2015-05-18 19:15:58 +02:00
|
|
|
package org.gcube.common.authorization.client.proxy;
|
|
|
|
|
|
|
|
import static org.gcube.common.clients.exceptions.FaultDSL.again;
|
|
|
|
|
|
|
|
import java.io.BufferedReader;
|
|
|
|
import java.io.InputStream;
|
|
|
|
import java.io.InputStreamReader;
|
|
|
|
import java.net.HttpURLConnection;
|
|
|
|
import java.net.URL;
|
2015-06-04 18:49:59 +02:00
|
|
|
import java.util.Collections;
|
2015-05-21 16:19:37 +02:00
|
|
|
import java.util.HashMap;
|
2015-06-04 18:49:59 +02:00
|
|
|
import java.util.List;
|
2015-05-21 16:19:37 +02:00
|
|
|
import java.util.Map;
|
2015-05-18 19:15:58 +02:00
|
|
|
|
|
|
|
import org.gcube.common.authorization.client.Binder;
|
|
|
|
import org.gcube.common.authorization.client.Constants;
|
|
|
|
import org.gcube.common.authorization.library.AuthorizationEntry;
|
2015-06-04 18:49:59 +02:00
|
|
|
import org.gcube.common.authorization.library.BannedService;
|
|
|
|
import org.gcube.common.authorization.library.BannedServices;
|
2015-05-18 19:15:58 +02:00
|
|
|
import org.gcube.common.clients.Call;
|
|
|
|
import org.gcube.common.clients.delegates.ProxyDelegate;
|
2015-05-29 18:32:43 +02:00
|
|
|
import org.gcube.common.clients.stubs.jaxws.JAXWSUtils.Empty;
|
2015-05-18 19:15:58 +02:00
|
|
|
import org.gcube.common.scope.api.ScopeProvider;
|
|
|
|
|
|
|
|
public class DefaultAuthorizationProxy implements AuthorizationProxy {
|
|
|
|
|
|
|
|
private final ProxyDelegate<String> delegate;
|
|
|
|
|
|
|
|
public DefaultAuthorizationProxy(ProxyDelegate<String> config){
|
|
|
|
this.delegate = config;
|
|
|
|
}
|
|
|
|
|
2015-06-04 18:49:59 +02:00
|
|
|
private static Map<String, AuthorizationEntryCache> cache = new HashMap<String, AuthorizationEntryCache>();
|
2015-05-21 16:19:37 +02:00
|
|
|
|
2015-05-18 19:15:58 +02:00
|
|
|
@Override
|
2015-06-04 18:49:59 +02:00
|
|
|
public String generate(final String userName, final List<String> roles) {
|
2015-05-18 19:15:58 +02:00
|
|
|
Call<String, String> call = new Call<String, String>() {
|
|
|
|
|
|
|
|
@Override
|
|
|
|
public String call(String endpoint) throws Exception {
|
2015-06-04 18:49:59 +02:00
|
|
|
StringBuilder rolesQueryString = new StringBuilder();
|
|
|
|
for (String role: roles)
|
|
|
|
rolesQueryString.append(role).append(",");
|
|
|
|
rolesQueryString.deleteCharAt(rolesQueryString.lastIndexOf(","));
|
|
|
|
String callUrl = endpoint+"/generate/"+userName+"?roles="+rolesQueryString.toString();
|
|
|
|
URL url = new URL(callUrl);
|
|
|
|
HttpURLConnection connection = makeRequest(url, "POST");
|
2015-06-24 17:50:01 +02:00
|
|
|
if (connection.getResponseCode()!=200) throw new Exception("error contacting authorization service");
|
2015-06-04 18:49:59 +02:00
|
|
|
try(BufferedReader reader = new BufferedReader(new InputStreamReader((InputStream)connection.getContent()));){
|
|
|
|
StringBuilder result = new StringBuilder();
|
2015-05-21 16:19:37 +02:00
|
|
|
String line;
|
|
|
|
while((line = reader.readLine()) != null)
|
|
|
|
result.append(line);
|
2015-06-04 18:49:59 +02:00
|
|
|
return result.toString();
|
2015-05-21 16:19:37 +02:00
|
|
|
}
|
2015-05-18 19:15:58 +02:00
|
|
|
}
|
|
|
|
};
|
|
|
|
try {
|
|
|
|
return delegate.make(call);
|
|
|
|
} catch (Exception e) {
|
|
|
|
throw again(e).asServiceException();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
@Override
|
|
|
|
public AuthorizationEntry get(final String token) {
|
|
|
|
Call<String, AuthorizationEntry> call = new Call<String, AuthorizationEntry>() {
|
|
|
|
|
|
|
|
@Override
|
|
|
|
public AuthorizationEntry call(String endpoint) throws Exception {
|
2015-07-21 12:39:32 +02:00
|
|
|
|
2015-05-18 19:15:58 +02:00
|
|
|
URL url = new URL(endpoint+"/retrieve/"+token);
|
2015-06-04 18:49:59 +02:00
|
|
|
HttpURLConnection connection = makeRequest(url, "GET");
|
2015-06-24 17:50:01 +02:00
|
|
|
if (connection.getResponseCode()!=200) throw new Exception("error contacting authorization service");
|
2015-05-18 19:15:58 +02:00
|
|
|
if (connection.getContentLengthLong()<=0) return null;
|
2015-06-04 18:49:59 +02:00
|
|
|
|
2015-05-21 16:19:37 +02:00
|
|
|
try(InputStream stream = (InputStream)connection.getContent();){
|
|
|
|
AuthorizationEntry entry = (AuthorizationEntry)Binder.getContext().createUnmarshaller().unmarshal(stream);
|
2015-06-04 18:49:59 +02:00
|
|
|
cache.put(token, new AuthorizationEntryCache(entry));
|
2015-05-21 16:19:37 +02:00
|
|
|
return entry;
|
|
|
|
}
|
2015-06-04 18:49:59 +02:00
|
|
|
|
2015-05-18 19:15:58 +02:00
|
|
|
}
|
|
|
|
};
|
2015-07-21 12:39:32 +02:00
|
|
|
if (cache.containsKey(token) && cache.get(token).isValid())
|
|
|
|
return cache.get(token).getEntry();
|
2015-05-18 19:15:58 +02:00
|
|
|
try {
|
|
|
|
return delegate.make(call);
|
|
|
|
} catch (Exception e) {
|
|
|
|
throw again(e).asServiceException();
|
|
|
|
}
|
|
|
|
}
|
2015-06-04 18:49:59 +02:00
|
|
|
|
2015-05-29 18:32:43 +02:00
|
|
|
@Override
|
2015-07-21 12:39:32 +02:00
|
|
|
public BannedService deny(final String userName, final String serviceClass, final String serviceName) {
|
|
|
|
Call<String, BannedService> call = new Call<String, BannedService>() {
|
2015-05-29 18:32:43 +02:00
|
|
|
@Override
|
2015-07-21 12:39:32 +02:00
|
|
|
public BannedService call(String endpoint) throws Exception {
|
|
|
|
URL url = new URL(endpoint+"/deny/"+userName+"/"+serviceClass+"/"+serviceName);
|
2015-06-04 18:49:59 +02:00
|
|
|
HttpURLConnection connection = makeRequest(url, "POST");
|
|
|
|
|
2015-07-21 12:39:32 +02:00
|
|
|
if (connection.getResponseCode()!=200 && connection.getResponseCode()!=200) throw new Exception("error contacting authorization service");
|
2015-06-04 18:49:59 +02:00
|
|
|
if (connection.getContentLengthLong()<=0) return null;
|
|
|
|
|
|
|
|
try(InputStream stream = (InputStream)connection.getContent();){
|
2015-07-21 12:39:32 +02:00
|
|
|
BannedService service = (BannedService)Binder.getContext().createUnmarshaller().unmarshal(stream);
|
2015-06-04 18:49:59 +02:00
|
|
|
return service;
|
|
|
|
}
|
2015-05-29 18:32:43 +02:00
|
|
|
}
|
|
|
|
};
|
2015-06-04 18:49:59 +02:00
|
|
|
|
2015-05-29 18:32:43 +02:00
|
|
|
try {
|
2015-06-04 18:49:59 +02:00
|
|
|
return delegate.make(call);
|
2015-05-29 18:32:43 +02:00
|
|
|
} catch (Exception e) {
|
|
|
|
throw again(e).asServiceException();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
@Override
|
2015-07-21 12:39:32 +02:00
|
|
|
public void allow(final String userName, final String serviceClass, final String serviceName) {
|
2015-05-29 18:32:43 +02:00
|
|
|
Call<String, Empty> call = new Call<String, Empty>() {
|
|
|
|
|
|
|
|
@Override
|
|
|
|
public Empty call(String endpoint) throws Exception {
|
2015-07-21 12:39:32 +02:00
|
|
|
URL url = new URL(endpoint+"/deny/"+userName+"/"+serviceClass+"/"+serviceName);
|
2015-06-04 18:49:59 +02:00
|
|
|
HttpURLConnection connection = makeRequest(url, "DELETE");
|
2015-07-21 12:39:32 +02:00
|
|
|
if (!(connection.getResponseCode()>=200 && connection.getResponseCode()<=206)) throw new Exception("error contacting authorization service");
|
2015-05-29 18:32:43 +02:00
|
|
|
return new Empty();
|
2015-06-04 18:49:59 +02:00
|
|
|
|
2015-05-29 18:32:43 +02:00
|
|
|
}
|
|
|
|
};
|
2015-06-04 18:49:59 +02:00
|
|
|
|
2015-05-29 18:32:43 +02:00
|
|
|
try {
|
|
|
|
delegate.make(call);
|
|
|
|
} catch (Exception e) {
|
|
|
|
throw again(e).asServiceException();
|
|
|
|
}
|
|
|
|
}
|
2015-05-18 19:15:58 +02:00
|
|
|
|
2015-06-04 18:49:59 +02:00
|
|
|
@Override
|
|
|
|
public List<BannedService> getBannedServices(final String userName) {
|
|
|
|
Call<String, List<BannedService>> call = new Call<String, List<BannedService>>() {
|
|
|
|
|
|
|
|
@Override
|
|
|
|
public List<BannedService> call(String endpoint) throws Exception {
|
|
|
|
|
|
|
|
URL url = new URL(endpoint+"/deny/"+userName);
|
|
|
|
|
|
|
|
HttpURLConnection connection = makeRequest(url, "GET");
|
2015-06-24 17:50:01 +02:00
|
|
|
if (connection.getResponseCode()!=200) throw new Exception("error contacting authorization service");
|
2015-06-04 18:49:59 +02:00
|
|
|
if (connection.getContentLengthLong()<=0) return Collections.emptyList();
|
|
|
|
|
|
|
|
try(InputStream stream = (InputStream)connection.getContent();){
|
|
|
|
BannedServices services = (BannedServices)Binder.getContext().createUnmarshaller().unmarshal(stream);
|
|
|
|
if (services.get()==null) return Collections.emptyList();
|
|
|
|
else return services.get();
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
};
|
|
|
|
|
|
|
|
try {
|
|
|
|
return delegate.make(call);
|
|
|
|
} catch (Exception e) {
|
|
|
|
throw again(e).asServiceException();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
private HttpURLConnection makeRequest(URL url, String method) throws Exception{
|
|
|
|
HttpURLConnection connection = (HttpURLConnection)url.openConnection();
|
|
|
|
connection.setRequestProperty(Constants.SCOPE_HEADER_ENTRY, ScopeProvider.instance.get());
|
|
|
|
connection.setRequestMethod(method);
|
|
|
|
return connection;
|
|
|
|
}
|
2015-05-18 19:15:58 +02:00
|
|
|
}
|