request for bunch token creation for service and container added

2019-12-09 18:06:21 +01:00 · 2019-12-09 18:06:21 +01:00 · f71693619e
parent d7ba58155f
commit f71693619e
12 changed files with 187 additions and 46 deletions
--- a/.classpath
+++ b/.classpath
@ -24,16 +24,16 @@
 			<attribute name="test" value="true"/>
 		</attributes>
 	</classpathentry>
 	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.7">
 		<attributes>
 			<attribute name="maven.pomderived" value="true"/>
 		</attributes>
 	</classpathentry>
 	<classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER">
 		<attributes>
 			<attribute name="maven.pomderived" value="true"/>
 			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
 		</attributes>
 	</classpathentry>
 	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.8">
 		<attributes>
 			<attribute name="maven.pomderived" value="true"/>
 		</attributes>
 	</classpathentry>
 	<classpathentry kind="output" path="target/classes"/>
 </classpath>
--- a/.settings/org.eclipse.jdt.core.prefs
+++ b/.settings/org.eclipse.jdt.core.prefs
@ -1,9 +1,9 @@
 eclipse.preferences.version=1
 org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
-org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.7
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.8
-org.eclipse.jdt.core.compiler.compliance=1.7
+org.eclipse.jdt.core.compiler.compliance=1.8
 org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
 org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
 org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
 org.eclipse.jdt.core.compiler.release=disabled
-org.eclipse.jdt.core.compiler.source=1.7
+org.eclipse.jdt.core.compiler.source=1.8
--- a/README.md
+++ b/README.md
@ -1,4 +1,4 @@
-# Storage Hub Webapp
+# Authorization service
 StorageHub implements the gCube Workspace feature
@ -13,11 +13,11 @@ StorageHub implements the gCube Workspace feature
 ## Documentation
-* Use of this theme is described in the [Wiki](https://wiki.gcube-system.org/gcube/StorageHub_REST_API).
+* Use of this theme is described in the [Wiki](https://wiki.gcube-system.org/gcube/Authorization_Framework).
 ## Change log
-See [Releases](https://code-repo.d4science.org/gCubeSystem/storagehub/releases).
+See [Releases](https://code-repo.d4science.org/gCubeSystem/authorization-service/releases).
 ## Authors
--- a/pom.xml
+++ b/pom.xml
@ -1,4 +1,5 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+<project xmlns="http://maven.apache.org/POM/4.0.0"
 	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 	<modelVersion>4.0.0</modelVersion>
@ -19,48 +20,60 @@
 		<distroDirectory>distro</distroDirectory>
 	</properties>
 	<dependencyManagement>
 		<dependencies>
 			<dependency>
 				<groupId>org.gcube.distribution</groupId>
 				<artifactId>gcube-bom</artifactId>
 				<version>1.3.1</version>
 				<type>pom</type>
 				<scope>import</scope>
 			</dependency>
 		</dependencies>
 	</dependencyManagement>
 	<dependencies>
 		<dependency>
 			<groupId>org.gcube.common</groupId>
 			<artifactId>common-authorization</artifactId>
 			<version>[2.0.0-SNAPSHOT, 3.0.0-SNAPSHOT)</version>
 		</dependency>
 		<dependency>
 			<groupId>org.gcube.core</groupId>
 			<artifactId>common-encryption</artifactId>
 			<version>[1.0.0-SNAPSHOT, 2.0.0-SNAPSHOT)</version>
 		</dependency>
-
+		<dependency>
 			<groupId>org.gcube.data.publishing</groupId>
 			<artifactId>document-store-lib</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>org.gcube.accounting</groupId>
 			<artifactId>accounting-lib</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>org.gcube.core</groupId>
 			<artifactId>common-scope-maps</artifactId>
 			<version>[1.0.0-SNAPSHOT,2.0.0-SNAPSHOT)</version>
 		</dependency>
 		<dependency>
 			<groupId>org.gcube.core</groupId>
 			<artifactId>common-scope</artifactId>
 			<version>[1.0.0-SNAPSHOT,2.0.0-SNAPSHOT)</version>
 		</dependency>
 		<dependency>
 			<groupId>org.gcube.core</groupId>
 			<artifactId>common-encryption</artifactId>
 			<version>[1.0.0-SNAPSHOT, 2.0.0-SNAPSHOT)</version>
 		</dependency>
 		<!-- jersey -->
 		<dependency>
 			<groupId>javax.ws.rs</groupId>
 			<artifactId>javax.ws.rs-api</artifactId>
 			<version>2.0</version>
 		</dependency>
 		<dependency>
 			<groupId>org.glassfish.jersey.containers</groupId>
 			<artifactId>jersey-container-servlet</artifactId>
 			<version>2.13</version>
 		</dependency>
 		<dependency>
 			<groupId>org.glassfish.jersey.containers.glassfish</groupId>
@ -165,11 +178,6 @@
 		<plugins>
 			<plugin>
 				<artifactId>maven-compiler-plugin</artifactId>
 				<version>2.3.2</version>
 				<configuration>
 					<source>1.7</source>
 					<target>1.7</target>
 				</configuration>
 			</plugin>
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
--- a/src/main/java/org/gcube/common/authorizationservice/ApiKeyManager.java
+++ b/src/main/java/org/gcube/common/authorizationservice/ApiKeyManager.java
@ -21,6 +21,7 @@ import lombok.extern.slf4j.Slf4j;
 import org.gcube.common.authorization.library.AuthorizationEntry;
 import org.gcube.common.authorization.library.QualifiersList;
 import org.gcube.common.authorization.library.provider.CalledMethodProvider;
 import org.gcube.common.authorizationservice.filters.AuthorizedCallFilter;
 import org.gcube.common.authorizationservice.util.Constants;
 import org.gcube.common.authorizationservice.util.TokenPersistence;
@ -43,6 +44,7 @@ public class ApiKeyManager {
 	@PUT
 	@Consumes(MediaType.APPLICATION_XML)
 	public String generateApiKey(@QueryParam(value="qualifier")String qualifier, @Context HttpServletRequest req) {
 		CalledMethodProvider.instance.set("generate(APIKEY)");
 		try{
 			AuthorizationEntry info = (AuthorizationEntry)req.getAttribute(AuthorizedCallFilter.AUTH_ATTRIBUTE);
@ -79,6 +81,7 @@ public class ApiKeyManager {
 	@GET
 	@Produces(MediaType.APPLICATION_XML)
 	public QualifiersList retrieveApiKeys(@Context HttpServletRequest req) {
 		CalledMethodProvider.instance.set("retrieve(APIKEY)");
 		log.info("calling getApiKey");
 		try{
 			AuthorizationEntry info = (AuthorizationEntry)req.getAttribute(AuthorizedCallFilter.AUTH_ATTRIBUTE);
--- a/src/main/java/org/gcube/common/authorizationservice/TokenManager.java
+++ b/src/main/java/org/gcube/common/authorizationservice/TokenManager.java
@ -1,12 +1,10 @@
 package org.gcube.common.authorizationservice;
-import java.util.HashMap;
+import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
 import java.util.UUID;
 import javax.inject.Inject;
 import javax.print.attribute.HashAttributeSet;
 import javax.servlet.http.HttpServletRequest;
 import javax.validation.constraints.NotNull;
 import javax.ws.rs.Consumes;
@ -22,20 +20,22 @@ import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 import lombok.extern.slf4j.Slf4j;
 import org.gcube.common.authorization.library.AuthorizationEntry;
 import org.gcube.common.authorization.library.ExternalServiceList;
 import org.gcube.common.authorization.library.provider.CalledMethodProvider;
 import org.gcube.common.authorization.library.provider.ContainerInfo;
 import org.gcube.common.authorization.library.provider.ExternalServiceInfo;
 import org.gcube.common.authorization.library.provider.ServiceInfo;
 import org.gcube.common.authorization.library.provider.UserInfo;
 import org.gcube.common.authorization.library.utils.AuthorizationEntryList;
 import org.gcube.common.authorization.library.utils.ListMapper;
 import org.gcube.common.authorization.library.utils.MapAdapter;
 import org.gcube.common.authorization.library.utils.MultiServiceTokenRequest;
 import org.gcube.common.authorizationservice.filters.AuthorizedCallFilter;
 import org.gcube.common.authorizationservice.util.Constants;
 import org.gcube.common.authorizationservice.util.TokenPersistence;
-import org.gcube.common.scope.api.ScopeProvider;
+
-import org.gcube.common.scope.api.ServiceMap;
+import lombok.extern.slf4j.Slf4j;
@Path("token")
@Slf4j
@ -56,7 +56,7 @@ public class TokenManager {
 	@Path("{token}")
 	@Produces(MediaType.APPLICATION_XML)
 	public AuthorizationEntry retrieveToken(@NotNull @PathParam("token") String token ) {
-
+		CalledMethodProvider.instance.set("retieve");
 		log.info("token retreiver called with token {}",token);
 		AuthorizationEntry info = persistence.getAuthorizationEntry(token);
@ -87,6 +87,36 @@ public class TokenManager {
 	}
 	/**
 	 * 
 	 * retrieves the AuthorzationEntry connected to the specified token
 	 * 
 	 * @param token
 	 * @return the authorization entry
 	 */
 	@GET
 	@Path("resolve")
 	@Produces(MediaType.APPLICATION_XML)
 	public AuthorizationEntryList retrieveTokenBunch(@NotNull @QueryParam("token") List<String> tokens ) {
 		CalledMethodProvider.instance.set("retrieve");
 		log.info("token retreiver called with token {}",tokens);
 		List<AuthorizationEntry> toReturn = new ArrayList<AuthorizationEntry>();
 		for (String token : tokens ) {
 			AuthorizationEntry info = persistence.getAuthorizationEntry(token);
 			if (token!=null) toReturn.add(info);
 		}
 		log.info("info retrieved {}",toReturn);
 		if (toReturn.isEmpty()){
 			log.error("no tokens poassed have been found ");
 			throw new WebApplicationException(Response.status(Response.Status.NOT_FOUND)
 					.entity("no tokens poassed have been found ").type(MediaType.TEXT_PLAIN).build());
 		}
 		return new AuthorizationEntryList(toReturn);
 	}
@ -100,7 +130,7 @@ public class TokenManager {
 	@GET
 	@Path("resolve/{user}")
 	public String getTokenByUserAndContext(@NotNull @PathParam("user") String user, @QueryParam("context") String context ) {
-
+		CalledMethodProvider.instance.set("retrieve");
 		log.info("resolving token for user {} in context {}",user, context);
 		if (context==null){
@ -146,7 +176,7 @@ public class TokenManager {
 	@Consumes(MediaType.APPLICATION_XML)
 	public String generateUserToken(UserInfo clientId, 
 			@NotNull @QueryParam("context") String context) {
-
+		CalledMethodProvider.instance.set("generate");
 		try{
 			log.info("generator called with user {} in context {} ",clientId, context);
@ -181,7 +211,7 @@ public class TokenManager {
 	@Consumes(MediaType.APPLICATION_XML)
 	public String setRoles(ListMapper roles, 
 			@NotNull @PathParam("token") String token) {
-
+		CalledMethodProvider.instance.set("setRoles");
 		try{
 			log.info("update roles called");
@ -210,7 +240,7 @@ public class TokenManager {
 	@Consumes(MediaType.APPLICATION_XML)
 	public void removeUserToken(@NotNull @QueryParam("client_id") String clientId, 
 			@NotNull @QueryParam("context") String context) {
-
+		CalledMethodProvider.instance.set("delete");
 		try{
 			log.info("generator called with user {} in context {} ",clientId, context);
@ -239,6 +269,7 @@ public class TokenManager {
 	@Consumes(MediaType.APPLICATION_XML)
 	public String generateServiceToken(ServiceInfo serviceInfo, 
 			@Context HttpServletRequest req) {
 		CalledMethodProvider.instance.set("generate");
 		try{
 			AuthorizationEntry authInfo = (AuthorizationEntry)req.getAttribute(AuthorizedCallFilter.AUTH_ATTRIBUTE);
 			log.info("generator called with service {} in context {} ",serviceInfo.getId(), authInfo.getContext());
@ -251,7 +282,46 @@ public class TokenManager {
 	}
-
+	/**
 	 * 
 	 * Generates a token for a service if it doesn't exist yet.
 	 * 
 	 * @param userName
 	 * @param roles
 	 * @return the generated token or the token related to the user (if it was already created)
 	 */
 	@Path("service/bunch")
 	@PUT
 	@Consumes(MediaType.APPLICATION_XML)
 	public ListMapper generateServiceTokenBunch(MultiServiceTokenRequest entity, 
 			@Context HttpServletRequest req) {
 		CalledMethodProvider.instance.set("generate");
 		try{
 			AuthorizationEntry callerInfo = (AuthorizationEntry)req.getAttribute(AuthorizedCallFilter.AUTH_ATTRIBUTE);
 			List<String> tokensToReturn = new ArrayList<String>();
 			for (String token: entity.getContainerTokens()) {
 				AuthorizationEntry authInfo = this.retrieveToken(token);
 				if (!authInfo.getClientInfo().getId().equals(callerInfo.getClientInfo().getId()))
 					log.warn("a token with a different ContainerInfo of the caller used, skipping it");
 				else {
 					String genToken = generateTokenForServiceInfo(entity.getInfo(), authInfo);
 					tokensToReturn.add(genToken);
 				}
 			}
 			return new ListMapper(tokensToReturn);
 		}catch(Exception e){
 			log.error("error generating tokens ",e);
 			throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST)
 					.entity("Error Generating Token: "+e.getMessage()).type(MediaType.TEXT_PLAIN).build());
 		} 
 	}
 	/**
 	 * 
@ -265,6 +335,7 @@ public class TokenManager {
 	@Consumes(MediaType.APPLICATION_XML)
 	public String generateExternalServiceToken(@PathParam("serviceId") String serviceId, @Context HttpServletRequest req) {
 		try{
 			CalledMethodProvider.instance.set("generate");
 			AuthorizationEntry info = (AuthorizationEntry)req.getAttribute(AuthorizedCallFilter.AUTH_ATTRIBUTE);
 			log.info("generator called for external service {} in context {} ",serviceId, info.getContext());
@ -296,6 +367,7 @@ public class TokenManager {
 	@GET
 	@Consumes(MediaType.APPLICATION_XML)
 	public ExternalServiceList getExternalServiceCreated(@Context HttpServletRequest req) {
 		CalledMethodProvider.instance.set("retrieve");
 		try{
 			AuthorizationEntry info = (AuthorizationEntry)req.getAttribute(AuthorizedCallFilter.AUTH_ATTRIBUTE);
 			log.info("get External Service called in context {} by {} ",info.getContext(), info.getClientInfo().getId());
@ -313,6 +385,7 @@ public class TokenManager {
 	@Consumes(MediaType.APPLICATION_XML)
 	public String generateContainerToken(@NotNull ContainerInfo containerInfo, @QueryParam("context") String context,
 			@Context HttpServletRequest req) {
 		CalledMethodProvider.instance.set("generate");
 		try{
 			AuthorizationEntry info = (AuthorizationEntry)req.getAttribute(AuthorizedCallFilter.AUTH_ATTRIBUTE);
--- a/src/main/java/org/gcube/common/authorizationservice/configuration/AuthorizationConfiguration.java
+++ b/src/main/java/org/gcube/common/authorizationservice/configuration/AuthorizationConfiguration.java
@ -19,6 +19,9 @@ public class AuthorizationConfiguration {
 	@XmlElement(name="AllowedContainerIp")
 	private List<String> allowedContainerIps = new ArrayList<String>();
 	@XmlElement(name="AccountingDir")
 	private String accountingDir = "/tmp";
 	protected AuthorizationConfiguration(){}
 	public List<AuthorizationRule> getAuthorizationRules() {
@ -28,6 +31,14 @@ public class AuthorizationConfiguration {
 	protected void setAuthorizationRules(List<AuthorizationRule> rules) {
 		this.authorizationRules = rules;
 	}
 	public String getAccountingDir() {
 		return accountingDir;
 	}
 	protected void setAccountingDir(String accountingDir) {
 		this.accountingDir = accountingDir;
 	}
 	public List<String> getAllowedContainerIps() {
 		return allowedContainerIps;
--- a/src/main/java/org/gcube/common/authorizationservice/configuration/ConfigurationBuilder.java
+++ b/src/main/java/org/gcube/common/authorizationservice/configuration/ConfigurationBuilder.java
@ -9,7 +9,9 @@ public class ConfigurationBuilder {
 	List<AuthorizationRule> rules = new ArrayList<AuthorizationRule>();
 	List<String> ips = new ArrayList<String>();
-		
+	
 	String accountingDir = null;
 	public static ConfigurationBuilder getBuilder(){
 		return new ConfigurationBuilder();
 	}
@ -19,6 +21,11 @@ public class ConfigurationBuilder {
 		return this;
 	}
 	public ConfigurationBuilder accountingDir(String accountingDir){
 		this.accountingDir= accountingDir;
 		return this;
 	}
 	public ConfigurationBuilder autoConfirmedIp(String ip){
 		this.ips.add(ip);
 		return this;
@ -28,6 +35,7 @@ public class ConfigurationBuilder {
 		AuthorizationConfiguration configuration =  new AuthorizationConfiguration();
 		configuration.setAuthorizationRules(rules);
 		configuration.setAllowedContainerIps(ips);
 		if (accountingDir!=null) configuration.setAccountingDir(accountingDir);
 		return configuration;
 	}
--- a/src/main/java/org/gcube/common/authorizationservice/filters/AuthorizedCallFilter.java
+++ b/src/main/java/org/gcube/common/authorizationservice/filters/AuthorizedCallFilter.java
@ -15,14 +15,22 @@ import javax.servlet.annotation.WebFilter;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import lombok.extern.slf4j.Slf4j;
+import org.gcube.accounting.datamodel.UsageRecord.OperationResult;
-
+import org.gcube.accounting.datamodel.usagerecords.ServiceUsageRecord;
 import org.gcube.accounting.persistence.AccountingPersistence;
 import org.gcube.accounting.persistence.AccountingPersistenceFactory;
 import org.gcube.common.authorization.library.AuthorizationEntry;
 import org.gcube.common.authorization.library.provider.CalledMethodProvider;
 import org.gcube.common.authorizationservice.configuration.AllowedEntity;
 import org.gcube.common.authorizationservice.configuration.AuthorizationConfiguration;
 import org.gcube.common.authorizationservice.configuration.AuthorizationRule;
 import org.gcube.common.authorizationservice.configuration.ConfigurationHolder;
 import org.gcube.common.authorizationservice.util.TokenPersistence;
 import org.gcube.common.scope.api.ScopeProvider;
 import org.jboss.weld.context.ApplicationContext;
 import org.omg.PortableInterceptor.SUCCESSFUL;
 import lombok.extern.slf4j.Slf4j;
@WebFilter(urlPatterns={"/*"}, filterName="authorizationFilter")
@Slf4j
@ -41,12 +49,14 @@ public class AuthorizedCallFilter implements Filter {
 	}
 	@Override
-	public void doFilter(ServletRequest request, ServletResponse response,
+	public void doFilter(ServletRequest request, ServletResponse response,	
-			FilterChain chain) throws IOException, ServletException {
+		FilterChain chain) throws IOException, ServletException {
 		String token = request.getParameter(TOKEN_HEADER)==null?((HttpServletRequest)request).getHeader(TOKEN_HEADER):
 			request.getParameter(TOKEN_HEADER);
-
+		
 		long startTime = System.currentTimeMillis();
 		AuthorizationEntry info = null;
 		if (token!=null){
 			info = persistence.getAuthorizationEntry(token);
@ -91,6 +101,8 @@ public class AuthorizedCallFilter implements Filter {
 		}
 		chain.doFilter(request, response);
 		generateAccounting("Unknown", "Unknown", callerIp, true, startTime, request.getLocalName());
 	}
 	private boolean requiresToken(String pathInfo) {
@ -163,6 +175,30 @@ public class AuthorizedCallFilter implements Filter {
 	@Override
 	public void destroy() {}
-
+	
 	void generateAccounting(String caller, String callerQualifier, String remoteHost, boolean success, long startTime, String host){
 		AuthorizationConfiguration conf = ConfigurationHolder.getConfiguration();
 		AccountingPersistenceFactory.setFallbackLocation(conf.getAccountingDir());
 		AccountingPersistence persistence = AccountingPersistenceFactory.getPersistence();
 		ServiceUsageRecord serviceUsageRecord = new ServiceUsageRecord();
 		try{
 			serviceUsageRecord.setConsumerId(caller);
 			serviceUsageRecord.setCallerQualifier(callerQualifier);
 			serviceUsageRecord.setScope(ScopeProvider.instance.get());
 			serviceUsageRecord.setServiceClass("Common");
 			serviceUsageRecord.setServiceName("Authorization");
 			serviceUsageRecord.setHost(host);
 			serviceUsageRecord.setCalledMethod(CalledMethodProvider.instance.get());
 			serviceUsageRecord.setCallerHost(remoteHost);
 			serviceUsageRecord.setOperationResult(success?OperationResult.SUCCESS:OperationResult.FAILED);
 			serviceUsageRecord.setDuration(System.currentTimeMillis()-startTime);
 			persistence.account(serviceUsageRecord);
 		}catch(Exception ex){
 			log.warn("invalid record passed to accounting ",ex);
 		}
 	}
 }
--- a/src/main/webapp/WEB-INF/AuthorizationConfiguration.xml
+++ b/src/main/webapp/WEB-INF/AuthorizationConfiguration.xml
@ -6,4 +6,5 @@
        <Rule path="/token/external" requiresToken="true" acceptedTokenTypes="USER" />
        <Rule path="/token/node" requiresToken="false" />
        <Rule path="/token/service" requiresToken="true" acceptedTokenTypes="CONTAINER"/>
        <AccountingDir>/tmp</AccountingDir>
 </Configuration>
--- a/src/test/java/org/gcube/common/authz/configuration/Binder.java
+++ b/src/test/java/org/gcube/common/authz/configuration/Binder.java
@ -33,7 +33,7 @@ public class Binder {
 		AuthorizationRule secondRule = new RuleBuilder().path("/newPath").entity(new AllowedEntity(EntityType.ROLE, "ContextManager")).entity(new AllowedEntity(EntityType.IP, "192.168.0.3")).build();
 		AuthorizationRule thirdRule = new RuleBuilder().path("/anotherPath").entity(new AllowedEntity(EntityType.USER, "user")).build();
-		AuthorizationConfiguration authConf = ConfigurationBuilder.getBuilder().rule(firtRule).rule(secondRule).rule(thirdRule).build();		
+		AuthorizationConfiguration authConf = ConfigurationBuilder.getBuilder().rule(firtRule).rule(secondRule).rule(thirdRule).accountingDir("mydir").build();		
 		StringWriter sw = new StringWriter();
 		context.createMarshaller().marshal(authConf, sw);
 		System.out.println(sw);
--- a/src/test/resources/AuthorizationConfiguration.xml
+++ b/src/test/resources/AuthorizationConfiguration.xml
@ -6,5 +6,6 @@
 	<Rule path="/apikey" requiresToken="true"/>
 	<Rule path="/policyManager" requiresToken="true"/>
 	<Rule path="/token/external" requiresToken="true"/>
 	<AccountingDir>mydir</AccountingDir>
 </Configuration>