From 67dfae84240e12a1dd44fb9b5c7eeb2aedbb4aa2 Mon Sep 17 00:00:00 2001 From: Simone Lindner Date: Tue, 26 Sep 2023 14:37:31 +0200 Subject: [PATCH] getDescription request updated to new API version 3.0.1. Also readability restricted to user with view-role --- .../AssetAdministrationShellApiDelegate.java | 7 +-- .../security/OAuthSecurityConfig.java | 3 ++ .../static/aas-registry-openapi.yaml | 37 +++++++------- ...setAdministrationShellApiSecurityTest.java | 51 +++++++++++++++++++ .../AssetAdministrationShellApiTest.java | 16 ++++++ 5 files changed, 93 insertions(+), 21 deletions(-) diff --git a/backend/src/main/java/org/eclipse/tractusx/semantics/registry/controller/AssetAdministrationShellApiDelegate.java b/backend/src/main/java/org/eclipse/tractusx/semantics/registry/controller/AssetAdministrationShellApiDelegate.java index 19293732..b695c31c 100644 --- a/backend/src/main/java/org/eclipse/tractusx/semantics/registry/controller/AssetAdministrationShellApiDelegate.java +++ b/backend/src/main/java/org/eclipse/tractusx/semantics/registry/controller/AssetAdministrationShellApiDelegate.java @@ -21,6 +21,7 @@ import java.util.*; +import org.eclipse.tractusx.semantics.RegistryProperties; import org.eclipse.tractusx.semantics.aas.registry.api.DescriptionApiDelegate; import org.eclipse.tractusx.semantics.aas.registry.api.LookupApiDelegate; import org.eclipse.tractusx.semantics.aas.registry.api.ShellDescriptorsApiDelegate; @@ -48,7 +49,7 @@ public class AssetAdministrationShellApiDelegate implements DescriptionApiDelega public AssetAdministrationShellApiDelegate(final ShellService shellService, final ShellMapper shellMapper, - final SubmodelMapper submodelMapper) { + final SubmodelMapper submodelMapper ) { this.shellService = shellService; this.shellMapper = shellMapper; this.submodelMapper = submodelMapper; @@ -61,9 +62,9 @@ public Optional getRequest() { @Override public ResponseEntity getDescription() { + ServiceDescription serviceDescription = new ServiceDescription(); - serviceDescription.setProfiles( List.of( ServiceDescription.ProfilesEnum.ASSETADMINISTRATIONSHELLREPOSITORYSERVICESPECIFICATION_V3_0_MINIMALPROFILE, - ServiceDescription.ProfilesEnum.REGISTRYSERVICESPECIFICATION_V3_0) ); + serviceDescription.setProfiles( List.of( ServiceDescription.ProfilesEnum.ASSETADMINISTRATIONSHELLREGISTRYSERVICESPECIFICATION_SSP_001, ServiceDescription.ProfilesEnum.DISCOVERYSERVICESPECIFICATION_SSP_001) ); return new ResponseEntity<>( serviceDescription, HttpStatus.OK ); } diff --git a/backend/src/main/java/org/eclipse/tractusx/semantics/registry/security/OAuthSecurityConfig.java b/backend/src/main/java/org/eclipse/tractusx/semantics/registry/security/OAuthSecurityConfig.java index 95fa1e3d..d74414f4 100644 --- a/backend/src/main/java/org/eclipse/tractusx/semantics/registry/security/OAuthSecurityConfig.java +++ b/backend/src/main/java/org/eclipse/tractusx/semantics/registry/security/OAuthSecurityConfig.java @@ -64,6 +64,9 @@ protected SecurityFilterChain configure(HttpSecurity http) throws Exception { .requestMatchers( HttpMethod.POST, "/**/lookup/**" ).access( "@authorizationEvaluator.hasRoleAddDigitalTwin()" ) .requestMatchers( HttpMethod.PUT, "/**/lookup/**" ).access( "@authorizationEvaluator.hasRoleUpdateDigitalTwin()" ) .requestMatchers( HttpMethod.DELETE, "/**/lookup/**" ).access( "@authorizationEvaluator.hasRoleDeleteDigitalTwin()" ) + + //getDescription allowed for reader + .requestMatchers( HttpMethod.GET, "/**/description" ).access( "@authorizationEvaluator.hasRoleViewDigitalTwin()" ) ) .csrf().disable() .sessionManagement().sessionCreationPolicy( SessionCreationPolicy.STATELESS ) diff --git a/backend/src/main/resources/static/aas-registry-openapi.yaml b/backend/src/main/resources/static/aas-registry-openapi.yaml index d85642f9..83a5a96a 100644 --- a/backend/src/main/resources/static/aas-registry-openapi.yaml +++ b/backend/src/main/resources/static/aas-registry-openapi.yaml @@ -1502,29 +1502,30 @@ components: properties: profiles: minItems: 1 - maxItems: 10000 type: array items: type: string enum: - - AssetAdministrationShellServiceSpecification/V3.0 - - AssetAdministrationShellServiceSpecification/V3.0-MinimalProfile - - SubmodelServiceSpecification/V3.0 - - SubmodelServiceSpecification/V3.0-ValueProfile - - SubmodelServiceSpecification/V3.0-MinimalProfile - - AasxFileServerServiceSpecification/V3.0 - - RegistryServiceSpecification/V3.0 - - RegistryServiceSpecification/V3.0- AssetAdministrationShellRegistry - - RegistryServiceSpecification/V3.0-SubmodelRegistry - - RepositoryServiceSpecification/V3.0 - - RepositoryServiceSpecification/V3.0-MinimalProfile - - AssetAdministrationShellRepositoryServiceSpecification/V3.0 - - AssetAdministrationShellRepositoryServiceSpecification/V3.0-MinimalProfile - - SubmodelRepositoryServiceSpecification/V3.0 - - SubmodelRepositoryServiceSpecification/V3.0-MinimalProfile - - RegistryAndDiscoveryServiceSpecification/V3.0 + - https://admin-shell.io/aas/API/3/0/AssetAdministrationShellServiceSpecification/SSP-001 + - https://admin-shell.io/aas/API/3/0/AssetAdministrationShellServiceSpecification/SSP-002 + - https://admin-shell.io/aas/API/3/0/SubmodelServiceSpecification/SSP-001 + - https://admin-shell.io/aas/API/3/0/SubmodelServiceSpecification/SSP-002 + - https://admin-shell.io/aas/API/3/0/SubmodelServiceSpecification/SSP-003 + - https://admin-shell.io/aas/API/3/0/AasxFileServerServiceSpecification/SSP-001 + - https://admin-shell.io/aas/API/3/0/AssetAdministrationShellRegistryServiceSpecification/SSP-001 + - https://admin-shell.io/aas/API/3/0/AssetAdministrationShellRegistryServiceSpecification/SSP-002 + - https://admin-shell.io/aas/API/3/0/SubmodelRegistryServiceSpecification/SSP-001 + - https://admin-shell.io/aas/API/3/0/SubmodelRegistryServiceSpecification/SSP-002 + - https://admin-shell.io/aas/API/3/0/DiscoveryServiceSpecification/SSP-001 + - https://admin-shell.io/aas/API/3/0/AssetAdministrationShellRepositoryServiceSpecification/SSP-001 + - https://admin-shell.io/aas/API/3/0/AssetAdministrationShellRepositoryServiceSpecification/SSP-002 + - https://admin-shell.io/aas/API/3/0/SubmodelRepositoryServiceSpecification/SSP-001 + - https://admin-shell.io/aas/API/3/0/SubmodelRepositoryServiceSpecification/SSP-002 + - https://admin-shell.io/aas/API/3/0/SubmodelRepositoryServiceSpecification/SSP-003 + - https://admin-shell.io/aas/API/3/0/SubmodelRepositoryServiceSpecification/SSP-004 + - https://admin-shell.io/aas/API/3/0/ConceptDescriptionServiceSpecification/SSP-001 description: "The Description object enables servers to present their capabilities to the clients, in particular which profiles they implement. At least one defined profile is required. Additional, proprietary attributes might be included. Nevertheless, the server must not expect that a regular client understands them." - example: { "profiles": [ "RepositoryServiceSpecification/V3.0-MinimalProfile", "RegistryServiceSpecification/V3.0" ] } + example: { "profiles": ["https://admin-shell.io/aas/API/3/0/AssetAdministrationShellRegistryServiceSpecification/SSP-002", "https://admin-shell.io/aas/API/3/0/SubmodelRegistryServiceSpecification/SSP-002"] } PagedResult_paging_metadata: type: object properties: diff --git a/backend/src/test/java/org/eclipse/tractusx/semantics/registry/AssetAdministrationShellApiSecurityTest.java b/backend/src/test/java/org/eclipse/tractusx/semantics/registry/AssetAdministrationShellApiSecurityTest.java index b0c06d85..dcc48c16 100644 --- a/backend/src/test/java/org/eclipse/tractusx/semantics/registry/AssetAdministrationShellApiSecurityTest.java +++ b/backend/src/test/java/org/eclipse/tractusx/semantics/registry/AssetAdministrationShellApiSecurityTest.java @@ -1243,4 +1243,55 @@ public void testGetAllShellByExternalIdWithPublicAccessByTenantId() throws Excep .andExpect(jsonPath("$.specificAssetIds[*]").exists()); } } + @Nested + @DisplayName( "Description Authentication Tests" ) + class DescriptionApiTest { + + @Test + public void testGetDescriptionOnlyDeleteRoleExpectForbidden() throws Exception { + mvc.perform( + MockMvcRequestBuilders + .get( "/api/v3.0/description" ) + .accept( MediaType.APPLICATION_JSON ) + .with( jwtTokenFactory.deleteTwin() ) + ) + .andDo( MockMvcResultHandlers.print() ) + .andExpect(status().isForbidden()); + } + + @Test + public void testGetDescriptionNoRoleExpectForbidden() throws Exception { + mvc.perform( + MockMvcRequestBuilders + .get( "/api/v3.0/description" ) + .accept( MediaType.APPLICATION_JSON ) + .with( jwtTokenFactory.withoutRoles() ) + ) + .andDo( MockMvcResultHandlers.print() ) + .andExpect(status().isForbidden()); + } + + @Test + public void testGetDescriptionReadRoleExpectSuccess() throws Exception { + mvc.perform( + MockMvcRequestBuilders + .get( "/api/v3.0/description" ) + .accept( MediaType.APPLICATION_JSON ) + .with( jwtTokenFactory.readTwin() ) + ) + .andDo( MockMvcResultHandlers.print() ) + .andExpect(status().isOk()); + } + + @Test + public void testGetDescriptionReadRoleExpectUnauthorized() throws Exception { + mvc.perform( + MockMvcRequestBuilders + .get( "/api/v3.0/description" ) + .accept( MediaType.APPLICATION_JSON ) + ) + .andDo( MockMvcResultHandlers.print() ) + .andExpect(status().isUnauthorized()); + } + } } diff --git a/backend/src/test/java/org/eclipse/tractusx/semantics/registry/AssetAdministrationShellApiTest.java b/backend/src/test/java/org/eclipse/tractusx/semantics/registry/AssetAdministrationShellApiTest.java index 361bb0f3..0f7cb207 100644 --- a/backend/src/test/java/org/eclipse/tractusx/semantics/registry/AssetAdministrationShellApiTest.java +++ b/backend/src/test/java/org/eclipse/tractusx/semantics/registry/AssetAdministrationShellApiTest.java @@ -992,4 +992,20 @@ public void testFetchShellsByMultipleIdentificationsExpectSuccessExpectSuccess() } } + @Nested + @DisplayName( "Description Tests" ) + class DescriptionApiTest { + @Test + public void testGetDescriptionExpectSuccess() throws Exception { + mvc.perform( + MockMvcRequestBuilders + .get( "/api/v3.0/description" ) + .accept( MediaType.APPLICATION_JSON ) + .with( jwtTokenFactory.allRoles() ) + ) + .andDo( MockMvcResultHandlers.print() ) + .andExpect( status().isOk() ) + .andExpect( jsonPath( "$.profiles[0]", is( "https://admin-shell.io/aas/API/3/0/AssetAdministrationShellRegistryServiceSpecification/SSP-001" ) ) ); + } + } } \ No newline at end of file