Improved role functionality
This commit is contained in:
parent
0f0163dc2d
commit
b67e98976d
|
@ -67,8 +67,9 @@ public class AaiSecurityConfiguration extends WebSecurityConfigurerAdapter {
|
|||
.anyRequest().authenticated()
|
||||
.and()
|
||||
.logout().logoutUrl("/openid_logout")
|
||||
.clearAuthentication(true)
|
||||
.invalidateHttpSession(true)
|
||||
.deleteCookies("openAIRESession")
|
||||
.deleteCookies()
|
||||
.logoutSuccessUrl(logoutSuccessUrl)
|
||||
.and()
|
||||
.addFilterBefore(openIdConnectAuthenticationFilter(), AbstractPreAuthenticatedProcessingFilter.class)
|
||||
|
|
|
@ -28,6 +28,7 @@ import org.springframework.core.ParameterizedTypeReference;
|
|||
import org.springframework.http.*;
|
||||
import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.stereotype.Service;
|
||||
import org.springframework.web.client.RestTemplate;
|
||||
|
@ -38,6 +39,7 @@ import javax.annotation.PostConstruct;
|
|||
import java.sql.Timestamp;
|
||||
import java.util.*;
|
||||
import java.util.concurrent.ConcurrentHashMap;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
@Service("repositoryService")
|
||||
public class RepositoryServiceImpl implements RepositoryService {
|
||||
|
@ -284,14 +286,14 @@ public class RepositoryServiceImpl implements RepositoryService {
|
|||
public List<Repository> getRepositoriesOfUser(String page, String size) {
|
||||
logger.debug("Retrieving repositories of authenticated user : {}",
|
||||
((OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication()).getUserInfo().getEmail());
|
||||
Collection<String> repoIds = roleMappingService.getRepoIdsByRoleIds(authorizationService.getUserRoles());
|
||||
Collection<String> repoIds = roleMappingService.getRepositoryIds(authorizationService.getUserRoles());
|
||||
return getRepositories(new ArrayList<>(repoIds));
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<Repository> getRepositoriesOfUser(String userEmail, String page, String size) {
|
||||
logger.debug("Retrieving repositories of authenticated user : {}", userEmail);
|
||||
Collection<String> repoIds = roleMappingService.getRepoIdsByRoleIds(authorizationService.getUserRolesByEmail(userEmail));
|
||||
Collection<String> repoIds = roleMappingService.getRepositoryIds(authorizationService.getUserRolesByEmail(userEmail));
|
||||
return getRepositories(new ArrayList<>(repoIds));
|
||||
}
|
||||
|
||||
|
@ -304,12 +306,7 @@ public class RepositoryServiceImpl implements RepositoryService {
|
|||
public List<RepositorySnippet> getRepositoriesSnippetsOfUser(String userEmail, String page, String size) {
|
||||
int from = Integer.parseInt(page) * Integer.parseInt(size);
|
||||
int to = from + Integer.parseInt(size);
|
||||
List<String> repoIds = new ArrayList<>();
|
||||
if (userEmail != null && !"".equals(userEmail)) {
|
||||
repoIds.addAll(roleMappingService.getRepoIdsByRoleIds(authorizationService.getUserRolesByEmail(userEmail)));
|
||||
} else {
|
||||
repoIds.addAll(roleMappingService.getRepoIdsByRoleIds(authorizationService.getUserRoles()));
|
||||
}
|
||||
List<String> repoIds = getRepoIdsOfUser(userEmail);
|
||||
|
||||
if (repoIds.size() < from) {
|
||||
return Collections.emptyList();
|
||||
|
@ -957,10 +954,27 @@ public class RepositoryServiceImpl implements RepositoryService {
|
|||
return repositories;
|
||||
}
|
||||
|
||||
private List<String> getRepoIdsOfUser(String userEmail) {
|
||||
List<String> repoIds;
|
||||
if (userEmail != null && !"".equals(userEmail)) {
|
||||
repoIds = new ArrayList<>(roleMappingService.getRepositoryIds(authorizationService.getUserRolesByEmail(userEmail)));
|
||||
} else {
|
||||
Collection<?> authorities = SecurityContextHolder.getContext().getAuthentication().getAuthorities();
|
||||
repoIds = authorities
|
||||
.stream()
|
||||
.map(a -> roleMappingService.authorityToRepositoryId((GrantedAuthority) a))
|
||||
.filter(Objects::nonNull)
|
||||
.collect(Collectors.toList());
|
||||
}
|
||||
return repoIds;
|
||||
}
|
||||
|
||||
@Deprecated
|
||||
private String getRepositoryType(String typology) {
|
||||
return invertedDataSourceClass.get(typology);
|
||||
}
|
||||
|
||||
@Deprecated
|
||||
private List<String> getRoleIdsFromUserRoles(String userEmail) {
|
||||
List<Integer> coPersonId = registryCalls.getCoPersonIdsByEmail(userEmail);
|
||||
JsonArray roles;
|
||||
|
|
|
@ -165,6 +165,7 @@ public class RegistryCalls implements AaiRegistryService {
|
|||
@Override
|
||||
public JsonArray getRoles(Integer coPersonId) {
|
||||
Map<String, String> params = new HashMap<>();
|
||||
params.put("coid", coid);
|
||||
params.put("copersonid", coPersonId.toString());
|
||||
JsonElement response = httpUtils.get("co_person_roles.json", params);
|
||||
return (response != null) ? response.getAsJsonObject().get("CoPersonRoles").getAsJsonArray() : new JsonArray();
|
||||
|
|
|
@ -7,6 +7,8 @@ import org.springframework.security.core.GrantedAuthority;
|
|||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import java.io.UnsupportedEncodingException;
|
||||
import java.net.URLDecoder;
|
||||
import java.net.URLEncoder;
|
||||
import java.util.Collection;
|
||||
import java.util.Objects;
|
||||
|
@ -20,21 +22,8 @@ public class AaiRoleMappingService implements RoleMappingService {
|
|||
@Value("${services.provide.aai.registry.production:true}")
|
||||
private boolean production;
|
||||
|
||||
|
||||
private String createRepoRoleName(String prefix, String repoId) {
|
||||
return prefix + "." + repoId.replace(":", "$");
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getRepoNameWithoutType(String fullName, String prefix) {
|
||||
if (fullName != null && prefix != null && fullName.startsWith(prefix)) {
|
||||
return fullName.substring(prefix.length());
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getRepoIdByRoleId(String roleId) {
|
||||
public String getRepositoryId(String roleId) {
|
||||
if (!roleActive(roleId)) {
|
||||
return null;
|
||||
}
|
||||
|
@ -42,43 +31,46 @@ public class AaiRoleMappingService implements RoleMappingService {
|
|||
}
|
||||
|
||||
@Override
|
||||
public Collection<String> getRepoIdsByRoleIds(Collection<String> roleIds) {
|
||||
public Collection<String> getRepositoryIds(Collection<String> roleIds) {
|
||||
return roleIds
|
||||
.stream()
|
||||
//.filter(this::roleActive) // implicitly executed in the next statement
|
||||
.map(this::getRepoIdByRoleId)
|
||||
.map(this::getRepositoryId)
|
||||
.filter(Objects::nonNull)
|
||||
.collect(Collectors.toList());
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getRoleIdByRepoId(String repoId) {
|
||||
String roleId = "";
|
||||
public String getRole(String repoId) {
|
||||
String role = null;
|
||||
String prefix = (production ? "" : "beta.") + "datasource";
|
||||
if (repoId != null) {
|
||||
roleId = createRepoRoleName(prefix, repoId);
|
||||
return roleId;
|
||||
} else {
|
||||
return null;
|
||||
role = createRole(prefix, repoId);
|
||||
}
|
||||
|
||||
return role;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Collection<String> getRoleIdsByRepoIds(Collection<String> repoIds) {
|
||||
public Collection<String> getRoles(Collection<String> repoIds) {
|
||||
return repoIds
|
||||
.stream()
|
||||
.map(this::getRoleIdByRepoId)
|
||||
.map(this::getRole)
|
||||
.filter(Objects::nonNull)
|
||||
.collect(Collectors.toList());
|
||||
}
|
||||
|
||||
@Override
|
||||
public String convertAuthorityIdToRepoId(String authorityId) {
|
||||
String repo = "";
|
||||
if (authorityId != null && roleActive(authorityId)) {
|
||||
repo = authorityId
|
||||
.replaceFirst(".*datasource\\.", "")
|
||||
public String authorityToRepositoryId(GrantedAuthority authority) {
|
||||
String repo = null;
|
||||
String auth = null;
|
||||
try {
|
||||
auth = URLDecoder.decode(authority.getAuthority(), "UTF-8").toLowerCase();
|
||||
} catch (UnsupportedEncodingException e) {
|
||||
logger.error("", e);
|
||||
}
|
||||
|
||||
if (auth != null && roleActive(auth)) {
|
||||
repo = auth
|
||||
.replaceFirst(".*datasource\\_", "")
|
||||
.replace("$", ":")
|
||||
.toLowerCase();
|
||||
}
|
||||
|
@ -86,12 +78,26 @@ public class AaiRoleMappingService implements RoleMappingService {
|
|||
}
|
||||
|
||||
@Override
|
||||
public String convertAuthorityToRepoId(GrantedAuthority authority) {
|
||||
return convertAuthorityIdToRepoId(authority.toString());
|
||||
public GrantedAuthority repositoryIdToAuthority(String repoId) {
|
||||
String role = null;
|
||||
try {
|
||||
role = URLEncoder.encode(convertRepoIdToAuthorityId(repoId), "UTF-8");
|
||||
} catch (UnsupportedEncodingException e) {
|
||||
logger.error("", e);
|
||||
}
|
||||
return new SimpleGrantedAuthority(role);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String convertRepoIdToAuthorityId(String repoId) {
|
||||
private String createRole(String prefix, String repoId) {
|
||||
return prefix + "." + repoId.replace(":", "$");
|
||||
}
|
||||
|
||||
private boolean roleActive(String roleId) {
|
||||
return (production && !roleId.toLowerCase().startsWith("beta"))
|
||||
|| (!production && roleId.toLowerCase().startsWith("beta"));
|
||||
}
|
||||
|
||||
private String convertRepoIdToAuthorityId(String repoId) {
|
||||
StringBuilder roleBuilder = new StringBuilder();
|
||||
String role = "";
|
||||
if (repoId != null) {
|
||||
|
@ -102,20 +108,4 @@ public class AaiRoleMappingService implements RoleMappingService {
|
|||
}
|
||||
return role;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String convertRepoIdToEncodedAuthorityId(String repoId) {
|
||||
return URLEncoder.encode(convertRepoIdToAuthorityId(repoId));
|
||||
}
|
||||
|
||||
@Override
|
||||
public SimpleGrantedAuthority convertRepoIdToAuthority(String repoId) {
|
||||
String role = convertRepoIdToEncodedAuthorityId(repoId);
|
||||
return new SimpleGrantedAuthority(role);
|
||||
}
|
||||
|
||||
private boolean roleActive(String roleId) {
|
||||
return (production && !roleId.toLowerCase().startsWith("beta."))
|
||||
|| (!production && roleId.toLowerCase().startsWith("beta."));
|
||||
}
|
||||
}
|
||||
|
|
|
@ -56,9 +56,9 @@ public class AuthorizationServiceImpl implements AuthorizationService {
|
|||
|
||||
@Override
|
||||
public boolean isMemberOf(String repoId) {
|
||||
String repoRole = roleMappingService.convertRepoIdToEncodedAuthorityId(repoId);
|
||||
String repoAuthority = roleMappingService.repositoryIdToAuthority(repoId).getAuthority();
|
||||
return SecurityContextHolder.getContext().getAuthentication().getAuthorities()
|
||||
.stream().anyMatch(authority -> authority.toString().equals(repoRole));
|
||||
.stream().anyMatch(authority -> authority.toString().equals(repoAuthority));
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -74,7 +74,7 @@ public class AuthorizationServiceImpl implements AuthorizationService {
|
|||
public List<User> getAdminsOfRepo(String repoId) {
|
||||
|
||||
// find couId by role name
|
||||
String role = roleMappingService.getRoleIdByRepoId(repoId);
|
||||
String role = roleMappingService.getRole(repoId);
|
||||
Integer couId = aaiRegistryService.getCouId(role);
|
||||
return aaiRegistryService.getUsers(couId);
|
||||
}
|
||||
|
@ -82,7 +82,7 @@ public class AuthorizationServiceImpl implements AuthorizationService {
|
|||
|
||||
@Override
|
||||
public void addAdmin(String resourceId, String email) throws ResourceNotFoundException {
|
||||
String role = roleMappingService.getRoleIdByRepoId(resourceId);
|
||||
String role = roleMappingService.getRole(resourceId);
|
||||
Integer couId = aaiRegistryService.getCouId(role);
|
||||
if (couId == null) {
|
||||
throw new ResourceNotFoundException("Cannot find CouId for role: " + role);
|
||||
|
@ -94,14 +94,14 @@ public class AuthorizationServiceImpl implements AuthorizationService {
|
|||
|
||||
// Add role to user current authorities
|
||||
for (String userId : aaiRegistryService.getUserIdentifiersByEmail(email)) {
|
||||
authoritiesUpdater.addRole(userId, roleMappingService.convertRepoIdToAuthority(resourceId));
|
||||
authoritiesUpdater.addRole(userId, roleMappingService.repositoryIdToAuthority(resourceId));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public void removeAdmin(String resourceId, String email) throws ResourceNotFoundException {
|
||||
String role = roleMappingService.getRoleIdByRepoId(resourceId);
|
||||
String role = roleMappingService.getRole(resourceId);
|
||||
Integer couId = aaiRegistryService.getCouId(role);
|
||||
if (couId == null) {
|
||||
throw new ResourceNotFoundException("Cannot find CouId for role: " + role);
|
||||
|
@ -115,7 +115,7 @@ public class AuthorizationServiceImpl implements AuthorizationService {
|
|||
|
||||
// Remove role from user current authorities
|
||||
for (String userId : aaiRegistryService.getUserIdentifiersByEmail(email)) {
|
||||
authoritiesUpdater.removeRole(userId, roleMappingService.convertRepoIdToAuthority(resourceId));
|
||||
authoritiesUpdater.removeRole(userId, roleMappingService.repositoryIdToAuthority(resourceId));
|
||||
}
|
||||
} else {
|
||||
logger.error("Cannot find RoleId for role: {}", role);
|
||||
|
@ -126,7 +126,7 @@ public class AuthorizationServiceImpl implements AuthorizationService {
|
|||
@Override
|
||||
public void createAndAssignRoleToAuthenticatedUser(String resourceId, String roleDescription) {
|
||||
// Create new role
|
||||
String newRoleName = roleMappingService.getRoleIdByRepoId(resourceId);
|
||||
String newRoleName = roleMappingService.getRole(resourceId);
|
||||
Role newRole = new Role(newRoleName, roleDescription);
|
||||
|
||||
Integer couId;
|
||||
|
@ -148,7 +148,7 @@ public class AuthorizationServiceImpl implements AuthorizationService {
|
|||
aaiRegistryService.assignMemberRole(coPersonId, couId);
|
||||
|
||||
// Add role to current user authorities
|
||||
authoritiesUpdater.addRole(roleMappingService.convertRepoIdToAuthority(resourceId));
|
||||
authoritiesUpdater.addRole(roleMappingService.repositoryIdToAuthority(resourceId));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -7,68 +7,41 @@ import java.util.Collection;
|
|||
|
||||
public interface RoleMappingService {
|
||||
|
||||
/**
|
||||
* @param fullName
|
||||
* @param prefix
|
||||
* @return
|
||||
*/
|
||||
String getRepoNameWithoutType(String fullName, String prefix);
|
||||
|
||||
/**
|
||||
* @param roleId Role Id
|
||||
* @return Converts {@param roleId} to a repo Id.
|
||||
*/
|
||||
String getRepoIdByRoleId(String roleId);
|
||||
String getRepositoryId(String roleId);
|
||||
|
||||
/**
|
||||
*
|
||||
* @param roleIds Collection of roles
|
||||
* @return Converts {@param roleIds} to a repo Ids.
|
||||
*/
|
||||
Collection<String> getRepoIdsByRoleIds(Collection<String> roleIds);
|
||||
Collection<String> getRepositoryIds(Collection<String> roleIds);
|
||||
|
||||
/**
|
||||
* @param repoId Repository Id
|
||||
* @return Converts {@param repoId} to a role Id.
|
||||
*/
|
||||
String getRoleIdByRepoId(String repoId);
|
||||
String getRole(String repoId);
|
||||
|
||||
/**
|
||||
* @param repoIds Collection of Repository Ids
|
||||
* @return Converts {@param repoIds} to role Ids.
|
||||
*/
|
||||
Collection<String> getRoleIdsByRepoIds(Collection<String> repoIds);
|
||||
Collection<String> getRoles(Collection<String> repoIds);
|
||||
|
||||
/**
|
||||
* @param authorityId Authority Id
|
||||
* @return Converts {@param authorityId} to repo Id.
|
||||
* @param authority {@link GrantedAuthority}
|
||||
* @return Converts {@param authority} to repository Id.
|
||||
*/
|
||||
String convertAuthorityIdToRepoId(String authorityId);
|
||||
|
||||
/**
|
||||
* @param authority Granted authority
|
||||
* @return Converts {@param authority} to repo Id.
|
||||
*/
|
||||
String convertAuthorityToRepoId(GrantedAuthority authority);
|
||||
|
||||
/**
|
||||
* @param repoId Repository Id
|
||||
* @return
|
||||
*/
|
||||
String convertRepoIdToAuthorityId(String repoId);
|
||||
|
||||
/**
|
||||
* @param repoId Repository Id
|
||||
* @return Converts {@param repoId} to {@link String} role id url encoded ($ -> %24)
|
||||
* // TODO: remove role encoding and perform url decoding when mapping authorities. (Must be performed in all OpenAIRE projects because of Redis)
|
||||
*/
|
||||
String convertRepoIdToEncodedAuthorityId(String repoId);
|
||||
String authorityToRepositoryId(GrantedAuthority authority);
|
||||
|
||||
/**
|
||||
* @param repoId Repository Id
|
||||
* @return Converts {@param repoId} to {@link SimpleGrantedAuthority} with the role url encoded ($ -> %24)
|
||||
* // TODO: remove role encoding and perform url decoding when mapping authorities. (Must be performed in all OpenAIRE projects because of Redis)
|
||||
*/
|
||||
SimpleGrantedAuthority convertRepoIdToAuthority(String repoId);
|
||||
GrantedAuthority repositoryIdToAuthority(String repoId);
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue