git-svn-id: http://svn.research-infrastructures.eu/public/d4science/gcube/trunk/Common/authorization-common-client@115225 82a268e6-3cf1-43bd-a215-b396298e98cf

src/main/java/org/gcube/common/authorization/client/Binder.java

@@ -1,9 +1,12 @@
 package org.gcube.common.authorization.client;
 
+
 import javax.xml.bind.JAXBContext;
 import javax.xml.bind.JAXBException;
 
 import org.gcube.common.authorization.library.AuthorizationEntry;
+import org.gcube.common.authorization.library.BannedServices;
+import org.gcube.common.authorization.library.provider.Service;
 
 public class Binder {
 
@@ -11,7 +14,7 @@ public class Binder {
 	
 	public static JAXBContext getContext() throws JAXBException{
 		if (context==null)
-			context = JAXBContext.newInstance(AuthorizationEntry.class);
+			context = JAXBContext.newInstance(AuthorizationEntry.class, Service.class, BannedServices.class);
 		return context;
 	}
 	

src/main/java/org/gcube/common/authorization/client/Constants.java

@@ -27,6 +27,8 @@ public class Constants {
 
 	public static final String SCOPE_HEADER_ENTRY = "gcube-scope";
 	
+	public static final long TIME_TO_LIVE_CACHE_IN_MILLIS = (60*1000)*60; //1 hour
+	
 	public static ProxyBuilder<AuthorizationProxy> authorizationService() {
 		return new ProxyBuilderImpl<String,AuthorizationProxy>(new AuthorizationPlugin());
 	}

src/main/java/org/gcube/common/authorization/client/proxy/AuthorizationEntryCache.java

@@ -0,0 +1,23 @@
+package org.gcube.common.authorization.client.proxy;
+
+import org.gcube.common.authorization.client.Constants;
+import org.gcube.common.authorization.library.AuthorizationEntry;
+
+public class AuthorizationEntryCache {
+		
+	private AuthorizationEntry entry;
+	private long creationDate;
+	
+	public AuthorizationEntryCache(AuthorizationEntry entry) {
+		super();
+		this.entry = entry;
+		this.creationDate = System.currentTimeMillis();
+	}
+	public AuthorizationEntry getEntry() {
+		return entry;
+	}
+		
+	public boolean isValid(){
+		return (System.currentTimeMillis()-Constants.TIME_TO_LIVE_CACHE_IN_MILLIS)<this.creationDate;
+	}
+}

src/main/java/org/gcube/common/authorization/client/proxy/AuthorizationProxy.java

@@ -1,15 +1,20 @@
 package org.gcube.common.authorization.client.proxy;
 
+import java.util.List;
+
 import org.gcube.common.authorization.library.AuthorizationEntry;
+import org.gcube.common.authorization.library.BannedService;
 import org.gcube.common.authorization.library.provider.Service;
 
 public interface AuthorizationProxy {
 
-	String generate(String userName, String role);
+	String generate(String userName, List<String> roles);
 	
 	AuthorizationEntry get(String token);
 
-	void deny(String userName, Service service);
+	Service deny(String userName, Service service);
 
 	void allow(String userName, Service service);
+	
+	List<BannedService> getBannedServices(String userName);
 }

src/main/java/org/gcube/common/authorization/client/proxy/DefaultAuthorizationProxy.java

@@ -7,12 +7,16 @@ import java.io.InputStream;
 import java.io.InputStreamReader;
 import java.net.HttpURLConnection;
 import java.net.URL;
+import java.util.Collections;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 
 import org.gcube.common.authorization.client.Binder;
 import org.gcube.common.authorization.client.Constants;
 import org.gcube.common.authorization.library.AuthorizationEntry;
+import org.gcube.common.authorization.library.BannedService;
+import org.gcube.common.authorization.library.BannedServices;
 import org.gcube.common.authorization.library.provider.Service;
 import org.gcube.common.clients.Call;
 import org.gcube.common.clients.delegates.ProxyDelegate;
@@ -27,30 +31,28 @@ public class DefaultAuthorizationProxy implements AuthorizationProxy {
 		this.delegate = config;
 	}
 
-	private static Map<String, AuthorizationEntry> cache = new HashMap<String, AuthorizationEntry>();
+	private static Map<String, AuthorizationEntryCache> cache = new HashMap<String, AuthorizationEntryCache>();
 
 	@Override
-	public String generate(final String userName, final String role) {
+	public String generate(final String userName, final List<String> roles) {
 		Call<String, String> call = new Call<String, String>() {
 
 			@Override
 			public String call(String endpoint) throws Exception {
-				URL url = new URL(endpoint+"/generate/"+userName+"/"+role);
+				StringBuilder rolesQueryString = new StringBuilder(); 
-				HttpURLConnection connection = (HttpURLConnection)url.openConnection();
+				for (String role: roles)
-				connection.setRequestMethod("GET");
+					rolesQueryString.append(role).append(",");
-				connection.setRequestProperty(Constants.SCOPE_HEADER_ENTRY, ScopeProvider.instance.get());
+				rolesQueryString.deleteCharAt(rolesQueryString.lastIndexOf(","));
-				BufferedReader reader = new BufferedReader(new InputStreamReader((InputStream)connection.getContent()));
+				String callUrl = endpoint+"/generate/"+userName+"?roles="+rolesQueryString.toString();
-				StringBuilder result = new StringBuilder();
+				URL url = new URL(callUrl);
-				try{
+				HttpURLConnection connection = makeRequest(url, "POST");
+				try(BufferedReader reader = new BufferedReader(new InputStreamReader((InputStream)connection.getContent()));){
+					StringBuilder result = new StringBuilder();
 					String line;
 					while((line = reader.readLine()) != null) 
 						result.append(line);
-				}finally{
+					return result.toString();
-					if (reader!=null)
-						reader.close();
 				}
-				
-				return result.toString();
 			}
 		};
 		try {
@@ -68,41 +70,45 @@ public class DefaultAuthorizationProxy implements AuthorizationProxy {
 			public AuthorizationEntry call(String endpoint) throws Exception {
 
 				URL url = new URL(endpoint+"/retrieve/"+token);
-				HttpURLConnection connection = (HttpURLConnection)url.openConnection();
+				HttpURLConnection connection = makeRequest(url, "GET");
-				connection.setRequestMethod("GET");
 				if (connection.getContentLengthLong()<=0) return null;
-				
+
 				try(InputStream stream = (InputStream)connection.getContent();){
 					AuthorizationEntry entry = (AuthorizationEntry)Binder.getContext().createUnmarshaller().unmarshal(stream);
-					cache.put(token, entry);
+					cache.put(token, new AuthorizationEntryCache(entry));
 					return entry;
 				}
-				
+
 			}
 		};
-		if (cache.containsKey(token))
+		if (cache.containsKey(token) && cache.get(token).isValid())
-			return cache.get(token);
+			return cache.get(token).getEntry();
 		try {
 			return delegate.make(call);
 		} catch (Exception e) {
 			throw again(e).asServiceException();
 		}
 	}
-	
+
 	@Override
-	public void deny(final String userName, final Service service) {
+	public Service deny(final String userName, final Service service) {
-		Call<String, Empty> call = new Call<String, Empty>() {
+		Call<String, Service> call = new Call<String, Service>() {
 			@Override
-			public Empty call(String endpoint) throws Exception {
+			public Service call(String endpoint) throws Exception {
-				URL url = new URL(endpoint+"/deny/add/"+userName+"/"+service.getServiceClass()+"/"+service.getServiceName());
+				URL url = new URL(endpoint+"/deny/"+userName+"/"+service.getServiceClass()+"/"+service.getServiceName());
-				HttpURLConnection connection = (HttpURLConnection)url.openConnection();
+				HttpURLConnection connection = makeRequest(url, "POST");
-				connection.setRequestMethod("GET");
+
-				return new Empty();
+				if (connection.getContentLengthLong()<=0) return null;
+
+				try(InputStream stream = (InputStream)connection.getContent();){
+					Service service = (Service)Binder.getContext().createUnmarshaller().unmarshal(stream);
+					return service;
+				}
 			}
 		};
-		
+
 		try {
-			delegate.make(call);
+			return delegate.make(call);
 		} catch (Exception e) {
 			throw again(e).asServiceException();
 		}
@@ -114,14 +120,14 @@ public class DefaultAuthorizationProxy implements AuthorizationProxy {
 
 			@Override
 			public Empty call(String endpoint) throws Exception {
-				URL url = new URL(endpoint+"/deny/remove/"+userName+"/"+service.getServiceClass()+"/"+service.getServiceName());
+				URL url = new URL(endpoint+"/deny/"+userName+"/"+service.getServiceClass()+"/"+service.getServiceName());
-				HttpURLConnection connection = (HttpURLConnection)url.openConnection();
+				HttpURLConnection connection = makeRequest(url, "DELETE");
-				connection.setRequestMethod("GET");
+				System.out.println("response status "+connection.getResponseCode());
 				return new Empty();
-				
+
 			}
 		};
-		
+
 		try {
 			delegate.make(call);
 		} catch (Exception e) {
@@ -129,4 +135,39 @@ public class DefaultAuthorizationProxy implements AuthorizationProxy {
 		}
 	}
 
+	@Override
+	public List<BannedService> getBannedServices(final String userName) {
+		Call<String, List<BannedService>> call = new Call<String, List<BannedService>>() {
+
+			@Override
+			public List<BannedService> call(String endpoint) throws Exception {
+
+				URL url = new URL(endpoint+"/deny/"+userName);
+
+				HttpURLConnection connection = makeRequest(url, "GET");
+				if (connection.getContentLengthLong()<=0) return Collections.emptyList();
+
+				try(InputStream stream = (InputStream)connection.getContent();){
+					BannedServices services = (BannedServices)Binder.getContext().createUnmarshaller().unmarshal(stream);
+					if (services.get()==null) return Collections.emptyList();
+					else return services.get();
+				}
+
+			}
+		};
+
+		try {
+			return delegate.make(call);
+		} catch (Exception e) {
+			throw again(e).asServiceException();
+		}
+	}
+
+
+	private HttpURLConnection makeRequest(URL url, String method) throws Exception{
+		HttpURLConnection connection = (HttpURLConnection)url.openConnection();
+		connection.setRequestProperty(Constants.SCOPE_HEADER_ENTRY, ScopeProvider.instance.get());
+		connection.setRequestMethod(method);
+		return connection;
+	}
 }

src/test/java/org/gcube/common/authorizationservice/cl/CallTest.java

@@ -2,8 +2,11 @@ package org.gcube.common.authorizationservice.cl;
 
 import static org.gcube.common.authorization.client.Constants.authorizationService;
 
+import java.util.Arrays;
 import java.util.List;
 
+import org.gcube.common.authorization.library.BannedService;
+import org.gcube.common.authorization.library.provider.Service;
 import org.gcube.common.resources.gcore.GenericResource;
 import org.gcube.common.scope.api.ScopeProvider;
 import org.gcube.resources.discovery.client.api.DiscoveryClient;
@@ -16,22 +19,43 @@ public class CallTest {
 	@Test
 	public void call(){
 		ScopeProvider.instance.set("/gcube/devsec");
-		SimpleQuery query = queryFor(GenericResource.class);
-		query.addCondition("$resource/Profile/SecondaryType eq 'StatisticalManagerAlgorithm' ");
-		DiscoveryClient<GenericResource> client = clientFor(GenericResource.class);
-		List<GenericResource> resources = client.submit(query);
-		for (GenericResource res : resources)
-			System.out.println(res);
 		
+		System.out.println(authorizationService().build().get("d7a4076c-e8c1-42fe-81e0-bdecb1e8074a"));
 	}
 	
 	@Test
 	public void requestToken(){
 		
 		ScopeProvider.instance.set("/gcube/devsec");
-		String token = authorizationService().build().generate("lucio.le", "User");
+		String token = authorizationService().build().generate("lucio.lelii", Arrays.asList("User"));
 		System.out.println("token is: "+token);
 		
 	}
 		
+	@Test
+	public void denyService(){
+		
+		ScopeProvider.instance.set("/gcube/devsec");
+		authorizationService().build().deny("gianpaolo.coro", new Service("Test", "AuthorizationTest"));
+			
+	}
+	
+	@Test
+	public void allowService(){
+		
+		ScopeProvider.instance.set("/gcube/devsec");
+		authorizationService().build().allow("gianpaolo.coro", new Service("Test", "AuthorizationTest"));
+			
+	}
+	
+	@Test
+	public void getBannedServices(){
+		
+		ScopeProvider.instance.set("/gcube/devsec");
+		List<BannedService> bannedServices = authorizationService().build().getBannedServices("lucio.lelii");
+		for (BannedService banService : bannedServices)
+			System.out.println(banService.getService());
+			
+	}
+	
 }