From 29123a8e00d86c291fbc8debf941d6d3ac7c905c Mon Sep 17 00:00:00 2001 From: Richard Eckart de Castilho Date: Sat, 9 Mar 2024 12:23:40 +0100 Subject: [PATCH] #4557 - Bulk process page should not show processes from other projects - After enabling method security, remove pointles preauthorize annotations --- inception/inception-curation/pom.xml | 4 -- .../service/CurationDocumentService.java | 2 - ...bsocketController_ViewportRoutingTest.java | 20 ++++----- .../documents/api/DocumentService.java | 14 ++---- .../documents/DocumentServiceImpl.java | 45 ++++++++++--------- inception/inception-project-api/pom.xml | 5 --- .../inception/project/api/ProjectService.java | 3 -- inception/inception-schema-api/pom.xml | 4 -- .../schema/api/AnnotationSchemaService.java | 6 --- 9 files changed, 34 insertions(+), 69 deletions(-) diff --git a/inception/inception-curation/pom.xml b/inception/inception-curation/pom.xml index e1e27c5cddd..6ff662d8289 100644 --- a/inception/inception-curation/pom.xml +++ b/inception/inception-curation/pom.xml @@ -114,10 +114,6 @@ org.springframework spring-core - - org.springframework.security - spring-security-core - org.springframework.boot spring-boot-autoconfigure diff --git a/inception/inception-curation/src/main/java/de/tudarmstadt/ukp/inception/curation/service/CurationDocumentService.java b/inception/inception-curation/src/main/java/de/tudarmstadt/ukp/inception/curation/service/CurationDocumentService.java index e091ed2f80e..a85fb3a667e 100644 --- a/inception/inception-curation/src/main/java/de/tudarmstadt/ukp/inception/curation/service/CurationDocumentService.java +++ b/inception/inception-curation/src/main/java/de/tudarmstadt/ukp/inception/curation/service/CurationDocumentService.java @@ -23,7 +23,6 @@ import org.apache.uima.UIMAException; import org.apache.uima.cas.CAS; -import org.springframework.security.access.prepost.PreAuthorize; import de.tudarmstadt.ukp.clarin.webanno.api.casstorage.ConcurentCasModificationException; import de.tudarmstadt.ukp.clarin.webanno.model.AnnotationDocument; @@ -50,7 +49,6 @@ public interface CurationDocumentService * @throws IOException * if an I/O error occurs. */ - @PreAuthorize("hasAnyRole('ROLE_ADMIN','ROLE_USER')") void writeCurationCas(CAS aCas, SourceDocument document, boolean aUpdateTimestamp) throws IOException; diff --git a/inception/inception-diam/src/test/java/de/tudarmstadt/ukp/inception/diam/service/DiamWebsocketController_ViewportRoutingTest.java b/inception/inception-diam/src/test/java/de/tudarmstadt/ukp/inception/diam/service/DiamWebsocketController_ViewportRoutingTest.java index fc8513b2e10..220cc88a3b2 100644 --- a/inception/inception-diam/src/test/java/de/tudarmstadt/ukp/inception/diam/service/DiamWebsocketController_ViewportRoutingTest.java +++ b/inception/inception-diam/src/test/java/de/tudarmstadt/ukp/inception/diam/service/DiamWebsocketController_ViewportRoutingTest.java @@ -219,22 +219,18 @@ public void tearDown() @Test public void thatViewportBasedMessageRoutingWorks() throws Exception { - CountDownLatch subscriptionDone = new CountDownLatch(2); - CountDownLatch initDone = new CountDownLatch(2); + var subscriptionDone = new CountDownLatch(2); + var initDone = new CountDownLatch(2); - ViewportDefinition vpd1 = new ViewportDefinition(testAnnotationDocument, 10, 20, - FORMAT_LEGACY); - ViewportDefinition vpd2 = new ViewportDefinition(testAnnotationDocument, 30, 40, - FORMAT_LEGACY); + var vpd1 = new ViewportDefinition(testAnnotationDocument, 10, 20, FORMAT_LEGACY); + var vpd2 = new ViewportDefinition(testAnnotationDocument, 30, 40, FORMAT_LEGACY); var sessionHandler1 = new SessionHandler(subscriptionDone, initDone, vpd1); var sessionHandler2 = new SessionHandler(subscriptionDone, initDone, vpd2); // try { - StompSession session1 = stompClient.connect(websocketUrl, sessionHandler1).get(1000, - SECONDS); - StompSession session2 = stompClient.connect(websocketUrl, sessionHandler2).get(1000, - SECONDS); + var session1 = stompClient.connect(websocketUrl, sessionHandler1).get(1000, SECONDS); + var session2 = stompClient.connect(websocketUrl, sessionHandler2).get(1000, SECONDS); // } // catch (Exception e) { // Thread.sleep(Duration.of(3, ChronoUnit.HOURS).toMillis()); @@ -341,7 +337,7 @@ public ApplicationContextProvider applicationContextProvider() public DaoAuthenticationProvider internalAuthenticationProvider(PasswordEncoder aEncoder, @Lazy UserDetailsManager aUserDetailsManager) { - DaoAuthenticationProvider authProvider = new InceptionDaoAuthenticationProvider(); + var authProvider = new InceptionDaoAuthenticationProvider(); authProvider.setUserDetailsService(aUserDetailsManager); authProvider.setPasswordEncoder(aEncoder); return authProvider; @@ -362,7 +358,7 @@ public String getId() @Override public void render(VDocument aResponse, RenderRequest aRequest) { - AnnotationLayer layer = new AnnotationLayer(); + var layer = new AnnotationLayer(); layer.setId(1l); aResponse.add( new VSpan(layer, new VID(1), new VRange(aRequest.getWindowBeginOffset(), diff --git a/inception/inception-documents-api/src/main/java/de/tudarmstadt/ukp/inception/documents/api/DocumentService.java b/inception/inception-documents-api/src/main/java/de/tudarmstadt/ukp/inception/documents/api/DocumentService.java index 55cd522358d..de305cf7d88 100644 --- a/inception/inception-documents-api/src/main/java/de/tudarmstadt/ukp/inception/documents/api/DocumentService.java +++ b/inception/inception-documents-api/src/main/java/de/tudarmstadt/ukp/inception/documents/api/DocumentService.java @@ -32,7 +32,6 @@ import org.apache.uima.cas.CAS; import org.apache.uima.resource.metadata.TypeSystemDescription; import org.apache.wicket.validation.ValidationError; -import org.springframework.security.access.prepost.PreAuthorize; import de.tudarmstadt.ukp.clarin.webanno.api.casstorage.CasAccessMode; import de.tudarmstadt.ukp.clarin.webanno.api.casstorage.CasUpgradeMode; @@ -71,7 +70,6 @@ public interface DocumentService * {@link SourceDocument} to be created * @return the source document */ - @PreAuthorize("hasAnyRole('ROLE_ADMIN','ROLE_USER','ROLE_REMOTE')") SourceDocument createSourceDocument(SourceDocument document); /** @@ -148,7 +146,6 @@ List listSourceDocumentsInState(Project aProject, * @throws IOException * If the source document searched for deletion is not available */ - @PreAuthorize("hasAnyRole('ROLE_ADMIN','ROLE_USER', 'ROLE_REMOTE')") void removeSourceDocument(SourceDocument document) throws IOException; /** @@ -164,7 +161,6 @@ List listSourceDocumentsInState(Project aProject, * @throws UIMAException * if a conversion error occurs. */ - @PreAuthorize("hasAnyRole('ROLE_ADMIN','ROLE_USER','ROLE_REMOTE')") void uploadSourceDocument(InputStream file, SourceDocument document) throws IOException, UIMAException; @@ -184,7 +180,6 @@ void uploadSourceDocument(InputStream file, SourceDocument document) * @throws UIMAException * if a conversion error occurs. */ - @PreAuthorize("hasAnyRole('ROLE_ADMIN','ROLE_USER','ROLE_REMOTE')") void uploadSourceDocument(InputStream file, SourceDocument document, TypeSystemDescription aFullProjectTypeSystem) throws IOException, UIMAException; @@ -208,7 +203,6 @@ SourceDocumentState setSourceDocumentState(SourceDocument aDocument, * and id of {@link User} * @return the annotation document. */ - @PreAuthorize("hasAnyRole('ROLE_ADMIN','ROLE_USER')") AnnotationDocument createAnnotationDocument(AnnotationDocument annotationDocument); /** @@ -224,7 +218,6 @@ SourceDocumentState setSourceDocumentState(SourceDocument aDocument, * @throws IOException * if an I/O error occurs. */ - @PreAuthorize("hasAnyRole('ROLE_ADMIN','ROLE_USER')") void writeAnnotationCas(CAS aCas, AnnotationDocument aAnnotationDocument, boolean aExplicitAnnotatorUserAction) throws IOException; @@ -244,7 +237,6 @@ void writeAnnotationCas(CAS aCas, AnnotationDocument aAnnotationDocument, * @throws IOException * if an I/O error occurs. */ - @PreAuthorize("hasAnyRole('ROLE_ADMIN','ROLE_USER')") void writeAnnotationCas(CAS aCas, SourceDocument aDocument, User aUser, boolean aExplicitAnnotatorUserAction) throws IOException; @@ -282,7 +274,6 @@ void writeAnnotationCas(CAS aCas, SourceDocument aDocument, String aUser, * @throws IOException * if an I/O error occurs. */ - @PreAuthorize("hasAnyRole('ROLE_ADMIN','ROLE_USER')") void resetAnnotationCas(SourceDocument aDocument, User aUser, AnnotationDocumentStateChangeFlag... aFlags) throws UIMAException, IOException; @@ -528,10 +519,11 @@ CAS createOrReadInitialCas(SourceDocument aDocument, CasUpgradeMode aUpgradeMode * @param document * The {@link SourceDocument} to be examined * @return the file size of the initial CAS for the given source document. - * @throws IOException accessing the file. + * @throws IOException + * accessing the file. */ Optional getInitialCasFileSize(SourceDocument document) throws IOException; - + /** * List all the {@link AnnotationDocument annotation documents} in a given project. *

diff --git a/inception/inception-documents/src/main/java/de/tudarmstadt/ukp/inception/documents/DocumentServiceImpl.java b/inception/inception-documents/src/main/java/de/tudarmstadt/ukp/inception/documents/DocumentServiceImpl.java index 2aa6831c5f8..1bce932231a 100644 --- a/inception/inception-documents/src/main/java/de/tudarmstadt/ukp/inception/documents/DocumentServiceImpl.java +++ b/inception/inception-documents/src/main/java/de/tudarmstadt/ukp/inception/documents/DocumentServiceImpl.java @@ -219,7 +219,7 @@ public void exportSourceDocuments(OutputStream os, List selected { try (var zos = new ZipOutputStream(os)) { for (var doc : selectedDocuments) { - try (InputStream dis = new FileInputStream(getSourceDocumentFile(doc))) { + try (var dis = new FileInputStream(getSourceDocumentFile(doc))) { zos.putNextEntry(new ZipEntry(doc.getName())); IOUtils.copyLarge(dis, zos); } @@ -273,8 +273,9 @@ public boolean existsAnnotationDocument(SourceDocument aDocument, String aUserna "FROM AnnotationDocument WHERE project = :project " + " AND document = :document AND user = :user", AnnotationDocument.class) - .setParameter("project", aDocument.getProject()) - .setParameter("document", aDocument).setParameter("user", aUsername) + .setParameter("project", aDocument.getProject()) // + .setParameter("document", aDocument) // + .setParameter("user", aUsername) // .getSingleResult(); return true; } @@ -299,9 +300,8 @@ public AnnotationDocument createAnnotationDocument(AnnotationDocument aAnnotatio return aAnnotationDocument; } - else { - return entityManager.merge(aAnnotationDocument); - } + + return entityManager.merge(aAnnotationDocument); } // NO TRANSACTION REQUIRED - This does not do any should not do a database access, so we do not @@ -332,7 +332,8 @@ public boolean existsSourceDocument(Project aProject) var query = cb.createQuery(Long.class); var doc = query.from(SourceDocument.class); - query.select(cb.count(doc)).where(cb.equal(doc.get(SourceDocument_.project), aProject)); + query.select(cb.count(doc)) // + .where(cb.equal(doc.get(SourceDocument_.project), aProject)); return entityManager.createQuery(query).getSingleResult() > 0; } @@ -344,12 +345,12 @@ public boolean existsSourceDocument(Project aProject, String aFileName) Validate.notNull(aProject, "Project must be specified"); Validate.notBlank(aFileName, "File name must be specified"); - String query = String.join("\n", // + var query = String.join("\n", // "SELECT COUNT(*)", // "FROM SourceDocument", // "WHERE project = :project AND name =:name "); - long count = entityManager.createQuery(query, Long.class) // + var count = entityManager.createQuery(query, Long.class) // .setParameter("project", aProject) // .setParameter("name", aFileName) // .getSingleResult(); @@ -383,10 +384,10 @@ public List createOrGetAnnotationDocuments(SourceDocument aD return emptyList(); } - Set usersWithoutAnnotationDocument = new HashSet<>(); + var usersWithoutAnnotationDocument = new HashSet(); aUsers.forEach(user -> usersWithoutAnnotationDocument.add(user.getUsername())); - List annDocs = listAnnotationDocuments(aDocument); + var annDocs = listAnnotationDocuments(aDocument); annDocs.stream().forEach(annDoc -> usersWithoutAnnotationDocument.remove(annDoc.getUser())); for (var user : usersWithoutAnnotationDocument) { @@ -410,11 +411,11 @@ public List createOrGetAnnotationDocuments( return emptyList(); } - Project project = aDocuments.iterator().next().getProject(); - Set sourceDocsWithoutAnnotationDocument = new HashSet<>(); + var project = aDocuments.iterator().next().getProject(); + var sourceDocsWithoutAnnotationDocument = new HashSet(); aDocuments.forEach(srcDoc -> sourceDocsWithoutAnnotationDocument.add(srcDoc)); - List annDocs = listAnnotationDocuments(project, aUser); + var annDocs = listAnnotationDocuments(project, aUser); annDocs.stream().forEach( annDoc -> sourceDocsWithoutAnnotationDocument.remove(annDoc.getDocument())); @@ -541,13 +542,13 @@ public boolean existsFinishedAnnotation(SourceDocument aDocument) { Validate.notNull(aDocument, "Source document must be specified"); - String query = join("\n", // + var query = join("\n", // "SELECT COUNT(*) ", // "FROM AnnotationDocument ", // "WHERE document = :document AND state = :state"); - long count = entityManager.createQuery(query, Long.class) - .setParameter("document", aDocument) + var count = entityManager.createQuery(query, Long.class) // + .setParameter("document", aDocument) // .setParameter("state", AnnotationDocumentState.FINISHED) // .getSingleResult(); @@ -560,12 +561,12 @@ public boolean existsFinishedAnnotation(Project aProject) { Validate.notNull(aProject, "Project must be specified"); - String query = join("\n", // + var query = join("\n", // "SELECT COUNT(*) ", // "FROM AnnotationDocument ", // "WHERE document.project = :project AND state = :state"); - long count = entityManager.createQuery(query, Long.class) // + var count = entityManager.createQuery(query, Long.class) // .setParameter("project", aProject) // .setParameter("state", AnnotationDocumentState.FINISHED) // .getSingleResult(); @@ -579,7 +580,7 @@ public List listFinishedAnnotationDocuments(Project aProject Validate.notNull(aProject, "Project must be specified"); // Get all annotators in the project - List users = getAllAnnotators(aProject); + var users = getAllAnnotators(aProject); // Bail out already. HQL doesn't seem to like queries with an empty // parameter right of "in" @@ -606,7 +607,7 @@ public List listFinishedAnnotationDocuments(SourceDocument a Validate.notNull(aDocument, "Source document must be specified"); // Get all annotators in the project - List users = getAllAnnotators(aDocument.getProject()); + var users = getAllAnnotators(aDocument.getProject()); // Bail out already. HQL doesn't seem to like queries with an empty parameter right of "in" if (users.isEmpty()) { return new ArrayList<>(); @@ -647,7 +648,7 @@ public List listSourceDocumentsInState(Project aProject, Validate.notNull(aStates, "States must be specified"); Validate.notEmpty(aStates, "States must not be an empty list"); - String query = String.join("\n", // + var query = String.join("\n", // "FROM SourceDocument", // "WHERE project =:project", // "AND state IN (:states)", // diff --git a/inception/inception-project-api/pom.xml b/inception/inception-project-api/pom.xml index e86306afe7e..c084cb39241 100644 --- a/inception/inception-project-api/pom.xml +++ b/inception/inception-project-api/pom.xml @@ -52,14 +52,9 @@ commons-lang3 - org.springframework spring-context - - org.springframework.security - spring-security-core - \ No newline at end of file diff --git a/inception/inception-project-api/src/main/java/de/tudarmstadt/ukp/inception/project/api/ProjectService.java b/inception/inception-project-api/src/main/java/de/tudarmstadt/ukp/inception/project/api/ProjectService.java index c422496f854..18eb89321a4 100644 --- a/inception/inception-project-api/src/main/java/de/tudarmstadt/ukp/inception/project/api/ProjectService.java +++ b/inception/inception-project-api/src/main/java/de/tudarmstadt/ukp/inception/project/api/ProjectService.java @@ -31,7 +31,6 @@ import org.apache.commons.lang3.Validate; import org.slf4j.MDC; -import org.springframework.security.access.prepost.PreAuthorize; import de.tudarmstadt.ukp.clarin.webanno.model.AnnotationLayer; import de.tudarmstadt.ukp.clarin.webanno.model.PermissionLevel; @@ -66,7 +65,6 @@ public interface ProjectService * @deprecated Use {@link #assignRole(Project, User, PermissionLevel...)} instead. */ @Deprecated - @PreAuthorize("hasAnyRole('ROLE_ADMIN','ROLE_USER', 'ROLE_REMOTE')") void createProjectPermission(ProjectPermission aPermission); /** @@ -349,7 +347,6 @@ List listProjectsWithUserHavingRole(User aUser, PermissionLevel aRole, * @throws IOException * if the project to be deleted is not available in the file system */ - @PreAuthorize("hasAnyRole('ROLE_ADMIN','ROLE_USER')") void removeProject(Project aProject) throws IOException; /** diff --git a/inception/inception-schema-api/pom.xml b/inception/inception-schema-api/pom.xml index 709e56334a2..9f1de19819e 100644 --- a/inception/inception-schema-api/pom.xml +++ b/inception/inception-schema-api/pom.xml @@ -64,10 +64,6 @@ org.springframework spring-context - - org.springframework.security - spring-security-core - org.slf4j diff --git a/inception/inception-schema-api/src/main/java/de/tudarmstadt/ukp/inception/schema/api/AnnotationSchemaService.java b/inception/inception-schema-api/src/main/java/de/tudarmstadt/ukp/inception/schema/api/AnnotationSchemaService.java index 6d56e8bb5cc..65b9fb11be4 100644 --- a/inception/inception-schema-api/src/main/java/de/tudarmstadt/ukp/inception/schema/api/AnnotationSchemaService.java +++ b/inception/inception-schema-api/src/main/java/de/tudarmstadt/ukp/inception/schema/api/AnnotationSchemaService.java @@ -28,7 +28,6 @@ import org.apache.uima.resource.ResourceInitializationException; import org.apache.uima.resource.metadata.TypeSystemDescription; import org.apache.wicket.validation.ValidationError; -import org.springframework.security.access.prepost.PreAuthorize; import de.tudarmstadt.ukp.clarin.webanno.api.casstorage.CasUpgradeMode; import de.tudarmstadt.ukp.clarin.webanno.api.type.CASMetadata; @@ -64,7 +63,6 @@ public interface AnnotationSchemaService * @param tag * the tag. */ - @PreAuthorize("hasAnyRole('ROLE_ADMIN','ROLE_USER')") void createTag(Tag tag); /** @@ -74,7 +72,6 @@ public interface AnnotationSchemaService * @param tag * the tag. */ - @PreAuthorize("hasAnyRole('ROLE_ADMIN','ROLE_USER')") void createTags(Tag... tag); void updateTagRanks(TagSet aTagSet, List aTags); @@ -87,7 +84,6 @@ public interface AnnotationSchemaService * @param tagset * the tagset. */ - @PreAuthorize("hasAnyRole('ROLE_ADMIN','ROLE_USER')") void createTagSet(TagSet tagset); /** @@ -99,7 +95,6 @@ public interface AnnotationSchemaService * @param type * the type. */ - @PreAuthorize("hasAnyRole('ROLE_ADMIN','ROLE_USER')") void createOrUpdateLayer(AnnotationLayer type); void createFeature(AnnotationFeature feature); @@ -444,7 +439,6 @@ public interface AnnotationSchemaService * @param tag * the tag. */ - @PreAuthorize("hasAnyRole('ROLE_ADMIN','ROLE_USER')") void removeTag(Tag tag); /**