource {
                                        @QueryParam( "callback" ) @DefaultValue( "callback"
) String callback )
             throws Exception {
 
-        if ( tokens.isExternalSSOProviderEnabled() ) {
+        if ( tokens.isExternalSSOProviderEnabled() && !isServiceAdmin() ) {
             throw new IllegalArgumentException( "External SSO integration is enabled, admin
user must re-activate " +
                 "via provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER
) );
         }
@@ -442,7 +448,7 @@ public class UserResource extends AbstractContextResource {
                                              @QueryParam( "callback" ) @DefaultValue( "callback"
) String callback )
             throws Exception {
 
-        if ( tokens.isExternalSSOProviderEnabled() ) {
+        if ( tokens.isExternalSSOProviderEnabled() && !isServiceAdmin() ) {
             throw new IllegalArgumentException( "External SSO integration is enabled, admin
user tokens must be revoked " +
                 "via provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER)
);
         }
@@ -479,7 +485,7 @@ public class UserResource extends AbstractContextResource {
                                             @QueryParam( "callback" ) @DefaultValue( "callback"
) String callback,
                                             @QueryParam( "token" ) String token ) throws
Exception {
 
-        if ( tokens.isExternalSSOProviderEnabled() ) {
+        if ( tokens.isExternalSSOProviderEnabled() && !isServiceAdmin() ) {
             throw new IllegalArgumentException( "External SSO integration is enabled, admin
user token must be revoked via " +
                 "via provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER
) );
         }

http://git-wip-us.apache.org/repos/asf/usergrid/blob/32204b9f/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UsersResource.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UsersResource.java
b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UsersResource.java
index 607c3e0..6999841 100644
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UsersResource.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UsersResource.java
@@ -45,6 +45,7 @@ import java.util.UUID;
 
 import static org.apache.commons.lang.StringUtils.isBlank;
 import static org.apache.usergrid.rest.exceptions.SecurityException.mappableSecurityException;
+import static org.apache.usergrid.security.shiro.utils.SubjectUtils.isServiceAdmin;
 import static org.apache.usergrid.security.tokens.cassandra.TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER_URL;
 
 
@@ -115,7 +116,7 @@ public class UsersResource extends AbstractContextResource {
                                        @QueryParam( "callback" ) @DefaultValue( "callback"
) String callback )
             throws Exception {
 
-        if ( tokens.isExternalSSOProviderEnabled() ) {
+        if ( tokens.isExternalSSOProviderEnabled() && !isServiceAdmin() ) {
             throw new IllegalArgumentException(  "External SSO integration is enabled, admin
users registering without an org" +
                 " must do so via provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER)
);
         }
@@ -154,31 +155,23 @@ public class UsersResource extends AbstractContextResource {
             throw mappableSecurityException( AuthErrorInfo.BAD_CREDENTIALS_SYNTAX_ERROR );
         }
 
+        // DO NOT REMOVE - used for external classes to hook into any post-processing
+        management.createAdminUserPostProcessing(user, null);
+
         return response;
     }
 
-	/*
-     * @POST
-	 *
-	 * @Consumes(MediaType.MULTIPART_FORM_DATA) public JSONWithPadding
-	 * createUserFromMultipart(@Context UriInfo ui,
-	 *
-	 * @FormDataParam("username") String username,
-	 *
-	 * @FormDataParam("name") String name,
-	 *
-	 * @FormDataParam("email") String email,
-	 *
-	 * @FormDataParam("password") String password) throws Exception {
-	 *
-	 * return createUser(ui, username, name, email, password); }
-	 */
-
 
     @GET
     @Path( "resetpw" )
     @Produces( MediaType.TEXT_HTML )
     public Viewable showPasswordResetForm( @Context UriInfo ui ) {
+
+        if ( tokens.isExternalSSOProviderEnabled() && !isServiceAdmin() ) {
+            throw new IllegalArgumentException( "External SSO integration is enabled, admin
users must reset password via" +
+                " provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER)
);
+        }
+
         return handleViewable( "resetpw_email_form", this );
     }
 
@@ -191,6 +184,11 @@ public class UsersResource extends AbstractContextResource {
                                              @FormParam( "recaptcha_challenge_field" ) String
challenge,
                                              @FormParam( "recaptcha_response_field" ) String
uresponse ) {
 
+        if ( tokens.isExternalSSOProviderEnabled() && !isServiceAdmin() ) {
+            throw new IllegalArgumentException( "External SSO integration is enabled, admin
users must reset password via" +
+                " provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER)
);
+        }
+
         try {
             if ( isBlank( email ) ) {
                 errorMsg = "No email provided, try again...";

http://git-wip-us.apache.org/repos/asf/usergrid/blob/32204b9f/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/organizations/OrganizationsResource.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/organizations/OrganizationsResource.java
b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/organizations/OrganizationsResource.java
index dfbe7af..e9a5f53 100644
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/organizations/OrganizationsResource.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/organizations/OrganizationsResource.java
@@ -95,6 +95,10 @@ public class OrganizationsResource extends AbstractContextResource {
 
         management.activateOrganization( organization );
 
+        // DO NOT REMOVE - used for external classes to hook into any post-processing
+        management.createOrganizationPostProcessing(organization, null);
+        management.addUserToOrganizationPostProcessing(user, organizationName, null);
+
         return response;
     }
 
@@ -122,6 +126,10 @@ public class OrganizationsResource extends AbstractContextResource {
 
         management.activateOrganization( organization );
 
+        // DO NOT REMOVE - used for external classes to hook into any post-processing
+        management.createOrganizationPostProcessing(organization, null);
+        management.addUserToOrganizationPostProcessing(user, organizationName, null);
+
         return response;
     }
 
@@ -142,6 +150,10 @@ public class OrganizationsResource extends AbstractContextResource {
 
         OrganizationInfo organization = management.getOrganizationByName( organizationName
);
         management.addAdminUserToOrganization( user, organization, true );
+
+        // DO NOT REMOVE - used for external classes to hook into any post-processing
+        management.addUserToOrganizationPostProcessing(user, organizationName, null);
+
         response.setData( organization );
         return response;
     }
@@ -160,6 +172,10 @@ public class OrganizationsResource extends AbstractContextResource {
 
         OrganizationInfo organization = management.getOrganizationByUuid( UUID.fromString(
organizationIdStr ) );
         management.addAdminUserToOrganization( user, organization, true );
+
+        // DO NOT REMOVE - used for external classes to hook into any post-processing
+        management.addUserToOrganizationPostProcessing(user, organization.getName(), null);
+
         response.setData( organization );
         return response;
     }
@@ -182,6 +198,10 @@ public class OrganizationsResource extends AbstractContextResource {
 
         OrganizationInfo organization = management.getOrganizationByUuid( UUID.fromString(
organizationIdStr ) );
         management.removeAdminUserFromOrganization( user.getUuid(), organization.getUuid()
);
+
+        // DO NOT REMOVE - used for external classes to hook into any post-processing
+        management.removeUserFromOrganizationPostProcessing(user, organization.getName(),
null);
+
         response.setData( organization );
         return response;
     }
@@ -203,6 +223,10 @@ public class OrganizationsResource extends AbstractContextResource {
         response.setAction( "remove user from organization" );
         OrganizationInfo organization = management.getOrganizationByName( organizationName
);
         management.removeAdminUserFromOrganization( user.getUuid(), organization.getUuid()
);
+
+        // DO NOT REMOVE - used for external classes to hook into any post-processing
+        management.removeUserFromOrganizationPostProcessing(user, organizationName, null);
+
         response.setData( organization );
 
         return response;

http://git-wip-us.apache.org/repos/asf/usergrid/blob/32204b9f/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java
b/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java
index 85e6210..ede6c35 100644
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/security/SecuredResourceFilterFactory.java
@@ -254,7 +254,7 @@ public class SecuredResourceFilterFactory implements DynamicFeature {
                 logger.trace("SysadminLocalhostFilter.authorize");
             }
 
-            if (!request.getSecurityContext().isUserInRole( ROLE_SERVICE_ADMIN )) {
+            if ( !isServiceAdmin() && !isBasicAuthServiceAdmin(request)) {
                 // not a sysadmin request
                 return;
             }
@@ -303,7 +303,7 @@ public class SecuredResourceFilterFactory implements DynamicFeature {
                 logger.trace("OrganizationFilter.authorize");
             }
 
-            if ( !isPermittedAccessToOrganization( getOrganizationIdentifier() ) ) {
+            if ( !isPermittedAccessToOrganization( getOrganizationIdentifier() ) &&
!isBasicAuthServiceAdmin(request) ) {
                 if (logger.isTraceEnabled()) {
                     logger.trace("No organization access authorized");
                 }
@@ -375,7 +375,7 @@ public class SecuredResourceFilterFactory implements DynamicFeature {
                     throw mappableSecurityException( "unauthorized", "No application guest
access authorized" );
                 }
             }
-            if ( !isPermittedAccessToApplication( getApplicationIdentifier() ) ) {
+            if ( !isPermittedAccessToApplication( getApplicationIdentifier() ) &&
!isBasicAuthServiceAdmin(request) ) {
                 throw mappableSecurityException( "unauthorized", "No application access authorized"
);
             }
         }
@@ -397,7 +397,7 @@ public class SecuredResourceFilterFactory implements DynamicFeature {
                 logger.trace("SystemFilter.authorize");
             }
             try {
-                if (!request.getSecurityContext().isUserInRole( ROLE_SERVICE_ADMIN )) {
+                if (!isBasicAuthServiceAdmin(request) && !isServiceAdmin()) {
                     if (logger.isTraceEnabled()) {
                         logger.trace("You are not the system admin.");
                     }
@@ -429,7 +429,7 @@ public class SecuredResourceFilterFactory implements DynamicFeature {
                 if (logger.isTraceEnabled()) {
                     logger.trace("AdminUserFilter.authorize");
                 }
-                if (!isUser( getUserIdentifier() ) && !isServiceAdmin() ) {
+                if (!isUser( getUserIdentifier() ) && !isServiceAdmin() &&
!isBasicAuthServiceAdmin(request) ) {
                     throw mappableSecurityException( "unauthorized", "No admin user access
authorized" );
                 }
             }
@@ -539,5 +539,11 @@ public class SecuredResourceFilterFactory implements DynamicFeature {
         }
     }
 
+    private static boolean isBasicAuthServiceAdmin(ContainerRequestContext request){
+
+        return request.getSecurityContext().isUserInRole( ROLE_SERVICE_ADMIN );
+
+    }
+
 
 }

http://git-wip-us.apache.org/repos/asf/usergrid/blob/32204b9f/stack/services/src/main/java/org/apache/usergrid/management/ManagementService.java
----------------------------------------------------------------------
diff --git a/stack/services/src/main/java/org/apache/usergrid/management/ManagementService.java
b/stack/services/src/main/java/org/apache/usergrid/management/ManagementService.java
index a161a27..5ac1713 100644
--- a/stack/services/src/main/java/org/apache/usergrid/management/ManagementService.java
+++ b/stack/services/src/main/java/org/apache/usergrid/management/ManagementService.java
@@ -371,4 +371,21 @@ public interface ManagementService {
 	void updateOrganizationConfig( OrganizationConfig organizationConfig ) throws Exception;
 
 	Observable<Id> deleteAllEntities(final UUID applicationId,final int limit);
+
+
+    // DO NOT REMOVE BELOW METHODS, THEY ARE HERE TO ALLOW EXTERNAL CLASSES TO OVERRIDE AND
HOOK INTO POST PROCESSING
+    void createOrganizationPostProcessing( final OrganizationInfo orgInfo,
+                                           final Map<String, String> properties ) throws
Exception;
+
+    void createAdminUserPostProcessing( final UserInfo userInfo,
+                                        final Map<String, String> properties ) throws
Exception;
+
+    void addUserToOrganizationPostProcessing( final UserInfo userInfo,
+                                              final String organizationName,
+                                              final Map<String, String> properties
) throws Exception;
+
+    void removeUserFromOrganizationPostProcessing( final UserInfo userInfo,
+                                              final String organizationName,
+                                              final Map<String, String> properties
) throws Exception;
+
 }

http://git-wip-us.apache.org/repos/asf/usergrid/blob/32204b9f/stack/services/src/main/java/org/apache/usergrid/management/cassandra/AccountCreationPropsImpl.java
----------------------------------------------------------------------
diff --git a/stack/services/src/main/java/org/apache/usergrid/management/cassandra/AccountCreationPropsImpl.java
b/stack/services/src/main/java/org/apache/usergrid/management/cassandra/AccountCreationPropsImpl.java
index 7c6a091..552f74b 100644
--- a/stack/services/src/main/java/org/apache/usergrid/management/cassandra/AccountCreationPropsImpl.java
+++ b/stack/services/src/main/java/org/apache/usergrid/management/cassandra/AccountCreationPropsImpl.java
@@ -86,7 +86,9 @@ public class AccountCreationPropsImpl implements AccountCreationProps {
     public String getProperty( String name ) {
         String propertyValue = properties.getProperty( name );
         if ( isBlank( propertyValue ) ) {
-            logger.warn( "Missing value for {}", name );
+            if ( logger.isDebugEnabled() ) {
+                logger.debug("Missing value for {}", name);
+            }
             propertyValue = null;
         }
         return propertyValue;

http://git-wip-us.apache.org/repos/asf/usergrid/blob/32204b9f/stack/services/src/main/java/org/apache/usergrid/management/cassandra/ManagementServiceImpl.java
----------------------------------------------------------------------
diff --git a/stack/services/src/main/java/org/apache/usergrid/management/cassandra/ManagementServiceImpl.java
b/stack/services/src/main/java/org/apache/usergrid/management/cassandra/ManagementServiceImpl.java
index 4bd2e4f..21c6983 100644
--- a/stack/services/src/main/java/org/apache/usergrid/management/cassandra/ManagementServiceImpl.java
+++ b/stack/services/src/main/java/org/apache/usergrid/management/cassandra/ManagementServiceImpl.java
@@ -3494,4 +3494,28 @@ public class ManagementServiceImpl implements ManagementService {
         localShiroCache.invalidateAll();
     }
 
+    @Override
+    public void createOrganizationPostProcessing( final OrganizationInfo orgInfo,
+                                                  final Map<String,String> properties
){
+        // do nothing, this is a hook for any classes extending the ManagementServiceInterface
+
+    }
+
+    @Override
+    public void createAdminUserPostProcessing( final UserInfo userInfo, final Map<String,String>
properties){
+        // do nothing, this is a hook for any classes extending the ManagementServiceInterface
+    }
+
+    @Override
+    public void addUserToOrganizationPostProcessing( final UserInfo userInfo, final String
organizationName,
+                                                          final Map<String,String>
properties){
+        // do nothing, this is a hook for any classes extending the ManagementServiceInterface
+    }
+
+    @Override
+    public void removeUserFromOrganizationPostProcessing( final UserInfo userInfo, final
String organizationName,
+                                                     final Map<String,String> properties){
+        // do nothing, this is a hook for any classes extending the ManagementServiceInterface
+    }
+
 }


Mime
View raw message