Implementing library

2021-11-30 18:04:52 +01:00 · 2021-11-30 18:04:52 +01:00 · 00ef2c1944
parent e034f868d3
commit 00ef2c1944
5 changed files with 140 additions and 5 deletions
--- a/pom.xml
+++ b/pom.xml
@ -43,7 +43,23 @@
 			<groupId>org.gcube.common</groupId>
 			<artifactId>authorization-client</artifactId>
 		</dependency>
-		
+		<dependency>
+			<groupId>org.gcube.common</groupId>
+			<artifactId>gcube-jackson-databind</artifactId>
+		</dependency>
+<!-- 		<dependency> -->
+<!-- 			<groupId>org.gcube.common</groupId> -->
+<!-- 			<artifactId>gcube-jackson-annotations</artifactId> -->
+<!-- 		</dependency> -->
+		<dependency>
+			<groupId>org.gcube.common</groupId>
+			<artifactId>gcube-jackson-core</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.gcube.common</groupId>
+			<artifactId>keycloak-client</artifactId>
+			<version>[1.0.0,2.0.0-SNAPSHOT)</version>
+		</dependency>
 	</dependencies>
 	
 </project>
--- a/src/main/java/org/gcube/common/authorization/utils/secret/ClienIDSecret.java
+++ b/src/main/java/org/gcube/common/authorization/utils/secret/ClienIDSecret.java
@ -3,6 +3,10 @@ package org.gcube.common.authorization.utils.secret;
 import java.util.Map;
 import java.util.Objects;

+import org.gcube.common.keycloak.KeycloakClientFactory;
+import org.gcube.common.keycloak.model.TokenResponse;
+import org.gcube.common.scope.api.ScopeProvider;
+
 /**
 * @author Luca Frosini (ISTI - CNR)
 */
@ -17,8 +21,7 @@ public class ClienIDSecret extends Secret {
 	
 	@Override
 	public void set() throws Exception {
-//		TokenResponse tr = KeycloakClientFactory.newInstance().queryUMAToken(CLIENT_ID, CLIENT_SECRET, contextToAuthorise, null);
-//		System.out.println(tr.getAccessToken());
+		TokenResponse tr = KeycloakClientFactory.newInstance().queryUMAToken(clientID, token, ScopeProvider.instance.get(), null);
 	}

 	@Override
--- a/src/main/java/org/gcube/common/authorization/utils/secret/GCubeSecret.java
+++ b/src/main/java/org/gcube/common/authorization/utils/secret/GCubeSecret.java
@ -12,6 +12,7 @@ import org.gcube.common.authorization.library.provider.ClientInfo;
 import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
 import org.gcube.common.authorization.library.utils.Caller;
 import org.gcube.common.scope.api.ScopeProvider;
+import org.gcube.common.scope.impl.ScopeBean;

 /**
 * @author Luca Frosini (ISTI - CNR)
@ -35,13 +36,15 @@ public class GCubeSecret extends Secret {
 	@Override
 	public void set() throws Exception {
 		SecurityTokenProvider.instance.set(token);
+		
 		AuthorizationEntry authorizationEntry = Constants.authorizationService().get(token);
 		ClientInfo clientInfo = authorizationEntry.getClientInfo();
-		logger.debug("User : {} - Type : {}", clientInfo.getId(), clientInfo.getType().name());
 		String qualifier = authorizationEntry.getQualifier();
 		Caller caller = new Caller(clientInfo, qualifier);
 		AuthorizationProvider.instance.set(caller);
-		ScopeProvider.instance.set(getContext());
+		
+		ScopeBean scopeBean = new ScopeBean(getContext());
+		ScopeProvider.instance.set(scopeBean.toString());
 	}
 	
 	protected ClientInfo getClientInfo() throws Exception {
--- a/src/main/java/org/gcube/common/authorization/utils/secret/JWTSecret.java
+++ b/src/main/java/org/gcube/common/authorization/utils/secret/JWTSecret.java
@ -1,15 +1,28 @@
 package org.gcube.common.authorization.utils.secret;

+import java.util.Base64;
 import java.util.HashMap;
 import java.util.Map;

+import org.gcube.com.fasterxml.jackson.databind.ObjectMapper;
 import org.gcube.common.authorization.library.provider.AccessTokenProvider;
+import org.gcube.common.authorization.library.provider.AuthorizationProvider;
+import org.gcube.common.authorization.library.provider.ClientInfo;
+import org.gcube.common.authorization.library.provider.UserInfo;
+import org.gcube.common.authorization.library.utils.Caller;
+import org.gcube.common.authorization.utils.secret.jwt.JWToken;
+import org.gcube.common.scope.api.ScopeProvider;
+import org.gcube.common.scope.impl.ScopeBean;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;

 /**
 * @author Luca Frosini (ISTI - CNR)
 */
 public class JWTSecret extends Secret {

+	private static final Logger logger = LoggerFactory.getLogger(JWTSecret.class);
+	
 	public JWTSecret(String token) {
 		super(10, token);
 	}
@ -18,6 +31,30 @@ public class JWTSecret extends Secret {
 	public void set() throws Exception {
 		AccessTokenProvider.instance.set(token);
 		
+		
+		String realUmaTokenEncoded = token.split("\\.")[1];
+		String realUmaToken = new String(Base64.getDecoder().decode(realUmaTokenEncoded.getBytes()));
+		ObjectMapper mapper = new ObjectMapper();
+		JWToken jwt = null;
+		try {
+			 jwt = mapper.readValue(realUmaToken, JWToken.class);
+		}catch(Exception e){
+			logger.error("Error parsing JWT token",e);
+			throw new Exception("Error parsing JWT token", e);
+		}
+		
+		ClientInfo clientInfo = new UserInfo(jwt.getUsername(), jwt.getRoles(), jwt.getEmail(), jwt.getFirstName(), jwt.getLastName());
+		Caller caller = new Caller(clientInfo, "token");
+		AuthorizationProvider.instance.set(caller);
+		
+		ScopeBean scopeBean = null;
+		try { 
+			scopeBean = new ScopeBean(jwt.getContext());
+		}catch(Exception e){
+			logger.error("Invalid context in access token",e);
+			throw new Exception("Invalid context in access token");
+		}
+		ScopeProvider.instance.set(scopeBean.toString());
 	}

 	@Override
--- a/src/main/java/org/gcube/common/authorization/utils/secret/jwt/JWToken.java
+++ b/src/main/java/org/gcube/common/authorization/utils/secret/jwt/JWToken.java
@ -0,0 +1,76 @@
+package org.gcube.common.authorization.utils.secret.jwt;
+
+import java.io.UnsupportedEncodingException;
+import java.net.URLDecoder;
+import java.nio.charset.StandardCharsets;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.gcube.com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import org.gcube.com.fasterxml.jackson.annotation.JsonProperty;
+
+@JsonIgnoreProperties(ignoreUnknown = true)
+public class JWToken {
+
+	@JsonProperty("aud")
+	private String context;
+		
+	@JsonProperty("resource_access")
+	private Map<String, Roles> contextAccess = new HashMap<>();
+	
+	@JsonProperty("preferred_username")
+	private String username;
+	
+	@JsonProperty("given_name")
+	private String firstName;
+	
+	@JsonProperty("family_name")
+	private String lastName;
+	
+	@JsonProperty("email")
+	private String email;
+
+	public List<String> getRoles(){
+		return contextAccess.get(this.context).roles;
+	}
+	
+	public String getContext() {
+		 try {
+			return  URLDecoder.decode(context, StandardCharsets.UTF_8.toString());
+		 }catch (UnsupportedEncodingException e) {
+			return context;
+		}
+	}
+		
+	public String getUsername() {
+		return username;
+	}
+
+	public String getFirstName() {
+		return firstName;
+	}
+
+	public String getLastName() {
+		return lastName;
+	}
+
+	public String getEmail() {
+		return email;
+	}
+
+	@Override
+	public String toString() {
+		return "GcubeJwt [context=" + getContext() + ", roles=" + getRoles() + ", username=" + username
+				+ ", firstName=" + firstName + ", lastName=" + lastName + ", email=" + email + "]";
+	}
+
+	public static class Roles {
+				
+		@JsonProperty("roles")
+		List<String> roles = new ArrayList<>();
+	
+	}
+	
+}