gCubeSystem
/
authorization-client
16
0
Fork 0
Code Issues Pull Requests Releases 2 Wiki Activity

git-svn-id: http://svn.research-infrastructures.eu/public/d4science/gcube/trunk/Common/authorization-common-client@120400 82a268e6-3cf1-43bd-a215-b396298e98cf

This commit is contained in:
Lucio Lelii 2015-11-24 18:26:37 +00:00
parent 049bc1a086
commit da23122050
10 changed files with 164 additions and 324 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
pom.xml
View File

@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.gcube.common</groupId>
<artifactId>authorization-client</artifactId>
<version>1.0.0-SNAPSHOT</version>
<version>2.0.0-SNAPSHOT</version>
<name>authorization service client library</name>
<parent>
@ -15,26 +15,26 @@
<properties>
<distroDirectory>distro</distroDirectory>
</properties>
<dependencies>
<dependency>
<dependency>
<groupId>org.gcube.common</groupId>
<artifactId>common-authorization</artifactId>
<version>[1.0.0-SNAPSHOT,2.0.0-SNAPSHOT)</version>
<version>[2.0.0-SNAPSHOT,3.0.0-SNAPSHOT)</version>
</dependency>
<dependency>
<groupId>org.gcube.core</groupId>
<artifactId>common-generic-clients</artifactId>
<version>[1.0.0-SNAPSHOT,2.0.0-SNAPSHOT)</version>
</dependency>
<dependency>
<dependency>
<groupId>org.gcube.core</groupId>
<artifactId>common-encryption</artifactId>
<version>[1.0.2-SNAPSHOT,2.0.0-SNAPSHOT)</version>
</dependency>
</dependency>
<dependency>
<groupId>org.gcube.core</groupId>
<artifactId>common-encryption</artifactId>
<version>[1.0.0-SNAPSHOT,2.0.0-SNAPSHOT)</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>

4
src/main/java/org/gcube/common/authorization/client/Binder.java
View File

@ -5,8 +5,6 @@ import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import org.gcube.common.authorization.library.AuthorizationEntry;
import org.gcube.common.authorization.library.BannedService;
import org.gcube.common.authorization.library.BannedServices;
public class Binder {
@ -14,7 +12,7 @@ public class Binder {
public static JAXBContext getContext() throws JAXBException{
if (context==null)
context = JAXBContext.newInstance(AuthorizationEntry.class, BannedService.class, BannedServices.class);
context = JAXBContext.newInstance(AuthorizationEntry.class);
return context;
}

23
src/main/java/org/gcube/common/authorization/client/Constants.java
View File

@ -1,35 +1,24 @@
package org.gcube.common.authorization.client;
import java.util.concurrent.TimeUnit;
import javax.xml.namespace.QName;
import org.gcube.common.authorization.client.plugin.AuthorizationPlugin;
import org.gcube.common.authorization.client.proxy.AuthorizationProxy;
import org.gcube.common.clients.ProxyBuilder;
import org.gcube.common.clients.ProxyBuilderImpl;
import org.gcube.common.authorization.client.proxy.DefaultAuthorizationProxy;
public class Constants {
/** Service name. */
public static final String SERVICE_NAME = "AuthorizationService";
/** Service class. */
public static final String SERVICE_CLASS = "Common";
public static String CLIENT_ID_PARAM= "client_ID";
public static final String CONTEXT_SERVICE_NAME="authorization-service";
public static String CONTEXT_PARAM= "context";
public static final int DEFAULT_TIMEOUT= (int) TimeUnit.SECONDS.toMillis(10);
private static final String TNS = "http://gcube-system.org/";
public static String ROLES_PARAM= "roles";
public static final QName AUTHORIZATION_QNAME = new QName(TNS, "authorization-service");
public static final String SCOPE_HEADER_ENTRY = "gcube-scope";
public static final long TIME_TO_LIVE_CACHE_IN_MILLIS = (60*1000)*60; //1 hour
public static ProxyBuilder<AuthorizationProxy> authorizationService() {
return new ProxyBuilderImpl<String,AuthorizationProxy>(new AuthorizationPlugin());
public static AuthorizationProxy authorizationService() {
return new DefaultAuthorizationProxy();
}
}

60
src/main/java/org/gcube/common/authorization/client/JaxRSEndpointReference.java
View File

@ -1,60 +0,0 @@
package org.gcube.common.authorization.client;
import java.io.StringReader;
import java.io.StringWriter;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.stream.StreamResult;
import javax.xml.ws.EndpointReference;
import org.w3c.dom.Document;
import org.w3c.dom.NodeList;
import org.xml.sax.InputSource;
public class JaxRSEndpointReference {
private static final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
private static final String addressLocalName = "Address";
//private static final String keyLocalName = "ResourceKey";
String address;
//Element key;
static {
factory.setNamespaceAware(true);
}
public JaxRSEndpointReference(EndpointReference reference) {
this(serialise(reference));
}
public JaxRSEndpointReference(String reference) {
try {
Document document = factory.newDocumentBuilder().parse(new InputSource(new StringReader(reference)));
NodeList addresses = document.getElementsByTagNameNS("*", addressLocalName);
if (addresses.getLength() == 0)
throw new RuntimeException("reference does not contain an address");
address = addresses.item(0).getTextContent();
} catch (Exception e) {
throw new IllegalArgumentException("reference is not a gCore reference", e);
}
}
@Override
public String toString() {
return address;
}
// helper
private static String serialise(EndpointReference reference) {
StringWriter writer = new StringWriter();
reference.writeTo(new StreamResult(writer));
return writer.toString();
}
}

37
src/main/java/org/gcube/common/authorization/client/plugin/AbstractPlugin.java
View File

@ -1,37 +0,0 @@
package org.gcube.common.authorization.client.plugin;
import org.gcube.common.authorization.client.Constants;
import org.gcube.common.clients.Plugin;
public abstract class AbstractPlugin<S,P> implements Plugin<S,P> {
public final String name;
public AbstractPlugin(String name) {
this.name=name;
}
@Override
public String serviceClass() {
return Constants.SERVICE_CLASS;
}
@Override
public String serviceName() {
return Constants.SERVICE_NAME;
}
@Override
public String name() {
return name;
}
@Override
public String namespace() {
return "";
}
}

35
src/main/java/org/gcube/common/authorization/client/plugin/AuthorizationPlugin.java
View File

@ -1,35 +0,0 @@
package org.gcube.common.authorization.client.plugin;
import javax.xml.ws.EndpointReference;
import org.gcube.common.authorization.client.JaxRSEndpointReference;
import org.gcube.common.authorization.client.proxy.AuthorizationProxy;
import org.gcube.common.authorization.client.proxy.DefaultAuthorizationProxy;
import org.gcube.common.clients.config.ProxyConfig;
import org.gcube.common.clients.delegates.ProxyDelegate;
public class AuthorizationPlugin extends AbstractPlugin<String, AuthorizationProxy>{
public AuthorizationPlugin() {
super("authorization-service/gcube/service");
}
@Override
public Exception convert(Exception fault, ProxyConfig<?, ?> config) {
return fault;
}
@Override
public String resolve(EndpointReference address, ProxyConfig<?, ?> config)
throws Exception {
return new JaxRSEndpointReference(address).toString();
}
@Override
public AuthorizationProxy newProxy(ProxyDelegate<String> delegate) {
return new DefaultAuthorizationProxy(delegate);
}
}

12
src/main/java/org/gcube/common/authorization/client/proxy/AuthorizationProxy.java
View File

@ -4,17 +4,17 @@ import java.util.List;
import org.gcube.common.authorization.client.exceptions.ObjectNotFound;
import org.gcube.common.authorization.library.AuthorizationEntry;
import org.gcube.common.authorization.library.BannedService;
public interface AuthorizationProxy {
String generate(String userName, List<String> roles);
String generate(String userName, List<String> roles) throws Exception;
AuthorizationEntry get(String token) throws ObjectNotFound;
AuthorizationEntry get(String token) throws ObjectNotFound, Exception;
BannedService deny(String userName, String serviceClass, String serviceName);
/*
BannedService deny(String userName, String serviceClass, String serviceName) throws Exception;
void allow(String userName, String serviceClass, String serviceName);
void allow(String userName, String serviceClass, String serviceName) throws Exception;
List<BannedService> getBannedServices(String userName);
List<BannedService> getBannedServices(String userName) throws Exception;*/
}

233
src/main/java/org/gcube/common/authorization/client/proxy/DefaultAuthorizationProxy.java
View File

@ -1,13 +1,15 @@
package org.gcube.common.authorization.client.proxy;
import static org.gcube.common.clients.exceptions.FaultDSL.again;
import static org.gcube.common.authorization.client.Constants.CLIENT_ID_PARAM;
import static org.gcube.common.authorization.client.Constants.CONTEXT_PARAM;
import static org.gcube.common.authorization.client.Constants.ROLES_PARAM;
import static org.gcube.common.authorization.client.Constants.SERVICE_NAME;
import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@ -16,160 +18,119 @@ import org.gcube.common.authorization.client.Binder;
import org.gcube.common.authorization.client.Constants;
import org.gcube.common.authorization.client.exceptions.ObjectNotFound;
import org.gcube.common.authorization.library.AuthorizationEntry;
import org.gcube.common.authorization.library.BannedService;
import org.gcube.common.authorization.library.BannedServices;
import org.gcube.common.clients.Call;
import org.gcube.common.clients.delegates.ProxyDelegate;
import org.gcube.common.clients.stubs.jaxws.JAXWSUtils.Empty;
import org.gcube.common.encryption.StringEncrypter;
import org.gcube.common.scope.api.Environment;
import org.gcube.common.scope.api.ScopeProvider;
import org.gcube.common.scope.impl.EnvironmentServiceMap;
public class DefaultAuthorizationProxy implements AuthorizationProxy {
private final ProxyDelegate<String> delegate;
public DefaultAuthorizationProxy(ProxyDelegate<String> config){
this.delegate = config;
}
private static Map<String, AuthorizationEntryCache> cache = new HashMap<String, AuthorizationEntryCache>();
@Override
public String generate(final String userName, final List<String> roles) {
Call<String, String> call = new Call<String, String>() {
private static String endpoint;
@Override
public String call(String endpoint) throws Exception {
StringBuilder rolesQueryString = new StringBuilder();
for (String role: roles)
rolesQueryString.append(role).append(",");
rolesQueryString.deleteCharAt(rolesQueryString.lastIndexOf(","));
String callUrl = endpoint+"/generate/"+userName+"?roles="+rolesQueryString.toString();
URL url = new URL(callUrl);
HttpURLConnection connection = makeRequest(url, "POST");
if (connection.getResponseCode()!=200) throw new Exception("error contacting authorization service");
try(BufferedReader reader = new BufferedReader(new InputStreamReader((InputStream)connection.getContent()));){
StringBuilder result = new StringBuilder();
String line;
while((line = reader.readLine()) != null)
result.append(line);
return result.toString();
}
}
};
try {
return delegate.make(call);
} catch (Exception e) {
throw again(e).asServiceException();
public DefaultAuthorizationProxy() {
endpoint = EnvironmentServiceMap.getInfrastructuresFor(Environment.DEVELOPMENT).endpoint(SERVICE_NAME);
}
@Override
public String generate(String clientId, List<String> roles) throws Exception {
final String methodPath = "/generate/token/";
StringBuilder rolesQueryString = new StringBuilder();
if (roles.size()>0){
for (String role: roles)
rolesQueryString.append(role).append(",");
rolesQueryString.deleteCharAt(rolesQueryString.lastIndexOf(","));
}
StringBuilder callUrl = new StringBuilder(endpoint).append(methodPath).append("?")
.append(CLIENT_ID_PARAM).append("=").append(clientId).append("&")
.append(ROLES_PARAM).append("=").append(rolesQueryString).append("&")
.append(CONTEXT_PARAM).append("=").append(ScopeProvider.instance.get());
URL url = new URL(callUrl.toString());
HttpURLConnection connection = (HttpURLConnection)url.openConnection();
connection.setRequestMethod("POST");
if (connection.getResponseCode()!=200) throw new Exception("error contacting authorization service");
String encryptedToken= "";
try(BufferedReader reader = new BufferedReader(new InputStreamReader((InputStream)connection.getContent()));){
StringBuilder result = new StringBuilder();
String line;
while((line = reader.readLine()) != null)
result.append(line);
encryptedToken = result.toString();
}
return StringEncrypter.getEncrypter().decrypt(encryptedToken);
}
@Override
public AuthorizationEntry get(final String token) throws ObjectNotFound, Exception{
final String methodPath = "/retrieve/";
StringBuilder callUrl = new StringBuilder(endpoint).append(methodPath).append(token);
URL url = new URL(callUrl.toString());
HttpURLConnection connection = makeRequest(url, "GET");
if (connection.getResponseCode()==404) throw new ObjectNotFound("token "+token+" not found");
if (connection.getResponseCode()!=200) throw new Exception("error contacting authorization service");
if (connection.getContentLengthLong()<=0) return null;
try(InputStream stream = (InputStream)connection.getContent();){
AuthorizationEntry entry = (AuthorizationEntry)Binder.getContext().createUnmarshaller().unmarshal(stream);
cache.put(token, new AuthorizationEntryCache(entry));
return entry;
}
}
/*
@Override
public BannedService deny(final String userName, final String serviceClass, final String serviceName) throws Exception {
URL url = new URL(endpoint+"/deny/"+userName+"/"+serviceClass+"/"+serviceName);
HttpURLConnection connection = makeRequest(url, "POST");
if (connection.getResponseCode()!=200 && connection.getResponseCode()!=200) throw new Exception("error contacting authorization service");
if (connection.getContentLengthLong()<=0) return null;
try(InputStream stream = (InputStream)connection.getContent();){
BannedService service = (BannedService)Binder.getContext().createUnmarshaller().unmarshal(stream);
return service;
}
}
@Override
public AuthorizationEntry get(final String token) throws ObjectNotFound{
Call<String, AuthorizationEntry> call = new Call<String, AuthorizationEntry>() {
@Override
public AuthorizationEntry call(String endpoint) throws Exception {
URL url = new URL(endpoint+"/retrieve/"+token);
HttpURLConnection connection = makeRequest(url, "GET");
if (connection.getResponseCode()==404) throw new ObjectNotFound("token "+token+" not found");
if (connection.getResponseCode()!=200) throw new Exception("error contacting authorization service");
if (connection.getContentLengthLong()<=0) return null;
try(InputStream stream = (InputStream)connection.getContent();){
AuthorizationEntry entry = (AuthorizationEntry)Binder.getContext().createUnmarshaller().unmarshal(stream);
cache.put(token, new AuthorizationEntryCache(entry));
return entry;
}
}
};
if (cache.containsKey(token) && cache.get(token).isValid())
return cache.get(token).getEntry();
try {
return delegate.make(call);
} catch (ObjectNotFound e) {
throw e;
} catch (Exception e) {
throw again(e).asServiceException();
}
public void allow(final String userName, final String serviceClass, final String serviceName) throws Exception{
URL url = new URL(endpoint+"/deny/"+userName+"/"+serviceClass+"/"+serviceName);
HttpURLConnection connection = makeRequest(url, "DELETE");
if (!(connection.getResponseCode()>=200 && connection.getResponseCode()<=206))
throw new Exception("error contacting authorization service");
}
@Override
public BannedService deny(final String userName, final String serviceClass, final String serviceName) {
Call<String, BannedService> call = new Call<String, BannedService>() {
@Override
public BannedService call(String endpoint) throws Exception {
URL url = new URL(endpoint+"/deny/"+userName+"/"+serviceClass+"/"+serviceName);
HttpURLConnection connection = makeRequest(url, "POST");
public List<BannedService> getBannedServices(final String userName) throws Exception{
if (connection.getResponseCode()!=200 && connection.getResponseCode()!=200) throw new Exception("error contacting authorization service");
if (connection.getContentLengthLong()<=0) return null;
URL url = new URL(endpoint+"/deny/"+userName);
try(InputStream stream = (InputStream)connection.getContent();){
BannedService service = (BannedService)Binder.getContext().createUnmarshaller().unmarshal(stream);
return service;
}
}
};
HttpURLConnection connection = makeRequest(url, "GET");
if (connection.getResponseCode()!=200) throw new Exception("error contacting authorization service");
if (connection.getContentLengthLong()<=0) return Collections.emptyList();
try {
return delegate.make(call);
} catch (Exception e) {
throw again(e).asServiceException();
}
}
@Override
public void allow(final String userName, final String serviceClass, final String serviceName) {
Call<String, Empty> call = new Call<String, Empty>() {
@Override
public Empty call(String endpoint) throws Exception {
URL url = new URL(endpoint+"/deny/"+userName+"/"+serviceClass+"/"+serviceName);
HttpURLConnection connection = makeRequest(url, "DELETE");
if (!(connection.getResponseCode()>=200 && connection.getResponseCode()<=206)) throw new Exception("error contacting authorization service");
return new Empty();
}
};
try {
delegate.make(call);
} catch (Exception e) {
throw again(e).asServiceException();
}
}
@Override
public List<BannedService> getBannedServices(final String userName) {
Call<String, List<BannedService>> call = new Call<String, List<BannedService>>() {
@Override
public List<BannedService> call(String endpoint) throws Exception {
URL url = new URL(endpoint+"/deny/"+userName);
HttpURLConnection connection = makeRequest(url, "GET");
if (connection.getResponseCode()!=200) throw new Exception("error contacting authorization service");
if (connection.getContentLengthLong()<=0) return Collections.emptyList();
try(InputStream stream = (InputStream)connection.getContent();){
BannedServices services = (BannedServices)Binder.getContext().createUnmarshaller().unmarshal(stream);
if (services.get()==null) return Collections.emptyList();
else return services.get();
}
}
};
try {
return delegate.make(call);
} catch (Exception e) {
throw again(e).asServiceException();
try(InputStream stream = (InputStream)connection.getContent();){
BannedServices services = (BannedServices)Binder.getContext().createUnmarshaller().unmarshal(stream);
if (services.get()==null) return Collections.emptyList();
else return services.get();
}
}
*/
private HttpURLConnection makeRequest(URL url, String method) throws Exception{
HttpURLConnection connection = (HttpURLConnection)url.openConnection();

42
src/test/java/org/gcube/common/authorizationservice/cl/CallTest.java
View File

@ -3,58 +3,68 @@ package org.gcube.common.authorizationservice.cl;
import static org.gcube.common.authorization.client.Constants.authorizationService;
import java.util.Arrays;
import java.util.List;
import org.gcube.common.authorization.client.exceptions.ObjectNotFound;
import org.gcube.common.authorization.library.BannedService;
import org.gcube.common.scope.api.ScopeProvider;
import org.junit.Test;
public class CallTest {
@Test
public void call(){
ScopeProvider.instance.set("/gcube/devsec");
public void call() throws Exception{
try{
System.out.println(authorizationService().build().get("a00affeb-0b75-4152-a134-e5c432a9a70a"));
System.out.println(authorizationService().get("a00affeb-0b75-4152-a134-e5c432a9a70a"));
}catch(ObjectNotFound onf){
onf.printStackTrace();
}
}
@Test
public void requestToken(){
public void requestToken() throws Exception {
ScopeProvider.instance.set("/gcube/devNext/NextNext");
String token = authorizationService().build().generate("fabio.sinibaldi", Arrays.asList("User"));
ScopeProvider.instance.set("/gcube");
String token = authorizationService().generate("fabio.sinibaldi", Arrays.asList("User"));
System.out.println("token is: "+token);
}
/*
@Test
public void denyService(){
public void denyService() throws Exception {
ScopeProvider.instance.set("/gcube/devsec");
authorizationService().build().deny("giancarlo.panichi", "WPS", "DataMiner");
authorizationService().deny("giancarlo.panichi", "WPS", "DataMiner");
}
@Test
public void allowService(){
public void allowService() throws Exception{
ScopeProvider.instance.set("/gcube/devsec");
authorizationService().build().allow("lucio.lelii", "Test", "AuthorizationTest");
authorizationService().allow("lucio.lelii", "Test", "AuthorizationTest");
}
@Test
public void getBannedServices(){
public void getBannedServices() throws Exception{
ScopeProvider.instance.set("/gcube/devsec");
List<BannedService> bannedServices = authorizationService().build().getBannedServices("lucio.lelii");
List<BannedService> bannedServices = authorizationService().getBannedServices("lucio.lelii");
for (BannedService banService : bannedServices)
System.out.println(banService);
}
@Test
public void retreiveTest() throws Exception{
ScopeProvider.instance.set("/gcube");
SimpleQuery query = queryFor(ServiceEndpoint.class);
query.addCondition("$resource/Profile/Category/text() eq 'Database'")
.addCondition("$resource/Profile/Name/text() eq 'AuthorizationDB'")
.setResult("$resource/Profile//AccessPoint[./Interface/Endpoint/@EntryName eq 'authorization']");
DiscoveryClient<AccessPoint> client = clientFor(AccessPoint.class);
List<AccessPoint> results = client.submit(query);
for (AccessPoint ap : results){
System.out.println(ap.username()+" "+StringEncrypter.getEncrypter().decrypt(ap.password()));
}
}
*/
}

14
src/test/java/org/gcube/common/authorizationservice/cl/MainCall.java Normal file
View File

@ -0,0 +1,14 @@
package org.gcube.common.authorizationservice.cl;
import static org.gcube.common.authorization.client.Constants.authorizationService;
import java.util.Arrays;
public class MainCall {
public static void main(String... args) throws Exception{
String token = authorizationService().generate("fabio.sinibaldi", Arrays.asList("User"));
System.out.println("token is: "+token);
}
}