git-svn-id: http://svn.research-infrastructures.eu/public/d4science/gcube/trunk/Common/authorization-common-client@122471 82a268e6-3cf1-43bd-a215-b396298e98cf
This commit is contained in:
parent
41ab4bf99f
commit
3bc4671ad1
|
@ -8,7 +8,7 @@ public class Constants {
|
||||||
/** Service name. */
|
/** Service name. */
|
||||||
public static final String SERVICE_NAME = "AuthorizationService";
|
public static final String SERVICE_NAME = "AuthorizationService";
|
||||||
|
|
||||||
public static String CLIENT_ID_PARAM= "client_ID";
|
public static String CLIENT_ID_PARAM= "client_id";
|
||||||
|
|
||||||
public static String CONTEXT_PARAM= "context";
|
public static String CONTEXT_PARAM= "context";
|
||||||
|
|
||||||
|
|
|
@ -5,25 +5,23 @@ import java.util.List;
|
||||||
import org.gcube.common.authorization.client.exceptions.ObjectNotFound;
|
import org.gcube.common.authorization.client.exceptions.ObjectNotFound;
|
||||||
import org.gcube.common.authorization.library.AuthorizationEntry;
|
import org.gcube.common.authorization.library.AuthorizationEntry;
|
||||||
import org.gcube.common.authorization.library.enpoints.AuthorizationEndpoint;
|
import org.gcube.common.authorization.library.enpoints.AuthorizationEndpoint;
|
||||||
|
import org.gcube.common.authorization.library.policies.Policy;
|
||||||
|
import org.gcube.common.authorization.library.provider.ClientInfo;
|
||||||
|
|
||||||
public interface AuthorizationProxy {
|
public interface AuthorizationProxy {
|
||||||
|
|
||||||
AuthorizationEndpoint getEndpoint();
|
AuthorizationEndpoint getEndpoint();
|
||||||
|
|
||||||
void setEndpoint(AuthorizationEndpoint endpoint);
|
void setEndpoint(AuthorizationEndpoint endpoint);
|
||||||
|
|
||||||
@Deprecated
|
|
||||||
String generate(String userName, List<String> roles) throws Exception;
|
|
||||||
|
|
||||||
AuthorizationEntry get(String token) throws ObjectNotFound, Exception;
|
AuthorizationEntry get(String token) throws ObjectNotFound, Exception;
|
||||||
|
|
||||||
String generate(String clientId, String context, List<String> roles)
|
String generateToken(ClientInfo client, String context)
|
||||||
throws Exception;
|
throws Exception;
|
||||||
|
|
||||||
/*
|
|
||||||
BannedService deny(String userName, String serviceClass, String serviceName) throws Exception;
|
|
||||||
|
|
||||||
void allow(String userName, String serviceClass, String serviceName) throws Exception;
|
|
||||||
|
|
||||||
List<BannedService> getBannedServices(String userName) throws Exception;*/
|
void addPolicies(List<Policy> policies) throws Exception;
|
||||||
|
|
||||||
|
void removePolicies(long ... ids) throws Exception;
|
||||||
|
|
||||||
|
List<Policy> getPolicies(String context) throws Exception;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,27 +1,34 @@
|
||||||
package org.gcube.common.authorization.client.proxy;
|
package org.gcube.common.authorization.client.proxy;
|
||||||
|
|
||||||
import static org.gcube.common.authorization.client.Constants.CLIENT_ID_PARAM;
|
|
||||||
import static org.gcube.common.authorization.client.Constants.CONTEXT_PARAM;
|
import static org.gcube.common.authorization.client.Constants.CONTEXT_PARAM;
|
||||||
import static org.gcube.common.authorization.client.Constants.ROLES_PARAM;
|
|
||||||
|
|
||||||
|
import java.io.BufferedOutputStream;
|
||||||
import java.io.BufferedReader;
|
import java.io.BufferedReader;
|
||||||
import java.io.InputStream;
|
import java.io.InputStream;
|
||||||
import java.io.InputStreamReader;
|
import java.io.InputStreamReader;
|
||||||
|
import java.io.OutputStream;
|
||||||
import java.net.HttpURLConnection;
|
import java.net.HttpURLConnection;
|
||||||
import java.net.InetAddress;
|
|
||||||
import java.net.URL;
|
import java.net.URL;
|
||||||
import java.net.UnknownHostException;
|
import java.util.ArrayList;
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
|
||||||
|
import javax.xml.bind.JAXBContext;
|
||||||
|
import javax.xml.bind.JAXBException;
|
||||||
|
|
||||||
import org.gcube.common.authorization.client.Binder;
|
import org.gcube.common.authorization.client.Binder;
|
||||||
import org.gcube.common.authorization.client.Constants;
|
import org.gcube.common.authorization.client.Constants;
|
||||||
import org.gcube.common.authorization.client.exceptions.ObjectNotFound;
|
import org.gcube.common.authorization.client.exceptions.ObjectNotFound;
|
||||||
import org.gcube.common.authorization.library.AuthorizationEntry;
|
import org.gcube.common.authorization.library.AuthorizationEntry;
|
||||||
|
import org.gcube.common.authorization.library.Policies;
|
||||||
import org.gcube.common.authorization.library.enpoints.AuthorizationEndpoint;
|
import org.gcube.common.authorization.library.enpoints.AuthorizationEndpoint;
|
||||||
import org.gcube.common.authorization.library.enpoints.AuthorizationEndpointScanner;
|
import org.gcube.common.authorization.library.enpoints.AuthorizationEndpointScanner;
|
||||||
|
import org.gcube.common.authorization.library.policies.Policy;
|
||||||
|
import org.gcube.common.authorization.library.provider.ClientInfo;
|
||||||
|
import org.gcube.common.authorization.library.provider.ServiceInfo;
|
||||||
|
import org.gcube.common.authorization.library.provider.UserInfo;
|
||||||
import org.gcube.common.encryption.StringEncrypter;
|
import org.gcube.common.encryption.StringEncrypter;
|
||||||
import org.gcube.common.scope.api.ScopeProvider;
|
import org.gcube.common.scope.api.ScopeProvider;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
|
@ -33,23 +40,19 @@ public class DefaultAuthorizationProxy implements AuthorizationProxy {
|
||||||
|
|
||||||
private static Map<String, AuthorizationEntryCache> cache = new HashMap<String, AuthorizationEntryCache>();
|
private static Map<String, AuthorizationEntryCache> cache = new HashMap<String, AuthorizationEntryCache>();
|
||||||
|
|
||||||
|
private static JAXBContext jaxbContext;
|
||||||
|
|
||||||
private List<AuthorizationEndpoint> endpoints;
|
private List<AuthorizationEndpoint> endpoints;
|
||||||
|
|
||||||
public DefaultAuthorizationProxy() {
|
public DefaultAuthorizationProxy() {
|
||||||
|
try {
|
||||||
endpoints = AuthorizationEndpointScanner.endpoints();
|
jaxbContext = JAXBContext.newInstance(ClientInfo.class, UserInfo.class, ServiceInfo.class, Policies.class);
|
||||||
AuthorizationEndpoint ae = endpoints.get(0);
|
} catch (JAXBException e) {
|
||||||
try{
|
log.error("error creating jaxb context",e);
|
||||||
InetAddress addr = InetAddress.getByName(ae.getHost());
|
throw new RuntimeException(e);
|
||||||
if (addr.isAnyLocalAddress() || addr.isLoopbackAddress()){
|
|
||||||
ae.setHost("localhost");
|
|
||||||
this.setEndpoint(ae);
|
|
||||||
}
|
|
||||||
log.debug("endpoint set to localhost");
|
|
||||||
}catch(UnknownHostException e){
|
|
||||||
log.warn("unknown host", e);
|
|
||||||
}
|
}
|
||||||
|
endpoints = AuthorizationEndpointScanner.endpoints();
|
||||||
|
this.setEndpoint(endpoints.get(0));
|
||||||
}
|
}
|
||||||
|
|
||||||
private String getInternalEnpoint(){
|
private String getInternalEnpoint(){
|
||||||
|
@ -58,38 +61,31 @@ public class DefaultAuthorizationProxy implements AuthorizationProxy {
|
||||||
return endpoint.toString();
|
return endpoint.toString();
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Deprecated
|
|
||||||
@Override
|
@Override
|
||||||
public String generate(String clientId, List<String> roles) throws Exception {
|
public String generateToken(ClientInfo client, String context) throws Exception {
|
||||||
final String context = ScopeProvider.instance.get();
|
|
||||||
return this.generate(clientId, context , roles);
|
String methodPath = "/generate/";
|
||||||
|
|
||||||
}
|
if (client instanceof UserInfo)
|
||||||
|
methodPath+="user";
|
||||||
@Override
|
else methodPath+="service";
|
||||||
public String generate(String clientId, String context, List<String> roles) throws Exception {
|
|
||||||
final String methodPath = "/generate/token/";
|
|
||||||
|
|
||||||
StringBuilder rolesQueryString = new StringBuilder();
|
|
||||||
if (roles.size()>0){
|
|
||||||
for (String role: roles)
|
|
||||||
rolesQueryString.append(role).append(",");
|
|
||||||
rolesQueryString.deleteCharAt(rolesQueryString.lastIndexOf(","));
|
|
||||||
}
|
|
||||||
StringBuilder callUrl = new StringBuilder(getInternalEnpoint()).append(methodPath).append("?")
|
StringBuilder callUrl = new StringBuilder(getInternalEnpoint()).append(methodPath).append("?")
|
||||||
.append(CLIENT_ID_PARAM).append("=").append(clientId).append("&")
|
|
||||||
.append(ROLES_PARAM).append("=").append(rolesQueryString).append("&")
|
|
||||||
.append(CONTEXT_PARAM).append("=").append(context);
|
.append(CONTEXT_PARAM).append("=").append(context);
|
||||||
|
|
||||||
URL url = new URL(callUrl.toString());
|
URL url = new URL(callUrl.toString());
|
||||||
HttpURLConnection connection = (HttpURLConnection)url.openConnection();
|
HttpURLConnection connection = (HttpURLConnection)url.openConnection();
|
||||||
connection.setRequestMethod("POST");
|
connection.setRequestMethod("PUT");
|
||||||
|
connection.setDoOutput(true);
|
||||||
|
|
||||||
|
try(OutputStream os = new BufferedOutputStream(connection.getOutputStream())){
|
||||||
|
jaxbContext.createMarshaller().marshal(client, os);
|
||||||
|
}
|
||||||
|
|
||||||
if (connection.getResponseCode()!=200) throw new Exception("error contacting authorization service");
|
if (connection.getResponseCode()!=200) throw new Exception("error contacting authorization service");
|
||||||
String encryptedToken= "";
|
String encryptedToken= "";
|
||||||
try(BufferedReader reader = new BufferedReader(new InputStreamReader((InputStream)connection.getContent()));){
|
try(BufferedReader reader = new BufferedReader(new InputStreamReader((InputStream)connection.getContent()))){
|
||||||
StringBuilder result = new StringBuilder();
|
StringBuilder result = new StringBuilder();
|
||||||
String line;
|
String line;
|
||||||
while((line = reader.readLine()) != null)
|
while((line = reader.readLine()) != null)
|
||||||
|
@ -98,22 +94,17 @@ public class DefaultAuthorizationProxy implements AuthorizationProxy {
|
||||||
}
|
}
|
||||||
|
|
||||||
return StringEncrypter.getEncrypter().decrypt(encryptedToken, context);
|
return StringEncrypter.getEncrypter().decrypt(encryptedToken, context);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public AuthorizationEntry get(final String token) throws ObjectNotFound, Exception{
|
public AuthorizationEntry get(String token) throws ObjectNotFound, Exception{
|
||||||
final String methodPath = "/retrieve/";
|
final String methodPath = "/retrieve/";
|
||||||
|
|
||||||
StringBuilder callUrl = new StringBuilder(getInternalEnpoint()).append(methodPath).append(token);
|
StringBuilder callUrl = new StringBuilder(getInternalEnpoint()).append(methodPath).append(token);
|
||||||
|
|
||||||
log.debug("call uri "+callUrl.toString());
|
|
||||||
|
|
||||||
URL url = new URL(callUrl.toString());
|
URL url = new URL(callUrl.toString());
|
||||||
HttpURLConnection connection = makeRequest(url, "GET");
|
HttpURLConnection connection = makeRequest(url, "GET");
|
||||||
log.debug("response code is "+connection.getResponseCode());
|
connection.setDoInput(true);
|
||||||
log.debug("response message is "+connection.getResponseMessage());
|
|
||||||
|
|
||||||
if (connection.getResponseCode()==404) throw new ObjectNotFound("token "+token+" not found");
|
if (connection.getResponseCode()==404) throw new ObjectNotFound("token "+token+" not found");
|
||||||
if (connection.getResponseCode()!=200) throw new Exception("error contacting authorization service");
|
if (connection.getResponseCode()!=200) throw new Exception("error contacting authorization service");
|
||||||
if (connection.getContentLengthLong()<=0) return null;
|
if (connection.getContentLengthLong()<=0) return null;
|
||||||
|
@ -125,50 +116,58 @@ public class DefaultAuthorizationProxy implements AuthorizationProxy {
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
|
||||||
@Override
|
@Override
|
||||||
public BannedService deny(final String userName, final String serviceClass, final String serviceName) throws Exception {
|
public void addPolicies(List<Policy> policies) throws Exception {
|
||||||
|
final String methodPath = "/policyManager";
|
||||||
|
|
||||||
URL url = new URL(endpoint+"/deny/"+userName+"/"+serviceClass+"/"+serviceName);
|
StringBuilder callUrl = new StringBuilder(getInternalEnpoint()).append(methodPath);
|
||||||
|
|
||||||
|
URL url = new URL(callUrl.toString());
|
||||||
HttpURLConnection connection = makeRequest(url, "POST");
|
HttpURLConnection connection = makeRequest(url, "POST");
|
||||||
|
connection.setDoOutput(true);
|
||||||
|
|
||||||
|
try(OutputStream os = new BufferedOutputStream(connection.getOutputStream())){
|
||||||
|
jaxbContext.createMarshaller().marshal(new Policies(policies), os);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (connection.getResponseCode()!=200) throw new Exception("error adding policies");
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
if (connection.getResponseCode()!=200 && connection.getResponseCode()!=200) throw new Exception("error contacting authorization service");
|
@Override
|
||||||
|
public void removePolicies(long... ids) throws Exception {
|
||||||
|
final String methodPath = "/policyManager/";
|
||||||
|
StringBuilder callUrl = new StringBuilder(getInternalEnpoint()).append(methodPath);
|
||||||
|
List<Long> errorIds = new ArrayList<Long>();
|
||||||
|
for (long id: ids){
|
||||||
|
URL url = new URL(callUrl.toString()+id);
|
||||||
|
HttpURLConnection connection = makeRequest(url, "DELETE");
|
||||||
|
if (connection.getResponseCode()!=200) errorIds.add(id);
|
||||||
|
}
|
||||||
|
if (!errorIds.isEmpty())
|
||||||
|
throw new Exception("error removing policies with ids: "+errorIds);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public List<Policy> getPolicies(String context) throws Exception{
|
||||||
|
final String methodPath = "/policyManager/";
|
||||||
|
|
||||||
|
StringBuilder callUrl = new StringBuilder(getInternalEnpoint()).append(methodPath).append("?").append(CONTEXT_PARAM).append("=").append(context);
|
||||||
|
|
||||||
|
URL url = new URL(callUrl.toString());
|
||||||
|
HttpURLConnection connection = makeRequest(url, "GET");
|
||||||
|
|
||||||
|
if (connection.getResponseCode()!=200) throw new Exception("error retrieving policies");
|
||||||
if (connection.getContentLengthLong()<=0) return null;
|
if (connection.getContentLengthLong()<=0) return null;
|
||||||
|
|
||||||
try(InputStream stream = (InputStream)connection.getContent();){
|
try(InputStream stream = (InputStream)connection.getContent()){
|
||||||
BannedService service = (BannedService)Binder.getContext().createUnmarshaller().unmarshal(stream);
|
Policies policies = (Policies)Binder.getContext().createUnmarshaller().unmarshal(stream);
|
||||||
return service;
|
return policies.getPolicies();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public void allow(final String userName, final String serviceClass, final String serviceName) throws Exception{
|
|
||||||
URL url = new URL(endpoint+"/deny/"+userName+"/"+serviceClass+"/"+serviceName);
|
|
||||||
HttpURLConnection connection = makeRequest(url, "DELETE");
|
|
||||||
if (!(connection.getResponseCode()>=200 && connection.getResponseCode()<=206))
|
|
||||||
throw new Exception("error contacting authorization service");
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public List<BannedService> getBannedServices(final String userName) throws Exception{
|
|
||||||
|
|
||||||
URL url = new URL(endpoint+"/deny/"+userName);
|
|
||||||
|
|
||||||
HttpURLConnection connection = makeRequest(url, "GET");
|
|
||||||
if (connection.getResponseCode()!=200) throw new Exception("error contacting authorization service");
|
|
||||||
if (connection.getContentLengthLong()<=0) return Collections.emptyList();
|
|
||||||
|
|
||||||
try(InputStream stream = (InputStream)connection.getContent();){
|
|
||||||
BannedServices services = (BannedServices)Binder.getContext().createUnmarshaller().unmarshal(stream);
|
|
||||||
if (services.get()==null) return Collections.emptyList();
|
|
||||||
else return services.get();
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
*/
|
|
||||||
|
|
||||||
private HttpURLConnection makeRequest(URL url, String method) throws Exception{
|
private HttpURLConnection makeRequest(URL url, String method) throws Exception{
|
||||||
HttpURLConnection connection = (HttpURLConnection)url.openConnection();
|
HttpURLConnection connection = (HttpURLConnection)url.openConnection();
|
||||||
|
@ -186,4 +185,6 @@ public class DefaultAuthorizationProxy implements AuthorizationProxy {
|
||||||
public void setEndpoint(AuthorizationEndpoint authEndpoint) {
|
public void setEndpoint(AuthorizationEndpoint authEndpoint) {
|
||||||
this.endpoints = Collections.singletonList(authEndpoint);
|
this.endpoints = Collections.singletonList(authEndpoint);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,7 +5,7 @@ import static org.gcube.common.authorization.client.Constants.authorizationServi
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
|
|
||||||
import org.gcube.common.authorization.client.exceptions.ObjectNotFound;
|
import org.gcube.common.authorization.client.exceptions.ObjectNotFound;
|
||||||
import org.gcube.common.scope.api.ScopeProvider;
|
import org.gcube.common.authorization.library.provider.UserInfo;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
public class CallTest {
|
public class CallTest {
|
||||||
|
|
||||||
|
@ -14,7 +14,7 @@ public class CallTest {
|
||||||
public void call() throws Exception{
|
public void call() throws Exception{
|
||||||
try{
|
try{
|
||||||
//devsec cec80de1-0e1a-47be-81cd-e8534753bff7
|
//devsec cec80de1-0e1a-47be-81cd-e8534753bff7
|
||||||
System.out.println(authorizationService().get("870f409b-df3c-4c12-8063-6f9b0f414751"));
|
System.out.println(authorizationService().get("6d17f525-02de-4786-b454-d24150af7d49"));
|
||||||
}catch(ObjectNotFound onf){
|
}catch(ObjectNotFound onf){
|
||||||
onf.printStackTrace();
|
onf.printStackTrace();
|
||||||
}
|
}
|
||||||
|
@ -24,7 +24,7 @@ public class CallTest {
|
||||||
public void requestToken() throws Exception {
|
public void requestToken() throws Exception {
|
||||||
|
|
||||||
//ScopeProvider.instance.set("/gcube/devsec");
|
//ScopeProvider.instance.set("/gcube/devsec");
|
||||||
String token = authorizationService().generate("lucio.lelii", "/gcube", new ArrayList<String>());
|
String token = authorizationService().generateToken(new UserInfo("lucio.lelii", new ArrayList<String>()), "/gcube/devsec");
|
||||||
System.out.println("token is: "+token);
|
System.out.println("token is: "+token);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue