Compare commits
7 Commits
Author | SHA1 | Date |
---|---|---|
Lucio Lelii | bca36f2d64 | |
Roberto Cirillo | 53d7393d2a | |
Lucio Lelii | 3cf3505e6a | |
Lucio Lelii | 0e2a8dfbed | |
lucio | d6b6d4135e | |
lucio | d0a7c0520a | |
lucio | f62a477b84 |
|
@ -27,7 +27,6 @@
|
|||
<classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER">
|
||||
<attributes>
|
||||
<attribute name="maven.pomderived" value="true"/>
|
||||
<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
|
||||
</attributes>
|
||||
</classpathentry>
|
||||
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.8">
|
||||
|
|
|
@ -3,7 +3,9 @@ org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
|
|||
org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.8
|
||||
org.eclipse.jdt.core.compiler.compliance=1.8
|
||||
org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
|
||||
org.eclipse.jdt.core.compiler.problem.enablePreviewFeatures=disabled
|
||||
org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
|
||||
org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
|
||||
org.eclipse.jdt.core.compiler.problem.reportPreviewFeatures=ignore
|
||||
org.eclipse.jdt.core.compiler.release=disabled
|
||||
org.eclipse.jdt.core.compiler.source=1.8
|
||||
|
|
|
@ -0,0 +1,8 @@
|
|||
# Changelog for "auhtorization-service"
|
||||
This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
||||
|
||||
## \[v2.1.3] [r4.24.0] - 2020-06-22
|
||||
|
||||
### Fixes
|
||||
- bug on ApiKey Management (https://support.d4science.org/issues/19487)
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
# Authorization service
|
||||
|
||||
StorageHub implements the gCube Workspace feature
|
||||
Implements the gCube Authorization feature
|
||||
|
||||
## Structure of the project
|
||||
|
||||
|
|
|
@ -15,7 +15,7 @@
|
|||
<includes>
|
||||
<include>README.md</include>
|
||||
<include>LICENSE.md</include>
|
||||
<include>changelog.xml</include>
|
||||
<include>CHANGELOG.md</include>
|
||||
<include>profile.xml</include>
|
||||
</includes>
|
||||
<fileMode>755</fileMode>
|
||||
|
|
3
pom.xml
3
pom.xml
|
@ -11,7 +11,7 @@
|
|||
|
||||
<groupId>org.gcube.common</groupId>
|
||||
<artifactId>authorization-service</artifactId>
|
||||
<version>2.1.1</version>
|
||||
<version>2.1.3</version>
|
||||
<name>authorization service</name>
|
||||
|
||||
<packaging>war</packaging>
|
||||
|
@ -61,7 +61,6 @@
|
|||
<groupId>org.gcube.core</groupId>
|
||||
<artifactId>common-scope-maps</artifactId>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.gcube.core</groupId>
|
||||
<artifactId>common-scope</artifactId>
|
||||
|
|
|
@ -7,7 +7,6 @@ import javax.ws.rs.ApplicationPath;
|
|||
import javax.ws.rs.core.Application;
|
||||
|
||||
import org.gcube.common.authorizationservice.configuration.AuthorizationConfiguration;
|
||||
import org.glassfish.jersey.server.ResourceConfig;
|
||||
|
||||
@ApplicationPath("/gcube/service/*")
|
||||
public class AuthorizationService extends Application {
|
||||
|
@ -22,6 +21,7 @@ public class AuthorizationService extends Application {
|
|||
classes.add(KeyRetriever.class);
|
||||
classes.add(PolicyManager.class);
|
||||
classes.add(TokenManager.class);
|
||||
classes.add(ApiKeyManager.class);
|
||||
return classes;
|
||||
}
|
||||
|
||||
|
|
|
@ -60,8 +60,15 @@ public class TokenManager {
|
|||
CalledMethodProvider.instance.set("retrieve");
|
||||
log.info("token retreiver called with token {}",token);
|
||||
|
||||
AuthorizationEntry info = persistence.getAuthorizationEntry(token);
|
||||
AuthorizationEntry info = null;
|
||||
try {
|
||||
info = persistence.getAuthorizationEntry(token);
|
||||
|
||||
} catch ( Throwable t) {
|
||||
log.error("erorr on authorization", t);
|
||||
throw new WebApplicationException(Response.status(Response.Status.INTERNAL_SERVER_ERROR)
|
||||
.entity("error on authorization").type(MediaType.TEXT_PLAIN).build());
|
||||
}
|
||||
log.info("info retrieved {}",info);
|
||||
|
||||
if (info == null){
|
||||
|
@ -70,19 +77,15 @@ public class TokenManager {
|
|||
.entity("token "+token+" not found").type(MediaType.TEXT_PLAIN).build());
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
try{
|
||||
ScopeProvider.instance.set(info.getContext());
|
||||
ServiceMap map = ServiceMap.instance;
|
||||
ServiceMap map = ((ScopedServiceMap)ServiceMap.instance).currentMap();
|
||||
ScopeProvider.instance.reset();
|
||||
info.setMap(map);
|
||||
}catch(Exception e){
|
||||
}catch(Throwable e){
|
||||
log.error("error retrieving map for {}", info.getContext(), e);
|
||||
throw new WebApplicationException(Response.status(Response.Status.INTERNAL_SERVER_ERROR)
|
||||
.entity("Error retrieving map").type(MediaType.TEXT_PLAIN).build());
|
||||
}*/
|
||||
|
||||
log.debug("returning info {}", info);
|
||||
return info;
|
||||
|
||||
|
@ -100,14 +103,26 @@ public class TokenManager {
|
|||
@Produces(MediaType.APPLICATION_XML)
|
||||
public AuthorizationEntryList retrieveTokenBunch(@NotNull @QueryParam("token") List<String> tokens ) {
|
||||
CalledMethodProvider.instance.set("retrieve");
|
||||
log.info("token retreiver called with tokens {}",tokens);
|
||||
log.info("token retreiver in bunch called with tokens {}",tokens);
|
||||
|
||||
List<AuthorizationEntry> toReturn = new ArrayList<AuthorizationEntry>();
|
||||
for (String token : tokens ) {
|
||||
try {
|
||||
AuthorizationEntry info = persistence.getAuthorizationEntry(token);
|
||||
/*
|
||||
try{
|
||||
ScopeProvider.instance.set(info.getContext());
|
||||
DefaultServiceMap map = (DefaultServiceMap)((ScopedServiceMap)ServiceMap.instance).currentMap();
|
||||
ScopeProvider.instance.reset();
|
||||
info.setMap(map);
|
||||
}catch(Throwable e){
|
||||
log.error("error retrieving map for {}", info.getContext(), e);
|
||||
}
|
||||
*/
|
||||
toReturn.add(info);
|
||||
}catch(Exception e) {}
|
||||
}catch(Exception t) {
|
||||
log.error("erorr on authorization", t);
|
||||
}
|
||||
}
|
||||
log.info("info retrieved {}",toReturn);
|
||||
|
||||
|
|
|
@ -16,9 +16,6 @@ import javax.servlet.http.HttpServletRequest;
|
|||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.gcube.accounting.datamodel.UsageRecord.OperationResult;
|
||||
import org.gcube.accounting.datamodel.usagerecords.ServiceUsageRecord;
|
||||
import org.gcube.accounting.persistence.AccountingPersistence;
|
||||
import org.gcube.accounting.persistence.AccountingPersistenceFactory;
|
||||
import org.gcube.common.authorization.library.AuthorizationEntry;
|
||||
import org.gcube.common.authorization.library.provider.CalledMethodProvider;
|
||||
import org.gcube.common.authorizationservice.configuration.AllowedEntity;
|
||||
|
@ -26,9 +23,6 @@ import org.gcube.common.authorizationservice.configuration.AuthorizationConfigur
|
|||
import org.gcube.common.authorizationservice.configuration.AuthorizationRule;
|
||||
import org.gcube.common.authorizationservice.configuration.ConfigurationHolder;
|
||||
import org.gcube.common.authorizationservice.util.TokenPersistence;
|
||||
import org.gcube.common.scope.api.ScopeProvider;
|
||||
import org.jboss.weld.context.ApplicationContext;
|
||||
import org.omg.PortableInterceptor.SUCCESSFUL;
|
||||
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
|
||||
|
@ -52,6 +46,7 @@ public class AuthorizedCallFilter implements Filter {
|
|||
public void doFilter(ServletRequest request, ServletResponse response,
|
||||
FilterChain chain) throws IOException, ServletException {
|
||||
|
||||
|
||||
String token = request.getParameter(TOKEN_HEADER)==null?((HttpServletRequest)request).getHeader(TOKEN_HEADER):
|
||||
request.getParameter(TOKEN_HEADER);
|
||||
|
||||
|
@ -82,15 +77,20 @@ public class AuthorizedCallFilter implements Filter {
|
|||
pathInfo = servletPath.replace("/gcube/service", "");
|
||||
log.info("called path info {} ", pathInfo);
|
||||
if (pathInfo==null || pathInfo.isEmpty()){
|
||||
log.info("call rejected from filters: invalid path");
|
||||
((HttpServletResponse)response).sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
|
||||
log.error("call rejected from filters: invalid path");
|
||||
generateAccounting("Unknown", "Unknown", callerIp, false, startTime, request.getLocalName());
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
if (requiresToken(pathInfo) && token==null ){
|
||||
((HttpServletResponse)response).sendError(HttpServletResponse.SC_UNAUTHORIZED);
|
||||
log.info("call rejected from filters, call requires caller token");
|
||||
log.error("call rejected from filters, call requires caller token");
|
||||
generateAccounting("Unknown", "Unknown", callerIp, false, startTime, request.getLocalName());
|
||||
return;
|
||||
}
|
||||
|
||||
|
@ -107,13 +107,15 @@ public class AuthorizedCallFilter implements Filter {
|
|||
|
||||
if (!checkAllowed(pathInfo, callerIp, info)){
|
||||
((HttpServletResponse)response).sendError(HttpServletResponse.SC_UNAUTHORIZED);
|
||||
log.info("call rejected from filters");
|
||||
log.error("call rejected from filters");
|
||||
generateAccounting("Unknown", "Unknown", callerIp, false, startTime, request.getLocalName());
|
||||
return;
|
||||
}
|
||||
|
||||
chain.doFilter(request, response);
|
||||
|
||||
//generateAccounting("Unknown", "Unknown", callerIp, true, startTime, request.getLocalName());
|
||||
generateAccounting("Unknown", "Unknown", callerIp, true, startTime, request.getLocalName());
|
||||
|
||||
}
|
||||
|
||||
private boolean requiresToken(String pathInfo) {
|
||||
|
@ -188,7 +190,7 @@ public class AuthorizedCallFilter implements Filter {
|
|||
public void destroy() {}
|
||||
|
||||
void generateAccounting(String caller, String callerQualifier, String remoteHost, boolean success, long startTime, String host){
|
||||
AuthorizationConfiguration conf = ConfigurationHolder.getConfiguration();
|
||||
/*AuthorizationConfiguration conf = ConfigurationHolder.getConfiguration();
|
||||
AccountingPersistenceFactory.setFallbackLocation(conf.getAccountingDir());
|
||||
AccountingPersistence persistence = AccountingPersistenceFactory.getPersistence();
|
||||
ServiceUsageRecord serviceUsageRecord = new ServiceUsageRecord();
|
||||
|
@ -210,6 +212,8 @@ public class AuthorizedCallFilter implements Filter {
|
|||
}catch(Exception ex){
|
||||
log.warn("invalid record passed to accounting ",ex);
|
||||
}
|
||||
*/
|
||||
log.info("REQUEST SERVED for method {} in {} ms with result {}", CalledMethodProvider.instance.get(), System.currentTimeMillis()-startTime, success?OperationResult.SUCCESS:OperationResult.FAILED);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue