From 3bc4671ad1c2332ea38782b9a73f7b2b852deb59 Mon Sep 17 00:00:00 2001 From: "lucio.lelii" Date: Fri, 22 Jan 2016 16:28:17 +0000 Subject: [PATCH] git-svn-id: http://svn.research-infrastructures.eu/public/d4science/gcube/trunk/Common/authorization-common-client@122471 82a268e6-3cf1-43bd-a215-b396298e98cf --- .../authorization/client/Constants.java | 2 +- .../client/proxy/AuthorizationProxy.java | 20 +-- .../proxy/DefaultAuthorizationProxy.java | 169 +++++++++--------- .../authorizationservice/cl/CallTest.java | 6 +- 4 files changed, 98 insertions(+), 99 deletions(-) diff --git a/src/main/java/org/gcube/common/authorization/client/Constants.java b/src/main/java/org/gcube/common/authorization/client/Constants.java index 0098317..84828b3 100644 --- a/src/main/java/org/gcube/common/authorization/client/Constants.java +++ b/src/main/java/org/gcube/common/authorization/client/Constants.java @@ -8,7 +8,7 @@ public class Constants { /** Service name. */ public static final String SERVICE_NAME = "AuthorizationService"; - public static String CLIENT_ID_PARAM= "client_ID"; + public static String CLIENT_ID_PARAM= "client_id"; public static String CONTEXT_PARAM= "context"; diff --git a/src/main/java/org/gcube/common/authorization/client/proxy/AuthorizationProxy.java b/src/main/java/org/gcube/common/authorization/client/proxy/AuthorizationProxy.java index 2d7eb75..9841acf 100644 --- a/src/main/java/org/gcube/common/authorization/client/proxy/AuthorizationProxy.java +++ b/src/main/java/org/gcube/common/authorization/client/proxy/AuthorizationProxy.java @@ -5,25 +5,23 @@ import java.util.List; import org.gcube.common.authorization.client.exceptions.ObjectNotFound; import org.gcube.common.authorization.library.AuthorizationEntry; import org.gcube.common.authorization.library.enpoints.AuthorizationEndpoint; +import org.gcube.common.authorization.library.policies.Policy; +import org.gcube.common.authorization.library.provider.ClientInfo; public interface AuthorizationProxy { AuthorizationEndpoint getEndpoint(); void setEndpoint(AuthorizationEndpoint endpoint); - - @Deprecated - String generate(String userName, List roles) throws Exception; - + AuthorizationEntry get(String token) throws ObjectNotFound, Exception; - String generate(String clientId, String context, List roles) + String generateToken(ClientInfo client, String context) throws Exception; - - /* - BannedService deny(String userName, String serviceClass, String serviceName) throws Exception; - - void allow(String userName, String serviceClass, String serviceName) throws Exception; - List getBannedServices(String userName) throws Exception;*/ + void addPolicies(List policies) throws Exception; + + void removePolicies(long ... ids) throws Exception; + + List getPolicies(String context) throws Exception; } diff --git a/src/main/java/org/gcube/common/authorization/client/proxy/DefaultAuthorizationProxy.java b/src/main/java/org/gcube/common/authorization/client/proxy/DefaultAuthorizationProxy.java index e79c3f6..f927ad9 100644 --- a/src/main/java/org/gcube/common/authorization/client/proxy/DefaultAuthorizationProxy.java +++ b/src/main/java/org/gcube/common/authorization/client/proxy/DefaultAuthorizationProxy.java @@ -1,27 +1,34 @@ package org.gcube.common.authorization.client.proxy; -import static org.gcube.common.authorization.client.Constants.CLIENT_ID_PARAM; import static org.gcube.common.authorization.client.Constants.CONTEXT_PARAM; -import static org.gcube.common.authorization.client.Constants.ROLES_PARAM; +import java.io.BufferedOutputStream; import java.io.BufferedReader; import java.io.InputStream; import java.io.InputStreamReader; +import java.io.OutputStream; import java.net.HttpURLConnection; -import java.net.InetAddress; import java.net.URL; -import java.net.UnknownHostException; +import java.util.ArrayList; import java.util.Collections; import java.util.HashMap; import java.util.List; import java.util.Map; +import javax.xml.bind.JAXBContext; +import javax.xml.bind.JAXBException; + import org.gcube.common.authorization.client.Binder; import org.gcube.common.authorization.client.Constants; import org.gcube.common.authorization.client.exceptions.ObjectNotFound; import org.gcube.common.authorization.library.AuthorizationEntry; +import org.gcube.common.authorization.library.Policies; import org.gcube.common.authorization.library.enpoints.AuthorizationEndpoint; import org.gcube.common.authorization.library.enpoints.AuthorizationEndpointScanner; +import org.gcube.common.authorization.library.policies.Policy; +import org.gcube.common.authorization.library.provider.ClientInfo; +import org.gcube.common.authorization.library.provider.ServiceInfo; +import org.gcube.common.authorization.library.provider.UserInfo; import org.gcube.common.encryption.StringEncrypter; import org.gcube.common.scope.api.ScopeProvider; import org.slf4j.Logger; @@ -33,23 +40,19 @@ public class DefaultAuthorizationProxy implements AuthorizationProxy { private static Map cache = new HashMap(); - + private static JAXBContext jaxbContext; + private List endpoints; public DefaultAuthorizationProxy() { - - endpoints = AuthorizationEndpointScanner.endpoints(); - AuthorizationEndpoint ae = endpoints.get(0); - try{ - InetAddress addr = InetAddress.getByName(ae.getHost()); - if (addr.isAnyLocalAddress() || addr.isLoopbackAddress()){ - ae.setHost("localhost"); - this.setEndpoint(ae); - } - log.debug("endpoint set to localhost"); - }catch(UnknownHostException e){ - log.warn("unknown host", e); + try { + jaxbContext = JAXBContext.newInstance(ClientInfo.class, UserInfo.class, ServiceInfo.class, Policies.class); + } catch (JAXBException e) { + log.error("error creating jaxb context",e); + throw new RuntimeException(e); } + endpoints = AuthorizationEndpointScanner.endpoints(); + this.setEndpoint(endpoints.get(0)); } private String getInternalEnpoint(){ @@ -58,38 +61,31 @@ public class DefaultAuthorizationProxy implements AuthorizationProxy { return endpoint.toString(); } - - @Deprecated + @Override - public String generate(String clientId, List roles) throws Exception { - final String context = ScopeProvider.instance.get(); - return this.generate(clientId, context , roles); - - } - - @Override - public String generate(String clientId, String context, List roles) throws Exception { - final String methodPath = "/generate/token/"; - - StringBuilder rolesQueryString = new StringBuilder(); - if (roles.size()>0){ - for (String role: roles) - rolesQueryString.append(role).append(","); - rolesQueryString.deleteCharAt(rolesQueryString.lastIndexOf(",")); - } + public String generateToken(ClientInfo client, String context) throws Exception { + + String methodPath = "/generate/"; + + if (client instanceof UserInfo) + methodPath+="user"; + else methodPath+="service"; + StringBuilder callUrl = new StringBuilder(getInternalEnpoint()).append(methodPath).append("?") - .append(CLIENT_ID_PARAM).append("=").append(clientId).append("&") - .append(ROLES_PARAM).append("=").append(rolesQueryString).append("&") .append(CONTEXT_PARAM).append("=").append(context); - + URL url = new URL(callUrl.toString()); HttpURLConnection connection = (HttpURLConnection)url.openConnection(); - connection.setRequestMethod("POST"); - + connection.setRequestMethod("PUT"); + connection.setDoOutput(true); + + try(OutputStream os = new BufferedOutputStream(connection.getOutputStream())){ + jaxbContext.createMarshaller().marshal(client, os); + } if (connection.getResponseCode()!=200) throw new Exception("error contacting authorization service"); String encryptedToken= ""; - try(BufferedReader reader = new BufferedReader(new InputStreamReader((InputStream)connection.getContent()));){ + try(BufferedReader reader = new BufferedReader(new InputStreamReader((InputStream)connection.getContent()))){ StringBuilder result = new StringBuilder(); String line; while((line = reader.readLine()) != null) @@ -98,22 +94,17 @@ public class DefaultAuthorizationProxy implements AuthorizationProxy { } return StringEncrypter.getEncrypter().decrypt(encryptedToken, context); - } - + @Override - public AuthorizationEntry get(final String token) throws ObjectNotFound, Exception{ + public AuthorizationEntry get(String token) throws ObjectNotFound, Exception{ final String methodPath = "/retrieve/"; StringBuilder callUrl = new StringBuilder(getInternalEnpoint()).append(methodPath).append(token); - - log.debug("call uri "+callUrl.toString()); URL url = new URL(callUrl.toString()); HttpURLConnection connection = makeRequest(url, "GET"); - log.debug("response code is "+connection.getResponseCode()); - log.debug("response message is "+connection.getResponseMessage()); - + connection.setDoInput(true); if (connection.getResponseCode()==404) throw new ObjectNotFound("token "+token+" not found"); if (connection.getResponseCode()!=200) throw new Exception("error contacting authorization service"); if (connection.getContentLengthLong()<=0) return null; @@ -125,50 +116,58 @@ public class DefaultAuthorizationProxy implements AuthorizationProxy { } } - - /* + @Override - public BannedService deny(final String userName, final String serviceClass, final String serviceName) throws Exception { + public void addPolicies(List policies) throws Exception { + final String methodPath = "/policyManager"; - URL url = new URL(endpoint+"/deny/"+userName+"/"+serviceClass+"/"+serviceName); + StringBuilder callUrl = new StringBuilder(getInternalEnpoint()).append(methodPath); + + URL url = new URL(callUrl.toString()); HttpURLConnection connection = makeRequest(url, "POST"); + connection.setDoOutput(true); + + try(OutputStream os = new BufferedOutputStream(connection.getOutputStream())){ + jaxbContext.createMarshaller().marshal(new Policies(policies), os); + } + + if (connection.getResponseCode()!=200) throw new Exception("error adding policies"); + + } - if (connection.getResponseCode()!=200 && connection.getResponseCode()!=200) throw new Exception("error contacting authorization service"); + @Override + public void removePolicies(long... ids) throws Exception { + final String methodPath = "/policyManager/"; + StringBuilder callUrl = new StringBuilder(getInternalEnpoint()).append(methodPath); + List errorIds = new ArrayList(); + for (long id: ids){ + URL url = new URL(callUrl.toString()+id); + HttpURLConnection connection = makeRequest(url, "DELETE"); + if (connection.getResponseCode()!=200) errorIds.add(id); + } + if (!errorIds.isEmpty()) + throw new Exception("error removing policies with ids: "+errorIds); + } + + @Override + public List getPolicies(String context) throws Exception{ + final String methodPath = "/policyManager/"; + + StringBuilder callUrl = new StringBuilder(getInternalEnpoint()).append(methodPath).append("?").append(CONTEXT_PARAM).append("=").append(context); + + URL url = new URL(callUrl.toString()); + HttpURLConnection connection = makeRequest(url, "GET"); + + if (connection.getResponseCode()!=200) throw new Exception("error retrieving policies"); if (connection.getContentLengthLong()<=0) return null; - try(InputStream stream = (InputStream)connection.getContent();){ - BannedService service = (BannedService)Binder.getContext().createUnmarshaller().unmarshal(stream); - return service; + try(InputStream stream = (InputStream)connection.getContent()){ + Policies policies = (Policies)Binder.getContext().createUnmarshaller().unmarshal(stream); + return policies.getPolicies(); } } + - @Override - public void allow(final String userName, final String serviceClass, final String serviceName) throws Exception{ - URL url = new URL(endpoint+"/deny/"+userName+"/"+serviceClass+"/"+serviceName); - HttpURLConnection connection = makeRequest(url, "DELETE"); - if (!(connection.getResponseCode()>=200 && connection.getResponseCode()<=206)) - throw new Exception("error contacting authorization service"); - } - - - @Override - public List getBannedServices(final String userName) throws Exception{ - - URL url = new URL(endpoint+"/deny/"+userName); - - HttpURLConnection connection = makeRequest(url, "GET"); - if (connection.getResponseCode()!=200) throw new Exception("error contacting authorization service"); - if (connection.getContentLengthLong()<=0) return Collections.emptyList(); - - try(InputStream stream = (InputStream)connection.getContent();){ - BannedServices services = (BannedServices)Binder.getContext().createUnmarshaller().unmarshal(stream); - if (services.get()==null) return Collections.emptyList(); - else return services.get(); - } - - } - - */ private HttpURLConnection makeRequest(URL url, String method) throws Exception{ HttpURLConnection connection = (HttpURLConnection)url.openConnection(); @@ -186,4 +185,6 @@ public class DefaultAuthorizationProxy implements AuthorizationProxy { public void setEndpoint(AuthorizationEndpoint authEndpoint) { this.endpoints = Collections.singletonList(authEndpoint); } + + } diff --git a/src/test/java/org/gcube/common/authorizationservice/cl/CallTest.java b/src/test/java/org/gcube/common/authorizationservice/cl/CallTest.java index 0249f80..34a615a 100644 --- a/src/test/java/org/gcube/common/authorizationservice/cl/CallTest.java +++ b/src/test/java/org/gcube/common/authorizationservice/cl/CallTest.java @@ -5,7 +5,7 @@ import static org.gcube.common.authorization.client.Constants.authorizationServi import java.util.ArrayList; import org.gcube.common.authorization.client.exceptions.ObjectNotFound; -import org.gcube.common.scope.api.ScopeProvider; +import org.gcube.common.authorization.library.provider.UserInfo; import org.junit.Test; public class CallTest { @@ -14,7 +14,7 @@ public class CallTest { public void call() throws Exception{ try{ //devsec cec80de1-0e1a-47be-81cd-e8534753bff7 - System.out.println(authorizationService().get("870f409b-df3c-4c12-8063-6f9b0f414751")); + System.out.println(authorizationService().get("6d17f525-02de-4786-b454-d24150af7d49")); }catch(ObjectNotFound onf){ onf.printStackTrace(); } @@ -24,7 +24,7 @@ public class CallTest { public void requestToken() throws Exception { //ScopeProvider.instance.set("/gcube/devsec"); - String token = authorizationService().generate("lucio.lelii", "/gcube", new ArrayList()); + String token = authorizationService().generateToken(new UserInfo("lucio.lelii", new ArrayList()), "/gcube/devsec"); System.out.println("token is: "+token); }