From da2312205042b171015d10be0021f35d55216c76 Mon Sep 17 00:00:00 2001 From: "lucio.lelii" Date: Tue, 24 Nov 2015 18:26:37 +0000 Subject: [PATCH] git-svn-id: http://svn.research-infrastructures.eu/public/d4science/gcube/trunk/Common/authorization-common-client@120400 82a268e6-3cf1-43bd-a215-b396298e98cf --- pom.xml | 28 +-- .../common/authorization/client/Binder.java | 4 +- .../authorization/client/Constants.java | 23 +- .../client/JaxRSEndpointReference.java | 60 ----- .../client/plugin/AbstractPlugin.java | 37 --- .../client/plugin/AuthorizationPlugin.java | 35 --- .../client/proxy/AuthorizationProxy.java | 12 +- .../proxy/DefaultAuthorizationProxy.java | 233 ++++++++---------- .../authorizationservice/cl/CallTest.java | 42 ++-- .../authorizationservice/cl/MainCall.java | 14 ++ 10 files changed, 164 insertions(+), 324 deletions(-) delete mode 100644 src/main/java/org/gcube/common/authorization/client/JaxRSEndpointReference.java delete mode 100644 src/main/java/org/gcube/common/authorization/client/plugin/AbstractPlugin.java delete mode 100644 src/main/java/org/gcube/common/authorization/client/plugin/AuthorizationPlugin.java create mode 100644 src/test/java/org/gcube/common/authorizationservice/cl/MainCall.java diff --git a/pom.xml b/pom.xml index d7383f8..a1fd050 100644 --- a/pom.xml +++ b/pom.xml @@ -3,7 +3,7 @@ 4.0.0 org.gcube.common authorization-client - 1.0.0-SNAPSHOT + 2.0.0-SNAPSHOT authorization service client library @@ -15,26 +15,26 @@ distro - + - + org.gcube.common common-authorization - [1.0.0-SNAPSHOT,2.0.0-SNAPSHOT) + [2.0.0-SNAPSHOT,3.0.0-SNAPSHOT) - - - org.gcube.core - common-generic-clients - [1.0.0-SNAPSHOT,2.0.0-SNAPSHOT) - - - + + org.gcube.core common-encryption [1.0.2-SNAPSHOT,2.0.0-SNAPSHOT) - - + + + + org.gcube.core + common-encryption + [1.0.0-SNAPSHOT,2.0.0-SNAPSHOT) + + org.slf4j slf4j-api diff --git a/src/main/java/org/gcube/common/authorization/client/Binder.java b/src/main/java/org/gcube/common/authorization/client/Binder.java index eea611b..b04438b 100644 --- a/src/main/java/org/gcube/common/authorization/client/Binder.java +++ b/src/main/java/org/gcube/common/authorization/client/Binder.java @@ -5,8 +5,6 @@ import javax.xml.bind.JAXBContext; import javax.xml.bind.JAXBException; import org.gcube.common.authorization.library.AuthorizationEntry; -import org.gcube.common.authorization.library.BannedService; -import org.gcube.common.authorization.library.BannedServices; public class Binder { @@ -14,7 +12,7 @@ public class Binder { public static JAXBContext getContext() throws JAXBException{ if (context==null) - context = JAXBContext.newInstance(AuthorizationEntry.class, BannedService.class, BannedServices.class); + context = JAXBContext.newInstance(AuthorizationEntry.class); return context; } diff --git a/src/main/java/org/gcube/common/authorization/client/Constants.java b/src/main/java/org/gcube/common/authorization/client/Constants.java index 27d6a2f..0098317 100644 --- a/src/main/java/org/gcube/common/authorization/client/Constants.java +++ b/src/main/java/org/gcube/common/authorization/client/Constants.java @@ -1,35 +1,24 @@ package org.gcube.common.authorization.client; -import java.util.concurrent.TimeUnit; - -import javax.xml.namespace.QName; - -import org.gcube.common.authorization.client.plugin.AuthorizationPlugin; import org.gcube.common.authorization.client.proxy.AuthorizationProxy; -import org.gcube.common.clients.ProxyBuilder; -import org.gcube.common.clients.ProxyBuilderImpl; +import org.gcube.common.authorization.client.proxy.DefaultAuthorizationProxy; public class Constants { /** Service name. */ public static final String SERVICE_NAME = "AuthorizationService"; - /** Service class. */ - public static final String SERVICE_CLASS = "Common"; + public static String CLIENT_ID_PARAM= "client_ID"; - public static final String CONTEXT_SERVICE_NAME="authorization-service"; + public static String CONTEXT_PARAM= "context"; - public static final int DEFAULT_TIMEOUT= (int) TimeUnit.SECONDS.toMillis(10); - - private static final String TNS = "http://gcube-system.org/"; + public static String ROLES_PARAM= "roles"; - public static final QName AUTHORIZATION_QNAME = new QName(TNS, "authorization-service"); - public static final String SCOPE_HEADER_ENTRY = "gcube-scope"; public static final long TIME_TO_LIVE_CACHE_IN_MILLIS = (60*1000)*60; //1 hour - public static ProxyBuilder authorizationService() { - return new ProxyBuilderImpl(new AuthorizationPlugin()); + public static AuthorizationProxy authorizationService() { + return new DefaultAuthorizationProxy(); } } diff --git a/src/main/java/org/gcube/common/authorization/client/JaxRSEndpointReference.java b/src/main/java/org/gcube/common/authorization/client/JaxRSEndpointReference.java deleted file mode 100644 index 04f7faa..0000000 --- a/src/main/java/org/gcube/common/authorization/client/JaxRSEndpointReference.java +++ /dev/null @@ -1,60 +0,0 @@ -package org.gcube.common.authorization.client; - -import java.io.StringReader; -import java.io.StringWriter; -import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.transform.stream.StreamResult; -import javax.xml.ws.EndpointReference; -import org.w3c.dom.Document; -import org.w3c.dom.NodeList; -import org.xml.sax.InputSource; - -public class JaxRSEndpointReference { - - private static final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); - - private static final String addressLocalName = "Address"; - //private static final String keyLocalName = "ResourceKey"; - - String address; - //Element key; - - static { - factory.setNamespaceAware(true); - } - - public JaxRSEndpointReference(EndpointReference reference) { - this(serialise(reference)); - } - - public JaxRSEndpointReference(String reference) { - - try { - - Document document = factory.newDocumentBuilder().parse(new InputSource(new StringReader(reference))); - - NodeList addresses = document.getElementsByTagNameNS("*", addressLocalName); - - if (addresses.getLength() == 0) - throw new RuntimeException("reference does not contain an address"); - - address = addresses.item(0).getTextContent(); - - } catch (Exception e) { - throw new IllegalArgumentException("reference is not a gCore reference", e); - } - - } - - @Override - public String toString() { - return address; - } - - // helper - private static String serialise(EndpointReference reference) { - StringWriter writer = new StringWriter(); - reference.writeTo(new StreamResult(writer)); - return writer.toString(); - } -} diff --git a/src/main/java/org/gcube/common/authorization/client/plugin/AbstractPlugin.java b/src/main/java/org/gcube/common/authorization/client/plugin/AbstractPlugin.java deleted file mode 100644 index 9b4e910..0000000 --- a/src/main/java/org/gcube/common/authorization/client/plugin/AbstractPlugin.java +++ /dev/null @@ -1,37 +0,0 @@ -package org.gcube.common.authorization.client.plugin; - -import org.gcube.common.authorization.client.Constants; -import org.gcube.common.clients.Plugin; - - - -public abstract class AbstractPlugin implements Plugin { - - - public final String name; - - public AbstractPlugin(String name) { - this.name=name; - } - - @Override - public String serviceClass() { - return Constants.SERVICE_CLASS; - } - - @Override - public String serviceName() { - return Constants.SERVICE_NAME; - } - - @Override - public String name() { - return name; - } - - @Override - public String namespace() { - return ""; - } - -} \ No newline at end of file diff --git a/src/main/java/org/gcube/common/authorization/client/plugin/AuthorizationPlugin.java b/src/main/java/org/gcube/common/authorization/client/plugin/AuthorizationPlugin.java deleted file mode 100644 index 0c5d98d..0000000 --- a/src/main/java/org/gcube/common/authorization/client/plugin/AuthorizationPlugin.java +++ /dev/null @@ -1,35 +0,0 @@ -package org.gcube.common.authorization.client.plugin; - - -import javax.xml.ws.EndpointReference; - -import org.gcube.common.authorization.client.JaxRSEndpointReference; -import org.gcube.common.authorization.client.proxy.AuthorizationProxy; -import org.gcube.common.authorization.client.proxy.DefaultAuthorizationProxy; -import org.gcube.common.clients.config.ProxyConfig; -import org.gcube.common.clients.delegates.ProxyDelegate; - -public class AuthorizationPlugin extends AbstractPlugin{ - - public AuthorizationPlugin() { - super("authorization-service/gcube/service"); - } - - @Override - public Exception convert(Exception fault, ProxyConfig config) { - return fault; - } - - @Override - public String resolve(EndpointReference address, ProxyConfig config) - throws Exception { - return new JaxRSEndpointReference(address).toString(); - - } - - @Override - public AuthorizationProxy newProxy(ProxyDelegate delegate) { - return new DefaultAuthorizationProxy(delegate); - } - -} diff --git a/src/main/java/org/gcube/common/authorization/client/proxy/AuthorizationProxy.java b/src/main/java/org/gcube/common/authorization/client/proxy/AuthorizationProxy.java index 8e0e21c..39e0d2e 100644 --- a/src/main/java/org/gcube/common/authorization/client/proxy/AuthorizationProxy.java +++ b/src/main/java/org/gcube/common/authorization/client/proxy/AuthorizationProxy.java @@ -4,17 +4,17 @@ import java.util.List; import org.gcube.common.authorization.client.exceptions.ObjectNotFound; import org.gcube.common.authorization.library.AuthorizationEntry; -import org.gcube.common.authorization.library.BannedService; public interface AuthorizationProxy { - String generate(String userName, List roles); + String generate(String userName, List roles) throws Exception; - AuthorizationEntry get(String token) throws ObjectNotFound; + AuthorizationEntry get(String token) throws ObjectNotFound, Exception; - BannedService deny(String userName, String serviceClass, String serviceName); + /* + BannedService deny(String userName, String serviceClass, String serviceName) throws Exception; - void allow(String userName, String serviceClass, String serviceName); + void allow(String userName, String serviceClass, String serviceName) throws Exception; - List getBannedServices(String userName); + List getBannedServices(String userName) throws Exception;*/ } diff --git a/src/main/java/org/gcube/common/authorization/client/proxy/DefaultAuthorizationProxy.java b/src/main/java/org/gcube/common/authorization/client/proxy/DefaultAuthorizationProxy.java index e247d43..03230c2 100644 --- a/src/main/java/org/gcube/common/authorization/client/proxy/DefaultAuthorizationProxy.java +++ b/src/main/java/org/gcube/common/authorization/client/proxy/DefaultAuthorizationProxy.java @@ -1,13 +1,15 @@ package org.gcube.common.authorization.client.proxy; -import static org.gcube.common.clients.exceptions.FaultDSL.again; +import static org.gcube.common.authorization.client.Constants.CLIENT_ID_PARAM; +import static org.gcube.common.authorization.client.Constants.CONTEXT_PARAM; +import static org.gcube.common.authorization.client.Constants.ROLES_PARAM; +import static org.gcube.common.authorization.client.Constants.SERVICE_NAME; import java.io.BufferedReader; import java.io.InputStream; import java.io.InputStreamReader; import java.net.HttpURLConnection; import java.net.URL; -import java.util.Collections; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -16,160 +18,119 @@ import org.gcube.common.authorization.client.Binder; import org.gcube.common.authorization.client.Constants; import org.gcube.common.authorization.client.exceptions.ObjectNotFound; import org.gcube.common.authorization.library.AuthorizationEntry; -import org.gcube.common.authorization.library.BannedService; -import org.gcube.common.authorization.library.BannedServices; -import org.gcube.common.clients.Call; -import org.gcube.common.clients.delegates.ProxyDelegate; -import org.gcube.common.clients.stubs.jaxws.JAXWSUtils.Empty; +import org.gcube.common.encryption.StringEncrypter; +import org.gcube.common.scope.api.Environment; import org.gcube.common.scope.api.ScopeProvider; +import org.gcube.common.scope.impl.EnvironmentServiceMap; public class DefaultAuthorizationProxy implements AuthorizationProxy { - private final ProxyDelegate delegate; - - public DefaultAuthorizationProxy(ProxyDelegate config){ - this.delegate = config; - } - private static Map cache = new HashMap(); - @Override - public String generate(final String userName, final List roles) { - Call call = new Call() { + private static String endpoint; - @Override - public String call(String endpoint) throws Exception { - StringBuilder rolesQueryString = new StringBuilder(); - for (String role: roles) - rolesQueryString.append(role).append(","); - rolesQueryString.deleteCharAt(rolesQueryString.lastIndexOf(",")); - String callUrl = endpoint+"/generate/"+userName+"?roles="+rolesQueryString.toString(); - URL url = new URL(callUrl); - HttpURLConnection connection = makeRequest(url, "POST"); - if (connection.getResponseCode()!=200) throw new Exception("error contacting authorization service"); - try(BufferedReader reader = new BufferedReader(new InputStreamReader((InputStream)connection.getContent()));){ - StringBuilder result = new StringBuilder(); - String line; - while((line = reader.readLine()) != null) - result.append(line); - return result.toString(); - } - } - }; - try { - return delegate.make(call); - } catch (Exception e) { - throw again(e).asServiceException(); + public DefaultAuthorizationProxy() { + endpoint = EnvironmentServiceMap.getInfrastructuresFor(Environment.DEVELOPMENT).endpoint(SERVICE_NAME); + } + + @Override + public String generate(String clientId, List roles) throws Exception { + final String methodPath = "/generate/token/"; + + StringBuilder rolesQueryString = new StringBuilder(); + if (roles.size()>0){ + for (String role: roles) + rolesQueryString.append(role).append(","); + rolesQueryString.deleteCharAt(rolesQueryString.lastIndexOf(",")); + } + StringBuilder callUrl = new StringBuilder(endpoint).append(methodPath).append("?") + .append(CLIENT_ID_PARAM).append("=").append(clientId).append("&") + .append(ROLES_PARAM).append("=").append(rolesQueryString).append("&") + .append(CONTEXT_PARAM).append("=").append(ScopeProvider.instance.get()); + + URL url = new URL(callUrl.toString()); + HttpURLConnection connection = (HttpURLConnection)url.openConnection(); + connection.setRequestMethod("POST"); + + + if (connection.getResponseCode()!=200) throw new Exception("error contacting authorization service"); + String encryptedToken= ""; + try(BufferedReader reader = new BufferedReader(new InputStreamReader((InputStream)connection.getContent()));){ + StringBuilder result = new StringBuilder(); + String line; + while((line = reader.readLine()) != null) + result.append(line); + encryptedToken = result.toString(); + } + + return StringEncrypter.getEncrypter().decrypt(encryptedToken); + + } + + @Override + public AuthorizationEntry get(final String token) throws ObjectNotFound, Exception{ + final String methodPath = "/retrieve/"; + + StringBuilder callUrl = new StringBuilder(endpoint).append(methodPath).append(token); + + URL url = new URL(callUrl.toString()); + + HttpURLConnection connection = makeRequest(url, "GET"); + if (connection.getResponseCode()==404) throw new ObjectNotFound("token "+token+" not found"); + if (connection.getResponseCode()!=200) throw new Exception("error contacting authorization service"); + if (connection.getContentLengthLong()<=0) return null; + + try(InputStream stream = (InputStream)connection.getContent();){ + AuthorizationEntry entry = (AuthorizationEntry)Binder.getContext().createUnmarshaller().unmarshal(stream); + cache.put(token, new AuthorizationEntryCache(entry)); + return entry; + } + + } + + /* + @Override + public BannedService deny(final String userName, final String serviceClass, final String serviceName) throws Exception { + + URL url = new URL(endpoint+"/deny/"+userName+"/"+serviceClass+"/"+serviceName); + HttpURLConnection connection = makeRequest(url, "POST"); + + if (connection.getResponseCode()!=200 && connection.getResponseCode()!=200) throw new Exception("error contacting authorization service"); + if (connection.getContentLengthLong()<=0) return null; + + try(InputStream stream = (InputStream)connection.getContent();){ + BannedService service = (BannedService)Binder.getContext().createUnmarshaller().unmarshal(stream); + return service; } } @Override - public AuthorizationEntry get(final String token) throws ObjectNotFound{ - Call call = new Call() { - - @Override - public AuthorizationEntry call(String endpoint) throws Exception { - - URL url = new URL(endpoint+"/retrieve/"+token); - HttpURLConnection connection = makeRequest(url, "GET"); - if (connection.getResponseCode()==404) throw new ObjectNotFound("token "+token+" not found"); - if (connection.getResponseCode()!=200) throw new Exception("error contacting authorization service"); - if (connection.getContentLengthLong()<=0) return null; - - try(InputStream stream = (InputStream)connection.getContent();){ - AuthorizationEntry entry = (AuthorizationEntry)Binder.getContext().createUnmarshaller().unmarshal(stream); - cache.put(token, new AuthorizationEntryCache(entry)); - return entry; - } - - } - }; - if (cache.containsKey(token) && cache.get(token).isValid()) - return cache.get(token).getEntry(); - try { - return delegate.make(call); - } catch (ObjectNotFound e) { - throw e; - } catch (Exception e) { - throw again(e).asServiceException(); - } + public void allow(final String userName, final String serviceClass, final String serviceName) throws Exception{ + URL url = new URL(endpoint+"/deny/"+userName+"/"+serviceClass+"/"+serviceName); + HttpURLConnection connection = makeRequest(url, "DELETE"); + if (!(connection.getResponseCode()>=200 && connection.getResponseCode()<=206)) + throw new Exception("error contacting authorization service"); } + @Override - public BannedService deny(final String userName, final String serviceClass, final String serviceName) { - Call call = new Call() { - @Override - public BannedService call(String endpoint) throws Exception { - URL url = new URL(endpoint+"/deny/"+userName+"/"+serviceClass+"/"+serviceName); - HttpURLConnection connection = makeRequest(url, "POST"); + public List getBannedServices(final String userName) throws Exception{ - if (connection.getResponseCode()!=200 && connection.getResponseCode()!=200) throw new Exception("error contacting authorization service"); - if (connection.getContentLengthLong()<=0) return null; + URL url = new URL(endpoint+"/deny/"+userName); - try(InputStream stream = (InputStream)connection.getContent();){ - BannedService service = (BannedService)Binder.getContext().createUnmarshaller().unmarshal(stream); - return service; - } - } - }; + HttpURLConnection connection = makeRequest(url, "GET"); + if (connection.getResponseCode()!=200) throw new Exception("error contacting authorization service"); + if (connection.getContentLengthLong()<=0) return Collections.emptyList(); - try { - return delegate.make(call); - } catch (Exception e) { - throw again(e).asServiceException(); - } - } - - @Override - public void allow(final String userName, final String serviceClass, final String serviceName) { - Call call = new Call() { - - @Override - public Empty call(String endpoint) throws Exception { - URL url = new URL(endpoint+"/deny/"+userName+"/"+serviceClass+"/"+serviceName); - HttpURLConnection connection = makeRequest(url, "DELETE"); - if (!(connection.getResponseCode()>=200 && connection.getResponseCode()<=206)) throw new Exception("error contacting authorization service"); - return new Empty(); - - } - }; - - try { - delegate.make(call); - } catch (Exception e) { - throw again(e).asServiceException(); - } - } - - @Override - public List getBannedServices(final String userName) { - Call> call = new Call>() { - - @Override - public List call(String endpoint) throws Exception { - - URL url = new URL(endpoint+"/deny/"+userName); - - HttpURLConnection connection = makeRequest(url, "GET"); - if (connection.getResponseCode()!=200) throw new Exception("error contacting authorization service"); - if (connection.getContentLengthLong()<=0) return Collections.emptyList(); - - try(InputStream stream = (InputStream)connection.getContent();){ - BannedServices services = (BannedServices)Binder.getContext().createUnmarshaller().unmarshal(stream); - if (services.get()==null) return Collections.emptyList(); - else return services.get(); - } - - } - }; - - try { - return delegate.make(call); - } catch (Exception e) { - throw again(e).asServiceException(); + try(InputStream stream = (InputStream)connection.getContent();){ + BannedServices services = (BannedServices)Binder.getContext().createUnmarshaller().unmarshal(stream); + if (services.get()==null) return Collections.emptyList(); + else return services.get(); } + } + */ private HttpURLConnection makeRequest(URL url, String method) throws Exception{ HttpURLConnection connection = (HttpURLConnection)url.openConnection(); diff --git a/src/test/java/org/gcube/common/authorizationservice/cl/CallTest.java b/src/test/java/org/gcube/common/authorizationservice/cl/CallTest.java index afee75c..715d676 100644 --- a/src/test/java/org/gcube/common/authorizationservice/cl/CallTest.java +++ b/src/test/java/org/gcube/common/authorizationservice/cl/CallTest.java @@ -3,58 +3,68 @@ package org.gcube.common.authorizationservice.cl; import static org.gcube.common.authorization.client.Constants.authorizationService; import java.util.Arrays; -import java.util.List; import org.gcube.common.authorization.client.exceptions.ObjectNotFound; -import org.gcube.common.authorization.library.BannedService; import org.gcube.common.scope.api.ScopeProvider; import org.junit.Test; public class CallTest { @Test - public void call(){ - ScopeProvider.instance.set("/gcube/devsec"); + public void call() throws Exception{ try{ - System.out.println(authorizationService().build().get("a00affeb-0b75-4152-a134-e5c432a9a70a")); + System.out.println(authorizationService().get("a00affeb-0b75-4152-a134-e5c432a9a70a")); }catch(ObjectNotFound onf){ onf.printStackTrace(); } } @Test - public void requestToken(){ + public void requestToken() throws Exception { - ScopeProvider.instance.set("/gcube/devNext/NextNext"); - String token = authorizationService().build().generate("fabio.sinibaldi", Arrays.asList("User")); + ScopeProvider.instance.set("/gcube"); + String token = authorizationService().generate("fabio.sinibaldi", Arrays.asList("User")); System.out.println("token is: "+token); } - +/* @Test - public void denyService(){ - + public void denyService() throws Exception { ScopeProvider.instance.set("/gcube/devsec"); - authorizationService().build().deny("giancarlo.panichi", "WPS", "DataMiner"); + authorizationService().deny("giancarlo.panichi", "WPS", "DataMiner"); } @Test - public void allowService(){ + public void allowService() throws Exception{ ScopeProvider.instance.set("/gcube/devsec"); - authorizationService().build().allow("lucio.lelii", "Test", "AuthorizationTest"); + authorizationService().allow("lucio.lelii", "Test", "AuthorizationTest"); } @Test - public void getBannedServices(){ + public void getBannedServices() throws Exception{ ScopeProvider.instance.set("/gcube/devsec"); - List bannedServices = authorizationService().build().getBannedServices("lucio.lelii"); + List bannedServices = authorizationService().getBannedServices("lucio.lelii"); for (BannedService banService : bannedServices) System.out.println(banService); } + @Test + public void retreiveTest() throws Exception{ + ScopeProvider.instance.set("/gcube"); + SimpleQuery query = queryFor(ServiceEndpoint.class); + query.addCondition("$resource/Profile/Category/text() eq 'Database'") + .addCondition("$resource/Profile/Name/text() eq 'AuthorizationDB'") + .setResult("$resource/Profile//AccessPoint[./Interface/Endpoint/@EntryName eq 'authorization']"); + DiscoveryClient client = clientFor(AccessPoint.class); + List results = client.submit(query); + for (AccessPoint ap : results){ + System.out.println(ap.username()+" "+StringEncrypter.getEncrypter().decrypt(ap.password())); + } + } + */ } diff --git a/src/test/java/org/gcube/common/authorizationservice/cl/MainCall.java b/src/test/java/org/gcube/common/authorizationservice/cl/MainCall.java new file mode 100644 index 0000000..27c9194 --- /dev/null +++ b/src/test/java/org/gcube/common/authorizationservice/cl/MainCall.java @@ -0,0 +1,14 @@ +package org.gcube.common.authorizationservice.cl; + +import static org.gcube.common.authorization.client.Constants.authorizationService; + +import java.util.Arrays; + +public class MainCall { + + public static void main(String... args) throws Exception{ + String token = authorizationService().generate("fabio.sinibaldi", Arrays.asList("User")); + System.out.println("token is: "+token); + } + +}