+ * The AASXToMetamodelConverter implements the AutoCloseable interface, indicating that it manages
+ * resources that need to be released after usage. To ensure proper resource cleanup,
+ * it is recommended to use one of the following approaches:
+ *
+ * 1. Try-with-resources
+ * 2. Finally block
+ * 3. Explicitly calling close {@link AASXToMetamodelConverter#close()}
+ *
+ * Please choose the appropriate method based on your specific use case to ensure
+ * proper resource management and cleanup.
+ *
+ *
+ *
* @author zhangzai, conradi, danish
*
*/
-public class AASXToMetamodelConverter {
+public class AASXToMetamodelConverter implements AutoCloseable {
private static final String XML_TYPE = "http://www.admin-shell.io/aasx/relationships/aas-spec";
private static final String AASX_ORIGIN = "/aasx/aasx-origin";
@@ -91,33 +105,27 @@ public class AASXToMetamodelConverter {
public AASXToMetamodelConverter(String path) {
this.aasxPath = path;
+ loadAASX();
}
public AASXToMetamodelConverter(InputStream stream) {
this.aasxInputStream = stream;
+ loadAASX();
}
public AasEnv retrieveAasEnv() throws ParserConfigurationException, SAXException, IOException, InvalidFormatException {
if (aasEnv != null) {
return aasEnv;
}
-
- loadAASX();
-
+
String xmlContent = getXMLResourceString(aasxRoot);
XMLToMetamodelConverter converter = new XMLToMetamodelConverter(xmlContent);
- closeOPCPackage();
+
return converter.parseAasEnv();
}
- public InputStream retrieveThumbnail() throws IOException, InvalidFormatException {
- loadAASX();
-
- InputStream thumbnailStream = getThumbnailStream(aasxRoot);
-
- closeOPCPackage();
-
- return thumbnailStream;
+ public InputStream retrieveThumbnail() throws IOException {
+ return getThumbnailStream(aasxRoot);
}
@SuppressWarnings("unchecked")
@@ -128,38 +136,44 @@ public Set retrieveAASBundles() throws IOException, Par
return (Set) bundles;
}
- loadAASX();
-
AasEnv localAasEnv = retrieveAasEnv();
bundles = new AASBundleFactory().create(localAasEnv.getAssetAdministrationShells(), localAasEnv.getSubmodels(), localAasEnv.getAssets());
- closeOPCPackage();
-
return (Set) bundles;
}
public InputStream retrieveFileInputStream(String path) throws InvalidFormatException, IOException {
- loadAASX();
PackagePart filePart = aasxRoot.getPart(PackagingURIHelper.createPartName(path));
- closeOPCPackage();
+
return filePart.getInputStream();
}
- private void loadAASX() throws IOException, InvalidFormatException {
- if (aasxInputStream == null) {
- aasxInputStream = FileLoaderHelper.getInputStream(aasxPath);
+ /**
+ * Closes the resources associated with the AASXToMetamodelConverter instance.
+ * After calling this method, the instance becomes unusable and subsequent method
+ * invocations may result in undefined behavior.
+ *
+ */
+ @Override
+ public void close() {
+ try {
+ aasxRoot.close();
+ } catch (IOException e) {
+ e.printStackTrace();
+ logger.error("Error clearing the resource OPCPackage");
}
-
- if (aasxRoot == null) {
- aasxRoot = OPCPackage.open(aasxInputStream);
+
+ if (aasxInputStream != null) {
+ try {
+ aasxInputStream.close();
+ } catch (IOException e) {
+ e.printStackTrace();
+ logger.error("Error clearing the resource InputStream");
+ }
}
}
- private void closeOPCPackage() throws IOException {
- aasxRoot.close();
- }
-
/**
* Return the Content of the XML file in the aasx-package as String
*
@@ -283,6 +297,15 @@ public void unzipRelatedFiles() throws IOException, ParserConfigurationException
unzipRelatedFiles(getTemporaryDirPath());
}
+ /**
+ * Unzips all files referenced by the aasx file according to its relationships
+ * and a relative child path
+ */
+ public void unzipRelatedFilesToChildPath(String childPath) throws IOException, ParserConfigurationException, SAXException, URISyntaxException, InvalidFormatException {
+ Path tempPath = getTemporaryDirPath().resolve(childPath);
+ unzipRelatedFiles(tempPath);
+ }
+
/**
* Unzips all files referenced by the aasx file to a specified directory
*
@@ -294,14 +317,12 @@ public void unzipRelatedFiles() throws IOException, ParserConfigurationException
* @throws URISyntaxException
*/
public void unzipRelatedFiles(Path pathToDirectory) throws InvalidFormatException, IOException, ParserConfigurationException, SAXException, URISyntaxException {
- loadAASX();
-
List files = parseReferencedFilePathsFromAASX();
+
for (String filePath: files) {
unzipFile(filePath, aasxRoot, pathToDirectory);
}
- closeOPCPackage();
}
/**
@@ -351,13 +372,13 @@ private void unzipFile(String filePath, OPCPackage aasxRoot, Path pathToDirector
return;
}
- logger.info("Unzipping " + filePath);
+ logger.debug("Unzipping " + filePath);
String relativePath = "files/" + VABPathTools.getParentPath(filePath);
Path destDir;
destDir = pathToDirectory.resolve(relativePath);
- logger.info("Unzipping to " + destDir);
+ logger.debug("Unzipping to " + destDir);
Files.createDirectories(destDir);
PackagePart part = aasxRoot.getPart(PackagingURIHelper.createPartName("/" + filePath));
@@ -371,4 +392,24 @@ private void unzipFile(String filePath, OPCPackage aasxRoot, Path pathToDirector
InputStream stream = part.getInputStream();
FileUtils.copyInputStreamToFile(stream, new File(targetPath));
}
+
+ private void loadAASX() {
+ if (aasxInputStream == null) {
+ try {
+ aasxInputStream = FileLoaderHelper.getInputStream(aasxPath);
+ } catch (IOException e) {
+ e.printStackTrace();
+ throw new RuntimeException("IO Exception occurred while getting input stream from path " + aasxPath);
+ }
+ }
+
+ if (aasxRoot == null) {
+ try {
+ aasxRoot = OPCPackage.open(aasxInputStream);
+ } catch (InvalidFormatException | IOException e) {
+ e.printStackTrace();
+ throw new RuntimeException("Exception occurred while opening the OPC Package " + aasxPath);
+ }
+ }
+ }
}
diff --git a/src/main/java/org/eclipse/basyx/aas/factory/aasx/SubmodelFileEndpointLoader.java b/src/main/java/org/eclipse/basyx/aas/factory/aasx/SubmodelFileEndpointLoader.java
index ae21277c..fa8ab873 100644
--- a/src/main/java/org/eclipse/basyx/aas/factory/aasx/SubmodelFileEndpointLoader.java
+++ b/src/main/java/org/eclipse/basyx/aas/factory/aasx/SubmodelFileEndpointLoader.java
@@ -34,6 +34,7 @@
import org.eclipse.basyx.submodel.metamodel.api.submodelelement.ISubmodelElementCollection;
import org.eclipse.basyx.submodel.metamodel.map.submodelelement.SubmodelElementCollection;
import org.eclipse.basyx.submodel.metamodel.map.submodelelement.dataelement.File;
+import org.eclipse.basyx.vab.modelprovider.VABPathTools;
/**
* A utility class for configuring file endpoints in submodels
@@ -55,7 +56,8 @@ public class SubmodelFileEndpointLoader {
* path at which the files are hosted on the host (e.g. "/files")
*/
public static void setRelativeFileEndpoints(ISubmodel submodel, String host, int port, String path) {
- String fileRoot = "http://" + host + ":" + port + path;
+ String basePath = "http://" + host + ":" + port;
+ String fileRoot = VABPathTools.append(basePath, path);
setRelativeFileEndpoints(submodel, fileRoot);
}
@@ -108,7 +110,7 @@ private static void setFileEndpoint(File file, String fileRoot) {
} catch (MalformedURLException e1) {
// assume that the file value is already a relative path
}
- String newEndpoint = fileRoot + relativePath;
+ String newEndpoint = VABPathTools.append(fileRoot, relativePath);
file.setValue(newEndpoint);
}
}
diff --git a/src/main/java/org/eclipse/basyx/aas/factory/xml/XMLToMetamodelConverter.java b/src/main/java/org/eclipse/basyx/aas/factory/xml/XMLToMetamodelConverter.java
index a1819cc7..bedf8c40 100644
--- a/src/main/java/org/eclipse/basyx/aas/factory/xml/XMLToMetamodelConverter.java
+++ b/src/main/java/org/eclipse/basyx/aas/factory/xml/XMLToMetamodelConverter.java
@@ -73,13 +73,14 @@ public XMLToMetamodelConverter(String xmlContent) throws ParserConfigurationExce
Map xmlConceptDescriptions = (Map) root.get(ConceptDescriptionXMLConverter.CONCEPT_DESCRIPTIONS);
List conceptDescriptions = ConceptDescriptionXMLConverter.parseConceptDescriptions(xmlConceptDescriptions);
+
+ Map xmlAssets = (Map) root.get(AssetXMLConverter.ASSETS);
+ List assets = AssetXMLConverter.parseAssets(xmlAssets);
- List shells = AssetAdministrationShellXMLConverter.parseAssetAdministrationShells(xmlAASs, conceptDescriptions);
+ List shells = AssetAdministrationShellXMLConverter.parseAssetAdministrationShells(xmlAASs, conceptDescriptions, assets);
Map xmlSubmodels = (Map) root.get(SubmodelXMLConverter.SUBMODELS);
List submodels = SubmodelXMLConverter.parseSubmodels(xmlSubmodels);
- Map xmlAssets = (Map) root.get(AssetXMLConverter.ASSETS);
- List assets = AssetXMLConverter.parseAssets(xmlAssets);
aasEnv = new AasEnv(shells, assets, conceptDescriptions, submodels);
}
diff --git a/src/main/java/org/eclipse/basyx/aas/factory/xml/converters/AssetAdministrationShellXMLConverter.java b/src/main/java/org/eclipse/basyx/aas/factory/xml/converters/AssetAdministrationShellXMLConverter.java
index ea26eca4..c95149e5 100644
--- a/src/main/java/org/eclipse/basyx/aas/factory/xml/converters/AssetAdministrationShellXMLConverter.java
+++ b/src/main/java/org/eclipse/basyx/aas/factory/xml/converters/AssetAdministrationShellXMLConverter.java
@@ -30,13 +30,16 @@
import java.util.HashSet;
import java.util.List;
import java.util.Map;
+import java.util.Optional;
import java.util.Set;
import org.eclipse.basyx.aas.factory.xml.api.parts.ViewXMLConverter;
import org.eclipse.basyx.aas.metamodel.api.IAssetAdministrationShell;
import org.eclipse.basyx.aas.metamodel.api.parts.IConceptDictionary;
import org.eclipse.basyx.aas.metamodel.api.parts.IView;
+import org.eclipse.basyx.aas.metamodel.api.parts.asset.IAsset;
import org.eclipse.basyx.aas.metamodel.map.AssetAdministrationShell;
+import org.eclipse.basyx.aas.metamodel.map.parts.Asset;
import org.eclipse.basyx.aas.metamodel.map.parts.ConceptDictionary;
import org.eclipse.basyx.submodel.factory.xml.XMLHelper;
import org.eclipse.basyx.submodel.factory.xml.converters.qualifier.HasDataSpecificationXMLConverter;
@@ -87,7 +90,7 @@ public class AssetAdministrationShellXMLConverter {
* Map
*/
@SuppressWarnings("unchecked")
- public static List parseAssetAdministrationShells(Map xmlAASObject, Collection conceptDescriptions) {
+ public static List parseAssetAdministrationShells(Map xmlAASObject, Collection conceptDescriptions, Collection assets) {
if (xmlAASObject == null) {
return Collections.emptyList();
}
@@ -117,6 +120,11 @@ public static List parseAssetAdministrationShells(Map
Collection submodelRefs = parseSubmodelRefs(xmlAAS);
adminShell.setSubmodelReferences(submodelRefs);
+
+ Asset asset = parseAsset(assets, assetRef);
+
+ if (asset != null)
+ adminShell.setAsset(asset);
aasList.add(adminShell);
}
@@ -353,5 +361,27 @@ private static Element buildConceptDictionary(Document document, IAssetAdministr
}
return conceptDicts;
}
+
+ private static Asset parseAsset(Collection assets, Reference assetRef) {
+ if (assetRef == null)
+ return null;
+
+ Optional optionalAsset = assets.stream().filter(asset -> isReferenced(asset, assetRef)).findAny();
+
+ if (optionalAsset.isEmpty())
+ return null;
+
+ return (Asset) optionalAsset.get();
+ }
+
+ private static boolean isReferenced(IAsset asset, Reference assetReference) {
+ Optional optionalKey = assetReference.getKeys().stream().filter(key -> hasMatchingAsset(asset, key)).findAny();
+
+ return optionalKey.isPresent();
+ }
+
+ private static boolean hasMatchingAsset(IAsset asset, IKey key) {
+ return key.getValue().equals(asset.getIdentification().getId());
+ }
}
diff --git a/src/main/java/org/eclipse/basyx/aas/manager/ConnectedAssetAdministrationShellManager.java b/src/main/java/org/eclipse/basyx/aas/manager/ConnectedAssetAdministrationShellManager.java
index cdecc479..dcb97820 100644
--- a/src/main/java/org/eclipse/basyx/aas/manager/ConnectedAssetAdministrationShellManager.java
+++ b/src/main/java/org/eclipse/basyx/aas/manager/ConnectedAssetAdministrationShellManager.java
@@ -127,25 +127,28 @@ public Collection retrieveAASAll() {
@Override
public void deleteAAS(IIdentifier id) {
- // Lookup AAS descriptor
AASDescriptor aasDescriptor = aasDirectory.lookupAAS(id);
- // Get AAS address from AAS descriptor
String addr = aasDescriptor.getFirstEndpoint();
- // Address ends in "/aas", has to be stripped for removal
- addr = VABPathTools.stripSlashes(addr);
- addr = addr.substring(0, addr.length() - "/aas".length());
-
- // Delete from server
- proxyFactory.createProxy(addr).deleteValue("");
+ String harmonizedAddress = getHarmonizedAddress(addr);
- // Delete from Registry
aasDirectory.delete(id);
+ deleteAasFromAddress(harmonizedAddress);
+
// TODO: How to handle submodels -> Lifecycle needs to be clarified
}
+ private void deleteAasFromAddress(String address) {
+ proxyFactory.createProxy(address).deleteValue("");
+ }
+
+ private String getHarmonizedAddress(String address) {
+ String strippedAddr = VABPathTools.stripSlashes(address);
+ return strippedAddr.substring(0, strippedAddr.length() - "/aas".length());
+ }
+
@Override
public void createSubmodel(IIdentifier aasId, Submodel submodel) {
@@ -167,9 +170,10 @@ public void createSubmodel(IIdentifier aasId, Submodel submodel) {
@Override
public void deleteSubmodel(IIdentifier aasId, IIdentifier submodelId) {
IAssetAdministrationShell shell = retrieveAAS(aasId);
- shell.removeSubmodel(submodelId);
aasDirectory.delete(aasId, submodelId);
+
+ shell.removeSubmodel(submodelId);
}
@Override
diff --git a/src/main/java/org/eclipse/basyx/aas/restapi/AASAPIFactory.java b/src/main/java/org/eclipse/basyx/aas/restapi/AASAPIFactory.java
index 0e19b076..226dede7 100644
--- a/src/main/java/org/eclipse/basyx/aas/restapi/AASAPIFactory.java
+++ b/src/main/java/org/eclipse/basyx/aas/restapi/AASAPIFactory.java
@@ -28,6 +28,7 @@
import org.eclipse.basyx.aas.restapi.api.IAASAPI;
import org.eclipse.basyx.aas.restapi.api.IAASAPIFactory;
import org.eclipse.basyx.aas.restapi.vab.VABAASAPIFactory;
+import org.eclipse.basyx.submodel.metamodel.api.identifier.IIdentifier;
/**
* AAS API provider that provides the default AAS API
@@ -50,4 +51,9 @@ public IAASAPI getAASApi(AssetAdministrationShell aas) {
return aasAPIFactory.create(aas);
}
+ @Override
+ public IAASAPI create(IIdentifier aasId) {
+ return aasAPIFactory.create(aasId);
+ }
+
}
diff --git a/src/main/java/org/eclipse/basyx/aas/restapi/api/IAASAPIFactory.java b/src/main/java/org/eclipse/basyx/aas/restapi/api/IAASAPIFactory.java
index 1acff459..48030acd 100644
--- a/src/main/java/org/eclipse/basyx/aas/restapi/api/IAASAPIFactory.java
+++ b/src/main/java/org/eclipse/basyx/aas/restapi/api/IAASAPIFactory.java
@@ -25,6 +25,8 @@
package org.eclipse.basyx.aas.restapi.api;
import org.eclipse.basyx.aas.metamodel.map.AssetAdministrationShell;
+import org.eclipse.basyx.submodel.metamodel.api.identifier.IIdentifier;
+import org.eclipse.basyx.vab.exception.FeatureNotImplementedException;
/**
* Interface for providing an AAS API
@@ -44,7 +46,12 @@ public interface IAASAPIFactory {
@Deprecated
public IAASAPI getAASApi(AssetAdministrationShell aas);
+
public default IAASAPI create(AssetAdministrationShell aas) {
return getAASApi(aas);
}
+
+ public default IAASAPI create(IIdentifier aasId) {
+ throw new FeatureNotImplementedException();
+ }
}
diff --git a/src/main/java/org/eclipse/basyx/aas/restapi/vab/VABAASAPIFactory.java b/src/main/java/org/eclipse/basyx/aas/restapi/vab/VABAASAPIFactory.java
index 5f45b2c5..bae7df78 100644
--- a/src/main/java/org/eclipse/basyx/aas/restapi/vab/VABAASAPIFactory.java
+++ b/src/main/java/org/eclipse/basyx/aas/restapi/vab/VABAASAPIFactory.java
@@ -27,6 +27,8 @@
import org.eclipse.basyx.aas.metamodel.map.AssetAdministrationShell;
import org.eclipse.basyx.aas.restapi.api.IAASAPI;
import org.eclipse.basyx.aas.restapi.api.IAASAPIFactory;
+import org.eclipse.basyx.submodel.metamodel.api.identifier.IIdentifier;
+import org.eclipse.basyx.vab.exception.FeatureNotImplementedException;
import org.eclipse.basyx.vab.modelprovider.lambda.VABLambdaProvider;
/**
@@ -39,4 +41,10 @@ public class VABAASAPIFactory implements IAASAPIFactory {
public IAASAPI getAASApi(AssetAdministrationShell aas) {
return new VABAASAPI(new VABLambdaProvider(aas));
}
+
+ @Override
+ public IAASAPI create(IIdentifier aasId) {
+ // This should not be used for VABAASAPI
+ throw new FeatureNotImplementedException();
+ }
}
diff --git a/src/main/java/org/eclipse/basyx/extensions/aas/aggregator/aasxupload/AASAggregatorAASXUpload.java b/src/main/java/org/eclipse/basyx/extensions/aas/aggregator/aasxupload/AASAggregatorAASXUpload.java
index 85bb71f6..95ea0927 100644
--- a/src/main/java/org/eclipse/basyx/extensions/aas/aggregator/aasxupload/AASAggregatorAASXUpload.java
+++ b/src/main/java/org/eclipse/basyx/extensions/aas/aggregator/aasxupload/AASAggregatorAASXUpload.java
@@ -70,8 +70,7 @@ public AASAggregatorAASXUpload(IAASAggregator aggregator) {
@Override
public void uploadAASX(InputStream aasxStream) {
- try {
- AASXToMetamodelConverter converter = new AASXToMetamodelConverter(aasxStream);
+ try (AASXToMetamodelConverter converter = new AASXToMetamodelConverter(aasxStream)) {
Set bundles = converter.retrieveAASBundles();
AASBundleHelper.integrate(this, bundles);
uploadFilesInAASX(converter);
@@ -100,7 +99,7 @@ private void uploadNestedFiles(IIdentifier aasIdentification, AASXToMetamodelCon
private void uploadFileInSubmodelElement(IIdentifier aasIdentification, AASXToMetamodelConverter converter, File submodelElement, String submodelElementPath) {
try {
- getAASProvider(aasIdentification).createValue(submodelElementPath + "/File/upload", converter.retrieveFileInputStream((String) submodelElement.getValue()));
+ getAASProvider(aasIdentification).createValue(submodelElementPath + "/upload", converter.retrieveFileInputStream((String) submodelElement.getValue()));
} catch (InvalidFormatException | IOException e) {
e.printStackTrace();
}
diff --git a/src/main/java/org/eclipse/basyx/extensions/aas/aggregator/authorization/internal/SimpleRbacAASAggregatorAuthorizer.java b/src/main/java/org/eclipse/basyx/extensions/aas/aggregator/authorization/internal/SimpleRbacAASAggregatorAuthorizer.java
index fc29531f..90294356 100644
--- a/src/main/java/org/eclipse/basyx/extensions/aas/aggregator/authorization/internal/SimpleRbacAASAggregatorAuthorizer.java
+++ b/src/main/java/org/eclipse/basyx/extensions/aas/aggregator/authorization/internal/SimpleRbacAASAggregatorAuthorizer.java
@@ -59,14 +59,14 @@ public Collection authorizeGetAASList(final SubjectIn
@Override
public IAssetAdministrationShell authorizeGetAAS(final SubjectInformationType subjectInformation, final IIdentifier aasId, final Supplier aasSupplier) throws InhibitException {
- SimpleRbacHelper.checkRule(rbacRuleChecker, roleAuthenticator, subjectInformation, AASAggregatorScopes.READ_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(aasId), null, null));
+ SimpleRbacHelper.checkRule(rbacRuleChecker, roleAuthenticator, subjectInformation, AASAggregatorScopes.READ_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(aasId), null, null, null));
return aasSupplier.get();
}
@Override
public IModelProvider authorizeGetAASProvider(final SubjectInformationType subjectInformation, final IIdentifier aasId, final Supplier modelProviderSupplier) throws InhibitException {
- SimpleRbacHelper.checkRule(rbacRuleChecker, roleAuthenticator, subjectInformation, AASAggregatorScopes.READ_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(aasId), null, null));
+ SimpleRbacHelper.checkRule(rbacRuleChecker, roleAuthenticator, subjectInformation, AASAggregatorScopes.READ_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(aasId), null, null, null));
return modelProviderSupplier.get();
}
@@ -75,18 +75,18 @@ public IModelProvider authorizeGetAASProvider(final SubjectInformationType subje
public void authorizeCreateAAS(final SubjectInformationType subjectInformation, final AssetAdministrationShell aas) throws InhibitException {
final IIdentifier aasId = aas.getIdentification();
- SimpleRbacHelper.checkRule(rbacRuleChecker, roleAuthenticator, subjectInformation, AASAggregatorScopes.WRITE_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(aasId), null, null));
+ SimpleRbacHelper.checkRule(rbacRuleChecker, roleAuthenticator, subjectInformation, AASAggregatorScopes.WRITE_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(aasId), null, null, null));
}
@Override
public void authorizeUpdateAAS(final SubjectInformationType subjectInformation, final AssetAdministrationShell aas) throws InhibitException {
final IIdentifier aasId = aas.getIdentification();
- SimpleRbacHelper.checkRule(rbacRuleChecker, roleAuthenticator, subjectInformation, AASAggregatorScopes.WRITE_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(aasId), null, null));
+ SimpleRbacHelper.checkRule(rbacRuleChecker, roleAuthenticator, subjectInformation, AASAggregatorScopes.WRITE_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(aasId), null, null, null));
}
@Override
public void authorizeDeleteAAS(final SubjectInformationType subjectInformation, final IIdentifier aasId) throws InhibitException {
- SimpleRbacHelper.checkRule(rbacRuleChecker, roleAuthenticator, subjectInformation, AASAggregatorScopes.WRITE_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(aasId), null, null));
+ SimpleRbacHelper.checkRule(rbacRuleChecker, roleAuthenticator, subjectInformation, AASAggregatorScopes.WRITE_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(aasId), null, null, null));
}
}
diff --git a/src/main/java/org/eclipse/basyx/extensions/aas/api/authorization/AuthorizedDecoratingAASAPIFactory.java b/src/main/java/org/eclipse/basyx/extensions/aas/api/authorization/AuthorizedDecoratingAASAPIFactory.java
index a86f4e78..3f570057 100644
--- a/src/main/java/org/eclipse/basyx/extensions/aas/api/authorization/AuthorizedDecoratingAASAPIFactory.java
+++ b/src/main/java/org/eclipse/basyx/extensions/aas/api/authorization/AuthorizedDecoratingAASAPIFactory.java
@@ -12,6 +12,7 @@
import org.eclipse.basyx.aas.metamodel.map.AssetAdministrationShell;
import org.eclipse.basyx.aas.restapi.api.IAASAPI;
import org.eclipse.basyx.aas.restapi.api.IAASAPIFactory;
+import org.eclipse.basyx.submodel.metamodel.api.identifier.IIdentifier;
/**
* Api provider for constructing a new AAS API that is authorized
@@ -29,4 +30,9 @@ public AuthorizedDecoratingAASAPIFactory(IAASAPIFactory factoryToBeDecorated) {
public IAASAPI getAASApi(AssetAdministrationShell aas) {
return new AuthorizedAASAPI(apiFactory.create(aas));
}
+
+ @Override
+ public IAASAPI create(IIdentifier aasId) {
+ return new AuthorizedAASAPI(apiFactory.create(aasId));
+ }
}
\ No newline at end of file
diff --git a/src/main/java/org/eclipse/basyx/extensions/aas/api/authorization/internal/AuthorizedDecoratingAASAPIFactory.java b/src/main/java/org/eclipse/basyx/extensions/aas/api/authorization/internal/AuthorizedDecoratingAASAPIFactory.java
index 431798c5..ad00d0de 100644
--- a/src/main/java/org/eclipse/basyx/extensions/aas/api/authorization/internal/AuthorizedDecoratingAASAPIFactory.java
+++ b/src/main/java/org/eclipse/basyx/extensions/aas/api/authorization/internal/AuthorizedDecoratingAASAPIFactory.java
@@ -28,6 +28,7 @@
import org.eclipse.basyx.aas.restapi.api.IAASAPI;
import org.eclipse.basyx.aas.restapi.api.IAASAPIFactory;
import org.eclipse.basyx.extensions.shared.authorization.internal.ISubjectInformationProvider;
+import org.eclipse.basyx.submodel.metamodel.api.identifier.IIdentifier;
/**
* Api provider for constructing a new AAS API that is authorized
@@ -50,4 +51,9 @@ public AuthorizedDecoratingAASAPIFactory(final IAASAPIFactory factoryToBeDecorat
public IAASAPI getAASApi(final AssetAdministrationShell aas) {
return new AuthorizedAASAPI<>(apiFactory.create(aas), aasAPIAuthorizer, subjectInformationProvider);
}
+
+ @Override
+ public IAASAPI create(IIdentifier aasId) {
+ return new AuthorizedAASAPI<>(apiFactory.create(aasId), aasAPIAuthorizer, subjectInformationProvider);
+ }
}
\ No newline at end of file
diff --git a/src/main/java/org/eclipse/basyx/extensions/aas/api/authorization/internal/SimpleRbacAASAPIAuthorizer.java b/src/main/java/org/eclipse/basyx/extensions/aas/api/authorization/internal/SimpleRbacAASAPIAuthorizer.java
index 70a15f3d..8549d707 100644
--- a/src/main/java/org/eclipse/basyx/extensions/aas/api/authorization/internal/SimpleRbacAASAPIAuthorizer.java
+++ b/src/main/java/org/eclipse/basyx/extensions/aas/api/authorization/internal/SimpleRbacAASAPIAuthorizer.java
@@ -55,7 +55,7 @@ public SimpleRbacAASAPIAuthorizer(final IRbacRuleChecker rbacRuleChecker, final
public IAssetAdministrationShell authorizeGetAAS(final SubjectInformationType subjectInformation, final Supplier aasSupplier) throws InhibitException {
final IIdentifier aasId = getAasId(aasSupplier);
- SimpleRbacHelper.checkRule(rbacRuleChecker, roleAuthenticator, subjectInformation, AASAPIScopes.READ_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(aasId), null, null));
+ SimpleRbacHelper.checkRule(rbacRuleChecker, roleAuthenticator, subjectInformation, AASAPIScopes.READ_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(aasId), null, null, null));
return aasSupplier.get();
}
@@ -64,14 +64,14 @@ public IAssetAdministrationShell authorizeGetAAS(final SubjectInformationType su
public void authorizeAddSubmodel(final SubjectInformationType subjectInformation, final Supplier aasSupplier, final IReference smId) throws InhibitException {
final IIdentifier aasId = getAasId(aasSupplier);
- SimpleRbacHelper.checkRule(rbacRuleChecker, roleAuthenticator, subjectInformation, AASAPIScopes.WRITE_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(aasId), IdHelper.getReferenceId(smId), null));
+ SimpleRbacHelper.checkRule(rbacRuleChecker, roleAuthenticator, subjectInformation, AASAPIScopes.WRITE_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(aasId), IdHelper.getReferenceId(smId), null, null));
}
@Override
public void authorizeRemoveSubmodel(final SubjectInformationType subjectInformation, final Supplier aasSupplier, final String smIdShortPath) throws InhibitException {
final IIdentifier aasId = getAasId(aasSupplier);
- SimpleRbacHelper.checkRule(rbacRuleChecker, roleAuthenticator, subjectInformation, AASAPIScopes.WRITE_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(aasId), smIdShortPath, null));
+ SimpleRbacHelper.checkRule(rbacRuleChecker, roleAuthenticator, subjectInformation, AASAPIScopes.WRITE_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(aasId), smIdShortPath, null, null));
}
private IIdentifier getAasId(final Supplier aasSupplier) {
diff --git a/src/main/java/org/eclipse/basyx/extensions/aas/api/mqtt/MqttDecoratingAASAPIFactory.java b/src/main/java/org/eclipse/basyx/extensions/aas/api/mqtt/MqttDecoratingAASAPIFactory.java
index 1923269c..a556a725 100644
--- a/src/main/java/org/eclipse/basyx/extensions/aas/api/mqtt/MqttDecoratingAASAPIFactory.java
+++ b/src/main/java/org/eclipse/basyx/extensions/aas/api/mqtt/MqttDecoratingAASAPIFactory.java
@@ -13,6 +13,7 @@
import org.eclipse.basyx.aas.restapi.api.IAASAPI;
import org.eclipse.basyx.aas.restapi.api.IAASAPIFactory;
import org.eclipse.basyx.aas.restapi.observing.ObservableAASAPI;
+import org.eclipse.basyx.submodel.metamodel.api.identifier.IIdentifier;
import org.eclipse.basyx.vab.exception.provider.ProviderException;
import org.eclipse.paho.client.mqttv3.MqttClient;
import org.eclipse.paho.client.mqttv3.MqttException;
@@ -33,8 +34,12 @@ public MqttDecoratingAASAPIFactory(IAASAPIFactory factoryToBeDecorated, MqttClie
@Override
public IAASAPI getAASApi(AssetAdministrationShell aas) {
+ return createMqttDecoratingAASAPI(apiFactory.create(aas));
+ }
+
+ private IAASAPI createMqttDecoratingAASAPI(IAASAPI aasAPI) {
try {
- ObservableAASAPI observedAPI = new ObservableAASAPI(apiFactory.create(aas));
+ ObservableAASAPI observedAPI = new ObservableAASAPI(aasAPI);
MqttAASAPIObserver mqttAASAPIObserver = new MqttAASAPIObserver(client, MqttAASAPIHelper.getAASIdShort(observedAPI));
observedAPI.addObserver(mqttAASAPIObserver);
return observedAPI;
@@ -42,4 +47,9 @@ public IAASAPI getAASApi(AssetAdministrationShell aas) {
throw new ProviderException(e);
}
}
+
+ @Override
+ public IAASAPI create(IIdentifier aasId) {
+ return createMqttDecoratingAASAPI(apiFactory.create(aasId));
+ }
}
\ No newline at end of file
diff --git a/src/main/java/org/eclipse/basyx/extensions/aas/directory/tagged/authorized/internal/AuthorizedTaggedDirectory.java b/src/main/java/org/eclipse/basyx/extensions/aas/directory/tagged/authorized/internal/AuthorizedTaggedDirectory.java
index 7a8b718e..f487668c 100644
--- a/src/main/java/org/eclipse/basyx/extensions/aas/directory/tagged/authorized/internal/AuthorizedTaggedDirectory.java
+++ b/src/main/java/org/eclipse/basyx/extensions/aas/directory/tagged/authorized/internal/AuthorizedTaggedDirectory.java
@@ -24,12 +24,6 @@
******************************************************************************/
package org.eclipse.basyx.extensions.aas.directory.tagged.authorized.internal;
-import java.util.Collection;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Objects;
-import java.util.Set;
-import java.util.stream.Collectors;
import org.eclipse.basyx.aas.metamodel.map.descriptor.ModelUrn;
import org.eclipse.basyx.aas.metamodel.map.descriptor.SubmodelDescriptor;
import org.eclipse.basyx.extensions.aas.directory.tagged.api.IAASTaggedDirectory;
@@ -41,9 +35,13 @@
import org.eclipse.basyx.extensions.shared.authorization.internal.InhibitException;
import org.eclipse.basyx.extensions.shared.authorization.internal.NotAuthorizedException;
import org.eclipse.basyx.submodel.metamodel.api.identifier.IIdentifier;
+import org.eclipse.basyx.submodel.metamodel.api.reference.IReference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import java.util.*;
+import java.util.stream.Collectors;
+
/**
* Implementation of {@link IAASTaggedDirectory} for restricting access to
* sensitive data
@@ -93,7 +91,8 @@ public void register(final TaggedAASDescriptor descriptor) {
}
protected void authorizeRegister(final TaggedAASDescriptor descriptor) throws InhibitException {
- taggedDirectoryAuthorizer.authorizeRegister(subjectInformationProvider.get(), descriptor);
+ final IIdentifier aasId = getAasIdUnsecured(descriptor);
+ taggedDirectoryAuthorizer.authorizeRegister(subjectInformationProvider.get(), aasId, descriptor);
}
@Override
@@ -186,7 +185,9 @@ public void registerSubmodel(final IIdentifier aasId, final TaggedSubmodelDescri
}
protected void authorizeRegisterSubmodel(final IIdentifier aasId, final TaggedSubmodelDescriptor smDescriptor) throws InhibitException {
- taggedDirectoryAuthorizer.authorizeRegisterSubmodel(subjectInformationProvider.get(), aasId, smDescriptor);
+ final IIdentifier smId = getSmIdUnsecured(smDescriptor);
+ final IReference smSemanticId = getSmSemanticIdUnsecured(smDescriptor);
+ taggedDirectoryAuthorizer.authorizeRegisterSubmodel(subjectInformationProvider.get(), aasId, smId, smSemanticId, smDescriptor);
}
@Override
diff --git a/src/main/java/org/eclipse/basyx/extensions/aas/directory/tagged/authorized/internal/GrantedAuthorityTaggedDirectoryAuthorizer.java b/src/main/java/org/eclipse/basyx/extensions/aas/directory/tagged/authorized/internal/GrantedAuthorityTaggedDirectoryAuthorizer.java
index e9d13b5d..4f1fb7b8 100644
--- a/src/main/java/org/eclipse/basyx/extensions/aas/directory/tagged/authorized/internal/GrantedAuthorityTaggedDirectoryAuthorizer.java
+++ b/src/main/java/org/eclipse/basyx/extensions/aas/directory/tagged/authorized/internal/GrantedAuthorityTaggedDirectoryAuthorizer.java
@@ -34,6 +34,7 @@
import org.eclipse.basyx.extensions.shared.authorization.internal.IGrantedAuthorityAuthenticator;
import org.eclipse.basyx.extensions.shared.authorization.internal.InhibitException;
import org.eclipse.basyx.submodel.metamodel.api.identifier.IIdentifier;
+import org.eclipse.basyx.submodel.metamodel.api.reference.IReference;
/**
* Scope based implementation for {@link ITaggedDirectoryAuthorizer}.
@@ -46,7 +47,7 @@ public GrantedAuthorityTaggedDirectoryAuthorizer(final IGrantedAuthorityAuthenti
}
@Override
- public void authorizeRegister(final SubjectInformationType subjectInformation, final TaggedAASDescriptor taggedAASDescriptorSupplier) throws InhibitException {
+ public void authorizeRegister(final SubjectInformationType subjectInformation, final IIdentifier aasId, final TaggedAASDescriptor taggedAASDescriptorSupplier) throws InhibitException {
GrantedAuthorityHelper.checkAuthority(grantedAuthorityAuthenticator, subjectInformation, AuthorizedAASRegistry.WRITE_AUTHORITY);
}
@@ -65,7 +66,7 @@ public Set authorizeLookupTags(final SubjectInformationType
}
@Override
- public void authorizeRegisterSubmodel(final SubjectInformationType subjectInformation, final IIdentifier aasId, final TaggedSubmodelDescriptor taggedSubmodelDescriptor) throws InhibitException {
+ public void authorizeRegisterSubmodel(final SubjectInformationType subjectInformation, final IIdentifier aasId, final IIdentifier smId, final IReference smSemanticId, final TaggedSubmodelDescriptor taggedSubmodelDescriptor) throws InhibitException {
GrantedAuthorityHelper.checkAuthority(grantedAuthorityAuthenticator, subjectInformation, AuthorizedAASRegistry.WRITE_AUTHORITY);
}
diff --git a/src/main/java/org/eclipse/basyx/extensions/aas/directory/tagged/authorized/internal/ITaggedDirectoryAuthorizer.java b/src/main/java/org/eclipse/basyx/extensions/aas/directory/tagged/authorized/internal/ITaggedDirectoryAuthorizer.java
index 94ede207..64f690e2 100644
--- a/src/main/java/org/eclipse/basyx/extensions/aas/directory/tagged/authorized/internal/ITaggedDirectoryAuthorizer.java
+++ b/src/main/java/org/eclipse/basyx/extensions/aas/directory/tagged/authorized/internal/ITaggedDirectoryAuthorizer.java
@@ -33,6 +33,7 @@
import org.eclipse.basyx.extensions.aas.registration.authorization.internal.IAASRegistryAuthorizer;
import org.eclipse.basyx.extensions.shared.authorization.internal.InhibitException;
import org.eclipse.basyx.submodel.metamodel.api.identifier.IIdentifier;
+import org.eclipse.basyx.submodel.metamodel.api.reference.IReference;
/**
* Interface for the authorization points used in
@@ -46,12 +47,14 @@ public interface ITaggedDirectoryAuthorizer extends IAAS
*
* @param subjectInformation
* information of the requester.
+ * @param aasId
+ * id of the AAS.
* @param taggedAASDescriptor
* the AAS descriptor.
* @throws InhibitException
* if authorization failed
*/
- public void authorizeRegister(final SubjectInformationType subjectInformation, final TaggedAASDescriptor taggedAASDescriptor) throws InhibitException;
+ public void authorizeRegister(final SubjectInformationType subjectInformation, final IIdentifier aasId, final TaggedAASDescriptor taggedAASDescriptor) throws InhibitException;
/**
* Checks authorization for {@link IAASTaggedDirectory#lookupTag(String)}.
@@ -91,12 +94,16 @@ public interface ITaggedDirectoryAuthorizer extends IAAS
* information of the requester.
* @param aasId
* id of the AAS.
+ * @param smId
+ * id of the submodel.
+ * @param smSemanticId
+ * smenatic id of the submodel.
* @param taggedSubmodelDescriptor
* supplier for the submodel descriptor.
* @throws InhibitException
* if authorization failed
*/
- public void authorizeRegisterSubmodel(final SubjectInformationType subjectInformation, final IIdentifier aasId, final TaggedSubmodelDescriptor taggedSubmodelDescriptor) throws InhibitException;
+ public void authorizeRegisterSubmodel(final SubjectInformationType subjectInformation, final IIdentifier aasId, final IIdentifier smId, final IReference smSemanticId, final TaggedSubmodelDescriptor taggedSubmodelDescriptor) throws InhibitException;
/**
* Checks authorization for
diff --git a/src/main/java/org/eclipse/basyx/extensions/aas/directory/tagged/authorized/internal/SimpleRbacTaggedDirectoryAuthorizer.java b/src/main/java/org/eclipse/basyx/extensions/aas/directory/tagged/authorized/internal/SimpleRbacTaggedDirectoryAuthorizer.java
index 10d6b310..610eb499 100644
--- a/src/main/java/org/eclipse/basyx/extensions/aas/directory/tagged/authorized/internal/SimpleRbacTaggedDirectoryAuthorizer.java
+++ b/src/main/java/org/eclipse/basyx/extensions/aas/directory/tagged/authorized/internal/SimpleRbacTaggedDirectoryAuthorizer.java
@@ -38,6 +38,7 @@
import org.eclipse.basyx.extensions.shared.authorization.internal.SimpleRbacHelper;
import org.eclipse.basyx.extensions.shared.authorization.internal.TagTargetInformation;
import org.eclipse.basyx.submodel.metamodel.api.identifier.IIdentifier;
+import org.eclipse.basyx.submodel.metamodel.api.reference.IReference;
/**
* Simple role based implementation for {@link ITaggedDirectoryAuthorizer}.
@@ -50,10 +51,8 @@ public SimpleRbacTaggedDirectoryAuthorizer(final IRbacRuleChecker rbacRuleChecke
}
@Override
- public void authorizeRegister(final SubjectInformationType subjectInformation, final TaggedAASDescriptor taggedAASDescriptor) throws InhibitException {
- final IIdentifier aasId = taggedAASDescriptor.getIdentifier();
-
- SimpleRbacHelper.checkRule(rbacRuleChecker, roleAuthenticator, subjectInformation, AASRegistryScopes.WRITE_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(aasId), null, null));
+ public void authorizeRegister(final SubjectInformationType subjectInformation, final IIdentifier aasId, final TaggedAASDescriptor taggedAASDescriptor) throws InhibitException {
+ SimpleRbacHelper.checkRule(rbacRuleChecker, roleAuthenticator, subjectInformation, AASRegistryScopes.WRITE_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(aasId), null, null, null));
}
@Override
@@ -69,10 +68,8 @@ public Set authorizeLookupTags(final SubjectInformationType
}
@Override
- public void authorizeRegisterSubmodel(final SubjectInformationType subjectInformation, final IIdentifier aasId, final TaggedSubmodelDescriptor taggedSubmodelDescriptor) throws InhibitException {
- final IIdentifier smId = taggedSubmodelDescriptor.getIdentifier();
-
- SimpleRbacHelper.checkRule(rbacRuleChecker, roleAuthenticator, subjectInformation, AASRegistryScopes.WRITE_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(aasId), IdHelper.getIdentifierId(smId), null));
+ public void authorizeRegisterSubmodel(final SubjectInformationType subjectInformation, final IIdentifier aasId, final IIdentifier smId, final IReference smSemanticId, final TaggedSubmodelDescriptor taggedSubmodelDescriptor) throws InhibitException {
+ SimpleRbacHelper.checkRule(rbacRuleChecker, roleAuthenticator, subjectInformation, AASRegistryScopes.WRITE_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(aasId), IdHelper.getIdentifierId(smId), IdHelper.getReferenceId(smSemanticId), null));
}
@Override
diff --git a/src/main/java/org/eclipse/basyx/extensions/aas/registration/authorization/internal/AuthorizedAASRegistry.java b/src/main/java/org/eclipse/basyx/extensions/aas/registration/authorization/internal/AuthorizedAASRegistry.java
index d92c6430..18b8c2be 100644
--- a/src/main/java/org/eclipse/basyx/extensions/aas/registration/authorization/internal/AuthorizedAASRegistry.java
+++ b/src/main/java/org/eclipse/basyx/extensions/aas/registration/authorization/internal/AuthorizedAASRegistry.java
@@ -30,6 +30,7 @@
import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;
+
import org.eclipse.basyx.aas.metamodel.map.AssetAdministrationShell;
import org.eclipse.basyx.aas.metamodel.map.descriptor.AASDescriptor;
import org.eclipse.basyx.aas.metamodel.map.descriptor.SubmodelDescriptor;
@@ -41,6 +42,7 @@
import org.eclipse.basyx.extensions.shared.authorization.internal.InhibitException;
import org.eclipse.basyx.extensions.shared.authorization.internal.NotAuthorizedException;
import org.eclipse.basyx.submodel.metamodel.api.identifier.IIdentifier;
+import org.eclipse.basyx.submodel.metamodel.api.reference.IReference;
import org.eclipse.basyx.vab.exception.provider.ProviderException;
import org.eclipse.basyx.vab.exception.provider.ResourceNotFoundException;
import org.slf4j.Logger;
@@ -90,7 +92,8 @@ public void register(final AASDescriptor deviceAASDescriptor) throws ProviderExc
}
protected void authorizeRegister(final AASDescriptor aasDescriptor) throws InhibitException {
- aasRegistryAuthorizer.authorizeRegisterAas(subjectInformationProvider.get(), aasDescriptor);
+ final IIdentifier aasId = getAasIdUnsecured(aasDescriptor);
+ aasRegistryAuthorizer.authorizeRegisterAas(subjectInformationProvider.get(), aasId, aasDescriptor);
}
@Override
@@ -109,7 +112,9 @@ public void register(final IIdentifier aasId, final SubmodelDescriptor smDescrip
}
protected void authorizeRegister(final IIdentifier aasId, final SubmodelDescriptor smDescriptor) throws InhibitException {
- aasRegistryAuthorizer.authorizeRegisterSubmodel(subjectInformationProvider.get(), aasId, smDescriptor);
+ final IIdentifier smId = getSmIdUnsecured(smDescriptor);
+ final IReference smSemanticId = getSmSemanticIdUnsecured(smDescriptor);
+ aasRegistryAuthorizer.authorizeRegisterSubmodel(subjectInformationProvider.get(), aasId, smId, smSemanticId, smDescriptor);
}
@Override
@@ -147,7 +152,9 @@ public void delete(final IIdentifier aasId, final IIdentifier smId) throws Provi
}
protected void authorizeDelete(final IIdentifier aasId, final IIdentifier smId) throws InhibitException {
- aasRegistryAuthorizer.authorizeUnregisterSubmodel(subjectInformationProvider.get(), aasId, smId);
+ final SubmodelDescriptor smDescriptor = getSmDescriptorUnsecured(aasId, smId);
+ final IReference smSemanticId = getSmSemanticIdUnsecured(smDescriptor);
+ aasRegistryAuthorizer.authorizeUnregisterSubmodel(subjectInformationProvider.get(), aasId, smId, smSemanticId);
}
@Override
@@ -278,6 +285,43 @@ public SubmodelDescriptor lookupSubmodel(final IIdentifier aasId, final IIdentif
}
protected SubmodelDescriptor authorizeLookupSubmodel(final IIdentifier aasId, final IIdentifier smId) throws InhibitException {
- return aasRegistryAuthorizer.authorizeLookupSubmodel(subjectInformationProvider.get(), aasId, smId, () -> decoratedRegistry.lookupSubmodel(aasId, smId));
+ final SubmodelDescriptor smDescriptor = getSmDescriptorUnsecured(aasId, smId);
+ final IReference smSemanticId = getSmSemanticIdUnsecured(smDescriptor);
+ return aasRegistryAuthorizer.authorizeLookupSubmodel(subjectInformationProvider.get(), aasId, smId, smSemanticId, () -> decoratedRegistry.lookupSubmodel(aasId, smId));
+ }
+
+ protected IIdentifier getAasIdUnsecured(final AASDescriptor aasDescriptor) throws ResourceNotFoundException {
+ if (aasDescriptor == null) {
+ return null;
+ }
+
+ try (final ElevatedCodeAuthentication.ElevatedCodeAuthenticationAreaHandler ignored = ElevatedCodeAuthentication.enterElevatedCodeAuthenticationArea()) {
+ return aasDescriptor.getIdentifier();
+ }
+ }
+
+ protected SubmodelDescriptor getSmDescriptorUnsecured(final IIdentifier aasId, final IIdentifier smId) throws ResourceNotFoundException {
+ try (final ElevatedCodeAuthentication.ElevatedCodeAuthenticationAreaHandler ignored = ElevatedCodeAuthentication.enterElevatedCodeAuthenticationArea()) {
+ return decoratedRegistry.lookupSubmodel(aasId, smId);
+ }
+ }
+
+ protected IIdentifier getSmIdUnsecured(final SubmodelDescriptor smDescriptor) throws ResourceNotFoundException {
+ if (smDescriptor == null) {
+ return null;
+ }
+
+ try (final ElevatedCodeAuthentication.ElevatedCodeAuthenticationAreaHandler ignored = ElevatedCodeAuthentication.enterElevatedCodeAuthenticationArea()) {
+ return smDescriptor.getIdentifier();
+ }
+ }
+ protected IReference getSmSemanticIdUnsecured(final SubmodelDescriptor smDescriptor) throws ResourceNotFoundException {
+ if (smDescriptor == null) {
+ return null;
+ }
+
+ try (final ElevatedCodeAuthentication.ElevatedCodeAuthenticationAreaHandler ignored = ElevatedCodeAuthentication.enterElevatedCodeAuthenticationArea()) {
+ return smDescriptor.getSemanticId();
+ }
}
}
diff --git a/src/main/java/org/eclipse/basyx/extensions/aas/registration/authorization/internal/GrantedAuthorityAASRegistryAuthorizer.java b/src/main/java/org/eclipse/basyx/extensions/aas/registration/authorization/internal/GrantedAuthorityAASRegistryAuthorizer.java
index 2a5890fd..35f5b439 100644
--- a/src/main/java/org/eclipse/basyx/extensions/aas/registration/authorization/internal/GrantedAuthorityAASRegistryAuthorizer.java
+++ b/src/main/java/org/eclipse/basyx/extensions/aas/registration/authorization/internal/GrantedAuthorityAASRegistryAuthorizer.java
@@ -32,6 +32,7 @@
import org.eclipse.basyx.extensions.shared.authorization.internal.IGrantedAuthorityAuthenticator;
import org.eclipse.basyx.extensions.shared.authorization.internal.InhibitException;
import org.eclipse.basyx.submodel.metamodel.api.identifier.IIdentifier;
+import org.eclipse.basyx.submodel.metamodel.api.reference.IReference;
/**
* Scope based implementation for {@link IAASRegistryAuthorizer}.
@@ -46,12 +47,12 @@ public GrantedAuthorityAASRegistryAuthorizer(final IGrantedAuthorityAuthenticato
}
@Override
- public void authorizeRegisterAas(final SubjectInformationType subjectInformation, final AASDescriptor aasDescriptor) throws InhibitException {
+ public void authorizeRegisterAas(final SubjectInformationType subjectInformation, final IIdentifier aasId, final AASDescriptor aasDescriptor) throws InhibitException {
GrantedAuthorityHelper.checkAuthority(grantedAuthorityAuthenticator, subjectInformation, AuthorizedAASRegistry.WRITE_AUTHORITY);
}
@Override
- public void authorizeRegisterSubmodel(final SubjectInformationType subjectInformation, final IIdentifier aasId, final SubmodelDescriptor smDescriptor) throws InhibitException {
+ public void authorizeRegisterSubmodel(final SubjectInformationType subjectInformation, final IIdentifier aasId, final IIdentifier smId, final IReference smSemanticId, final SubmodelDescriptor smDescriptor) throws InhibitException {
GrantedAuthorityHelper.checkAuthority(grantedAuthorityAuthenticator, subjectInformation, AuthorizedAASRegistry.WRITE_AUTHORITY);
}
@@ -61,7 +62,7 @@ public void authorizeUnregisterAas(final SubjectInformationType subjectInformati
}
@Override
- public void authorizeUnregisterSubmodel(final SubjectInformationType subjectInformation, final IIdentifier aasId, final IIdentifier smId) throws InhibitException {
+ public void authorizeUnregisterSubmodel(final SubjectInformationType subjectInformation, final IIdentifier aasId, final IIdentifier smId, final IReference smSemanticId) throws InhibitException {
GrantedAuthorityHelper.checkAuthority(grantedAuthorityAuthenticator, subjectInformation, AuthorizedAASRegistry.WRITE_AUTHORITY);
}
@@ -87,7 +88,7 @@ public List authorizeLookupSubmodels(final SubjectInformatio
}
@Override
- public SubmodelDescriptor authorizeLookupSubmodel(final SubjectInformationType subjectInformation, final IIdentifier aasId, final IIdentifier smId, final Supplier smSupplier) throws InhibitException {
+ public SubmodelDescriptor authorizeLookupSubmodel(final SubjectInformationType subjectInformation, final IIdentifier aasId, final IIdentifier smId, final IReference smSemanticId, final Supplier smSupplier) throws InhibitException {
GrantedAuthorityHelper.checkAuthority(grantedAuthorityAuthenticator, subjectInformation, AuthorizedAASRegistry.READ_AUTHORITY);
return smSupplier.get();
diff --git a/src/main/java/org/eclipse/basyx/extensions/aas/registration/authorization/internal/IAASRegistryAuthorizer.java b/src/main/java/org/eclipse/basyx/extensions/aas/registration/authorization/internal/IAASRegistryAuthorizer.java
index 251dbc1c..dbff4ff8 100644
--- a/src/main/java/org/eclipse/basyx/extensions/aas/registration/authorization/internal/IAASRegistryAuthorizer.java
+++ b/src/main/java/org/eclipse/basyx/extensions/aas/registration/authorization/internal/IAASRegistryAuthorizer.java
@@ -31,6 +31,7 @@
import org.eclipse.basyx.aas.registration.api.IAASRegistry;
import org.eclipse.basyx.extensions.shared.authorization.internal.InhibitException;
import org.eclipse.basyx.submodel.metamodel.api.identifier.IIdentifier;
+import org.eclipse.basyx.submodel.metamodel.api.reference.IReference;
/**
* Interface for the authorization points used in {@link AuthorizedAASRegistry}.
@@ -43,12 +44,14 @@ public interface IAASRegistryAuthorizer {
*
* @param subjectInformation
* information of the requester.
+ * @param aasId
+ * id of the AAS.
* @param aasDescriptor
* descriptor of the AAS.
* @throws InhibitException
* if authorization failed
*/
- public void authorizeRegisterAas(final SubjectInformationType subjectInformation, final AASDescriptor aasDescriptor) throws InhibitException;
+ public void authorizeRegisterAas(final SubjectInformationType subjectInformation, final IIdentifier aasId, final AASDescriptor aasDescriptor) throws InhibitException;
/**
* Checks authorization for
@@ -58,12 +61,16 @@ public interface IAASRegistryAuthorizer {
* information of the requester.
* @param aasId
* id of the AAS.
+ * @param smId
+ * id of the submodel.
+ * @param smSemanticId
+ * semantic id of the submodel.
* @param smDescriptor
* the submodel descriptor.
* @throws InhibitException
* if authorization failed
*/
- public void authorizeRegisterSubmodel(final SubjectInformationType subjectInformation, final IIdentifier aasId, final SubmodelDescriptor smDescriptor) throws InhibitException;
+ public void authorizeRegisterSubmodel(final SubjectInformationType subjectInformation, final IIdentifier aasId, final IIdentifier smId, final IReference smSemanticId, final SubmodelDescriptor smDescriptor) throws InhibitException;
/**
* Checks authorization for {@link IAASRegistry#delete(IIdentifier)}.
@@ -87,10 +94,12 @@ public interface IAASRegistryAuthorizer {
* id of the AAS.
* @param smId
* id of the submodel.
+ * @param smSemanticId
+ * semantic id of the submodel.
* @throws InhibitException
* if authorization failed
*/
- public void authorizeUnregisterSubmodel(final SubjectInformationType subjectInformation, final IIdentifier aasId, final IIdentifier smId) throws InhibitException;
+ public void authorizeUnregisterSubmodel(final SubjectInformationType subjectInformation, final IIdentifier aasId, final IIdentifier smId, final IReference smSemanticId) throws InhibitException;
/**
* Checks authorization for {@link IAASRegistry#lookupAAS(IIdentifier)}.
@@ -145,11 +154,13 @@ public interface IAASRegistryAuthorizer {
* id of the AAS.
* @param smId
* id of the submodel.
+ * @param smSemanticId
+ * semantic id of the submodel.
* @param smSupplier
* supplier for the submodel.
* @return the authorized submodel descriptor.
* @throws InhibitException
* if authorization failed
*/
- public SubmodelDescriptor authorizeLookupSubmodel(final SubjectInformationType subjectInformation, final IIdentifier aasId, final IIdentifier smId, final Supplier smSupplier) throws InhibitException;
+ public SubmodelDescriptor authorizeLookupSubmodel(final SubjectInformationType subjectInformation, final IIdentifier aasId, final IIdentifier smId, final IReference smSemanticId, final Supplier smSupplier) throws InhibitException;
}
\ No newline at end of file
diff --git a/src/main/java/org/eclipse/basyx/extensions/aas/registration/authorization/internal/SimpleRbacAASRegistryAuthorizer.java b/src/main/java/org/eclipse/basyx/extensions/aas/registration/authorization/internal/SimpleRbacAASRegistryAuthorizer.java
index 7ffb6736..db3440a3 100644
--- a/src/main/java/org/eclipse/basyx/extensions/aas/registration/authorization/internal/SimpleRbacAASRegistryAuthorizer.java
+++ b/src/main/java/org/eclipse/basyx/extensions/aas/registration/authorization/internal/SimpleRbacAASRegistryAuthorizer.java
@@ -36,6 +36,7 @@
import org.eclipse.basyx.extensions.shared.authorization.internal.InhibitException;
import org.eclipse.basyx.extensions.shared.authorization.internal.SimpleRbacHelper;
import org.eclipse.basyx.submodel.metamodel.api.identifier.IIdentifier;
+import org.eclipse.basyx.submodel.metamodel.api.reference.IReference;
/**
* Simple role based implementation for {@link IAASRegistryAuthorizer}.
@@ -52,53 +53,49 @@ public SimpleRbacAASRegistryAuthorizer(final IRbacRuleChecker rbacRuleChecker, f
}
@Override
- public void authorizeRegisterAas(final SubjectInformationType subjectInformation, final AASDescriptor aasDescriptor) throws InhibitException {
- final IIdentifier aasId = aasDescriptor.getIdentifier();
-
- SimpleRbacHelper.checkRule(rbacRuleChecker, roleAuthenticator, subjectInformation, AASRegistryScopes.WRITE_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(aasId), null, null));
+ public void authorizeRegisterAas(final SubjectInformationType subjectInformation, final IIdentifier aasId, final AASDescriptor aasDescriptor) throws InhibitException {
+ SimpleRbacHelper.checkRule(rbacRuleChecker, roleAuthenticator, subjectInformation, AASRegistryScopes.WRITE_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(aasId), null, null, null));
}
@Override
- public void authorizeRegisterSubmodel(final SubjectInformationType subjectInformation, final IIdentifier aasId, final SubmodelDescriptor smDescriptor) throws InhibitException {
- final IIdentifier smId = smDescriptor.getIdentifier();
-
- SimpleRbacHelper.checkRule(rbacRuleChecker, roleAuthenticator, subjectInformation, AASRegistryScopes.WRITE_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(aasId), IdHelper.getIdentifierId(smId), null));
+ public void authorizeRegisterSubmodel(final SubjectInformationType subjectInformation, final IIdentifier aasId, final IIdentifier smId, final IReference smSemanticId, final SubmodelDescriptor smDescriptor) throws InhibitException {
+ SimpleRbacHelper.checkRule(rbacRuleChecker, roleAuthenticator, subjectInformation, AASRegistryScopes.WRITE_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(aasId), IdHelper.getIdentifierId(smId), IdHelper.getReferenceId(smSemanticId), null));
}
@Override
public void authorizeUnregisterAas(final SubjectInformationType subjectInformation, final IIdentifier aasId) throws InhibitException {
- SimpleRbacHelper.checkRule(rbacRuleChecker, roleAuthenticator, subjectInformation, AASRegistryScopes.WRITE_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(aasId), null, null));
+ SimpleRbacHelper.checkRule(rbacRuleChecker, roleAuthenticator, subjectInformation, AASRegistryScopes.WRITE_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(aasId), null, null, null));
}
@Override
- public void authorizeUnregisterSubmodel(final SubjectInformationType subjectInformation, final IIdentifier aasId, final IIdentifier smId) throws InhibitException {
- SimpleRbacHelper.checkRule(rbacRuleChecker, roleAuthenticator, subjectInformation, AASRegistryScopes.WRITE_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(aasId), IdHelper.getIdentifierId(smId), null));
+ public void authorizeUnregisterSubmodel(final SubjectInformationType subjectInformation, final IIdentifier aasId, final IIdentifier smId, final IReference smSemanticId) throws InhibitException {
+ SimpleRbacHelper.checkRule(rbacRuleChecker, roleAuthenticator, subjectInformation, AASRegistryScopes.WRITE_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(aasId), IdHelper.getIdentifierId(smId), IdHelper.getReferenceId(smSemanticId), null));
}
@Override
public AASDescriptor authorizeLookupAAS(final SubjectInformationType subjectInformation, final IIdentifier aasId, final Supplier aasSupplier) throws InhibitException {
- SimpleRbacHelper.checkRule(rbacRuleChecker, roleAuthenticator, subjectInformation, AASRegistryScopes.READ_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(aasId), null, null));
+ SimpleRbacHelper.checkRule(rbacRuleChecker, roleAuthenticator, subjectInformation, AASRegistryScopes.READ_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(aasId), null, null, null));
return aasSupplier.get();
}
@Override
public List authorizeLookupAll(final SubjectInformationType subjectInformation, final Supplier> aasDescriptorsSupplier) throws InhibitException {
- SimpleRbacHelper.checkRule(rbacRuleChecker, roleAuthenticator, subjectInformation, AASRegistryScopes.READ_SCOPE, new BaSyxObjectTargetInformation(null, null, null));
+ SimpleRbacHelper.checkRule(rbacRuleChecker, roleAuthenticator, subjectInformation, AASRegistryScopes.READ_SCOPE, new BaSyxObjectTargetInformation(null, null, null, null));
return aasDescriptorsSupplier.get();
}
@Override
public List authorizeLookupSubmodels(final SubjectInformationType subjectInformation, final IIdentifier aasId, final Supplier> submodelDescriptorsSupplier) throws InhibitException {
- SimpleRbacHelper.checkRule(rbacRuleChecker, roleAuthenticator, subjectInformation, AASRegistryScopes.READ_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(aasId), null, null));
+ SimpleRbacHelper.checkRule(rbacRuleChecker, roleAuthenticator, subjectInformation, AASRegistryScopes.READ_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(aasId), null, null, null));
return submodelDescriptorsSupplier.get();
}
@Override
- public SubmodelDescriptor authorizeLookupSubmodel(final SubjectInformationType subjectInformation, final IIdentifier aasId, final IIdentifier smId, final Supplier smSupplier) throws InhibitException {
- SimpleRbacHelper.checkRule(rbacRuleChecker, roleAuthenticator, subjectInformation, AASRegistryScopes.READ_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(aasId), IdHelper.getIdentifierId(smId), null));
+ public SubmodelDescriptor authorizeLookupSubmodel(final SubjectInformationType subjectInformation, final IIdentifier aasId, final IIdentifier smId, final IReference smSemanticId, final Supplier smSupplier) throws InhibitException {
+ SimpleRbacHelper.checkRule(rbacRuleChecker, roleAuthenticator, subjectInformation, AASRegistryScopes.READ_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(aasId), IdHelper.getIdentifierId(smId), IdHelper.getReferenceId(smSemanticId), null));
return smSupplier.get();
}
diff --git a/src/main/java/org/eclipse/basyx/extensions/internal/storage/BaSyxStorageAPI.java b/src/main/java/org/eclipse/basyx/extensions/internal/storage/BaSyxStorageAPI.java
index 54a52e3e..7b2330f6 100644
--- a/src/main/java/org/eclipse/basyx/extensions/internal/storage/BaSyxStorageAPI.java
+++ b/src/main/java/org/eclipse/basyx/extensions/internal/storage/BaSyxStorageAPI.java
@@ -24,11 +24,17 @@
******************************************************************************/
package org.eclipse.basyx.extensions.internal.storage;
+import java.io.File;
+import java.io.InputStream;
+import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
+import java.util.stream.Collectors;
+import org.apache.commons.collections4.CollectionUtils;
import org.eclipse.basyx.aas.metamodel.api.IAssetAdministrationShell;
import org.eclipse.basyx.aas.metamodel.map.descriptor.AASDescriptor;
+import org.eclipse.basyx.aas.metamodel.map.descriptor.ModelDescriptor;
import org.eclipse.basyx.submodel.metamodel.api.ISubmodel;
import org.eclipse.basyx.submodel.metamodel.api.qualifier.IIdentifiable;
import org.eclipse.basyx.submodel.metamodel.api.submodelelement.ISubmodelElement;
@@ -54,6 +60,13 @@ public abstract class BaSyxStorageAPI implements IBaSyxStorageAPI {
protected final String COLLECTION_NAME;
protected final Class TYPE;
+ /**
+ * The default constructor is primarily used for mocking purposes of the class.
+ */
+ BaSyxStorageAPI() {
+ this(null, null);
+ }
+
/**
*
* @param collectionName
@@ -68,9 +81,10 @@ public BaSyxStorageAPI(String collectionName, Class type) {
}
/**
- * DISCLAIMER: Currently only supports to extract keys from IIdentifiables.
- * Helper method that extracts a key for persistence storage requests from an
- * object.
+ * DISCLAIMER: Currently only supports to extract keys from IIdentifiables and
+ * ModelDescriptors.
+ * Helper method that extracts a key for persistence storage
+ * requests from an object.
*
* @param obj
* An object that contains a key that can be used to find the
@@ -78,10 +92,16 @@ public BaSyxStorageAPI(String collectionName, Class type) {
* @return The key
*/
protected String getKey(T obj) {
- if (!(obj instanceof IIdentifiable)) {
- throw new IllegalArgumentException("Can only extract a key from a object of type " + IIdentifiable.class.getName());
+ if (!(obj instanceof IIdentifiable || obj instanceof ModelDescriptor)) {
+ throw new IllegalArgumentException("Can only extract a key from a object of types " + IIdentifiable.class.getName() + " or " + ModelDescriptor.class.getName());
+ }
+
+ if (obj instanceof ModelDescriptor) {
+ return ((ModelDescriptor) obj).getIdentifier().getId();
+ } else {
+ return ((IIdentifiable) obj).getIdentification().getId();
+
}
- return ((IIdentifiable) obj).getIdentification().getId();
}
/**
@@ -98,6 +118,22 @@ protected String getKey(T obj) {
*/
public abstract T rawRetrieve(String key);
+ public abstract Collection rawRetrieveAll();
+
+ public abstract File getFile(String key, String parentKey, Map objMap);
+
+ public abstract String writeFile(String key, String parentKey, InputStream fileStream, ISubmodelElement submodelElement);
+
+ public abstract void deleteFile(Submodel submodel, String idShort);
+
+ /**
+ * This Method shall return an implementation specific connection object which
+ * can be used to implement more advanced operations on the storage.
+ *
+ * @return An object that can be used for direct storage access
+ */
+ public abstract Object getStorageConnection();
+
/**
* Returns a Object that was originally retrieved from the abstract method
* {@code rawRetrieve}. If the object to be returned is a submodel type, it will
@@ -113,6 +149,20 @@ public T retrieve(String key) {
return retrieved;
}
+ @SuppressWarnings("unchecked")
+ @Override
+ public Collection retrieveAll() {
+ Collection retrieves = rawRetrieveAll();
+ if (!CollectionUtils.isEmpty(retrieves) && isSubmodelType(getElementClass(retrieves))) {
+ return (Collection) retrieves.stream().map(submodel -> handleRetrievedSubmodel((Submodel) submodel)).collect(Collectors.toList());
+ }
+ return retrieves;
+ }
+
+ private Class getElementClass(Collection collection) {
+ return collection.iterator().next().getClass();
+ }
+
/**
* Helper to bring the SubmodelElements a retrieved SubmodelObject to the
* correct Type of ISubmodelElements. Background: SubmodelsElements are
@@ -129,7 +179,7 @@ public T retrieve(String key) {
@SuppressWarnings("unchecked")
protected Submodel handleRetrievedSubmodel(Submodel retrieved) {
Map> elementMaps = (Map>) retrieved.get(Submodel.SUBMODELELEMENT);
- Map elements = forceToISubmodelElements(elementMaps);
+ Map elements = enforceISubmodelElements(elementMaps);
retrieved.put(Submodel.SUBMODELELEMENT, elements);
return retrieved;
}
@@ -146,7 +196,7 @@ protected Submodel handleRetrievedSubmodel(Submodel retrieved) {
* can be get with {@code submodel.get(Submodel.SUBMODELELEMENT)}))
* @return A map in the expected form of {@code Map}
*/
- private Map forceToISubmodelElements(Map> submodelElementObjectMap) {
+ private Map enforceISubmodelElements(Map> submodelElementObjectMap) {
Map elements = new HashMap<>();
submodelElementObjectMap.forEach((idShort, elementMap) -> {
@@ -156,31 +206,23 @@ private Map forceToISubmodelElements(Map type) {
return ISubmodel.class.isAssignableFrom(type);
}
- /*
- * Not yet tested
- */
protected boolean isShellType(Class type) {
return IAssetAdministrationShell.class.isAssignableFrom(type);
}
- /*
- * Not yet tested
- */
protected boolean isAASDescriptorType(Class type) {
return AASDescriptor.class.isAssignableFrom(type);
}
- /*
- * Not yet tested
- */
protected boolean isBaSyxType(Class type) {
return (isShellType(type) || isSubmodelType(type) || isAASDescriptorType(type));
}
+
+ public String getCollectionName() {
+ return COLLECTION_NAME;
+ }
}
diff --git a/src/main/java/org/eclipse/basyx/extensions/shared/authorization/internal/BaSyxObjectTargetInformation.java b/src/main/java/org/eclipse/basyx/extensions/shared/authorization/internal/BaSyxObjectTargetInformation.java
index 417120b3..2be1691f 100644
--- a/src/main/java/org/eclipse/basyx/extensions/shared/authorization/internal/BaSyxObjectTargetInformation.java
+++ b/src/main/java/org/eclipse/basyx/extensions/shared/authorization/internal/BaSyxObjectTargetInformation.java
@@ -35,7 +35,7 @@
/**
* Specialization of {@link TargetInformation} that uses the
- * aasId/smId/smElIdShortPath tuple.
+ * aasId/smId/smSemanticId/smElIdShortPath tuple.
*
* @author wege
*/
@@ -43,6 +43,7 @@
public class BaSyxObjectTargetInformation implements TargetInformation {
private String aasId;
private String smId;
+ private String smSemanticId;
private String smElIdShortPath;
public String getAasId() {
@@ -53,22 +54,64 @@ public String getSmId() {
return smId;
}
+ public String getSmSemanticId() {
+ return smSemanticId;
+ }
+
public String getSmElIdShortPath() {
return smElIdShortPath;
}
@JsonCreator
- public BaSyxObjectTargetInformation(final @JsonProperty("aasId") String aasId, final @JsonProperty("smId") String smId, final @JsonProperty("smElIdShortPath") String smElIdShortPath) {
+ public BaSyxObjectTargetInformation(
+ final @JsonProperty("aasId") String aasId,
+ final @JsonProperty("smId") String smId,
+ final @JsonProperty("smSemanticId") String smSemanticId,
+ final @JsonProperty("smElIdShortPath") String smElIdShortPath
+ ) {
this.aasId = aasId;
this.smId = smId;
+ this.smSemanticId = smSemanticId;
this.smElIdShortPath = smElIdShortPath;
}
+ public static class Builder {
+ private String aasId;
+ private String smId;
+ private String smSemanticId;
+ private String smElIdShortPath;
+
+ public Builder setAasId(final String aasId) {
+ this.aasId = aasId;
+ return this;
+ }
+
+ public Builder setSmId(final String smId) {
+ this.smId = smId;
+ return this;
+ }
+
+ public Builder setSmSemanticId(final String smSemanticId) {
+ this.smSemanticId = smSemanticId;
+ return this;
+ }
+
+ public Builder setSmElIdShortPath(final String smElIdShortPath) {
+ this.smElIdShortPath = smElIdShortPath;
+ return this;
+ }
+
+ public BaSyxObjectTargetInformation build() {
+ return new BaSyxObjectTargetInformation(aasId, smId, smSemanticId, smElIdShortPath);
+ }
+ }
+
@Override
public Map toMap() {
final Map map = new HashMap<>();
map.put("aasId", aasId);
map.put("smId", smId);
+ map.put("smSemanticId", smSemanticId);
map.put("smElIdShortPath", smElIdShortPath);
return map;
}
@@ -85,17 +128,36 @@ public boolean equals(final Object o) {
final BaSyxObjectTargetInformation other = (BaSyxObjectTargetInformation) o;
- return new EqualsBuilder().append(getAasId(), other.getAasId()).append(getSmId(), other.getSmId()).append(getSmElIdShortPath(), other.getSmElIdShortPath()).isEquals();
+ return new EqualsBuilder()
+ .append(getAasId(), other.getAasId())
+ .append(getSmId(), other.getSmId())
+ .append(getSmSemanticId(), other.getSmSemanticId())
+ .append(getSmElIdShortPath(), other.getSmElIdShortPath())
+ .isEquals();
}
@Override
public int hashCode() {
- return new HashCodeBuilder(17, 37).append(getAasId()).append(getSmId()).append(getSmElIdShortPath()).toHashCode();
+ return new HashCodeBuilder(17, 37)
+ .append(getAasId())
+ .append(getSmId())
+ .append(getSmSemanticId())
+ .append(getSmElIdShortPath())
+ .toHashCode();
}
@Override
public String toString() {
- return new StringBuilder("BaSyxObjectTargetInformation{").append("aasId='").append(aasId).append('\'').append(", smId='").append(smId).append('\'').append(", smElIdShortPath='").append(smElIdShortPath).append('\'').append('}')
+ return new StringBuilder("BaSyxObjectTargetInformation{")
+ .append("aasId='").append(aasId)
+ .append('\'')
+ .append(", smId='").append(smId)
+ .append('\'')
+ .append(", smSemanticId='").append(smSemanticId)
+ .append('\'')
+ .append(", smElIdShortPath='").append(smElIdShortPath)
+ .append('\'')
+ .append('}')
.toString();
}
}
diff --git a/src/main/java/org/eclipse/basyx/extensions/shared/authorization/internal/KeycloakRoleAuthenticator.java b/src/main/java/org/eclipse/basyx/extensions/shared/authorization/internal/KeycloakRoleAuthenticator.java
index a3e1944f..bf8c6034 100644
--- a/src/main/java/org/eclipse/basyx/extensions/shared/authorization/internal/KeycloakRoleAuthenticator.java
+++ b/src/main/java/org/eclipse/basyx/extensions/shared/authorization/internal/KeycloakRoleAuthenticator.java
@@ -30,6 +30,7 @@
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
+
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.context.SecurityContextHolder;
@@ -59,19 +60,54 @@ private List jwtStr2roles(JwtAuthenticationToken token) {
logger.info("jwt: {}", token.getTokenAttributes());
try {
- final Object realmAccessObject = token.getTokenAttributes().get("realm_access");
-
- final Map realmAccess = (Map) realmAccessObject;
+ final List realmRoles = getRealmAccessRoles(token);
+ final List resourceRoles = getResoureAccessRoles(token);
- final Object rolesObject = realmAccess.get("roles");
+ final List roles = new ArrayList<>();
+ roles.addAll(realmRoles);
+ roles.addAll(resourceRoles);
- if (rolesObject != null) {
- final List roles = (List) rolesObject;
- return roles.stream().map(Object::toString).collect(Collectors.toList());
+ if (!roles.isEmpty()) {
+ return roles;
}
} catch (final Exception e) {
logger.error(e.getMessage(), e);
}
return new ArrayList<>(Collections.singletonList("anonymous"));
}
+
+ private List getRealmAccessRoles(JwtAuthenticationToken token) {
+ final Object realmAccessObject = token.getTokenAttributes().get("realm_access");
+
+ if (realmAccessObject == null) {
+ return Collections.emptyList();
+ }
+
+ return getCategoryRoles(realmAccessObject);
+ }
+
+ private List getResoureAccessRoles(JwtAuthenticationToken token) {
+ final Object resourceAccessObject = token.getTokenAttributes().get("resource_access");
+
+ if (resourceAccessObject == null) {
+ return Collections.emptyList();
+ }
+
+ final Map resourceAccess = (Map) resourceAccessObject;
+
+ return resourceAccess.values().stream().map(this::getCategoryRoles).flatMap(List::stream).collect(Collectors.toList());
+ }
+
+ @SuppressWarnings("unchecked")
+ private List getCategoryRoles(Object categoryObject) {
+ final Map category = (Map) categoryObject;
+
+ final Object rolesObject = category.get("roles");
+
+ if (rolesObject == null) {
+ return Collections.emptyList();
+ }
+
+ return (List) rolesObject;
+ }
}
diff --git a/src/main/java/org/eclipse/basyx/extensions/shared/authorization/internal/PredefinedSetRbacRuleChecker.java b/src/main/java/org/eclipse/basyx/extensions/shared/authorization/internal/PredefinedSetRbacRuleChecker.java
index 693a7d3b..f04d1645 100644
--- a/src/main/java/org/eclipse/basyx/extensions/shared/authorization/internal/PredefinedSetRbacRuleChecker.java
+++ b/src/main/java/org/eclipse/basyx/extensions/shared/authorization/internal/PredefinedSetRbacRuleChecker.java
@@ -75,15 +75,23 @@ private boolean checkActionMatchesRbacRule(final RbacRule rbacRule, final String
return rbacRule.getAction().equals("*") || rbacRule.getAction().equals(action);
}
- private boolean checkRbacRuleMatchesTargetInformation(final RbacRule rbacRule, final TargetInformation targetInformation) {
- final Map targetInformationMap = targetInformation.toMap();
+ private boolean checkRbacRuleMatchesTargetInformation(final RbacRule rbacRule, final TargetInformation matchTargetInformation) {
+ final TargetInformation rbacRuleTargetInformation = rbacRule.getTargetInformation();
+ if (!rbacRuleTargetInformation.getClass().isAssignableFrom(matchTargetInformation.getClass())) {
+ // return false if the type of the target is not the same or a subtype of the target information specified in the rbac rule
+ // otherwise two target information objects of unrelated types may be found equal if their properties match since
+ // the type property is not considered
+ return false;
+ }
+
+ final Map matchTargetInformationMap = matchTargetInformation.toMap();
final Map rbacRuleTargetInformationMap = rbacRule.getTargetInformation().toMap();
- for (final Map.Entry targetInfo : targetInformationMap.entrySet()) {
- final String key = targetInfo.getKey();
- final String targetInfoValue = targetInfo.getValue();
+ for (final Map.Entry matchTargetInformationMapEntry : matchTargetInformationMap.entrySet()) {
+ final String key = matchTargetInformationMapEntry.getKey();
+ final String matchTargetInformationSingleValue = matchTargetInformationMapEntry.getValue();
final String rbacRuleValue = rbacRuleTargetInformationMap.get(key);
- if (!checkRegexStringMatch(rbacRuleValue, targetInfoValue)) {
+ if (!checkRegexStringMatch(rbacRuleValue, matchTargetInformationSingleValue)) {
return false;
}
}
diff --git a/src/main/java/org/eclipse/basyx/extensions/shared/authorization/internal/RbacRule.java b/src/main/java/org/eclipse/basyx/extensions/shared/authorization/internal/RbacRule.java
index 79c7def2..b6eaf37e 100644
--- a/src/main/java/org/eclipse/basyx/extensions/shared/authorization/internal/RbacRule.java
+++ b/src/main/java/org/eclipse/basyx/extensions/shared/authorization/internal/RbacRule.java
@@ -78,16 +78,28 @@ public boolean equals(final Object o) {
final RbacRule rbacRule = (RbacRule) o;
- return new EqualsBuilder().append(getRole(), rbacRule.getRole()).append(getAction(), rbacRule.getAction()).append(getTargetInformation(), rbacRule.getTargetInformation()).isEquals();
+ return new EqualsBuilder()
+ .append(getRole(), rbacRule.getRole())
+ .append(getAction(), rbacRule.getAction())
+ .append(getTargetInformation(), rbacRule.getTargetInformation())
+ .isEquals();
}
@Override
public int hashCode() {
- return new HashCodeBuilder(17, 37).append(getRole()).append(getAction()).append(getTargetInformation()).toHashCode();
+ return new HashCodeBuilder(17, 37)
+ .append(getRole())
+ .append(getAction())
+ .append(getTargetInformation())
+ .toHashCode();
}
@Override
public String toString() {
- return new StringBuilder("RbacRule{").append("role='").append(role).append('\'').append(", action='").append(action).append('\'').append(", targetInformation='").append(targetInformation).append('\'').append('}').toString();
+ return new StringBuilder("RbacRule{").append("role='")
+ .append(role).append('\'').append(", action='")
+ .append(action).append('\'').append(", targetInformation='")
+ .append(targetInformation).append('\'').append('}')
+ .toString();
}
}
diff --git a/src/main/java/org/eclipse/basyx/extensions/shared/authorization/internal/RbacRuleDTO.java b/src/main/java/org/eclipse/basyx/extensions/shared/authorization/internal/RbacRuleDTO.java
index c1d92cd5..1bc0b741 100644
--- a/src/main/java/org/eclipse/basyx/extensions/shared/authorization/internal/RbacRuleDTO.java
+++ b/src/main/java/org/eclipse/basyx/extensions/shared/authorization/internal/RbacRuleDTO.java
@@ -49,9 +49,15 @@ public Map getTargetInformation() {
return targetInformation;
}
- private RbacRuleDTO() {
+ public RbacRuleDTO() {
role = "";
action = "";
targetInformation = new HashMap<>();
}
+
+ public RbacRuleDTO(final String role, final String action, final Map targetInformation) {
+ this.role = role;
+ this.action = action;
+ this.targetInformation = targetInformation;
+ }
}
diff --git a/src/main/java/org/eclipse/basyx/extensions/shared/authorization/internal/RbacRuleSetDeserializer.java b/src/main/java/org/eclipse/basyx/extensions/shared/authorization/internal/RbacRuleSetDeserializer.java
index db2b7366..771b5467 100644
--- a/src/main/java/org/eclipse/basyx/extensions/shared/authorization/internal/RbacRuleSetDeserializer.java
+++ b/src/main/java/org/eclipse/basyx/extensions/shared/authorization/internal/RbacRuleSetDeserializer.java
@@ -24,20 +24,27 @@
******************************************************************************/
package org.eclipse.basyx.extensions.shared.authorization.internal;
-import com.fasterxml.jackson.annotation.JsonCreator;
-import com.fasterxml.jackson.annotation.JsonProperty;
-import com.fasterxml.jackson.annotation.JsonTypeInfo;
-import com.fasterxml.jackson.annotation.JsonTypeInfo.Id;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.fasterxml.jackson.databind.jsontype.NamedType;
+import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
+import java.util.ArrayList;
import java.util.Arrays;
+import java.util.List;
+import java.util.Map;
import java.util.function.Consumer;
+
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.annotation.JsonTypeInfo;
+import com.fasterxml.jackson.annotation.JsonTypeInfo.Id;
+import com.fasterxml.jackson.databind.DeserializationFeature;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.jsontype.NamedType;
+
/**
* Deserializer for {@link RbacRuleSet}.
*
@@ -75,6 +82,7 @@ public RbacRuleSetDeserializer() {
public RbacRuleSetDeserializer(final Consumer objectMapperConsumer) {
objectMapper = new ObjectMapper();
+ objectMapper.enable(DeserializationFeature.ACCEPT_SINGLE_VALUE_AS_ARRAY);
objectMapper.addMixIn(RbacRule.class, RbacRuleMixin.class);
objectMapper.addMixIn(TargetInformation.class, TargetInformationMixin.class).registerSubtypes(new NamedType(BaSyxObjectTargetInformation.class, "basyx"), new NamedType(TagTargetInformation.class, "tag"));
objectMapperConsumer.accept(objectMapper);
@@ -86,11 +94,7 @@ public RbacRuleSet fromFile(final String filePath) throws IOException {
}
logger.info("loading rbac rules...");
- try (final InputStream inputStream = RbacRuleSet.class.getResourceAsStream(filePath)) {
- if (inputStream == null) {
- throw new FileNotFoundException("could not find " + filePath);
- }
-
+ try (final InputStream inputStream = getInputStreamFromFile(filePath)) {
final RbacRule[] rbacRules = deserialize(inputStream);
logger.info("Read rbac rules: {}", Arrays.toString(rbacRules));
@@ -100,7 +104,82 @@ public RbacRuleSet fromFile(final String filePath) throws IOException {
}
}
+ private InputStream getInputStreamFromFile(final String filePath) throws IOException {
+ try {
+ final InputStream inputStream = new FileInputStream(filePath);
+ logger.info("read {} from file system", filePath);
+ return inputStream;
+ } catch (FileNotFoundException e) {
+ // did not find file on file system, fallback to read from classpath next
+ logger.info("did not find {} in file system, try classpath next", filePath);
+ }
+ try {
+ final InputStream inputStream = RbacRuleSet.class.getResourceAsStream(filePath);
+ if (inputStream == null) {
+ throw new FileNotFoundException("could not find " + filePath);
+ }
+ logger.info("read {} from classpath", filePath);
+ return inputStream;
+ } catch (FileNotFoundException e) {
+ // did not find file on classpath, give up
+ logger.info("did not find {} on classpath, give up", filePath);
+ }
+ throw new IOException("could not find " + filePath);
+ }
+
+ @SuppressWarnings("unused")
+ private static class RbacRuleMultiple {
+ String role;
+ String[] actions;
+ Map[] targetInformation;
+
+ public RbacRuleMultiple() {
+ }
+
+ public RbacRuleMultiple(final @JsonProperty("role") String role, final @JsonProperty("action") String[] actions, final @JsonProperty("targetInformation") Map[] targetInformation) {
+ this.role = role;
+ this.actions = actions;
+ this.targetInformation = targetInformation;
+ }
+
+ public String getRole() {
+ return role;
+ }
+
+ public String[] getActions() {
+ return actions;
+ }
+
+ public Map[] getTargetInformation() {
+ return targetInformation;
+ }
+ }
+
+ private static class Pair {
+ private final T first;
+ private final U second;
+
+ public Pair(final T first, final U second) {
+ this.first = first;
+ this.second = second;
+ }
+ }
+
+ private List> cartesianProduct2(final T[] firsts, final U[] seconds) {
+ final List> result = new ArrayList<>();
+
+ for (final T first : firsts) {
+ for (final U second : seconds) {
+ result.add(new Pair<>(first, second));
+ }
+ }
+
+ return result;
+ }
+
public RbacRule[] deserialize(final InputStream inputStream) throws IOException {
- return objectMapper.readValue(inputStream, RbacRule[].class);
+ final RbacRuleMultiple[] rbacRulesRaw = objectMapper.readValue(inputStream, RbacRuleMultiple[].class);
+ return Arrays.stream(rbacRulesRaw).flatMap(raw -> cartesianProduct2(raw.actions, raw.targetInformation).stream().map(pair -> objectMapper.convertValue(new RbacRuleDTO(raw.role, pair.first, pair.second), RbacRule.class)))
+ .toArray(RbacRule[]::new);
}
-}
+}
\ No newline at end of file
diff --git a/src/main/java/org/eclipse/basyx/extensions/shared/authorization/internal/SimpleRbacInhibitException.java b/src/main/java/org/eclipse/basyx/extensions/shared/authorization/internal/SimpleRbacInhibitException.java
index 1d2de5aa..0ee844ea 100644
--- a/src/main/java/org/eclipse/basyx/extensions/shared/authorization/internal/SimpleRbacInhibitException.java
+++ b/src/main/java/org/eclipse/basyx/extensions/shared/authorization/internal/SimpleRbacInhibitException.java
@@ -64,7 +64,7 @@ public InhibitException reduceSmIdToSmIdShortPath(final String smIdShortPath) {
private TargetInformation reduceSmIdToSmIdShortPath_convertTargetInformation(final String smIdShortPath) {
if (targetInformation instanceof BaSyxObjectTargetInformation) {
- return new BaSyxObjectTargetInformation(((BaSyxObjectTargetInformation) targetInformation).getAasId(), ((BaSyxObjectTargetInformation) targetInformation).getSmId(), String.format("(id of %s)", smIdShortPath));
+ return new BaSyxObjectTargetInformation(((BaSyxObjectTargetInformation) targetInformation).getAasId(), ((BaSyxObjectTargetInformation) targetInformation).getSmId(), ((BaSyxObjectTargetInformation) targetInformation).getSmSemanticId(), String.format("(id of %s)", smIdShortPath));
}
return targetInformation;
diff --git a/src/main/java/org/eclipse/basyx/extensions/shared/authorization/internal/TagTargetInformation.java b/src/main/java/org/eclipse/basyx/extensions/shared/authorization/internal/TagTargetInformation.java
index de2f8919..285c23a2 100644
--- a/src/main/java/org/eclipse/basyx/extensions/shared/authorization/internal/TagTargetInformation.java
+++ b/src/main/java/org/eclipse/basyx/extensions/shared/authorization/internal/TagTargetInformation.java
@@ -81,6 +81,6 @@ public int hashCode() {
@Override
public String toString() {
- return new StringBuilder("BaSyxObjectTargetInformation{").append("tag='").append(tag).append('\'').append('}').toString();
+ return new StringBuilder("TagTargetInformation{").append("tag='").append(tag).append('\'').append('}').toString();
}
}
diff --git a/src/main/java/org/eclipse/basyx/extensions/submodel/aggregator/authorization/internal/AuthorizedSubmodelAggregator.java b/src/main/java/org/eclipse/basyx/extensions/submodel/aggregator/authorization/internal/AuthorizedSubmodelAggregator.java
index 3b1abe15..396d4226 100644
--- a/src/main/java/org/eclipse/basyx/extensions/submodel/aggregator/authorization/internal/AuthorizedSubmodelAggregator.java
+++ b/src/main/java/org/eclipse/basyx/extensions/submodel/aggregator/authorization/internal/AuthorizedSubmodelAggregator.java
@@ -39,8 +39,13 @@
import org.eclipse.basyx.submodel.aggregator.api.ISubmodelAggregator;
import org.eclipse.basyx.submodel.metamodel.api.ISubmodel;
import org.eclipse.basyx.submodel.metamodel.api.identifier.IIdentifier;
+import org.eclipse.basyx.submodel.metamodel.api.identifier.IdentifierType;
import org.eclipse.basyx.submodel.metamodel.api.qualifier.IIdentifiable;
+import org.eclipse.basyx.submodel.metamodel.api.reference.IReference;
+import org.eclipse.basyx.submodel.metamodel.api.reference.enums.KeyElements;
import org.eclipse.basyx.submodel.metamodel.map.Submodel;
+import org.eclipse.basyx.submodel.metamodel.map.reference.Key;
+import org.eclipse.basyx.submodel.metamodel.map.reference.Reference;
import org.eclipse.basyx.submodel.restapi.api.ISubmodelAPI;
import org.eclipse.basyx.vab.exception.provider.ResourceNotFoundException;
import org.slf4j.Logger;
@@ -120,7 +125,9 @@ public ISubmodel getSubmodel(final IIdentifier identifier) throws ResourceNotFou
}
protected ISubmodel authorizeGetSubmodel(final IIdentifier smId) throws ResourceNotFoundException, InhibitException {
- return submodelAggregatorAuthorizer.authorizeGetSubmodel(subjectInformationProvider.get(), aas, smId, () -> decoratedSubmodelAggregator.getSubmodel(smId));
+ final ISubmodel sm = getSmUnsecured(smId);
+ final IReference smSemanticId = getSmSemanticIdUnsecured(sm);
+ return submodelAggregatorAuthorizer.authorizeGetSubmodel(subjectInformationProvider.get(), aas, smId, smSemanticId, () -> decoratedSubmodelAggregator.getSubmodel(smId));
}
@Override
@@ -137,7 +144,10 @@ public ISubmodel getSubmodelbyIdShort(final String smIdShortPath) throws Resourc
}
protected ISubmodel authorizeGetSubmodelbyIdShort(final String smIdShortPath) throws ResourceNotFoundException, InhibitException {
- return submodelAggregatorAuthorizer.authorizeGetSubmodelbyIdShort(subjectInformationProvider.get(), aas, smIdShortPath, () -> decoratedSubmodelAggregator.getSubmodelbyIdShort(smIdShortPath));
+ final ISubmodel sm = getSmUnsecured(smIdShortPath);
+ final IIdentifier smId = getSmIdUnsecured(sm);
+ final IReference smSemanticId = getSmSemanticIdUnsecured(sm);
+ return submodelAggregatorAuthorizer.authorizeGetSubmodelbyIdShort(subjectInformationProvider.get(), aas, smId, smSemanticId, () -> decoratedSubmodelAggregator.getSubmodelbyIdShort(smIdShortPath));
}
@Override
@@ -154,7 +164,9 @@ public ISubmodelAPI getSubmodelAPIById(final IIdentifier identifier) throws Reso
}
protected ISubmodelAPI authorizeGetSubmodelAPIById(final IIdentifier smId) throws ResourceNotFoundException, InhibitException {
- return submodelAggregatorAuthorizer.authorizeGetSubmodelAPIById(subjectInformationProvider.get(), aas, smId, () -> decoratedSubmodelAggregator.getSubmodelAPIById(smId));
+ final ISubmodel sm = getSmUnsecured(smId);
+ final IReference smSemanticId = getSmSemanticIdUnsecured(sm);
+ return submodelAggregatorAuthorizer.authorizeGetSubmodelAPIById(subjectInformationProvider.get(), aas, smId, smSemanticId, () -> decoratedSubmodelAggregator.getSubmodelAPIById(smId));
}
@Override
@@ -171,9 +183,12 @@ public ISubmodelAPI getSubmodelAPIByIdShort(final String smIdShortPath) throws R
}
protected ISubmodelAPI authorizeGetSubmodelAPIByIdShort(final String smIdShortPath) throws ResourceNotFoundException, InhibitException {
+ final ISubmodel sm = getSmUnsecured(smIdShortPath);
+ final IIdentifier smId = getSmIdUnsecured(sm);
+ final IReference smSemanticId = getSmSemanticIdUnsecured(sm);
try {
try {
- return submodelAggregatorAuthorizer.authorizeGetSubmodelAPIByIdShort(subjectInformationProvider.get(), aas, smIdShortPath, () -> decoratedSubmodelAggregator.getSubmodelAPIByIdShort(smIdShortPath));
+ return submodelAggregatorAuthorizer.authorizeGetSubmodelAPIByIdShort(subjectInformationProvider.get(), aas, smId, smSemanticId, () -> decoratedSubmodelAggregator.getSubmodelAPIByIdShort(smIdShortPath));
} catch (final InhibitException inhibitException) {
throw inhibitException.reduceSmIdToSmIdShortPath(smIdShortPath);
}
@@ -182,7 +197,9 @@ protected ISubmodelAPI authorizeGetSubmodelAPIByIdShort(final String smIdShortPa
// submodel,
// if no, the authorization will throw an InhibitException, otherwise we throw
// the ResourceNotFoundException
- submodelAggregatorAuthorizer.authorizeGetSubmodelAPIById(subjectInformationProvider.get(), aas, new ModelUrn("*"), () -> null);
+ final IIdentifier anySmId = new ModelUrn("*");
+ final IReference anySemanticSmId = new Reference(new Key(KeyElements.SUBMODEL, true, "*", IdentifierType.CUSTOM));
+ submodelAggregatorAuthorizer.authorizeGetSubmodelAPIById(subjectInformationProvider.get(), aas, anySmId, anySemanticSmId, () -> null);
throw resourceNotFoundException;
}
@@ -204,7 +221,9 @@ public void createSubmodel(final Submodel submodel) {
}
protected void authorizeCreateSubmodel(final IIdentifier smId) throws InhibitException {
- submodelAggregatorAuthorizer.authorizeCreateSubmodel(subjectInformationProvider.get(), aas, smId);
+ final ISubmodel sm = getSmUnsecured(smId);
+ final IReference smSemanticId = getSmSemanticIdUnsecured(sm);
+ submodelAggregatorAuthorizer.authorizeCreateSubmodel(subjectInformationProvider.get(), aas, smId, smSemanticId);
}
@Override
@@ -224,7 +243,9 @@ public void createSubmodel(final ISubmodelAPI submodelAPI) {
protected void authorizeCreateSubmodel(final ISubmodelAPI submodelAPI) throws InhibitException {
final IIdentifier smId = Optional.ofNullable(submodelAPI).map(ISubmodelAPI::getSubmodel).map(IIdentifiable::getIdentification).orElse(null);
- submodelAggregatorAuthorizer.authorizeCreateSubmodel(subjectInformationProvider.get(), aas, smId);
+ final ISubmodel sm = getSmUnsecured(smId);
+ final IReference smSemanticId = getSmSemanticIdUnsecured(sm);
+ submodelAggregatorAuthorizer.authorizeCreateSubmodel(subjectInformationProvider.get(), aas, smId, smSemanticId);
}
@Override
@@ -244,7 +265,9 @@ public void updateSubmodel(final Submodel submodel) throws ResourceNotFoundExcep
}
protected void authorizeUpdateSubmodel(final IIdentifier smId) throws InhibitException {
- submodelAggregatorAuthorizer.authorizeUpdateSubmodel(subjectInformationProvider.get(), aas, smId);
+ final ISubmodel sm = getSmUnsecured(smId);
+ final IReference smSemanticId = getSmSemanticIdUnsecured(sm);
+ submodelAggregatorAuthorizer.authorizeUpdateSubmodel(subjectInformationProvider.get(), aas, smId, smSemanticId);
}
@Override
@@ -263,7 +286,9 @@ public void deleteSubmodelByIdentifier(final IIdentifier identifier) {
}
protected void authorizeDeleteSubmodelByIdentifier(final IIdentifier smId) throws InhibitException {
- submodelAggregatorAuthorizer.authorizeDeleteSubmodelByIdentifier(subjectInformationProvider.get(), aas, smId);
+ final ISubmodel sm = getSmUnsecured(smId);
+ final IReference smSemanticId = getSmSemanticIdUnsecured(sm);
+ submodelAggregatorAuthorizer.authorizeDeleteSubmodelByIdentifier(subjectInformationProvider.get(), aas, smId, smSemanticId);
}
@Override
@@ -284,7 +309,14 @@ public void deleteSubmodelByIdShort(final String smIdShortPath) {
protected void authorizeDeleteSubmodelByIdShort(final String smIdShortPath) throws InhibitException {
final ISubmodel sm = getSmUnsecured(smIdShortPath);
final IIdentifier smId = getSmIdUnsecured(sm);
- submodelAggregatorAuthorizer.authorizeDeleteSubmodelByIdentifier(subjectInformationProvider.get(), aas, smId);
+ final IReference smSemanticId = getSmSemanticIdUnsecured(sm);
+ submodelAggregatorAuthorizer.authorizeDeleteSubmodelByIdentifier(subjectInformationProvider.get(), aas, smId, smSemanticId);
+ }
+
+ private ISubmodel getSmUnsecured(final IIdentifier smId) throws ResourceNotFoundException {
+ try (final ElevatedCodeAuthenticationAreaHandler ignored = ElevatedCodeAuthentication.enterElevatedCodeAuthenticationArea()) {
+ return decoratedSubmodelAggregator.getSubmodel(smId);
+ }
}
private ISubmodel getSmUnsecured(final String smIdShortPath) throws ResourceNotFoundException {
@@ -302,4 +334,14 @@ private IIdentifier getSmIdUnsecured(final ISubmodel sm) throws ResourceNotFound
return sm.getIdentification();
}
}
+
+ private IReference getSmSemanticIdUnsecured(final ISubmodel sm) throws ResourceNotFoundException {
+ if (sm == null) {
+ return null;
+ }
+
+ try (final ElevatedCodeAuthenticationAreaHandler ignored = ElevatedCodeAuthentication.enterElevatedCodeAuthenticationArea()) {
+ return sm.getSemanticId();
+ }
+ }
}
diff --git a/src/main/java/org/eclipse/basyx/extensions/submodel/aggregator/authorization/internal/GrantedAuthoritySubmodelAggregatorAuthorizer.java b/src/main/java/org/eclipse/basyx/extensions/submodel/aggregator/authorization/internal/GrantedAuthoritySubmodelAggregatorAuthorizer.java
index b4ead7f8..fb96ba29 100644
--- a/src/main/java/org/eclipse/basyx/extensions/submodel/aggregator/authorization/internal/GrantedAuthoritySubmodelAggregatorAuthorizer.java
+++ b/src/main/java/org/eclipse/basyx/extensions/submodel/aggregator/authorization/internal/GrantedAuthoritySubmodelAggregatorAuthorizer.java
@@ -32,6 +32,7 @@
import org.eclipse.basyx.extensions.shared.authorization.internal.InhibitException;
import org.eclipse.basyx.submodel.metamodel.api.ISubmodel;
import org.eclipse.basyx.submodel.metamodel.api.identifier.IIdentifier;
+import org.eclipse.basyx.submodel.metamodel.api.reference.IReference;
import org.eclipse.basyx.submodel.restapi.api.ISubmodelAPI;
/**
@@ -54,45 +55,49 @@ public Collection authorizeGetSubmodelList(final SubjectInformationTy
}
@Override
- public ISubmodel authorizeGetSubmodel(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final IIdentifier smId, final Supplier smSupplier) throws InhibitException {
+ public ISubmodel authorizeGetSubmodel(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final IIdentifier smId, final IReference smSemanticId, final Supplier smSupplier)
+ throws InhibitException {
GrantedAuthorityHelper.checkAuthority(grantedAuthorityAuthenticator, subjectInformation, AuthorizedSubmodelAggregator.READ_AUTHORITY);
return smSupplier.get();
}
@Override
- public ISubmodel authorizeGetSubmodelbyIdShort(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final String smIdShortPath, final Supplier smSupplier) throws InhibitException {
+ public ISubmodel authorizeGetSubmodelbyIdShort(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final IIdentifier smId, final IReference smSemanticId, final Supplier smSupplier)
+ throws InhibitException {
GrantedAuthorityHelper.checkAuthority(grantedAuthorityAuthenticator, subjectInformation, AuthorizedSubmodelAggregator.READ_AUTHORITY);
return smSupplier.get();
}
@Override
- public ISubmodelAPI authorizeGetSubmodelAPIById(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final IIdentifier smId, final Supplier smAPISupplier) throws InhibitException {
+ public ISubmodelAPI authorizeGetSubmodelAPIById(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final IIdentifier smId, final IReference smSemanticId, final Supplier smAPISupplier)
+ throws InhibitException {
GrantedAuthorityHelper.checkAuthority(grantedAuthorityAuthenticator, subjectInformation, AuthorizedSubmodelAggregator.READ_AUTHORITY);
return smAPISupplier.get();
}
@Override
- public ISubmodelAPI authorizeGetSubmodelAPIByIdShort(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final String smIdShortPath, final Supplier smAPISupplier) throws InhibitException {
+ public ISubmodelAPI authorizeGetSubmodelAPIByIdShort(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final IIdentifier smId, final IReference smSemanticId,
+ final Supplier smAPISupplier) throws InhibitException {
GrantedAuthorityHelper.checkAuthority(grantedAuthorityAuthenticator, subjectInformation, AuthorizedSubmodelAggregator.READ_AUTHORITY);
return smAPISupplier.get();
}
@Override
- public void authorizeCreateSubmodel(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final IIdentifier smId) throws InhibitException {
+ public void authorizeCreateSubmodel(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final IIdentifier smId, final IReference smSemanticId) throws InhibitException {
GrantedAuthorityHelper.checkAuthority(grantedAuthorityAuthenticator, subjectInformation, AuthorizedSubmodelAggregator.WRITE_AUTHORITY);
}
@Override
- public void authorizeUpdateSubmodel(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final IIdentifier smId) throws InhibitException {
+ public void authorizeUpdateSubmodel(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final IIdentifier smId, final IReference smSemanticId) throws InhibitException {
GrantedAuthorityHelper.checkAuthority(grantedAuthorityAuthenticator, subjectInformation, AuthorizedSubmodelAggregator.WRITE_AUTHORITY);
}
@Override
- public void authorizeDeleteSubmodelByIdentifier(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final IIdentifier smId) throws InhibitException {
+ public void authorizeDeleteSubmodelByIdentifier(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final IIdentifier smId, final IReference smSemanticId) throws InhibitException {
GrantedAuthorityHelper.checkAuthority(grantedAuthorityAuthenticator, subjectInformation, AuthorizedSubmodelAggregator.WRITE_AUTHORITY);
}
}
diff --git a/src/main/java/org/eclipse/basyx/extensions/submodel/aggregator/authorization/internal/ISubmodelAggregatorAuthorizer.java b/src/main/java/org/eclipse/basyx/extensions/submodel/aggregator/authorization/internal/ISubmodelAggregatorAuthorizer.java
index 9ee50a74..27cca04c 100644
--- a/src/main/java/org/eclipse/basyx/extensions/submodel/aggregator/authorization/internal/ISubmodelAggregatorAuthorizer.java
+++ b/src/main/java/org/eclipse/basyx/extensions/submodel/aggregator/authorization/internal/ISubmodelAggregatorAuthorizer.java
@@ -31,6 +31,7 @@
import org.eclipse.basyx.submodel.aggregator.api.ISubmodelAggregator;
import org.eclipse.basyx.submodel.metamodel.api.ISubmodel;
import org.eclipse.basyx.submodel.metamodel.api.identifier.IIdentifier;
+import org.eclipse.basyx.submodel.metamodel.api.reference.IReference;
import org.eclipse.basyx.submodel.metamodel.map.Submodel;
import org.eclipse.basyx.submodel.restapi.api.ISubmodelAPI;
@@ -68,13 +69,16 @@ public interface ISubmodelAggregatorAuthorizer {
* {@link AuthorizedSubmodelAggregator}, may be null.
* @param smId
* id of the submodel.
+ * @param smSemanticId
+ * semantic id of the submodel.
* @param smSupplier
* supplier for the submodel.
* @return the authorized submodel.
* @throws InhibitException
* if authorization failed
*/
- public ISubmodel authorizeGetSubmodel(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final IIdentifier smId, final Supplier smSupplier) throws InhibitException;
+ public ISubmodel authorizeGetSubmodel(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final IIdentifier smId, final IReference smSemanticId, final Supplier smSupplier)
+ throws InhibitException;
/**
* Checks authorization for
@@ -85,15 +89,18 @@ public interface ISubmodelAggregatorAuthorizer {
* @param aas
* the aas the submodel belongs to as passed in the constructor of
* {@link AuthorizedSubmodelAggregator}, may be null.
- * @param smIdShortPath
- * short path id of the submodel.
+ * @param smId
+ * id of the submodel.
+ * @param smSemanticId
+ * semantic id of the submodel.
* @param smSupplier
* supplier for the submodel.
* @return the authorized submodel.
* @throws InhibitException
* if authorization failed
*/
- public ISubmodel authorizeGetSubmodelbyIdShort(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final String smIdShortPath, final Supplier smSupplier) throws InhibitException;
+ public ISubmodel authorizeGetSubmodelbyIdShort(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final IIdentifier smId, final IReference smSemanticId, final Supplier smSupplier)
+ throws InhibitException;
/**
* Checks authorization for
@@ -106,13 +113,16 @@ public interface ISubmodelAggregatorAuthorizer {
* {@link AuthorizedSubmodelAggregator}, may be null.
* @param smId
* id of the submodel.
+ * @param smSemanticId
+ * semantic id of the submodel.
* @param smAPISupplier
* supplier for the submodel API.
* @return the authorized submodel API
* @throws InhibitException
* if authorization failed
*/
- public ISubmodelAPI authorizeGetSubmodelAPIById(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final IIdentifier smId, final Supplier smAPISupplier) throws InhibitException;
+ public ISubmodelAPI authorizeGetSubmodelAPIById(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final IIdentifier smId, final IReference smSemanticId, final Supplier smAPISupplier)
+ throws InhibitException;
/**
* Checks authorization for
@@ -123,15 +133,18 @@ public interface ISubmodelAggregatorAuthorizer {
* @param aas
* the aas the submodel belongs to as passed in the constructor of
* {@link AuthorizedSubmodelAggregator}, may be null.
- * @param smIdShortPath
- * short path id of the submodel.
+ * @param smId
+ * id of the submodel.
+ * @param smSemanticId
+ * semantic id of the submodel.
* @param smAPISupplier
* supplier for the submodel API.
* @return the authorized submodel API.
* @throws InhibitException
* if authorization failed
*/
- public ISubmodelAPI authorizeGetSubmodelAPIByIdShort(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final String smIdShortPath, final Supplier smAPISupplier) throws InhibitException;
+ public ISubmodelAPI authorizeGetSubmodelAPIByIdShort(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final IIdentifier smId, final IReference smSemanticId,
+ final Supplier smAPISupplier) throws InhibitException;
/**
* Checks authorization for
@@ -144,10 +157,12 @@ public interface ISubmodelAggregatorAuthorizer {
* {@link AuthorizedSubmodelAggregator}, may be null.
* @param smId
* id of the submodel.
+ * @param smSemanticId
+ * semantic id of the submodel.
* @throws InhibitException
* if authorization failed
*/
- public void authorizeCreateSubmodel(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final IIdentifier smId) throws InhibitException;
+ public void authorizeCreateSubmodel(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final IIdentifier smId, final IReference smSemanticId) throws InhibitException;
/**
* Checks authorization for
@@ -160,10 +175,12 @@ public interface ISubmodelAggregatorAuthorizer {
* {@link AuthorizedSubmodelAggregator}, may be null.
* @param smId
* id of the submodel.
+ * @param smSemanticId
+ * semantic id of the submodel.
* @throws InhibitException
* if authorization failed
*/
- public void authorizeUpdateSubmodel(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final IIdentifier smId) throws InhibitException;
+ public void authorizeUpdateSubmodel(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final IIdentifier smId, final IReference smSemanticId) throws InhibitException;
/**
* Checks authorization for
@@ -177,8 +194,10 @@ public interface ISubmodelAggregatorAuthorizer {
* {@link AuthorizedSubmodelAggregator}, may be null.
* @param smId
* id of the submodel.
+ * @param smSemanticId
+ * semantic id of the submodel.
* @throws InhibitException
* if authorization failed
*/
- public void authorizeDeleteSubmodelByIdentifier(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final IIdentifier smId) throws InhibitException;
+ public void authorizeDeleteSubmodelByIdentifier(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final IIdentifier smId, final IReference smSemanticId) throws InhibitException;
}
diff --git a/src/main/java/org/eclipse/basyx/extensions/submodel/aggregator/authorization/internal/SimpleRbacSubmodelAggregatorAuthorizer.java b/src/main/java/org/eclipse/basyx/extensions/submodel/aggregator/authorization/internal/SimpleRbacSubmodelAggregatorAuthorizer.java
index 852c7b8b..485fa099 100644
--- a/src/main/java/org/eclipse/basyx/extensions/submodel/aggregator/authorization/internal/SimpleRbacSubmodelAggregatorAuthorizer.java
+++ b/src/main/java/org/eclipse/basyx/extensions/submodel/aggregator/authorization/internal/SimpleRbacSubmodelAggregatorAuthorizer.java
@@ -24,22 +24,17 @@
******************************************************************************/
package org.eclipse.basyx.extensions.submodel.aggregator.authorization.internal;
-import java.util.Collection;
-import java.util.function.Supplier;
import org.eclipse.basyx.aas.metamodel.api.IAssetAdministrationShell;
-import org.eclipse.basyx.extensions.shared.authorization.internal.BaSyxObjectTargetInformation;
-import org.eclipse.basyx.extensions.shared.authorization.internal.ElevatedCodeAuthentication;
-import org.eclipse.basyx.extensions.shared.authorization.internal.ElevatedCodeAuthentication.ElevatedCodeAuthenticationAreaHandler;
-import org.eclipse.basyx.extensions.shared.authorization.internal.IRbacRuleChecker;
-import org.eclipse.basyx.extensions.shared.authorization.internal.IRoleAuthenticator;
-import org.eclipse.basyx.extensions.shared.authorization.internal.IdHelper;
-import org.eclipse.basyx.extensions.shared.authorization.internal.InhibitException;
-import org.eclipse.basyx.extensions.shared.authorization.internal.SimpleRbacHelper;
+import org.eclipse.basyx.extensions.shared.authorization.internal.*;
import org.eclipse.basyx.extensions.submodel.aggregator.authorization.SubmodelAggregatorScopes;
import org.eclipse.basyx.submodel.metamodel.api.ISubmodel;
import org.eclipse.basyx.submodel.metamodel.api.identifier.IIdentifier;
+import org.eclipse.basyx.submodel.metamodel.api.reference.IReference;
import org.eclipse.basyx.submodel.restapi.api.ISubmodelAPI;
+import java.util.Collection;
+import java.util.function.Supplier;
+
/**
* Simple role based implementation for {@link ISubmodelAggregatorAuthorizer}.
*
@@ -60,95 +55,73 @@ public Collection authorizeGetSubmodelList(final SubjectInformationTy
}
@Override
- public ISubmodel authorizeGetSubmodel(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final IIdentifier smId, final Supplier smSupplier) throws InhibitException {
+ public ISubmodel authorizeGetSubmodel(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final IIdentifier smId, final IReference smSemanticId, final Supplier smSupplier)
+ throws InhibitException {
final IIdentifier aasId = getAASId(aas);
- SimpleRbacHelper.checkRule(rbacRuleChecker, roleAuthenticator, subjectInformation, SubmodelAggregatorScopes.READ_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(aasId), IdHelper.getIdentifierId(smId), null));
+ SimpleRbacHelper.checkRule(rbacRuleChecker, roleAuthenticator, subjectInformation, SubmodelAggregatorScopes.READ_SCOPE,
+ new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(aasId), IdHelper.getIdentifierId(smId), IdHelper.getReferenceId(smSemanticId), null));
return smSupplier.get();
}
@Override
- public ISubmodel authorizeGetSubmodelbyIdShort(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final String smIdShortPath, final Supplier smSupplier) throws InhibitException {
+ public ISubmodel authorizeGetSubmodelbyIdShort(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final IIdentifier smId, final IReference smSemanticId, final Supplier smSupplier)
+ throws InhibitException {
final IIdentifier aasId = getAASId(aas);
- final IIdentifier smId = getSmIdUnsecured(smSupplier);
- SimpleRbacHelper.checkRule(rbacRuleChecker, roleAuthenticator, subjectInformation, SubmodelAggregatorScopes.READ_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(aasId), IdHelper.getIdentifierId(smId), null));
+ SimpleRbacHelper.checkRule(rbacRuleChecker, roleAuthenticator, subjectInformation, SubmodelAggregatorScopes.READ_SCOPE,
+ new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(aasId), IdHelper.getIdentifierId(smId), IdHelper.getReferenceId(smSemanticId), null));
return smSupplier.get();
}
@Override
- public ISubmodelAPI authorizeGetSubmodelAPIById(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final IIdentifier smId, final Supplier smAPISupplier) throws InhibitException {
+ public ISubmodelAPI authorizeGetSubmodelAPIById(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final IIdentifier smId, final IReference smSemanticId, final Supplier smAPISupplier)
+ throws InhibitException {
final IIdentifier aasId = getAASId(aas);
- SimpleRbacHelper.checkRule(rbacRuleChecker, roleAuthenticator, subjectInformation, SubmodelAggregatorScopes.READ_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(aasId), IdHelper.getIdentifierId(smId), null));
+ SimpleRbacHelper.checkRule(rbacRuleChecker, roleAuthenticator, subjectInformation, SubmodelAggregatorScopes.READ_SCOPE,
+ new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(aasId), IdHelper.getIdentifierId(smId), IdHelper.getReferenceId(smSemanticId), null));
return smAPISupplier.get();
}
@Override
- public ISubmodelAPI authorizeGetSubmodelAPIByIdShort(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final String smIdShortPath, final Supplier smAPISupplier) throws InhibitException {
+ public ISubmodelAPI authorizeGetSubmodelAPIByIdShort(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final IIdentifier smId, final IReference smSemanticId,
+ final Supplier smAPISupplier) throws InhibitException {
final IIdentifier aasId = getAASId(aas);
- final IIdentifier smId = getSmIdUnsecuredByAPI(smAPISupplier);
- SimpleRbacHelper.checkRule(rbacRuleChecker, roleAuthenticator, subjectInformation, SubmodelAggregatorScopes.READ_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(aasId), IdHelper.getIdentifierId(smId), null));
+ SimpleRbacHelper.checkRule(rbacRuleChecker, roleAuthenticator, subjectInformation, SubmodelAggregatorScopes.READ_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(aasId), IdHelper.getIdentifierId(smId), null, null));
return smAPISupplier.get();
}
@Override
- public void authorizeCreateSubmodel(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final IIdentifier smId) throws InhibitException {
+ public void authorizeCreateSubmodel(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final IIdentifier smId, final IReference smSemanticId) throws InhibitException {
final IIdentifier aasId = getAASId(aas);
- SimpleRbacHelper.checkRule(rbacRuleChecker, roleAuthenticator, subjectInformation, SubmodelAggregatorScopes.WRITE_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(aasId), IdHelper.getIdentifierId(smId), null));
+ SimpleRbacHelper.checkRule(rbacRuleChecker, roleAuthenticator, subjectInformation, SubmodelAggregatorScopes.WRITE_SCOPE,
+ new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(aasId), IdHelper.getIdentifierId(smId), IdHelper.getReferenceId(smSemanticId), null));
}
@Override
- public void authorizeUpdateSubmodel(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final IIdentifier smId) throws InhibitException {
+ public void authorizeUpdateSubmodel(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final IIdentifier smId, final IReference smSemanticId) throws InhibitException {
final IIdentifier aasId = getAASId(aas);
- SimpleRbacHelper.checkRule(rbacRuleChecker, roleAuthenticator, subjectInformation, SubmodelAggregatorScopes.WRITE_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(aasId), IdHelper.getIdentifierId(smId), null));
+ SimpleRbacHelper.checkRule(rbacRuleChecker, roleAuthenticator, subjectInformation, SubmodelAggregatorScopes.WRITE_SCOPE,
+ new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(aasId), IdHelper.getIdentifierId(smId), IdHelper.getReferenceId(smSemanticId), null));
}
@Override
- public void authorizeDeleteSubmodelByIdentifier(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final IIdentifier smId) throws InhibitException {
+ public void authorizeDeleteSubmodelByIdentifier(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final IIdentifier smId, final IReference smSemanticId) throws InhibitException {
final IIdentifier aasId = getAASId(aas);
- SimpleRbacHelper.checkRule(rbacRuleChecker, roleAuthenticator, subjectInformation, SubmodelAggregatorScopes.WRITE_SCOPE, new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(aasId), IdHelper.getIdentifierId(smId), null));
+ SimpleRbacHelper.checkRule(rbacRuleChecker, roleAuthenticator, subjectInformation, SubmodelAggregatorScopes.WRITE_SCOPE,
+ new BaSyxObjectTargetInformation(IdHelper.getIdentifierId(aasId), IdHelper.getIdentifierId(smId), IdHelper.getReferenceId(smSemanticId), null));
}
private IIdentifier getAASId(final IAssetAdministrationShell aas) {
return aas != null ? aas.getIdentification() : null;
}
-
- private IIdentifier getSmIdUnsecured(final Supplier smSupplier) {
- try (final ElevatedCodeAuthenticationAreaHandler ignored = ElevatedCodeAuthentication.enterElevatedCodeAuthenticationArea()) {
- final ISubmodel sm = smSupplier.get();
-
- if (sm == null) {
- return null;
- }
-
- return sm.getIdentification();
- }
- }
-
- private IIdentifier getSmIdUnsecuredByAPI(final Supplier smAPISupplier) {
- try (final ElevatedCodeAuthenticationAreaHandler ignored = ElevatedCodeAuthentication.enterElevatedCodeAuthenticationArea()) {
- final ISubmodelAPI smAPI = smAPISupplier.get();
-
- if (smAPI == null) {
- return null;
- }
-
- final ISubmodel sm = smAPI.getSubmodel();
-
- if (sm == null) {
- return null;
- }
-
- return sm.getIdentification();
- }
- }
}
diff --git a/src/main/java/org/eclipse/basyx/extensions/submodel/authorization/internal/AuthorizedSubmodelAPI.java b/src/main/java/org/eclipse/basyx/extensions/submodel/authorization/internal/AuthorizedSubmodelAPI.java
index d5d40db4..d041b336 100644
--- a/src/main/java/org/eclipse/basyx/extensions/submodel/authorization/internal/AuthorizedSubmodelAPI.java
+++ b/src/main/java/org/eclipse/basyx/extensions/submodel/authorization/internal/AuthorizedSubmodelAPI.java
@@ -38,6 +38,7 @@
import org.eclipse.basyx.extensions.submodel.authorization.SubmodelAPIScopes;
import org.eclipse.basyx.submodel.metamodel.api.ISubmodel;
import org.eclipse.basyx.submodel.metamodel.api.identifier.IIdentifier;
+import org.eclipse.basyx.submodel.metamodel.api.reference.IReference;
import org.eclipse.basyx.submodel.metamodel.api.submodelelement.ISubmodelElement;
import org.eclipse.basyx.submodel.metamodel.api.submodelelement.operation.IOperation;
import org.eclipse.basyx.submodel.restapi.api.ISubmodelAPI;
@@ -90,7 +91,8 @@ public ISubmodel getSubmodel() {
protected ISubmodel authorizeGetSubmodel() throws InhibitException {
final IIdentifier smId = getSmIdUnsecured();
- return submodelAPIAuthorizer.authorizeGetSubmodel(subjectInformationProvider.get(), aas, smId, decoratedSubmodelAPI::getSubmodel);
+ final IReference smSemanticId = getSmSemanticIdUnsecured();
+ return submodelAPIAuthorizer.authorizeGetSubmodel(subjectInformationProvider.get(), aas, smId, smSemanticId, decoratedSubmodelAPI::getSubmodel);
}
@Override
@@ -125,7 +127,8 @@ public void addSubmodelElement(final String idShortPath, final ISubmodelElement
protected void authorizeAddSubmodelElement(final String smElIdShortPath) throws InhibitException {
final IIdentifier smId = getSmIdUnsecured();
- submodelAPIAuthorizer.authorizeAddSubmodelElement(subjectInformationProvider.get(), aas, smId, smElIdShortPath);
+ final IReference smSemanticId = getSmSemanticIdUnsecured();
+ submodelAPIAuthorizer.authorizeAddSubmodelElement(subjectInformationProvider.get(), aas, smId, smSemanticId, smElIdShortPath);
}
@Override
@@ -143,7 +146,8 @@ public ISubmodelElement getSubmodelElement(final String idShortPath) {
protected ISubmodelElement authorizeGetSubmodelElement(final String smElIdShortPath) throws InhibitException {
final IIdentifier smId = getSmIdUnsecured();
- return submodelAPIAuthorizer.authorizeGetSubmodelElement(subjectInformationProvider.get(), aas, smId, smElIdShortPath, () -> decoratedSubmodelAPI.getSubmodelElement(smElIdShortPath));
+ final IReference smSemanticId = getSmSemanticIdUnsecured();
+ return submodelAPIAuthorizer.authorizeGetSubmodelElement(subjectInformationProvider.get(), aas, smId, smSemanticId, smElIdShortPath, () -> decoratedSubmodelAPI.getSubmodelElement(smElIdShortPath));
}
@Override
@@ -163,7 +167,8 @@ public void deleteSubmodelElement(final String idShortPath) {
protected void authorizeDeleteSubmodelElement(final String smElIdShortPath) throws InhibitException {
final IIdentifier smId = getSmIdUnsecured();
- submodelAPIAuthorizer.authorizeDeleteSubmodelElement(subjectInformationProvider.get(), aas, smId, smElIdShortPath);
+ final IReference smSemanticId = getSmSemanticIdUnsecured();
+ submodelAPIAuthorizer.authorizeDeleteSubmodelElement(subjectInformationProvider.get(), aas, smId, smSemanticId, smElIdShortPath);
}
@Override
@@ -192,7 +197,9 @@ protected Collection authorizeGetOperations() throws InhibitExceptio
}
private Collection getOperationListOnly() throws InhibitException {
- return submodelAPIAuthorizer.authorizeGetOperations(subjectInformationProvider.get(), aas, decoratedSubmodelAPI::getSubmodel, decoratedSubmodelAPI::getOperations);
+ final IIdentifier smId = getSmIdUnsecured();
+ final IReference smSemanticId = getSmSemanticIdUnsecured();
+ return submodelAPIAuthorizer.authorizeGetOperations(subjectInformationProvider.get(), aas, smId, smSemanticId, decoratedSubmodelAPI::getSubmodel, decoratedSubmodelAPI::getOperations);
}
@Override
@@ -221,7 +228,9 @@ protected Collection authorizeGetSubmodelElements() throws Inh
}
private Collection getSubmodelElementListOnly() throws InhibitException {
- return submodelAPIAuthorizer.authorizeGetSubmodelElements(subjectInformationProvider.get(), aas, decoratedSubmodelAPI::getSubmodel, decoratedSubmodelAPI::getSubmodelElements);
+ final IIdentifier smId = getSmIdUnsecured();
+ final IReference smSemanticId = getSmSemanticIdUnsecured();
+ return submodelAPIAuthorizer.authorizeGetSubmodelElements(subjectInformationProvider.get(), aas, smId, smSemanticId, decoratedSubmodelAPI::getSubmodel, decoratedSubmodelAPI::getSubmodelElements);
}
@Override
@@ -241,7 +250,8 @@ public void updateSubmodelElement(final String idShortPath, final Object newValu
protected void authorizeUpdateSubmodelElement(final String smElIdShortPath) throws InhibitException {
final IIdentifier smId = getSmIdUnsecured();
- submodelAPIAuthorizer.authorizeUpdateSubmodelElement(subjectInformationProvider.get(), aas, smId, smElIdShortPath);
+ final IReference smSemanticId = getSmSemanticIdUnsecured();
+ submodelAPIAuthorizer.authorizeUpdateSubmodelElement(subjectInformationProvider.get(), aas, smId, smSemanticId, smElIdShortPath);
}
@Override
@@ -259,7 +269,8 @@ public Object getSubmodelElementValue(final String idShortPath) {
protected Object authorizeGetSubmodelElementValue(final String smElIdShortPath) throws InhibitException {
final IIdentifier smId = getSmIdUnsecured();
- return submodelAPIAuthorizer.authorizeGetSubmodelElementValue(subjectInformationProvider.get(), aas, smId, smElIdShortPath, () -> decoratedSubmodelAPI.getSubmodelElementValue(smElIdShortPath));
+ final IReference smSemanticId = getSmSemanticIdUnsecured();
+ return submodelAPIAuthorizer.authorizeGetSubmodelElementValue(subjectInformationProvider.get(), aas, smId, smSemanticId, smElIdShortPath, () -> decoratedSubmodelAPI.getSubmodelElementValue(smElIdShortPath));
}
@Override
@@ -298,7 +309,8 @@ protected String fixInvokeIdShortPath(final String inputIdShortPath) {
protected void authorizeInvokeOperation(final String smElIdShortPath) throws InhibitException {
final IIdentifier smId = getSmIdUnsecured();
- submodelAPIAuthorizer.authorizeInvokeOperation(subjectInformationProvider.get(), aas, smId, smElIdShortPath);
+ final IReference smSemanticId = getSmSemanticIdUnsecured();
+ submodelAPIAuthorizer.authorizeInvokeOperation(subjectInformationProvider.get(), aas, smId, smSemanticId, smElIdShortPath);
}
@Override
@@ -316,7 +328,44 @@ public Object getOperationResult(final String smElIdShortPath, final String requ
protected Object authorizeGetOperationResult(final String smElIdShortPath, final String requestId) throws InhibitException {
final IIdentifier smId = getSmIdUnsecured();
- return submodelAPIAuthorizer.authorizeGetOperationResult(subjectInformationProvider.get(), aas, smId, smElIdShortPath, requestId, () -> decoratedSubmodelAPI.getOperationResult(smElIdShortPath, requestId));
+ final IReference smSemanticId = getSmSemanticIdUnsecured();
+
+ // TODO: parameter object for the target of the operation?
+ // TODO: or general Target object?
+ // TODO: or general context object?
+
+ return submodelAPIAuthorizer.authorizeGetOperationResult(subjectInformationProvider.get(), aas, smId, smSemanticId, smElIdShortPath, requestId, () -> decoratedSubmodelAPI.getOperationResult(smElIdShortPath, requestId));
+ }
+
+ @Override
+ public File getSubmodelElementFile(String idShortPath) {
+ if (ElevatedCodeAuthentication.isCodeAuthentication()) {
+ return decoratedSubmodelAPI.getSubmodelElementFile(idShortPath);
+ }
+
+ try {
+ // TODO: maybe write own authorize method later and use its return
+ authorizeGetSubmodelElement(idShortPath);
+ return decoratedSubmodelAPI.getSubmodelElementFile(idShortPath);
+ } catch (final InhibitException e) {
+ throw new NotAuthorizedException(e);
+ }
+ }
+
+ @Override
+ public void uploadSubmodelElementFile(String idShortPath, InputStream fileStream) {
+ if (ElevatedCodeAuthentication.isCodeAuthentication()) {
+ decoratedSubmodelAPI.uploadSubmodelElementFile(idShortPath, fileStream);
+ return;
+ }
+
+ try {
+ // TODO: maybe write own authorize method later
+ authorizeUpdateSubmodelElement(idShortPath);
+ decoratedSubmodelAPI.uploadSubmodelElementFile(idShortPath, fileStream);
+ } catch (final InhibitException e) {
+ throw new NotAuthorizedException(e);
+ }
}
private IIdentifier getSmIdUnsecured() throws ResourceNotFoundException {
@@ -329,13 +378,15 @@ private IIdentifier getSmIdUnsecured() throws ResourceNotFoundException {
return sm.getIdentification();
}
- @Override
- public File getSubmodelElementFile(String idShortPath) {
- return decoratedSubmodelAPI.getSubmodelElementFile(idShortPath);
- }
+ private IReference getSmSemanticIdUnsecured() {
+ try (final ElevatedCodeAuthentication.ElevatedCodeAuthenticationAreaHandler ignored = ElevatedCodeAuthentication.enterElevatedCodeAuthenticationArea()) {
+ final ISubmodel sm = decoratedSubmodelAPI.getSubmodel();
- @Override
- public void uploadSubmodelElementFile(String idShortPath, InputStream fileStream) {
- decoratedSubmodelAPI.uploadSubmodelElementFile(idShortPath, fileStream);
+ if (sm == null) {
+ return null;
+ }
+
+ return sm.getSemanticId();
+ }
}
}
diff --git a/src/main/java/org/eclipse/basyx/extensions/submodel/authorization/internal/GrantedAuthoritySubmodelAPIAuthorizer.java b/src/main/java/org/eclipse/basyx/extensions/submodel/authorization/internal/GrantedAuthoritySubmodelAPIAuthorizer.java
index a22fb8c1..0ed5871f 100644
--- a/src/main/java/org/eclipse/basyx/extensions/submodel/authorization/internal/GrantedAuthoritySubmodelAPIAuthorizer.java
+++ b/src/main/java/org/eclipse/basyx/extensions/submodel/authorization/internal/GrantedAuthoritySubmodelAPIAuthorizer.java
@@ -32,6 +32,7 @@
import org.eclipse.basyx.extensions.shared.authorization.internal.InhibitException;
import org.eclipse.basyx.submodel.metamodel.api.ISubmodel;
import org.eclipse.basyx.submodel.metamodel.api.identifier.IIdentifier;
+import org.eclipse.basyx.submodel.metamodel.api.reference.IReference;
import org.eclipse.basyx.submodel.metamodel.api.submodelelement.ISubmodelElement;
import org.eclipse.basyx.submodel.metamodel.api.submodelelement.operation.IOperation;
@@ -48,7 +49,7 @@ public GrantedAuthoritySubmodelAPIAuthorizer(final IGrantedAuthorityAuthenticato
}
@Override
- public Collection authorizeGetSubmodelElements(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final Supplier smSupplier,
+ public Collection authorizeGetSubmodelElements(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final IIdentifier smId, final IReference smSemanticId, final Supplier smSupplier,
final Supplier> smElListSupplier) throws InhibitException {
GrantedAuthorityHelper.checkAuthority(grantedAuthorityAuthenticator, subjectInformation, AuthorizedSubmodelAPI.READ_AUTHORITY);
@@ -56,37 +57,37 @@ public Collection authorizeGetSubmodelElements(final SubjectIn
}
@Override
- public ISubmodelElement authorizeGetSubmodelElement(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final IIdentifier smId, final String smElIdShortPath,
- final Supplier smElSupplier) throws InhibitException {
+ public ISubmodelElement authorizeGetSubmodelElement(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final IIdentifier smId, final IReference smSemanticId, final String smElIdShortPath,
+ final Supplier smElSupplier) throws InhibitException {
GrantedAuthorityHelper.checkAuthority(grantedAuthorityAuthenticator, subjectInformation, AuthorizedSubmodelAPI.READ_AUTHORITY);
return smElSupplier.get();
}
@Override
- public ISubmodel authorizeGetSubmodel(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final IIdentifier smId, final Supplier smSupplier) throws InhibitException {
+ public ISubmodel authorizeGetSubmodel(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final IIdentifier smId, final IReference smSemanticId, final Supplier smSupplier) throws InhibitException {
GrantedAuthorityHelper.checkAuthority(grantedAuthorityAuthenticator, subjectInformation, AuthorizedSubmodelAPI.READ_AUTHORITY);
return smSupplier.get();
}
@Override
- public void authorizeAddSubmodelElement(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final IIdentifier smId, final String smElIdShortPath) throws InhibitException {
+ public void authorizeAddSubmodelElement(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final IIdentifier smId, final IReference smSemanticId, final String smElIdShortPath) throws InhibitException {
GrantedAuthorityHelper.checkAuthority(grantedAuthorityAuthenticator, subjectInformation, AuthorizedSubmodelAPI.WRITE_AUTHORITY);
}
@Override
- public void authorizeDeleteSubmodelElement(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final IIdentifier smId, final String smElIdShortPath) throws InhibitException {
+ public void authorizeDeleteSubmodelElement(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final IIdentifier smId, final IReference smSemanticId, final String smElIdShortPath) throws InhibitException {
GrantedAuthorityHelper.checkAuthority(grantedAuthorityAuthenticator, subjectInformation, AuthorizedSubmodelAPI.WRITE_AUTHORITY);
}
@Override
- public void authorizeUpdateSubmodelElement(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final IIdentifier smId, final String smElIdShortPath) throws InhibitException {
+ public void authorizeUpdateSubmodelElement(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final IIdentifier smId, final IReference smSemanticId, final String smElIdShortPath) throws InhibitException {
GrantedAuthorityHelper.checkAuthority(grantedAuthorityAuthenticator, subjectInformation, AuthorizedSubmodelAPI.WRITE_AUTHORITY);
}
@Override
- public Object authorizeGetSubmodelElementValue(final SubjectInformationType subjectInformation, final IAssetAdministrationShell aas, final IIdentifier smId, final String smElIdShortPath, final Supplier