From dace2de108f512a3daf8932de570adf6db8eee29 Mon Sep 17 00:00:00 2001 From: "lucio.lelii" Date: Thu, 4 Jun 2015 16:49:59 +0000 Subject: [PATCH] git-svn-id: http://svn.research-infrastructures.eu/public/d4science/gcube/trunk/Common/authorization-common-client@115225 82a268e6-3cf1-43bd-a215-b396298e98cf --- .../common/authorization/client/Binder.java | 5 +- .../authorization/client/Constants.java | 2 + .../client/proxy/AuthorizationEntryCache.java | 23 ++++ .../client/proxy/AuthorizationProxy.java | 9 +- .../proxy/DefaultAuthorizationProxy.java | 113 ++++++++++++------ .../authorizationservice/cl/CallTest.java | 38 ++++-- 6 files changed, 144 insertions(+), 46 deletions(-) create mode 100644 src/main/java/org/gcube/common/authorization/client/proxy/AuthorizationEntryCache.java diff --git a/src/main/java/org/gcube/common/authorization/client/Binder.java b/src/main/java/org/gcube/common/authorization/client/Binder.java index 95f4739..f4edd71 100644 --- a/src/main/java/org/gcube/common/authorization/client/Binder.java +++ b/src/main/java/org/gcube/common/authorization/client/Binder.java @@ -1,9 +1,12 @@ package org.gcube.common.authorization.client; + import javax.xml.bind.JAXBContext; import javax.xml.bind.JAXBException; import org.gcube.common.authorization.library.AuthorizationEntry; +import org.gcube.common.authorization.library.BannedServices; +import org.gcube.common.authorization.library.provider.Service; public class Binder { @@ -11,7 +14,7 @@ public class Binder { public static JAXBContext getContext() throws JAXBException{ if (context==null) - context = JAXBContext.newInstance(AuthorizationEntry.class); + context = JAXBContext.newInstance(AuthorizationEntry.class, Service.class, BannedServices.class); return context; } diff --git a/src/main/java/org/gcube/common/authorization/client/Constants.java b/src/main/java/org/gcube/common/authorization/client/Constants.java index f9dee6a..27d6a2f 100644 --- a/src/main/java/org/gcube/common/authorization/client/Constants.java +++ b/src/main/java/org/gcube/common/authorization/client/Constants.java @@ -27,6 +27,8 @@ public class Constants { public static final String SCOPE_HEADER_ENTRY = "gcube-scope"; + public static final long TIME_TO_LIVE_CACHE_IN_MILLIS = (60*1000)*60; //1 hour + public static ProxyBuilder authorizationService() { return new ProxyBuilderImpl(new AuthorizationPlugin()); } diff --git a/src/main/java/org/gcube/common/authorization/client/proxy/AuthorizationEntryCache.java b/src/main/java/org/gcube/common/authorization/client/proxy/AuthorizationEntryCache.java new file mode 100644 index 0000000..7adb697 --- /dev/null +++ b/src/main/java/org/gcube/common/authorization/client/proxy/AuthorizationEntryCache.java @@ -0,0 +1,23 @@ +package org.gcube.common.authorization.client.proxy; + +import org.gcube.common.authorization.client.Constants; +import org.gcube.common.authorization.library.AuthorizationEntry; + +public class AuthorizationEntryCache { + + private AuthorizationEntry entry; + private long creationDate; + + public AuthorizationEntryCache(AuthorizationEntry entry) { + super(); + this.entry = entry; + this.creationDate = System.currentTimeMillis(); + } + public AuthorizationEntry getEntry() { + return entry; + } + + public boolean isValid(){ + return (System.currentTimeMillis()-Constants.TIME_TO_LIVE_CACHE_IN_MILLIS) roles); AuthorizationEntry get(String token); - void deny(String userName, Service service); + Service deny(String userName, Service service); void allow(String userName, Service service); + + List getBannedServices(String userName); } diff --git a/src/main/java/org/gcube/common/authorization/client/proxy/DefaultAuthorizationProxy.java b/src/main/java/org/gcube/common/authorization/client/proxy/DefaultAuthorizationProxy.java index ac47597..a5d4ac2 100644 --- a/src/main/java/org/gcube/common/authorization/client/proxy/DefaultAuthorizationProxy.java +++ b/src/main/java/org/gcube/common/authorization/client/proxy/DefaultAuthorizationProxy.java @@ -7,12 +7,16 @@ import java.io.InputStream; import java.io.InputStreamReader; import java.net.HttpURLConnection; import java.net.URL; +import java.util.Collections; import java.util.HashMap; +import java.util.List; import java.util.Map; import org.gcube.common.authorization.client.Binder; import org.gcube.common.authorization.client.Constants; import org.gcube.common.authorization.library.AuthorizationEntry; +import org.gcube.common.authorization.library.BannedService; +import org.gcube.common.authorization.library.BannedServices; import org.gcube.common.authorization.library.provider.Service; import org.gcube.common.clients.Call; import org.gcube.common.clients.delegates.ProxyDelegate; @@ -27,30 +31,28 @@ public class DefaultAuthorizationProxy implements AuthorizationProxy { this.delegate = config; } - private static Map cache = new HashMap(); + private static Map cache = new HashMap(); @Override - public String generate(final String userName, final String role) { + public String generate(final String userName, final List roles) { Call call = new Call() { @Override public String call(String endpoint) throws Exception { - URL url = new URL(endpoint+"/generate/"+userName+"/"+role); - HttpURLConnection connection = (HttpURLConnection)url.openConnection(); - connection.setRequestMethod("GET"); - connection.setRequestProperty(Constants.SCOPE_HEADER_ENTRY, ScopeProvider.instance.get()); - BufferedReader reader = new BufferedReader(new InputStreamReader((InputStream)connection.getContent())); - StringBuilder result = new StringBuilder(); - try{ + StringBuilder rolesQueryString = new StringBuilder(); + for (String role: roles) + rolesQueryString.append(role).append(","); + rolesQueryString.deleteCharAt(rolesQueryString.lastIndexOf(",")); + String callUrl = endpoint+"/generate/"+userName+"?roles="+rolesQueryString.toString(); + URL url = new URL(callUrl); + HttpURLConnection connection = makeRequest(url, "POST"); + try(BufferedReader reader = new BufferedReader(new InputStreamReader((InputStream)connection.getContent()));){ + StringBuilder result = new StringBuilder(); String line; while((line = reader.readLine()) != null) result.append(line); - }finally{ - if (reader!=null) - reader.close(); + return result.toString(); } - - return result.toString(); } }; try { @@ -68,41 +70,45 @@ public class DefaultAuthorizationProxy implements AuthorizationProxy { public AuthorizationEntry call(String endpoint) throws Exception { URL url = new URL(endpoint+"/retrieve/"+token); - HttpURLConnection connection = (HttpURLConnection)url.openConnection(); - connection.setRequestMethod("GET"); + HttpURLConnection connection = makeRequest(url, "GET"); if (connection.getContentLengthLong()<=0) return null; - + try(InputStream stream = (InputStream)connection.getContent();){ AuthorizationEntry entry = (AuthorizationEntry)Binder.getContext().createUnmarshaller().unmarshal(stream); - cache.put(token, entry); + cache.put(token, new AuthorizationEntryCache(entry)); return entry; } - + } }; - if (cache.containsKey(token)) - return cache.get(token); + if (cache.containsKey(token) && cache.get(token).isValid()) + return cache.get(token).getEntry(); try { return delegate.make(call); } catch (Exception e) { throw again(e).asServiceException(); } } - + @Override - public void deny(final String userName, final Service service) { - Call call = new Call() { + public Service deny(final String userName, final Service service) { + Call call = new Call() { @Override - public Empty call(String endpoint) throws Exception { - URL url = new URL(endpoint+"/deny/add/"+userName+"/"+service.getServiceClass()+"/"+service.getServiceName()); - HttpURLConnection connection = (HttpURLConnection)url.openConnection(); - connection.setRequestMethod("GET"); - return new Empty(); + public Service call(String endpoint) throws Exception { + URL url = new URL(endpoint+"/deny/"+userName+"/"+service.getServiceClass()+"/"+service.getServiceName()); + HttpURLConnection connection = makeRequest(url, "POST"); + + if (connection.getContentLengthLong()<=0) return null; + + try(InputStream stream = (InputStream)connection.getContent();){ + Service service = (Service)Binder.getContext().createUnmarshaller().unmarshal(stream); + return service; + } } }; - + try { - delegate.make(call); + return delegate.make(call); } catch (Exception e) { throw again(e).asServiceException(); } @@ -114,14 +120,14 @@ public class DefaultAuthorizationProxy implements AuthorizationProxy { @Override public Empty call(String endpoint) throws Exception { - URL url = new URL(endpoint+"/deny/remove/"+userName+"/"+service.getServiceClass()+"/"+service.getServiceName()); - HttpURLConnection connection = (HttpURLConnection)url.openConnection(); - connection.setRequestMethod("GET"); + URL url = new URL(endpoint+"/deny/"+userName+"/"+service.getServiceClass()+"/"+service.getServiceName()); + HttpURLConnection connection = makeRequest(url, "DELETE"); + System.out.println("response status "+connection.getResponseCode()); return new Empty(); - + } }; - + try { delegate.make(call); } catch (Exception e) { @@ -129,4 +135,39 @@ public class DefaultAuthorizationProxy implements AuthorizationProxy { } } + @Override + public List getBannedServices(final String userName) { + Call> call = new Call>() { + + @Override + public List call(String endpoint) throws Exception { + + URL url = new URL(endpoint+"/deny/"+userName); + + HttpURLConnection connection = makeRequest(url, "GET"); + if (connection.getContentLengthLong()<=0) return Collections.emptyList(); + + try(InputStream stream = (InputStream)connection.getContent();){ + BannedServices services = (BannedServices)Binder.getContext().createUnmarshaller().unmarshal(stream); + if (services.get()==null) return Collections.emptyList(); + else return services.get(); + } + + } + }; + + try { + return delegate.make(call); + } catch (Exception e) { + throw again(e).asServiceException(); + } + } + + + private HttpURLConnection makeRequest(URL url, String method) throws Exception{ + HttpURLConnection connection = (HttpURLConnection)url.openConnection(); + connection.setRequestProperty(Constants.SCOPE_HEADER_ENTRY, ScopeProvider.instance.get()); + connection.setRequestMethod(method); + return connection; + } } diff --git a/src/test/java/org/gcube/common/authorizationservice/cl/CallTest.java b/src/test/java/org/gcube/common/authorizationservice/cl/CallTest.java index 4485730..841875a 100644 --- a/src/test/java/org/gcube/common/authorizationservice/cl/CallTest.java +++ b/src/test/java/org/gcube/common/authorizationservice/cl/CallTest.java @@ -2,8 +2,11 @@ package org.gcube.common.authorizationservice.cl; import static org.gcube.common.authorization.client.Constants.authorizationService; +import java.util.Arrays; import java.util.List; +import org.gcube.common.authorization.library.BannedService; +import org.gcube.common.authorization.library.provider.Service; import org.gcube.common.resources.gcore.GenericResource; import org.gcube.common.scope.api.ScopeProvider; import org.gcube.resources.discovery.client.api.DiscoveryClient; @@ -16,22 +19,43 @@ public class CallTest { @Test public void call(){ ScopeProvider.instance.set("/gcube/devsec"); - SimpleQuery query = queryFor(GenericResource.class); - query.addCondition("$resource/Profile/SecondaryType eq 'StatisticalManagerAlgorithm' "); - DiscoveryClient client = clientFor(GenericResource.class); - List resources = client.submit(query); - for (GenericResource res : resources) - System.out.println(res); + System.out.println(authorizationService().build().get("d7a4076c-e8c1-42fe-81e0-bdecb1e8074a")); } @Test public void requestToken(){ ScopeProvider.instance.set("/gcube/devsec"); - String token = authorizationService().build().generate("lucio.le", "User"); + String token = authorizationService().build().generate("lucio.lelii", Arrays.asList("User")); System.out.println("token is: "+token); } + @Test + public void denyService(){ + + ScopeProvider.instance.set("/gcube/devsec"); + authorizationService().build().deny("gianpaolo.coro", new Service("Test", "AuthorizationTest")); + + } + + @Test + public void allowService(){ + + ScopeProvider.instance.set("/gcube/devsec"); + authorizationService().build().allow("gianpaolo.coro", new Service("Test", "AuthorizationTest")); + + } + + @Test + public void getBannedServices(){ + + ScopeProvider.instance.set("/gcube/devsec"); + List bannedServices = authorizationService().build().getBannedServices("lucio.lelii"); + for (BannedService banService : bannedServices) + System.out.println(banService.getService()); + + } + }