From c6e6d31a31cae6ededb695797aefb2bfd96b6d9b Mon Sep 17 00:00:00 2001 From: Vladimir Orany Date: Thu, 3 Dec 2020 17:14:45 +0100 Subject: [PATCH 1/2] moved advisors to separate classes for better feedback --- .../DefaultSecurityAdvisorFactory.java | 83 ------------------- .../console/advisors/AddressAdvisor.java | 35 ++++++++ .../console/advisors/CloudAdvisor.java | 43 ++++++++++ .../console/advisors/UntilAdvisor.java | 32 +++++++ .../console/advisors/UsersAdvisor.java | 35 ++++++++ 5 files changed, 145 insertions(+), 83 deletions(-) delete mode 100644 libs/micronaut-console/src/main/groovy/com/agorapulse/micronaut/console/DefaultSecurityAdvisorFactory.java create mode 100644 libs/micronaut-console/src/main/groovy/com/agorapulse/micronaut/console/advisors/AddressAdvisor.java create mode 100644 libs/micronaut-console/src/main/groovy/com/agorapulse/micronaut/console/advisors/CloudAdvisor.java create mode 100644 libs/micronaut-console/src/main/groovy/com/agorapulse/micronaut/console/advisors/UntilAdvisor.java create mode 100644 libs/micronaut-console/src/main/groovy/com/agorapulse/micronaut/console/advisors/UsersAdvisor.java diff --git a/libs/micronaut-console/src/main/groovy/com/agorapulse/micronaut/console/DefaultSecurityAdvisorFactory.java b/libs/micronaut-console/src/main/groovy/com/agorapulse/micronaut/console/DefaultSecurityAdvisorFactory.java deleted file mode 100644 index a59f276..0000000 --- a/libs/micronaut-console/src/main/groovy/com/agorapulse/micronaut/console/DefaultSecurityAdvisorFactory.java +++ /dev/null @@ -1,83 +0,0 @@ -/* - * SPDX-License-Identifier: Apache-2.0 - * - * Copyright 2020 Agorapulse. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.agorapulse.micronaut.console; - -import io.micronaut.context.ApplicationContext; -import io.micronaut.context.annotation.Bean; -import io.micronaut.context.annotation.Factory; -import io.micronaut.context.annotation.Requires; -import io.micronaut.context.env.Environment; - -import javax.inject.Singleton; -import java.time.Instant; - -@Factory -public class DefaultSecurityAdvisorFactory { - - @Bean - @Singleton - @Requires(property = "console.addresses") - public SecurityAdvisor addressFilter(ConsoleConfiguration configuration) { - return script -> { - if (script.getUser() == null || script.getUser().getAddress() == null) { - // address must be known - return false; - } - return configuration.getAddresses().contains(script.getUser().getAddress()); - }; - } - - @Bean - @Singleton - @Requires(property = "console.users") - public SecurityAdvisor userFilter(ConsoleConfiguration configuration) { - return script -> { - if (script.getUser() == null || script.getUser().getId() == null) { - // id must be known - return false; - } - return configuration.getUsers().contains(script.getUser().getId()); - }; - } - - @Bean - @Singleton - @Requires(property = "console.until") - public SecurityAdvisor untilWindow(ConsoleConfiguration configuration) { - return script -> Instant.now().isBefore(configuration.convertUntil()); - } - - @Bean - @Singleton - public SecurityAdvisor consoleEnabled(ApplicationContext context, ConsoleConfiguration configuration) { - return script -> { - if (configuration.isEnabled()) { - return true; - } - - // functions has their own security checks - if (context.getEnvironment().getActiveNames().contains(Environment.FUNCTION)) { - return true; - } - - // disable by default for the cloud environment (deployed apps) - return !context.getEnvironment().getActiveNames().contains(Environment.CLOUD); - }; - } - -} diff --git a/libs/micronaut-console/src/main/groovy/com/agorapulse/micronaut/console/advisors/AddressAdvisor.java b/libs/micronaut-console/src/main/groovy/com/agorapulse/micronaut/console/advisors/AddressAdvisor.java new file mode 100644 index 0000000..95f5ddf --- /dev/null +++ b/libs/micronaut-console/src/main/groovy/com/agorapulse/micronaut/console/advisors/AddressAdvisor.java @@ -0,0 +1,35 @@ +package com.agorapulse.micronaut.console.advisors; + +import com.agorapulse.micronaut.console.ConsoleConfiguration; +import com.agorapulse.micronaut.console.Script; +import com.agorapulse.micronaut.console.SecurityAdvisor; +import io.micronaut.context.annotation.Requires; + +import javax.inject.Singleton; + +@Singleton +@Requires(property = "console.addresses") +public class AddressAdvisor implements SecurityAdvisor { + + private final ConsoleConfiguration configuration; + + public AddressAdvisor(ConsoleConfiguration configuration) { + this.configuration = configuration; + } + + @Override + public boolean isExecutionAllowed(Script script) { + if (script.getUser() == null || script.getUser().getAddress() == null) { + // address must be known + return false; + } + return configuration.getAddresses().contains(script.getUser().getAddress()); + } + + @Override + public String toString() { + return "Address advisor for addresses " + String.join(", ", configuration.getAddresses()); + } + +} + diff --git a/libs/micronaut-console/src/main/groovy/com/agorapulse/micronaut/console/advisors/CloudAdvisor.java b/libs/micronaut-console/src/main/groovy/com/agorapulse/micronaut/console/advisors/CloudAdvisor.java new file mode 100644 index 0000000..02d6e48 --- /dev/null +++ b/libs/micronaut-console/src/main/groovy/com/agorapulse/micronaut/console/advisors/CloudAdvisor.java @@ -0,0 +1,43 @@ +package com.agorapulse.micronaut.console.advisors; + +import com.agorapulse.micronaut.console.ConsoleConfiguration; +import com.agorapulse.micronaut.console.Script; +import com.agorapulse.micronaut.console.SecurityAdvisor; +import io.micronaut.context.ApplicationContext; +import io.micronaut.context.env.Environment; + +import javax.inject.Singleton; + +@Singleton +public class CloudAdvisor implements SecurityAdvisor { + + private final ConsoleConfiguration configuration; + private final ApplicationContext context; + + public CloudAdvisor(ConsoleConfiguration configuration, ApplicationContext context) { + this.configuration = configuration; + this.context = context; + } + + @Override + public boolean isExecutionAllowed(Script script) { + if (configuration.isEnabled()) { + return true; + } + + // functions has their own security checks + if (context.getEnvironment().getActiveNames().contains(Environment.FUNCTION)) { + return true; + } + + // disable by default for the cloud environment (deployed apps) + return !context.getEnvironment().getActiveNames().contains(Environment.CLOUD); + } + + @Override + public String toString() { + return "Cloud advisor for environments " + String.join(", ", context.getEnvironment().getActiveNames()) + ", enabled = " + configuration.isEnabled(); + } + +} + diff --git a/libs/micronaut-console/src/main/groovy/com/agorapulse/micronaut/console/advisors/UntilAdvisor.java b/libs/micronaut-console/src/main/groovy/com/agorapulse/micronaut/console/advisors/UntilAdvisor.java new file mode 100644 index 0000000..5775ca9 --- /dev/null +++ b/libs/micronaut-console/src/main/groovy/com/agorapulse/micronaut/console/advisors/UntilAdvisor.java @@ -0,0 +1,32 @@ +package com.agorapulse.micronaut.console.advisors; + +import com.agorapulse.micronaut.console.ConsoleConfiguration; +import com.agorapulse.micronaut.console.Script; +import com.agorapulse.micronaut.console.SecurityAdvisor; +import io.micronaut.context.annotation.Requires; + +import javax.inject.Singleton; +import java.time.Instant; + +@Singleton +@Requires(property = "console.until") +public class UntilAdvisor implements SecurityAdvisor { + + private final ConsoleConfiguration configuration; + + public UntilAdvisor(ConsoleConfiguration configuration) { + this.configuration = configuration; + } + + @Override + public boolean isExecutionAllowed(Script script) { + return Instant.now().isBefore(configuration.convertUntil()); + } + + @Override + public String toString() { + return "Until advisor for date before " + configuration.convertUntil(); + } + +} + diff --git a/libs/micronaut-console/src/main/groovy/com/agorapulse/micronaut/console/advisors/UsersAdvisor.java b/libs/micronaut-console/src/main/groovy/com/agorapulse/micronaut/console/advisors/UsersAdvisor.java new file mode 100644 index 0000000..7f14bc1 --- /dev/null +++ b/libs/micronaut-console/src/main/groovy/com/agorapulse/micronaut/console/advisors/UsersAdvisor.java @@ -0,0 +1,35 @@ +package com.agorapulse.micronaut.console.advisors; + +import com.agorapulse.micronaut.console.ConsoleConfiguration; +import com.agorapulse.micronaut.console.Script; +import com.agorapulse.micronaut.console.SecurityAdvisor; +import io.micronaut.context.annotation.Requires; + +import javax.inject.Singleton; + +@Singleton +@Requires(property = "console.users") +public class UsersAdvisor implements SecurityAdvisor { + + private final ConsoleConfiguration configuration; + + public UsersAdvisor(ConsoleConfiguration configuration) { + this.configuration = configuration; + } + + @Override + public boolean isExecutionAllowed(Script script) { + if (script.getUser() == null || script.getUser().getId() == null) { + // id must be known + return false; + } + return configuration.getUsers().contains(script.getUser().getId()); + } + + @Override + public String toString() { + return "Users advisor for user IDs " + String.join(", ", configuration.getUsers()); + } + +} + From c433da264fc96c82d2e892f904f2d923cb99763f Mon Sep 17 00:00:00 2001 From: Vladimir Orany Date: Thu, 3 Dec 2020 17:20:40 +0100 Subject: [PATCH 2/2] fixed license headers --- .../console/advisors/AddressAdvisor.java | 17 +++++++++++++++++ .../console/advisors/CloudAdvisor.java | 17 +++++++++++++++++ .../console/advisors/UntilAdvisor.java | 17 +++++++++++++++++ .../console/advisors/UsersAdvisor.java | 17 +++++++++++++++++ 4 files changed, 68 insertions(+) diff --git a/libs/micronaut-console/src/main/groovy/com/agorapulse/micronaut/console/advisors/AddressAdvisor.java b/libs/micronaut-console/src/main/groovy/com/agorapulse/micronaut/console/advisors/AddressAdvisor.java index 95f5ddf..a93f6ef 100644 --- a/libs/micronaut-console/src/main/groovy/com/agorapulse/micronaut/console/advisors/AddressAdvisor.java +++ b/libs/micronaut-console/src/main/groovy/com/agorapulse/micronaut/console/advisors/AddressAdvisor.java @@ -1,3 +1,20 @@ +/* + * SPDX-License-Identifier: Apache-2.0 + * + * Copyright 2020 Agorapulse. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package com.agorapulse.micronaut.console.advisors; import com.agorapulse.micronaut.console.ConsoleConfiguration; diff --git a/libs/micronaut-console/src/main/groovy/com/agorapulse/micronaut/console/advisors/CloudAdvisor.java b/libs/micronaut-console/src/main/groovy/com/agorapulse/micronaut/console/advisors/CloudAdvisor.java index 02d6e48..ba2c83d 100644 --- a/libs/micronaut-console/src/main/groovy/com/agorapulse/micronaut/console/advisors/CloudAdvisor.java +++ b/libs/micronaut-console/src/main/groovy/com/agorapulse/micronaut/console/advisors/CloudAdvisor.java @@ -1,3 +1,20 @@ +/* + * SPDX-License-Identifier: Apache-2.0 + * + * Copyright 2020 Agorapulse. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package com.agorapulse.micronaut.console.advisors; import com.agorapulse.micronaut.console.ConsoleConfiguration; diff --git a/libs/micronaut-console/src/main/groovy/com/agorapulse/micronaut/console/advisors/UntilAdvisor.java b/libs/micronaut-console/src/main/groovy/com/agorapulse/micronaut/console/advisors/UntilAdvisor.java index 5775ca9..b1b2127 100644 --- a/libs/micronaut-console/src/main/groovy/com/agorapulse/micronaut/console/advisors/UntilAdvisor.java +++ b/libs/micronaut-console/src/main/groovy/com/agorapulse/micronaut/console/advisors/UntilAdvisor.java @@ -1,3 +1,20 @@ +/* + * SPDX-License-Identifier: Apache-2.0 + * + * Copyright 2020 Agorapulse. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package com.agorapulse.micronaut.console.advisors; import com.agorapulse.micronaut.console.ConsoleConfiguration; diff --git a/libs/micronaut-console/src/main/groovy/com/agorapulse/micronaut/console/advisors/UsersAdvisor.java b/libs/micronaut-console/src/main/groovy/com/agorapulse/micronaut/console/advisors/UsersAdvisor.java index 7f14bc1..bfa8169 100644 --- a/libs/micronaut-console/src/main/groovy/com/agorapulse/micronaut/console/advisors/UsersAdvisor.java +++ b/libs/micronaut-console/src/main/groovy/com/agorapulse/micronaut/console/advisors/UsersAdvisor.java @@ -1,3 +1,20 @@ +/* + * SPDX-License-Identifier: Apache-2.0 + * + * Copyright 2020 Agorapulse. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package com.agorapulse.micronaut.console.advisors; import com.agorapulse.micronaut.console.ConsoleConfiguration;