commit for release 2.24
This commit is contained in:
parent
d6b6d4135e
commit
0e2a8dfbed
|
@ -0,0 +1,9 @@
|
||||||
|
# Changelog for "auhtorization-service"
|
||||||
|
|
||||||
|
|
||||||
|
## \[v2.1.3] [r4.24.0] - 2020-06-22
|
||||||
|
|
||||||
|
### Fixes
|
||||||
|
- bug on ApiKey Management (https://support.d4science.org/issues/19487)
|
||||||
|
|
||||||
|
This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
@ -15,7 +15,7 @@
|
||||||
<includes>
|
<includes>
|
||||||
<include>README.md</include>
|
<include>README.md</include>
|
||||||
<include>LICENSE.md</include>
|
<include>LICENSE.md</include>
|
||||||
<include>changelog.xml</include>
|
<include>CHANGELOG.md</include>
|
||||||
<include>profile.xml</include>
|
<include>profile.xml</include>
|
||||||
</includes>
|
</includes>
|
||||||
<fileMode>755</fileMode>
|
<fileMode>755</fileMode>
|
||||||
|
|
2
pom.xml
2
pom.xml
|
@ -11,7 +11,7 @@
|
||||||
|
|
||||||
<groupId>org.gcube.common</groupId>
|
<groupId>org.gcube.common</groupId>
|
||||||
<artifactId>authorization-service</artifactId>
|
<artifactId>authorization-service</artifactId>
|
||||||
<version>2.1.2-SNASPHOT</version>
|
<version>2.1.3</version>
|
||||||
<name>authorization service</name>
|
<name>authorization service</name>
|
||||||
|
|
||||||
<packaging>war</packaging>
|
<packaging>war</packaging>
|
||||||
|
|
|
@ -7,7 +7,6 @@ import javax.ws.rs.ApplicationPath;
|
||||||
import javax.ws.rs.core.Application;
|
import javax.ws.rs.core.Application;
|
||||||
|
|
||||||
import org.gcube.common.authorizationservice.configuration.AuthorizationConfiguration;
|
import org.gcube.common.authorizationservice.configuration.AuthorizationConfiguration;
|
||||||
import org.glassfish.jersey.server.ResourceConfig;
|
|
||||||
|
|
||||||
@ApplicationPath("/gcube/service/*")
|
@ApplicationPath("/gcube/service/*")
|
||||||
public class AuthorizationService extends Application {
|
public class AuthorizationService extends Application {
|
||||||
|
@ -22,6 +21,7 @@ public class AuthorizationService extends Application {
|
||||||
classes.add(KeyRetriever.class);
|
classes.add(KeyRetriever.class);
|
||||||
classes.add(PolicyManager.class);
|
classes.add(PolicyManager.class);
|
||||||
classes.add(TokenManager.class);
|
classes.add(TokenManager.class);
|
||||||
|
classes.add(ApiKeyManager.class);
|
||||||
return classes;
|
return classes;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -27,8 +27,6 @@ import org.gcube.common.authorizationservice.configuration.AuthorizationRule;
|
||||||
import org.gcube.common.authorizationservice.configuration.ConfigurationHolder;
|
import org.gcube.common.authorizationservice.configuration.ConfigurationHolder;
|
||||||
import org.gcube.common.authorizationservice.util.TokenPersistence;
|
import org.gcube.common.authorizationservice.util.TokenPersistence;
|
||||||
import org.gcube.common.scope.api.ScopeProvider;
|
import org.gcube.common.scope.api.ScopeProvider;
|
||||||
import org.jboss.weld.context.ApplicationContext;
|
|
||||||
import org.omg.PortableInterceptor.SUCCESSFUL;
|
|
||||||
|
|
||||||
import lombok.extern.slf4j.Slf4j;
|
import lombok.extern.slf4j.Slf4j;
|
||||||
|
|
||||||
|
@ -51,7 +49,8 @@ public class AuthorizedCallFilter implements Filter {
|
||||||
@Override
|
@Override
|
||||||
public void doFilter(ServletRequest request, ServletResponse response,
|
public void doFilter(ServletRequest request, ServletResponse response,
|
||||||
FilterChain chain) throws IOException, ServletException {
|
FilterChain chain) throws IOException, ServletException {
|
||||||
|
|
||||||
|
|
||||||
String token = request.getParameter(TOKEN_HEADER)==null?((HttpServletRequest)request).getHeader(TOKEN_HEADER):
|
String token = request.getParameter(TOKEN_HEADER)==null?((HttpServletRequest)request).getHeader(TOKEN_HEADER):
|
||||||
request.getParameter(TOKEN_HEADER);
|
request.getParameter(TOKEN_HEADER);
|
||||||
|
|
||||||
|
@ -82,15 +81,20 @@ public class AuthorizedCallFilter implements Filter {
|
||||||
pathInfo = servletPath.replace("/gcube/service", "");
|
pathInfo = servletPath.replace("/gcube/service", "");
|
||||||
log.info("called path info {} ", pathInfo);
|
log.info("called path info {} ", pathInfo);
|
||||||
if (pathInfo==null || pathInfo.isEmpty()){
|
if (pathInfo==null || pathInfo.isEmpty()){
|
||||||
log.info("call rejected from filters: invalid path");
|
((HttpServletResponse)response).sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
|
||||||
|
log.error("call rejected from filters: invalid path");
|
||||||
|
generateAccounting("Unknown", "Unknown", callerIp, false, startTime, request.getLocalName());
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
if (requiresToken(pathInfo) && token==null ){
|
if (requiresToken(pathInfo) && token==null ){
|
||||||
((HttpServletResponse)response).sendError(HttpServletResponse.SC_UNAUTHORIZED);
|
((HttpServletResponse)response).sendError(HttpServletResponse.SC_UNAUTHORIZED);
|
||||||
log.info("call rejected from filters, call requires caller token");
|
log.error("call rejected from filters, call requires caller token");
|
||||||
|
generateAccounting("Unknown", "Unknown", callerIp, false, startTime, request.getLocalName());
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -107,13 +111,15 @@ public class AuthorizedCallFilter implements Filter {
|
||||||
|
|
||||||
if (!checkAllowed(pathInfo, callerIp, info)){
|
if (!checkAllowed(pathInfo, callerIp, info)){
|
||||||
((HttpServletResponse)response).sendError(HttpServletResponse.SC_UNAUTHORIZED);
|
((HttpServletResponse)response).sendError(HttpServletResponse.SC_UNAUTHORIZED);
|
||||||
log.info("call rejected from filters");
|
log.error("call rejected from filters");
|
||||||
|
generateAccounting("Unknown", "Unknown", callerIp, false, startTime, request.getLocalName());
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
chain.doFilter(request, response);
|
chain.doFilter(request, response);
|
||||||
|
|
||||||
|
generateAccounting("Unknown", "Unknown", callerIp, true, startTime, request.getLocalName());
|
||||||
|
|
||||||
//generateAccounting("Unknown", "Unknown", callerIp, true, startTime, request.getLocalName());
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private boolean requiresToken(String pathInfo) {
|
private boolean requiresToken(String pathInfo) {
|
||||||
|
@ -188,7 +194,7 @@ public class AuthorizedCallFilter implements Filter {
|
||||||
public void destroy() {}
|
public void destroy() {}
|
||||||
|
|
||||||
void generateAccounting(String caller, String callerQualifier, String remoteHost, boolean success, long startTime, String host){
|
void generateAccounting(String caller, String callerQualifier, String remoteHost, boolean success, long startTime, String host){
|
||||||
AuthorizationConfiguration conf = ConfigurationHolder.getConfiguration();
|
/*AuthorizationConfiguration conf = ConfigurationHolder.getConfiguration();
|
||||||
AccountingPersistenceFactory.setFallbackLocation(conf.getAccountingDir());
|
AccountingPersistenceFactory.setFallbackLocation(conf.getAccountingDir());
|
||||||
AccountingPersistence persistence = AccountingPersistenceFactory.getPersistence();
|
AccountingPersistence persistence = AccountingPersistenceFactory.getPersistence();
|
||||||
ServiceUsageRecord serviceUsageRecord = new ServiceUsageRecord();
|
ServiceUsageRecord serviceUsageRecord = new ServiceUsageRecord();
|
||||||
|
@ -210,6 +216,8 @@ public class AuthorizedCallFilter implements Filter {
|
||||||
}catch(Exception ex){
|
}catch(Exception ex){
|
||||||
log.warn("invalid record passed to accounting ",ex);
|
log.warn("invalid record passed to accounting ",ex);
|
||||||
}
|
}
|
||||||
|
*/
|
||||||
|
log.info("REQUEST SERVED for method {} in {} ms with result {}", CalledMethodProvider.instance.get(), System.currentTimeMillis()-startTime, success?OperationResult.SUCCESS:OperationResult.FAILED);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue