From ecfff7c9f3f320fd21b74b3c5bb7d12861c06ee5 Mon Sep 17 00:00:00 2001 From: Massimiliano Assante Date: Mon, 5 Mar 2018 10:53:19 +0000 Subject: [PATCH] Also the security token associated to the user is now removed from the given context when leaving a VRE. git-svn-id: http://svn.research-infrastructures.eu/public/d4science/gcube/trunk/portal/liferay62-plugins/VREFolder-hook@164702 82a268e6-3cf1-43bd-a215-b396298e98cf --- .../plugins/GCubeHookUserLocalService.java | 37 ++++++++------- .../thread/RemoveUserTokenFromVREThread.java | 46 +++++++++++++++++++ 2 files changed, 66 insertions(+), 17 deletions(-) create mode 100644 src/main/java/org/gcube/portal/plugins/thread/RemoveUserTokenFromVREThread.java diff --git a/src/main/java/org/gcube/portal/plugins/GCubeHookUserLocalService.java b/src/main/java/org/gcube/portal/plugins/GCubeHookUserLocalService.java index 5269d52..37a73af 100644 --- a/src/main/java/org/gcube/portal/plugins/GCubeHookUserLocalService.java +++ b/src/main/java/org/gcube/portal/plugins/GCubeHookUserLocalService.java @@ -4,6 +4,7 @@ import org.gcube.common.homelibrary.home.HomeLibrary; import org.gcube.common.portal.PortalContext; import org.gcube.common.scope.api.ScopeProvider; import org.gcube.portal.plugins.thread.CheckShareLatexUserThread; +import org.gcube.portal.plugins.thread.RemoveUserTokenFromVREThread; import org.gcube.portal.plugins.thread.UpdateUserToLDAPGroupThread; import org.gcube.vomanagement.usermanagement.GroupManager; import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager; @@ -36,23 +37,23 @@ public class GCubeHookUserLocalService extends UserLocalServiceWrapper { @Override public void addGroupUser(long groupId, long userId) throws com.liferay.portal.kernel.exception.SystemException { super.addGroupUser(groupId, userId); - addUserToHLVREFolder(groupId, userId); + addUserToVRERelatedServices(groupId, userId); } @Override public void addGroupUser(long groupId, com.liferay.portal.model.User user) throws com.liferay.portal.kernel.exception.SystemException { super.addGroupUser(groupId, user.getUserId()); - addUserToHLVREFolder(groupId, user.getUserId()); + addUserToVRERelatedServices(groupId, user.getUserId()); } @Override public void addGroupUsers(long groupId, long[] userIds) throws com.liferay.portal.kernel.exception.PortalException, com.liferay.portal.kernel.exception.SystemException { super.addGroupUsers(groupId, userIds); - addUsersToHLVREFolder(groupId, userIds); + addUsersToVRERelatedServices(groupId, userIds); } @Override public void addGroupUsers(long groupId, java.util.List Users) throws com.liferay.portal.kernel.exception.PortalException, com.liferay.portal.kernel.exception.SystemException { super.addGroupUsers(groupId, Users); for (User user : Users) { - addUserToHLVREFolder(groupId, user.getUserId()); + addUserToVRERelatedServices(groupId, user.getUserId()); } } @@ -65,29 +66,29 @@ public class GCubeHookUserLocalService extends UserLocalServiceWrapper { @Override public void unsetGroupUsers(long groupId, long[] userIds, com.liferay.portal.service.ServiceContext serviceContext) throws com.liferay.portal.kernel.exception.PortalException, SystemException { super.unsetGroupUsers(groupId, userIds, serviceContext); - removeUsersFromHLVREFolder(groupId, userIds); + removeUsersFromVRERelatedServices(groupId, userIds); } @Override public void deleteGroupUser(long groupId, long userId) throws com.liferay.portal.kernel.exception.SystemException { super.deleteGroupUser(groupId, userId); - removeUserFromHLVREFolder(groupId, userId); + removeUserFromVREReleatedServices(groupId, userId); } @Override public void deleteGroupUser(long groupId, com.liferay.portal.model.User user) throws com.liferay.portal.kernel.exception.SystemException { super.deleteGroupUser(groupId, user); - removeUserFromHLVREFolder(groupId, user.getUserId()); + removeUserFromVREReleatedServices(groupId, user.getUserId()); } @Override public void deleteGroupUsers(long groupId, long[] userIds) throws com.liferay.portal.kernel.exception.SystemException { super.deleteGroupUsers(groupId, userIds); - removeUsersFromHLVREFolder(groupId, userIds); + removeUsersFromVRERelatedServices(groupId, userIds); } @Override public void deleteGroupUsers(long groupId, java.util.List Users) throws com.liferay.portal.kernel.exception.SystemException { super.deleteGroupUsers(groupId, Users); for (User user : Users) { - removeUserFromHLVREFolder(groupId, user.getUserId()); + removeUserFromVREReleatedServices(groupId, user.getUserId()); } } @@ -97,17 +98,17 @@ public class GCubeHookUserLocalService extends UserLocalServiceWrapper { * @param groupId * @param userId */ - private void addUsersToHLVREFolder(long groupId, long[] userId) { + private void addUsersToVRERelatedServices(long groupId, long[] userId) { for (int i = 0; i < userId.length; i++) { - addUserToHLVREFolder(groupId, userId[i]); + addUserToVRERelatedServices(groupId, userId[i]); } } /** - * + * this method add the user joiing a VRE to all the related services she was associated (VREFolder, LDAP Group, SecurityToken is not necessary in thi case) * @param groupId * @param userId */ - private void addUserToHLVREFolder(long groupId, long userId) { + private void addUserToVRERelatedServices(long groupId, long userId) { _log.debug("GCube VRE Folder hook addGroupUser intercepted, trying to add user to VRE Folder"); GroupManager gm = new LiferayGroupManager(); String currScope = ScopeProvider.instance.get(); @@ -141,17 +142,17 @@ public class GCubeHookUserLocalService extends UserLocalServiceWrapper { * @param groupId * @param userId */ - private void removeUsersFromHLVREFolder(long groupId, long[] userId) { + private void removeUsersFromVRERelatedServices(long groupId, long[] userId) { for (int i = 0; i < userId.length; i++) { - removeUserFromHLVREFolder(groupId, userId[i]); + removeUserFromVREReleatedServices(groupId, userId[i]); } } /** - * + * this method remove the user leaving a VRE from all the related services she was associated (VREFolder, LDAP Group and SecurityToken) * @param groupId * @param userId */ - private void removeUserFromHLVREFolder(long groupId, long userId) { + private void removeUserFromVREReleatedServices(long groupId, long userId) { _log.debug("GCube VRE Folder hook removeUserFromHLVREFolder intercepted, trying to remove user from VRE Folder"); GroupManager gm = new LiferayGroupManager(); String currScope = ScopeProvider.instance.get(); @@ -168,6 +169,8 @@ public class GCubeHookUserLocalService extends UserLocalServiceWrapper { tLdap.start(); org.gcube.common.homelibrary.home.workspace.usermanager.UserManager hlUm = HomeLibrary.getHomeManagerFactory().getUserManager(); hlUm.removeUserFromGroup(scope, username); + Thread tToken = new Thread(new RemoveUserTokenFromVREThread(username, scope)); + tToken.start(); } else { _log.debug("Group is not a VRE, SKIP removal"); } diff --git a/src/main/java/org/gcube/portal/plugins/thread/RemoveUserTokenFromVREThread.java b/src/main/java/org/gcube/portal/plugins/thread/RemoveUserTokenFromVREThread.java new file mode 100644 index 0000000..12c3e30 --- /dev/null +++ b/src/main/java/org/gcube/portal/plugins/thread/RemoveUserTokenFromVREThread.java @@ -0,0 +1,46 @@ +package org.gcube.portal.plugins.thread; +import static org.gcube.common.authorization.client.Constants.authorizationService; + +import org.gcube.common.authorization.library.provider.SecurityTokenProvider; +import org.gcube.common.scope.api.ScopeProvider; + +import com.liferay.portal.kernel.log.Log; +import com.liferay.portal.kernel.log.LogFactoryUtil; + +/** + * + * @author Massimiliano Assante ISTI-CNR + * + */ +public class RemoveUserTokenFromVREThread implements Runnable { + private static Log _log = LogFactoryUtil.getLog(RemoveUserTokenFromVREThread.class); + private String username; + private String scope; + /** + * + * @param username + * @param scope + */ + public RemoveUserTokenFromVREThread(String username, String scope) { + super(); + this.username = username; + this.scope = scope; + } + + @Override + public void run() { + String currScope = ScopeProvider.instance.get(); + ScopeProvider.instance.set(scope); + try { + String userToken = authorizationService().resolveTokenByUserAndContext(username, scope); + SecurityTokenProvider.instance.set(userToken); + authorizationService().removeAllReleatedToken(username, scope); + } catch (Exception e) { + _log.error("Could not remove user token " + username + " in " + scope, e); + } + ScopeProvider.instance.set(currScope); //restore the scope in ThreadLocal + } + +} + +