gCubeSystem
/
authorization-client
16
0
Fork 0
Code Issues Pull Requests Releases 2 Wiki Activity

git-svn-id: http://svn.research-infrastructures.eu/public/d4science/gcube/trunk/Common/authorization-common-client@122471 82a268e6-3cf1-43bd-a215-b396298e98cf

This commit is contained in:
Lucio Lelii 2016-01-22 16:28:17 +00:00
parent 41ab4bf99f
commit 3bc4671ad1
4 changed files with 98 additions and 99 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/java/org/gcube/common/authorization/client/Constants.java
View File

@ -8,7 +8,7 @@ public class Constants {
/** Service name. */
public static final String SERVICE_NAME = "AuthorizationService";
public static String CLIENT_ID_PARAM= "client_ID";
public static String CLIENT_ID_PARAM= "client_id";
public static String CONTEXT_PARAM= "context";

20
src/main/java/org/gcube/common/authorization/client/proxy/AuthorizationProxy.java
View File

@ -5,25 +5,23 @@ import java.util.List;
import org.gcube.common.authorization.client.exceptions.ObjectNotFound;
import org.gcube.common.authorization.library.AuthorizationEntry;
import org.gcube.common.authorization.library.enpoints.AuthorizationEndpoint;
import org.gcube.common.authorization.library.policies.Policy;
import org.gcube.common.authorization.library.provider.ClientInfo;
public interface AuthorizationProxy {
AuthorizationEndpoint getEndpoint();
void setEndpoint(AuthorizationEndpoint endpoint);
@Deprecated
String generate(String userName, List<String> roles) throws Exception;
AuthorizationEntry get(String token) throws ObjectNotFound, Exception;
String generate(String clientId, String context, List<String> roles)
String generateToken(ClientInfo client, String context)
throws Exception;
/*
BannedService deny(String userName, String serviceClass, String serviceName) throws Exception;
void allow(String userName, String serviceClass, String serviceName) throws Exception;
List<BannedService> getBannedServices(String userName) throws Exception;*/
void addPolicies(List<Policy> policies) throws Exception;
void removePolicies(long ... ids) throws Exception;
List<Policy> getPolicies(String context) throws Exception;
}

169
src/main/java/org/gcube/common/authorization/client/proxy/DefaultAuthorizationProxy.java
View File

@ -1,27 +1,34 @@
package org.gcube.common.authorization.client.proxy;
import static org.gcube.common.authorization.client.Constants.CLIENT_ID_PARAM;
import static org.gcube.common.authorization.client.Constants.CONTEXT_PARAM;
import static org.gcube.common.authorization.client.Constants.ROLES_PARAM;
import java.io.BufferedOutputStream;
import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.InetAddress;
import java.net.URL;
import java.net.UnknownHostException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import org.gcube.common.authorization.client.Binder;
import org.gcube.common.authorization.client.Constants;
import org.gcube.common.authorization.client.exceptions.ObjectNotFound;
import org.gcube.common.authorization.library.AuthorizationEntry;
import org.gcube.common.authorization.library.Policies;
import org.gcube.common.authorization.library.enpoints.AuthorizationEndpoint;
import org.gcube.common.authorization.library.enpoints.AuthorizationEndpointScanner;
import org.gcube.common.authorization.library.policies.Policy;
import org.gcube.common.authorization.library.provider.ClientInfo;
import org.gcube.common.authorization.library.provider.ServiceInfo;
import org.gcube.common.authorization.library.provider.UserInfo;
import org.gcube.common.encryption.StringEncrypter;
import org.gcube.common.scope.api.ScopeProvider;
import org.slf4j.Logger;
@ -33,23 +40,19 @@ public class DefaultAuthorizationProxy implements AuthorizationProxy {
private static Map<String, AuthorizationEntryCache> cache = new HashMap<String, AuthorizationEntryCache>();
private static JAXBContext jaxbContext;
private List<AuthorizationEndpoint> endpoints;
public DefaultAuthorizationProxy() {
endpoints = AuthorizationEndpointScanner.endpoints();
AuthorizationEndpoint ae = endpoints.get(0);
try{
InetAddress addr = InetAddress.getByName(ae.getHost());
if (addr.isAnyLocalAddress() || addr.isLoopbackAddress()){
ae.setHost("localhost");
this.setEndpoint(ae);
}
log.debug("endpoint set to localhost");
}catch(UnknownHostException e){
log.warn("unknown host", e);
try {
jaxbContext = JAXBContext.newInstance(ClientInfo.class, UserInfo.class, ServiceInfo.class, Policies.class);
} catch (JAXBException e) {
log.error("error creating jaxb context",e);
throw new RuntimeException(e);
}
endpoints = AuthorizationEndpointScanner.endpoints();
this.setEndpoint(endpoints.get(0));
}
private String getInternalEnpoint(){
@ -58,38 +61,31 @@ public class DefaultAuthorizationProxy implements AuthorizationProxy {
return endpoint.toString();
}
@Deprecated
@Override
public String generate(String clientId, List<String> roles) throws Exception {
final String context = ScopeProvider.instance.get();
return this.generate(clientId, context , roles);
}
@Override
public String generate(String clientId, String context, List<String> roles) throws Exception {
final String methodPath = "/generate/token/";
StringBuilder rolesQueryString = new StringBuilder();
if (roles.size()>0){
for (String role: roles)
rolesQueryString.append(role).append(",");
rolesQueryString.deleteCharAt(rolesQueryString.lastIndexOf(","));
}
public String generateToken(ClientInfo client, String context) throws Exception {
String methodPath = "/generate/";
if (client instanceof UserInfo)
methodPath+="user";
else methodPath+="service";
StringBuilder callUrl = new StringBuilder(getInternalEnpoint()).append(methodPath).append("?")
.append(CLIENT_ID_PARAM).append("=").append(clientId).append("&")
.append(ROLES_PARAM).append("=").append(rolesQueryString).append("&")
.append(CONTEXT_PARAM).append("=").append(context);
URL url = new URL(callUrl.toString());
HttpURLConnection connection = (HttpURLConnection)url.openConnection();
connection.setRequestMethod("POST");
connection.setRequestMethod("PUT");
connection.setDoOutput(true);
try(OutputStream os = new BufferedOutputStream(connection.getOutputStream())){
jaxbContext.createMarshaller().marshal(client, os);
}
if (connection.getResponseCode()!=200) throw new Exception("error contacting authorization service");
String encryptedToken= "";
try(BufferedReader reader = new BufferedReader(new InputStreamReader((InputStream)connection.getContent()));){
try(BufferedReader reader = new BufferedReader(new InputStreamReader((InputStream)connection.getContent()))){
StringBuilder result = new StringBuilder();
String line;
while((line = reader.readLine()) != null)
@ -98,22 +94,17 @@ public class DefaultAuthorizationProxy implements AuthorizationProxy {
}
return StringEncrypter.getEncrypter().decrypt(encryptedToken, context);
}
@Override
public AuthorizationEntry get(final String token) throws ObjectNotFound, Exception{
public AuthorizationEntry get(String token) throws ObjectNotFound, Exception{
final String methodPath = "/retrieve/";
StringBuilder callUrl = new StringBuilder(getInternalEnpoint()).append(methodPath).append(token);
log.debug("call uri "+callUrl.toString());
URL url = new URL(callUrl.toString());
HttpURLConnection connection = makeRequest(url, "GET");
log.debug("response code is "+connection.getResponseCode());
log.debug("response message is "+connection.getResponseMessage());
connection.setDoInput(true);
if (connection.getResponseCode()==404) throw new ObjectNotFound("token "+token+" not found");
if (connection.getResponseCode()!=200) throw new Exception("error contacting authorization service");
if (connection.getContentLengthLong()<=0) return null;
@ -125,50 +116,58 @@ public class DefaultAuthorizationProxy implements AuthorizationProxy {
}
}
/*
@Override
public BannedService deny(final String userName, final String serviceClass, final String serviceName) throws Exception {
public void addPolicies(List<Policy> policies) throws Exception {
final String methodPath = "/policyManager";
URL url = new URL(endpoint+"/deny/"+userName+"/"+serviceClass+"/"+serviceName);
StringBuilder callUrl = new StringBuilder(getInternalEnpoint()).append(methodPath);
URL url = new URL(callUrl.toString());
HttpURLConnection connection = makeRequest(url, "POST");
connection.setDoOutput(true);
try(OutputStream os = new BufferedOutputStream(connection.getOutputStream())){
jaxbContext.createMarshaller().marshal(new Policies(policies), os);
}
if (connection.getResponseCode()!=200) throw new Exception("error adding policies");
}
if (connection.getResponseCode()!=200 && connection.getResponseCode()!=200) throw new Exception("error contacting authorization service");
@Override
public void removePolicies(long... ids) throws Exception {
final String methodPath = "/policyManager/";
StringBuilder callUrl = new StringBuilder(getInternalEnpoint()).append(methodPath);
List<Long> errorIds = new ArrayList<Long>();
for (long id: ids){
URL url = new URL(callUrl.toString()+id);
HttpURLConnection connection = makeRequest(url, "DELETE");
if (connection.getResponseCode()!=200) errorIds.add(id);
}
if (!errorIds.isEmpty())
throw new Exception("error removing policies with ids: "+errorIds);
}
@Override
public List<Policy> getPolicies(String context) throws Exception{
final String methodPath = "/policyManager/";
StringBuilder callUrl = new StringBuilder(getInternalEnpoint()).append(methodPath).append("?").append(CONTEXT_PARAM).append("=").append(context);
URL url = new URL(callUrl.toString());
HttpURLConnection connection = makeRequest(url, "GET");
if (connection.getResponseCode()!=200) throw new Exception("error retrieving policies");
if (connection.getContentLengthLong()<=0) return null;
try(InputStream stream = (InputStream)connection.getContent();){
BannedService service = (BannedService)Binder.getContext().createUnmarshaller().unmarshal(stream);
return service;
try(InputStream stream = (InputStream)connection.getContent()){
Policies policies = (Policies)Binder.getContext().createUnmarshaller().unmarshal(stream);
return policies.getPolicies();
}
}
@Override
public void allow(final String userName, final String serviceClass, final String serviceName) throws Exception{
URL url = new URL(endpoint+"/deny/"+userName+"/"+serviceClass+"/"+serviceName);
HttpURLConnection connection = makeRequest(url, "DELETE");
if (!(connection.getResponseCode()>=200 && connection.getResponseCode()<=206))
throw new Exception("error contacting authorization service");
}
@Override
public List<BannedService> getBannedServices(final String userName) throws Exception{
URL url = new URL(endpoint+"/deny/"+userName);
HttpURLConnection connection = makeRequest(url, "GET");
if (connection.getResponseCode()!=200) throw new Exception("error contacting authorization service");
if (connection.getContentLengthLong()<=0) return Collections.emptyList();
try(InputStream stream = (InputStream)connection.getContent();){
BannedServices services = (BannedServices)Binder.getContext().createUnmarshaller().unmarshal(stream);
if (services.get()==null) return Collections.emptyList();
else return services.get();
}
}
*/
private HttpURLConnection makeRequest(URL url, String method) throws Exception{
HttpURLConnection connection = (HttpURLConnection)url.openConnection();
@ -186,4 +185,6 @@ public class DefaultAuthorizationProxy implements AuthorizationProxy {
public void setEndpoint(AuthorizationEndpoint authEndpoint) {
this.endpoints = Collections.singletonList(authEndpoint);
}
}

6
src/test/java/org/gcube/common/authorizationservice/cl/CallTest.java
View File

@ -5,7 +5,7 @@ import static org.gcube.common.authorization.client.Constants.authorizationServi
import java.util.ArrayList;
import org.gcube.common.authorization.client.exceptions.ObjectNotFound;
import org.gcube.common.scope.api.ScopeProvider;
import org.gcube.common.authorization.library.provider.UserInfo;
import org.junit.Test;
public class CallTest {
@ -14,7 +14,7 @@ public class CallTest {
public void call() throws Exception{
try{
//devsec cec80de1-0e1a-47be-81cd-e8534753bff7
System.out.println(authorizationService().get("870f409b-df3c-4c12-8063-6f9b0f414751"));
System.out.println(authorizationService().get("6d17f525-02de-4786-b454-d24150af7d49"));
}catch(ObjectNotFound onf){
onf.printStackTrace();
}
@ -24,7 +24,7 @@ public class CallTest {
public void requestToken() throws Exception {
//ScopeProvider.instance.set("/gcube/devsec");
String token = authorizationService().generate("lucio.lelii", "/gcube", new ArrayList<String>());
String token = authorizationService().generateToken(new UserInfo("lucio.lelii", new ArrayList<String>()), "/gcube/devsec");
System.out.println("token is: "+token);
}