gCubeSystem
/
VREFolder-hook
14
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

OIDC UMA token in threadlocal changes #1

Merged
massimiliano.assante merged 1 commits from :master into master 2020-06-24 10:16:40 +02:00
Conversation 1 Commits 1 Files Changed 3 +133 -104
3 changed files with 133 additions and 104 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pom.xml
View File

@ -64,6 +64,12 @@
<artifactId>common-scope</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.gcube.portal</groupId>
<artifactId>oidc-library-portal</artifactId>
<version>[0.1.0,)</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>

31
src/main/java/org/gcube/portal/plugins/GCubeHookSiteRoleLocalService.java
View File

@ -6,11 +6,13 @@ import java.util.ArrayList;
import java.util.List;
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
import org.gcube.common.authorization.library.provider.UmaJWTProvider;
import org.gcube.common.portal.PortalContext;
import org.gcube.common.scope.api.ScopeProvider;
import org.gcube.common.storagehub.client.dsl.StorageHubClient;
import org.gcube.common.storagehub.client.dsl.Util;
import org.gcube.common.storagehub.client.dsl.VREFolderManager;
import org.gcube.portal.oidc.lr62.OIDCUmaUtil;
import org.gcube.vomanagement.usermanagement.GroupManager;
import org.gcube.vomanagement.usermanagement.RoleManager;
import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager;
@ -38,6 +40,7 @@ public class GCubeHookSiteRoleLocalService extends UserGroupRoleLocalServiceWrap
private static final Logger _log = LoggerFactory.getLogger(GCubeHookSiteRoleLocalService.class);
private GroupManager gm;
private LiferayUserManager uMan;
public GCubeHookSiteRoleLocalService(UserGroupRoleLocalService userGroupRoleLocalService) {
super(userGroupRoleLocalService);
gm = new LiferayGroupManager();
@ -47,13 +50,15 @@ public class GCubeHookSiteRoleLocalService extends UserGroupRoleLocalServiceWrap
//TODO: as soon as Feature https://support.d4science.org/issues/17726 is delivered take care of this also
@Override
public java.util.List<com.liferay.portal.model.UserGroupRole> addUserGroupRoles(long[] userIds, long groupId, long roleId) throws com.liferay.portal.kernel.exception.SystemException {
public java.util.List<com.liferay.portal.model.UserGroupRole> addUserGroupRoles(long[] userIds, long groupId,
long roleId) throws com.liferay.portal.kernel.exception.SystemException {
List<UserGroupRole> toReturn = super.addUserGroupRoles(userIds, groupId, roleId);
return toReturn;
}
@Override
public java.util.List<com.liferay.portal.model.UserGroupRole> addUserGroupRoles(long userId, long groupId, long[] roleIds) throws com.liferay.portal.kernel.exception.SystemException {
public java.util.List<com.liferay.portal.model.UserGroupRole> addUserGroupRoles(long userId, long groupId,
long[] roleIds) throws com.liferay.portal.kernel.exception.SystemException {
List<UserGroupRole> toReturn = super.addUserGroupRoles(userId, groupId, roleIds);
try {
String context = gm.getInfrastructureScope(groupId);
@ -69,7 +74,8 @@ public class GCubeHookSiteRoleLocalService extends UserGroupRoleLocalServiceWrap
for (int i = 0; i < roleIds.length; i++) {
Role role = RoleLocalServiceUtil.getRole(roleIds[i]);
if (role.getName().compareTo(GCubeRole.VRE_MANAGER_LABEL) == 0) {
_log.info("User is being promoted (or was) as VREFolder Administrator, userId=" + userId + " on Site groupId="+groupId);
_log.info("User is being promoted (or was) as VREFolder Administrator, userId=" + userId
+ " on Site groupId=" + groupId);
vreManagerRolePresent = true;
break;
}
@ -78,8 +84,7 @@ public class GCubeHookSiteRoleLocalService extends UserGroupRoleLocalServiceWrap
} else {
_log.debug("addUserGroupRoles NOT done in a VRE, groupId=" + groupId);
}
}
catch (Exception e) {
} catch (Exception e) {
e.printStackTrace();
}
return toReturn;
@ -105,6 +110,7 @@ public class GCubeHookSiteRoleLocalService extends UserGroupRoleLocalServiceWrap
VREFolderManager vreFolderManager = shc.getVreFolderManager(vreFolderTitle);
String previousToken = SecurityTokenProvider.instance.get();
//get the super user
_log.info("//get the super user");
@ -112,10 +118,10 @@ public class GCubeHookSiteRoleLocalService extends UserGroupRoleLocalServiceWrap
long rootgroupId = gm.getGroupIdFromInfrastructureScope(infraContext);
User theAdmin = LiferayUserManager.getRandomUserWithRole(rootgroupId, GatewayRolesNames.INFRASTRUCTURE_MANAGER);
if (theAdmin == null) {
_log.warn("Cannot add the user as VRE Folder admin: there is no user having role " + GatewayRolesNames.INFRASTRUCTURE_MANAGER);
_log.warn("Cannot add the user as VRE Folder admin: there is no user having role "
+ GatewayRolesNames.INFRASTRUCTURE_MANAGER);
return false;
}
else {
} else {
RoleManager rm = new LiferayRoleManager();
String adminUsername = theAdmin.getScreenName();
_log.info("Got the super user: " + adminUsername);
@ -130,6 +136,9 @@ public class GCubeHookSiteRoleLocalService extends UserGroupRoleLocalServiceWrap
authorizationService().setTokenRoles(theAdminToken, rolesString);
SecurityTokenProvider.instance.set(theAdminToken);
String previousUmaToken = UmaJWTProvider.instance.get();
OIDCUmaUtil.provideConfiguredPortalClientUMATokenInThreadLocal(infraContext);
String theUserToPromoteOrDeclass = uMan.getUserById(userId).getUsername();
_log.info("The {} is being promoted? {} ", theUserToPromoteOrDeclass, enable);
if (enable)
@ -137,9 +146,13 @@ public class GCubeHookSiteRoleLocalService extends UserGroupRoleLocalServiceWrap
else
vreFolderManager.removeAdmin(theUserToPromoteOrDeclass);
SecurityTokenProvider.instance.set(previousToken);
if (previousUmaToken != null) {
UmaJWTProvider.instance.set(previousUmaToken);
}
return true;
}
}
}

10
src/main/java/org/gcube/portal/plugins/GCubeHookUserLocalService.java
View File

@ -6,10 +6,12 @@ import java.util.ArrayList;
import java.util.List;
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
import org.gcube.common.authorization.library.provider.UmaJWTProvider;
import org.gcube.common.portal.PortalContext;
import org.gcube.common.scope.api.ScopeProvider;
import org.gcube.common.storagehub.client.plugins.AbstractPlugin;
import org.gcube.common.storagehub.client.proxies.GroupManagerClient;
import org.gcube.portal.oidc.lr62.OIDCUmaUtil;
import org.gcube.portal.plugins.thread.CheckShareLatexUserThread;
import org.gcube.portal.plugins.thread.RemoveUserTokenFromVREThread;
import org.gcube.portal.plugins.thread.UpdateUserToLDAPGroupThread;
@ -174,12 +176,20 @@ public class GCubeHookUserLocalService extends UserLocalServiceWrapper {
_log.info("authorizationService().setTokenRoles(theAdminToken, rolesString);" +theAdminToken);
authorizationService().setTokenRoles(theAdminToken, rolesString);
SecurityTokenProvider.instance.set(theAdminToken);
String previousUmaToken = UmaJWTProvider.instance.get();
OIDCUmaUtil.provideConfiguredPortalClientUMATokenInThreadLocal(infraContext);
GroupManagerClient client = AbstractPlugin.groups().build();
if (add)
client.addUserToGroup(username2Add, getVREFolderNameFromContext(context));
else
client.removeUserFromGroup(username2Add, getVREFolderNameFromContext(context));
SecurityTokenProvider.instance.set(previousToken);
if (previousUmaToken != null) {
UmaJWTProvider.instance.set(previousUmaToken);
}
return true;
}
}