diff --git a/src/main/java/org/gcube/common/authorization/utils/secret/ClienIDSecret.java b/src/main/java/org/gcube/common/authorization/utils/clientid/ClienIDSecret.java similarity index 73% rename from src/main/java/org/gcube/common/authorization/utils/secret/ClienIDSecret.java rename to src/main/java/org/gcube/common/authorization/utils/clientid/ClienIDSecret.java index 66adef7..951a5af 100644 --- a/src/main/java/org/gcube/common/authorization/utils/secret/ClienIDSecret.java +++ b/src/main/java/org/gcube/common/authorization/utils/clientid/ClienIDSecret.java @@ -1,8 +1,11 @@ -package org.gcube.common.authorization.utils.secret; +package org.gcube.common.authorization.utils.clientid; import java.util.Map; import java.util.Objects; +import org.gcube.common.authorization.library.provider.ClientInfo; +import org.gcube.common.authorization.library.utils.Caller; +import org.gcube.common.authorization.utils.secret.Secret; import org.gcube.common.keycloak.KeycloakClientFactory; import org.gcube.common.keycloak.model.TokenResponse; import org.gcube.common.scope.api.ScopeProvider; @@ -64,4 +67,21 @@ public class ClienIDSecret extends Secret { int res = super.compareTo(obj); return res == 0 ? clientID.compareTo(clientID) : res; } + + @Override + public void setToken() throws Exception { + + } + + @Override + public ClientInfo getClientInfo() throws Exception { + // TODO Auto-generated method stub + return null; + } + + @Override + public Caller getCaller() throws Exception { + // TODO Auto-generated method stub + return null; + } } diff --git a/src/main/java/org/gcube/common/authorization/utils/provider/ClientIDSecretProvider.java b/src/main/java/org/gcube/common/authorization/utils/clientid/ClientIDSecretProvider.java similarity index 68% rename from src/main/java/org/gcube/common/authorization/utils/provider/ClientIDSecretProvider.java rename to src/main/java/org/gcube/common/authorization/utils/clientid/ClientIDSecretProvider.java index 860881f..16c8701 100644 --- a/src/main/java/org/gcube/common/authorization/utils/provider/ClientIDSecretProvider.java +++ b/src/main/java/org/gcube/common/authorization/utils/clientid/ClientIDSecretProvider.java @@ -1,7 +1,7 @@ -package org.gcube.common.authorization.utils.provider; +package org.gcube.common.authorization.utils.clientid; +import org.gcube.common.authorization.utils.provider.SecretProvider; import org.gcube.common.authorization.utils.secret.Secret; -import org.gcube.common.authorization.utils.secret.ClienIDSecret; /** * @author Luca Frosini (ISTI - CNR) diff --git a/src/main/java/org/gcube/common/authorization/utils/manager/SecretManager.java b/src/main/java/org/gcube/common/authorization/utils/manager/SecretManager.java index 405a6be..80c0a46 100644 --- a/src/main/java/org/gcube/common/authorization/utils/manager/SecretManager.java +++ b/src/main/java/org/gcube/common/authorization/utils/manager/SecretManager.java @@ -1,14 +1,13 @@ package org.gcube.common.authorization.utils.manager; import java.util.ArrayList; -import java.util.Collection; import java.util.List; +import java.util.SortedSet; -import org.gcube.common.authorization.utils.provider.SecretProvider; -import org.gcube.common.authorization.utils.provider.ClientIDSecretProvider; import org.gcube.common.authorization.utils.provider.GCubeSecretProvider; -import org.gcube.common.authorization.utils.secret.Secret; +import org.gcube.common.authorization.utils.provider.SecretProvider; import org.gcube.common.authorization.utils.secret.JWTSecret; +import org.gcube.common.authorization.utils.secret.Secret; /** * @author Luca Frosini (ISTI - CNR) @@ -38,7 +37,7 @@ public class SecretManager { @SuppressWarnings("unchecked") Class[] classes = new Class[]{ - JWTSecret.class, GCubeSecretProvider.class, ClientIDSecretProvider.class + JWTSecret.class, GCubeSecretProvider.class }; for(Class clz : classes) { @@ -63,7 +62,7 @@ public class SecretManager { authorizationSecrets.set(); } - public void startSession(Collection authorizationSecrets) throws Exception { + public void startSession(SortedSet authorizationSecrets) throws Exception { setAll(authorizationSecrets); } @@ -71,9 +70,15 @@ public class SecretManager { setAll(secretHolder.getAuthorizationSecrets()); } - private void setAll(Collection authorizationSecrets) throws Exception { + private void setAll(SortedSet authorizationSecrets) throws Exception { + boolean first = true; for(Secret authorizationSecret : authorizationSecrets) { - authorizationSecret.set(); + if(first) { + authorizationSecret.set(); + first = false; + }else { + authorizationSecret.setToken(); + } } } diff --git a/src/main/java/org/gcube/common/authorization/utils/secret/GCubeSecret.java b/src/main/java/org/gcube/common/authorization/utils/secret/GCubeSecret.java index 9f5d345..8702588 100644 --- a/src/main/java/org/gcube/common/authorization/utils/secret/GCubeSecret.java +++ b/src/main/java/org/gcube/common/authorization/utils/secret/GCubeSecret.java @@ -7,12 +7,9 @@ import java.util.regex.Pattern; import org.gcube.common.authorization.client.Constants; import org.gcube.common.authorization.library.AuthorizationEntry; import org.gcube.common.authorization.library.exception.AuthorizationException; -import org.gcube.common.authorization.library.provider.AuthorizationProvider; import org.gcube.common.authorization.library.provider.ClientInfo; import org.gcube.common.authorization.library.provider.SecurityTokenProvider; import org.gcube.common.authorization.library.utils.Caller; -import org.gcube.common.scope.api.ScopeProvider; -import org.gcube.common.scope.impl.ScopeBean; /** * @author Luca Frosini (ISTI - CNR) @@ -21,6 +18,8 @@ public class GCubeSecret extends Secret { public static final String GCUBE_TOKEN_REGEX = "^([a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}-[a-fA-F0-9]{8,9}){1}$"; + protected AuthorizationEntry authorizationEntry; + @Override protected void check(String token) throws AuthorizationException { super.check(token); @@ -33,27 +32,33 @@ public class GCubeSecret extends Secret { super(20, token); } - @Override - public void set() throws Exception { - SecurityTokenProvider.instance.set(token); - - AuthorizationEntry authorizationEntry = Constants.authorizationService().get(token); - ClientInfo clientInfo = authorizationEntry.getClientInfo(); - String qualifier = authorizationEntry.getQualifier(); - Caller caller = new Caller(clientInfo, qualifier); - AuthorizationProvider.instance.set(caller); - - ScopeBean scopeBean = new ScopeBean(getContext()); - ScopeProvider.instance.set(scopeBean.toString()); + protected AuthorizationEntry getAuthorizationEntry() throws Exception { + if(authorizationEntry==null) { + authorizationEntry = Constants.authorizationService().get(token); + } + return authorizationEntry; } - protected ClientInfo getClientInfo() throws Exception { - return Constants.authorizationService().get(token).getClientInfo(); + public void setToken() throws Exception { + SecurityTokenProvider.instance.set(token); + } + + @Override + public ClientInfo getClientInfo() throws Exception { + return getAuthorizationEntry().getClientInfo(); + } + + @Override + public Caller getCaller() throws Exception { + ClientInfo clientInfo = getClientInfo(); + String qualifier = authorizationEntry.getQualifier(); + Caller caller = new Caller(clientInfo, qualifier); + return caller; } @Override public String getContext() throws Exception { - return Constants.authorizationService().get(token).getContext(); + return getAuthorizationEntry().getContext(); } @Override @@ -61,7 +66,6 @@ public class GCubeSecret extends Secret { return getClientInfo().getId(); } - @Override public Map getHTTPAuthorizationHeaders() { Map authorizationHeaders = new HashMap<>(); diff --git a/src/main/java/org/gcube/common/authorization/utils/secret/JWTSecret.java b/src/main/java/org/gcube/common/authorization/utils/secret/JWTSecret.java index 25c1912..0cfa07b 100644 --- a/src/main/java/org/gcube/common/authorization/utils/secret/JWTSecret.java +++ b/src/main/java/org/gcube/common/authorization/utils/secret/JWTSecret.java @@ -6,12 +6,10 @@ import java.util.Map; import org.gcube.com.fasterxml.jackson.databind.ObjectMapper; import org.gcube.common.authorization.library.provider.AccessTokenProvider; -import org.gcube.common.authorization.library.provider.AuthorizationProvider; import org.gcube.common.authorization.library.provider.ClientInfo; import org.gcube.common.authorization.library.provider.UserInfo; import org.gcube.common.authorization.library.utils.Caller; import org.gcube.common.authorization.utils.secret.jwt.JWToken; -import org.gcube.common.scope.api.ScopeProvider; import org.gcube.common.scope.impl.ScopeBean; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -23,44 +21,56 @@ public class JWTSecret extends Secret { private static final Logger logger = LoggerFactory.getLogger(JWTSecret.class); + protected JWToken jwt; + public JWTSecret(String token) { super(10, token); } @Override - public void set() throws Exception { + public void setToken() throws Exception { AccessTokenProvider.instance.set(token); - - - String realUmaTokenEncoded = token.split("\\.")[1]; - String realUmaToken = new String(Base64.getDecoder().decode(realUmaTokenEncoded.getBytes())); - ObjectMapper mapper = new ObjectMapper(); - JWToken jwt = null; - try { - jwt = mapper.readValue(realUmaToken, JWToken.class); - }catch(Exception e){ - logger.error("Error parsing JWT token",e); - throw new Exception("Error parsing JWT token", e); + } + + protected JWToken getJWToken() throws Exception { + if(jwt==null) { + String realUmaTokenEncoded = token.split("\\.")[1]; + String realUmaToken = new String(Base64.getDecoder().decode(realUmaTokenEncoded.getBytes())); + ObjectMapper mapper = new ObjectMapper(); + try { + jwt = mapper.readValue(realUmaToken, JWToken.class); + }catch(Exception e){ + logger.error("Error parsing JWT token",e); + throw new Exception("Error parsing JWT token", e); + } } - + return jwt; + } + + + @Override + public ClientInfo getClientInfo() throws Exception { + getJWToken(); ClientInfo clientInfo = new UserInfo(jwt.getUsername(), jwt.getRoles(), jwt.getEmail(), jwt.getFirstName(), jwt.getLastName()); - Caller caller = new Caller(clientInfo, "token"); - AuthorizationProvider.instance.set(caller); - + return clientInfo; + } + + @Override + public Caller getCaller() throws Exception { + Caller caller = new Caller(getClientInfo(), "token"); + return caller; + } + + @Override + public String getContext() throws Exception { ScopeBean scopeBean = null; try { - scopeBean = new ScopeBean(jwt.getContext()); + scopeBean = new ScopeBean(getJWToken().getContext()); }catch(Exception e){ logger.error("Invalid context in access token",e); throw new Exception("Invalid context in access token"); } - ScopeProvider.instance.set(scopeBean.toString()); - } - - @Override - public String getContext() throws Exception { - // TODO Auto-generated method stub - return null; + return scopeBean.toString(); } @Override @@ -76,4 +86,8 @@ public class JWTSecret extends Secret { return null; } + + + + } diff --git a/src/main/java/org/gcube/common/authorization/utils/secret/Secret.java b/src/main/java/org/gcube/common/authorization/utils/secret/Secret.java index 80cc239..517d848 100644 --- a/src/main/java/org/gcube/common/authorization/utils/secret/Secret.java +++ b/src/main/java/org/gcube/common/authorization/utils/secret/Secret.java @@ -4,6 +4,10 @@ import java.util.Map; import java.util.Objects; import org.gcube.common.authorization.library.exception.AuthorizationException; +import org.gcube.common.authorization.library.provider.AuthorizationProvider; +import org.gcube.common.authorization.library.provider.ClientInfo; +import org.gcube.common.authorization.library.utils.Caller; +import org.gcube.common.scope.api.ScopeProvider; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -36,8 +40,21 @@ public abstract class Secret implements Comparable { return token; } - public abstract void set() throws Exception; + public void set() throws Exception { + setToken(); + + Caller caller = getCaller(); + AuthorizationProvider.instance.set(caller); + ScopeProvider.instance.set(getContext()); + } + + public abstract void setToken() throws Exception; + + public abstract ClientInfo getClientInfo() throws Exception; + + public abstract Caller getCaller() throws Exception; + public abstract String getContext() throws Exception; public abstract String getUsername() throws Exception; @@ -74,5 +91,9 @@ public abstract class Secret implements Comparable { } return token.compareTo(obj.token); } + + + + }