001/* 002 * (C) Copyright 2019 Nuxeo (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * Thomas Roger 018 */ 019 020package org.nuxeo.ecm.restapi.server.jaxrs.management; 021 022import static org.nuxeo.launcher.config.ConfigurationGenerator.PARAM_HTTP_PORT; 023 024import javax.servlet.ServletRequest; 025import javax.servlet.http.HttpServletRequest; 026import javax.servlet.http.HttpServletResponse; 027import javax.ws.rs.Path; 028import javax.ws.rs.PathParam; 029import javax.ws.rs.core.Context; 030 031import org.nuxeo.ecm.core.api.NuxeoException; 032import org.nuxeo.ecm.core.api.NuxeoPrincipal; 033import org.nuxeo.ecm.webengine.model.WebObject; 034import org.nuxeo.ecm.webengine.model.impl.AbstractResource; 035import org.nuxeo.ecm.webengine.model.impl.ResourceTypeImpl; 036import org.nuxeo.runtime.api.Framework; 037 038/** 039 * @since 11.3 040 */ 041@WebObject(type = "management") 042public class ManagementObject extends AbstractResource<ResourceTypeImpl> { 043 044 public static final String MANAGEMENT_OBJECT_PREFIX = "management/"; 045 046 protected static final String MANAGEMENT_API_HTTP_PORT_PROPERTY = "nuxeo.management.api.http.port"; 047 048 protected static final String MANAGEMENT_API_USER_PROPERTY = "nuxeo.management.api.user"; 049 050 @Context 051 protected HttpServletRequest request; 052 053 @Override 054 protected void initialize(Object... args) { 055 if (!requestIsOnConfiguredPort(request)) { 056 throw new NuxeoException(HttpServletResponse.SC_NOT_FOUND); 057 } else if (!isUserValid(request)) { 058 throw new NuxeoException(HttpServletResponse.SC_FORBIDDEN); 059 } 060 } 061 062 @Path("{path}") 063 public Object route(@PathParam("path") String path) { 064 return newObject(MANAGEMENT_OBJECT_PREFIX + path); 065 } 066 067 protected boolean requestIsOnConfiguredPort(ServletRequest request) { 068 int port = request.getLocalPort(); 069 String configPort = Framework.getProperty(MANAGEMENT_API_HTTP_PORT_PROPERTY, 070 Framework.getProperty(PARAM_HTTP_PORT)); 071 return Integer.parseInt(configPort) == port; 072 } 073 074 protected boolean isUserValid(HttpServletRequest request) { 075 if (!(request.getUserPrincipal() instanceof NuxeoPrincipal)) { 076 return false; 077 } 078 079 NuxeoPrincipal principal = (NuxeoPrincipal) request.getUserPrincipal(); 080 String managementUser = Framework.getProperty(MANAGEMENT_API_USER_PROPERTY); 081 return principal.getName().equals(managementUser) || principal.isAdministrator(); 082 } 083 084}