142 lines
5.5 KiB
Java
142 lines
5.5 KiB
Java
package org.gcube.common.authorization.client.proxy;
|
|
|
|
import static org.gcube.common.authorization.client.Constants.CLIENT_ID_PARAM;
|
|
import static org.gcube.common.authorization.client.Constants.CONTEXT_PARAM;
|
|
import static org.gcube.common.authorization.client.Constants.ROLES_PARAM;
|
|
import static org.gcube.common.authorization.client.Constants.SERVICE_NAME;
|
|
|
|
import java.io.BufferedReader;
|
|
import java.io.InputStream;
|
|
import java.io.InputStreamReader;
|
|
import java.net.HttpURLConnection;
|
|
import java.net.URL;
|
|
import java.util.HashMap;
|
|
import java.util.List;
|
|
import java.util.Map;
|
|
|
|
import org.gcube.common.authorization.client.Binder;
|
|
import org.gcube.common.authorization.client.Constants;
|
|
import org.gcube.common.authorization.client.exceptions.ObjectNotFound;
|
|
import org.gcube.common.authorization.library.AuthorizationEntry;
|
|
import org.gcube.common.encryption.StringEncrypter;
|
|
import org.gcube.common.scope.api.Environment;
|
|
import org.gcube.common.scope.api.ScopeProvider;
|
|
import org.gcube.common.scope.impl.EnvironmentServiceMap;
|
|
|
|
public class DefaultAuthorizationProxy implements AuthorizationProxy {
|
|
|
|
private static Map<String, AuthorizationEntryCache> cache = new HashMap<String, AuthorizationEntryCache>();
|
|
|
|
private static String endpoint;
|
|
|
|
public DefaultAuthorizationProxy() {
|
|
endpoint = EnvironmentServiceMap.getInfrastructuresFor(Environment.DEVELOPMENT).endpoint(SERVICE_NAME);
|
|
}
|
|
|
|
@Override
|
|
public String generate(String clientId, List<String> roles) throws Exception {
|
|
final String methodPath = "/generate/token/";
|
|
|
|
StringBuilder rolesQueryString = new StringBuilder();
|
|
if (roles.size()>0){
|
|
for (String role: roles)
|
|
rolesQueryString.append(role).append(",");
|
|
rolesQueryString.deleteCharAt(rolesQueryString.lastIndexOf(","));
|
|
}
|
|
StringBuilder callUrl = new StringBuilder(endpoint).append(methodPath).append("?")
|
|
.append(CLIENT_ID_PARAM).append("=").append(clientId).append("&")
|
|
.append(ROLES_PARAM).append("=").append(rolesQueryString).append("&")
|
|
.append(CONTEXT_PARAM).append("=").append(ScopeProvider.instance.get());
|
|
|
|
URL url = new URL(callUrl.toString());
|
|
HttpURLConnection connection = (HttpURLConnection)url.openConnection();
|
|
connection.setRequestMethod("POST");
|
|
|
|
|
|
if (connection.getResponseCode()!=200) throw new Exception("error contacting authorization service");
|
|
String encryptedToken= "";
|
|
try(BufferedReader reader = new BufferedReader(new InputStreamReader((InputStream)connection.getContent()));){
|
|
StringBuilder result = new StringBuilder();
|
|
String line;
|
|
while((line = reader.readLine()) != null)
|
|
result.append(line);
|
|
encryptedToken = result.toString();
|
|
}
|
|
|
|
return StringEncrypter.getEncrypter().decrypt(encryptedToken);
|
|
|
|
}
|
|
|
|
@Override
|
|
public AuthorizationEntry get(final String token) throws ObjectNotFound, Exception{
|
|
final String methodPath = "/retrieve/";
|
|
|
|
StringBuilder callUrl = new StringBuilder(endpoint).append(methodPath).append(token);
|
|
|
|
URL url = new URL(callUrl.toString());
|
|
|
|
HttpURLConnection connection = makeRequest(url, "GET");
|
|
if (connection.getResponseCode()==404) throw new ObjectNotFound("token "+token+" not found");
|
|
if (connection.getResponseCode()!=200) throw new Exception("error contacting authorization service");
|
|
if (connection.getContentLengthLong()<=0) return null;
|
|
|
|
try(InputStream stream = (InputStream)connection.getContent();){
|
|
AuthorizationEntry entry = (AuthorizationEntry)Binder.getContext().createUnmarshaller().unmarshal(stream);
|
|
cache.put(token, new AuthorizationEntryCache(entry));
|
|
return entry;
|
|
}
|
|
|
|
}
|
|
|
|
/*
|
|
@Override
|
|
public BannedService deny(final String userName, final String serviceClass, final String serviceName) throws Exception {
|
|
|
|
URL url = new URL(endpoint+"/deny/"+userName+"/"+serviceClass+"/"+serviceName);
|
|
HttpURLConnection connection = makeRequest(url, "POST");
|
|
|
|
if (connection.getResponseCode()!=200 && connection.getResponseCode()!=200) throw new Exception("error contacting authorization service");
|
|
if (connection.getContentLengthLong()<=0) return null;
|
|
|
|
try(InputStream stream = (InputStream)connection.getContent();){
|
|
BannedService service = (BannedService)Binder.getContext().createUnmarshaller().unmarshal(stream);
|
|
return service;
|
|
}
|
|
}
|
|
|
|
@Override
|
|
public void allow(final String userName, final String serviceClass, final String serviceName) throws Exception{
|
|
URL url = new URL(endpoint+"/deny/"+userName+"/"+serviceClass+"/"+serviceName);
|
|
HttpURLConnection connection = makeRequest(url, "DELETE");
|
|
if (!(connection.getResponseCode()>=200 && connection.getResponseCode()<=206))
|
|
throw new Exception("error contacting authorization service");
|
|
}
|
|
|
|
|
|
@Override
|
|
public List<BannedService> getBannedServices(final String userName) throws Exception{
|
|
|
|
URL url = new URL(endpoint+"/deny/"+userName);
|
|
|
|
HttpURLConnection connection = makeRequest(url, "GET");
|
|
if (connection.getResponseCode()!=200) throw new Exception("error contacting authorization service");
|
|
if (connection.getContentLengthLong()<=0) return Collections.emptyList();
|
|
|
|
try(InputStream stream = (InputStream)connection.getContent();){
|
|
BannedServices services = (BannedServices)Binder.getContext().createUnmarshaller().unmarshal(stream);
|
|
if (services.get()==null) return Collections.emptyList();
|
|
else return services.get();
|
|
}
|
|
|
|
}
|
|
|
|
*/
|
|
|
|
private HttpURLConnection makeRequest(URL url, String method) throws Exception{
|
|
HttpURLConnection connection = (HttpURLConnection)url.openConnection();
|
|
connection.setRequestProperty(Constants.SCOPE_HEADER_ENTRY, ScopeProvider.instance.get());
|
|
connection.setRequestMethod(method);
|
|
return connection;
|
|
}
|
|
}
|