Update 'README.md'

fix changelog changing the introduction position

.classpath

@@ -27,7 +27,6 @@
 	<classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER">
 		<attributes>
 			<attribute name="maven.pomderived" value="true"/>
-			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
 		</attributes>
 	</classpathentry>
 	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.8">

.settings/org.eclipse.jdt.core.prefs

@@ -3,7 +3,9 @@ org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
 org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.8
 org.eclipse.jdt.core.compiler.compliance=1.8
 org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
+org.eclipse.jdt.core.compiler.problem.enablePreviewFeatures=disabled
 org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
 org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
+org.eclipse.jdt.core.compiler.problem.reportPreviewFeatures=ignore
 org.eclipse.jdt.core.compiler.release=disabled
 org.eclipse.jdt.core.compiler.source=1.8

CHANGELOG.md

@@ -0,0 +1,8 @@
+# Changelog for "auhtorization-service"
+This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## \[v2.1.3] [r4.24.0] - 2020-06-22
+
+### Fixes
+- bug on ApiKey Management (https://support.d4science.org/issues/19487)
+

README.md

@@ -1,6 +1,6 @@
 # Authorization service
 
-StorageHub implements the gCube Workspace feature
+Implements the gCube Authorization feature
 
 ## Structure of the project
 

descriptor.xml

@@ -15,7 +15,7 @@
 			<includes>
 				<include>README.md</include>
 				<include>LICENSE.md</include>
-				<include>changelog.xml</include>
+				<include>CHANGELOG.md</include>
                 <include>profile.xml</include>
 			</includes>
 			<fileMode>755</fileMode>

distro/LICENSE

@@ -1 +0,0 @@
-${gcube.license}

distro/README

@@ -1,62 +0,0 @@
-The gCube System - ${name}
---------------------------------------------------
- 
-${description}
- 
- 
-${gcube.description}
- 
-${gcube.funding}
- 
- 
-Version
---------------------------------------------------
- 
-${version} (${buildDate})
- 
-Please see the file named "changelog.xml" in this directory for the release notes.
- 
- 
-Authors
---------------------------------------------------
-
-* Lucio Lelii (lucio.lelii-AT-isti.cnr.it), CNR, Italy
-
-Maintainers
---------------------------------------------------
-
-* Lucio Lelii (lucio.lelii-AT-isti.cnr.it), CNR, Italy
-
-Download information
---------------------------------------------------
- 
-Source code is available from SVN: 
-    ${scm.url}
- 
-Binaries can be downloaded from the gCube website: 
-   ${gcube.website}
- 
- 
-Installation
---------------------------------------------------
- 
-Installation documentation is available on-line in the gCube Wiki:
-    ${gcube.wikiRoot}
- 
-Documentation 
---------------------------------------------------
- 
-Documentation is available on-line in the gCube Wiki:
-    ${gcube.wikiRoot}
- 
-Support 
---------------------------------------------------
- 
-Bugs and support requests can be reported in the gCube issue tracking tool:
-    ${gcube.issueTracking}
- 
- 
-Licensing
---------------------------------------------------
- 
-This software is licensed under the terms you may find in the file named "LICENSE" in this directory.

distro/changelog.xml

@@ -1,8 +0,0 @@
-<ReleaseNotes>
-	<Changeset component="authorization-service-1.0.0" date="2013-11-02">
-		<Change>First Release</Change>
-	</Changeset>
-	<Changeset component="authorization-service-2.0.0" date="2016-09-30">
-		<Change>moved auth to new auth2 model</Change>
-	</Changeset>
-</ReleaseNotes>

distro/descriptor.xml

@@ -1,35 +0,0 @@
-<assembly
-	xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0 http://maven.apache.org/xsd/assembly-1.1.0.xsd">
-	<id>servicearchive</id>
-	<formats>
-		<format>tar.gz</format>
-	</formats>
-	<baseDirectory>/</baseDirectory>
-	<fileSets>
-		<fileSet>
-			<directory>${distroDirectory}</directory>
-			<outputDirectory>/</outputDirectory>
-			<useDefaultExcludes>true</useDefaultExcludes>
-			<includes>
-				<include>README</include>
-				<include>LICENSE</include>
-				<include>changelog.xml</include>
-			</includes>
-			<fileMode>755</fileMode>
-			<filtered>true</filtered>
-		</fileSet>
-	</fileSets>
-	<files>
-		<file>
-			<source>${distroDirectory}/profile.xml</source>
-			<outputDirectory>/</outputDirectory>
-			<filtered>true</filtered>
-		</file>
-		<file>
-			<source>target/${build.finalName}.war</source>
-			<outputDirectory>/${artifactId}</outputDirectory>
-		</file>
-	</files>
-</assembly>

distro/profile.xml

@@ -1,26 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<Resource xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-	<ID />
-	<Type>Service</Type>
-	<Profile>
-		<Description>${description}</Description>
-		<Class>Common</Class>
-		<Name>${artifactId}</Name>
-		<Version>1.0.0</Version>
-		<Packages>
-			<Software>
-				<Name>${artifactId}</Name>
-				<Version>${version}</Version>
-				<MavenCoordinates>
-					<groupId>${groupId}</groupId>
-					<artifactId>${artifactId}</artifactId>
-					<version>${version}</version>
-				</MavenCoordinates>
-				<Files>
-					<File>${build.finalName}.jar</File>
-				</Files>
-			</Software>
-		</Packages>
-	</Profile>
-</Resource>
-

pom.xml

@@ -11,7 +11,7 @@
 
 	<groupId>org.gcube.common</groupId>
 	<artifactId>authorization-service</artifactId>
-	<version>2.1.0</version>
+	<version>2.1.3</version>
 	<name>authorization service</name>
 
 	<packaging>war</packaging>
@@ -61,7 +61,6 @@
 			<groupId>org.gcube.core</groupId>
 			<artifactId>common-scope-maps</artifactId>
 		</dependency>
-
 		<dependency>
 			<groupId>org.gcube.core</groupId>
 			<artifactId>common-scope</artifactId>

src/main/java/org/gcube/common/authorizationservice/AuthorizationService.java

@@ -7,7 +7,6 @@ import javax.ws.rs.ApplicationPath;
 import javax.ws.rs.core.Application;
 
 import org.gcube.common.authorizationservice.configuration.AuthorizationConfiguration;
-import org.glassfish.jersey.server.ResourceConfig;
 
 @ApplicationPath("/gcube/service/*")
 public class AuthorizationService extends  Application {
@@ -22,6 +21,7 @@ public class AuthorizationService extends  Application {
         classes.add(KeyRetriever.class);
         classes.add(PolicyManager.class);
         classes.add(TokenManager.class);
+        classes.add(ApiKeyManager.class);
         return classes;
     }
 	

src/main/java/org/gcube/common/authorizationservice/TokenManager.java

@@ -60,8 +60,15 @@ public class TokenManager {
 		CalledMethodProvider.instance.set("retrieve");
 		log.info("token retreiver called with token {}",token);
 
-		AuthorizationEntry info = persistence.getAuthorizationEntry(token);
+		AuthorizationEntry info = null; 
+		try {			
+			info = persistence.getAuthorizationEntry(token);
 
+		} catch ( Throwable t) {
+			log.error("erorr on authorization", t);
+			throw new WebApplicationException(Response.status(Response.Status.INTERNAL_SERVER_ERROR)
+					.entity("error on authorization").type(MediaType.TEXT_PLAIN).build());
+		}		
 		log.info("info retrieved {}",info);
 
 		if (info == null){
@@ -69,25 +76,21 @@ public class TokenManager {
 			throw new WebApplicationException(Response.status(Response.Status.NOT_FOUND)
 					.entity("token "+token+" not found").type(MediaType.TEXT_PLAIN).build());
 		}
-		
-		
+
 		/*
 		try{
 			ScopeProvider.instance.set(info.getContext());
-			ServiceMap map =  ServiceMap.instance;
+			ServiceMap map =  ((ScopedServiceMap)ServiceMap.instance).currentMap();
 			ScopeProvider.instance.reset();
 			info.setMap(map);
-		}catch(Exception e){
+		}catch(Throwable e){
 			log.error("error retrieving map for {}", info.getContext(), e);
-			throw new WebApplicationException(Response.status(Response.Status.INTERNAL_SERVER_ERROR)
-					.entity("Error retrieving map").type(MediaType.TEXT_PLAIN).build());
 		}*/
-
 		log.debug("returning info {}", info);
 		return info;
 
 	}
-	
+
 	/**
 	 * 
 	 * retrieves the AuthorzationEntry connected to the specified token
@@ -96,18 +99,30 @@ public class TokenManager {
 	 * @return the authorization entry
 	 */
 	@GET
-	@Path("resolve")
+	@Path("bunch")
 	@Produces(MediaType.APPLICATION_XML)
 	public AuthorizationEntryList retrieveTokenBunch(@NotNull @QueryParam("token") List<String> tokens ) {
 		CalledMethodProvider.instance.set("retrieve");
-		log.info("token retreiver called with tokens {}",tokens);
+		log.info("token retreiver in bunch called with tokens {}",tokens);
 
 		List<AuthorizationEntry> toReturn = new ArrayList<AuthorizationEntry>();
 		for (String token : tokens ) {
 			try {
 				AuthorizationEntry info = persistence.getAuthorizationEntry(token);
+				/*
+				try{
+					ScopeProvider.instance.set(info.getContext());
+					DefaultServiceMap map =  (DefaultServiceMap)((ScopedServiceMap)ServiceMap.instance).currentMap();
+					ScopeProvider.instance.reset();
+					info.setMap(map);
+				}catch(Throwable e){
+					log.error("error retrieving map for {}", info.getContext(), e);
+				}
+				*/
 				toReturn.add(info);
-			}catch(Exception e) {}
+			}catch(Exception t) {
+				log.error("erorr on authorization", t);
+			}
 		}
 		log.info("info retrieved {}",toReturn);
 
@@ -116,13 +131,13 @@ public class TokenManager {
 			throw new WebApplicationException(Response.status(Response.Status.NOT_FOUND)
 					.entity("no tokens poassed have been found ").type(MediaType.TEXT_PLAIN).build());
 		}
-	
+
 		return new AuthorizationEntryList(toReturn);
 
 	}
-	
 
-	
+
+
 	/**
 	 * 
 	 * retrieves the AuthorzationEntry connected to the specified token
@@ -135,16 +150,16 @@ public class TokenManager {
 	public String getTokenByUserAndContext(@NotNull @PathParam("user") String user, @QueryParam("context") String context ) {
 		CalledMethodProvider.instance.set("retrieve");
 		log.info("resolving token for user {} in context {}",user, context);
-		
+
 		if (context==null){
 			log.error("null context found");
 			throw new WebApplicationException(Response.status(Response.Status.NOT_FOUND)
 					.entity("null context found").type(MediaType.TEXT_PLAIN).build());
 		}
-		
+
 		String token = persistence.getExistingToken(user, context, Constants.DEFAULT_TOKEN_QUALIFIER);
 
-		
+
 		if (token == null){
 			log.error("token {} not found ", token);
 			throw new WebApplicationException(Response.status(Response.Status.NOT_FOUND)
@@ -165,7 +180,7 @@ public class TokenManager {
 		return token;
 
 	}
-	
+
 	/**
 	 * 
 	 * Generates a token for a user (saving the passed roles) if it doesn't exist yet.
@@ -200,7 +215,7 @@ public class TokenManager {
 					.entity("Error Generating Token: "+e.getMessage()).type(MediaType.TEXT_PLAIN).build());
 		} 
 	}
-	
+
 	/**
 	 * 
 	 * Generates a token for a user (saving the passed roles) if it doesn't exist yet.
@@ -228,8 +243,8 @@ public class TokenManager {
 					.entity("Error setting roles to token: "+e.getMessage()).type(MediaType.TEXT_PLAIN).build());
 		} 
 	}
-	
-	
+
+
 	/**
 	 * 
 	 * REmoves a token for a user.
@@ -251,14 +266,14 @@ public class TokenManager {
 			if (clientId.split(":").length>1) throw new Exception("invalid user id: "+clientId);
 
 			persistence.removeAllAuthorizationsEntryForClientId(context, clientId);
-			
+
 		}catch(Exception e){
 			log.error("error generating token ",e);
 			throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST)
 					.entity("Error removing Token: "+e.getMessage()).type(MediaType.TEXT_PLAIN).build());
 		} 
 	}
-	
+
 	/**
 	 * 
 	 * Generates a token for a service if it doesn't exist yet.
@@ -302,25 +317,25 @@ public class TokenManager {
 		CalledMethodProvider.instance.set("generate");
 		log.info("calling generate service token bunch");
 		try{
-			
+
 			AuthorizationEntry callerInfo = (AuthorizationEntry)req.getAttribute(AuthorizedCallFilter.AUTH_ATTRIBUTE);
-			
+
 			List<String> tokensToReturn = new ArrayList<String>();
-			
+
 			for (String token: entity.getContainerTokens()) {
 				AuthorizationEntry authInfo = this.retrieveToken(token);
-				
+
 				if (authInfo==null) continue;
-				
+
 				if (!authInfo.getClientInfo().getId().equals(callerInfo.getClientInfo().getId()))
 					log.warn("a token with a different ContainerInfo of the caller used, skipping it");
 				else {
 					String genToken = generateTokenForServiceInfo(entity.getInfo(), authInfo);
 					tokensToReturn.add(genToken);
 				}
-				
+
 			}
-			
+
 			return new ListMapper(tokensToReturn);
 		}catch(Exception e){
 			log.error("error generating tokens ",e);
@@ -385,7 +400,7 @@ public class TokenManager {
 					.entity("Error Generating Token: "+e.getMessage()).type(MediaType.TEXT_PLAIN).build());
 		} 
 	}
-	
+
 	@Path("node")
 	@PUT
 	@Consumes(MediaType.APPLICATION_XML)
@@ -393,16 +408,16 @@ public class TokenManager {
 			@Context HttpServletRequest req) {
 		CalledMethodProvider.instance.set("generate");
 		try{
-			
+
 			AuthorizationEntry info = (AuthorizationEntry)req.getAttribute(AuthorizedCallFilter.AUTH_ATTRIBUTE);
-						
+
 			if (context!=null)
 				return generateTokenForContainerInfo(containerInfo, context);
 			else if (info!=null){
 				log.info("generator called for node {} in context {} ",containerInfo.getId(), info.getContext());
 				return generateTokenForContainerInfo(containerInfo, info);
 			}
-			 
+
 			throw new Exception("error trying to activate node (token and context are empty)");
 		}catch(Exception e){
 			log.error("error generating token ",e);
@@ -423,7 +438,7 @@ public class TokenManager {
 		}
 		return token;
 	}
-	
+
 	private String generateTokenForContainerInfo(ContainerInfo containerInfo, AuthorizationEntry authInfo) throws Exception{
 		if (containerInfo.getId().split(":").length!=2) throw new Exception("invalid container id: "+containerInfo.getId());
 
@@ -436,7 +451,7 @@ public class TokenManager {
 		}
 		return token;
 	}
-	
+
 	private String generateTokenForServiceInfo(ServiceInfo serviceInfo, AuthorizationEntry authInfo) throws Exception{
 		if (serviceInfo.getId().split(":").length!=3) throw new Exception("invalid service id: "+serviceInfo.getId());
 

src/main/java/org/gcube/common/authorizationservice/filters/AuthorizedCallFilter.java

@@ -16,9 +16,6 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.gcube.accounting.datamodel.UsageRecord.OperationResult;
-import org.gcube.accounting.datamodel.usagerecords.ServiceUsageRecord;
-import org.gcube.accounting.persistence.AccountingPersistence;
-import org.gcube.accounting.persistence.AccountingPersistenceFactory;
 import org.gcube.common.authorization.library.AuthorizationEntry;
 import org.gcube.common.authorization.library.provider.CalledMethodProvider;
 import org.gcube.common.authorizationservice.configuration.AllowedEntity;
@@ -26,9 +23,6 @@ import org.gcube.common.authorizationservice.configuration.AuthorizationConfigur
 import org.gcube.common.authorizationservice.configuration.AuthorizationRule;
 import org.gcube.common.authorizationservice.configuration.ConfigurationHolder;
 import org.gcube.common.authorizationservice.util.TokenPersistence;
-import org.gcube.common.scope.api.ScopeProvider;
-import org.jboss.weld.context.ApplicationContext;
-import org.omg.PortableInterceptor.SUCCESSFUL;
 
 import lombok.extern.slf4j.Slf4j;
 
@@ -51,7 +45,8 @@ public class AuthorizedCallFilter implements Filter {
 	@Override
 	public void doFilter(ServletRequest request, ServletResponse response,	
 		FilterChain chain) throws IOException, ServletException {
-
+	
+		
 		String token = request.getParameter(TOKEN_HEADER)==null?((HttpServletRequest)request).getHeader(TOKEN_HEADER):
 			request.getParameter(TOKEN_HEADER);
 		
@@ -82,15 +77,20 @@ public class AuthorizedCallFilter implements Filter {
 			pathInfo = servletPath.replace("/gcube/service", "");
 			log.info("called path info {} ", pathInfo);	
 			if (pathInfo==null || pathInfo.isEmpty()){
-				log.info("call rejected from filters: invalid path");
+				((HttpServletResponse)response).sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+				log.error("call rejected from filters: invalid path");
+				generateAccounting("Unknown", "Unknown", callerIp, false, startTime, request.getLocalName());
 				return;
 			}
 		}
+			
+		
 
 
 		if (requiresToken(pathInfo) && token==null ){
 			((HttpServletResponse)response).sendError(HttpServletResponse.SC_UNAUTHORIZED);
-			log.info("call rejected from filters, call requires caller token");
+			log.error("call rejected from filters, call requires caller token");
+			generateAccounting("Unknown", "Unknown", callerIp, false, startTime, request.getLocalName());
 			return;
 		}
 
@@ -107,13 +107,15 @@ public class AuthorizedCallFilter implements Filter {
 
 		if (!checkAllowed(pathInfo, callerIp, info)){
 			((HttpServletResponse)response).sendError(HttpServletResponse.SC_UNAUTHORIZED);
-			log.info("call rejected from filters");
+			log.error("call rejected from filters");
+			generateAccounting("Unknown", "Unknown", callerIp, false, startTime, request.getLocalName());
 			return;
 		}
 
 		chain.doFilter(request, response);
+				
+		generateAccounting("Unknown", "Unknown", callerIp, true, startTime, request.getLocalName());
 		
-		//generateAccounting("Unknown", "Unknown", callerIp, true, startTime, request.getLocalName());
 	}
 
 	private boolean requiresToken(String pathInfo) {
@@ -188,7 +190,7 @@ public class AuthorizedCallFilter implements Filter {
 	public void destroy() {}
 	
 	void generateAccounting(String caller, String callerQualifier, String remoteHost, boolean success, long startTime, String host){
-		AuthorizationConfiguration conf = ConfigurationHolder.getConfiguration();
+		/*AuthorizationConfiguration conf = ConfigurationHolder.getConfiguration();
 		AccountingPersistenceFactory.setFallbackLocation(conf.getAccountingDir());
 		AccountingPersistence persistence = AccountingPersistenceFactory.getPersistence();
 		ServiceUsageRecord serviceUsageRecord = new ServiceUsageRecord();
@@ -210,6 +212,8 @@ public class AuthorizedCallFilter implements Filter {
 		}catch(Exception ex){
 			log.warn("invalid record passed to accounting ",ex);
 		}
+		*/
+		log.info("REQUEST SERVED for method {} in {} ms with result {}", CalledMethodProvider.instance.get(), System.currentTimeMillis()-startTime, success?OperationResult.SUCCESS:OperationResult.FAILED);
 	}
 
 }