updateRoles added
This commit is contained in:
parent
8e969e0cb5
commit
bf41f48891
|
@ -15,11 +15,13 @@
|
|||
<attributes>
|
||||
<attribute name="optional" value="true"/>
|
||||
<attribute name="maven.pomderived" value="true"/>
|
||||
<attribute name="test" value="true"/>
|
||||
</attributes>
|
||||
</classpathentry>
|
||||
<classpathentry excluding="**" kind="src" output="target/test-classes" path="src/test/resources">
|
||||
<attributes>
|
||||
<attribute name="maven.pomderived" value="true"/>
|
||||
<attribute name="test" value="true"/>
|
||||
</attributes>
|
||||
</classpathentry>
|
||||
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.7">
|
||||
|
@ -30,6 +32,7 @@
|
|||
<classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER">
|
||||
<attributes>
|
||||
<attribute name="maven.pomderived" value="true"/>
|
||||
<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
|
||||
</attributes>
|
||||
</classpathentry>
|
||||
<classpathentry kind="output" path="target/classes"/>
|
||||
|
|
8
.project
8
.project
|
@ -15,6 +15,11 @@
|
|||
<arguments>
|
||||
</arguments>
|
||||
</buildCommand>
|
||||
<buildCommand>
|
||||
<name>org.eclipse.wst.validation.validationbuilder</name>
|
||||
<arguments>
|
||||
</arguments>
|
||||
</buildCommand>
|
||||
<buildCommand>
|
||||
<name>org.eclipse.m2e.core.maven2Builder</name>
|
||||
<arguments>
|
||||
|
@ -22,8 +27,11 @@
|
|||
</buildCommand>
|
||||
</buildSpec>
|
||||
<natures>
|
||||
<nature>org.eclipse.jem.workbench.JavaEMFNature</nature>
|
||||
<nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature>
|
||||
<nature>org.eclipse.jdt.core.javanature</nature>
|
||||
<nature>org.eclipse.m2e.core.maven2Nature</nature>
|
||||
<nature>org.eclipse.wst.common.project.facet.core.nature</nature>
|
||||
<nature>org.eclipse.wst.jsdt.core.jsNature</nature>
|
||||
</natures>
|
||||
</projectDescription>
|
||||
|
|
|
@ -1,5 +1,9 @@
|
|||
eclipse.preferences.version=1
|
||||
org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
|
||||
org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.7
|
||||
org.eclipse.jdt.core.compiler.compliance=1.7
|
||||
org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
|
||||
org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
|
||||
org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
|
||||
org.eclipse.jdt.core.compiler.release=disabled
|
||||
org.eclipse.jdt.core.compiler.source=1.7
|
||||
|
|
4
pom.xml
4
pom.xml
|
@ -10,7 +10,7 @@
|
|||
|
||||
<groupId>org.gcube.common</groupId>
|
||||
<artifactId>authorization-service</artifactId>
|
||||
<version>2.0.2-SNAPSHOT</version>
|
||||
<version>2.0.3-SNAPSHOT</version>
|
||||
<name>authorization service</name>
|
||||
|
||||
<packaging>war</packaging>
|
||||
|
@ -115,7 +115,7 @@
|
|||
<dependency>
|
||||
<artifactId>eclipselink</artifactId>
|
||||
<groupId>org.eclipse.persistence</groupId>
|
||||
<version>2.5.1</version>
|
||||
<version>2.6.6</version>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
|
|
|
@ -1,8 +1,12 @@
|
|||
package org.gcube.common.authorizationservice;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.UUID;
|
||||
|
||||
import javax.inject.Inject;
|
||||
import javax.print.attribute.HashAttributeSet;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.validation.constraints.NotNull;
|
||||
import javax.ws.rs.Consumes;
|
||||
|
@ -26,9 +30,12 @@ import org.gcube.common.authorization.library.provider.ContainerInfo;
|
|||
import org.gcube.common.authorization.library.provider.ExternalServiceInfo;
|
||||
import org.gcube.common.authorization.library.provider.ServiceInfo;
|
||||
import org.gcube.common.authorization.library.provider.UserInfo;
|
||||
import org.gcube.common.authorization.library.utils.ListMapper;
|
||||
import org.gcube.common.authorizationservice.filters.AuthorizedCallFilter;
|
||||
import org.gcube.common.authorizationservice.util.Constants;
|
||||
import org.gcube.common.authorizationservice.util.TokenPersistence;
|
||||
import org.gcube.common.scope.api.ScopeProvider;
|
||||
import org.gcube.common.scope.api.ServiceMap;
|
||||
|
||||
@Path("token")
|
||||
@Slf4j
|
||||
|
@ -62,10 +69,12 @@ public class TokenManager {
|
|||
.entity("token "+token+" not found").type(MediaType.TEXT_PLAIN).build());
|
||||
}
|
||||
|
||||
//TODO: re-add it with common-scope 2.0
|
||||
|
||||
/*
|
||||
try{
|
||||
ServiceMap map = .instance.getMap(info.getContext());
|
||||
ScopeProvider.instance.set(info.getContext());
|
||||
ServiceMap map = ServiceMap.instance;
|
||||
ScopeProvider.instance.reset();
|
||||
info.setMap(map);
|
||||
}catch(Exception e){
|
||||
log.error("error retrieving map for {}", info.getContext(), e);
|
||||
|
@ -78,6 +87,9 @@ public class TokenManager {
|
|||
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
/**
|
||||
*
|
||||
* retrieves the AuthorzationEntry connected to the specified token
|
||||
|
@ -156,6 +168,34 @@ public class TokenManager {
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* Generates a token for a user (saving the passed roles) if it doesn't exist yet.
|
||||
*
|
||||
* @param userName
|
||||
* @param roles
|
||||
* @return the generated token or the token related to the user (if it was already created)
|
||||
*/
|
||||
@Path("user/{token}/roles")
|
||||
@PUT
|
||||
@Consumes(MediaType.APPLICATION_XML)
|
||||
public String setRoles(ListMapper roles,
|
||||
@NotNull @PathParam("token") String token) {
|
||||
|
||||
try{
|
||||
|
||||
log.info("update roles called");
|
||||
|
||||
persistence.updateAuthorizationEntry(token, roles.getList()) ;
|
||||
|
||||
return token;
|
||||
}catch(Exception e){
|
||||
log.error("error setting roles to token ",e);
|
||||
throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST)
|
||||
.entity("Error setting roles to token: "+e.getMessage()).type(MediaType.TEXT_PLAIN).build());
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
*
|
||||
|
|
|
@ -18,6 +18,7 @@ import javax.persistence.TypedQuery;
|
|||
import lombok.extern.slf4j.Slf4j;
|
||||
|
||||
import org.gcube.common.authorization.library.AuthorizationEntry;
|
||||
import org.gcube.common.authorization.library.ClientType;
|
||||
import org.gcube.common.authorization.library.policies.Policy;
|
||||
import org.gcube.common.authorization.library.policies.PolicyType;
|
||||
import org.gcube.common.authorization.library.policies.Service2ServicePolicy;
|
||||
|
@ -148,6 +149,42 @@ public class RelationDBPersistence implements TokenPersistence{
|
|||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public void updateAuthorizationEntry(String token,
|
||||
List<String> roles) {
|
||||
|
||||
EntityManager em = emFactory.createEntityManager();
|
||||
|
||||
|
||||
TypedQuery<AuthorizationEntity> query = em.createNamedQuery("Authz.get", AuthorizationEntity.class);
|
||||
query.setParameter("token", token);
|
||||
AuthorizationEntity authEntity;
|
||||
try{
|
||||
authEntity = query.getSingleResult();
|
||||
}catch (NoResultException e){
|
||||
log.warn("no result found for token {}",token);
|
||||
throw new IllegalArgumentException("the token does not exist");
|
||||
}
|
||||
|
||||
|
||||
if (authEntity.getInfo().getType()== ClientType.USER) {
|
||||
log.debug("setting roles {}", roles);
|
||||
UserInfo ui = new UserInfo(authEntity.getInfo().getId(), roles);
|
||||
authEntity.setInfo(ui);
|
||||
EntityTransaction tx = em.getTransaction();
|
||||
try {
|
||||
tx.begin();
|
||||
AuthorizationEntity merged = em.merge(authEntity);
|
||||
tx.commit();
|
||||
log.debug("entity merged: {}", merged);
|
||||
}finally {
|
||||
em.close();
|
||||
}
|
||||
} else
|
||||
throw new IllegalArgumentException("the token is not representing a user");
|
||||
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public void addPolicies(List<Policy> polices) {
|
||||
|
|
|
@ -1,8 +1,12 @@
|
|||
package org.gcube.common.authorizationservice.persistence.entities;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.Calendar;
|
||||
import java.util.List;
|
||||
|
||||
import javax.persistence.Access;
|
||||
import javax.persistence.AccessType;
|
||||
import javax.persistence.Column;
|
||||
import javax.persistence.Convert;
|
||||
import javax.persistence.DiscriminatorColumn;
|
||||
|
@ -28,11 +32,14 @@ import org.gcube.common.authorizationservice.persistence.entities.ServicePolicyE
|
|||
import org.gcube.common.authorizationservice.persistence.entities.converters.StringListConverter;
|
||||
import org.gcube.common.authorizationservice.util.Constants;
|
||||
import org.jboss.weld.exceptions.IllegalArgumentException;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
@Entity
|
||||
@Inheritance
|
||||
@DiscriminatorColumn(name="EntryType")
|
||||
@Table(name="Authorizations")
|
||||
@Access(AccessType.FIELD)
|
||||
@NamedQueries({
|
||||
@NamedQuery(name="Authz.get", query="SELECT DISTINCT info FROM AuthorizationEntity info WHERE "
|
||||
+ " info.token=:token"),
|
||||
|
@ -112,6 +119,11 @@ public abstract class AuthorizationEntity {
|
|||
return this.info;
|
||||
}
|
||||
|
||||
public void setInfo(ClientInfo info) {
|
||||
this.info = info;
|
||||
this.internalInfo = retriveInternalInfo(info);
|
||||
}
|
||||
|
||||
public String getEntryType() {
|
||||
return entryType;
|
||||
}
|
||||
|
@ -139,7 +151,7 @@ public abstract class AuthorizationEntity {
|
|||
private ClientInfo retieveInfo() {
|
||||
switch (entryType) {
|
||||
case EntityConstants.USER_AUTHORIZATION:
|
||||
return new UserInfo(this.internalInfo.identifier, this.internalInfo.roles);
|
||||
return new UserInfo(this.internalInfo.identifier, this.internalInfo.getRoles());
|
||||
case EntityConstants.SERVICE_AUTHORIZATION:
|
||||
return new ServiceInfo(new ServiceIdentifier(this.internalInfo.service.clientServiceClass, this.internalInfo.service.clientServiceName, this.internalInfo.service.clientServiceIdentifier));
|
||||
case EntityConstants.EXTERNAL_SERVICE_AUTHORIZATION:
|
||||
|
@ -155,15 +167,15 @@ public abstract class AuthorizationEntity {
|
|||
private ClientInfoEntity retriveInternalInfo(ClientInfo info2) {
|
||||
switch (entryType) {
|
||||
case EntityConstants.USER_AUTHORIZATION:
|
||||
return ClientInfoEntity.forUser(info.getId(), info.getRoles());
|
||||
return ClientInfoEntity.forUser(info2.getId(), info2.getRoles());
|
||||
case EntityConstants.SERVICE_AUTHORIZATION:
|
||||
ServiceIdentifier identifier = ((ServiceInfo) this.info).getServiceIdentifier();
|
||||
ServiceIdentifier identifier = ((ServiceInfo) info2).getServiceIdentifier();
|
||||
return ClientInfoEntity.forService(identifier.getServiceClass(), identifier.getServiceName(), identifier.getServiceId());
|
||||
case EntityConstants.EXTERNAL_SERVICE_AUTHORIZATION:
|
||||
ExternalServiceInfo externalServiceInfo = (ExternalServiceInfo) this.info;
|
||||
ExternalServiceInfo externalServiceInfo = (ExternalServiceInfo) info2;
|
||||
return ClientInfoEntity.forExternalService(externalServiceInfo.getId(), externalServiceInfo.getGeneratedBy());
|
||||
case EntityConstants.CONTAINER_AUTHORIZATION:
|
||||
ContainerInfo containerInfo = (ContainerInfo) this.info;
|
||||
ContainerInfo containerInfo = (ContainerInfo) info2 ;
|
||||
return ClientInfoEntity.forContainer(containerInfo.getHost(), containerInfo.getPort());
|
||||
default:
|
||||
throw new IllegalArgumentException("invalid entity type");
|
||||
|
@ -173,20 +185,23 @@ public abstract class AuthorizationEntity {
|
|||
@Override
|
||||
public String toString() {
|
||||
return "AuthorizationEntity [id=" + id + ", token=" + token
|
||||
+ ", creationTime=" + creationTime + ", entryType=" + entryType
|
||||
+ ", creationTime=" + creationTime + ", entryType=" + entryType +", "+internalInfo
|
||||
+ "]";
|
||||
}
|
||||
|
||||
|
||||
|
||||
@Embeddable
|
||||
@Access(AccessType.FIELD)
|
||||
private static class ClientInfoEntity {
|
||||
|
||||
// userInfo
|
||||
@Column(name="info_identifier")
|
||||
private String identifier;
|
||||
|
||||
|
||||
@Column(name="info_roles", length=2000)
|
||||
@Convert(converter=StringListConverter.class)
|
||||
private List<String> roles;
|
||||
private String internalRoles;
|
||||
|
||||
//serviceInfo
|
||||
@Embedded
|
||||
|
@ -202,6 +217,10 @@ public abstract class AuthorizationEntity {
|
|||
@Column(name="info_port")
|
||||
private int port;
|
||||
|
||||
protected List<String> getRoles(){
|
||||
return stringToRoles(internalRoles);
|
||||
}
|
||||
|
||||
protected static ClientInfoEntity forExternalService(String identifier, String generatedBy){
|
||||
ClientInfoEntity entry =new ClientInfoEntity();
|
||||
entry.generatedBy= generatedBy;
|
||||
|
@ -222,7 +241,7 @@ public abstract class AuthorizationEntity {
|
|||
|
||||
protected static ClientInfoEntity forUser(String identifier, List<String> roles){
|
||||
ClientInfoEntity entry =new ClientInfoEntity();
|
||||
entry.roles= roles;
|
||||
entry.internalRoles= rolesToString(roles);
|
||||
entry.identifier = identifier;
|
||||
return entry;
|
||||
}
|
||||
|
@ -234,5 +253,27 @@ public abstract class AuthorizationEntity {
|
|||
return entry;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return "ClientInfoEntity [identifier=" + identifier + ", roles=" + internalRoles + ", service=" + service
|
||||
+ ", generatedBy=" + generatedBy + ", host=" + host + ", port=" + port + "]";
|
||||
}
|
||||
|
||||
private static String rolesToString(List<String> roles) {
|
||||
if (roles!=null && roles.size()>0){
|
||||
StringBuilder builder = new StringBuilder();
|
||||
for (String value: roles)
|
||||
builder.append(value).append(",||,");
|
||||
return builder.substring(0, builder.length()-4);
|
||||
} else return "";
|
||||
}
|
||||
|
||||
private static List<String> stringToRoles(String entry){
|
||||
if (entry!=null && !entry.isEmpty()){
|
||||
return Arrays.asList(entry.split(",\\|\\|,"));
|
||||
}
|
||||
else return new ArrayList<String>(0);
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,15 +1,22 @@
|
|||
package org.gcube.common.authorizationservice.persistence.entities;
|
||||
|
||||
import java.io.Serializable;
|
||||
|
||||
import javax.persistence.Embeddable;
|
||||
|
||||
@Embeddable
|
||||
public class AuthorizationId {
|
||||
public class AuthorizationId implements Serializable {
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
String context;
|
||||
String clientId;
|
||||
String qualifier;
|
||||
|
||||
protected AuthorizationId() {
|
||||
public AuthorizationId() {
|
||||
super();
|
||||
}
|
||||
|
||||
|
|
|
@ -4,13 +4,9 @@ import java.util.ArrayList;
|
|||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
|
||||
import javax.persistence.AttributeConverter;
|
||||
import javax.persistence.Converter;
|
||||
|
||||
@Converter
|
||||
public class StringListConverter implements AttributeConverter<List<String>, String>{
|
||||
public class StringListConverter {
|
||||
|
||||
@Override
|
||||
public String convertToDatabaseColumn(List<String> list) {
|
||||
|
||||
if (list!=null && list.size()>0){
|
||||
|
@ -21,7 +17,6 @@ public class StringListConverter implements AttributeConverter<List<String>, Str
|
|||
} else return "";
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<String> convertToEntityAttribute(String dbEntry) {
|
||||
if (dbEntry!=null && !dbEntry.isEmpty()){
|
||||
return Arrays.asList(dbEntry.split(",\\|\\|,"));
|
||||
|
|
|
@ -36,5 +36,7 @@ public interface TokenPersistence {
|
|||
Map<String, String> getExistingExternalServices(String generatorId,
|
||||
String context);
|
||||
|
||||
void updateAuthorizationEntry(String token, List<String> roles);
|
||||
|
||||
|
||||
}
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
<beans xmlns="http://xmlns.jcp.org/xml/ns/javaee"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
|
||||
http://xmlns.jcp.org/xml/ns/javaee/beans_1_1.xsd">
|
||||
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee">
|
||||
</beans>
|
|
@ -6,18 +6,19 @@
|
|||
<persistence-unit name="authorization" transaction-type="RESOURCE_LOCAL">
|
||||
<provider>org.eclipse.persistence.jpa.PersistenceProvider</provider>
|
||||
|
||||
<!-- Converters -->
|
||||
<class>org.gcube.common.authorizationservice.persistence.entities.converters.StringListConverter</class>
|
||||
|
||||
|
||||
<!-- Entities -->
|
||||
<class>org.gcube.common.authorizationservice.persistence.entities.AuthorizationEntity</class>
|
||||
<class>org.gcube.common.authorizationservice.persistence.entities.ServiceAuthorizationEntity</class>
|
||||
<class>org.gcube.common.authorizationservice.persistence.entities.UserAuthorizationEntity</class>
|
||||
<class>org.gcube.common.authorizationservice.persistence.entities.AuthorizationEntity.ClientInfoEntity</class>
|
||||
<class>org.gcube.common.authorizationservice.persistence.entities.AuthorizationId</class>
|
||||
<class>org.gcube.common.authorizationservice.persistence.entities.ExternalServiceAuthorizationEntity</class>
|
||||
<class>org.gcube.common.authorizationservice.persistence.entities.NodeAuthorizationEntity</class>
|
||||
<class>org.gcube.common.authorizationservice.persistence.entities.PendingEntity</class>
|
||||
<class>org.gcube.common.authorizationservice.persistence.entities.PolicyEntity</class>
|
||||
<class>org.gcube.common.authorizationservice.persistence.entities.ServiceAuthorizationEntity</class>
|
||||
<class>org.gcube.common.authorizationservice.persistence.entities.ServicePolicyEntity</class>
|
||||
<class>org.gcube.common.authorizationservice.persistence.entities.ServicePolicyEntity.ServiceAccessEntity</class>
|
||||
<class>org.gcube.common.authorizationservice.persistence.entities.UserAuthorizationEntity</class>
|
||||
<class>org.gcube.common.authorizationservice.persistence.entities.UserPolicyEntity</class>
|
||||
<properties>
|
||||
<property name="javax.persistence.jdbc.url"
|
||||
|
@ -28,6 +29,7 @@
|
|||
<property name="eclipselink.ddl-generation" value="create-tables" />
|
||||
<property name="eclipselink.ddl-generation.output-mode"
|
||||
value="database" />
|
||||
<property name="eclipselink.weaving.changetracking" value="false"/>
|
||||
</properties>
|
||||
</persistence-unit>
|
||||
</persistence>
|
|
@ -1,7 +1,6 @@
|
|||
<beans xmlns="http://xmlns.jcp.org/xml/ns/javaee"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
|
||||
http://xmlns.jcp.org/xml/ns/javaee/beans_1_1.xsd">
|
||||
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee">
|
||||
<alternatives>
|
||||
<class>org.gcube.common.authorizationservice.persistence.DataBaseProducer</class>
|
||||
</alternatives>
|
||||
|
|
Loading…
Reference in New Issue