gCubeSystem
/
authorization-service
15
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

branch for release 4.1 

git-svn-id: https://svn.d4science-ii.research-infrastructures.eu/gcube/branches/common/authorization-service/2.0@132472 82a268e6-3cf1-43bd-a215-b396298e98cf
This commit is contained in:
Lucio Lelii 2016-10-03 14:22:42 +00:00
commit fd513d1592
57 changed files with 3365 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
.classpath Normal file
View File

@ -0,0 +1,36 @@
<?xml version="1.0" encoding="UTF-8"?>
<classpath>
<classpathentry kind="src" output="target/classes" path="src/main/java">
<attributes>
<attribute name="optional" value="true"/>
<attribute name="maven.pomderived" value="true"/>
</attributes>
</classpathentry>
<classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources">
<attributes>
<attribute name="maven.pomderived" value="true"/>
</attributes>
</classpathentry>
<classpathentry kind="src" output="target/test-classes" path="src/test/java">
<attributes>
<attribute name="optional" value="true"/>
<attribute name="maven.pomderived" value="true"/>
</attributes>
</classpathentry>
<classpathentry excluding="**" kind="src" output="target/test-classes" path="src/test/resources">
<attributes>
<attribute name="maven.pomderived" value="true"/>
</attributes>
</classpathentry>
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.7">
<attributes>
<attribute name="maven.pomderived" value="true"/>
</attributes>
</classpathentry>
<classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER">
<attributes>
<attribute name="maven.pomderived" value="true"/>
</attributes>
</classpathentry>
<classpathentry kind="output" path="target/classes"/>
</classpath>

29
.project Normal file
View File

@ -0,0 +1,29 @@
<?xml version="1.0" encoding="UTF-8"?>
<projectDescription>
<name>authorization-service</name>
<comment></comment>
<projects>
</projects>
<buildSpec>
<buildCommand>
<name>org.eclipse.wst.common.project.facet.core.builder</name>
<arguments>
</arguments>
</buildCommand>
<buildCommand>
<name>org.eclipse.jdt.core.javabuilder</name>
<arguments>
</arguments>
</buildCommand>
<buildCommand>
<name>org.eclipse.m2e.core.maven2Builder</name>
<arguments>
</arguments>
</buildCommand>
</buildSpec>
<natures>
<nature>org.eclipse.jdt.core.javanature</nature>
<nature>org.eclipse.m2e.core.maven2Nature</nature>
<nature>org.eclipse.wst.common.project.facet.core.nature</nature>
</natures>
</projectDescription>

6
.settings/org.eclipse.core.resources.prefs Normal file
View File

@ -0,0 +1,6 @@
eclipse.preferences.version=1
encoding//src/main/java=UTF-8
encoding//src/main/resources=UTF-8
encoding//src/test/java=UTF-8
encoding//src/test/resources=UTF-8
encoding/<project>=UTF-8

5
.settings/org.eclipse.jdt.core.prefs Normal file
View File

@ -0,0 +1,5 @@
eclipse.preferences.version=1
org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.7
org.eclipse.jdt.core.compiler.compliance=1.7
org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
org.eclipse.jdt.core.compiler.source=1.7

4
.settings/org.eclipse.m2e.core.prefs Normal file
View File

@ -0,0 +1,4 @@
activeProfiles=
eclipse.preferences.version=1
resolveWorkspaceProjects=true
version=1

1
distro/LICENSE Normal file
View File

@ -0,0 +1 @@
${gcube.license}

62
distro/README Normal file
View File

@ -0,0 +1,62 @@
The gCube System - ${name}
--------------------------------------------------
${description}
${gcube.description}
${gcube.funding}
Version
--------------------------------------------------
${version} (${buildDate})
Please see the file named "changelog.xml" in this directory for the release notes.
Authors
--------------------------------------------------
* Lucio Lelii (lucio.lelii-AT-isti.cnr.it), CNR, Italy
Maintainers
--------------------------------------------------
* Lucio Lelii (lucio.lelii-AT-isti.cnr.it), CNR, Italy
Download information
--------------------------------------------------
Source code is available from SVN:
${scm.url}
Binaries can be downloaded from the gCube website:
${gcube.website}
Installation
--------------------------------------------------
Installation documentation is available on-line in the gCube Wiki:
${gcube.wikiRoot}
Documentation
--------------------------------------------------
Documentation is available on-line in the gCube Wiki:
${gcube.wikiRoot}
Support
--------------------------------------------------
Bugs and support requests can be reported in the gCube issue tracking tool:
${gcube.issueTracking}
Licensing
--------------------------------------------------
This software is licensed under the terms you may find in the file named "LICENSE" in this directory.

8
distro/changelog.xml Normal file
View File

@ -0,0 +1,8 @@
<ReleaseNotes>
<Changeset component="authorization-service-1.0.0" date="2013-11-02">
<Change>First Release</Change>
</Changeset>
<Changeset component="authorization-service-2.0.0" date="2016-09-30">
<Change>moved auth to new auth2 model</Change>
</Changeset>
</ReleaseNotes>

35
distro/descriptor.xml Normal file
View File

@ -0,0 +1,35 @@
<assembly
xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0 http://maven.apache.org/xsd/assembly-1.1.0.xsd">
<id>servicearchive</id>
<formats>
<format>tar.gz</format>
</formats>
<baseDirectory>/</baseDirectory>
<fileSets>
<fileSet>
<directory>${distroDirectory}</directory>
<outputDirectory>/</outputDirectory>
<useDefaultExcludes>true</useDefaultExcludes>
<includes>
<include>README</include>
<include>LICENSE</include>
<include>changelog.xml</include>
</includes>
<fileMode>755</fileMode>
<filtered>true</filtered>
</fileSet>
</fileSets>
<files>
<file>
<source>${distroDirectory}/profile.xml</source>
<outputDirectory>/</outputDirectory>
<filtered>true</filtered>
</file>
<file>
<source>target/${build.finalName}.war</source>
<outputDirectory>/${artifactId}</outputDirectory>
</file>
</files>
</assembly>

26
distro/profile.xml Normal file
View File

@ -0,0 +1,26 @@
<?xml version="1.0" encoding="UTF-8"?>
<Resource xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ID />
<Type>Service</Type>
<Profile>
<Description>${description}</Description>
<Class>Common</Class>
<Name>${artifactId}</Name>
<Version>1.0.0</Version>
<Packages>
<Software>
<Name>${artifactId}</Name>
<Version>${version}</Version>
<MavenCoordinates>
<groupId>${groupId}</groupId>
<artifactId>${artifactId}</artifactId>
<version>${version}</version>
</MavenCoordinates>
<Files>
<File>${build.finalName}.jar</File>
</Files>
</Software>
</Packages>
</Profile>
</Resource>

209
pom.xml Normal file
View File

@ -0,0 +1,209 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<artifactId>maven-parent</artifactId>
<groupId>org.gcube.tools</groupId>
<version>1.0.0</version>
</parent>
<groupId>org.gcube.common</groupId>
<artifactId>authorization-service</artifactId>
<version>2.0.0-SNAPSHOT</version>
<name>authorization service</name>
<packaging>war</packaging>
<properties>
<distroDirectory>distro</distroDirectory>
</properties>
<dependencies>
<dependency>
<groupId>org.gcube.common</groupId>
<artifactId>common-authorization</artifactId>
<version>[2.0.0-SNAPSHOT, 3.0.0-SNAPSHOT)</version>
</dependency>
<dependency>
<groupId>org.gcube.core</groupId>
<artifactId>common-encryption</artifactId>
<version>[1.0.0-SNAPSHOT, 2.0.0-SNAPSHOT)</version>
</dependency>
<dependency>
<groupId>org.gcube.core</groupId>
<artifactId>common-scope-maps</artifactId>
<version>[1.0.0-SNAPSHOT,2.0.0-SNAPSHOT)</version>
</dependency>
<dependency>
<groupId>org.gcube.core</groupId>
<artifactId>common-scope</artifactId>
<version>[1.0.0-SNAPSHOT,2.0.0-SNAPSHOT)</version>
</dependency>
<dependency>
<groupId>org.gcube.core</groupId>
<artifactId>common-encryption</artifactId>
<version>[1.0.0-SNAPSHOT, 2.0.0-SNAPSHOT)</version>
</dependency>
<!-- jersey -->
<dependency>
<groupId>javax.ws.rs</groupId>
<artifactId>javax.ws.rs-api</artifactId>
<version>2.0</version>
</dependency>
<dependency>
<groupId>org.glassfish.jersey.containers</groupId>
<artifactId>jersey-container-servlet</artifactId>
<version>2.13</version>
</dependency>
<dependency>
<groupId>org.glassfish.jersey.containers.glassfish</groupId>
<artifactId>jersey-gf-cdi</artifactId>
<version>2.13</version>
</dependency>
<dependency>
<groupId>javax.transaction</groupId>
<artifactId>javax.transaction-api</artifactId>
<version>1.2</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.0.1</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>postgresql</groupId>
<artifactId>postgresql</artifactId>
<version>9.1-901.jdbc4</version>
<scope>runtime</scope>
</dependency>
<!-- weld -->
<dependency>
<groupId>javax.enterprise</groupId>
<artifactId>cdi-api</artifactId>
<version>1.1</version>
</dependency>
<dependency>
<groupId>org.jboss.weld.servlet</groupId>
<artifactId>weld-servlet</artifactId>
<version>2.2.4.Final</version>
</dependency>
<dependency>
<groupId>org.jboss</groupId>
<artifactId>jandex</artifactId>
<version>1.2.2.Final</version>
</dependency>
<!-- lombok -->
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>0.11.6</version>
</dependency>
<dependency>
<artifactId>eclipselink</artifactId>
<groupId>org.eclipse.persistence</groupId>
<version>2.5.1</version>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<version>1.0.13</version>
</dependency>
<dependency>
<groupId>org.glassfish.jersey.test-framework.providers</groupId>
<artifactId>jersey-test-framework-provider-simple</artifactId>
<version>2.17</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.derby</groupId>
<artifactId>derby</artifactId>
<version>10.8.2.2</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.derby</groupId>
<artifactId>derbyclient</artifactId>
<version>10.8.2.2</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.googlecode.jeeunit</groupId>
<artifactId>jeeunit</artifactId>
<version>1.0.0</version>
<scope>test</scope>
</dependency>
<!-- https://mvnrepository.com/artifact/com.google.code.gson/gson -->
<dependency>
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
<version>2.7</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.gcube.common</groupId>
<artifactId>couchdb-connector</artifactId>
<version>2.0.0-SNAPSHOT</version>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<finalName>${artifactId}</finalName>
<plugins>
<plugin>
<artifactId>maven-compiler-plugin</artifactId>
<version>2.3.2</version>
<configuration>
<source>1.7</source>
<target>1.7</target>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-war-plugin</artifactId>
<version>2.4</version>
<configuration>
<warName>authorization-service</warName>
<failOnMissingWebXml>false</failOnMissingWebXml>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-assembly-plugin</artifactId>
<configuration>
<descriptors>
<descriptor>${distroDirectory}/descriptor.xml</descriptor>
</descriptors>
</configuration>
<executions>
<execution>
<id>servicearchive</id>
<phase>install</phase>
<goals>
<goal>single</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>

117
src/main/java/org/gcube/common/authorizationservice/ApiKeyManager.java Normal file
View File

@ -0,0 +1,117 @@
package org.gcube.common.authorizationservice;
import java.util.UUID;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import lombok.extern.slf4j.Slf4j;
import org.gcube.common.authorization.library.AuthorizationEntry;
import org.gcube.common.authorization.library.QualifiersList;
import org.gcube.common.authorizationservice.filters.AuthorizedCallFilter;
import org.gcube.common.authorizationservice.util.Constants;
import org.gcube.common.authorizationservice.util.TokenPersistence;
@Path("apikey")
@Slf4j
public class ApiKeyManager {
@Inject
TokenPersistence persistence;
/**
*
* Generates an api key.
*
* @param serviceName the name of the client that will use this apikey
* @return the generated api key
*/
@PUT
@Consumes(MediaType.APPLICATION_XML)
public String generateApiKey(@QueryParam(value="qualifier")String qualifier, @Context HttpServletRequest req) {
try{
AuthorizationEntry info = (AuthorizationEntry)req.getAttribute(AuthorizedCallFilter.AUTH_ATTRIBUTE);
if (qualifier==null || qualifier.isEmpty() || qualifier.equals(Constants.DEFAULT_TOKEN_QUALIFIER))
throw new IllegalArgumentException();
log.info("generator called with user {} in context {} ",info.getClientInfo(), info.getContext());
if (info.getClientInfo().getId().split(":").length>1) throw new Exception("invalid user id: "+info.getClientInfo());
String token = persistence.getExistingToken(info.getClientInfo().getId(), info.getContext(), qualifier);
if (token==null){
token = UUID.randomUUID().toString();
persistence.saveAuthorizationEntry(token, info.getContext(), info.getClientInfo(), qualifier, info.getClientInfo().getId());
}
return token;
}catch(Exception e){
log.error("error generating apikey ",e);
throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST)
.entity("Error Generating ApiKey: "+e.getMessage()).type(MediaType.TEXT_PLAIN).build());
}
}
/**
*
* retrieves the AuthorzationEntry connected to the specified token
*
* @param token
* @return the authorization entry
*/
@GET
@Produces(MediaType.APPLICATION_XML)
public QualifiersList retrieveApiKeys(@Context HttpServletRequest req) {
log.info("calling getApiKey");
try{
AuthorizationEntry info = (AuthorizationEntry)req.getAttribute(AuthorizedCallFilter.AUTH_ATTRIBUTE);
return new QualifiersList(persistence.getExistingApiKeys(info.getClientInfo().getId(), info.getContext()));
}catch(Exception e){
log.error("error retrieving apikey",e);
}
return null;
}
/**
*
* removes an api key.
*
* @param the key to remove
* @return
*/
@Path("{key}")
@DELETE
public void removeApiKey(@PathParam(value="key")String key, @Context HttpServletRequest req) {
try{
//TODO
}catch(Exception e){
log.error("error generating apikey ",e);
throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST)
.entity("Error Generating ApiKey: "+e.getMessage()).type(MediaType.TEXT_PLAIN).build());
}
}
}

18
src/main/java/org/gcube/common/authorizationservice/AuthorizationService.java Normal file
View File

@ -0,0 +1,18 @@
package org.gcube.common.authorizationservice;
import javax.ws.rs.ApplicationPath;
import org.gcube.common.authorizationservice.configuration.AuthorizationConfiguration;
import org.glassfish.jersey.server.ResourceConfig;
@ApplicationPath("/gcube/service/")
public class AuthorizationService extends ResourceConfig {
public static AuthorizationConfiguration configuration;
public AuthorizationService(){
packages("org.gcube.common.authorizationservice");
}
}

74
src/main/java/org/gcube/common/authorizationservice/KeyRetriever.java Normal file
View File

@ -0,0 +1,74 @@
package org.gcube.common.authorizationservice;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.InvalidKeyException;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;
import javax.ws.rs.core.StreamingOutput;
import lombok.extern.slf4j.Slf4j;
import org.gcube.common.authorization.library.AuthorizationEntry;
import org.gcube.common.authorization.library.provider.ContainerInfo;
import org.gcube.common.authorizationservice.filters.AuthorizedCallFilter;
import org.gcube.common.scope.impl.ScopeBean;
import org.gcube.common.scope.impl.ScopeBean.Type;
@Path("symmKey")
@Slf4j
public class KeyRetriever {
@GET
@Produces(MediaType.APPLICATION_OCTET_STREAM)
public Response getKey(@Context HttpServletRequest req) throws Exception {
final AuthorizationEntry info = (AuthorizationEntry)req.getAttribute(AuthorizedCallFilter.AUTH_ATTRIBUTE);
if (info.getClientInfo() instanceof ContainerInfo){
final String keyFileName =getKeyFileName(info.getContext());
StreamingOutput so = new StreamingOutput() {
public void write(OutputStream output) throws IOException, WebApplicationException {
try{
try(InputStream is =KeyRetriever.class.getResourceAsStream("/"+keyFileName)){
byte[] buffer = new byte[8192];
int read = -1;
while ((read = is.read(buffer))!=-1){
output.write(buffer, 0, read);
}
}
}catch(Exception e){
log.error("error retrieving symm key", e);
throw new WebApplicationException(e, Status.INTERNAL_SERVER_ERROR);
}
}
};
return Response.ok(so).header("content-disposition","attachment; filename = "+keyFileName)
.header("resource-name", keyFileName).build();
} else return Response.status(Status.UNAUTHORIZED).build();
}
protected static String getKeyFileName(String context) throws InvalidKeyException{
String keyFile=null;
if(context!=null){
ScopeBean bean = new ScopeBean(context);
if(bean.is(Type.VRE))
bean = bean.enclosingScope();
String name = bean.name();
//build keyfile name with name
keyFile=name+".gcubekey";
}else{
throw new InvalidKeyException("invalid key for context: "+context);
}
return keyFile;
}
}

75
src/main/java/org/gcube/common/authorizationservice/PolicyManager.java Normal file
View File

@ -0,0 +1,75 @@
package org.gcube.common.authorizationservice;
import javax.inject.Inject;
import javax.validation.constraints.NotNull;
import javax.validation.constraints.Null;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import org.gcube.common.authorization.library.Policies;
import org.gcube.common.authorizationservice.util.TokenPersistence;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@Path("policyManager")
public class PolicyManager {
private static Logger log = LoggerFactory.getLogger(PolicyManager.class);
@Inject
TokenPersistence tokenPersistence;
@POST
@Consumes(MediaType.APPLICATION_XML)
public Response setPolices(Policies policies) {
try{
log.info("adding policies: {}", policies.getPolicies());
tokenPersistence.addPolicies(policies.getPolicies());
}catch(Exception e){
log.error("error adding policies",e);
throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST)
.entity("Error adding policies: "+e.getMessage()).type(MediaType.TEXT_PLAIN).build());
}
return Response.ok().build();
}
@DELETE
@Consumes(MediaType.APPLICATION_XML)
@Path("{policy_id}")
public Response remove(@Null @PathParam("policy_id") long policyId) {
try{
log.info("removing policy with id {}", policyId);
tokenPersistence.removePolicy(policyId);
}catch(Exception e){
log.error("error removing policies", e);
throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST)
.entity("Error removing policies: "+e.getMessage()).type(MediaType.TEXT_PLAIN).build());
}
return Response.ok().build();
}
@GET
@Produces(MediaType.APPLICATION_XML)
public Policies getPoliciesPerContext(@NotNull @QueryParam("context") String context) {
try{
log.info("retrieving polices in context {}", context);
return new Policies(tokenPersistence.getPolices(context));
}catch(Exception e){
log.error("error retrieving policies per context {}", context, e);
throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST)
.entity("Error retrieving policies: "+e.getMessage()).type(MediaType.TEXT_PLAIN).build());
}
}
}

235
src/main/java/org/gcube/common/authorizationservice/TokenManager.java Normal file
View File

@ -0,0 +1,235 @@
package org.gcube.common.authorizationservice;
import java.util.UUID;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import javax.validation.constraints.NotNull;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import lombok.extern.slf4j.Slf4j;
import org.gcube.common.authorization.library.AuthorizationEntry;
import org.gcube.common.authorization.library.provider.ContainerInfo;
import org.gcube.common.authorization.library.provider.ExternalServiceInfo;
import org.gcube.common.authorization.library.provider.ServiceInfo;
import org.gcube.common.authorization.library.provider.UserInfo;
import org.gcube.common.authorizationservice.filters.AuthorizedCallFilter;
import org.gcube.common.authorizationservice.util.Constants;
import org.gcube.common.authorizationservice.util.TokenPersistence;
@Path("token")
@Slf4j
public class TokenManager {
@Inject
TokenPersistence persistence;
/**
*
* retrieves the AuthorzationEntry connected to the specified token
*
* @param token
* @return the authorization entry
*/
@GET
@Path("{token}")
@Produces(MediaType.APPLICATION_XML)
public AuthorizationEntry retrieveToken(@NotNull @PathParam("token") String token ) {
log.info("token retreiver called with token {}",token);
AuthorizationEntry info = persistence.getAuthorizationEntry(token);
log.info("info retrieved {}",info);
if (info == null){
log.error("token {} not found ", token);
throw new WebApplicationException(Response.status(Response.Status.NOT_FOUND)
.entity("token "+token+" not found").type(MediaType.TEXT_PLAIN).build());
}
//TODO: re-add it with common-scope 2.0
/*
try{
ServiceMap map = .instance.getMap(info.getContext());
info.setMap(map);
}catch(Exception e){
log.error("error retrieving map for {}", info.getContext(), e);
throw new WebApplicationException(Response.status(Response.Status.INTERNAL_SERVER_ERROR)
.entity("Error retrieving map").type(MediaType.TEXT_PLAIN).build());
}*/
log.debug("returning info {}", info);
return info;
}
/**
*
* Generates a token for a user (saving the passed roles) if it doesn't exist yet.
*
* @param userName
* @param roles
* @return the generated token or the token related to the user (if it was already created)
*/
@Path("user")
@PUT
@Consumes(MediaType.APPLICATION_XML)
public String generateUserToken(UserInfo clientId,
@NotNull @QueryParam("context") String context) {
try{
log.info("generator called with user {} in context {} ",clientId, context);
if (clientId.getId().split(":").length>1) throw new Exception("invalid user id: "+clientId.getId());
String token = persistence.getExistingToken(clientId.getId(), context, Constants.DEFAULT_TOKEN_QUALIFIER);
if (token==null){
token = UUID.randomUUID().toString();
persistence.saveAuthorizationEntry(token, context, clientId , Constants.DEFAULT_TOKEN_QUALIFIER, null);
}
return token;
}catch(Exception e){
log.error("error generating token ",e);
throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST)
.entity("Error Generating Token: "+e.getMessage()).type(MediaType.TEXT_PLAIN).build());
}
}
/**
*
* Generates a token for a service if it doesn't exist yet.
*
* @param userName
* @param roles
* @return the generated token or the token related to the user (if it was already created)
*/
@Path("service")
@PUT
@Consumes(MediaType.APPLICATION_XML)
public String generateServiceToken(ServiceInfo serviceInfo,
@Context HttpServletRequest req) {
try{
AuthorizationEntry authInfo = (AuthorizationEntry)req.getAttribute(AuthorizedCallFilter.AUTH_ATTRIBUTE);
log.info("generator called with service {} in context {} ",serviceInfo.getId(), authInfo.getContext());
return generateTokenForServiceInfo(serviceInfo, authInfo);
}catch(Exception e){
log.error("error generating token ",e);
throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST)
.entity("Error Generating Token: "+e.getMessage()).type(MediaType.TEXT_PLAIN).build());
}
}
/**
*
* Generates a token for an external service if it doesn't exist yet.
*
* @param externalServiceInfo
* @return the generated token or the token related to the external service (if it was already created)
*/
@Path("external")
@PUT
@Consumes(MediaType.APPLICATION_XML)
public String generateExternalServiceToken(ExternalServiceInfo externalService, @Context HttpServletRequest req) {
try{
AuthorizationEntry info = (AuthorizationEntry)req.getAttribute(AuthorizedCallFilter.AUTH_ATTRIBUTE);
log.info("generator called for external service {} in context {} ",externalService.getId(), info.getContext());
if (externalService.getId().split(":").length>1) throw new Exception("invalid external service id: "+externalService.getId());
String token = persistence.getExistingToken(externalService.getId(), info.getContext(), Constants.DEFAULT_TOKEN_QUALIFIER);
if (token==null){
token= UUID.randomUUID().toString();
persistence.saveAuthorizationEntry(token, info.getContext(), externalService, Constants.DEFAULT_TOKEN_QUALIFIER, null);
}
return token;
}catch(Exception e){
log.error("error generating token ",e);
throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST)
.entity("Error Generating Token: "+e.getMessage()).type(MediaType.TEXT_PLAIN).build());
}
}
@Path("node")
@PUT
@Consumes(MediaType.APPLICATION_XML)
public String generateContainerToken(@NotNull ContainerInfo containerInfo, @QueryParam("context") String context,
@Context HttpServletRequest req) {
try{
AuthorizationEntry info = (AuthorizationEntry)req.getAttribute(AuthorizedCallFilter.AUTH_ATTRIBUTE);
if (context!=null)
return generateTokenForContainerInfo(containerInfo, context);
else if (info!=null){
log.info("generator called for node {} in context {} ",containerInfo.getId(), info.getContext());
return generateTokenForContainerInfo(containerInfo, info);
}
throw new Exception("error trying to activate node (token and context are empty)");
}catch(Exception e){
log.error("error generating token ",e);
throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST)
.entity("Error Generating Token: "+e.getMessage()).type(MediaType.TEXT_PLAIN).build());
}
}
private String generateTokenForContainerInfo(ContainerInfo containerInfo,String context) throws Exception{
if (containerInfo.getId().split(":").length!=2) throw new Exception("invalid container id: "+containerInfo.getId());
String token = persistence.getExistingToken(containerInfo.getId(), context, Constants.DEFAULT_TOKEN_QUALIFIER);
if( token ==null){
token = UUID.randomUUID().toString();;
persistence.saveAuthorizationEntry(token, context, containerInfo, Constants.DEFAULT_TOKEN_QUALIFIER, null);
}
return token;
}
private String generateTokenForContainerInfo(ContainerInfo containerInfo, AuthorizationEntry authInfo) throws Exception{
if (containerInfo.getId().split(":").length!=2) throw new Exception("invalid container id: "+containerInfo.getId());
String token = persistence.getExistingToken(containerInfo.getId(),authInfo.getContext(), Constants.DEFAULT_TOKEN_QUALIFIER);
if( token ==null){
token = UUID.randomUUID().toString();;
persistence.saveAuthorizationEntry(token, authInfo.getContext(), containerInfo, Constants.DEFAULT_TOKEN_QUALIFIER, authInfo.getClientInfo().getId() );
}
return token;
}
private String generateTokenForServiceInfo(ServiceInfo serviceInfo, AuthorizationEntry authInfo) throws Exception{
if (serviceInfo.getId().split(":").length!=3) throw new Exception("invalid service id: "+serviceInfo.getId());
String token = persistence.getExistingToken(serviceInfo.getId(), authInfo.getContext(), Constants.DEFAULT_TOKEN_QUALIFIER);
if( token ==null){
token = UUID.randomUUID().toString();;
persistence.saveAuthorizationEntry(token, authInfo.getContext(), serviceInfo, Constants.DEFAULT_TOKEN_QUALIFIER, authInfo.getClientInfo().getId() );
}
return token;
}
}

71
src/main/java/org/gcube/common/authorizationservice/configuration/AllowedEntity.java Normal file
View File

@ -0,0 +1,71 @@
package org.gcube.common.authorizationservice.configuration;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlRootElement;
@XmlRootElement(name="Entity")
@XmlAccessorType(XmlAccessType.FIELD)
public class AllowedEntity {
public enum EntityType {
IP, ROLE, USER
}
@XmlAttribute
private EntityType type;
@XmlAttribute
private String value;
protected AllowedEntity(){}
public AllowedEntity(EntityType type, String value) {
super();
this.type = type;
this.value = value;
}
public EntityType getType() {
return type;
}
public String getValue() {
return value;
}
@Override
public int hashCode() {
final int prime = 31;
int result = 1;
result = prime * result + ((type == null) ? 0 : type.hashCode());
result = prime * result + ((value == null) ? 0 : value.hashCode());
return result;
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null)
return false;
if (getClass() != obj.getClass())
return false;
AllowedEntity other = (AllowedEntity) obj;
if (type != other.type)
return false;
if (value == null) {
if (other.value != null)
return false;
} else if (!value.equals(other.value))
return false;
return true;
}
@Override
public String toString() {
return "AllowedEntity [type=" + type + ", value=" + value + "]";
}
}

88
src/main/java/org/gcube/common/authorizationservice/configuration/AuthorizationConfiguration.java Normal file
View File

@ -0,0 +1,88 @@
package org.gcube.common.authorizationservice.configuration;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;
@XmlRootElement(name="Configuration")
@XmlAccessorType(XmlAccessType.FIELD)
public class AuthorizationConfiguration {
@XmlElement(name="Rule")
private List<AuthorizationRule> authorizationRules = new ArrayList<AuthorizationRule>();
@XmlElement(name="AllowedContainerIp")
private List<String> allowedContainerIps = new ArrayList<String>();
protected AuthorizationConfiguration(){}
public List<AuthorizationRule> getAuthorizationRules() {
return Collections.unmodifiableList(authorizationRules);
}
protected void setAuthorizationRules(List<AuthorizationRule> rules) {
this.authorizationRules = rules;
}
public List<String> getAllowedContainerIps() {
return allowedContainerIps;
}
protected void setAllowedContainerIps(
List<String> allowedContainerIps) {
this.allowedContainerIps = allowedContainerIps;
}
@Override
public int hashCode() {
final int prime = 31;
int result = 1;
result = prime
* result
+ ((allowedContainerIps == null) ? 0 : allowedContainerIps
.hashCode());
result = prime
* result
+ ((authorizationRules == null) ? 0 : authorizationRules
.hashCode());
return result;
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null)
return false;
if (getClass() != obj.getClass())
return false;
AuthorizationConfiguration other = (AuthorizationConfiguration) obj;
if (allowedContainerIps == null) {
if (other.allowedContainerIps != null)
return false;
} else if (!allowedContainerIps.equals(other.allowedContainerIps))
return false;
if (authorizationRules == null) {
if (other.authorizationRules != null)
return false;
} else if (!authorizationRules.equals(other.authorizationRules))
return false;
return true;
}
@Override
public String toString() {
return "AuthorizationConfiguration [authorizationRules="
+ authorizationRules + ", allowedContainerIps="
+ allowedContainerIps + "]";
}
}

89
src/main/java/org/gcube/common/authorizationservice/configuration/AuthorizationRule.java Normal file
View File

@ -0,0 +1,89 @@
package org.gcube.common.authorizationservice.configuration;
import java.util.ArrayList;
import java.util.List;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;
@XmlRootElement(name="Rule")
@XmlAccessorType(XmlAccessType.FIELD)
public class AuthorizationRule {
@XmlAttribute(name="path")
private String servletPath;
@XmlAttribute(name="requiresToken")
private boolean requiresToken = true;
@XmlElement(name="Entity")
private List<AllowedEntity> entities= new ArrayList<AllowedEntity>();
protected AuthorizationRule(){}
public AuthorizationRule(String servletPath, List<AllowedEntity> entities, boolean requiresToken) {
super();
this.servletPath = servletPath;
this.entities = entities;
this.requiresToken = requiresToken;
}
public String getServletPath() {
return servletPath;
}
public List<AllowedEntity> getEntities() {
return entities;
}
public boolean isTokenRequired() {
return requiresToken;
}
@Override
public int hashCode() {
final int prime = 31;
int result = 1;
result = prime * result
+ ((entities == null) ? 0 : entities.hashCode());
result = prime * result
+ ((servletPath == null) ? 0 : servletPath.hashCode());
return result;
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null)
return false;
if (getClass() != obj.getClass())
return false;
AuthorizationRule other = (AuthorizationRule) obj;
if (entities == null) {
if (other.entities != null)
return false;
} else if (!entities.equals(other.entities))
return false;
if (servletPath == null) {
if (other.servletPath != null)
return false;
} else if (!servletPath.equals(other.servletPath))
return false;
return true;
}
@Override
public String toString() {
return "AuthorizationRule [servletPath=" + servletPath + ", entities="
+ entities + " requiresToken= "+requiresToken+"]";
}
}

35
src/main/java/org/gcube/common/authorizationservice/configuration/ConfigurationBuilder.java Normal file
View File

@ -0,0 +1,35 @@
package org.gcube.common.authorizationservice.configuration;
import java.util.ArrayList;
import java.util.List;
public class ConfigurationBuilder {
List<AuthorizationRule> rules = new ArrayList<AuthorizationRule>();
List<String> ips = new ArrayList<String>();
public static ConfigurationBuilder getBuilder(){
return new ConfigurationBuilder();
}
public ConfigurationBuilder rule(AuthorizationRule rule){
this.rules.add(rule);
return this;
}
public ConfigurationBuilder autoConfirmedIp(String ip){
this.ips.add(ip);
return this;
}
public AuthorizationConfiguration build(){
AuthorizationConfiguration configuration = new AuthorizationConfiguration();
configuration.setAuthorizationRules(rules);
configuration.setAllowedContainerIps(ips);
return configuration;
}
}

22
src/main/java/org/gcube/common/authorizationservice/configuration/ConfigurationHolder.java Normal file
View File

@ -0,0 +1,22 @@
package org.gcube.common.authorizationservice.configuration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class ConfigurationHolder {
private static Logger logger = LoggerFactory.getLogger(ConfigurationHolder.class);
private static AuthorizationConfiguration configuration;
public static AuthorizationConfiguration getConfiguration() {
logger.trace("getting configuration {}",configuration);
return configuration;
}
public static void setConfiguration(AuthorizationConfiguration authConfiguration) {
logger.trace("setting configuration {}",authConfiguration);
configuration = authConfiguration;
}
}

47
src/main/java/org/gcube/common/authorizationservice/configuration/RuleBuilder.java Normal file
View File

@ -0,0 +1,47 @@
package org.gcube.common.authorizationservice.configuration;
import java.util.ArrayList;
import java.util.List;
public class RuleBuilder {
private String servletPath;
private List<AllowedEntity> entities = new ArrayList<AllowedEntity>();
private boolean requiresToken= true;
public RuleBuilder(){}
public RuleBuilder path(String servletPath){
this.servletPath = servletPath;
return this;
}
public RuleBuilder entity(AllowedEntity entity){
this.entities.add(entity);
return this;
}
public RuleBuilder needsToken(boolean needsToken){
this.requiresToken= needsToken;
return this;
}
protected String getServletPath() {
return servletPath;
}
protected List<AllowedEntity> getEntities() {
return entities;
}
protected boolean isRequiresToken() {
return requiresToken;
}
public AuthorizationRule build(){
return new AuthorizationRule(servletPath, entities, requiresToken);
}
}

36
src/main/java/org/gcube/common/authorizationservice/filters/ApplicationInitializer.java Normal file
View File

@ -0,0 +1,36 @@
package org.gcube.common.authorizationservice.filters;
import javax.servlet.ServletContextEvent;
import javax.servlet.ServletContextListener;
import javax.servlet.annotation.WebListener;
import javax.xml.bind.JAXBContext;
import lombok.extern.slf4j.Slf4j;
import org.gcube.common.authorizationservice.configuration.AuthorizationConfiguration;
import org.gcube.common.authorizationservice.configuration.ConfigurationHolder;
@WebListener
@Slf4j
public class ApplicationInitializer implements ServletContextListener{
@Override
public void contextInitialized(ServletContextEvent sce) {
log.info("initilaizing the context");
try {
JAXBContext context = JAXBContext.newInstance(AuthorizationConfiguration.class);
ConfigurationHolder.setConfiguration(
(AuthorizationConfiguration)context.createUnmarshaller().unmarshal(
sce.getServletContext().getResourceAsStream("WEB-INF/AuthorizationConfiguration.xml")));
} catch (Exception e) {
log.error("error loading configuration", e);
}
log.info("context initialized");
}
@Override
public void contextDestroyed(ServletContextEvent sce) {
}
}

154
src/main/java/org/gcube/common/authorizationservice/filters/AuthorizedCallFilter.java Normal file
View File

@ -0,0 +1,154 @@
package org.gcube.common.authorizationservice.filters;
import java.io.IOException;
import java.util.List;
import javax.inject.Inject;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.extern.slf4j.Slf4j;
import org.gcube.common.authorization.library.AuthorizationEntry;
import org.gcube.common.authorizationservice.configuration.AllowedEntity;
import org.gcube.common.authorizationservice.configuration.AuthorizationConfiguration;
import org.gcube.common.authorizationservice.configuration.AuthorizationRule;
import org.gcube.common.authorizationservice.configuration.ConfigurationHolder;
import org.gcube.common.authorizationservice.util.TokenPersistence;
@WebFilter(urlPatterns={"/*"}, filterName="authorizationFilter")
@Slf4j
public class AuthorizedCallFilter implements Filter {
private static final String TOKEN_HEADER="gcube-token";
public static final String AUTH_ATTRIBUTE="authorizationInfo";
@Inject
TokenPersistence persistence;
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
String token = request.getParameter(TOKEN_HEADER)==null?((HttpServletRequest)request).getHeader(TOKEN_HEADER):
request.getParameter(TOKEN_HEADER);
AuthorizationEntry info = null;
if (token!=null){
info = persistence.getAuthorizationEntry(token);
log.info("call from {} ",info);
} else log.info("call without token");
request.setAttribute(AUTH_ATTRIBUTE, info);
String pathInfo = ((HttpServletRequest) request).getPathInfo();
log.info("called path {}", pathInfo);
if (requiresToken(pathInfo) && token==null ){
((HttpServletResponse)response).sendError(HttpServletResponse.SC_UNAUTHORIZED);
log.info("call rejected from filters, call requires caller token");
return;
}
String callerIp = ((HttpServletRequest)request).getHeader("x-forwarded-for");
if(callerIp==null)
callerIp=request.getRemoteHost();
log.info("caller ip {}", callerIp);
/*X509Certificate certs[] =
(X509Certificate[])req.getAttribute("javax.servlet.request.X509Certificate");
// ... Test if non-null, non-empty.
X509Certificate clientCert = certs[0];
// Get the Subject DN's X500Principal
X500Principal subjectDN = clientCert.getSubjectX500Principal();*/
if (!checkAllowed(pathInfo, callerIp, info)){
((HttpServletResponse)response).sendError(HttpServletResponse.SC_UNAUTHORIZED);
log.info("call rejected from filters");
return;
}
chain.doFilter(request, response);
}
private boolean requiresToken(String pathInfo) {
AuthorizationConfiguration conf = ConfigurationHolder.getConfiguration();
List<AuthorizationRule> rules = conf.getAuthorizationRules();
for (AuthorizationRule rule: rules)
if (pathInfo.startsWith(rule.getServletPath()) || pathInfo.equals(rule.getServletPath()))
return rule.isTokenRequired();
return false;
}
private boolean checkAllowed(String pathInfo, String callerIp, AuthorizationEntry info){
AuthorizationConfiguration conf = ConfigurationHolder.getConfiguration();
List<AuthorizationRule> rules = conf.getAuthorizationRules();
for (AuthorizationRule rule: rules){
if (!rule.getEntities().isEmpty() && (pathInfo.startsWith(rule.getServletPath()) || pathInfo.equals(rule.getServletPath()))){
for (AllowedEntity entity : rule.getEntities()){
switch(entity.getType()){
case IP:
log.trace("checking ip rule : {} -> {}", entity.getValue(), callerIp);
if(checkIpInRange(callerIp, entity.getValue()))
return true;
break;
case USER:
log.trace("checking user rule : {} -> {}", entity.getValue(), info.getClientInfo().getId());
if (entity.getValue().equals(info.getClientInfo().getId()))
return entity.getValue().equals(info.getClientInfo().getId());
break;
case ROLE:
log.trace("checking role rule : {} -> {}", entity.getValue(), info.getClientInfo().getRoles());
if (info.getClientInfo().getRoles().contains(entity.getValue()))
return true;
break;
}
}
//IF a servlet path matches the caller is not allowed to that servlet (the call should be rejected)
return false;
}
}
return true;
}
private static boolean checkIpInRange(String ip, String mask) {
String[] maskArray = mask.split("\\.");
String[] ipArray = ip.split("\\.");
int[] maskByte= new int[4];
int[] ipByte = new int[4];
for (int i=0; i<4; i++){
maskByte[i] = ((Integer)Integer.parseInt(maskArray[i])).byteValue();
ipByte[i] = ((Integer)Integer.parseInt(ipArray[i])).byteValue();
}
return (maskByte[0]==0 || maskByte[0]==ipByte[0]) && (maskByte[1]==0 || maskByte[1]==ipByte[1]) &&
(maskByte[2]==0 || maskByte[2]==ipByte[2]) && (maskByte[3]==0 || maskByte[3]==ipByte[3]);
}
@Override
public void destroy() {}
}

322
src/main/java/org/gcube/common/authorizationservice/persistence/RelationDBPersistence.java Normal file
View File

@ -0,0 +1,322 @@
package org.gcube.common.authorizationservice.persistence;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.inject.Inject;
import javax.inject.Singleton;
import javax.persistence.EntityManager;
import javax.persistence.EntityManagerFactory;
import javax.persistence.NoResultException;
import javax.persistence.TypedQuery;
import lombok.extern.slf4j.Slf4j;
import org.gcube.common.authorization.library.AuthorizationEntry;
import org.gcube.common.authorization.library.policies.Policy;
import org.gcube.common.authorization.library.policies.PolicyType;
import org.gcube.common.authorization.library.policies.Service2ServicePolicy;
import org.gcube.common.authorization.library.policies.User2ServicePolicy;
import org.gcube.common.authorization.library.provider.ClientInfo;
import org.gcube.common.authorization.library.provider.ContainerInfo;
import org.gcube.common.authorization.library.provider.ExternalServiceInfo;
import org.gcube.common.authorization.library.provider.ServiceIdentifier;
import org.gcube.common.authorization.library.provider.ServiceInfo;
import org.gcube.common.authorization.library.provider.UserInfo;
import org.gcube.common.authorizationservice.persistence.entities.AuthorizationEntity;
import org.gcube.common.authorizationservice.persistence.entities.AuthorizationId;
import org.gcube.common.authorizationservice.persistence.entities.EntityConstants;
import org.gcube.common.authorizationservice.persistence.entities.ExternalServiceAuthorizationEntity;
import org.gcube.common.authorizationservice.persistence.entities.NodeAuthorizationEntity;
import org.gcube.common.authorizationservice.persistence.entities.PolicyEntity;
import org.gcube.common.authorizationservice.persistence.entities.ServiceAuthorizationEntity;
import org.gcube.common.authorizationservice.persistence.entities.ServicePolicyEntity;
import org.gcube.common.authorizationservice.persistence.entities.UserAuthorizationEntity;
import org.gcube.common.authorizationservice.persistence.entities.UserPolicyEntity;
import org.gcube.common.authorizationservice.util.TokenPersistence;
@Singleton
@Slf4j
public class RelationDBPersistence implements TokenPersistence{
@Inject
EntityManagerFactory emFactory;
//ONLY FOR TEST PURPOSE
public void setEntitymanagerFactory(EntityManagerFactory emf){
this.emFactory = emf;
}
@Override
public AuthorizationEntry getAuthorizationEntry(String token) {
EntityManager em = emFactory.createEntityManager();
try{
//retrieve entity for token
TypedQuery<AuthorizationEntity> query = em.createNamedQuery("Authz.get", AuthorizationEntity.class);
query.setParameter("token", token);
AuthorizationEntity authEntity;
try{
em.getTransaction().begin();
authEntity = query.getSingleResult();
authEntity.setLastTimeUsed(Calendar.getInstance());
em.merge(authEntity);
em.getTransaction().commit();
}catch (NoResultException e){
log.warn("no result found for token {}",token);
return null;
}
if (authEntity.getEntryType().equals(EntityConstants.SERVICE_AUTHORIZATION)){
ServiceAuthorizationEntity sAuth = (ServiceAuthorizationEntity) authEntity;
return new AuthorizationEntry(sAuth.getInfo(), sAuth.getContext(), retrievePolicies(sAuth, em), sAuth.getQualifier());
} else if (authEntity.getEntryType().equals(EntityConstants.USER_AUTHORIZATION)){
UserAuthorizationEntity uAuth = (UserAuthorizationEntity) authEntity;
return new AuthorizationEntry(uAuth.getInfo(), uAuth.getContext(), retrievePolicies(uAuth, em), uAuth.getQualifier());
} else if (authEntity.getEntryType().equals(EntityConstants.EXTERNAL_SERVICE_AUTHORIZATION)){
ExternalServiceAuthorizationEntity uAuth = (ExternalServiceAuthorizationEntity) authEntity;
return new AuthorizationEntry(uAuth.getInfo(), uAuth.getContext(), new ArrayList<Policy>(), uAuth.getQualifier());
} else if (authEntity.getEntryType().equals(EntityConstants.CONTAINER_AUTHORIZATION)){
NodeAuthorizationEntity uAuth = (NodeAuthorizationEntity) authEntity;
return new AuthorizationEntry(uAuth.getInfo(), uAuth.getContext(), new ArrayList<Policy>(), uAuth.getQualifier());
} else throw new IllegalArgumentException("entryType cannot be mapped");
}catch(Throwable t){
log.error("error retrieving authorization entry",t);
return null;
}finally{
em.close();
}
}
@Override
public String getExistingToken(String clientId, String context, String qualifier) {
EntityManager em = emFactory.createEntityManager();
try{
AuthorizationEntity authEntity = em.find(AuthorizationEntity.class, new AuthorizationId(context, clientId, qualifier));
if (authEntity!=null)
return authEntity.getToken();
return null;
}finally{
em.close();
}
}
@Override
public void saveAuthorizationEntry(String token, String context,
ClientInfo info, String tokenQualifier, String generatedBy) {
AuthorizationEntity authEntity = null;
if (info instanceof UserInfo)
authEntity = new UserAuthorizationEntity(token, context, tokenQualifier, (UserInfo) info);
else if (info instanceof ServiceInfo) authEntity = new ServiceAuthorizationEntity(token, context, tokenQualifier, (ServiceInfo) info, generatedBy);
else if (info instanceof ExternalServiceInfo) authEntity = new ExternalServiceAuthorizationEntity(token, context, tokenQualifier, (ExternalServiceInfo) info, generatedBy);
else authEntity = new NodeAuthorizationEntity(token, context, tokenQualifier, (ContainerInfo) info, generatedBy);
EntityManager em = emFactory.createEntityManager();
try{
em.getTransaction().begin();
em.persist(authEntity);
em.getTransaction().commit();
}catch(RuntimeException e){
log.error("error saving authorization Entry", e);
em.getTransaction().rollback();
throw e;
} finally{
em.close();
}
}
@Override
public void addPolicies(List<Policy> polices) {
EntityManager em = emFactory.createEntityManager();
try{
em.getTransaction().begin();
for (Policy policy: polices)
if (policy.getPolicyType()==PolicyType.SERVICE){
Service2ServicePolicy s2sPolicy = (Service2ServicePolicy) policy;
em.persist(new ServicePolicyEntity(s2sPolicy.getContext(), s2sPolicy.getServiceAccess(), s2sPolicy.getClient(), s2sPolicy.getMode()));
} else {
User2ServicePolicy u2sPolicy = (User2ServicePolicy) policy;
em.persist(new UserPolicyEntity(u2sPolicy.getContext(), u2sPolicy.getServiceAccess(), u2sPolicy.getEntity(), u2sPolicy.getMode()));
}
em.getTransaction().commit();
}catch (Exception e) {
em.close();
}
}
@Override
public void removePolicy(long policyId) {
EntityManager em = emFactory.createEntityManager();
try{
em.getTransaction().begin();
PolicyEntity entity = em.find(PolicyEntity.class, policyId);
if (entity!= null){
em.remove(entity);
//TODO: throw an exception
}
else log.warn("policy with id {} not found", policyId);
em.getTransaction().commit();
}catch (Exception e) {
log.error("error removing policy with id {}", policyId);
em.close();
}
}
@Override
public List<Policy> getPolices(String context) {
List<Policy> policiesToReturn = new ArrayList<Policy>();
EntityManager em = emFactory.createEntityManager();
try{
TypedQuery<PolicyEntity> query = em.createNamedQuery("Policy.all", PolicyEntity.class);
query.setParameter("context", context);
for (PolicyEntity pEntity: query.getResultList()){
Policy policy;
if (pEntity.getPolicyType().equals(EntityConstants.SERVICE_POLICY)){
policy = new Service2ServicePolicy(context, pEntity.getServiceAccess(), ((ServicePolicyEntity) pEntity).getClientAccess(), pEntity.getAction());
}else
policy = new User2ServicePolicy(context, pEntity.getServiceAccess(), ((UserPolicyEntity) pEntity).getUser(), pEntity.getAction());
policy.setId(pEntity.getId());
policy.setCreationTime(pEntity.getCreationTime());
policy.setLastUpdateTime(pEntity.getLastUpdateTime());
policiesToReturn.add(policy);
}
}finally{
em.close();
}
return policiesToReturn;
}
@Override
public List<Policy> getPolicesByType(String context, PolicyType type) {
// TODO Auto-generated method stub
return null;
}
@Override
public List<Policy> getPolicesByTypeAndClientId(String context, PolicyType type, String clientId) {
// TODO Auto-generated method stub
return null;
}
private List<Policy> retrievePolicies(UserAuthorizationEntity uAuth, EntityManager em){
List<Policy> policies = new ArrayList<Policy>();
TypedQuery<UserPolicyEntity> queryU = em.createNamedQuery("UserPolicy.get", UserPolicyEntity.class);
queryU.setParameter("context", uAuth.getContext());
queryU.setParameter("user", uAuth.getInfo().getId());
if (!uAuth.getInfo().getRoles().isEmpty())
queryU.setParameter("rolesList", uAuth.getInfo().getRoles());
else queryU.setParameter("rolesList", Collections.singleton(""));
List<UserPolicyEntity> userPolicies = queryU.getResultList();
for (UserPolicyEntity uPolicy: userPolicies){
User2ServicePolicy u2sP = new User2ServicePolicy(uPolicy.getContext(), uPolicy.getServiceAccess(), uPolicy.getUser(), uPolicy.getAction());
u2sP.setCreationTime(uPolicy.getCreationTime());
u2sP.setLastUpdateTime(uPolicy.getLastUpdateTime());
policies.add(u2sP);
}
log.debug("user policies found are {}", policies);
return policies;
}
private List<Policy> retrievePolicies(ServiceAuthorizationEntity sAuth, EntityManager em){
List<Policy> policies = new ArrayList<Policy>();
ServiceIdentifier sIdentifier = ((ServiceInfo)sAuth.getInfo()).getServiceIdentifier();
TypedQuery<ServicePolicyEntity> queryS = em.createNamedQuery("ServicePolicy.get", ServicePolicyEntity.class);
queryS.setParameter("context", sAuth.getContext());
queryS.setParameter("serviceClass", sIdentifier.getServiceClass());
queryS.setParameter("serviceName", sIdentifier.getServiceName());
queryS.setParameter("identifier", sIdentifier.getServiceId());
List<ServicePolicyEntity> servicePolicies = queryS.getResultList();
for (ServicePolicyEntity sPolicy: servicePolicies){
Service2ServicePolicy s2sP = new Service2ServicePolicy(sPolicy.getContext(), sPolicy.getServiceAccess(), sPolicy.getClientAccess(), sPolicy.getAction());
s2sP.setCreationTime(sPolicy.getCreationTime());
s2sP.setLastUpdateTime(sPolicy.getLastUpdateTime());
policies.add(s2sP);
}
log.debug("service policies found are {}", policies);
return policies;
}
@Override
public Map<String, String> getExistingApiKeys(String clientId, String context) {
EntityManager em = emFactory.createEntityManager();
try{
TypedQuery<AuthorizationEntity> queryS = em.createNamedQuery("Authz.getQualifiers", AuthorizationEntity.class);
queryS.setParameter("context", context);
queryS.setParameter("clientId", clientId);
List<AuthorizationEntity> apikeys = queryS.getResultList();
Map<String, String> qualifiers = new HashMap<String, String>();
for (AuthorizationEntity apikey: apikeys)
qualifiers.put(apikey.getQualifier(), apikey.getToken());
return qualifiers;
}finally{
em.close();
}
}
@Override
public void removeApiKey(String token) {
EntityManager em = emFactory.createEntityManager();
try{
em.getTransaction().begin();
TypedQuery<AuthorizationEntity> queryS = em.createNamedQuery("Authz.getByToken", AuthorizationEntity.class);
queryS.setParameter("token", token);
AuthorizationEntity authEntry = queryS.getSingleResult();
if (authEntry != null)
em.remove(authEntry);
em.getTransaction().commit();
}catch (Exception e) {
log.error("error removing apikey {}", token);
em.close();
}
}
/* @Override
public Key getSymmetricKey(String token) {
EntityManager em = emFactory.createEntityManager();
try{
//retrieve entity for token
TypedQuery<AuthorizationEntity> query = em.createNamedQuery("Authz.get", AuthorizationEntity.class);
query.setParameter("token", token);
AuthorizationEntity authEntity;
try{
authEntity = query.getSingleResult();
}catch (NoResultException e){
log.warn("no result found for token {}",token);
return null;
}
return authEntity.getApiSymmetricKey();
}catch(Throwable t){
log.error("error retrieving key fro token {}",token, t);
return null;
}finally{
em.close();
}
}*/
}

236
src/main/java/org/gcube/common/authorizationservice/persistence/entities/AuthorizationEntity.java Normal file
View File

@ -0,0 +1,236 @@
package org.gcube.common.authorizationservice.persistence.entities;
import java.util.Calendar;
import java.util.List;
import javax.persistence.Column;
import javax.persistence.Convert;
import javax.persistence.DiscriminatorColumn;
import javax.persistence.Embeddable;
import javax.persistence.Embedded;
import javax.persistence.EmbeddedId;
import javax.persistence.Entity;
import javax.persistence.Inheritance;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
import javax.persistence.Table;
import javax.persistence.Temporal;
import javax.persistence.TemporalType;
import javax.persistence.Transient;
import org.gcube.common.authorization.library.provider.ClientInfo;
import org.gcube.common.authorization.library.provider.ContainerInfo;
import org.gcube.common.authorization.library.provider.ExternalServiceInfo;
import org.gcube.common.authorization.library.provider.ServiceIdentifier;
import org.gcube.common.authorization.library.provider.ServiceInfo;
import org.gcube.common.authorization.library.provider.UserInfo;
import org.gcube.common.authorizationservice.persistence.entities.ServicePolicyEntity.ServiceAccessEntity;
import org.gcube.common.authorizationservice.persistence.entities.converters.StringListConverter;
import org.gcube.common.authorizationservice.util.Constants;
import org.jboss.weld.exceptions.IllegalArgumentException;
@Entity
@Inheritance
@DiscriminatorColumn(name="EntryType")
@Table(name="Authorizations")
@NamedQueries({
@NamedQuery(name="Authz.get", query="SELECT DISTINCT info FROM AuthorizationEntity info WHERE "
+ " info.token=:token"),
@NamedQuery(name="Authz.getQualifiers", query="SELECT DISTINCT info FROM AuthorizationEntity info WHERE "
+ " info.id.qualifier!='"+Constants.DEFAULT_TOKEN_QUALIFIER+"' AND info.id.clientId=:clientId AND info.id.context=:context"),
@NamedQuery(name="Authz.getByToken", query="SELECT DISTINCT info FROM AuthorizationEntity info WHERE "
+ " info.token=:token")
})
public abstract class AuthorizationEntity {
private static final String DEFAULT_GENERATOR ="default";
@EmbeddedId
AuthorizationId id;
@Column(unique=true)
String token;
@Column
String generatedBy = DEFAULT_GENERATOR;
@Transient
ClientInfo info;
@Embedded
private ClientInfoEntity internalInfo;
@Temporal(TemporalType.TIMESTAMP)
@Column
Calendar creationTime;
@Temporal(TemporalType.TIMESTAMP)
@Column(nullable=true)
Calendar lastTimeUsed;
@Column(name="EntryType")
String entryType;
protected AuthorizationEntity() {
super();
}
public AuthorizationEntity(String token, String context, ClientInfo clientInfo, String qualifier, String entryType ) {
super();
this.id = new AuthorizationId(context, clientInfo.getId(), qualifier);
this.token = token;
this.entryType = entryType;
this.creationTime = Calendar.getInstance();
this.info = clientInfo;
this.internalInfo = retriveInternalInfo(this.info);
}
public AuthorizationEntity(String token, String context, ClientInfo clientInfo, String qualifier, String entryType, String generatedBy ) {
this(token, context, clientInfo, qualifier, entryType);
this.generatedBy = generatedBy;
}
public String getToken() {
return this.token;
}
public String getContext() {
return id.context;
}
public String getClientId() {
return id.clientId;
}
public ClientInfo getInfo() {
if (this.info == null)
this.info = retieveInfo();
return this.info;
}
public String getEntryType() {
return entryType;
}
public String getGeneratedBy() {
return generatedBy;
}
public void setGeneratedBy(String generatedBy) {
this.generatedBy = generatedBy;
}
public String getQualifier(){
return id.qualifier;
}
public Calendar getLastTimeUsed() {
return lastTimeUsed;
}
public void setLastTimeUsed(Calendar lastTimeUsed) {
this.lastTimeUsed = lastTimeUsed;
}
private ClientInfo retieveInfo() {
switch (entryType) {
case EntityConstants.USER_AUTHORIZATION:
return new UserInfo(this.internalInfo.identifier, this.internalInfo.roles);
case EntityConstants.SERVICE_AUTHORIZATION:
return new ServiceInfo(new ServiceIdentifier(this.internalInfo.service.clientServiceClass, this.internalInfo.service.clientServiceName, this.internalInfo.service.clientServiceIdentifier));
case EntityConstants.EXTERNAL_SERVICE_AUTHORIZATION:
return new ExternalServiceInfo(this.internalInfo.identifier, this.internalInfo.generatedBy);
case EntityConstants.CONTAINER_AUTHORIZATION:
return new ContainerInfo(this.internalInfo.host, this.internalInfo.port);
default:
throw new IllegalArgumentException("invalid entity type");
}
}
private ClientInfoEntity retriveInternalInfo(ClientInfo info2) {
switch (entryType) {
case EntityConstants.USER_AUTHORIZATION:
return ClientInfoEntity.forUser(info.getId(), info.getRoles());
case EntityConstants.SERVICE_AUTHORIZATION:
ServiceIdentifier identifier = ((ServiceInfo) this.info).getServiceIdentifier();
return ClientInfoEntity.forService(identifier.getServiceClass(), identifier.getServiceName(), identifier.getServiceId());
case EntityConstants.EXTERNAL_SERVICE_AUTHORIZATION:
ExternalServiceInfo externalServiceInfo = (ExternalServiceInfo) this.info;
return ClientInfoEntity.forExternalService(externalServiceInfo.getId(), externalServiceInfo.getGeneratedBy());
case EntityConstants.CONTAINER_AUTHORIZATION:
ContainerInfo containerInfo = (ContainerInfo) this.info;
return ClientInfoEntity.forContainer(containerInfo.getHost(), containerInfo.getPort());
default:
throw new IllegalArgumentException("invalid entity type");
}
}
@Override
public String toString() {
return "AuthorizationEntity [id=" + id + ", token=" + token
+ ", creationTime=" + creationTime + ", entryType=" + entryType
+ "]";
}
@Embeddable
private static class ClientInfoEntity {
// userInfo
@Column(name="info_identifier")
private String identifier;
@Column(name="info_roles", length=2000)
@Convert(converter=StringListConverter.class)
private List<String> roles;
//serviceInfo
@Embedded
private ServiceAccessEntity service;
//external service info
@Column(name="info_generatedby")
private String generatedBy;
//containerInfo
@Column(name="info_host")
private String host;
@Column(name="info_port")
private int port;
protected static ClientInfoEntity forExternalService(String identifier, String generatedBy){
ClientInfoEntity entry =new ClientInfoEntity();
entry.generatedBy= generatedBy;
entry.identifier = identifier;
return entry;
}
protected static ClientInfoEntity forService(String serviceClass, String serviceName, String serviceId){
ClientInfoEntity entry =new ClientInfoEntity();
ServiceAccessEntity service = new ServiceAccessEntity();
service.clientServiceClass = serviceClass;
service.clientServiceName = serviceName;
service.clientServiceIdentifier = serviceId;
entry.service = service;
return entry;
}
protected static ClientInfoEntity forUser(String identifier, List<String> roles){
ClientInfoEntity entry =new ClientInfoEntity();
entry.roles= roles;
entry.identifier = identifier;
return entry;
}
protected static ClientInfoEntity forContainer(String host, int port){
ClientInfoEntity entry =new ClientInfoEntity();
entry.host = host;
entry.port = port;
return entry;
}
}
}

30
src/main/java/org/gcube/common/authorizationservice/persistence/entities/AuthorizationId.java Normal file
View File

@ -0,0 +1,30 @@
package org.gcube.common.authorizationservice.persistence.entities;
import javax.persistence.Embeddable;
@Embeddable
public class AuthorizationId {
String context;
String clientId;
String qualifier;
protected AuthorizationId() {
super();
}
public AuthorizationId(String context, String clientId, String qualifier) {
super();
this.context = context;
this.clientId = clientId;
this.qualifier = qualifier;
}
@Override
public String toString() {
return "AuthorizationId [context=" + context
+ ", clientId=" + clientId + " qualifier ="+qualifier+"]";
}
}

13
src/main/java/org/gcube/common/authorizationservice/persistence/entities/EntityConstants.java Normal file
View File

@ -0,0 +1,13 @@
package org.gcube.common.authorizationservice.persistence.entities;
public class EntityConstants {
public static final String USER_POLICY="UserPolicy";
public static final String SERVICE_POLICY="ServicePolicy";
public static final String USER_AUTHORIZATION="UserInfo";
public static final String SERVICE_AUTHORIZATION="ServiceInfo";
public static final String EXTERNAL_SERVICE_AUTHORIZATION="ExternalServiceInfo";
public static final String CONTAINER_AUTHORIZATION="ContainerServiceInfo";
}

32
src/main/java/org/gcube/common/authorizationservice/persistence/entities/EntityQueries.java Normal file
View File

@ -0,0 +1,32 @@
package org.gcube.common.authorizationservice.persistence.entities;
public class EntityQueries {
public static final String SERVICE_POLICY_GET ="SELECT DISTINCT p FROM ServicePolicyEntity p LEFT JOIN FETCH p.excludes ae WHERE "
+ " p.context=:context AND (( p.excludeType=org.gcube.common.authorizationservice.persistence.entities.ExcludeType.NOTEXCLUDE " +
" AND (( p.clientAccessEntity.clientServiceClass = null AND p.clientAccessEntity.clientServiceName=null AND p.clientAccessEntity.clientServiceIdentifier=null) OR" +
" ( p.clientAccessEntity.clientServiceClass = :serviceClass AND p.clientAccessEntity.clientServiceName=null AND p.clientAccessEntity.clientServiceIdentifier=null) OR" +
" ( p.clientAccessEntity.clientServiceClass = :serviceClass AND p.clientAccessEntity.clientServiceName=:serviceName AND p.clientAccessEntity.clientServiceIdentifier=null) OR" +
" ( p.clientAccessEntity.clientServiceClass = :serviceClass AND p.clientAccessEntity.clientServiceName=:serviceName AND p.clientAccessEntity.clientServiceIdentifier=:identifier)))" +
" OR ( p.excludeType=org.gcube.common.authorizationservice.persistence.entities.ExcludeType.EXCLUDE AND NOT(( ae.clientServiceClass = null AND ae.clientServiceName=null AND ae.clientServiceIdentifier=null) OR" +
" ( ae.clientServiceClass = :serviceClass AND ae.clientServiceName=null AND ae.clientServiceIdentifier=null) OR" +
" ( ae.clientServiceClass = :serviceClass AND ae.clientServiceName=:serviceName AND ae.clientServiceIdentifier=null) OR" +
" ( ae.clientServiceClass = :serviceClass AND ae.clientServiceName=:serviceName AND ae.clientServiceIdentifier=:identifier))))";
public static final String USER_POLICY_GET = "SELECT policy FROM UserPolicyEntity policy WHERE "
+ " policy.context=:context AND (( policy.type=org.gcube.common.authorization.library.policies.UserEntity$UserEntityType.ROLE AND policy.identifier in :rolesList) " +
"OR (policy.type=org.gcube.common.authorization.library.policies.UserEntity$UserEntityType.USER AND policy.identifier=:user ) OR " +
" ( policy.type=org.gcube.common.authorization.library.policies.UserEntity$UserEntityType.ROLE AND policy.excludes not in :rolesList) OR" +
" (policy.type=org.gcube.common.authorization.library.policies.UserEntity$UserEntityType.USER AND :user not in (policy.excludes)))";
/*
OR (SELECT count(*) FROM p.excludes ae where (( ae.clientServiceClass = null AND ae.clientServiceName=null AND ae.clientServiceIdentifier=null) OR" +
" ( ae.clientServiceClass = :serviceClass AND ae.clientServiceName=null AND ae.clientServiceIdentifier=null) OR" +
" ( ae.clientServiceClass = :serviceClass AND ae.clientServiceName=:serviceName AND ae.clientServiceIdentifier=null) OR" +
" ( ae.clientServiceClass = :serviceClass AND ae.clientServiceName=:serviceName AND ae.clientServiceIdentifier=:identifier)))
*/
}

6
src/main/java/org/gcube/common/authorizationservice/persistence/entities/ExcludeType.java Normal file
View File

@ -0,0 +1,6 @@
package org.gcube.common.authorizationservice.persistence.entities;
public enum ExcludeType {
EXCLUDE, NOTEXCLUDE
}

30
src/main/java/org/gcube/common/authorizationservice/persistence/entities/ExternalServiceAuthorizationEntity.java Normal file
View File

@ -0,0 +1,30 @@
package org.gcube.common.authorizationservice.persistence.entities;
import javax.persistence.DiscriminatorValue;
import javax.persistence.Entity;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
import org.gcube.common.authorization.library.provider.ExternalServiceInfo;
@Entity
@DiscriminatorValue(EntityConstants.EXTERNAL_SERVICE_AUTHORIZATION)
@NamedQueries({
@NamedQuery(name="ExternalService.get", query="SELECT info FROM ExternalServiceAuthorizationEntity info WHERE "
+ " info.token=:token AND info.id.context=:context AND info.id.clientId=:clientId")
})
public class ExternalServiceAuthorizationEntity extends AuthorizationEntity{
@SuppressWarnings("unused")
private ExternalServiceAuthorizationEntity(){}
public ExternalServiceAuthorizationEntity(String token, String context, String qualifier,
ExternalServiceInfo externalServiceInfo, String generatedBy) {
super(token, context, externalServiceInfo, qualifier, EntityConstants.SERVICE_AUTHORIZATION, generatedBy);
}
}

21
src/main/java/org/gcube/common/authorizationservice/persistence/entities/NodeAuthorizationEntity.java Normal file
View File

@ -0,0 +1,21 @@
package org.gcube.common.authorizationservice.persistence.entities;
import javax.persistence.DiscriminatorValue;
import javax.persistence.Entity;
import org.gcube.common.authorization.library.provider.ContainerInfo;
@Entity
@DiscriminatorValue(EntityConstants.CONTAINER_AUTHORIZATION)
public class NodeAuthorizationEntity extends AuthorizationEntity{
@SuppressWarnings("unused")
private NodeAuthorizationEntity(){}
public NodeAuthorizationEntity(String token, String context, String qualifier ,
ContainerInfo containerInfo, String generatedBy) {
super(token, context, containerInfo, qualifier, EntityConstants.CONTAINER_AUTHORIZATION, generatedBy==null?"UNKNOWN":generatedBy);
}
}

31
src/main/java/org/gcube/common/authorizationservice/persistence/entities/PendingEntity.java Normal file
View File

@ -0,0 +1,31 @@
package org.gcube.common.authorizationservice.persistence.entities;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.Id;
import javax.persistence.Table;
@Entity
@Table
public class PendingEntity {
@Column
@Id
String containerId;
@Column(nullable=false)
private String context;
@Column(nullable=false)
private String key;
@Column(nullable=false)
private String hostname;
@Column(nullable=false)
private int port;
@Column(nullable=false)
private String ip;
}

130
src/main/java/org/gcube/common/authorizationservice/persistence/entities/PolicyEntity.java Normal file
View File

@ -0,0 +1,130 @@
package org.gcube.common.authorizationservice.persistence.entities;
import java.util.Calendar;
import javax.persistence.Column;
import javax.persistence.DiscriminatorColumn;
import javax.persistence.Entity;
import javax.persistence.EnumType;
import javax.persistence.Enumerated;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Inheritance;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
import javax.persistence.Table;
import javax.persistence.Temporal;
import javax.persistence.TemporalType;
import javax.persistence.Transient;
import org.gcube.common.authorization.library.policies.Action;
import org.gcube.common.authorization.library.policies.ServiceAccess;
@Entity
@Inheritance
@DiscriminatorColumn(name="PolicyType")
@Table(name="Policies")
@NamedQueries({
@NamedQuery(name="Policy.all", query="SELECT policy FROM PolicyEntity policy WHERE "
+ " policy.context=:context")
})
public abstract class PolicyEntity {
@Column
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
protected long id;
@Column(nullable=false)
private String context;
@Enumerated(EnumType.ORDINAL)
protected ExcludeType excludeType =ExcludeType.NOTEXCLUDE ;
@Column(name="PolicyType")
private String policyType;
@Transient
private ServiceAccess serviceAccess;
@Column(nullable=true)
private String accessServiceClass;
@Column(nullable=true)
private String accessServiceName;
@Column(nullable=true)
private String accessServiceIdentifier;
@Column(nullable= false)
private Action action;
@Temporal(TemporalType.TIMESTAMP)
@Column(nullable= false)
private Calendar creationTime;
@Temporal(TemporalType.TIMESTAMP)
@Column(nullable= false)
private Calendar lastUpdateTime;
protected PolicyEntity() {}
public PolicyEntity(String context, ServiceAccess serviceAccess, String policyType, Action action) {
super();
this.context = context;
this.serviceAccess = serviceAccess;
if (serviceAccess.getServiceClass()!=null){
this.accessServiceClass= serviceAccess.getServiceClass();
if (serviceAccess.getName()!=null){
this.accessServiceName = serviceAccess.getName();
if (serviceAccess.getServiceId()!=null)
this.accessServiceIdentifier = serviceAccess.getServiceId();
}
}
this.policyType = policyType;
this.action = action;
Calendar now = Calendar.getInstance();
this.creationTime = now;
this.lastUpdateTime = now;
}
public long getId() {
return id;
}
public String getContext() {
return context;
}
public ServiceAccess getServiceAccess() {
if (serviceAccess==null)
serviceAccess = new ServiceAccess(accessServiceName, accessServiceClass, accessServiceIdentifier);
return serviceAccess;
}
public String getPolicyType() {
return policyType;
}
public Action getAction() {
return action;
}
public Calendar getLastUpdateTime() {
return lastUpdateTime;
}
public void setLastUpdateTime(Calendar lastUpdateTime) {
this.lastUpdateTime = lastUpdateTime;
}
public Calendar getCreationTime() {
return creationTime;
}
public abstract boolean isRewritable();
}

28
src/main/java/org/gcube/common/authorizationservice/persistence/entities/ServiceAuthorizationEntity.java Normal file
View File

@ -0,0 +1,28 @@
package org.gcube.common.authorizationservice.persistence.entities;
import javax.persistence.DiscriminatorValue;
import javax.persistence.Entity;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
import org.gcube.common.authorization.library.provider.ServiceInfo;
@Entity
@DiscriminatorValue(EntityConstants.SERVICE_AUTHORIZATION)
@NamedQueries({
@NamedQuery(name="Service.get", query="SELECT info FROM ServiceAuthorizationEntity info WHERE "
+ " info.token=:token AND info.id.context=:context AND info.id.clientId=:clientId")
})
public class ServiceAuthorizationEntity extends AuthorizationEntity{
@SuppressWarnings("unused")
private ServiceAuthorizationEntity(){}
public ServiceAuthorizationEntity(String token, String context , String qualifier ,
ServiceInfo info, String generatedBy) {
super(token, context, info, qualifier, EntityConstants.SERVICE_AUTHORIZATION, generatedBy);
}
}

104
src/main/java/org/gcube/common/authorizationservice/persistence/entities/ServicePolicyEntity.java Normal file
View File

@ -0,0 +1,104 @@
package org.gcube.common.authorizationservice.persistence.entities;
import java.util.ArrayList;
import java.util.List;
import javax.persistence.Column;
import javax.persistence.DiscriminatorValue;
import javax.persistence.ElementCollection;
import javax.persistence.Embeddable;
import javax.persistence.Embedded;
import javax.persistence.Entity;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
import org.gcube.common.authorization.library.policies.Action;
import org.gcube.common.authorization.library.policies.ServiceAccess;
import org.gcube.common.authorization.library.policies.ServiceEntity;
import org.gcube.common.authorization.library.policies.Services;
@Entity
@DiscriminatorValue(EntityConstants.SERVICE_POLICY)
@NamedQueries({
@NamedQuery(name="ServicePolicy.get", query=EntityQueries.SERVICE_POLICY_GET)
})
public class ServicePolicyEntity extends PolicyEntity {
@Embedded
ServiceAccessEntity clientAccessEntity = null;
@ElementCollection
private List<ServiceAccessEntity> excludes;
protected ServicePolicyEntity() {
super();
}
public ServicePolicyEntity(String context, ServiceAccess serviceAccess, ServiceEntity serviceEntityClient, Action mode) {
super(context, serviceAccess, EntityConstants.SERVICE_POLICY, mode);
if (serviceEntityClient.getService()!=null){
ServiceAccess clientAccess = serviceEntityClient.getService();
clientAccessEntity = new ServiceAccessEntity();
clientAccessEntity.clientServiceClass= clientAccess.getServiceClass();
clientAccessEntity.clientServiceName = clientAccess.getName();
clientAccessEntity.clientServiceIdentifier = clientAccess.getServiceId();
this.excludeType = ExcludeType.NOTEXCLUDE;
} else {
excludes = new ArrayList<ServicePolicyEntity.ServiceAccessEntity>();
for(ServiceAccess sa : serviceEntityClient.getExcludes()){
ServiceAccessEntity sae = new ServiceAccessEntity();
sae.clientServiceClass= sa.getServiceClass();
sae.clientServiceName = sa.getName();
sae.clientServiceIdentifier = sa.getServiceId();
excludes.add(sae);
}
this.excludeType = ExcludeType.EXCLUDE;
}
}
public ServiceEntity getClientAccess() {
if (excludes!=null && !excludes.isEmpty()){
ServiceAccess[] services = new ServiceAccess[excludes.size()];
for (int i=0;i<excludes.size(); i++)
services[i] = new ServiceAccess(excludes.get(i).clientServiceName, excludes.get(i).clientServiceClass, excludes.get(i).clientServiceIdentifier);
return Services.allExcept(services);
}
else
return Services.specialized(new ServiceAccess(clientAccessEntity.clientServiceName, clientAccessEntity.clientServiceClass, clientAccessEntity.clientServiceIdentifier));
}
@Override
public boolean isRewritable() {
return true;
}
@Override
public String toString() {
return "ServicePolicyEntity [clientAccessEntity=" + clientAccessEntity
+ ", excludes=" + excludes + "]";
}
@Embeddable public static class ServiceAccessEntity{
@Column(nullable=true)
protected String clientServiceClass;
@Column(nullable=true)
protected String clientServiceName;
@Column(nullable=true)
protected String clientServiceIdentifier;
@Override
public String toString() {
return clientServiceClass + ":"+ clientServiceName + ":"+ clientServiceIdentifier;
}
}
}

28
src/main/java/org/gcube/common/authorizationservice/persistence/entities/UserAuthorizationEntity.java Normal file
View File

@ -0,0 +1,28 @@
package org.gcube.common.authorizationservice.persistence.entities;
import javax.persistence.DiscriminatorValue;
import javax.persistence.Entity;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
import org.gcube.common.authorization.library.provider.UserInfo;
@Entity
@DiscriminatorValue(EntityConstants.USER_AUTHORIZATION)
@NamedQueries({
@NamedQuery(name="User.get", query="SELECT info FROM UserAuthorizationEntity info WHERE "
+ " info.token=:token AND info.id.context=:context AND info.id.clientId = :clientId")
})
public class UserAuthorizationEntity extends AuthorizationEntity {
@SuppressWarnings("unused")
private UserAuthorizationEntity(){}
public UserAuthorizationEntity(String token, String context , String qualifier ,
UserInfo info) {
super(token, context, info, qualifier, EntityConstants.USER_AUTHORIZATION );
}
}

80
src/main/java/org/gcube/common/authorizationservice/persistence/entities/UserPolicyEntity.java Normal file
View File

@ -0,0 +1,80 @@
package org.gcube.common.authorizationservice.persistence.entities;
import java.util.List;
import javax.persistence.Column;
import javax.persistence.DiscriminatorValue;
import javax.persistence.ElementCollection;
import javax.persistence.Entity;
import javax.persistence.EnumType;
import javax.persistence.Enumerated;
import javax.persistence.NamedQuery;
import javax.persistence.Transient;
import org.gcube.common.authorization.library.policies.Action;
import org.gcube.common.authorization.library.policies.Roles;
import org.gcube.common.authorization.library.policies.ServiceAccess;
import org.gcube.common.authorization.library.policies.UserEntity;
import org.gcube.common.authorization.library.policies.UserEntity.UserEntityType;
import org.gcube.common.authorization.library.policies.Users;
@Entity
@DiscriminatorValue(EntityConstants.USER_POLICY)
@NamedQuery(name="UserPolicy.get", query=EntityQueries.USER_POLICY_GET)
public class UserPolicyEntity extends PolicyEntity{
@Transient
private UserEntity userClient;
@Column(nullable=true)
@Enumerated(EnumType.ORDINAL)
private UserEntityType type;
@ElementCollection
private List<String> excludes;
@Column(nullable=true)
private String identifier;
protected UserPolicyEntity() {}
public UserPolicyEntity(String context, ServiceAccess serviceAccess, UserEntity user, Action action) {
super(context, serviceAccess, EntityConstants.USER_POLICY, action);
this.userClient = user;
this.type = user.getType();
if (user.getIdentifier()!=null){
this.identifier = user.getIdentifier();
this.excludeType= ExcludeType.NOTEXCLUDE;
}
else {
this.excludes = user.getExcludes();
this.excludeType= ExcludeType.EXCLUDE;
}
}
public UserEntity getUser() {
if (type==UserEntityType.USER){
if (this.excludeType == ExcludeType.NOTEXCLUDE)
return Users.one(identifier);
else return Users.allExcept(excludes.toArray(new String[excludes.size()]));
} else {
if (this.excludeType == ExcludeType.NOTEXCLUDE)
return Roles.one(identifier);
else return Roles.allExcept(excludes.toArray(new String[excludes.size()]));
}
}
@Override
public boolean isRewritable() {
return this.type==UserEntityType.ROLE;
}
@Override
public String toString() {
return "UserPolicyEntity [userClient=" + userClient + ", type=" + type
+ ", excludes=" + excludes + ", identifier=" + identifier + "]";
}
}

34
src/main/java/org/gcube/common/authorizationservice/persistence/entities/converters/StringListConverter.java Normal file
View File

@ -0,0 +1,34 @@
package org.gcube.common.authorizationservice.persistence.entities.converters;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.persistence.AttributeConverter;
import javax.persistence.Converter;
@Converter
public class StringListConverter implements AttributeConverter<List<String>, String>{
@Override
public String convertToDatabaseColumn(List<String> list) {
if (list!=null && list.size()>0){
StringBuilder builder = new StringBuilder();
for (String value: list)
builder.append(value).append(",||,");
return builder.substring(builder.length()-4, builder.length());
} else return "";
}
@Override
public List<String> convertToEntityAttribute(String dbEntry) {
if (dbEntry!=null && !dbEntry.isEmpty()){
return Arrays.asList(dbEntry.split(",\\|\\|,"));
}
else return new ArrayList<String>(0);
}
}

14
src/main/java/org/gcube/common/authorizationservice/util/CDIProducer.java Normal file
View File

@ -0,0 +1,14 @@
package org.gcube.common.authorizationservice.util;
import javax.enterprise.inject.Produces;
import javax.persistence.EntityManagerFactory;
import javax.persistence.Persistence;
public class CDIProducer {
@Produces
EntityManagerFactory createFactory(){
return Persistence.createEntityManagerFactory("authorization");
}
}

8
src/main/java/org/gcube/common/authorizationservice/util/Constants.java Normal file
View File

@ -0,0 +1,8 @@
package org.gcube.common.authorizationservice.util;
public class Constants {
public static final String PORTAL_ID = "gCubePortal";
public static final String DEFAULT_TOKEN_QUALIFIER = "TOKEN";
}

33
src/main/java/org/gcube/common/authorizationservice/util/TokenPersistence.java Normal file
View File

@ -0,0 +1,33 @@
package org.gcube.common.authorizationservice.util;
import java.util.List;
import java.util.Map;
import org.gcube.common.authorization.library.AuthorizationEntry;
import org.gcube.common.authorization.library.policies.Policy;
import org.gcube.common.authorization.library.policies.PolicyType;
import org.gcube.common.authorization.library.provider.ClientInfo;
public interface TokenPersistence {
void saveAuthorizationEntry(String token, String context, ClientInfo info, String tokenQualifier, String generateBy);
AuthorizationEntry getAuthorizationEntry(String token);
String getExistingToken(String clientId, String context, String tokenQualifier);
Map<String, String> getExistingApiKeys(String clientId, String context);
void removeApiKey(String token);
void addPolicies(List<Policy> polices);
void removePolicy(long policyId);
List<Policy> getPolices(String context);
List<Policy> getPolicesByType(String context, PolicyType type);
List<Policy> getPolicesByTypeAndClientId(String context, PolicyType type,
String clientId);
}

5
src/main/resources/META-INF/beans.xml Normal file
View File

@ -0,0 +1,5 @@
<beans xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
http://xmlns.jcp.org/xml/ns/javaee/beans_1_1.xsd">
</beans>

33
src/main/resources/META-INF/persistence.xml Normal file
View File

@ -0,0 +1,33 @@
<persistence xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/persistence http://java.sun.com/xml/ns/persistence/persistence_2_0.xsd"
version="2.0" xmlns="http://java.sun.com/xml/ns/persistence">
<!-- change here if you want name of unit different -->
<persistence-unit name="authorization" transaction-type="RESOURCE_LOCAL">
<provider>org.eclipse.persistence.jpa.PersistenceProvider</provider>
<!-- Converters -->
<class>org.gcube.common.authorizationservice.persistence.entities.converters.StringListConverter</class>
<!-- Entities -->
<class>org.gcube.common.authorizationservice.persistence.entities.AuthorizationEntity</class>
<class>org.gcube.common.authorizationservice.persistence.entities.ServiceAuthorizationEntity</class>
<class>org.gcube.common.authorizationservice.persistence.entities.UserAuthorizationEntity</class>
<class>org.gcube.common.authorizationservice.persistence.entities.ExternalServiceAuthorizationEntity</class>
<class>org.gcube.common.authorizationservice.persistence.entities.NodeAuthorizationEntity</class>
<class>org.gcube.common.authorizationservice.persistence.entities.PolicyEntity</class>
<class>org.gcube.common.authorizationservice.persistence.entities.ServicePolicyEntity</class>
<class>org.gcube.common.authorizationservice.persistence.entities.UserPolicyEntity</class>
<properties>
<property name="javax.persistence.jdbc.url"
value="jdbc:postgresql://postgres1-d-d4s.d4science.org/authorization" />
<property name="javax.persistence.jdbc.driver" value="org.postgresql.Driver" />
<property name="javax.persistence.jdbc.user" value="authorization" />
<property name="javax.persistence.jdbc.password" value="auth_dem0l33t" />
<property name="eclipselink.ddl-generation" value="create-tables" />
<property name="eclipselink.ddl-generation.output-mode"
value="database" />
</properties>
</persistence-unit>
</persistence>

20
src/main/webapp/WEB-INF/AuthorizationConfiguration.xml Normal file
View File

@ -0,0 +1,20 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Configuration>
<Rule path="/token/user" requiresToken="false">
<Entity type="IP" value="146.48.80.0" />
<Entity type="IP" value="146.48.81.0" />
<Entity type="IP" value="146.48.82.0" />
<Entity type="IP" value="146.48.83.0" />
<Entity type="IP" value="146.48.84.0" />
<Entity type="IP" value="146.48.85.0" />
<Entity type="IP" value="146.48.122.0" />
<Entity type="IP" value="146.48.123.0" />
</Rule>
<Rule path="/apikey" requiresToken="true" />
<Rule path="/policyManager" requiresToken="true" />
<Rule path="/token/external" requiresToken="true" />
<Rule path="/token/node" requiresToken="false" />
<Rule path="/token/service" requiresToken="true" />
</Configuration>

10
src/main/webapp/WEB-INF/gcube-app.xml Normal file
View File

@ -0,0 +1,10 @@
<application mode='online'>
<name>AuthorizationService</name>
<group>Security</group>
<version>1.0.0-SNAPSHOT</version>
<description>authorization service</description>
<local-persistence location='target' />
<exclude>/generate/token/*</exclude>
<exclude>/retrieve/*</exclude>
</application>

9
src/main/webapp/WEB-INF/web.xml.old Normal file
View File

@ -0,0 +1,9 @@
<web-app>
<servlet>
<servlet-name>org.gcube.common.authorizationservice.AuthorizationService</servlet-name>
</servlet>
<servlet-mapping>
<servlet-name>org.gcube.common.authorizationservice.AuthorizationService</servlet-name>
<url-pattern>/gcube/service/*</url-pattern>
</servlet-mapping>
</web-app>

77
src/test/java/org/gcube/common/authz/GenerateTest.java Normal file
View File

@ -0,0 +1,77 @@
package org.gcube.common.authz;
import java.util.ArrayList;
import javax.ws.rs.client.Entity;
import javax.ws.rs.core.Application;
import org.gcube.common.authorization.library.provider.ContainerInfo;
import org.gcube.common.authorization.library.provider.ServiceIdentifier;
import org.gcube.common.authorization.library.provider.ServiceInfo;
import org.gcube.common.authorization.library.provider.UserInfo;
import org.gcube.common.authorizationservice.TokenManager;
import org.gcube.common.authorizationservice.util.TokenPersistence;
import org.glassfish.hk2.utilities.binding.AbstractBinder;
import org.glassfish.jersey.server.ResourceConfig;
import org.glassfish.jersey.test.JerseyTest;
import org.junit.Assert;
import org.junit.Test;
public class GenerateTest extends JerseyTest{
@Override
protected Application configure() {
AbstractBinder binder = new AbstractBinder() {
@Override
protected void configure() {
bindFactory(TokenPersistenceFactory.class)
.to(TokenPersistence.class);
}
};
ResourceConfig config = new ResourceConfig(TokenManager.class);
config.register(binder);
return config;
}
@Test
public void generateTokenForUser() {
String token = target("token").path("user").queryParam("context", "/gcube").request().put(Entity.xml(new UserInfo("lucio.lelii", new ArrayList<String>())), String.class);
Assert.assertNotNull(token);
}
@Test(expected=Exception.class)
public void generateTokenForUserERROR() {
target("token").path("user").queryParam("context", "/gcube").request().put(Entity.xml(new UserInfo("lucio.lelii:pippo", new ArrayList<String>())), String.class);
}
@Test
public void generateTokenForService() {
String token = target("token").path("service")
.queryParam("context", "/gcube").request().put(Entity.xml(new ServiceInfo(new ServiceIdentifier("Class", "name", "id"))), String.class);
Assert.assertNotNull(token);
}
@Test(expected=Exception.class)
public void generateTokenForServiceERROR() {
target("token").path("service")
.queryParam("context", "/gcube").request().put(Entity.xml(new ServiceInfo(new ServiceIdentifier("Class:class2", "name", "id"))), String.class);
}
@Test
public void generateTokenForNode() {
String token = target("token").path("node")
.queryParam("context", "/gcube").request().put(Entity.xml(new ContainerInfo("node.isti.cnr.it", 8080)), String.class);
Assert.assertNotNull(token);
}
@Test(expected=Exception.class)
public void generateTokenForNodeERROR() {
target("token").path("node")
.queryParam("context", "/gcube").request().put(Entity.xml(new ServiceInfo(new ServiceIdentifier("Class:class2", "name", "id"))), String.class);
}
}

129
src/test/java/org/gcube/common/authz/Importer.java Normal file
View File

@ -0,0 +1,129 @@
package org.gcube.common.authz;
import java.io.StringReader;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.persistence.Persistence;
import org.gcube.common.authorization.library.provider.UserInfo;
import org.gcube.common.authorizationservice.persistence.RelationDBPersistence;
import org.gcube.common.couchdb.connector.HttpCouchClient;
import org.gcube.common.scope.impl.ScopeBean;
import org.gcube.common.scope.impl.ScopeBean.Type;
import com.google.gson.Gson;
import com.google.gson.stream.JsonReader;
public class Importer {
private static final String URL = "http://accounting-d-d4s.d4science.org/";
private static final String TEST_DB = "authorization";
private static final String TEST_USER_USERNAME = "admin";
private static final String TEST_USER_PASSWORD = "better_than_nothing";
private static final String DESIGN_NAME = "_gcube";
private static final String VIEW_NAME = "_user_and_scope";
private static final List<String> usernameToAvoid = Arrays.asList("lucio.lelii", "roberto.cirillo", "luca.frosini", "valentina.marioli",
"massimiliano.assante", "costantino.perciante", "francesco.mangiacrapa", "fabio.sinibaldi",
"giancarlo.panichi", "alessandro.pieve","pasquale.pagano","leonardo.candela", "andrea.rossi");
public static void main(String[] args) throws Exception {
HttpCouchClient httpCouch =new HttpCouchClient(URL,TEST_DB, TEST_USER_USERNAME, TEST_USER_PASSWORD);
String docs = httpCouch.getAllDocs();
JsonReader reader = new Gson().newJsonReader(new StringReader(docs));
ArrayList<String> idList = new ArrayList<String>();
reader.beginObject();
reader.nextName();
reader.nextInt();
reader.nextName();
reader.nextInt();
reader.nextName();
reader.beginArray();
while (reader.hasNext()){
reader.beginObject();
reader.nextName();
String id = reader.nextString();
idList.add(id);
reader.nextName();
reader.nextString();
reader.nextName();
reader.beginObject();
reader.nextName();
reader.nextString();
reader.endObject();
reader.endObject();
}
reader.close();
int tokenToinsert =0;
RelationDBPersistence rdp = new RelationDBPersistence();
rdp.setEntitymanagerFactory(Persistence.createEntityManagerFactory("authorization"));
for (String id : idList){
String doc = httpCouch.getDoc(id);
try{
reader = new Gson().newJsonReader(new StringReader(doc));
reader.beginObject();
reader.nextName();
reader.nextString();
reader.nextName();
reader.nextString();
reader.nextName();
String token = reader.nextString();
reader.nextName();
String userName = reader.nextString();
System.out.println("token = "+token);
System.out.println("username = "+userName);
if (usernameToAvoid.contains(userName))
throw new Exception("name not to store");
//roles
reader.nextName();
reader.beginArray();
List<String> roles = new ArrayList<String>();
while (reader.hasNext())
roles.add(reader.nextString());
reader.endArray();
//end roles
System.out.println("roles = "+roles.toString());
reader.nextName();
String scope = reader.nextString();
System.out.println("scope = "+scope);
if (!new ScopeBean(scope).is(Type.VRE))
throw new Exception("is not a vre token");
reader.endObject();
try{
rdp.saveAuthorizationEntry(token, scope, new UserInfo(userName, roles), "TOKEN", "default");
}catch(Exception e){
System.out.println(e.getMessage());
}
tokenToinsert++;
}catch (Exception e) {
System.out.println(e.getMessage()+" : "+doc);
}finally{
reader.close();
}
}
System.out.println("token inserted "+tokenToinsert);
}
}

92
src/test/java/org/gcube/common/authz/PolicyManagerTest.java Normal file
View File

@ -0,0 +1,92 @@
package org.gcube.common.authz;
import java.util.ArrayList;
import java.util.List;
import javax.ws.rs.client.Entity;
import javax.ws.rs.core.Application;
import javax.ws.rs.core.Response;
import lombok.extern.slf4j.Slf4j;
import org.gcube.common.authorization.library.Policies;
import org.gcube.common.authorization.library.policies.Action;
import org.gcube.common.authorization.library.policies.Policy;
import org.gcube.common.authorization.library.policies.Service2ServicePolicy;
import org.gcube.common.authorization.library.policies.ServiceAccess;
import org.gcube.common.authorization.library.policies.Services;
import org.gcube.common.authorization.library.policies.User2ServicePolicy;
import org.gcube.common.authorization.library.policies.Users;
import org.gcube.common.authorizationservice.PolicyManager;
import org.gcube.common.authorizationservice.util.TokenPersistence;
import org.glassfish.hk2.utilities.binding.AbstractBinder;
import org.glassfish.jersey.server.ResourceConfig;
import org.glassfish.jersey.test.JerseyTest;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
@Slf4j
public class PolicyManagerTest extends JerseyTest{
@Override
protected Application configure() {
AbstractBinder binder = new AbstractBinder() {
@Override
protected void configure() {
bindFactory(TokenPersistenceFactory.class)
.to(TokenPersistence.class);
}
};
ResourceConfig config = new ResourceConfig(PolicyManager.class);
config.register(binder);
return config;
}
List<Policy> policiesList;
Policies retrievedPolicies;
@Before
public void reset(){
retrievedPolicies = null;
policiesList = null;
}
@Test
public void add() throws Exception{
log.debug("starting add test");
policiesList = new ArrayList<Policy>();
policiesList.add(new User2ServicePolicy("/gcube", new ServiceAccess(), Users.one("lucio.lelii"), Action.ACCESS));
policiesList.add(new Service2ServicePolicy("/gcube", new ServiceAccess("SpeciesProductDiscovery", "DataAccess"), Services.specialized(new ServiceAccess("DataAnalysis")), Action.WRITE));
Response response = target("policyManager").request()
.post(Entity.xml(new Policies(policiesList)), Response.class);
Assert.assertEquals(200, response.getStatus());
}
@Test
public void getAllWithAdd() throws Exception{
add();
getAll();
Assert.assertEquals(policiesList.size(), retrievedPolicies.getPolicies().size());
}
private void getAll() throws Exception{
retrievedPolicies = target("policyManager").queryParam("context", "/gcube").request().get(Policies.class);
log.debug("policyListSize is "+retrievedPolicies.getPolicies().size());
}
@Test
public void deleteOne() throws Exception{
add();
getAll();
int sizeBefore = retrievedPolicies.getPolicies().size();
Policy policy = retrievedPolicies.getPolicies().get(0);
Response response = target("policyManager").path(String.valueOf(policy.getId())).request().delete(Response.class);
Assert.assertEquals(200, response.getStatus());
getAll();
Assert.assertEquals(sizeBefore-1, retrievedPolicies.getPolicies().size());
}
}

59
src/test/java/org/gcube/common/authz/RetrieveTest.java Normal file
View File

@ -0,0 +1,59 @@
package org.gcube.common.authz;
import java.util.Arrays;
import javax.ws.rs.client.Entity;
import javax.ws.rs.core.Application;
import lombok.extern.slf4j.Slf4j;
import org.gcube.common.authorization.library.AuthorizationEntry;
import org.gcube.common.authorization.library.provider.ContainerInfo;
import org.gcube.common.authorization.library.provider.UserInfo;
import org.gcube.common.authorizationservice.TokenManager;
import org.gcube.common.authorizationservice.util.TokenPersistence;
import org.glassfish.hk2.utilities.binding.AbstractBinder;
import org.glassfish.jersey.server.ResourceConfig;
import org.glassfish.jersey.test.JerseyTest;
import org.junit.Assert;
import org.junit.Test;
@Slf4j
public class RetrieveTest extends JerseyTest{
@Override
protected Application configure() {
AbstractBinder binder = new AbstractBinder() {
@Override
protected void configure() {
bindFactory(TokenPersistenceFactory.class)
.to(TokenPersistence.class);
}
};
ResourceConfig config = new ResourceConfig(TokenManager.class);
config.register(binder);
return config;
}
@Test
public void generateAndRetrieveToken() throws Exception{
String token = target("token").path("user").queryParam("context", "/gcube").request().put(Entity.xml(new UserInfo("lucio.lelii", Arrays.asList("Role1", "Role2"))), String.class);
log.info("generated token is "+token);
Assert.assertNotNull(token);
AuthorizationEntry entry = target("token").path(token).request().get(AuthorizationEntry.class);
Assert.assertNotNull(entry);
System.out.println(entry);
}
@Test
public void retrieveToken() throws Exception{
String token = target("token").path("node")
.queryParam("context", "/gcube").request().put(Entity.xml(new ContainerInfo("node.isti.cnr.it", 8080)), String.class);
Assert.assertNotNull(token);
AuthorizationEntry entry = target("token").path(token).request().get(AuthorizationEntry.class);
System.out.println(entry);
}
}

124
src/test/java/org/gcube/common/authz/TestPersistence.java Normal file
View File

@ -0,0 +1,124 @@
package org.gcube.common.authz;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import javax.persistence.EntityManager;
import javax.persistence.EntityManagerFactory;
import javax.persistence.Persistence;
import javax.persistence.TypedQuery;
import org.gcube.common.authorization.library.policies.Action;
import org.gcube.common.authorization.library.policies.Roles;
import org.gcube.common.authorization.library.policies.ServiceAccess;
import org.gcube.common.authorization.library.policies.Services;
import org.gcube.common.authorization.library.policies.Users;
import org.gcube.common.authorization.library.provider.UserInfo;
import org.gcube.common.authorizationservice.persistence.entities.AuthorizationEntity;
import org.gcube.common.authorizationservice.persistence.entities.AuthorizationId;
import org.gcube.common.authorizationservice.persistence.entities.ServiceAuthorizationEntity;
import org.gcube.common.authorizationservice.persistence.entities.ServicePolicyEntity;
import org.gcube.common.authorizationservice.persistence.entities.UserAuthorizationEntity;
import org.gcube.common.authorizationservice.persistence.entities.UserPolicyEntity;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
public class TestPersistence {
private static EntityManagerFactory mEmf;
private static EntityManager mEntityManager;
@BeforeClass
public static void before(){
try{
mEmf = Persistence.createEntityManagerFactory("TestPersistence");
mEntityManager = mEmf.createEntityManager();
}catch(Exception e){
e.printStackTrace();
throw e;
}
}
@Test
public void testAuthorizationEntities(){
AuthorizationEntity entity = mEntityManager.find(AuthorizationEntity.class, new AuthorizationId("/gcube", "lucio.lelii", "JavaClient"));
try{
if (entity==null){
mEntityManager.getTransaction().begin();
mEntityManager.persist(new UserAuthorizationEntity("token", "/gcube", "JavaClient", new UserInfo("lucio.lelii", new ArrayList<String>())));
mEntityManager.getTransaction().commit();
}
}catch(Exception e){
e.printStackTrace();
throw e;
}
AuthorizationEntity entity2 = mEntityManager.find(AuthorizationEntity.class, new AuthorizationId("/gcube", "lucio.lelii", "JavaClient"));
System.out.println(entity2);
TypedQuery<UserAuthorizationEntity> query = mEntityManager.createNamedQuery("User.get", UserAuthorizationEntity.class);
query.setParameter("token", "token");
query.setParameter("context", "/gcube");
query.setParameter("clientId", "lucio.lelii");
List<UserAuthorizationEntity> descriptors = query.getResultList();
Assert.assertTrue(descriptors.size()==1);
TypedQuery<ServiceAuthorizationEntity> queryS = mEntityManager.createNamedQuery("Service.get", ServiceAuthorizationEntity.class);
queryS.setParameter("token", "token2");
queryS.setParameter("context", "/gcube");
queryS.setParameter("clientId", "class:name:id");
List<ServiceAuthorizationEntity> descriptorsS = queryS.getResultList();
Assert.assertTrue(descriptorsS.size()==0);
}
@Test
public void testPolicyEntities(){
try{
mEntityManager.getTransaction().begin();
mEntityManager.persist(new UserPolicyEntity("/gcube", new ServiceAccess(), Roles.allExcept("VOManager"), Action.ALL));
mEntityManager.persist(new UserPolicyEntity("/gcube", new ServiceAccess("DataAnalysis"), Users.one("lucio.lelii"), Action.ALL));
mEntityManager.persist(new ServicePolicyEntity("/gcube", new ServiceAccess("DataAnalysis"), Services.specialized(new ServiceAccess("TabularData","DataAnalysis")), Action.ALL));
mEntityManager.persist(new ServicePolicyEntity("/gcube", new ServiceAccess("DataAnalysis"), Services.specialized(new ServiceAccess("DataAccess")), Action.ALL));
mEntityManager.persist(new ServicePolicyEntity("/gcube", new ServiceAccess("DataAnalysis"), Services.allExcept(new ServiceAccess("DataAnalysis")), Action.ALL));
mEntityManager.persist(new ServicePolicyEntity("/gcube", new ServiceAccess("DataAnalysis"), Services.all(), Action.ALL));
mEntityManager.getTransaction().commit();
}catch(Exception e){
e.printStackTrace();
throw e;
}
TypedQuery<UserPolicyEntity> query = mEntityManager.createNamedQuery("UserPolicy.get", UserPolicyEntity.class);
query.setParameter("context", "/gcube");
query.setParameter("user", "pippo.lelii");
query.setParameter("rolesList", Collections.singleton(""));
List<UserPolicyEntity> descriptors = query.getResultList();
Assert.assertTrue(descriptors.size()==1);
TypedQuery<ServicePolicyEntity> queryS = mEntityManager.createNamedQuery("ServicePolicy.get", ServicePolicyEntity.class);
queryS.setParameter("context", "/gcube");
queryS.setParameter("serviceClass", "DataAccess");
queryS.setParameter("serviceName", "Species");
queryS.setParameter("identifier", "Id");
List<ServicePolicyEntity> descriptorsS = queryS.getResultList();
System.out.println(descriptorsS);
Assert.assertTrue(descriptorsS.size()==3);
}
@AfterClass
public static void after(){
mEntityManager.close();
mEmf.close();
}
}

23
src/test/java/org/gcube/common/authz/TokenPersistenceFactory.java Normal file
View File

@ -0,0 +1,23 @@
package org.gcube.common.authz;
import javax.persistence.Persistence;
import org.gcube.common.authorizationservice.persistence.RelationDBPersistence;
import org.gcube.common.authorizationservice.util.TokenPersistence;
import org.glassfish.hk2.api.Factory;
public class TokenPersistenceFactory implements Factory<TokenPersistence> {
@Override
public void dispose(TokenPersistence arg0) {
}
@Override
public TokenPersistence provide() {
RelationDBPersistence rdbp = new RelationDBPersistence();
rdbp.setEntitymanagerFactory(Persistence.createEntityManagerFactory("TestPersistence"));
return rdbp;
}
}

69
src/test/java/org/gcube/common/authz/configuration/Binder.java Normal file
View File

@ -0,0 +1,69 @@
package org.gcube.common.authz.configuration;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.io.StringReader;
import java.io.StringWriter;
import javax.xml.bind.JAXBContext;
import org.gcube.common.authorizationservice.configuration.AllowedEntity;
import org.gcube.common.authorizationservice.configuration.AllowedEntity.EntityType;
import org.gcube.common.authorizationservice.configuration.AuthorizationConfiguration;
import org.gcube.common.authorizationservice.configuration.AuthorizationRule;
import org.gcube.common.authorizationservice.configuration.ConfigurationBuilder;
import org.gcube.common.authorizationservice.configuration.RuleBuilder;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
public class Binder {
private static JAXBContext context;
@BeforeClass
public static void init() throws Exception{
context = JAXBContext.newInstance(AuthorizationConfiguration.class);
}
@Test
public void binder() throws Exception{
AuthorizationRule firtRule = new RuleBuilder().path("/*").entity(new AllowedEntity(EntityType.IP, "192.168.0.1")).entity(new AllowedEntity(EntityType.IP, "192.168.0.2")).build();
AuthorizationRule secondRule = new RuleBuilder().path("/newPath").entity(new AllowedEntity(EntityType.ROLE, "ContextManager")).entity(new AllowedEntity(EntityType.IP, "192.168.0.3")).build();
AuthorizationRule thirdRule = new RuleBuilder().path("/anotherPath").entity(new AllowedEntity(EntityType.USER, "user")).build();
AuthorizationConfiguration authConf = ConfigurationBuilder.getBuilder().rule(firtRule).rule(secondRule).rule(thirdRule).build();
StringWriter sw = new StringWriter();
context.createMarshaller().marshal(authConf, sw);
System.out.println(sw);
AuthorizationConfiguration extractedRule = (AuthorizationConfiguration)context.createUnmarshaller().unmarshal(new StringReader(sw.toString()));
System.out.println(extractedRule);
Assert.assertTrue(authConf.equals(extractedRule));
}
@Test
public void loadBinder() throws Exception{
try( BufferedReader reader = new BufferedReader(new InputStreamReader(ClassLoader.getSystemClassLoader().getResourceAsStream("AuthorizationConfiguration.xml")))){
String line = null;
while ((line=reader.readLine())!=null)
System.out.println(line);
}
AuthorizationConfiguration authConf = (AuthorizationConfiguration)context.createUnmarshaller().unmarshal(
new BufferedReader(new InputStreamReader(ClassLoader.getSystemClassLoader().getResourceAsStream("AuthorizationConfiguration.xml"))));
System.out.println(authConf);
StringWriter sw = new StringWriter();
context.createMarshaller().marshal(authConf, sw);
System.out.println(sw);
AuthorizationConfiguration extractedRule = (AuthorizationConfiguration)context.createUnmarshaller().unmarshal(new StringReader(sw.toString()));
Assert.assertTrue(authConf.equals(extractedRule));
}
}

10
src/test/resources/AuthorizationConfiguration.xml Normal file
View File

@ -0,0 +1,10 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Configuration>
<Rule path="/token/user" requiresToken="false">
<Entity type="IP" value="146.48.0.0" />
</Rule>
<Rule path="/apikey" requiresToken="true"/>
<Rule path="/policyManager" requiresToken="true"/>
<Rule path="/token/external" requiresToken="true"/>
</Configuration>

8
src/test/resources/META-INF/beans.xml Normal file
View File

@ -0,0 +1,8 @@
<beans xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
http://xmlns.jcp.org/xml/ns/javaee/beans_1_1.xsd">
<alternatives>
<class>org.gcube.common.authorizationservice.persistence.DataBaseProducer</class>
</alternatives>
</beans>

35
src/test/resources/META-INF/persistence.xml Normal file
View File

@ -0,0 +1,35 @@
<persistence xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/persistence http://java.sun.com/xml/ns/persistence/persistence_2_0.xsd"
version="2.0" xmlns="http://java.sun.com/xml/ns/persistence">
<!-- change here if you want name of unit different -->
<persistence-unit name="TestPersistence"
transaction-type="RESOURCE_LOCAL">
<provider>org.eclipse.persistence.jpa.PersistenceProvider</provider>
<!-- Converters -->
<class>org.gcube.common.authorizationservice.persistence.entities.converters.StringListConverter</class>
<!-- Entities -->
<class>org.gcube.common.authorizationservice.persistence.entities.AuthorizationEntity</class>
<class>org.gcube.common.authorizationservice.persistence.entities.ServiceAuthorizationEntity</class>
<class>org.gcube.common.authorizationservice.persistence.entities.UserAuthorizationEntity</class>
<class>org.gcube.common.authorizationservice.persistence.entities.ExternalServiceAuthorizationEntity</class>
<class>org.gcube.common.authorizationservice.persistence.entities.NodeAuthorizationEntity</class>
<class>org.gcube.common.authorizationservice.persistence.entities.PolicyEntity</class>
<class>org.gcube.common.authorizationservice.persistence.entities.ServicePolicyEntity</class>
<class>org.gcube.common.authorizationservice.persistence.entities.UserPolicyEntity</class>
<properties>
<property name="eclipselink.logging.level" value="FINE" />
<property name="eclipselink.target-database" value="DERBY" />
<property name="javax.persistence.jdbc.driver" value="org.apache.derby.jdbc.EmbeddedDriver" />
<property name="javax.persistence.jdbc.url" value="jdbc:derby:memory:AuthDbTest;create=true" />
<property name="javax.persistence.jdbc.user" value="" />
<property name="javax.persistence.jdbc.password" value="" />
<property name="eclipselink.logging.level" value="INFO" />
<property name="eclipselink.ddl-generation" value="create-tables" />
<property name="eclipselink.ddl-generation.output-mode"
value="database" />
</properties>
</persistence-unit>
</persistence>