gCubeSystem
/
authorization-utils
15
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Implementing library

This commit is contained in:
Luca Frosini 2021-11-30 18:04:52 +01:00
parent e034f868d3
commit 00ef2c1944
5 changed files with 140 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
pom.xml
View File

@ -43,7 +43,23 @@
<groupId>org.gcube.common</groupId> <groupId>org.gcube.common</groupId>
<artifactId>authorization-client</artifactId> <artifactId>authorization-client</artifactId>
</dependency> </dependency>
<dependency>
<groupId>org.gcube.common</groupId>
<artifactId>gcube-jackson-databind</artifactId>
</dependency>
<!-- <dependency> -->
<!-- <groupId>org.gcube.common</groupId> -->
<!-- <artifactId>gcube-jackson-annotations</artifactId> -->
<!-- </dependency> -->
<dependency>
<groupId>org.gcube.common</groupId>
<artifactId>gcube-jackson-core</artifactId>
</dependency>
<dependency>
<groupId>org.gcube.common</groupId>
<artifactId>keycloak-client</artifactId>
<version>[1.0.0,2.0.0-SNAPSHOT)</version>
</dependency>
</dependencies> </dependencies>
</project> </project>

7
src/main/java/org/gcube/common/authorization/utils/secret/ClienIDSecret.java
View File

@ -3,6 +3,10 @@ package org.gcube.common.authorization.utils.secret;
import java.util.Map; import java.util.Map;
import java.util.Objects; import java.util.Objects;
import org.gcube.common.keycloak.KeycloakClientFactory;
import org.gcube.common.keycloak.model.TokenResponse;
import org.gcube.common.scope.api.ScopeProvider;
/** /**
* @author Luca Frosini (ISTI - CNR) * @author Luca Frosini (ISTI - CNR)
*/ */
@ -17,8 +21,7 @@ public class ClienIDSecret extends Secret {
@Override @Override
public void set() throws Exception { public void set() throws Exception {
// TokenResponse tr = KeycloakClientFactory.newInstance().queryUMAToken(CLIENT_ID, CLIENT_SECRET, contextToAuthorise, null); TokenResponse tr = KeycloakClientFactory.newInstance().queryUMAToken(clientID, token, ScopeProvider.instance.get(), null);
// System.out.println(tr.getAccessToken());
} }
@Override @Override

7
src/main/java/org/gcube/common/authorization/utils/secret/GCubeSecret.java
View File

@ -12,6 +12,7 @@ import org.gcube.common.authorization.library.provider.ClientInfo;
import org.gcube.common.authorization.library.provider.SecurityTokenProvider; import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
import org.gcube.common.authorization.library.utils.Caller; import org.gcube.common.authorization.library.utils.Caller;
import org.gcube.common.scope.api.ScopeProvider; import org.gcube.common.scope.api.ScopeProvider;
import org.gcube.common.scope.impl.ScopeBean;
/** /**
* @author Luca Frosini (ISTI - CNR) * @author Luca Frosini (ISTI - CNR)
@ -35,13 +36,15 @@ public class GCubeSecret extends Secret {
@Override @Override
public void set() throws Exception { public void set() throws Exception {
SecurityTokenProvider.instance.set(token); SecurityTokenProvider.instance.set(token);
AuthorizationEntry authorizationEntry = Constants.authorizationService().get(token); AuthorizationEntry authorizationEntry = Constants.authorizationService().get(token);
ClientInfo clientInfo = authorizationEntry.getClientInfo(); ClientInfo clientInfo = authorizationEntry.getClientInfo();
logger.debug("User : {} - Type : {}", clientInfo.getId(), clientInfo.getType().name());
String qualifier = authorizationEntry.getQualifier(); String qualifier = authorizationEntry.getQualifier();
Caller caller = new Caller(clientInfo, qualifier); Caller caller = new Caller(clientInfo, qualifier);
AuthorizationProvider.instance.set(caller); AuthorizationProvider.instance.set(caller);
ScopeProvider.instance.set(getContext());
ScopeBean scopeBean = new ScopeBean(getContext());
ScopeProvider.instance.set(scopeBean.toString());
} }
protected ClientInfo getClientInfo() throws Exception { protected ClientInfo getClientInfo() throws Exception {

37
src/main/java/org/gcube/common/authorization/utils/secret/JWTSecret.java
View File

@ -1,15 +1,28 @@
package org.gcube.common.authorization.utils.secret; package org.gcube.common.authorization.utils.secret;
import java.util.Base64;
import java.util.HashMap; import java.util.HashMap;
import java.util.Map; import java.util.Map;
import org.gcube.com.fasterxml.jackson.databind.ObjectMapper;
import org.gcube.common.authorization.library.provider.AccessTokenProvider; import org.gcube.common.authorization.library.provider.AccessTokenProvider;
import org.gcube.common.authorization.library.provider.AuthorizationProvider;
import org.gcube.common.authorization.library.provider.ClientInfo;
import org.gcube.common.authorization.library.provider.UserInfo;
import org.gcube.common.authorization.library.utils.Caller;
import org.gcube.common.authorization.utils.secret.jwt.JWToken;
import org.gcube.common.scope.api.ScopeProvider;
import org.gcube.common.scope.impl.ScopeBean;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/** /**
* @author Luca Frosini (ISTI - CNR) * @author Luca Frosini (ISTI - CNR)
*/ */
public class JWTSecret extends Secret { public class JWTSecret extends Secret {
private static final Logger logger = LoggerFactory.getLogger(JWTSecret.class);
public JWTSecret(String token) { public JWTSecret(String token) {
super(10, token); super(10, token);
} }
@ -18,6 +31,30 @@ public class JWTSecret extends Secret {
public void set() throws Exception { public void set() throws Exception {
AccessTokenProvider.instance.set(token); AccessTokenProvider.instance.set(token);
String realUmaTokenEncoded = token.split("\\.")[1];
String realUmaToken = new String(Base64.getDecoder().decode(realUmaTokenEncoded.getBytes()));
ObjectMapper mapper = new ObjectMapper();
JWToken jwt = null;
try {
jwt = mapper.readValue(realUmaToken, JWToken.class);
}catch(Exception e){
logger.error("Error parsing JWT token",e);
throw new Exception("Error parsing JWT token", e);
}
ClientInfo clientInfo = new UserInfo(jwt.getUsername(), jwt.getRoles(), jwt.getEmail(), jwt.getFirstName(), jwt.getLastName());
Caller caller = new Caller(clientInfo, "token");
AuthorizationProvider.instance.set(caller);
ScopeBean scopeBean = null;
try {
scopeBean = new ScopeBean(jwt.getContext());
}catch(Exception e){
logger.error("Invalid context in access token",e);
throw new Exception("Invalid context in access token");
}
ScopeProvider.instance.set(scopeBean.toString());
} }
@Override @Override

76
src/main/java/org/gcube/common/authorization/utils/secret/jwt/JWToken.java Normal file
View File

@ -0,0 +1,76 @@
package org.gcube.common.authorization.utils.secret.jwt;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.gcube.com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import org.gcube.com.fasterxml.jackson.annotation.JsonProperty;
@JsonIgnoreProperties(ignoreUnknown = true)
public class JWToken {
@JsonProperty("aud")
private String context;
@JsonProperty("resource_access")
private Map<String, Roles> contextAccess = new HashMap<>();
@JsonProperty("preferred_username")
private String username;
@JsonProperty("given_name")
private String firstName;
@JsonProperty("family_name")
private String lastName;
@JsonProperty("email")
private String email;
public List<String> getRoles(){
return contextAccess.get(this.context).roles;
}
public String getContext() {
try {
return URLDecoder.decode(context, StandardCharsets.UTF_8.toString());
}catch (UnsupportedEncodingException e) {
return context;
}
}
public String getUsername() {
return username;
}
public String getFirstName() {
return firstName;
}
public String getLastName() {
return lastName;
}
public String getEmail() {
return email;
}
@Override
public String toString() {
return "GcubeJwt [context=" + getContext() + ", roles=" + getRoles() + ", username=" + username
+ ", firstName=" + firstName + ", lastName=" + lastName + ", email=" + email + "]";
}
public static class Roles {
@JsonProperty("roles")
List<String> roles = new ArrayList<>();
}
}