From 21fcad006285173918669cfd825f02aa5cb7db1e Mon Sep 17 00:00:00 2001 From: imb Date: Tue, 7 May 2024 17:12:13 +0900 Subject: [PATCH 1/3] Add authorization for file entry APIs --- .../org/ngrinder/script/controller/FileEntryApiController.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ngrinder-controller/src/main/java/org/ngrinder/script/controller/FileEntryApiController.java b/ngrinder-controller/src/main/java/org/ngrinder/script/controller/FileEntryApiController.java index 6fd3c73e4b..7b24983120 100644 --- a/ngrinder-controller/src/main/java/org/ngrinder/script/controller/FileEntryApiController.java +++ b/ngrinder-controller/src/main/java/org/ngrinder/script/controller/FileEntryApiController.java @@ -46,6 +46,7 @@ import org.slf4j.LoggerFactory; import org.springframework.context.MessageSource; import org.springframework.http.ContentDisposition; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.*; import org.springframework.web.multipart.MultipartFile; @@ -65,6 +66,7 @@ @RestController @RequestMapping("/script/api") @RequiredArgsConstructor +@PreAuthorize("hasAnyRole('A', 'S', 'U')") public class FileEntryApiController { private static final Logger LOG = LoggerFactory.getLogger(FileEntryApiController.class); From 86b9983def53df3072cc49192e5fd9622736f948 Mon Sep 17 00:00:00 2001 From: imb Date: Tue, 7 May 2024 17:13:42 +0900 Subject: [PATCH 2/3] Changed not to expose other users' perftest running information --- .../org/ngrinder/perftest/controller/PerfTestApiController.java | 2 +- ngrinder-frontend/src/js/components/perftest/list/List.vue | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ngrinder-controller/src/main/java/org/ngrinder/perftest/controller/PerfTestApiController.java b/ngrinder-controller/src/main/java/org/ngrinder/perftest/controller/PerfTestApiController.java index 14e28d0977..1c0d982ac6 100644 --- a/ngrinder-controller/src/main/java/org/ngrinder/perftest/controller/PerfTestApiController.java +++ b/ngrinder-controller/src/main/java/org/ngrinder/perftest/controller/PerfTestApiController.java @@ -531,7 +531,7 @@ public Map getStatuses(User user, @RequestParam(defaultValue = " .collect(toList()); return buildMap( - "perfTestInfo", perfTestService.getCurrentPerfTestStatistics(), + "runningTestsCount", perfTestService.getCurrentPerfTestStatistics().size(), "status", statuses ); } diff --git a/ngrinder-frontend/src/js/components/perftest/list/List.vue b/ngrinder-frontend/src/js/components/perftest/list/List.vue index e152981adb..e4a1912a13 100644 --- a/ngrinder-frontend/src/js/components/perftest/list/List.vue +++ b/ngrinder-frontend/src/js/components/perftest/list/List.vue @@ -420,7 +420,7 @@ } this.tests[target.index].status = updatedStatus; - this.runningSummary = `${res.data.perfTestInfo.length} ${this.i18n('perfTest.list.runningSummary')}`; + this.runningSummary = `${res.data.runningTestsCount} ${this.i18n('perfTest.list.runningSummary')}`; }); }).finally(() => this.updateStatusTimeoutId = setTimeout(this.updatePerftestStatus, 2000)); } else { From a394fd1aad6dc41e0be79de515d2d2db2d82f2e7 Mon Sep 17 00:00:00 2001 From: imb Date: Tue, 7 May 2024 17:23:08 +0900 Subject: [PATCH 3/3] Add authorization for perftest APIs --- .../ngrinder/perftest/controller/PerfTestApiController.java | 6 ++++++ .../ngrinder/perftest/controller/PerfTestController.java | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/ngrinder-controller/src/main/java/org/ngrinder/perftest/controller/PerfTestApiController.java b/ngrinder-controller/src/main/java/org/ngrinder/perftest/controller/PerfTestApiController.java index 1c0d982ac6..b3aa9709f1 100644 --- a/ngrinder-controller/src/main/java/org/ngrinder/perftest/controller/PerfTestApiController.java +++ b/ngrinder-controller/src/main/java/org/ngrinder/perftest/controller/PerfTestApiController.java @@ -44,6 +44,7 @@ import org.springframework.data.domain.Pageable; import org.springframework.data.domain.Sort; import org.springframework.data.web.PageableDefault; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.*; import java.net.URL; @@ -74,6 +75,7 @@ @RestController @RequestMapping("/perftest/api") @RequiredArgsConstructor +@PreAuthorize("hasAnyRole('A', 'S', 'U')") public class PerfTestApiController { private final PerfTestService perfTestService; @@ -337,6 +339,7 @@ public Map refreshTestRunning(User user, @PathVariable long id) } @GetMapping("/{id}/detail_report") + @PreAuthorize("permitAll") public Map getReport(@PathVariable long id) { Map model = newHashMap(); model.put("test", perfTestService.getOne(id)); @@ -601,6 +604,7 @@ public List getLogs(User user, @PathVariable long id) { * @return perf test result list. */ @GetMapping({"/{id}/perf", "/{id}/graph"}) + @PreAuthorize("permitAll") public Map getPerfGraph(@PathVariable long id, @RequestParam(defaultValue = "") String dataType, @RequestParam(defaultValue = "false") boolean onlyTotal, @@ -630,6 +634,7 @@ private Map getPerfGraphData(Long id, String[] dataTypes, boolea * @return json message */ @GetMapping("/{id}/monitor") + @PreAuthorize("permitAll") public Map getMonitorGraph(@PathVariable long id, @RequestParam String targetIP, @RequestParam int imgWidth) { int interval = perfTestService.getMonitorGraphInterval(id, targetIP, imgWidth); @@ -649,6 +654,7 @@ public Map getMonitorGraph(@PathVariable long id, * @return json message */ @GetMapping("/{id}/plugin/{plugin}") + @PreAuthorize("permitAll") public Map getPluginGraph(@PathVariable long id, @PathVariable String plugin, @RequestParam String kind, diff --git a/ngrinder-controller/src/main/java/org/ngrinder/perftest/controller/PerfTestController.java b/ngrinder-controller/src/main/java/org/ngrinder/perftest/controller/PerfTestController.java index 4afb2f7072..db414e2a1c 100644 --- a/ngrinder-controller/src/main/java/org/ngrinder/perftest/controller/PerfTestController.java +++ b/ngrinder-controller/src/main/java/org/ngrinder/perftest/controller/PerfTestController.java @@ -24,6 +24,7 @@ import org.ngrinder.infra.spring.RemainedPath; import org.ngrinder.model.*; import org.ngrinder.perftest.service.PerfTestService; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.stereotype.Controller; import org.springframework.ui.ModelMap; import org.springframework.web.bind.annotation.*; @@ -44,6 +45,7 @@ @RequestMapping("/perftest") @GlobalControllerModel @RequiredArgsConstructor +@PreAuthorize("hasAnyRole('A', 'S', 'U')") public class PerfTestController { private final PerfTestService perfTestService; @@ -150,6 +152,7 @@ public void showLog(User user, @PathVariable("id") long id, @RemainedPath String * @return perftest/detail_report */ @GetMapping({"/{id}/detail_report", /* for backward compatibility */"/{id}/report"}) + @PreAuthorize("permitAll") public String getReport(@PathVariable long id) { return "app"; } @@ -162,6 +165,7 @@ public String getReport(@PathVariable long id) { */ @SuppressWarnings("UnusedParameters") @GetMapping("/{id}/detail_report/perf") + @PreAuthorize("permitAll") public String getDetailPerfReport(@PathVariable("id") long id) { return "perftest/detail_report/perf"; } @@ -176,6 +180,7 @@ public String getDetailPerfReport(@PathVariable("id") long id) { */ @SuppressWarnings("UnusedParameters") @GetMapping("/{id}/detail_report/monitor") + @PreAuthorize("permitAll") public String getDetailMonitorReport(@PathVariable("id") long id, @RequestParam("targetIP") String targetIP, ModelMap modelMap) { modelMap.addAttribute("targetIP", targetIP); @@ -192,6 +197,7 @@ public String getDetailMonitorReport(@PathVariable("id") long id, @RequestParam( */ @SuppressWarnings("UnusedParameters") @GetMapping("/{id}/detail_report/plugin/{plugin}") + @PreAuthorize("permitAll") public String getDetailPluginReport(@PathVariable("id") long id, @PathVariable("plugin") String plugin, @RequestParam("kind") String kind, ModelMap modelMap) { modelMap.addAttribute("plugin", plugin);