From ea4c7c6d679f3bfef66bb80af35892915b44a07b Mon Sep 17 00:00:00 2001
From: lucio <lucio@pc-lelii.isti.cnr.it>
Date: Fri, 17 Jan 2020 16:56:46 +0100
Subject: [PATCH] remove all the token of a user when a infra context is passed

---
 pom.xml                                       | 54 +++++++++++--------
 .../authorizationservice/ApiKeyManager.java   |  2 +
 .../AuthorizationService.java                 | 26 ++++++---
 .../authorizationservice/KeyRetriever.java    |  2 +
 .../authorizationservice/PolicyManager.java   |  2 +
 .../authorizationservice/TokenManager.java    | 26 +++++----
 .../filters/AuthorizedCallFilter.java         | 29 ++++++----
 .../persistence/RelationDBPersistence.java    | 12 ++++-
 .../entities/AuthorizationEntity.java         |  4 +-
 src/main/resources/META-INF/beans.xml         |  6 ++-
 10 files changed, 111 insertions(+), 52 deletions(-)

diff --git a/pom.xml b/pom.xml
index 46bb61b..98b315d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -34,6 +34,7 @@
 
 	<dependencies>
 
+
 		<dependency>
 			<groupId>org.gcube.common</groupId>
 			<artifactId>common-authorization</artifactId>
@@ -71,16 +72,7 @@
 			<groupId>javax.ws.rs</groupId>
 			<artifactId>javax.ws.rs-api</artifactId>
 		</dependency>
-		<dependency>
-			<groupId>org.glassfish.jersey.containers</groupId>
-			<artifactId>jersey-container-servlet</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.glassfish.jersey.containers.glassfish</groupId>
-			<artifactId>jersey-gf-cdi</artifactId>
-			<version>2.13</version>
-		</dependency>
-
+		
 		<dependency>
 			<groupId>javax.transaction</groupId>
 			<artifactId>javax.transaction-api</artifactId>
@@ -100,24 +92,45 @@
 			<scope>runtime</scope>
 		</dependency>
 
-		<!-- weld -->
 		<dependency>
-			<groupId>javax.enterprise</groupId>
-			<artifactId>cdi-api</artifactId>
-			<version>1.1</version>
+			<groupId>org.glassfish.jersey.containers</groupId>
+			<artifactId>jersey-container-servlet</artifactId>
+			<scope>compile</scope>
+		</dependency>
+		
+		<dependency>
+			<groupId>org.glassfish.jersey.containers</groupId>
+			<artifactId>jersey-container-servlet-core</artifactId>
+			<scope>compile</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.glassfish.hk2.external</groupId>
+			<artifactId>javax.inject</artifactId>
+			<version>2.4.0</version>
+		</dependency>
+		<dependency>
+			<groupId>org.glassfish.jersey.core</groupId>
+			<artifactId>jersey-server</artifactId>
+			<scope>compile</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.glassfish.jersey.ext.cdi</groupId>
+			<artifactId>jersey-cdi1x</artifactId>
+			<scope>compile</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.glassfish.jersey.ext.cdi</groupId>
+			<artifactId>jersey-cdi1x-servlet</artifactId>
+			<scope>compile</scope>
 		</dependency>
 		<dependency>
 			<groupId>org.jboss.weld.servlet</groupId>
 			<artifactId>weld-servlet</artifactId>
-			<version>2.2.4.Final</version>
-		</dependency>
-		<dependency>
-			<groupId>org.jboss</groupId>
-			<artifactId>jandex</artifactId>
-			<version>1.2.2.Final</version>
+			<version>2.4.8.Final</version>
 		</dependency>
 
 
+
 		<!-- lombok -->
 		<dependency>
 			<groupId>org.projectlombok</groupId>
@@ -140,7 +153,6 @@
 		<dependency>
 			<groupId>org.glassfish.jersey.test-framework.providers</groupId>
 			<artifactId>jersey-test-framework-provider-simple</artifactId>
-			<version>2.17</version>
 			<scope>test</scope>
 		</dependency>
 
diff --git a/src/main/java/org/gcube/common/authorizationservice/ApiKeyManager.java b/src/main/java/org/gcube/common/authorizationservice/ApiKeyManager.java
index 64b09cb..c6301d4 100644
--- a/src/main/java/org/gcube/common/authorizationservice/ApiKeyManager.java
+++ b/src/main/java/org/gcube/common/authorizationservice/ApiKeyManager.java
@@ -2,6 +2,7 @@ package org.gcube.common.authorizationservice;
 
 import java.util.UUID;
 
+import javax.annotation.ManagedBean;
 import javax.inject.Inject;
 import javax.servlet.http.HttpServletRequest;
 import javax.ws.rs.Consumes;
@@ -28,6 +29,7 @@ import org.gcube.common.authorizationservice.util.TokenPersistence;
 
 @Path("apikey")
 @Slf4j
+@ManagedBean
 public class ApiKeyManager {
 
 	@Inject
diff --git a/src/main/java/org/gcube/common/authorizationservice/AuthorizationService.java b/src/main/java/org/gcube/common/authorizationservice/AuthorizationService.java
index 516b0b3..b57d605 100644
--- a/src/main/java/org/gcube/common/authorizationservice/AuthorizationService.java
+++ b/src/main/java/org/gcube/common/authorizationservice/AuthorizationService.java
@@ -1,18 +1,30 @@
 package org.gcube.common.authorizationservice;
 
+import java.util.HashSet;
+import java.util.Set;
+
 import javax.ws.rs.ApplicationPath;
+import javax.ws.rs.core.Application;
 
 import org.gcube.common.authorizationservice.configuration.AuthorizationConfiguration;
 import org.glassfish.jersey.server.ResourceConfig;
 
-@ApplicationPath("/gcube/service/")
-public class AuthorizationService extends ResourceConfig  {
-
+@ApplicationPath("/gcube/service/*")
+public class AuthorizationService extends  Application {
+	
 	public static AuthorizationConfiguration configuration;
 	
-	public AuthorizationService(){
-		packages("org.gcube.common.authorizationservice");
-		
-	}
+	
+	@Override
+    public Set<Class<?>> getClasses() {
+        final Set<Class<?>> classes = new HashSet<>();
+        classes.add(TokenManager.class);
+        classes.add(KeyRetriever.class);
+        classes.add(PolicyManager.class);
+        classes.add(TokenManager.class);
+        return classes;
+    }
+	
+	
 		
 }
\ No newline at end of file
diff --git a/src/main/java/org/gcube/common/authorizationservice/KeyRetriever.java b/src/main/java/org/gcube/common/authorizationservice/KeyRetriever.java
index b10a67d..778c03e 100644
--- a/src/main/java/org/gcube/common/authorizationservice/KeyRetriever.java
+++ b/src/main/java/org/gcube/common/authorizationservice/KeyRetriever.java
@@ -5,6 +5,7 @@ import java.io.InputStream;
 import java.io.OutputStream;
 import java.security.InvalidKeyException;
 
+import javax.annotation.ManagedBean;
 import javax.servlet.http.HttpServletRequest;
 import javax.ws.rs.GET;
 import javax.ws.rs.Path;
@@ -26,6 +27,7 @@ import org.gcube.common.scope.impl.ScopeBean.Type;
 
 @Path("symmKey")
 @Slf4j
+@ManagedBean
 public class KeyRetriever {
 
 	@GET
diff --git a/src/main/java/org/gcube/common/authorizationservice/PolicyManager.java b/src/main/java/org/gcube/common/authorizationservice/PolicyManager.java
index f28e679..7a324dc 100644
--- a/src/main/java/org/gcube/common/authorizationservice/PolicyManager.java
+++ b/src/main/java/org/gcube/common/authorizationservice/PolicyManager.java
@@ -1,5 +1,6 @@
 package org.gcube.common.authorizationservice;
 
+import javax.annotation.ManagedBean;
 import javax.inject.Inject;
 import javax.validation.constraints.NotNull;
 import javax.validation.constraints.Null;
@@ -21,6 +22,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 @Path("policyManager")
+@ManagedBean
 public class PolicyManager {
 
 	private static Logger log = LoggerFactory.getLogger(PolicyManager.class);
diff --git a/src/main/java/org/gcube/common/authorizationservice/TokenManager.java b/src/main/java/org/gcube/common/authorizationservice/TokenManager.java
index 57327de..51ba276 100644
--- a/src/main/java/org/gcube/common/authorizationservice/TokenManager.java
+++ b/src/main/java/org/gcube/common/authorizationservice/TokenManager.java
@@ -4,6 +4,7 @@ import java.util.ArrayList;
 import java.util.List;
 import java.util.UUID;
 
+import javax.annotation.ManagedBean;
 import javax.inject.Inject;
 import javax.servlet.http.HttpServletRequest;
 import javax.validation.constraints.NotNull;
@@ -29,7 +30,6 @@ import org.gcube.common.authorization.library.provider.ServiceInfo;
 import org.gcube.common.authorization.library.provider.UserInfo;
 import org.gcube.common.authorization.library.utils.AuthorizationEntryList;
 import org.gcube.common.authorization.library.utils.ListMapper;
-import org.gcube.common.authorization.library.utils.MapAdapter;
 import org.gcube.common.authorization.library.utils.MultiServiceTokenRequest;
 import org.gcube.common.authorizationservice.filters.AuthorizedCallFilter;
 import org.gcube.common.authorizationservice.util.Constants;
@@ -39,6 +39,7 @@ import lombok.extern.slf4j.Slf4j;
 
 @Path("token")
 @Slf4j
+@ManagedBean
 public class TokenManager {
 
 	@Inject
@@ -56,7 +57,7 @@ public class TokenManager {
 	@Path("{token}")
 	@Produces(MediaType.APPLICATION_XML)
 	public AuthorizationEntry retrieveToken(@NotNull @PathParam("token") String token ) {
-		CalledMethodProvider.instance.set("retieve");
+		CalledMethodProvider.instance.set("retrieve");
 		log.info("token retreiver called with token {}",token);
 
 		AuthorizationEntry info = persistence.getAuthorizationEntry(token);
@@ -99,12 +100,14 @@ public class TokenManager {
 	@Produces(MediaType.APPLICATION_XML)
 	public AuthorizationEntryList retrieveTokenBunch(@NotNull @QueryParam("token") List<String> tokens ) {
 		CalledMethodProvider.instance.set("retrieve");
-		log.info("token retreiver called with token {}",tokens);
+		log.info("token retreiver called with tokens {}",tokens);
 
 		List<AuthorizationEntry> toReturn = new ArrayList<AuthorizationEntry>();
 		for (String token : tokens ) {
-			AuthorizationEntry info = persistence.getAuthorizationEntry(token);
-			if (token!=null) toReturn.add(info);
+			try {
+				AuthorizationEntry info = persistence.getAuthorizationEntry(token);
+				toReturn.add(info);
+			}catch(Exception e) {}
 		}
 		log.info("info retrieved {}",toReturn);
 
@@ -284,19 +287,20 @@ public class TokenManager {
 
 	/**
 	 * 
-	 * Generates a token for a service if it doesn't exist yet.
+	 * Generates a list of tokens for a service if it doesn't exist yet.
 	 * 
 	 * @param userName
-	 * @param roles
-	 * @return the generated token or the token related to the user (if it was already created)
+	 * @param MultiServiceTokenRequest entity
+	 * @return a list generated token or the token related to the user (if it was already created)
 	 */
 	@Path("service/bunch")
-	@PUT
+	@PUT 
 	@Consumes(MediaType.APPLICATION_XML)
+	@Produces(MediaType.APPLICATION_XML)
 	public ListMapper generateServiceTokenBunch(MultiServiceTokenRequest entity, 
 			@Context HttpServletRequest req) {
 		CalledMethodProvider.instance.set("generate");
-		
+		log.info("calling generate service token bunch");
 		try{
 			
 			AuthorizationEntry callerInfo = (AuthorizationEntry)req.getAttribute(AuthorizedCallFilter.AUTH_ATTRIBUTE);
@@ -306,6 +310,8 @@ public class TokenManager {
 			for (String token: entity.getContainerTokens()) {
 				AuthorizationEntry authInfo = this.retrieveToken(token);
 				
+				if (authInfo==null) continue;
+				
 				if (!authInfo.getClientInfo().getId().equals(callerInfo.getClientInfo().getId()))
 					log.warn("a token with a different ContainerInfo of the caller used, skipping it");
 				else {
diff --git a/src/main/java/org/gcube/common/authorizationservice/filters/AuthorizedCallFilter.java b/src/main/java/org/gcube/common/authorizationservice/filters/AuthorizedCallFilter.java
index 5d6ddcb..48b39ad 100644
--- a/src/main/java/org/gcube/common/authorizationservice/filters/AuthorizedCallFilter.java
+++ b/src/main/java/org/gcube/common/authorizationservice/filters/AuthorizedCallFilter.java
@@ -57,6 +57,11 @@ public class AuthorizedCallFilter implements Filter {
 		
 		long startTime = System.currentTimeMillis();
 		
+		String callerIp = ((HttpServletRequest)request).getHeader("x-forwarded-for");
+		if(callerIp==null)
+			callerIp=request.getRemoteHost();
+		log.info("caller ip {}", callerIp);
+		
 		AuthorizationEntry info = null;
 		if (token!=null){
 			info = persistence.getAuthorizationEntry(token);
@@ -65,12 +70,21 @@ public class AuthorizedCallFilter implements Filter {
 
 		request.setAttribute(AUTH_ATTRIBUTE, info);
 
+		
+		
 		String pathInfo = ((HttpServletRequest) request).getPathInfo();
-		log.info("called path {}", pathInfo);
-
+		String servletPath = ((HttpServletRequest) request).getServletPath();
+		
+		
+		
 		if (pathInfo==null || pathInfo.isEmpty()){
-			log.info("call rejected from filters: invalid path info");
-			return;
+			
+			pathInfo = servletPath.replace("/gcube/service", "");
+			log.info("called path info {} ", pathInfo);	
+			if (pathInfo==null || pathInfo.isEmpty()){
+				log.info("call rejected from filters: invalid path");
+				return;
+			}
 		}
 
 
@@ -80,10 +94,7 @@ public class AuthorizedCallFilter implements Filter {
 			return;
 		}
 
-		String callerIp = ((HttpServletRequest)request).getHeader("x-forwarded-for");
-		if(callerIp==null)
-			callerIp=request.getRemoteHost();
-		log.info("caller ip {}", callerIp);
+		
 
 		/*X509Certificate certs[] = 
 			    (X509Certificate[])req.getAttribute("javax.servlet.request.X509Certificate");
@@ -102,7 +113,7 @@ public class AuthorizedCallFilter implements Filter {
 
 		chain.doFilter(request, response);
 		
-		generateAccounting("Unknown", "Unknown", callerIp, true, startTime, request.getLocalName());
+		//generateAccounting("Unknown", "Unknown", callerIp, true, startTime, request.getLocalName());
 	}
 
 	private boolean requiresToken(String pathInfo) {
diff --git a/src/main/java/org/gcube/common/authorizationservice/persistence/RelationDBPersistence.java b/src/main/java/org/gcube/common/authorizationservice/persistence/RelationDBPersistence.java
index f485324..327abc6 100644
--- a/src/main/java/org/gcube/common/authorizationservice/persistence/RelationDBPersistence.java
+++ b/src/main/java/org/gcube/common/authorizationservice/persistence/RelationDBPersistence.java
@@ -40,6 +40,8 @@ import org.gcube.common.authorizationservice.persistence.entities.ServicePolicyE
 import org.gcube.common.authorizationservice.persistence.entities.UserAuthorizationEntity;
 import org.gcube.common.authorizationservice.persistence.entities.UserPolicyEntity;
 import org.gcube.common.authorizationservice.util.TokenPersistence;
+import org.gcube.common.scope.impl.ScopeBean;
+import org.gcube.common.scope.impl.ScopeBean.Type;
 
 @Singleton
 @Slf4j
@@ -391,9 +393,15 @@ public class RelationDBPersistence implements TokenPersistence{
 		EntityManager em = emFactory.createEntityManager();
 		try{
 			em.getTransaction().begin();
-			TypedQuery<AuthorizationEntity> queryS = em.createNamedQuery("Authz.getGeneratedTokenByClientId", AuthorizationEntity.class);
+			TypedQuery<AuthorizationEntity> queryS;
+			if (new ScopeBean(context).is(Type.INFRASTRUCTURE)) {
+				queryS = em.createNamedQuery("Authz.getAllGeneratedTokenByClientId", AuthorizationEntity.class);
+			} else {
+				queryS = em.createNamedQuery("Authz.getGeneratedTokenByClientId", AuthorizationEntity.class);
+				queryS.setParameter("context", context);
+			}
 			queryS.setParameter("clientid", clientId);
-			queryS.setParameter("context", context);
+			
 			List<AuthorizationEntity> authEntries = queryS.getResultList();
 			for (AuthorizationEntity entry:authEntries)
 				em.remove(entry);
diff --git a/src/main/java/org/gcube/common/authorizationservice/persistence/entities/AuthorizationEntity.java b/src/main/java/org/gcube/common/authorizationservice/persistence/entities/AuthorizationEntity.java
index b7ac49f..2cd53da 100644
--- a/src/main/java/org/gcube/common/authorizationservice/persistence/entities/AuthorizationEntity.java
+++ b/src/main/java/org/gcube/common/authorizationservice/persistence/entities/AuthorizationEntity.java
@@ -48,7 +48,9 @@ import org.slf4j.LoggerFactory;
 	@NamedQuery(name="Authz.getByToken", query="SELECT DISTINCT info FROM AuthorizationEntity info WHERE  "
 			+ " info.token=:token"),
 	@NamedQuery(name="Authz.getGeneratedTokenByClientId", query="SELECT DISTINCT info FROM AuthorizationEntity info WHERE  "
-			+ " (info.id.clientId=:clientid OR info.generatedBy=:clientid) AND info.id.context=:context")
+			+ " (info.id.clientId=:clientid OR info.generatedBy=:clientid) AND info.id.context=:context"),
+	@NamedQuery(name="Authz.getAllGeneratedTokenByClientId", query="SELECT DISTINCT info FROM AuthorizationEntity info WHERE  "
+			+ " (info.id.clientId=:clientid OR info.generatedBy=:clientid)")
 })
 public abstract class AuthorizationEntity {
 
diff --git a/src/main/resources/META-INF/beans.xml b/src/main/resources/META-INF/beans.xml
index 00e43a2..b3077e9 100644
--- a/src/main/resources/META-INF/beans.xml
+++ b/src/main/resources/META-INF/beans.xml
@@ -1,4 +1,6 @@
 <beans xmlns="http://xmlns.jcp.org/xml/ns/javaee"
-       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-       xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee">
+	   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	   xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/beans_1_1.xsd"
+	   bean-discovery-mode="all">
+
 </beans>
\ No newline at end of file