diff --git a/apollo-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/AppController.java b/apollo-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/AppController.java index 9f389903b8885306ed5ee1540b81178a1e8f9534..cb07c50ca95f76daad0ee3973744721da1b5c0ee 100644 --- a/apollo-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/AppController.java +++ b/apollo-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/AppController.java @@ -6,6 +6,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.data.domain.Pageable; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; +import org.springframework.security.core.userdetails.UserDetails; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; @@ -16,6 +17,7 @@ import org.springframework.web.bind.annotation.RestController; import com.ctrip.apollo.biz.entity.App; import com.ctrip.apollo.biz.service.AdminService; import com.ctrip.apollo.biz.service.AppService; +import com.ctrip.apollo.common.controller.ActiveUser; import com.ctrip.apollo.common.utils.BeanUtils; import com.ctrip.apollo.core.dto.AppDTO; import com.ctrip.apollo.core.exception.NotFoundException; @@ -30,18 +32,19 @@ public class AppController { private AdminService adminService; @RequestMapping(path = "/apps", method = RequestMethod.POST) - public ResponseEntity create(@RequestBody AppDTO dto) { + public ResponseEntity create(@RequestBody AppDTO dto, @ActiveUser UserDetails user) { App entity = BeanUtils.transfrom(App.class, dto); + entity.setDataChangeCreatedBy(user.getUsername()); entity = adminService.createNewApp(entity); dto = BeanUtils.transfrom(AppDTO.class, entity); return ResponseEntity.status(HttpStatus.CREATED).body(dto); } @RequestMapping(path = "/apps/{appId}", method = RequestMethod.DELETE) - public void delete(@PathVariable("appId") String appId) { + public void delete(@PathVariable("appId") String appId, @ActiveUser UserDetails user) { App entity = appService.findOne(appId); if (entity == null) throw new NotFoundException("app not found for appId " + appId); - appService.delete(entity.getId(), "who"); + appService.delete(entity.getId(), user.getUsername()); } @RequestMapping("/apps") @@ -64,13 +67,15 @@ public class AppController { } @RequestMapping(path = "/apps/{appId}", method = RequestMethod.PUT) - public AppDTO update(@PathVariable("appId") String appId, @RequestBody AppDTO dto) { + public AppDTO update(@PathVariable("appId") String appId, @RequestBody AppDTO dto, + @ActiveUser UserDetails user) { if (!appId.equals(dto.getAppId())) { throw new IllegalArgumentException(String .format("Path variable %s is not equals to object field %s", appId, dto.getAppId())); } App entity = appService.findOne(appId); if (entity == null) throw new NotFoundException("app not found for appId " + appId); + entity.setDataChangeLastModifiedBy(user.getUsername()); entity = appService.update(BeanUtils.transfrom(App.class, dto)); return BeanUtils.transfrom(AppDTO.class, entity); } diff --git a/apollo-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/ClusterController.java b/apollo-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/ClusterController.java index 389972b0c717c6668bc7ce097122e5992b1d60a2..c18ac2c551f504cdb7cdf47cde0310355f08c72c 100644 --- a/apollo-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/ClusterController.java +++ b/apollo-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/ClusterController.java @@ -5,6 +5,7 @@ import java.util.List; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; +import org.springframework.security.core.userdetails.UserDetails; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; @@ -14,6 +15,7 @@ import org.springframework.web.bind.annotation.RestController; import com.ctrip.apollo.biz.entity.Cluster; import com.ctrip.apollo.biz.service.ClusterService; import com.ctrip.apollo.biz.service.ViewService; +import com.ctrip.apollo.common.controller.ActiveUser; import com.ctrip.apollo.common.utils.BeanUtils; import com.ctrip.apollo.core.dto.ClusterDTO; import com.ctrip.apollo.core.exception.NotFoundException; @@ -29,8 +31,9 @@ public class ClusterController { @RequestMapping(path = "/apps/{appId}/clusters", method = RequestMethod.POST) public ResponseEntity create(@PathVariable("appId") String appId, - @RequestBody ClusterDTO dto) { + @RequestBody ClusterDTO dto, @ActiveUser UserDetails user) { Cluster entity = BeanUtils.transfrom(Cluster.class, dto); + entity.setDataChangeCreatedBy(user.getUsername()); entity = clusterService.save(entity); dto = BeanUtils.transfrom(ClusterDTO.class, entity); return ResponseEntity.status(HttpStatus.CREATED).body(dto); @@ -38,11 +41,11 @@ public class ClusterController { @RequestMapping(path = "/apps/{appId}/clusters/{clusterName}", method = RequestMethod.DELETE) public void delete(@PathVariable("appId") String appId, - @PathVariable("clusterName") String clusterName) { + @PathVariable("clusterName") String clusterName, @ActiveUser UserDetails user) { Cluster entity = clusterService.findOne(appId, clusterName); if (entity == null) throw new NotFoundException("cluster not found for clusterName " + clusterName); - clusterService.delete(entity.getId(), "who"); + clusterService.delete(entity.getId(), user.getUsername()); } @RequestMapping("/apps/{appId}/clusters") @@ -55,18 +58,21 @@ public class ClusterController { public ClusterDTO get(@PathVariable("appId") String appId, @PathVariable("clusterName") String clusterName) { Cluster cluster = clusterService.findOne(appId, clusterName); + if (cluster == null) throw new NotFoundException("cluster not found for name " + clusterName); return BeanUtils.transfrom(ClusterDTO.class, cluster); } @RequestMapping(path = "/apps/{appId}/clusters/{clusterName}", method = RequestMethod.PUT) public ClusterDTO update(@PathVariable("appId") String appId, - @PathVariable("clusterName") String clusterName, @RequestBody ClusterDTO dto) { + @PathVariable("clusterName") String clusterName, @RequestBody ClusterDTO dto, + @ActiveUser UserDetails user) { if (!clusterName.equals(dto.getName())) { throw new IllegalArgumentException(String .format("Path variable %s is not equals to object field %s", clusterName, dto.getName())); } Cluster entity = clusterService.findOne(appId, clusterName); if (entity == null) throw new NotFoundException("cluster not found for name " + clusterName); + entity.setDataChangeLastModifiedBy(user.getUsername()); entity = clusterService.update(BeanUtils.transfrom(Cluster.class, dto)); return BeanUtils.transfrom(ClusterDTO.class, entity); } diff --git a/apollo-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/ItemController.java b/apollo-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/ItemController.java index c14c92536b5e27ba33b53d07c22b1a4dd929a318..d76f477503b910befb14f4333ab30eb51778647a 100644 --- a/apollo-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/ItemController.java +++ b/apollo-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/ItemController.java @@ -5,6 +5,7 @@ import java.util.List; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; +import org.springframework.security.core.userdetails.UserDetails; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; @@ -14,6 +15,7 @@ import org.springframework.web.bind.annotation.RestController; import com.ctrip.apollo.biz.entity.Item; import com.ctrip.apollo.biz.service.ItemService; import com.ctrip.apollo.biz.service.ViewService; +import com.ctrip.apollo.common.controller.ActiveUser; import com.ctrip.apollo.common.utils.BeanUtils; import com.ctrip.apollo.core.dto.ItemDTO; import com.ctrip.apollo.core.exception.NotFoundException; @@ -28,18 +30,19 @@ public class ItemController { private ItemService itemService; @RequestMapping(path = "/items/", method = RequestMethod.POST) - public ResponseEntity create(@RequestBody ItemDTO dto) { + public ResponseEntity create(@RequestBody ItemDTO dto, @ActiveUser UserDetails user) { Item entity = BeanUtils.transfrom(Item.class, dto); + entity.setDataChangeCreatedBy(user.getUsername()); entity = itemService.save(entity); dto = BeanUtils.transfrom(ItemDTO.class, entity); return ResponseEntity.status(HttpStatus.CREATED).body(dto); } @RequestMapping(path = "/items/{itemId}", method = RequestMethod.DELETE) - public void delete(@PathVariable("itemId") long itemId) { + public void delete(@PathVariable("itemId") long itemId, @ActiveUser UserDetails user) { Item entity = itemService.findOne(itemId); if (entity == null) throw new NotFoundException("item not found for itemId " + itemId); - itemService.delete(entity.getId(), "who"); + itemService.delete(entity.getId(), user.getUsername()); } @RequestMapping("/apps/{appId}/clusters/{clusterName}/namespaces/{namespaceName}/items") @@ -53,13 +56,16 @@ public class ItemController { @RequestMapping("/items/{itemId}") public ItemDTO get(@PathVariable("itemId") long itemId) { Item item = itemService.findOne(itemId); + if (item == null) throw new NotFoundException("item not found for itemId " + itemId); return BeanUtils.transfrom(ItemDTO.class, item); } @RequestMapping(path = "/item/{itemId}", method = RequestMethod.PUT) - public ItemDTO update(@PathVariable("itemId") long itemId, @RequestBody ItemDTO dto) { + public ItemDTO update(@PathVariable("itemId") long itemId, @RequestBody ItemDTO dto, + @ActiveUser UserDetails user) { Item entity = itemService.findOne(itemId); if (entity == null) throw new NotFoundException("item not found for itemId " + itemId); + entity.setDataChangeLastModifiedBy(user.getUsername()); entity = itemService.update(BeanUtils.transfrom(Item.class, dto)); return BeanUtils.transfrom(ItemDTO.class, entity); } diff --git a/apollo-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/ItemSetController.java b/apollo-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/ItemSetController.java index a55eb3d868aab42028184bf7ab95e3b688612cbc..b5bf67efe4790a6aa11a3cc81f20aca5c5ca7e2e 100644 --- a/apollo-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/ItemSetController.java +++ b/apollo-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/ItemSetController.java @@ -3,12 +3,14 @@ package com.ctrip.apollo.adminservice.controller; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; +import org.springframework.security.core.userdetails.UserDetails; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RestController; import com.ctrip.apollo.biz.service.ItemSetService; +import com.ctrip.apollo.common.controller.ActiveUser; import com.ctrip.apollo.core.dto.ItemChangeSets; @RestController @@ -18,8 +20,8 @@ public class ItemSetController { private ItemSetService itemSetService; @RequestMapping(path = "/apps/{appId}/clusters/{clusterName}/namespaces/{namespaceName}/itemset", method = RequestMethod.POST) - public ResponseEntity create(@RequestBody ItemChangeSets changeSet) { - itemSetService.updateSet(changeSet); + public ResponseEntity create(@RequestBody ItemChangeSets changeSet, @ActiveUser UserDetails user) { + itemSetService.updateSet(changeSet, user.getUsername()); return ResponseEntity.status(HttpStatus.OK).build(); } } diff --git a/apollo-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/NamespaceController.java b/apollo-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/NamespaceController.java index 87cf5268a1cf5ba56af2453edc0e2cf04ccc8cc7..7fc5d0ffd51b051fb27842ea2fd9ab045fe8f569 100644 --- a/apollo-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/NamespaceController.java +++ b/apollo-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/NamespaceController.java @@ -5,6 +5,7 @@ import java.util.List; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; +import org.springframework.security.core.userdetails.UserDetails; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; @@ -14,6 +15,7 @@ import org.springframework.web.bind.annotation.RestController; import com.ctrip.apollo.biz.entity.Namespace; import com.ctrip.apollo.biz.service.NamespaceService; import com.ctrip.apollo.biz.service.ViewService; +import com.ctrip.apollo.common.controller.ActiveUser; import com.ctrip.apollo.common.utils.BeanUtils; import com.ctrip.apollo.core.dto.NamespaceDTO; import com.ctrip.apollo.core.exception.NotFoundException; @@ -29,7 +31,8 @@ public class NamespaceController { @RequestMapping(path = "/apps/{appId}/clusters/{clusterName}/namespaces", method = RequestMethod.POST) public ResponseEntity create(@PathVariable("appId") String appId, - @PathVariable("clusterName") String clusterName, @RequestBody NamespaceDTO dto) { + @PathVariable("clusterName") String clusterName, @RequestBody NamespaceDTO dto, + @ActiveUser UserDetails user) { if (!appId.equals(dto.getAppId())) { throw new IllegalArgumentException(String .format("Path variable %s is not equals to object field %s", appId, dto.getAppId())); @@ -39,6 +42,7 @@ public class NamespaceController { "Path variable %s is not equals to object field %s", clusterName, dto.getClusterName())); } Namespace entity = BeanUtils.transfrom(Namespace.class, dto); + entity.setDataChangeCreatedBy(user.getUsername()); entity = namespaceService.save(entity); dto = BeanUtils.transfrom(NamespaceDTO.class, entity); return ResponseEntity.status(HttpStatus.CREATED).body(dto); @@ -47,11 +51,11 @@ public class NamespaceController { @RequestMapping(path = "/apps/{appId}/clusters/{clusterName}/namespaces/{namespaceName}", method = RequestMethod.DELETE) public void delete(@PathVariable("appId") String appId, @PathVariable("clusterName") String clusterName, - @PathVariable("namespaceName") String namespaceName) { + @PathVariable("namespaceName") String namespaceName, @ActiveUser UserDetails user) { Namespace entity = namespaceService.findOne(appId, clusterName, namespaceName); if (entity == null) throw new NotFoundException( String.format("namespace not found for %s %s %s", appId, clusterName, namespaceName)); - namespaceService.delete(entity.getId(), "who"); + namespaceService.delete(entity.getId(), user.getUsername()); } @RequestMapping("/apps/{appId}/clusters/{clusterName}/namespaces") @@ -82,7 +86,8 @@ public class NamespaceController { @RequestMapping(path = "/apps/{appId}/clusters/{clusterName}/namespaces/{namespaceName}", method = RequestMethod.PUT) public NamespaceDTO update(@PathVariable("appId") String appId, @PathVariable("clusterName") String clusterName, - @PathVariable("namespaceName") String namespaceName, @RequestBody NamespaceDTO dto) { + @PathVariable("namespaceName") String namespaceName, @RequestBody NamespaceDTO dto, + @ActiveUser UserDetails user) { if (!appId.equals(dto.getAppId())) { throw new IllegalArgumentException(String .format("Path variable %s is not equals to object field %s", appId, dto.getAppId())); @@ -99,6 +104,7 @@ public class NamespaceController { Namespace entity = namespaceService.findOne(appId, clusterName, namespaceName); if (entity == null) throw new NotFoundException( String.format("namespace not found for %s %s %s", appId, clusterName, namespaceName)); + entity.setDataChangeLastModifiedBy(user.getUsername()); entity = namespaceService.update(BeanUtils.transfrom(Namespace.class, dto)); return BeanUtils.transfrom(NamespaceDTO.class, entity); } diff --git a/apollo-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/ReleaseController.java b/apollo-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/ReleaseController.java index 723086f25ed4d1949237b58f6235c5106c710a53..d72b10b6247c43ac41b46a1ede2e0739e063254f 100644 --- a/apollo-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/ReleaseController.java +++ b/apollo-adminservice/src/main/java/com/ctrip/apollo/adminservice/controller/ReleaseController.java @@ -3,6 +3,7 @@ package com.ctrip.apollo.adminservice.controller; import java.util.List; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.core.userdetails.UserDetails; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; @@ -13,6 +14,7 @@ import com.ctrip.apollo.biz.entity.Release; import com.ctrip.apollo.biz.service.ConfigService; import com.ctrip.apollo.biz.service.ReleaseService; import com.ctrip.apollo.biz.service.ViewService; +import com.ctrip.apollo.common.controller.ActiveUser; import com.ctrip.apollo.common.utils.BeanUtils; import com.ctrip.apollo.core.dto.ReleaseDTO; import com.ctrip.apollo.core.exception.NotFoundException; @@ -47,12 +49,12 @@ public class ReleaseController { @RequestMapping("/apps/{appId}/clusters/{clusterName}/namespaces/{namespaceName}/releases/latest") public ReleaseDTO getLatest(@PathVariable("appId") String appId, - @PathVariable("clusterName") String clusterName, - @PathVariable("namespaceName") String namespaceName) { + @PathVariable("clusterName") String clusterName, + @PathVariable("namespaceName") String namespaceName) { Release release = configService.findRelease(appId, clusterName, namespaceName); if (release == null) { - throw new NotFoundException( - String.format("latest release not found for %s %s %s", appId, clusterName, namespaceName)); + throw new NotFoundException(String.format("latest release not found for %s %s %s", appId, + clusterName, namespaceName)); } else { return BeanUtils.transfrom(ReleaseDTO.class, release); } @@ -62,8 +64,10 @@ public class ReleaseController { public ReleaseDTO buildRelease(@PathVariable("appId") String appId, @PathVariable("clusterName") String clusterName, @PathVariable("namespaceName") String namespaceName, @RequestParam("name") String name, - @RequestParam(name = "comment", required = false) String comment) { - Release release = releaseService.buildRelease(name, comment, appId, clusterName, namespaceName, "who"); + @RequestParam(name = "comment", required = false) String comment, + @ActiveUser UserDetails user) { + Release release = releaseService.buildRelease(name, comment, appId, clusterName, namespaceName, + user.getUsername()); return BeanUtils.transfrom(ReleaseDTO.class, release); } } diff --git a/apollo-adminservice/src/test/java/com/ctrip/apollo/adminservice/controller/AbstractControllerTest.java b/apollo-adminservice/src/test/java/com/ctrip/apollo/adminservice/controller/AbstractControllerTest.java index e5a8e4f312b96729347a6a17f57d5cc9272137e5..42431826030630323574ede13389f1f010175277 100644 --- a/apollo-adminservice/src/test/java/com/ctrip/apollo/adminservice/controller/AbstractControllerTest.java +++ b/apollo-adminservice/src/test/java/com/ctrip/apollo/adminservice/controller/AbstractControllerTest.java @@ -15,7 +15,7 @@ import com.ctrip.apollo.AdminServiceTestConfiguration; @WebIntegrationTest(randomPort = true) public abstract class AbstractControllerTest { - RestTemplate restTemplate = new TestRestTemplate(); + RestTemplate restTemplate = new TestRestTemplate("user", ""); @Value("${local.server.port}") int port; diff --git a/apollo-adminservice/src/test/java/com/ctrip/apollo/adminservice/controller/ItemSetControllerTest.java b/apollo-adminservice/src/test/java/com/ctrip/apollo/adminservice/controller/ItemSetControllerTest.java index 5c3e956ec0c1df408e07fc5ac8f1923eaab548b7..c93cfa225c5e35746d841b441dc0af05180f3a31 100644 --- a/apollo-adminservice/src/test/java/com/ctrip/apollo/adminservice/controller/ItemSetControllerTest.java +++ b/apollo-adminservice/src/test/java/com/ctrip/apollo/adminservice/controller/ItemSetControllerTest.java @@ -5,6 +5,7 @@ import java.util.List; import org.junit.Assert; import org.junit.Test; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.TestRestTemplate; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.test.context.jdbc.Sql; @@ -44,7 +45,7 @@ public class ItemSetControllerTest extends AbstractControllerTest { Assert.assertEquals("application", namespace.getNamespaceName()); ItemChangeSets itemSet = new ItemChangeSets(); - itemSet.setModifyBy("created"); + restTemplate = new TestRestTemplate("created", ""); int createdSize = 3; for (int i = 0; i < createdSize; i++) { @@ -91,8 +92,8 @@ public class ItemSetControllerTest extends AbstractControllerTest { Assert.assertEquals("application", namespace.getNamespaceName()); ItemChangeSets createChangeSet = new ItemChangeSets(); - createChangeSet.setModifyBy("created"); - + restTemplate = new TestRestTemplate("created", ""); + int createdSize = 3; for (int i = 0; i < createdSize; i++) { ItemDTO item = new ItemDTO(); @@ -115,8 +116,8 @@ public class ItemSetControllerTest extends AbstractControllerTest { ItemDTO[].class); ItemChangeSets udpateChangeSet = new ItemChangeSets(); - udpateChangeSet.setModifyBy("updated"); - + restTemplate = new TestRestTemplate("updated", ""); + int updatedSize = 2; for (int i = 0; i < updatedSize; i++) { items[i].setValue("updated_value_" + i); @@ -160,8 +161,8 @@ public class ItemSetControllerTest extends AbstractControllerTest { Assert.assertEquals("application", namespace.getNamespaceName()); ItemChangeSets createChangeSet = new ItemChangeSets(); - createChangeSet.setModifyBy("created"); - + restTemplate = new TestRestTemplate("created", ""); + int createdSize = 3; for (int i = 0; i < createdSize; i++) { ItemDTO item = new ItemDTO(); @@ -184,8 +185,8 @@ public class ItemSetControllerTest extends AbstractControllerTest { ItemDTO[].class); ItemChangeSets deleteChangeSet = new ItemChangeSets(); - deleteChangeSet.setModifyBy("deleted"); - + restTemplate = new TestRestTemplate("deleted", ""); + int deletedSize = 1; for (int i = 0; i < deletedSize; i++) { items[i].setValue("deleted_value_" + i); diff --git a/apollo-adminservice/src/test/java/com/ctrip/apollo/adminservice/controller/TestWebSecurityConfig.java b/apollo-adminservice/src/test/java/com/ctrip/apollo/adminservice/controller/TestWebSecurityConfig.java new file mode 100644 index 0000000000000000000000000000000000000000..7654901cc3ea07d55c86580393940e3cc8390673 --- /dev/null +++ b/apollo-adminservice/src/test/java/com/ctrip/apollo/adminservice/controller/TestWebSecurityConfig.java @@ -0,0 +1,28 @@ +package com.ctrip.apollo.adminservice.controller; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Configuration; +import org.springframework.core.annotation.Order; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; + +@Configuration +@Order(99) +public class TestWebSecurityConfig extends WebSecurityConfigurerAdapter { + + @Override + protected void configure(HttpSecurity http) throws Exception { + http.httpBasic(); + http.csrf().disable(); + } + + @Autowired + public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { + auth.inMemoryAuthentication().withUser("user").password("").roles("USER"); + auth.inMemoryAuthentication().withUser("apollo").password("").roles("USER", "ADMIN"); + auth.inMemoryAuthentication().withUser("created").password("").roles("TEST"); + auth.inMemoryAuthentication().withUser("updated").password("").roles("TEST"); + auth.inMemoryAuthentication().withUser("deleted").password("").roles("TEST"); + } +} diff --git a/apollo-biz/src/main/java/com/ctrip/apollo/biz/service/ItemSetService.java b/apollo-biz/src/main/java/com/ctrip/apollo/biz/service/ItemSetService.java index b3ada646569eeabffdb5e5bbf77782abeb3e9b12..ab287be2c1221edd205147c86e155f38383179cf 100644 --- a/apollo-biz/src/main/java/com/ctrip/apollo/biz/service/ItemSetService.java +++ b/apollo-biz/src/main/java/com/ctrip/apollo/biz/service/ItemSetService.java @@ -21,15 +21,15 @@ public class ItemSetService { private AuditService auditService; @Transactional - public void updateSet(ItemChangeSets changeSet) { + public void updateSet(ItemChangeSets changeSet, String owner) { if (changeSet.getCreateItems() != null) { for (ItemDTO item : changeSet.getCreateItems()) { Item entity = BeanUtils.transfrom(Item.class, item); - entity.setDataChangeCreatedBy(changeSet.getModifyBy()); - entity.setDataChangeLastModifiedBy(changeSet.getModifyBy()); + entity.setDataChangeCreatedBy(owner); + entity.setDataChangeLastModifiedBy(owner); itemRepository.save(entity); } - auditService.audit("ItemSet", null, Audit.OP.INSERT, changeSet.getModifyBy()); + auditService.audit("ItemSet", null, Audit.OP.INSERT, owner); } if (changeSet.getUpdateItems() != null) { @@ -37,20 +37,20 @@ public class ItemSetService { Item entity = BeanUtils.transfrom(Item.class, item); Item managedItem = itemRepository.findOne(entity.getId()); BeanUtils.copyEntityProperties(entity, managedItem); - managedItem.setDataChangeLastModifiedBy(changeSet.getModifyBy()); + managedItem.setDataChangeLastModifiedBy(owner); itemRepository.save(managedItem); } - auditService.audit("ItemSet", null, Audit.OP.UPDATE, changeSet.getModifyBy()); + auditService.audit("ItemSet", null, Audit.OP.UPDATE, owner); } if (changeSet.getDeleteItems() != null) { for (ItemDTO item : changeSet.getDeleteItems()) { Item entity = BeanUtils.transfrom(Item.class, item); - entity.setDataChangeLastModifiedBy(changeSet.getModifyBy()); + entity.setDataChangeLastModifiedBy(owner); itemRepository.save(entity); itemRepository.delete(item.getId()); } - auditService.audit("ItemSet", null, Audit.OP.DELETE, changeSet.getModifyBy()); + auditService.audit("ItemSet", null, Audit.OP.DELETE, owner); } } } diff --git a/apollo-biz/src/test/java/com/ctrip/apollo/biz/service/AdminServiceTest.java b/apollo-biz/src/test/java/com/ctrip/apollo/biz/service/AdminServiceTest.java index fe1ad6c78a47c763e84a38c2ca3c8aa0abf0b0b1..38aa7aa3a4c161e4e934c615c95aef979936e1d1 100644 --- a/apollo-biz/src/test/java/com/ctrip/apollo/biz/service/AdminServiceTest.java +++ b/apollo-biz/src/test/java/com/ctrip/apollo/biz/service/AdminServiceTest.java @@ -59,9 +59,6 @@ public class AdminServiceTest { List audits = auditService.findByOwner(owner); Assert.assertEquals(4, audits.size()); - for(Audit audit : audits){ - System.out.println(audit); - } } } diff --git a/apollo-common/pom.xml b/apollo-common/pom.xml index 72de4c65d909dd5cdaac8ebc94f82c70fb9a031b..d87a21214783186406704c256e50c9fb37a2a5db 100644 --- a/apollo-common/pom.xml +++ b/apollo-common/pom.xml @@ -22,6 +22,10 @@ org.springframework.boot spring-boot-starter-web + + org.springframework.boot + spring-boot-starter-security + org.springframework.boot spring-boot-starter-actuator diff --git a/apollo-common/src/main/java/com/ctrip/apollo/common/controller/ActiveUser.java b/apollo-common/src/main/java/com/ctrip/apollo/common/controller/ActiveUser.java new file mode 100644 index 0000000000000000000000000000000000000000..2afeded5e25c5ae6e2b782fe3ff0f842ac46801e --- /dev/null +++ b/apollo-common/src/main/java/com/ctrip/apollo/common/controller/ActiveUser.java @@ -0,0 +1,17 @@ +package com.ctrip.apollo.common.controller; + +import java.lang.annotation.Documented; +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; + +import org.springframework.security.core.annotation.AuthenticationPrincipal; + +@Target({ElementType.PARAMETER, ElementType.TYPE}) +@Retention(RetentionPolicy.RUNTIME) +@Documented +@AuthenticationPrincipal +public @interface ActiveUser { + +} diff --git a/apollo-common/src/main/java/com/ctrip/apollo/common/controller/WebMvcConfig.java b/apollo-common/src/main/java/com/ctrip/apollo/common/controller/WebMvcConfig.java index 08cf32339d7b7f77d4a23c186507fa767c7ae095..dbeb437e0cc831e94d0d38fa4c4ae5f2ee24c418 100644 --- a/apollo-common/src/main/java/com/ctrip/apollo/common/controller/WebMvcConfig.java +++ b/apollo-common/src/main/java/com/ctrip/apollo/common/controller/WebMvcConfig.java @@ -15,11 +15,11 @@ public class WebMvcConfig extends WebMvcConfigurerAdapter { @Override public void addArgumentResolvers(List argumentResolvers) { + PageableHandlerMethodArgumentResolver pageResolver = + new PageableHandlerMethodArgumentResolver(); + pageResolver.setFallbackPageable(new PageRequest(0, 10)); - PageableHandlerMethodArgumentResolver resolver = new PageableHandlerMethodArgumentResolver(); - resolver.setFallbackPageable(new PageRequest(0, 10)); - - argumentResolvers.add(resolver); + argumentResolvers.add(pageResolver); } @Override diff --git a/apollo-common/src/main/java/com/ctrip/apollo/common/controller/WebSecurityConfig.java b/apollo-common/src/main/java/com/ctrip/apollo/common/controller/WebSecurityConfig.java new file mode 100644 index 0000000000000000000000000000000000000000..6fa24378805a7543659cfd6e1f225939ebbcf718 --- /dev/null +++ b/apollo-common/src/main/java/com/ctrip/apollo/common/controller/WebSecurityConfig.java @@ -0,0 +1,25 @@ +package com.ctrip.apollo.common.controller; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; + +@Configuration +@EnableWebSecurity +public class WebSecurityConfig extends WebSecurityConfigurerAdapter { + + @Override + protected void configure(HttpSecurity http) throws Exception { + http.httpBasic(); + http.csrf().disable(); + } + + @Autowired + public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { + auth.inMemoryAuthentication().withUser("user").password("").roles("USER").and() + .withUser("apollo").password("").roles("USER", "ADMIN"); + } +} diff --git a/apollo-core/src/main/java/com/ctrip/apollo/core/dto/ItemChangeSets.java b/apollo-core/src/main/java/com/ctrip/apollo/core/dto/ItemChangeSets.java index ebcbcfd130b553867f0b467514f97da196c8f47a..5935eeab1764d8d80392c2467644aa954a567e1d 100644 --- a/apollo-core/src/main/java/com/ctrip/apollo/core/dto/ItemChangeSets.java +++ b/apollo-core/src/main/java/com/ctrip/apollo/core/dto/ItemChangeSets.java @@ -8,7 +8,6 @@ import java.util.List; */ public class ItemChangeSets { - private String modifyBy; private List createItems = new LinkedList<>(); private List updateItems = new LinkedList<>(); private List deleteItems = new LinkedList<>(); @@ -49,12 +48,4 @@ public class ItemChangeSets { this.deleteItems = deleteItems; } - public String getModifyBy() { - return modifyBy; - } - - public void setModifyBy(String modifyBy) { - this.modifyBy = modifyBy; - } - } diff --git a/apollo-portal/src/main/java/com/ctrip/apollo/portal/service/ConfigService.java b/apollo-portal/src/main/java/com/ctrip/apollo/portal/service/ConfigService.java index 8e1a0a9c5262a4bc51871a716c707ce2dd177cb9..72edbfdfa41a90f51a465a164360bfc7bab28a67 100644 --- a/apollo-portal/src/main/java/com/ctrip/apollo/portal/service/ConfigService.java +++ b/apollo-portal/src/main/java/com/ctrip/apollo/portal/service/ConfigService.java @@ -147,7 +147,6 @@ public class ConfigService { ItemChangeSets changeSets = resolver.resolve(namespaceId, configText, itemAPI.findItems(appId, env, clusterName, namespaceName)); try { - changeSets.setModifyBy(model.getModifyBy()); enrichChangeSetBaseInfo(changeSets); itemAPI.updateItems(appId, env, clusterName, namespaceName, changeSets); } catch (Exception e) {