updateRoles added

This commit is contained in:
lucio 2019-10-04 18:44:55 +02:00
parent 8e969e0cb5
commit bf41f48891
13 changed files with 170 additions and 33 deletions

View File

@ -15,11 +15,13 @@
<attributes>
<attribute name="optional" value="true"/>
<attribute name="maven.pomderived" value="true"/>
<attribute name="test" value="true"/>
</attributes>
</classpathentry>
<classpathentry excluding="**" kind="src" output="target/test-classes" path="src/test/resources">
<attributes>
<attribute name="maven.pomderived" value="true"/>
<attribute name="test" value="true"/>
</attributes>
</classpathentry>
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.7">
@ -30,6 +32,7 @@
<classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER">
<attributes>
<attribute name="maven.pomderived" value="true"/>
<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
</attributes>
</classpathentry>
<classpathentry kind="output" path="target/classes"/>

View File

@ -15,6 +15,11 @@
<arguments>
</arguments>
</buildCommand>
<buildCommand>
<name>org.eclipse.wst.validation.validationbuilder</name>
<arguments>
</arguments>
</buildCommand>
<buildCommand>
<name>org.eclipse.m2e.core.maven2Builder</name>
<arguments>
@ -22,8 +27,11 @@
</buildCommand>
</buildSpec>
<natures>
<nature>org.eclipse.jem.workbench.JavaEMFNature</nature>
<nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature>
<nature>org.eclipse.jdt.core.javanature</nature>
<nature>org.eclipse.m2e.core.maven2Nature</nature>
<nature>org.eclipse.wst.common.project.facet.core.nature</nature>
<nature>org.eclipse.wst.jsdt.core.jsNature</nature>
</natures>
</projectDescription>

View File

@ -1,5 +1,9 @@
eclipse.preferences.version=1
org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.7
org.eclipse.jdt.core.compiler.compliance=1.7
org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
org.eclipse.jdt.core.compiler.release=disabled
org.eclipse.jdt.core.compiler.source=1.7

View File

@ -10,7 +10,7 @@
<groupId>org.gcube.common</groupId>
<artifactId>authorization-service</artifactId>
<version>2.0.2-SNAPSHOT</version>
<version>2.0.3-SNAPSHOT</version>
<name>authorization service</name>
<packaging>war</packaging>
@ -115,7 +115,7 @@
<dependency>
<artifactId>eclipselink</artifactId>
<groupId>org.eclipse.persistence</groupId>
<version>2.5.1</version>
<version>2.6.6</version>
</dependency>
<dependency>

View File

@ -1,8 +1,12 @@
package org.gcube.common.authorizationservice;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import javax.inject.Inject;
import javax.print.attribute.HashAttributeSet;
import javax.servlet.http.HttpServletRequest;
import javax.validation.constraints.NotNull;
import javax.ws.rs.Consumes;
@ -26,9 +30,12 @@ import org.gcube.common.authorization.library.provider.ContainerInfo;
import org.gcube.common.authorization.library.provider.ExternalServiceInfo;
import org.gcube.common.authorization.library.provider.ServiceInfo;
import org.gcube.common.authorization.library.provider.UserInfo;
import org.gcube.common.authorization.library.utils.ListMapper;
import org.gcube.common.authorizationservice.filters.AuthorizedCallFilter;
import org.gcube.common.authorizationservice.util.Constants;
import org.gcube.common.authorizationservice.util.TokenPersistence;
import org.gcube.common.scope.api.ScopeProvider;
import org.gcube.common.scope.api.ServiceMap;
@Path("token")
@Slf4j
@ -62,10 +69,12 @@ public class TokenManager {
.entity("token "+token+" not found").type(MediaType.TEXT_PLAIN).build());
}
//TODO: re-add it with common-scope 2.0
/*
try{
ServiceMap map = .instance.getMap(info.getContext());
ScopeProvider.instance.set(info.getContext());
ServiceMap map = ServiceMap.instance;
ScopeProvider.instance.reset();
info.setMap(map);
}catch(Exception e){
log.error("error retrieving map for {}", info.getContext(), e);
@ -78,6 +87,9 @@ public class TokenManager {
}
/**
*
* retrieves the AuthorzationEntry connected to the specified token
@ -156,6 +168,34 @@ public class TokenManager {
}
}
/**
*
* Generates a token for a user (saving the passed roles) if it doesn't exist yet.
*
* @param userName
* @param roles
* @return the generated token or the token related to the user (if it was already created)
*/
@Path("user/{token}/roles")
@PUT
@Consumes(MediaType.APPLICATION_XML)
public String setRoles(ListMapper roles,
@NotNull @PathParam("token") String token) {
try{
log.info("update roles called");
persistence.updateAuthorizationEntry(token, roles.getList()) ;
return token;
}catch(Exception e){
log.error("error setting roles to token ",e);
throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST)
.entity("Error setting roles to token: "+e.getMessage()).type(MediaType.TEXT_PLAIN).build());
}
}
/**
*

View File

@ -18,6 +18,7 @@ import javax.persistence.TypedQuery;
import lombok.extern.slf4j.Slf4j;
import org.gcube.common.authorization.library.AuthorizationEntry;
import org.gcube.common.authorization.library.ClientType;
import org.gcube.common.authorization.library.policies.Policy;
import org.gcube.common.authorization.library.policies.PolicyType;
import org.gcube.common.authorization.library.policies.Service2ServicePolicy;
@ -148,6 +149,42 @@ public class RelationDBPersistence implements TokenPersistence{
}
}
@Override
public void updateAuthorizationEntry(String token,
List<String> roles) {
EntityManager em = emFactory.createEntityManager();
TypedQuery<AuthorizationEntity> query = em.createNamedQuery("Authz.get", AuthorizationEntity.class);
query.setParameter("token", token);
AuthorizationEntity authEntity;
try{
authEntity = query.getSingleResult();
}catch (NoResultException e){
log.warn("no result found for token {}",token);
throw new IllegalArgumentException("the token does not exist");
}
if (authEntity.getInfo().getType()== ClientType.USER) {
log.debug("setting roles {}", roles);
UserInfo ui = new UserInfo(authEntity.getInfo().getId(), roles);
authEntity.setInfo(ui);
EntityTransaction tx = em.getTransaction();
try {
tx.begin();
AuthorizationEntity merged = em.merge(authEntity);
tx.commit();
log.debug("entity merged: {}", merged);
}finally {
em.close();
}
} else
throw new IllegalArgumentException("the token is not representing a user");
}
@Override
public void addPolicies(List<Policy> polices) {

View File

@ -1,8 +1,12 @@
package org.gcube.common.authorizationservice.persistence.entities;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.List;
import javax.persistence.Access;
import javax.persistence.AccessType;
import javax.persistence.Column;
import javax.persistence.Convert;
import javax.persistence.DiscriminatorColumn;
@ -28,11 +32,14 @@ import org.gcube.common.authorizationservice.persistence.entities.ServicePolicyE
import org.gcube.common.authorizationservice.persistence.entities.converters.StringListConverter;
import org.gcube.common.authorizationservice.util.Constants;
import org.jboss.weld.exceptions.IllegalArgumentException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@Entity
@Inheritance
@DiscriminatorColumn(name="EntryType")
@Table(name="Authorizations")
@Access(AccessType.FIELD)
@NamedQueries({
@NamedQuery(name="Authz.get", query="SELECT DISTINCT info FROM AuthorizationEntity info WHERE "
+ " info.token=:token"),
@ -112,6 +119,11 @@ public abstract class AuthorizationEntity {
return this.info;
}
public void setInfo(ClientInfo info) {
this.info = info;
this.internalInfo = retriveInternalInfo(info);
}
public String getEntryType() {
return entryType;
}
@ -139,7 +151,7 @@ public abstract class AuthorizationEntity {
private ClientInfo retieveInfo() {
switch (entryType) {
case EntityConstants.USER_AUTHORIZATION:
return new UserInfo(this.internalInfo.identifier, this.internalInfo.roles);
return new UserInfo(this.internalInfo.identifier, this.internalInfo.getRoles());
case EntityConstants.SERVICE_AUTHORIZATION:
return new ServiceInfo(new ServiceIdentifier(this.internalInfo.service.clientServiceClass, this.internalInfo.service.clientServiceName, this.internalInfo.service.clientServiceIdentifier));
case EntityConstants.EXTERNAL_SERVICE_AUTHORIZATION:
@ -155,15 +167,15 @@ public abstract class AuthorizationEntity {
private ClientInfoEntity retriveInternalInfo(ClientInfo info2) {
switch (entryType) {
case EntityConstants.USER_AUTHORIZATION:
return ClientInfoEntity.forUser(info.getId(), info.getRoles());
return ClientInfoEntity.forUser(info2.getId(), info2.getRoles());
case EntityConstants.SERVICE_AUTHORIZATION:
ServiceIdentifier identifier = ((ServiceInfo) this.info).getServiceIdentifier();
ServiceIdentifier identifier = ((ServiceInfo) info2).getServiceIdentifier();
return ClientInfoEntity.forService(identifier.getServiceClass(), identifier.getServiceName(), identifier.getServiceId());
case EntityConstants.EXTERNAL_SERVICE_AUTHORIZATION:
ExternalServiceInfo externalServiceInfo = (ExternalServiceInfo) this.info;
ExternalServiceInfo externalServiceInfo = (ExternalServiceInfo) info2;
return ClientInfoEntity.forExternalService(externalServiceInfo.getId(), externalServiceInfo.getGeneratedBy());
case EntityConstants.CONTAINER_AUTHORIZATION:
ContainerInfo containerInfo = (ContainerInfo) this.info;
ContainerInfo containerInfo = (ContainerInfo) info2 ;
return ClientInfoEntity.forContainer(containerInfo.getHost(), containerInfo.getPort());
default:
throw new IllegalArgumentException("invalid entity type");
@ -173,20 +185,23 @@ public abstract class AuthorizationEntity {
@Override
public String toString() {
return "AuthorizationEntity [id=" + id + ", token=" + token
+ ", creationTime=" + creationTime + ", entryType=" + entryType
+ ", creationTime=" + creationTime + ", entryType=" + entryType +", "+internalInfo
+ "]";
}
@Embeddable
@Access(AccessType.FIELD)
private static class ClientInfoEntity {
// userInfo
@Column(name="info_identifier")
private String identifier;
@Column(name="info_roles", length=2000)
@Convert(converter=StringListConverter.class)
private List<String> roles;
private String internalRoles;
//serviceInfo
@Embedded
@ -202,6 +217,10 @@ public abstract class AuthorizationEntity {
@Column(name="info_port")
private int port;
protected List<String> getRoles(){
return stringToRoles(internalRoles);
}
protected static ClientInfoEntity forExternalService(String identifier, String generatedBy){
ClientInfoEntity entry =new ClientInfoEntity();
entry.generatedBy= generatedBy;
@ -222,7 +241,7 @@ public abstract class AuthorizationEntity {
protected static ClientInfoEntity forUser(String identifier, List<String> roles){
ClientInfoEntity entry =new ClientInfoEntity();
entry.roles= roles;
entry.internalRoles= rolesToString(roles);
entry.identifier = identifier;
return entry;
}
@ -234,5 +253,27 @@ public abstract class AuthorizationEntity {
return entry;
}
@Override
public String toString() {
return "ClientInfoEntity [identifier=" + identifier + ", roles=" + internalRoles + ", service=" + service
+ ", generatedBy=" + generatedBy + ", host=" + host + ", port=" + port + "]";
}
private static String rolesToString(List<String> roles) {
if (roles!=null && roles.size()>0){
StringBuilder builder = new StringBuilder();
for (String value: roles)
builder.append(value).append(",||,");
return builder.substring(0, builder.length()-4);
} else return "";
}
private static List<String> stringToRoles(String entry){
if (entry!=null && !entry.isEmpty()){
return Arrays.asList(entry.split(",\\|\\|,"));
}
else return new ArrayList<String>(0);
}
}
}

View File

@ -1,15 +1,22 @@
package org.gcube.common.authorizationservice.persistence.entities;
import java.io.Serializable;
import javax.persistence.Embeddable;
@Embeddable
public class AuthorizationId {
public class AuthorizationId implements Serializable {
/**
*
*/
private static final long serialVersionUID = 1L;
String context;
String clientId;
String qualifier;
protected AuthorizationId() {
public AuthorizationId() {
super();
}

View File

@ -4,13 +4,9 @@ import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.persistence.AttributeConverter;
import javax.persistence.Converter;
@Converter
public class StringListConverter implements AttributeConverter<List<String>, String>{
public class StringListConverter {
@Override
public String convertToDatabaseColumn(List<String> list) {
if (list!=null && list.size()>0){
@ -21,7 +17,6 @@ public class StringListConverter implements AttributeConverter<List<String>, Str
} else return "";
}
@Override
public List<String> convertToEntityAttribute(String dbEntry) {
if (dbEntry!=null && !dbEntry.isEmpty()){
return Arrays.asList(dbEntry.split(",\\|\\|,"));

View File

@ -36,5 +36,7 @@ public interface TokenPersistence {
Map<String, String> getExistingExternalServices(String generatorId,
String context);
void updateAuthorizationEntry(String token, List<String> roles);
}

View File

@ -1,5 +1,4 @@
<beans xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
http://xmlns.jcp.org/xml/ns/javaee/beans_1_1.xsd">
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee">
</beans>

View File

@ -6,18 +6,19 @@
<persistence-unit name="authorization" transaction-type="RESOURCE_LOCAL">
<provider>org.eclipse.persistence.jpa.PersistenceProvider</provider>
<!-- Converters -->
<class>org.gcube.common.authorizationservice.persistence.entities.converters.StringListConverter</class>
<!-- Entities -->
<class>org.gcube.common.authorizationservice.persistence.entities.AuthorizationEntity</class>
<class>org.gcube.common.authorizationservice.persistence.entities.ServiceAuthorizationEntity</class>
<class>org.gcube.common.authorizationservice.persistence.entities.UserAuthorizationEntity</class>
<class>org.gcube.common.authorizationservice.persistence.entities.AuthorizationEntity.ClientInfoEntity</class>
<class>org.gcube.common.authorizationservice.persistence.entities.AuthorizationId</class>
<class>org.gcube.common.authorizationservice.persistence.entities.ExternalServiceAuthorizationEntity</class>
<class>org.gcube.common.authorizationservice.persistence.entities.NodeAuthorizationEntity</class>
<class>org.gcube.common.authorizationservice.persistence.entities.PendingEntity</class>
<class>org.gcube.common.authorizationservice.persistence.entities.PolicyEntity</class>
<class>org.gcube.common.authorizationservice.persistence.entities.ServiceAuthorizationEntity</class>
<class>org.gcube.common.authorizationservice.persistence.entities.ServicePolicyEntity</class>
<class>org.gcube.common.authorizationservice.persistence.entities.ServicePolicyEntity.ServiceAccessEntity</class>
<class>org.gcube.common.authorizationservice.persistence.entities.UserAuthorizationEntity</class>
<class>org.gcube.common.authorizationservice.persistence.entities.UserPolicyEntity</class>
<properties>
<property name="javax.persistence.jdbc.url"
@ -28,6 +29,7 @@
<property name="eclipselink.ddl-generation" value="create-tables" />
<property name="eclipselink.ddl-generation.output-mode"
value="database" />
<property name="eclipselink.weaving.changetracking" value="false"/>
</properties>
</persistence-unit>
</persistence>

View File

@ -1,7 +1,6 @@
<beans xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
http://xmlns.jcp.org/xml/ns/javaee/beans_1_1.xsd">
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee">
<alternatives>
<class>org.gcube.common.authorizationservice.persistence.DataBaseProducer</class>
</alternatives>