diff --git a/pom.xml b/pom.xml
index 4b474a7..c199b9d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -64,6 +64,12 @@
common-scope
provided
+
+ org.gcube.portal
+ oidc-library-portal
+ [0.1.0,)
+ provided
+
org.slf4j
slf4j-log4j12
diff --git a/src/main/java/org/gcube/portal/plugins/GCubeHookSiteRoleLocalService.java b/src/main/java/org/gcube/portal/plugins/GCubeHookSiteRoleLocalService.java
index f2de26d..6972e3d 100644
--- a/src/main/java/org/gcube/portal/plugins/GCubeHookSiteRoleLocalService.java
+++ b/src/main/java/org/gcube/portal/plugins/GCubeHookSiteRoleLocalService.java
@@ -6,11 +6,13 @@ import java.util.ArrayList;
import java.util.List;
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
+import org.gcube.common.authorization.library.provider.UmaJWTProvider;
import org.gcube.common.portal.PortalContext;
import org.gcube.common.scope.api.ScopeProvider;
import org.gcube.common.storagehub.client.dsl.StorageHubClient;
import org.gcube.common.storagehub.client.dsl.Util;
import org.gcube.common.storagehub.client.dsl.VREFolderManager;
+import org.gcube.portal.oidc.lr62.OIDCUmaUtil;
import org.gcube.vomanagement.usermanagement.GroupManager;
import org.gcube.vomanagement.usermanagement.RoleManager;
import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager;
@@ -32,114 +34,125 @@ import com.liferay.portal.service.UserGroupRoleLocalServiceWrapper;
import com.liferay.portal.service.UserLocalServiceUtil;
public class GCubeHookSiteRoleLocalService extends UserGroupRoleLocalServiceWrapper {
- /**
- * logger
- */
- private static final Logger _log = LoggerFactory.getLogger(GCubeHookSiteRoleLocalService.class);
- private GroupManager gm;
- private LiferayUserManager uMan;
- public GCubeHookSiteRoleLocalService(UserGroupRoleLocalService userGroupRoleLocalService) {
- super(userGroupRoleLocalService);
- gm = new LiferayGroupManager();
- uMan = new LiferayUserManager();
- System.out.println("GCubeHookSiteRoleLocalService hook is UP & Listening ...");
- }
+ /**
+ * logger
+ */
+ private static final Logger _log = LoggerFactory.getLogger(GCubeHookSiteRoleLocalService.class);
+ private GroupManager gm;
+ private LiferayUserManager uMan;
- //TODO: as soon as Feature https://support.d4science.org/issues/17726 is delivered take care of this also
- @Override
- public java.util.List addUserGroupRoles(long[] userIds, long groupId, long roleId) throws com.liferay.portal.kernel.exception.SystemException {
- List toReturn = super.addUserGroupRoles(userIds, groupId, roleId);
- return toReturn;
- }
+ public GCubeHookSiteRoleLocalService(UserGroupRoleLocalService userGroupRoleLocalService) {
+ super(userGroupRoleLocalService);
+ gm = new LiferayGroupManager();
+ uMan = new LiferayUserManager();
+ System.out.println("GCubeHookSiteRoleLocalService hook is UP & Listening ...");
+ }
- @Override
- public java.util.List addUserGroupRoles(long userId, long groupId, long[] roleIds) throws com.liferay.portal.kernel.exception.SystemException {
- List toReturn = super.addUserGroupRoles(userId, groupId, roleIds);
- try {
- String context = gm.getInfrastructureScope(groupId);
- String username = UserLocalServiceUtil.getUser(userId).getScreenName();
- /* Check this part CAREFULLY as when the user is just created it fails*/
- String userToken = authorizationService().resolveTokenByUserAndContext(username, context);
- List userRoles = getUserRoles(roleIds);
- authorizationService().setTokenRoles(userToken, userRoles);
- _log.debug("Check if addUserGroupRoles is done in a VRE");
- if (gm.isVRE(groupId)) {
- _log.debug("addUserGroupRoles performed in a VRE, groupId=" + groupId);
- boolean vreManagerRolePresent = false;
- for (int i = 0; i < roleIds.length; i++) {
- Role role = RoleLocalServiceUtil.getRole(roleIds[i]);
- if (role.getName().compareTo(GCubeRole.VRE_MANAGER_LABEL) == 0) {
- _log.info("User is being promoted (or was) as VREFolder Administrator, userId=" + userId + " on Site groupId="+groupId);
- vreManagerRolePresent = true;
- break;
- }
- }
- setVREFolderAdministrator(userId, groupId, vreManagerRolePresent);
- } else {
- _log.debug("addUserGroupRoles NOT done in a VRE, groupId=" + groupId);
- }
- }
- catch (Exception e) {
- e.printStackTrace();
- }
- return toReturn;
- }
+ //TODO: as soon as Feature https://support.d4science.org/issues/17726 is delivered take care of this also
+ @Override
+ public java.util.List addUserGroupRoles(long[] userIds, long groupId,
+ long roleId) throws com.liferay.portal.kernel.exception.SystemException {
+ List toReturn = super.addUserGroupRoles(userIds, groupId, roleId);
+ return toReturn;
+ }
- private List getUserRoles(long[] roleIds) throws PortalException, SystemException {
- List toReturn = new ArrayList<>();
- for (int i = 0; i < roleIds.length; i++) {
- Role role = RoleLocalServiceUtil.getRole(roleIds[i]);
- toReturn.add(role.getName());
- }
- return toReturn;
- }
+ @Override
+ public java.util.List addUserGroupRoles(long userId, long groupId,
+ long[] roleIds) throws com.liferay.portal.kernel.exception.SystemException {
+ List toReturn = super.addUserGroupRoles(userId, groupId, roleIds);
+ try {
+ String context = gm.getInfrastructureScope(groupId);
+ String username = UserLocalServiceUtil.getUser(userId).getScreenName();
+ /* Check this part CAREFULLY as when the user is just created it fails*/
+ String userToken = authorizationService().resolveTokenByUserAndContext(username, context);
+ List userRoles = getUserRoles(roleIds);
+ authorizationService().setTokenRoles(userToken, userRoles);
+ _log.debug("Check if addUserGroupRoles is done in a VRE");
+ if (gm.isVRE(groupId)) {
+ _log.debug("addUserGroupRoles performed in a VRE, groupId=" + groupId);
+ boolean vreManagerRolePresent = false;
+ for (int i = 0; i < roleIds.length; i++) {
+ Role role = RoleLocalServiceUtil.getRole(roleIds[i]);
+ if (role.getName().compareTo(GCubeRole.VRE_MANAGER_LABEL) == 0) {
+ _log.info("User is being promoted (or was) as VREFolder Administrator, userId=" + userId
+ + " on Site groupId=" + groupId);
+ vreManagerRolePresent = true;
+ break;
+ }
+ }
+ setVREFolderAdministrator(userId, groupId, vreManagerRolePresent);
+ } else {
+ _log.debug("addUserGroupRoles NOT done in a VRE, groupId=" + groupId);
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ return toReturn;
+ }
- private boolean setVREFolderAdministrator(long userId, long groupId, boolean enable) throws Exception {
- String context = gm.getInfrastructureScope(groupId);
- ScopeProvider.instance.set(context);
- String vreFolderTitle = Util.getVREGroupFromContext(context);
- _log.info("The vreFolderTitle on which the VREFolder role is being {} is {}", enable, vreFolderTitle);
- _log.info("Before StorageHubClient shc = new StorageHubClient();");
- StorageHubClient shc = new StorageHubClient();
- _log.info("Before shc.getVreFolderManager(vreFolderTitle);");
- VREFolderManager vreFolderManager = shc.getVreFolderManager(vreFolderTitle);
-
- String previousToken = SecurityTokenProvider.instance.get();
- //get the super user
- _log.info("//get the super user");
+ private List getUserRoles(long[] roleIds) throws PortalException, SystemException {
+ List toReturn = new ArrayList<>();
+ for (int i = 0; i < roleIds.length; i++) {
+ Role role = RoleLocalServiceUtil.getRole(roleIds[i]);
+ toReturn.add(role.getName());
+ }
+ return toReturn;
+ }
- String infraContext = "/"+PortalContext.getConfiguration().getInfrastructureName();
- long rootgroupId = gm.getGroupIdFromInfrastructureScope(infraContext);
- User theAdmin = LiferayUserManager.getRandomUserWithRole(rootgroupId, GatewayRolesNames.INFRASTRUCTURE_MANAGER);
- if (theAdmin == null) {
- _log.warn("Cannot add the user as VRE Folder admin: there is no user having role " + GatewayRolesNames.INFRASTRUCTURE_MANAGER);
- return false;
- }
- else {
- RoleManager rm = new LiferayRoleManager();
- String adminUsername = theAdmin.getScreenName();
- _log.info("Got the super user: " +adminUsername);
- String theAdminToken = PortalContext.getConfiguration().getCurrentUserToken(infraContext, adminUsername);
- List rolesString = new ArrayList();
- List theAdminRoles = rm.listRolesByUserAndGroup(theAdmin.getUserId(), rootgroupId);
- for (GCubeRole gCubeRole : theAdminRoles) {
- rolesString.add(gCubeRole.getRoleName());
- }
- rolesString.add(GatewayRolesNames.INFRASTRUCTURE_MANAGER.getRoleName());
- _log.info("authorizationService().setTokenRoles(theAdminToken, rolesString);" +theAdminToken);
- authorizationService().setTokenRoles(theAdminToken, rolesString);
- SecurityTokenProvider.instance.set(theAdminToken);
-
- String theUserToPromoteOrDeclass = uMan.getUserById(userId).getUsername();
- _log.info("The {} is being promoted? {} ", theUserToPromoteOrDeclass, enable);
- if (enable)
- vreFolderManager.setAdmin(theUserToPromoteOrDeclass);
- else
- vreFolderManager.removeAdmin(theUserToPromoteOrDeclass);
- SecurityTokenProvider.instance.set(previousToken);
- return true;
- }
- }
+ private boolean setVREFolderAdministrator(long userId, long groupId, boolean enable) throws Exception {
+ String context = gm.getInfrastructureScope(groupId);
+ ScopeProvider.instance.set(context);
+ String vreFolderTitle = Util.getVREGroupFromContext(context);
+ _log.info("The vreFolderTitle on which the VREFolder role is being {} is {}", enable, vreFolderTitle);
+ _log.info("Before StorageHubClient shc = new StorageHubClient();");
+ StorageHubClient shc = new StorageHubClient();
+ _log.info("Before shc.getVreFolderManager(vreFolderTitle);");
+ VREFolderManager vreFolderManager = shc.getVreFolderManager(vreFolderTitle);
+ String previousToken = SecurityTokenProvider.instance.get();
+
+ //get the super user
+ _log.info("//get the super user");
+
+ String infraContext = "/" + PortalContext.getConfiguration().getInfrastructureName();
+ long rootgroupId = gm.getGroupIdFromInfrastructureScope(infraContext);
+ User theAdmin = LiferayUserManager.getRandomUserWithRole(rootgroupId, GatewayRolesNames.INFRASTRUCTURE_MANAGER);
+ if (theAdmin == null) {
+ _log.warn("Cannot add the user as VRE Folder admin: there is no user having role "
+ + GatewayRolesNames.INFRASTRUCTURE_MANAGER);
+ return false;
+ } else {
+ RoleManager rm = new LiferayRoleManager();
+ String adminUsername = theAdmin.getScreenName();
+ _log.info("Got the super user: " + adminUsername);
+ String theAdminToken = PortalContext.getConfiguration().getCurrentUserToken(infraContext, adminUsername);
+ List rolesString = new ArrayList();
+ List theAdminRoles = rm.listRolesByUserAndGroup(theAdmin.getUserId(), rootgroupId);
+ for (GCubeRole gCubeRole : theAdminRoles) {
+ rolesString.add(gCubeRole.getRoleName());
+ }
+ rolesString.add(GatewayRolesNames.INFRASTRUCTURE_MANAGER.getRoleName());
+ _log.info("authorizationService().setTokenRoles(theAdminToken, rolesString);" + theAdminToken);
+ authorizationService().setTokenRoles(theAdminToken, rolesString);
+ SecurityTokenProvider.instance.set(theAdminToken);
+
+ String previousUmaToken = UmaJWTProvider.instance.get();
+ OIDCUmaUtil.provideConfiguredPortalClientUMATokenInThreadLocal(infraContext);
+
+ String theUserToPromoteOrDeclass = uMan.getUserById(userId).getUsername();
+ _log.info("The {} is being promoted? {} ", theUserToPromoteOrDeclass, enable);
+ if (enable)
+ vreFolderManager.setAdmin(theUserToPromoteOrDeclass);
+ else
+ vreFolderManager.removeAdmin(theUserToPromoteOrDeclass);
+ SecurityTokenProvider.instance.set(previousToken);
+
+ if (previousUmaToken != null) {
+ UmaJWTProvider.instance.set(previousUmaToken);
+ }
+
+ return true;
+ }
+ }
}
diff --git a/src/main/java/org/gcube/portal/plugins/GCubeHookUserLocalService.java b/src/main/java/org/gcube/portal/plugins/GCubeHookUserLocalService.java
index 6ace958..a65112c 100644
--- a/src/main/java/org/gcube/portal/plugins/GCubeHookUserLocalService.java
+++ b/src/main/java/org/gcube/portal/plugins/GCubeHookUserLocalService.java
@@ -6,10 +6,12 @@ import java.util.ArrayList;
import java.util.List;
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
+import org.gcube.common.authorization.library.provider.UmaJWTProvider;
import org.gcube.common.portal.PortalContext;
import org.gcube.common.scope.api.ScopeProvider;
import org.gcube.common.storagehub.client.plugins.AbstractPlugin;
import org.gcube.common.storagehub.client.proxies.GroupManagerClient;
+import org.gcube.portal.oidc.lr62.OIDCUmaUtil;
import org.gcube.portal.plugins.thread.CheckShareLatexUserThread;
import org.gcube.portal.plugins.thread.RemoveUserTokenFromVREThread;
import org.gcube.portal.plugins.thread.UpdateUserToLDAPGroupThread;
@@ -174,13 +176,21 @@ public class GCubeHookUserLocalService extends UserLocalServiceWrapper {
_log.info("authorizationService().setTokenRoles(theAdminToken, rolesString);" +theAdminToken);
authorizationService().setTokenRoles(theAdminToken, rolesString);
SecurityTokenProvider.instance.set(theAdminToken);
+
+ String previousUmaToken = UmaJWTProvider.instance.get();
+ OIDCUmaUtil.provideConfiguredPortalClientUMATokenInThreadLocal(infraContext);
GroupManagerClient client = AbstractPlugin.groups().build();
if (add)
client.addUserToGroup(username2Add, getVREFolderNameFromContext(context));
else
client.removeUserFromGroup(username2Add, getVREFolderNameFromContext(context));
SecurityTokenProvider.instance.set(previousToken);
- return true;
+
+ if (previousUmaToken != null) {
+ UmaJWTProvider.instance.set(previousUmaToken);
+ }
+
+ return true;
}
}