diff --git a/pom.xml b/pom.xml
index d7383f8..a1fd050 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
4.0.0
org.gcube.common
authorization-client
- 1.0.0-SNAPSHOT
+ 2.0.0-SNAPSHOT
authorization service client library
@@ -15,26 +15,26 @@
distro
-
+
-
+
org.gcube.common
common-authorization
- [1.0.0-SNAPSHOT,2.0.0-SNAPSHOT)
+ [2.0.0-SNAPSHOT,3.0.0-SNAPSHOT)
-
-
- org.gcube.core
- common-generic-clients
- [1.0.0-SNAPSHOT,2.0.0-SNAPSHOT)
-
-
-
+
+
org.gcube.core
common-encryption
[1.0.2-SNAPSHOT,2.0.0-SNAPSHOT)
-
-
+
+
+
+ org.gcube.core
+ common-encryption
+ [1.0.0-SNAPSHOT,2.0.0-SNAPSHOT)
+
+
org.slf4j
slf4j-api
diff --git a/src/main/java/org/gcube/common/authorization/client/Binder.java b/src/main/java/org/gcube/common/authorization/client/Binder.java
index eea611b..b04438b 100644
--- a/src/main/java/org/gcube/common/authorization/client/Binder.java
+++ b/src/main/java/org/gcube/common/authorization/client/Binder.java
@@ -5,8 +5,6 @@ import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import org.gcube.common.authorization.library.AuthorizationEntry;
-import org.gcube.common.authorization.library.BannedService;
-import org.gcube.common.authorization.library.BannedServices;
public class Binder {
@@ -14,7 +12,7 @@ public class Binder {
public static JAXBContext getContext() throws JAXBException{
if (context==null)
- context = JAXBContext.newInstance(AuthorizationEntry.class, BannedService.class, BannedServices.class);
+ context = JAXBContext.newInstance(AuthorizationEntry.class);
return context;
}
diff --git a/src/main/java/org/gcube/common/authorization/client/Constants.java b/src/main/java/org/gcube/common/authorization/client/Constants.java
index 27d6a2f..0098317 100644
--- a/src/main/java/org/gcube/common/authorization/client/Constants.java
+++ b/src/main/java/org/gcube/common/authorization/client/Constants.java
@@ -1,35 +1,24 @@
package org.gcube.common.authorization.client;
-import java.util.concurrent.TimeUnit;
-
-import javax.xml.namespace.QName;
-
-import org.gcube.common.authorization.client.plugin.AuthorizationPlugin;
import org.gcube.common.authorization.client.proxy.AuthorizationProxy;
-import org.gcube.common.clients.ProxyBuilder;
-import org.gcube.common.clients.ProxyBuilderImpl;
+import org.gcube.common.authorization.client.proxy.DefaultAuthorizationProxy;
public class Constants {
/** Service name. */
public static final String SERVICE_NAME = "AuthorizationService";
- /** Service class. */
- public static final String SERVICE_CLASS = "Common";
+ public static String CLIENT_ID_PARAM= "client_ID";
- public static final String CONTEXT_SERVICE_NAME="authorization-service";
+ public static String CONTEXT_PARAM= "context";
- public static final int DEFAULT_TIMEOUT= (int) TimeUnit.SECONDS.toMillis(10);
-
- private static final String TNS = "http://gcube-system.org/";
+ public static String ROLES_PARAM= "roles";
- public static final QName AUTHORIZATION_QNAME = new QName(TNS, "authorization-service");
-
public static final String SCOPE_HEADER_ENTRY = "gcube-scope";
public static final long TIME_TO_LIVE_CACHE_IN_MILLIS = (60*1000)*60; //1 hour
- public static ProxyBuilder authorizationService() {
- return new ProxyBuilderImpl(new AuthorizationPlugin());
+ public static AuthorizationProxy authorizationService() {
+ return new DefaultAuthorizationProxy();
}
}
diff --git a/src/main/java/org/gcube/common/authorization/client/JaxRSEndpointReference.java b/src/main/java/org/gcube/common/authorization/client/JaxRSEndpointReference.java
deleted file mode 100644
index 04f7faa..0000000
--- a/src/main/java/org/gcube/common/authorization/client/JaxRSEndpointReference.java
+++ /dev/null
@@ -1,60 +0,0 @@
-package org.gcube.common.authorization.client;
-
-import java.io.StringReader;
-import java.io.StringWriter;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.transform.stream.StreamResult;
-import javax.xml.ws.EndpointReference;
-import org.w3c.dom.Document;
-import org.w3c.dom.NodeList;
-import org.xml.sax.InputSource;
-
-public class JaxRSEndpointReference {
-
- private static final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
-
- private static final String addressLocalName = "Address";
- //private static final String keyLocalName = "ResourceKey";
-
- String address;
- //Element key;
-
- static {
- factory.setNamespaceAware(true);
- }
-
- public JaxRSEndpointReference(EndpointReference reference) {
- this(serialise(reference));
- }
-
- public JaxRSEndpointReference(String reference) {
-
- try {
-
- Document document = factory.newDocumentBuilder().parse(new InputSource(new StringReader(reference)));
-
- NodeList addresses = document.getElementsByTagNameNS("*", addressLocalName);
-
- if (addresses.getLength() == 0)
- throw new RuntimeException("reference does not contain an address");
-
- address = addresses.item(0).getTextContent();
-
- } catch (Exception e) {
- throw new IllegalArgumentException("reference is not a gCore reference", e);
- }
-
- }
-
- @Override
- public String toString() {
- return address;
- }
-
- // helper
- private static String serialise(EndpointReference reference) {
- StringWriter writer = new StringWriter();
- reference.writeTo(new StreamResult(writer));
- return writer.toString();
- }
-}
diff --git a/src/main/java/org/gcube/common/authorization/client/plugin/AbstractPlugin.java b/src/main/java/org/gcube/common/authorization/client/plugin/AbstractPlugin.java
deleted file mode 100644
index 9b4e910..0000000
--- a/src/main/java/org/gcube/common/authorization/client/plugin/AbstractPlugin.java
+++ /dev/null
@@ -1,37 +0,0 @@
-package org.gcube.common.authorization.client.plugin;
-
-import org.gcube.common.authorization.client.Constants;
-import org.gcube.common.clients.Plugin;
-
-
-
-public abstract class AbstractPlugin implements Plugin {
-
-
- public final String name;
-
- public AbstractPlugin(String name) {
- this.name=name;
- }
-
- @Override
- public String serviceClass() {
- return Constants.SERVICE_CLASS;
- }
-
- @Override
- public String serviceName() {
- return Constants.SERVICE_NAME;
- }
-
- @Override
- public String name() {
- return name;
- }
-
- @Override
- public String namespace() {
- return "";
- }
-
-}
\ No newline at end of file
diff --git a/src/main/java/org/gcube/common/authorization/client/plugin/AuthorizationPlugin.java b/src/main/java/org/gcube/common/authorization/client/plugin/AuthorizationPlugin.java
deleted file mode 100644
index 0c5d98d..0000000
--- a/src/main/java/org/gcube/common/authorization/client/plugin/AuthorizationPlugin.java
+++ /dev/null
@@ -1,35 +0,0 @@
-package org.gcube.common.authorization.client.plugin;
-
-
-import javax.xml.ws.EndpointReference;
-
-import org.gcube.common.authorization.client.JaxRSEndpointReference;
-import org.gcube.common.authorization.client.proxy.AuthorizationProxy;
-import org.gcube.common.authorization.client.proxy.DefaultAuthorizationProxy;
-import org.gcube.common.clients.config.ProxyConfig;
-import org.gcube.common.clients.delegates.ProxyDelegate;
-
-public class AuthorizationPlugin extends AbstractPlugin{
-
- public AuthorizationPlugin() {
- super("authorization-service/gcube/service");
- }
-
- @Override
- public Exception convert(Exception fault, ProxyConfig, ?> config) {
- return fault;
- }
-
- @Override
- public String resolve(EndpointReference address, ProxyConfig, ?> config)
- throws Exception {
- return new JaxRSEndpointReference(address).toString();
-
- }
-
- @Override
- public AuthorizationProxy newProxy(ProxyDelegate delegate) {
- return new DefaultAuthorizationProxy(delegate);
- }
-
-}
diff --git a/src/main/java/org/gcube/common/authorization/client/proxy/AuthorizationProxy.java b/src/main/java/org/gcube/common/authorization/client/proxy/AuthorizationProxy.java
index 8e0e21c..39e0d2e 100644
--- a/src/main/java/org/gcube/common/authorization/client/proxy/AuthorizationProxy.java
+++ b/src/main/java/org/gcube/common/authorization/client/proxy/AuthorizationProxy.java
@@ -4,17 +4,17 @@ import java.util.List;
import org.gcube.common.authorization.client.exceptions.ObjectNotFound;
import org.gcube.common.authorization.library.AuthorizationEntry;
-import org.gcube.common.authorization.library.BannedService;
public interface AuthorizationProxy {
- String generate(String userName, List roles);
+ String generate(String userName, List roles) throws Exception;
- AuthorizationEntry get(String token) throws ObjectNotFound;
+ AuthorizationEntry get(String token) throws ObjectNotFound, Exception;
- BannedService deny(String userName, String serviceClass, String serviceName);
+ /*
+ BannedService deny(String userName, String serviceClass, String serviceName) throws Exception;
- void allow(String userName, String serviceClass, String serviceName);
+ void allow(String userName, String serviceClass, String serviceName) throws Exception;
- List getBannedServices(String userName);
+ List getBannedServices(String userName) throws Exception;*/
}
diff --git a/src/main/java/org/gcube/common/authorization/client/proxy/DefaultAuthorizationProxy.java b/src/main/java/org/gcube/common/authorization/client/proxy/DefaultAuthorizationProxy.java
index e247d43..03230c2 100644
--- a/src/main/java/org/gcube/common/authorization/client/proxy/DefaultAuthorizationProxy.java
+++ b/src/main/java/org/gcube/common/authorization/client/proxy/DefaultAuthorizationProxy.java
@@ -1,13 +1,15 @@
package org.gcube.common.authorization.client.proxy;
-import static org.gcube.common.clients.exceptions.FaultDSL.again;
+import static org.gcube.common.authorization.client.Constants.CLIENT_ID_PARAM;
+import static org.gcube.common.authorization.client.Constants.CONTEXT_PARAM;
+import static org.gcube.common.authorization.client.Constants.ROLES_PARAM;
+import static org.gcube.common.authorization.client.Constants.SERVICE_NAME;
import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
-import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@@ -16,160 +18,119 @@ import org.gcube.common.authorization.client.Binder;
import org.gcube.common.authorization.client.Constants;
import org.gcube.common.authorization.client.exceptions.ObjectNotFound;
import org.gcube.common.authorization.library.AuthorizationEntry;
-import org.gcube.common.authorization.library.BannedService;
-import org.gcube.common.authorization.library.BannedServices;
-import org.gcube.common.clients.Call;
-import org.gcube.common.clients.delegates.ProxyDelegate;
-import org.gcube.common.clients.stubs.jaxws.JAXWSUtils.Empty;
+import org.gcube.common.encryption.StringEncrypter;
+import org.gcube.common.scope.api.Environment;
import org.gcube.common.scope.api.ScopeProvider;
+import org.gcube.common.scope.impl.EnvironmentServiceMap;
public class DefaultAuthorizationProxy implements AuthorizationProxy {
- private final ProxyDelegate delegate;
-
- public DefaultAuthorizationProxy(ProxyDelegate config){
- this.delegate = config;
- }
-
private static Map cache = new HashMap();
- @Override
- public String generate(final String userName, final List roles) {
- Call call = new Call() {
+ private static String endpoint;
- @Override
- public String call(String endpoint) throws Exception {
- StringBuilder rolesQueryString = new StringBuilder();
- for (String role: roles)
- rolesQueryString.append(role).append(",");
- rolesQueryString.deleteCharAt(rolesQueryString.lastIndexOf(","));
- String callUrl = endpoint+"/generate/"+userName+"?roles="+rolesQueryString.toString();
- URL url = new URL(callUrl);
- HttpURLConnection connection = makeRequest(url, "POST");
- if (connection.getResponseCode()!=200) throw new Exception("error contacting authorization service");
- try(BufferedReader reader = new BufferedReader(new InputStreamReader((InputStream)connection.getContent()));){
- StringBuilder result = new StringBuilder();
- String line;
- while((line = reader.readLine()) != null)
- result.append(line);
- return result.toString();
- }
- }
- };
- try {
- return delegate.make(call);
- } catch (Exception e) {
- throw again(e).asServiceException();
+ public DefaultAuthorizationProxy() {
+ endpoint = EnvironmentServiceMap.getInfrastructuresFor(Environment.DEVELOPMENT).endpoint(SERVICE_NAME);
+ }
+
+ @Override
+ public String generate(String clientId, List roles) throws Exception {
+ final String methodPath = "/generate/token/";
+
+ StringBuilder rolesQueryString = new StringBuilder();
+ if (roles.size()>0){
+ for (String role: roles)
+ rolesQueryString.append(role).append(",");
+ rolesQueryString.deleteCharAt(rolesQueryString.lastIndexOf(","));
+ }
+ StringBuilder callUrl = new StringBuilder(endpoint).append(methodPath).append("?")
+ .append(CLIENT_ID_PARAM).append("=").append(clientId).append("&")
+ .append(ROLES_PARAM).append("=").append(rolesQueryString).append("&")
+ .append(CONTEXT_PARAM).append("=").append(ScopeProvider.instance.get());
+
+ URL url = new URL(callUrl.toString());
+ HttpURLConnection connection = (HttpURLConnection)url.openConnection();
+ connection.setRequestMethod("POST");
+
+
+ if (connection.getResponseCode()!=200) throw new Exception("error contacting authorization service");
+ String encryptedToken= "";
+ try(BufferedReader reader = new BufferedReader(new InputStreamReader((InputStream)connection.getContent()));){
+ StringBuilder result = new StringBuilder();
+ String line;
+ while((line = reader.readLine()) != null)
+ result.append(line);
+ encryptedToken = result.toString();
+ }
+
+ return StringEncrypter.getEncrypter().decrypt(encryptedToken);
+
+ }
+
+ @Override
+ public AuthorizationEntry get(final String token) throws ObjectNotFound, Exception{
+ final String methodPath = "/retrieve/";
+
+ StringBuilder callUrl = new StringBuilder(endpoint).append(methodPath).append(token);
+
+ URL url = new URL(callUrl.toString());
+
+ HttpURLConnection connection = makeRequest(url, "GET");
+ if (connection.getResponseCode()==404) throw new ObjectNotFound("token "+token+" not found");
+ if (connection.getResponseCode()!=200) throw new Exception("error contacting authorization service");
+ if (connection.getContentLengthLong()<=0) return null;
+
+ try(InputStream stream = (InputStream)connection.getContent();){
+ AuthorizationEntry entry = (AuthorizationEntry)Binder.getContext().createUnmarshaller().unmarshal(stream);
+ cache.put(token, new AuthorizationEntryCache(entry));
+ return entry;
+ }
+
+ }
+
+ /*
+ @Override
+ public BannedService deny(final String userName, final String serviceClass, final String serviceName) throws Exception {
+
+ URL url = new URL(endpoint+"/deny/"+userName+"/"+serviceClass+"/"+serviceName);
+ HttpURLConnection connection = makeRequest(url, "POST");
+
+ if (connection.getResponseCode()!=200 && connection.getResponseCode()!=200) throw new Exception("error contacting authorization service");
+ if (connection.getContentLengthLong()<=0) return null;
+
+ try(InputStream stream = (InputStream)connection.getContent();){
+ BannedService service = (BannedService)Binder.getContext().createUnmarshaller().unmarshal(stream);
+ return service;
}
}
@Override
- public AuthorizationEntry get(final String token) throws ObjectNotFound{
- Call call = new Call() {
-
- @Override
- public AuthorizationEntry call(String endpoint) throws Exception {
-
- URL url = new URL(endpoint+"/retrieve/"+token);
- HttpURLConnection connection = makeRequest(url, "GET");
- if (connection.getResponseCode()==404) throw new ObjectNotFound("token "+token+" not found");
- if (connection.getResponseCode()!=200) throw new Exception("error contacting authorization service");
- if (connection.getContentLengthLong()<=0) return null;
-
- try(InputStream stream = (InputStream)connection.getContent();){
- AuthorizationEntry entry = (AuthorizationEntry)Binder.getContext().createUnmarshaller().unmarshal(stream);
- cache.put(token, new AuthorizationEntryCache(entry));
- return entry;
- }
-
- }
- };
- if (cache.containsKey(token) && cache.get(token).isValid())
- return cache.get(token).getEntry();
- try {
- return delegate.make(call);
- } catch (ObjectNotFound e) {
- throw e;
- } catch (Exception e) {
- throw again(e).asServiceException();
- }
+ public void allow(final String userName, final String serviceClass, final String serviceName) throws Exception{
+ URL url = new URL(endpoint+"/deny/"+userName+"/"+serviceClass+"/"+serviceName);
+ HttpURLConnection connection = makeRequest(url, "DELETE");
+ if (!(connection.getResponseCode()>=200 && connection.getResponseCode()<=206))
+ throw new Exception("error contacting authorization service");
}
+
@Override
- public BannedService deny(final String userName, final String serviceClass, final String serviceName) {
- Call call = new Call() {
- @Override
- public BannedService call(String endpoint) throws Exception {
- URL url = new URL(endpoint+"/deny/"+userName+"/"+serviceClass+"/"+serviceName);
- HttpURLConnection connection = makeRequest(url, "POST");
+ public List getBannedServices(final String userName) throws Exception{
- if (connection.getResponseCode()!=200 && connection.getResponseCode()!=200) throw new Exception("error contacting authorization service");
- if (connection.getContentLengthLong()<=0) return null;
+ URL url = new URL(endpoint+"/deny/"+userName);
- try(InputStream stream = (InputStream)connection.getContent();){
- BannedService service = (BannedService)Binder.getContext().createUnmarshaller().unmarshal(stream);
- return service;
- }
- }
- };
+ HttpURLConnection connection = makeRequest(url, "GET");
+ if (connection.getResponseCode()!=200) throw new Exception("error contacting authorization service");
+ if (connection.getContentLengthLong()<=0) return Collections.emptyList();
- try {
- return delegate.make(call);
- } catch (Exception e) {
- throw again(e).asServiceException();
- }
- }
-
- @Override
- public void allow(final String userName, final String serviceClass, final String serviceName) {
- Call call = new Call() {
-
- @Override
- public Empty call(String endpoint) throws Exception {
- URL url = new URL(endpoint+"/deny/"+userName+"/"+serviceClass+"/"+serviceName);
- HttpURLConnection connection = makeRequest(url, "DELETE");
- if (!(connection.getResponseCode()>=200 && connection.getResponseCode()<=206)) throw new Exception("error contacting authorization service");
- return new Empty();
-
- }
- };
-
- try {
- delegate.make(call);
- } catch (Exception e) {
- throw again(e).asServiceException();
- }
- }
-
- @Override
- public List getBannedServices(final String userName) {
- Call> call = new Call>() {
-
- @Override
- public List call(String endpoint) throws Exception {
-
- URL url = new URL(endpoint+"/deny/"+userName);
-
- HttpURLConnection connection = makeRequest(url, "GET");
- if (connection.getResponseCode()!=200) throw new Exception("error contacting authorization service");
- if (connection.getContentLengthLong()<=0) return Collections.emptyList();
-
- try(InputStream stream = (InputStream)connection.getContent();){
- BannedServices services = (BannedServices)Binder.getContext().createUnmarshaller().unmarshal(stream);
- if (services.get()==null) return Collections.emptyList();
- else return services.get();
- }
-
- }
- };
-
- try {
- return delegate.make(call);
- } catch (Exception e) {
- throw again(e).asServiceException();
+ try(InputStream stream = (InputStream)connection.getContent();){
+ BannedServices services = (BannedServices)Binder.getContext().createUnmarshaller().unmarshal(stream);
+ if (services.get()==null) return Collections.emptyList();
+ else return services.get();
}
+
}
+ */
private HttpURLConnection makeRequest(URL url, String method) throws Exception{
HttpURLConnection connection = (HttpURLConnection)url.openConnection();
diff --git a/src/test/java/org/gcube/common/authorizationservice/cl/CallTest.java b/src/test/java/org/gcube/common/authorizationservice/cl/CallTest.java
index afee75c..715d676 100644
--- a/src/test/java/org/gcube/common/authorizationservice/cl/CallTest.java
+++ b/src/test/java/org/gcube/common/authorizationservice/cl/CallTest.java
@@ -3,58 +3,68 @@ package org.gcube.common.authorizationservice.cl;
import static org.gcube.common.authorization.client.Constants.authorizationService;
import java.util.Arrays;
-import java.util.List;
import org.gcube.common.authorization.client.exceptions.ObjectNotFound;
-import org.gcube.common.authorization.library.BannedService;
import org.gcube.common.scope.api.ScopeProvider;
import org.junit.Test;
public class CallTest {
@Test
- public void call(){
- ScopeProvider.instance.set("/gcube/devsec");
+ public void call() throws Exception{
try{
- System.out.println(authorizationService().build().get("a00affeb-0b75-4152-a134-e5c432a9a70a"));
+ System.out.println(authorizationService().get("a00affeb-0b75-4152-a134-e5c432a9a70a"));
}catch(ObjectNotFound onf){
onf.printStackTrace();
}
}
@Test
- public void requestToken(){
+ public void requestToken() throws Exception {
- ScopeProvider.instance.set("/gcube/devNext/NextNext");
- String token = authorizationService().build().generate("fabio.sinibaldi", Arrays.asList("User"));
+ ScopeProvider.instance.set("/gcube");
+ String token = authorizationService().generate("fabio.sinibaldi", Arrays.asList("User"));
System.out.println("token is: "+token);
}
-
+/*
@Test
- public void denyService(){
-
+ public void denyService() throws Exception {
ScopeProvider.instance.set("/gcube/devsec");
- authorizationService().build().deny("giancarlo.panichi", "WPS", "DataMiner");
+ authorizationService().deny("giancarlo.panichi", "WPS", "DataMiner");
}
@Test
- public void allowService(){
+ public void allowService() throws Exception{
ScopeProvider.instance.set("/gcube/devsec");
- authorizationService().build().allow("lucio.lelii", "Test", "AuthorizationTest");
+ authorizationService().allow("lucio.lelii", "Test", "AuthorizationTest");
}
@Test
- public void getBannedServices(){
+ public void getBannedServices() throws Exception{
ScopeProvider.instance.set("/gcube/devsec");
- List bannedServices = authorizationService().build().getBannedServices("lucio.lelii");
+ List bannedServices = authorizationService().getBannedServices("lucio.lelii");
for (BannedService banService : bannedServices)
System.out.println(banService);
}
+ @Test
+ public void retreiveTest() throws Exception{
+ ScopeProvider.instance.set("/gcube");
+ SimpleQuery query = queryFor(ServiceEndpoint.class);
+ query.addCondition("$resource/Profile/Category/text() eq 'Database'")
+ .addCondition("$resource/Profile/Name/text() eq 'AuthorizationDB'")
+ .setResult("$resource/Profile//AccessPoint[./Interface/Endpoint/@EntryName eq 'authorization']");
+ DiscoveryClient client = clientFor(AccessPoint.class);
+ List results = client.submit(query);
+ for (AccessPoint ap : results){
+ System.out.println(ap.username()+" "+StringEncrypter.getEncrypter().decrypt(ap.password()));
+ }
+ }
+ */
}
diff --git a/src/test/java/org/gcube/common/authorizationservice/cl/MainCall.java b/src/test/java/org/gcube/common/authorizationservice/cl/MainCall.java
new file mode 100644
index 0000000..27c9194
--- /dev/null
+++ b/src/test/java/org/gcube/common/authorizationservice/cl/MainCall.java
@@ -0,0 +1,14 @@
+package org.gcube.common.authorizationservice.cl;
+
+import static org.gcube.common.authorization.client.Constants.authorizationService;
+
+import java.util.Arrays;
+
+public class MainCall {
+
+ public static void main(String... args) throws Exception{
+ String token = authorizationService().generate("fabio.sinibaldi", Arrays.asList("User"));
+ System.out.println("token is: "+token);
+ }
+
+}