branch for release 3.9.0

git-svn-id: http://svn.research-infrastructures.eu/public/d4science/gcube/trunk/Common/authorization-common-client@119125 82a268e6-3cf1-43bd-a215-b396298e98cf
This commit is contained in:
Lucio Lelii 2015-09-28 16:40:18 +00:00
parent d4ee4af93f
commit 10ae22a49b
25 changed files with 807 additions and 0 deletions

36
1.0/.classpath Normal file
View File

@ -0,0 +1,36 @@
<?xml version="1.0" encoding="UTF-8"?>
<classpath>
<classpathentry kind="src" output="target/classes" path="src/main/java">
<attributes>
<attribute name="optional" value="true"/>
<attribute name="maven.pomderived" value="true"/>
</attributes>
</classpathentry>
<classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources">
<attributes>
<attribute name="maven.pomderived" value="true"/>
</attributes>
</classpathentry>
<classpathentry kind="src" output="target/test-classes" path="src/test/java">
<attributes>
<attribute name="optional" value="true"/>
<attribute name="maven.pomderived" value="true"/>
</attributes>
</classpathentry>
<classpathentry excluding="**" kind="src" output="target/test-classes" path="src/test/resources">
<attributes>
<attribute name="maven.pomderived" value="true"/>
</attributes>
</classpathentry>
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.7">
<attributes>
<attribute name="maven.pomderived" value="true"/>
</attributes>
</classpathentry>
<classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER">
<attributes>
<attribute name="maven.pomderived" value="true"/>
</attributes>
</classpathentry>
<classpathentry kind="output" path="target/classes"/>
</classpath>

23
1.0/.project Normal file
View File

@ -0,0 +1,23 @@
<?xml version="1.0" encoding="UTF-8"?>
<projectDescription>
<name>authorization-common-client</name>
<comment></comment>
<projects>
</projects>
<buildSpec>
<buildCommand>
<name>org.eclipse.jdt.core.javabuilder</name>
<arguments>
</arguments>
</buildCommand>
<buildCommand>
<name>org.eclipse.m2e.core.maven2Builder</name>
<arguments>
</arguments>
</buildCommand>
</buildSpec>
<natures>
<nature>org.eclipse.jdt.core.javanature</nature>
<nature>org.eclipse.m2e.core.maven2Nature</nature>
</natures>
</projectDescription>

View File

@ -0,0 +1,6 @@
eclipse.preferences.version=1
encoding//src/main/java=UTF-8
encoding//src/main/resources=UTF-8
encoding//src/test/java=UTF-8
encoding//src/test/resources=UTF-8
encoding/<project>=UTF-8

View File

@ -0,0 +1,5 @@
eclipse.preferences.version=1
org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.7
org.eclipse.jdt.core.compiler.compliance=1.7
org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
org.eclipse.jdt.core.compiler.source=1.7

View File

@ -0,0 +1,4 @@
activeProfiles=
eclipse.preferences.version=1
resolveWorkspaceProjects=true
version=1

1
1.0/distro/INSTALL Normal file
View File

@ -0,0 +1 @@

6
1.0/distro/LICENSE Normal file
View File

@ -0,0 +1,6 @@
gCube System - License
------------------------------------------------------------
The gCube/gCore software is licensed as Free Open Source software conveying to the EUPL (http://ec.europa.eu/idabc/eupl).
The software and documentation is provided by its authors/distributors "as is" and no expressed or
implied warranty is given for its use, quality or fitness for a particular case.

1
1.0/distro/MAINTAINERS Normal file
View File

@ -0,0 +1 @@
* Lucio Lelii (lucio.lelii@isti.cnr.it), CNR, Italy

38
1.0/distro/README Normal file
View File

@ -0,0 +1,38 @@
The gCube System - ${name}
----------------------
This work has been partially supported by the following European projects: DILIGENT (FP6-2003-IST-2), D4Science (FP7-INFRA-2007-1.2.2),
D4Science-II (FP7-INFRA-2008-1.2.2), iMarine (FP7-INFRASTRUCTURES-2011-2), and EUBrazilOpenBio (FP7-ICT-2011-EU-Brazil).
Authors
-------
* Lucio Lelii (lucio.lelii@isti.cnr.it), CNR, Italy
Version and Release Date
------------------------
${version}
Description
-----------
${description}
Download information
--------------------
Source code is available from SVN:
${scm.url}
Binaries can be downloaded from:
Documentation
-------------
Documentation is available on-line from the Projects Documentation Wiki:
https://gcube.wiki.gcube-system.org/gcube/index.php/....
Licensing
---------
This software is licensed under the terms you may find in the file named "LICENSE" in this directory.

5
1.0/distro/changelog.xml Normal file
View File

@ -0,0 +1,5 @@
<ReleaseNotes>
<Changeset component="authorization-client-1.0.0" date="2015-05-18">
<Change>First Release</Change>
</Changeset>
</ReleaseNotes>

42
1.0/distro/descriptor.xml Normal file
View File

@ -0,0 +1,42 @@
<assembly
xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0 http://maven.apache.org/xsd/assembly-1.1.0.xsd">
<id>servicearchive</id>
<formats>
<format>tar.gz</format>
</formats>
<baseDirectory>/</baseDirectory>
<fileSets>
<fileSet>
<directory>${distroDirectory}</directory>
<outputDirectory>/</outputDirectory>
<useDefaultExcludes>true</useDefaultExcludes>
<includes>
<include>README</include>
<include>LICENSE</include>
<include>INSTALL</include>
<include>MAINTAINERS</include>
<include>changelog.xml</include>
</includes>
<fileMode>755</fileMode>
<filtered>true</filtered>
</fileSet>
</fileSets>
<files>
<file>
<source>${distroDirectory}/profile.xml</source>
<outputDirectory>/</outputDirectory>
<filtered>true</filtered>
</file>
<file>
<source>target/${build.finalName}.jar</source>
<outputDirectory>/${artifactId}</outputDirectory>
</file>
<file>
<source>${distroDirectory}/svnpath.txt</source>
<outputDirectory>/${artifactId}</outputDirectory>
<filtered>true</filtered>
</file>
</files>
</assembly>

26
1.0/distro/profile.xml Normal file
View File

@ -0,0 +1,26 @@
<?xml version="1.0" encoding="UTF-8"?>
<Resource xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ID />
<Type>Service</Type>
<Profile>
<Description>${description}</Description>
<Class>Common</Class>
<Name>${artifactId}</Name>
<Version>1.0.0</Version>
<Packages>
<Software>
<Name>${artifactId}</Name>
<Version>${version}</Version>
<MavenCoordinates>
<groupId>${groupId}</groupId>
<artifactId>${artifactId}</artifactId>
<version>${version}</version>
</MavenCoordinates>
<Files>
<File>${build.finalName}.jar</File>
</Files>
</Software>
</Packages>
</Profile>
</Resource>

1
1.0/distro/svnpath.txt Normal file
View File

@ -0,0 +1 @@
${scm.url}

105
1.0/pom.xml Normal file
View File

@ -0,0 +1,105 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.gcube.common</groupId>
<artifactId>authorization-client</artifactId>
<version>1.0.0-SNAPSHOT</version>
<name>authorization service client library</name>
<parent>
<artifactId>maven-parent</artifactId>
<groupId>org.gcube.tools</groupId>
<version>1.0.0</version>
</parent>
<properties>
<distroDirectory>distro</distroDirectory>
</properties>
<dependencies>
<dependency>
<groupId>org.gcube.common</groupId>
<artifactId>common-authorization</artifactId>
<version>[1.0.0-SNAPSHOT,2.0.0-SNAPSHOT)</version>
</dependency>
<dependency>
<groupId>org.gcube.core</groupId>
<artifactId>common-generic-clients</artifactId>
<version>[1.0.0-SNAPSHOT,2.0.0-SNAPSHOT)</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>1.7.5</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.11</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<version>1.0.13</version>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-resources-plugin</artifactId>
<version>2.5</version>
<executions>
<execution>
<id>copy-profile</id>
<phase>install</phase>
<goals>
<goal>copy-resources</goal>
</goals>
<configuration>
<outputDirectory>target</outputDirectory>
<resources>
<resource>
<directory>${distroDirectory}</directory>
<filtering>true</filtering>
<includes>
<include>profile.xml</include>
</includes>
</resource>
</resources>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-assembly-plugin</artifactId>
<configuration>
<descriptors>
<descriptor>${distroDirectory}/descriptor.xml</descriptor>
</descriptors>
</configuration>
<executions>
<execution>
<id>servicearchive</id>
<phase>install</phase>
<goals>
<goal>single</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>

View File

@ -0,0 +1,22 @@
package org.gcube.common.authorization.client;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import org.gcube.common.authorization.library.AuthorizationEntry;
import org.gcube.common.authorization.library.BannedService;
import org.gcube.common.authorization.library.BannedServices;
public class Binder {
private static JAXBContext context ;
public static JAXBContext getContext() throws JAXBException{
if (context==null)
context = JAXBContext.newInstance(AuthorizationEntry.class, BannedService.class, BannedServices.class);
return context;
}
}

View File

@ -0,0 +1,35 @@
package org.gcube.common.authorization.client;
import java.util.concurrent.TimeUnit;
import javax.xml.namespace.QName;
import org.gcube.common.authorization.client.plugin.AuthorizationPlugin;
import org.gcube.common.authorization.client.proxy.AuthorizationProxy;
import org.gcube.common.clients.ProxyBuilder;
import org.gcube.common.clients.ProxyBuilderImpl;
public class Constants {
/** Service name. */
public static final String SERVICE_NAME = "AuthorizationService";
/** Service class. */
public static final String SERVICE_CLASS = "Common";
public static final String CONTEXT_SERVICE_NAME="authorization-service";
public static final int DEFAULT_TIMEOUT= (int) TimeUnit.SECONDS.toMillis(10);
private static final String TNS = "http://gcube-system.org/";
public static final QName AUTHORIZATION_QNAME = new QName(TNS, "authorization-service");
public static final String SCOPE_HEADER_ENTRY = "gcube-scope";
public static final long TIME_TO_LIVE_CACHE_IN_MILLIS = (60*1000)*60; //1 hour
public static ProxyBuilder<AuthorizationProxy> authorizationService() {
return new ProxyBuilderImpl<String,AuthorizationProxy>(new AuthorizationPlugin());
}
}

View File

@ -0,0 +1,60 @@
package org.gcube.common.authorization.client;
import java.io.StringReader;
import java.io.StringWriter;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.stream.StreamResult;
import javax.xml.ws.EndpointReference;
import org.w3c.dom.Document;
import org.w3c.dom.NodeList;
import org.xml.sax.InputSource;
public class JaxRSEndpointReference {
private static final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
private static final String addressLocalName = "Address";
//private static final String keyLocalName = "ResourceKey";
String address;
//Element key;
static {
factory.setNamespaceAware(true);
}
public JaxRSEndpointReference(EndpointReference reference) {
this(serialise(reference));
}
public JaxRSEndpointReference(String reference) {
try {
Document document = factory.newDocumentBuilder().parse(new InputSource(new StringReader(reference)));
NodeList addresses = document.getElementsByTagNameNS("*", addressLocalName);
if (addresses.getLength() == 0)
throw new RuntimeException("reference does not contain an address");
address = addresses.item(0).getTextContent();
} catch (Exception e) {
throw new IllegalArgumentException("reference is not a gCore reference", e);
}
}
@Override
public String toString() {
return address;
}
// helper
private static String serialise(EndpointReference reference) {
StringWriter writer = new StringWriter();
reference.writeTo(new StreamResult(writer));
return writer.toString();
}
}

View File

@ -0,0 +1,9 @@
package org.gcube.common.authorization.client;
public class Utils {
static void notNull(String message,Object o) {
if (o==null)
throw new IllegalArgumentException(o+" cannot be null");
}
}

View File

@ -0,0 +1,27 @@
package org.gcube.common.authorization.client.exceptions;
public class ObjectNotFound extends Exception {
/**
*
*/
private static final long serialVersionUID = 1L;
public ObjectNotFound() {
super();
}
public ObjectNotFound(String message, Throwable cause) {
super(message, cause);
}
public ObjectNotFound(String message) {
super(message);
}
public ObjectNotFound(Throwable cause) {
super(cause);
}
}

View File

@ -0,0 +1,37 @@
package org.gcube.common.authorization.client.plugin;
import org.gcube.common.authorization.client.Constants;
import org.gcube.common.clients.Plugin;
public abstract class AbstractPlugin<S,P> implements Plugin<S,P> {
public final String name;
public AbstractPlugin(String name) {
this.name=name;
}
@Override
public String serviceClass() {
return Constants.SERVICE_CLASS;
}
@Override
public String serviceName() {
return Constants.SERVICE_NAME;
}
@Override
public String name() {
return name;
}
@Override
public String namespace() {
return "";
}
}

View File

@ -0,0 +1,35 @@
package org.gcube.common.authorization.client.plugin;
import javax.xml.ws.EndpointReference;
import org.gcube.common.authorization.client.JaxRSEndpointReference;
import org.gcube.common.authorization.client.proxy.AuthorizationProxy;
import org.gcube.common.authorization.client.proxy.DefaultAuthorizationProxy;
import org.gcube.common.clients.config.ProxyConfig;
import org.gcube.common.clients.delegates.ProxyDelegate;
public class AuthorizationPlugin extends AbstractPlugin<String, AuthorizationProxy>{
public AuthorizationPlugin() {
super("authorization-service/gcube/service");
}
@Override
public Exception convert(Exception fault, ProxyConfig<?, ?> config) {
return fault;
}
@Override
public String resolve(EndpointReference address, ProxyConfig<?, ?> config)
throws Exception {
return new JaxRSEndpointReference(address).toString();
}
@Override
public AuthorizationProxy newProxy(ProxyDelegate<String> delegate) {
return new DefaultAuthorizationProxy(delegate);
}
}

View File

@ -0,0 +1,23 @@
package org.gcube.common.authorization.client.proxy;
import org.gcube.common.authorization.client.Constants;
import org.gcube.common.authorization.library.AuthorizationEntry;
public class AuthorizationEntryCache {
private AuthorizationEntry entry;
private long creationDate;
public AuthorizationEntryCache(AuthorizationEntry entry) {
super();
this.entry = entry;
this.creationDate = System.currentTimeMillis();
}
public AuthorizationEntry getEntry() {
return entry;
}
public boolean isValid(){
return (System.currentTimeMillis()-Constants.TIME_TO_LIVE_CACHE_IN_MILLIS)<this.creationDate;
}
}

View File

@ -0,0 +1,20 @@
package org.gcube.common.authorization.client.proxy;
import java.util.List;
import org.gcube.common.authorization.client.exceptions.ObjectNotFound;
import org.gcube.common.authorization.library.AuthorizationEntry;
import org.gcube.common.authorization.library.BannedService;
public interface AuthorizationProxy {
String generate(String userName, List<String> roles);
AuthorizationEntry get(String token) throws ObjectNotFound;
BannedService deny(String userName, String serviceClass, String serviceName);
void allow(String userName, String serviceClass, String serviceName);
List<BannedService> getBannedServices(String userName);
}

View File

@ -0,0 +1,180 @@
package org.gcube.common.authorization.client.proxy;
import static org.gcube.common.clients.exceptions.FaultDSL.again;
import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.gcube.common.authorization.client.Binder;
import org.gcube.common.authorization.client.Constants;
import org.gcube.common.authorization.client.exceptions.ObjectNotFound;
import org.gcube.common.authorization.library.AuthorizationEntry;
import org.gcube.common.authorization.library.BannedService;
import org.gcube.common.authorization.library.BannedServices;
import org.gcube.common.clients.Call;
import org.gcube.common.clients.delegates.ProxyDelegate;
import org.gcube.common.clients.stubs.jaxws.JAXWSUtils.Empty;
import org.gcube.common.scope.api.ScopeProvider;
public class DefaultAuthorizationProxy implements AuthorizationProxy {
private final ProxyDelegate<String> delegate;
public DefaultAuthorizationProxy(ProxyDelegate<String> config){
this.delegate = config;
}
private static Map<String, AuthorizationEntryCache> cache = new HashMap<String, AuthorizationEntryCache>();
@Override
public String generate(final String userName, final List<String> roles) {
Call<String, String> call = new Call<String, String>() {
@Override
public String call(String endpoint) throws Exception {
StringBuilder rolesQueryString = new StringBuilder();
for (String role: roles)
rolesQueryString.append(role).append(",");
rolesQueryString.deleteCharAt(rolesQueryString.lastIndexOf(","));
String callUrl = endpoint+"/generate/"+userName+"?roles="+rolesQueryString.toString();
URL url = new URL(callUrl);
HttpURLConnection connection = makeRequest(url, "POST");
if (connection.getResponseCode()!=200) throw new Exception("error contacting authorization service");
try(BufferedReader reader = new BufferedReader(new InputStreamReader((InputStream)connection.getContent()));){
StringBuilder result = new StringBuilder();
String line;
while((line = reader.readLine()) != null)
result.append(line);
return result.toString();
}
}
};
try {
return delegate.make(call);
} catch (Exception e) {
throw again(e).asServiceException();
}
}
@Override
public AuthorizationEntry get(final String token) throws ObjectNotFound{
Call<String, AuthorizationEntry> call = new Call<String, AuthorizationEntry>() {
@Override
public AuthorizationEntry call(String endpoint) throws Exception {
URL url = new URL(endpoint+"/retrieve/"+token);
HttpURLConnection connection = makeRequest(url, "GET");
if (connection.getResponseCode()==404) throw new ObjectNotFound("token "+token+" not found");
if (connection.getResponseCode()!=200) throw new Exception("error contacting authorization service");
if (connection.getContentLengthLong()<=0) return null;
try(InputStream stream = (InputStream)connection.getContent();){
AuthorizationEntry entry = (AuthorizationEntry)Binder.getContext().createUnmarshaller().unmarshal(stream);
cache.put(token, new AuthorizationEntryCache(entry));
return entry;
}
}
};
if (cache.containsKey(token) && cache.get(token).isValid())
return cache.get(token).getEntry();
try {
return delegate.make(call);
} catch (ObjectNotFound e) {
throw e;
} catch (Exception e) {
throw again(e).asServiceException();
}
}
@Override
public BannedService deny(final String userName, final String serviceClass, final String serviceName) {
Call<String, BannedService> call = new Call<String, BannedService>() {
@Override
public BannedService call(String endpoint) throws Exception {
URL url = new URL(endpoint+"/deny/"+userName+"/"+serviceClass+"/"+serviceName);
HttpURLConnection connection = makeRequest(url, "POST");
if (connection.getResponseCode()!=200 && connection.getResponseCode()!=200) throw new Exception("error contacting authorization service");
if (connection.getContentLengthLong()<=0) return null;
try(InputStream stream = (InputStream)connection.getContent();){
BannedService service = (BannedService)Binder.getContext().createUnmarshaller().unmarshal(stream);
return service;
}
}
};
try {
return delegate.make(call);
} catch (Exception e) {
throw again(e).asServiceException();
}
}
@Override
public void allow(final String userName, final String serviceClass, final String serviceName) {
Call<String, Empty> call = new Call<String, Empty>() {
@Override
public Empty call(String endpoint) throws Exception {
URL url = new URL(endpoint+"/deny/"+userName+"/"+serviceClass+"/"+serviceName);
HttpURLConnection connection = makeRequest(url, "DELETE");
if (!(connection.getResponseCode()>=200 && connection.getResponseCode()<=206)) throw new Exception("error contacting authorization service");
return new Empty();
}
};
try {
delegate.make(call);
} catch (Exception e) {
throw again(e).asServiceException();
}
}
@Override
public List<BannedService> getBannedServices(final String userName) {
Call<String, List<BannedService>> call = new Call<String, List<BannedService>>() {
@Override
public List<BannedService> call(String endpoint) throws Exception {
URL url = new URL(endpoint+"/deny/"+userName);
HttpURLConnection connection = makeRequest(url, "GET");
if (connection.getResponseCode()!=200) throw new Exception("error contacting authorization service");
if (connection.getContentLengthLong()<=0) return Collections.emptyList();
try(InputStream stream = (InputStream)connection.getContent();){
BannedServices services = (BannedServices)Binder.getContext().createUnmarshaller().unmarshal(stream);
if (services.get()==null) return Collections.emptyList();
else return services.get();
}
}
};
try {
return delegate.make(call);
} catch (Exception e) {
throw again(e).asServiceException();
}
}
private HttpURLConnection makeRequest(URL url, String method) throws Exception{
HttpURLConnection connection = (HttpURLConnection)url.openConnection();
connection.setRequestProperty(Constants.SCOPE_HEADER_ENTRY, ScopeProvider.instance.get());
connection.setRequestMethod(method);
return connection;
}
}

View File

@ -0,0 +1,60 @@
package org.gcube.common.authorizationservice.cl;
import static org.gcube.common.authorization.client.Constants.authorizationService;
import java.util.Arrays;
import java.util.List;
import org.gcube.common.authorization.client.exceptions.ObjectNotFound;
import org.gcube.common.authorization.library.BannedService;
import org.gcube.common.scope.api.ScopeProvider;
import org.junit.Test;
public class CallTest {
@Test
public void call(){
ScopeProvider.instance.set("/gcube/devsec");
try{
System.out.println(authorizationService().build().get("a00affeb-0b75-4152-a134-e5c432a9a70a"));
}catch(ObjectNotFound onf){
onf.printStackTrace();
}
}
@Test
public void requestToken(){
ScopeProvider.instance.set("/gcube/devNext/NextNext");
String token = authorizationService().build().generate("fabio.sinibaldi", Arrays.asList("User"));
System.out.println("token is: "+token);
}
@Test
public void denyService(){
ScopeProvider.instance.set("/gcube/devsec");
authorizationService().build().deny("giancarlo.panichi", "WPS", "DataMiner");
}
@Test
public void allowService(){
ScopeProvider.instance.set("/gcube/devsec");
authorizationService().build().allow("lucio.lelii", "Test", "AuthorizationTest");
}
@Test
public void getBannedServices(){
ScopeProvider.instance.set("/gcube/devsec");
List<BannedService> bannedServices = authorizationService().build().getBannedServices("lucio.lelii");
for (BannedService banService : bannedServices)
System.out.println(banService);
}
}