From ac5dae9fbb9d83b58bd6c844e48923b34d154371 Mon Sep 17 00:00:00 2001 From: Massimiliano Assante Date: Thu, 4 Feb 2021 18:31:38 +0100 Subject: [PATCH] both the VRE User adding/removal and roles are handled via shub --- .../GCubeHookSiteRoleLocalService.java | 48 +++++++++-------- .../plugins/GCubeHookUserLocalService.java | 43 ++------------- .../gcube/portal/plugins/util/AuthUtil.java | 52 +++++++++++++++++++ .../portal/plugins/util/HookConstants.java | 8 --- 4 files changed, 83 insertions(+), 68 deletions(-) create mode 100644 src/main/java/org/gcube/portal/plugins/util/AuthUtil.java delete mode 100644 src/main/java/org/gcube/portal/plugins/util/HookConstants.java diff --git a/src/main/java/org/gcube/portal/plugins/GCubeHookSiteRoleLocalService.java b/src/main/java/org/gcube/portal/plugins/GCubeHookSiteRoleLocalService.java index e501ead..adef323 100644 --- a/src/main/java/org/gcube/portal/plugins/GCubeHookSiteRoleLocalService.java +++ b/src/main/java/org/gcube/portal/plugins/GCubeHookSiteRoleLocalService.java @@ -2,12 +2,15 @@ package org.gcube.portal.plugins; import java.util.List; -import org.gcube.common.homelibrary.home.HomeLibrary; -import org.gcube.common.homelibrary.home.workspace.usermanager.UserManager; -import org.gcube.common.portal.PortalContext; -import org.gcube.common.scope.api.ScopeProvider; +import org.gcube.common.authorization.library.provider.SecurityTokenProvider; +import org.gcube.common.authorization.library.provider.UmaJWTProvider; +import org.gcube.common.storagehub.client.dsl.StorageHubClient; +import org.gcube.common.storagehub.client.dsl.Util; +import org.gcube.common.storagehub.client.dsl.VREFolderManager; +import org.gcube.portal.plugins.util.AuthUtil; import org.gcube.vomanagement.usermanagement.GroupManager; import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager; +import org.gcube.vomanagement.usermanagement.impl.LiferayUserManager; import org.gcube.vomanagement.usermanagement.model.GCubeRole; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -17,7 +20,6 @@ import com.liferay.portal.model.UserGroupRole; import com.liferay.portal.service.RoleLocalServiceUtil; import com.liferay.portal.service.UserGroupRoleLocalService; import com.liferay.portal.service.UserGroupRoleLocalServiceWrapper; -import com.liferay.portal.service.UserLocalServiceUtil; public class GCubeHookSiteRoleLocalService extends UserGroupRoleLocalServiceWrapper { /** @@ -61,21 +63,25 @@ public class GCubeHookSiteRoleLocalService extends UserGroupRoleLocalServiceWrap } private void setVREFolderAdministrator(long userId, long groupId, boolean enable) throws Exception { - - String scopeVREFolder = gm.getInfrastructureScope(groupId); - - String currScope = ScopeProvider.instance.get(); - String scopeToset = "/"+PortalContext.getConfiguration().getInfrastructureName(); - ScopeProvider.instance.set(scopeToset); - - String username = UserLocalServiceUtil.getUser(userId).getScreenName(); - _log.debug("User " + username + " is going to be VRE Folder Admin?" + enable); - UserManager hlUm = HomeLibrary.getHomeManagerFactory().getUserManager(); - if (enable) - hlUm.setAdministrator(scopeVREFolder, username); - else - hlUm.removeAdministrator(scopeVREFolder, username); - - ScopeProvider.instance.set(currScope); + String previousToken = SecurityTokenProvider.instance.get(); + String previousUMAToken = UmaJWTProvider.instance.get(); + //this put the necessary auth tokens (legacy e UMA) in ThreadLocal + AuthUtil.setInfraManagerLegacyAndUMATokenInThreadLocal(); + String context = gm.getInfrastructureScope(groupId); + String vreFolderTitle = Util.getVREGroupFromContext(context); + _log.debug("The vreFolderTitle on which the VREFolder role is being {} is {}", enable, vreFolderTitle); + StorageHubClient shc = new StorageHubClient(); + VREFolderManager vreFolderManager = shc.getVreFolderManager(vreFolderTitle); + + String theUserToPromoteOrDeclass = new LiferayUserManager().getUserById(userId).getUsername(); + _log.info("The {} is being promoted? {} ", theUserToPromoteOrDeclass, enable); + if (enable) + vreFolderManager.setAdmin(theUserToPromoteOrDeclass); + else + vreFolderManager.removeAdmin(theUserToPromoteOrDeclass); + _log.info("*VREFolder-Hook** add/remove role operation complete"); + + UmaJWTProvider.instance.set(previousUMAToken); + SecurityTokenProvider.instance.set(previousToken); } } diff --git a/src/main/java/org/gcube/portal/plugins/GCubeHookUserLocalService.java b/src/main/java/org/gcube/portal/plugins/GCubeHookUserLocalService.java index 1302200..1959086 100644 --- a/src/main/java/org/gcube/portal/plugins/GCubeHookUserLocalService.java +++ b/src/main/java/org/gcube/portal/plugins/GCubeHookUserLocalService.java @@ -1,27 +1,18 @@ package org.gcube.portal.plugins; -import static org.gcube.common.authorization.client.Constants.authorizationService; - -import java.util.ArrayList; -import java.util.List; - import org.gcube.common.authorization.library.provider.SecurityTokenProvider; import org.gcube.common.authorization.library.provider.UmaJWTProvider; import org.gcube.common.portal.PortalContext; import org.gcube.common.scope.api.ScopeProvider; import org.gcube.common.storagehub.client.plugins.AbstractPlugin; import org.gcube.common.storagehub.client.proxies.GroupManagerClient; -import org.gcube.portal.oidc.lr62.OIDCUmaUtil; import org.gcube.portal.plugins.thread.CheckShareLatexUserThread; import org.gcube.portal.plugins.thread.RemoveUserTokenFromVREThread; -import org.gcube.portal.plugins.util.HookConstants; +import org.gcube.portal.plugins.util.AuthUtil; import org.gcube.vomanagement.usermanagement.GroupManager; import org.gcube.vomanagement.usermanagement.UserManager; import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager; -import org.gcube.vomanagement.usermanagement.impl.LiferayRoleManager; import org.gcube.vomanagement.usermanagement.impl.LiferayUserManager; -import org.gcube.vomanagement.usermanagement.model.GCubeRole; -import org.gcube.vomanagement.usermanagement.model.GatewayRolesNames; import com.liferay.portal.kernel.exception.SystemException; import com.liferay.portal.kernel.log.Log; @@ -160,34 +151,9 @@ public class GCubeHookUserLocalService extends UserLocalServiceWrapper { private boolean setUser2VREFolder(GroupManager gm, UserManager uMan, String username2Add, String context, boolean add) throws Exception { String previousToken = SecurityTokenProvider.instance.get(); String previousUMAToken = UmaJWTProvider.instance.get(); - //get the super user - _log.info("Getting super user with role " + GatewayRolesNames.INFRASTRUCTURE_MANAGER.getRoleName()); - //get the super user - String infraContext = "/"+PortalContext.getConfiguration().getInfrastructureName(); - long rootgroupId = gm.getGroupIdFromInfrastructureScope(infraContext); - User theAdmin = LiferayUserManager.getRandomUserWithRole(rootgroupId, GatewayRolesNames.INFRASTRUCTURE_MANAGER); - if (theAdmin == null) { - _log.error("Cannot add the user to the VRE Folder: there is no user having role " + HookConstants.AUTHORISED_INFRA_ROLE + " on context: " + infraContext); - return false; - } - String adminUsername = theAdmin.getScreenName(); - _log.info("Got the super user: " + adminUsername); - String theAdminToken = PortalContext.getConfiguration().getCurrentUserToken(infraContext, adminUsername); - List rolesString = new ArrayList(); - List theAdminRoles = new LiferayRoleManager().listRolesByUserAndGroup(theAdmin.getUserId(), rootgroupId); - for (GCubeRole gCubeRole : theAdminRoles) { - rolesString.add(gCubeRole.getRoleName()); - } - rolesString.add(GatewayRolesNames.INFRASTRUCTURE_MANAGER.getRoleName()); - _log.info("legacy authorizationService().setTokenRoles done"); - authorizationService().setTokenRoles(theAdminToken, rolesString); - SecurityTokenProvider.instance.set(theAdminToken); - OIDCUmaUtil.provideConfiguredPortalClientUMATokenInThreadLocal("/" + PortalContext.getConfiguration().getInfrastructureName()); - _log.info("\n\n\n*VREFolder-Hook** new authorizationService PortalClient UMA-Token In ThreadLocal done ****\n\n"); - - String vreFolderNameForsHub = getVREFolderNameFromContext(context); - System.out.println("-> VRE FOlder name to pass to shub: "+ vreFolderNameForsHub); - + AuthUtil.setInfraManagerLegacyAndUMATokenInThreadLocal(); + _log.info("\n*VREFolder-Hook** new authorizationService PortalClient UMA-Token In ThreadLocal done ****\n\n"); + String vreFolderNameForsHub = getVREFolderNameFromContext(context); GroupManagerClient client = AbstractPlugin.groups().build(); if (add) client.addUserToGroup(username2Add,vreFolderNameForsHub); @@ -198,7 +164,6 @@ public class GCubeHookUserLocalService extends UserLocalServiceWrapper { UmaJWTProvider.instance.set(previousUMAToken); SecurityTokenProvider.instance.set(previousToken); return true; - } private static String getVREFolderNameFromContext(String context) { diff --git a/src/main/java/org/gcube/portal/plugins/util/AuthUtil.java b/src/main/java/org/gcube/portal/plugins/util/AuthUtil.java new file mode 100644 index 0000000..347e233 --- /dev/null +++ b/src/main/java/org/gcube/portal/plugins/util/AuthUtil.java @@ -0,0 +1,52 @@ +package org.gcube.portal.plugins.util; + +import static org.gcube.common.authorization.client.Constants.authorizationService; + +import java.util.ArrayList; +import java.util.List; + +import org.gcube.common.authorization.library.provider.SecurityTokenProvider; +import org.gcube.common.portal.PortalContext; +import org.gcube.portal.oidc.lr62.OIDCUmaUtil; +import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager; +import org.gcube.vomanagement.usermanagement.impl.LiferayRoleManager; +import org.gcube.vomanagement.usermanagement.impl.LiferayUserManager; +import org.gcube.vomanagement.usermanagement.model.GCubeRole; +import org.gcube.vomanagement.usermanagement.model.GatewayRolesNames; + +import com.liferay.portal.kernel.log.Log; +import com.liferay.portal.kernel.log.LogFactoryUtil; +import com.liferay.portal.model.User; + +public class AuthUtil { + private static Log _log = LogFactoryUtil.getLog(AuthUtil.class); + public AuthUtil() { + } + + public static void setInfraManagerLegacyAndUMATokenInThreadLocal() throws Exception { + //get the super user + _log.info("Getting super user with role " + GatewayRolesNames.INFRASTRUCTURE_MANAGER.getRoleName()); + //get the super user + String infraContext = "/"+PortalContext.getConfiguration().getInfrastructureName(); + long rootgroupId = new LiferayGroupManager().getGroupIdFromInfrastructureScope(infraContext); + User theAdmin = LiferayUserManager.getRandomUserWithRole(rootgroupId, GatewayRolesNames.INFRASTRUCTURE_MANAGER); + if (theAdmin == null) { + _log.error("Cannot add the user to the VRE Folder: there is no user having role " + GatewayRolesNames.INFRASTRUCTURE_MANAGER + " on context: " + infraContext); + } + String adminUsername = theAdmin.getScreenName(); + _log.info("Got the super user: " + adminUsername); + String theAdminToken = PortalContext.getConfiguration().getCurrentUserToken(infraContext, adminUsername); + List rolesString = new ArrayList(); + List theAdminRoles = new LiferayRoleManager().listRolesByUserAndGroup(theAdmin.getUserId(), rootgroupId); + for (GCubeRole gCubeRole : theAdminRoles) { + rolesString.add(gCubeRole.getRoleName()); + } + rolesString.add(GatewayRolesNames.INFRASTRUCTURE_MANAGER.getRoleName()); + _log.debug("legacy authorizationService().setTokenRoles done"); + authorizationService().setTokenRoles(theAdminToken, rolesString); + SecurityTokenProvider.instance.set(theAdminToken); + OIDCUmaUtil.provideConfiguredPortalClientUMATokenInThreadLocal("/" + PortalContext.getConfiguration().getInfrastructureName()); + _log.debug("new authorizationService PortalClient set UMA-Token done"); + } + +} diff --git a/src/main/java/org/gcube/portal/plugins/util/HookConstants.java b/src/main/java/org/gcube/portal/plugins/util/HookConstants.java deleted file mode 100644 index a92c771..0000000 --- a/src/main/java/org/gcube/portal/plugins/util/HookConstants.java +++ /dev/null @@ -1,8 +0,0 @@ -package org.gcube.portal.plugins.util; - - -public class HookConstants { - - public static final String AUTHORISED_INFRA_ROLE = "Infrastructure-Manager"; - -} \ No newline at end of file