gCubeSystem
/
authorization-utils
16
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Improving Code

This commit is contained in:
Luca Frosini 2021-12-07 13:50:39 +01:00
parent 2d3eb14ff8
commit 5dc635d134
10 changed files with 268 additions and 313 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
src/main/java/org/gcube/common/authorization/utils/manager/SecretHolder.java
View File

@ -5,6 +5,7 @@ import java.util.SortedSet;
import java.util.TreeSet;
import org.gcube.common.authorization.utils.secret.Secret;
import org.gcube.common.authorization.utils.user.User;
import org.gcube.common.scope.api.ScopeProvider;
/**
@ -61,10 +62,10 @@ public class SecretHolder {
return secrets;
}
public String getUsername() {
public User getUser() {
for(Secret secret : secrets) {
try {
return secret.getUsername();
return secret.getUser();
}catch (Exception e) {
// trying the next one
}
@ -83,17 +84,6 @@ public class SecretHolder {
return ScopeProvider.instance.get();
}
public Collection<String> getRoles() {
for(Secret secret : secrets) {
try {
return secret.getRoles();
}catch (Exception e) {
// trying the next one
}
}
return null;
}
public void reset() {
for(Secret secret : secrets) {
try {
@ -104,48 +94,4 @@ public class SecretHolder {
}
}
public String getName() {
for(Secret secret : secrets) {
try {
return secret.getName();
}catch (Exception e) {
// trying the next one
}
}
return null;
}
public String getSurname() {
for(Secret secret : secrets) {
try {
return secret.getSurname();
}catch (Exception e) {
// trying the next one
}
}
return null;
}
public String getEMail() {
for(Secret secret : secrets) {
try {
return secret.getEMail();
}catch (Exception e) {
// trying the next one
}
}
return null;
}
public String getTitle() {
for(Secret secret : secrets) {
try {
return secret.getTitle();
}catch (Exception e) {
// trying the next one
}
}
return "";
}
}

29
src/main/java/org/gcube/common/authorization/utils/manager/SecretManager.java
View File

@ -1,7 +1,6 @@
package org.gcube.common.authorization.utils.manager;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.SortedSet;
@ -9,6 +8,7 @@ import org.gcube.common.authorization.utils.provider.GCubeSecretProvider;
import org.gcube.common.authorization.utils.provider.SecretProvider;
import org.gcube.common.authorization.utils.secret.JWTSecret;
import org.gcube.common.authorization.utils.secret.Secret;
import org.gcube.common.authorization.utils.user.User;
/**
* @author Luca Frosini (ISTI - CNR)
@ -83,18 +83,6 @@ public class SecretManager {
}
}
public String getUsername() {
return currentSecretHolder.getUsername();
}
public String getContext() {
return currentSecretHolder.getContext();
}
public Collection<String> getRoles() {
return currentSecretHolder.getRoles();
}
public void reset() {
initialSecretHolder.reset();
if(initialSecretHolder!=currentSecretHolder) {
@ -103,19 +91,12 @@ public class SecretManager {
instance.remove();
}
public String getName() {
return currentSecretHolder.getName();
public String getContext() {
return currentSecretHolder.getContext();
}
public String getSurname() {
return currentSecretHolder.getSurname();
public User getUser() {
return currentSecretHolder.getUser();
}
public String getEMail() {
return currentSecretHolder.getEMail();
}
public String getTitle() {
return currentSecretHolder.getTitle();
}
}

44
src/main/java/org/gcube/common/authorization/utils/secret/GCubeSecret.java
View File

@ -1,6 +1,5 @@
package org.gcube.common.authorization.utils.secret;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import java.util.regex.Pattern;
@ -11,7 +10,8 @@ import org.gcube.common.authorization.library.exception.AuthorizationException;
import org.gcube.common.authorization.library.provider.ClientInfo;
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
import org.gcube.common.authorization.library.utils.Caller;
import org.gcube.common.authorization.utils.socialservice.PortalUser;
import org.gcube.common.authorization.utils.socialservice.SocialService;
import org.gcube.common.authorization.utils.user.User;
/**
* @author Luca Frosini (ISTI - CNR)
@ -21,7 +21,6 @@ public class GCubeSecret extends Secret {
public static final String GCUBE_TOKEN_REGEX = "^([a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}-[a-fA-F0-9]{8,9}){1}$";
protected AuthorizationEntry authorizationEntry;
protected PortalUser portalUser;
@Override
protected void check(String token) throws AuthorizationException {
@ -87,36 +86,15 @@ public class GCubeSecret extends Secret {
return false;
}
protected PortalUser getPortalUser() {
if(portalUser==null) {
portalUser = new PortalUser();
public User getUser() {
if(user==null) {
try {
user = SocialService.getSocialService().getUser(this);
} catch (Exception e) {
throw new RuntimeException();
}
}
return portalUser;
return user;
}
@Override
public Collection<String> getRoles() throws Exception {
return getPortalUser().getRoles();
}
@Override
public String getName() {
return getPortalUser().getName();
}
@Override
public String getSurname() {
return getPortalUser().getSurname();
}
@Override
public String getEMail() {
return getPortalUser().getEMail();
}
@Override
public String getTitle() {
return getPortalUser().getJobTitle();
}
}

37
src/main/java/org/gcube/common/authorization/utils/secret/JWTSecret.java
View File

@ -4,7 +4,6 @@ import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@ -15,6 +14,8 @@ import org.gcube.common.authorization.library.provider.ClientInfo;
import org.gcube.common.authorization.library.provider.UserInfo;
import org.gcube.common.authorization.library.utils.Caller;
import org.gcube.common.authorization.utils.clientid.RenewalProvider;
import org.gcube.common.authorization.utils.user.KeycloakUser;
import org.gcube.common.authorization.utils.user.User;
import org.gcube.common.keycloak.model.AccessToken;
import org.gcube.common.keycloak.model.RefreshToken;
import org.gcube.common.keycloak.model.util.Time;
@ -158,27 +159,17 @@ public class JWTSecret extends Secret {
}
@Override
public Collection<String> getRoles() throws Exception {
return getAccessToken().getRealmAccess().getRoles();
}
@Override
public String getName() throws Exception {
return getAccessToken().getGivenName();
}
@Override
public String getSurname() throws Exception {
return getAccessToken().getFamilyName();
}
@Override
public String getEMail() throws Exception {
return getAccessToken().getEmail();
}
@Override
public String getTitle() throws Exception {
return "";
public User getUser() {
if(user==null) {
try {
ObjectMapper objectMapper = new ObjectMapper();
String accessTokenString = objectMapper.writeValueAsString(accessToken);
user = objectMapper.readValue(accessTokenString, KeycloakUser.class);
} catch (Exception e) {
throw new RuntimeException();
}
}
return user;
}
}

13
src/main/java/org/gcube/common/authorization/utils/secret/Secret.java
View File

@ -1,6 +1,5 @@
package org.gcube.common.authorization.utils.secret;
import java.util.Collection;
import java.util.Map;
import java.util.Objects;
@ -9,6 +8,7 @@ import org.gcube.common.authorization.library.exception.AuthorizationException;
import org.gcube.common.authorization.library.provider.AuthorizationProvider;
import org.gcube.common.authorization.library.provider.ClientInfo;
import org.gcube.common.authorization.library.utils.Caller;
import org.gcube.common.authorization.utils.user.User;
import org.gcube.common.scope.api.ScopeProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -22,6 +22,7 @@ public abstract class Secret implements Comparable<Secret> {
protected int priority;
protected String token;
protected User user;
protected void check(String token) throws AuthorizationException {
if(token == null) {
@ -117,14 +118,6 @@ public abstract class Secret implements Comparable<Secret> {
public abstract boolean isRefreshable();
public abstract Collection<String> getRoles() throws Exception;
public abstract String getName() throws Exception;
public abstract String getSurname() throws Exception;
public abstract String getEMail() throws Exception;
public abstract String getTitle() throws Exception;
public abstract User getUser();
}

166
src/main/java/org/gcube/common/authorization/utils/socialservice/PortalUser.java
View File

@ -1,166 +0,0 @@
package org.gcube.common.authorization.utils.socialservice;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.ws.rs.InternalServerErrorException;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response.Status;
import org.gcube.com.fasterxml.jackson.databind.JsonNode;
import org.gcube.com.fasterxml.jackson.databind.ObjectMapper;
import org.gcube.com.fasterxml.jackson.databind.node.ArrayNode;
import org.gcube.common.gxhttp.request.GXHTTPStringRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* @author Luca Frosini (ISTI - CNR)
*/
public class PortalUser {
private static final Logger logger = LoggerFactory.getLogger(PortalUser.class);
protected static final String RESPONSE_SUCCESS_KEY = "success";
protected static final String RESPONSE_MESSAGE_KEY = "message";
protected static final String RESPONSE_RESULT_KEY = "result";
protected static final String SOCIAL_SERVICE_GET_OAUTH_USER_PROFILE_PATH = "2/users/get-oauth-profile";
// This key contains the fullname
//protected static final String OAUTH_USER_PROFILE_FULLNAME_KEY = "name";
protected static final String OAUTH_USER_PROFILE_NAME_KEY = "given_name";
protected static final String OAUTH_USER_PROFILE_SURNAME_KEY = "family_name";
protected static final String OAUTH_USER_PROFILE_EMAIL_KEY = "email";
protected static final String OAUTH_USER_PROFILE_JOB_TITLE_KEY = "job_title";
protected static final String OAUTH_USER_PROFILE_ROLES_KEY = "roles";
protected final ObjectMapper objectMapper;
protected JsonNode oAuthUserProfile;
protected String name;
protected String surname;
protected String eMail;
protected String jobTitle;
protected List<String> roles;
protected Boolean catalogueModerator;
public PortalUser() {
this.objectMapper = new ObjectMapper();
}
public StringBuilder getStringBuilder(InputStream inputStream) throws IOException {
StringBuilder result = new StringBuilder();
try(BufferedReader reader = new BufferedReader(new InputStreamReader(inputStream))) {
String line;
while((line = reader.readLine()) != null) {
result.append(line);
}
}
return result;
}
public String getResultAsString(HttpURLConnection httpURLConnection) throws IOException {
int responseCode = httpURLConnection.getResponseCode();
if(responseCode >= Status.BAD_REQUEST.getStatusCode()) {
Status status = Status.fromStatusCode(responseCode);
InputStream inputStream = httpURLConnection.getErrorStream();
StringBuilder result = getStringBuilder(inputStream);
logger.trace(result.toString());
throw new WebApplicationException(result.toString(), status);
}
InputStream inputStream = httpURLConnection.getInputStream();
String ret = getStringBuilder(inputStream).toString();
logger.trace("Got Respose is {}", ret);
return ret;
}
public JsonNode getOAuthUserProfile() {
if(oAuthUserProfile == null) {
try {
String socialServiceBasePath = SocialService.getSocialService().getServiceBasePath();
GXHTTPStringRequest gxhttpStringRequest = GXHTTPStringRequest.newRequest(socialServiceBasePath);
gxhttpStringRequest.from("authorization-utils");
gxhttpStringRequest.header(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON);
gxhttpStringRequest.path(SOCIAL_SERVICE_GET_OAUTH_USER_PROFILE_PATH);
HttpURLConnection httpURLConnection = gxhttpStringRequest.get();
String ret = getResultAsString(httpURLConnection);
oAuthUserProfile = objectMapper.readTree(ret);
} catch(Exception e) {
throw new InternalServerErrorException("Unable to retrive Infrastructure User Information from Social Service", e);
}
}
return oAuthUserProfile;
}
public String getSurnameName() {
return String.format("%s %s", getSurname(), getName());
}
public String getNameSurname() {
return String.format("%s %s", getName(), getSurname());
}
public String getName() {
if(name == null) {
name = getOAuthUserProfile().get(OAUTH_USER_PROFILE_NAME_KEY).asText();
}
return name;
}
public String getSurname() {
if(surname == null) {
surname = getOAuthUserProfile().get(OAUTH_USER_PROFILE_SURNAME_KEY).asText();
}
return surname;
}
public String getEMail() {
if(eMail == null) {
eMail = getOAuthUserProfile().get(OAUTH_USER_PROFILE_EMAIL_KEY).asText();
}
return eMail;
}
public List<String> getRoles() {
if(roles == null) {
JsonNode jsonNode = getOAuthUserProfile().get(OAUTH_USER_PROFILE_ROLES_KEY);
roles = new ArrayList<String>();
if(jsonNode.isArray()) {
ArrayNode arrayNode = (ArrayNode) jsonNode;
if(arrayNode.size() > 0) {
Iterator<JsonNode> iterator = arrayNode.iterator();
while(iterator.hasNext()) {
roles.add(iterator.next().asText());
}
}
}
}
return roles;
}
public String getJobTitle() {
if(jobTitle == null) {
jobTitle = getOAuthUserProfile().get(OAUTH_USER_PROFILE_JOB_TITLE_KEY).asText();
}
return jobTitle;
}
}

73
src/main/java/org/gcube/common/authorization/utils/socialservice/SocialService.java
View File

@ -3,11 +3,26 @@ package org.gcube.common.authorization.utils.socialservice;
import static org.gcube.resources.discovery.icclient.ICFactory.client;
import static org.gcube.resources.discovery.icclient.ICFactory.queryFor;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response.Status;
import org.gcube.com.fasterxml.jackson.databind.ObjectMapper;
import org.gcube.common.authorization.utils.manager.SecretManager;
import org.gcube.common.authorization.utils.secret.Secret;
import org.gcube.common.authorization.utils.user.GCubeUser;
import org.gcube.common.authorization.utils.user.User;
import org.gcube.common.gxhttp.request.GXHTTPStringRequest;
import org.gcube.common.resources.gcore.GCoreEndpoint;
import org.gcube.resources.discovery.client.api.DiscoveryClient;
import org.gcube.resources.discovery.client.queries.api.SimpleQuery;
@ -92,4 +107,62 @@ public class SocialService {
return serviceBasePath;
}
public StringBuilder getStringBuilder(InputStream inputStream) throws IOException {
StringBuilder result = new StringBuilder();
try(BufferedReader reader = new BufferedReader(new InputStreamReader(inputStream))) {
String line;
while((line = reader.readLine()) != null) {
result.append(line);
}
}
return result;
}
public String getResultAsString(HttpURLConnection httpURLConnection) throws IOException {
int responseCode = httpURLConnection.getResponseCode();
if(responseCode >= Status.BAD_REQUEST.getStatusCode()) {
Status status = Status.fromStatusCode(responseCode);
InputStream inputStream = httpURLConnection.getErrorStream();
StringBuilder result = getStringBuilder(inputStream);
logger.trace(result.toString());
throw new WebApplicationException(result.toString(), status);
}
InputStream inputStream = httpURLConnection.getInputStream();
String ret = getStringBuilder(inputStream).toString();
logger.trace("Got Respose is {}", ret);
return ret;
}
protected static final String SOCIAL_SERVICE_GET_OAUTH_USER_PROFILE_PATH = "2/users/get-oauth-profile";
protected static final String RESPONSE_SUCCESS_KEY = "success";
protected static final String RESPONSE_MESSAGE_KEY = "message";
protected static final String RESPONSE_RESULT_KEY = "result";
public User getUser(Secret secret) throws Exception {
try {
String socialServiceBasePath = SocialService.getSocialService().getServiceBasePath();
GXHTTPStringRequest gxhttpStringRequest = GXHTTPStringRequest.newRequest(socialServiceBasePath);
gxhttpStringRequest.from("authorization-utils");
gxhttpStringRequest.header(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON);
Map<String,String> authzHeaders = secret.getHTTPAuthorizationHeaders();
for(String key : authzHeaders.keySet()) {
gxhttpStringRequest.header(key, authzHeaders.get(key));
}
gxhttpStringRequest.path(SOCIAL_SERVICE_GET_OAUTH_USER_PROFILE_PATH);
HttpURLConnection httpURLConnection = gxhttpStringRequest.get();
String ret = getResultAsString(httpURLConnection);
ObjectMapper mapper = new ObjectMapper();
return mapper.readValue(ret, GCubeUser.class);
} catch(Exception e) {
throw new Exception("Unable to retrive User from Social Service", e);
}
}
}

95
src/main/java/org/gcube/common/authorization/utils/user/GCubeUser.java Normal file
View File

@ -0,0 +1,95 @@
package org.gcube.common.authorization.utils.user;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import org.gcube.com.fasterxml.jackson.annotation.JsonAnyGetter;
import org.gcube.com.fasterxml.jackson.annotation.JsonAnySetter;
import org.gcube.com.fasterxml.jackson.annotation.JsonIgnore;
import org.gcube.com.fasterxml.jackson.annotation.JsonProperty;
/**
* @author Luca Frosini (ISTI - CNR)
*/
public class GCubeUser implements User {
// This key contains the fullname
// protected static final String OAUTH_USER_PROFILE_FULLNAME_KEY = "name";
protected static final String USERNAME_KEY = "id";
protected static final String ROLES_KEY = "roles";
protected static final String NAME_KEY = "given_name";
protected static final String MIDDLE_NAME_KEY = "middle_name";
protected static final String SURNAME_KEY = "family_name";
protected static final String EMAIL_KEY = "email";
@JsonProperty(USERNAME_KEY)
protected String username;
@JsonProperty(ROLES_KEY)
protected Set<String> roles;
@JsonProperty(NAME_KEY)
protected String name;
@JsonProperty(SURNAME_KEY)
protected String surname;
@JsonProperty(EMAIL_KEY)
protected String eMail;
@JsonIgnore
protected Map<String, Object> additionalProperties;
public GCubeUser() {
this.additionalProperties = new HashMap<>();
}
@Override
public String getUsername() {
return username;
}
@Override
public Collection<String> getRoles() {
return roles;
}
@Override
public String getName() {
return name;
}
@Override
public String getSurname() {
return surname;
}
@Override
public String getEmail() {
return eMail;
}
@JsonAnyGetter
public Map<String,Object> getAdditionalProperties() {
return additionalProperties;
}
public void setAdditionalProperties(Map<String,Object> additionalProperties) {
this.additionalProperties = additionalProperties;
}
public Object getAdditionalProperty(String key) {
return this.additionalProperties.get(key);
}
@JsonAnySetter
public void setAdditionalProperty(String key, Object value) {
this.additionalProperties.put(key, value);
}
}

36
src/main/java/org/gcube/common/authorization/utils/user/KeycloakUser.java Normal file
View File

@ -0,0 +1,36 @@
package org.gcube.common.authorization.utils.user;
import java.util.Collection;
import org.gcube.com.fasterxml.jackson.annotation.JsonIgnore;
import org.gcube.common.keycloak.model.AccessToken;
/**
* @author Luca Frosini (ISTI-CNR)
*/
public class KeycloakUser extends AccessToken implements User {
/**
* Generated Serial Version UID
*/
private static final long serialVersionUID = -7083648026885406300L;
@Override
@JsonIgnore
public String getUsername() {
return getId();
}
@Override
@JsonIgnore
public Collection<String> getRoles() {
return getRealmAccess().getRoles();
}
@Override
@JsonIgnore
public String getSurname() {
return getFamilyName();
}
}

28
src/main/java/org/gcube/common/authorization/utils/user/User.java Normal file
View File

@ -0,0 +1,28 @@
package org.gcube.common.authorization.utils.user;
import java.util.Collection;
/**
* @author Luca Frosini (ISTI-CNR)
*/
public interface User {
public String getUsername();
public Collection<String> getRoles();
public String getName();
public String getSurname();
public String getEmail();
public default String getSurnameName() {
return String.format("%s %s", getSurname(), getName());
}
public default String getNameSurname() {
return String.format("%s %s", getName(), getSurname());
}
}