Reorganizing library
This commit is contained in:
parent
82cc974d00
commit
a8c35a17e4
|
@ -1,8 +1,11 @@
|
||||||
package org.gcube.common.authorization.utils.secret;
|
package org.gcube.common.authorization.utils.clientid;
|
||||||
|
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.Objects;
|
import java.util.Objects;
|
||||||
|
|
||||||
|
import org.gcube.common.authorization.library.provider.ClientInfo;
|
||||||
|
import org.gcube.common.authorization.library.utils.Caller;
|
||||||
|
import org.gcube.common.authorization.utils.secret.Secret;
|
||||||
import org.gcube.common.keycloak.KeycloakClientFactory;
|
import org.gcube.common.keycloak.KeycloakClientFactory;
|
||||||
import org.gcube.common.keycloak.model.TokenResponse;
|
import org.gcube.common.keycloak.model.TokenResponse;
|
||||||
import org.gcube.common.scope.api.ScopeProvider;
|
import org.gcube.common.scope.api.ScopeProvider;
|
||||||
|
@ -64,4 +67,21 @@ public class ClienIDSecret extends Secret {
|
||||||
int res = super.compareTo(obj);
|
int res = super.compareTo(obj);
|
||||||
return res == 0 ? clientID.compareTo(clientID) : res;
|
return res == 0 ? clientID.compareTo(clientID) : res;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void setToken() throws Exception {
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public ClientInfo getClientInfo() throws Exception {
|
||||||
|
// TODO Auto-generated method stub
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Caller getCaller() throws Exception {
|
||||||
|
// TODO Auto-generated method stub
|
||||||
|
return null;
|
||||||
|
}
|
||||||
}
|
}
|
|
@ -1,7 +1,7 @@
|
||||||
package org.gcube.common.authorization.utils.provider;
|
package org.gcube.common.authorization.utils.clientid;
|
||||||
|
|
||||||
|
import org.gcube.common.authorization.utils.provider.SecretProvider;
|
||||||
import org.gcube.common.authorization.utils.secret.Secret;
|
import org.gcube.common.authorization.utils.secret.Secret;
|
||||||
import org.gcube.common.authorization.utils.secret.ClienIDSecret;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author Luca Frosini (ISTI - CNR)
|
* @author Luca Frosini (ISTI - CNR)
|
|
@ -1,14 +1,13 @@
|
||||||
package org.gcube.common.authorization.utils.manager;
|
package org.gcube.common.authorization.utils.manager;
|
||||||
|
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.Collection;
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
import java.util.SortedSet;
|
||||||
|
|
||||||
import org.gcube.common.authorization.utils.provider.SecretProvider;
|
|
||||||
import org.gcube.common.authorization.utils.provider.ClientIDSecretProvider;
|
|
||||||
import org.gcube.common.authorization.utils.provider.GCubeSecretProvider;
|
import org.gcube.common.authorization.utils.provider.GCubeSecretProvider;
|
||||||
import org.gcube.common.authorization.utils.secret.Secret;
|
import org.gcube.common.authorization.utils.provider.SecretProvider;
|
||||||
import org.gcube.common.authorization.utils.secret.JWTSecret;
|
import org.gcube.common.authorization.utils.secret.JWTSecret;
|
||||||
|
import org.gcube.common.authorization.utils.secret.Secret;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author Luca Frosini (ISTI - CNR)
|
* @author Luca Frosini (ISTI - CNR)
|
||||||
|
@ -38,7 +37,7 @@ public class SecretManager {
|
||||||
|
|
||||||
@SuppressWarnings("unchecked")
|
@SuppressWarnings("unchecked")
|
||||||
Class<SecretProvider>[] classes = new Class[]{
|
Class<SecretProvider>[] classes = new Class[]{
|
||||||
JWTSecret.class, GCubeSecretProvider.class, ClientIDSecretProvider.class
|
JWTSecret.class, GCubeSecretProvider.class
|
||||||
};
|
};
|
||||||
|
|
||||||
for(Class<SecretProvider> clz : classes) {
|
for(Class<SecretProvider> clz : classes) {
|
||||||
|
@ -63,7 +62,7 @@ public class SecretManager {
|
||||||
authorizationSecrets.set();
|
authorizationSecrets.set();
|
||||||
}
|
}
|
||||||
|
|
||||||
public void startSession(Collection<Secret> authorizationSecrets) throws Exception {
|
public void startSession(SortedSet<Secret> authorizationSecrets) throws Exception {
|
||||||
setAll(authorizationSecrets);
|
setAll(authorizationSecrets);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -71,9 +70,15 @@ public class SecretManager {
|
||||||
setAll(secretHolder.getAuthorizationSecrets());
|
setAll(secretHolder.getAuthorizationSecrets());
|
||||||
}
|
}
|
||||||
|
|
||||||
private void setAll(Collection<Secret> authorizationSecrets) throws Exception {
|
private void setAll(SortedSet<Secret> authorizationSecrets) throws Exception {
|
||||||
|
boolean first = true;
|
||||||
for(Secret authorizationSecret : authorizationSecrets) {
|
for(Secret authorizationSecret : authorizationSecrets) {
|
||||||
|
if(first) {
|
||||||
authorizationSecret.set();
|
authorizationSecret.set();
|
||||||
|
first = false;
|
||||||
|
}else {
|
||||||
|
authorizationSecret.setToken();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -7,12 +7,9 @@ import java.util.regex.Pattern;
|
||||||
import org.gcube.common.authorization.client.Constants;
|
import org.gcube.common.authorization.client.Constants;
|
||||||
import org.gcube.common.authorization.library.AuthorizationEntry;
|
import org.gcube.common.authorization.library.AuthorizationEntry;
|
||||||
import org.gcube.common.authorization.library.exception.AuthorizationException;
|
import org.gcube.common.authorization.library.exception.AuthorizationException;
|
||||||
import org.gcube.common.authorization.library.provider.AuthorizationProvider;
|
|
||||||
import org.gcube.common.authorization.library.provider.ClientInfo;
|
import org.gcube.common.authorization.library.provider.ClientInfo;
|
||||||
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
|
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
|
||||||
import org.gcube.common.authorization.library.utils.Caller;
|
import org.gcube.common.authorization.library.utils.Caller;
|
||||||
import org.gcube.common.scope.api.ScopeProvider;
|
|
||||||
import org.gcube.common.scope.impl.ScopeBean;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author Luca Frosini (ISTI - CNR)
|
* @author Luca Frosini (ISTI - CNR)
|
||||||
|
@ -21,6 +18,8 @@ public class GCubeSecret extends Secret {
|
||||||
|
|
||||||
public static final String GCUBE_TOKEN_REGEX = "^([a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}-[a-fA-F0-9]{8,9}){1}$";
|
public static final String GCUBE_TOKEN_REGEX = "^([a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}-[a-fA-F0-9]{8,9}){1}$";
|
||||||
|
|
||||||
|
protected AuthorizationEntry authorizationEntry;
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected void check(String token) throws AuthorizationException {
|
protected void check(String token) throws AuthorizationException {
|
||||||
super.check(token);
|
super.check(token);
|
||||||
|
@ -33,27 +32,33 @@ public class GCubeSecret extends Secret {
|
||||||
super(20, token);
|
super(20, token);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
protected AuthorizationEntry getAuthorizationEntry() throws Exception {
|
||||||
public void set() throws Exception {
|
if(authorizationEntry==null) {
|
||||||
SecurityTokenProvider.instance.set(token);
|
authorizationEntry = Constants.authorizationService().get(token);
|
||||||
|
}
|
||||||
AuthorizationEntry authorizationEntry = Constants.authorizationService().get(token);
|
return authorizationEntry;
|
||||||
ClientInfo clientInfo = authorizationEntry.getClientInfo();
|
|
||||||
String qualifier = authorizationEntry.getQualifier();
|
|
||||||
Caller caller = new Caller(clientInfo, qualifier);
|
|
||||||
AuthorizationProvider.instance.set(caller);
|
|
||||||
|
|
||||||
ScopeBean scopeBean = new ScopeBean(getContext());
|
|
||||||
ScopeProvider.instance.set(scopeBean.toString());
|
|
||||||
}
|
}
|
||||||
|
|
||||||
protected ClientInfo getClientInfo() throws Exception {
|
public void setToken() throws Exception {
|
||||||
return Constants.authorizationService().get(token).getClientInfo();
|
SecurityTokenProvider.instance.set(token);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public ClientInfo getClientInfo() throws Exception {
|
||||||
|
return getAuthorizationEntry().getClientInfo();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Caller getCaller() throws Exception {
|
||||||
|
ClientInfo clientInfo = getClientInfo();
|
||||||
|
String qualifier = authorizationEntry.getQualifier();
|
||||||
|
Caller caller = new Caller(clientInfo, qualifier);
|
||||||
|
return caller;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public String getContext() throws Exception {
|
public String getContext() throws Exception {
|
||||||
return Constants.authorizationService().get(token).getContext();
|
return getAuthorizationEntry().getContext();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -61,7 +66,6 @@ public class GCubeSecret extends Secret {
|
||||||
return getClientInfo().getId();
|
return getClientInfo().getId();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Map<String, String> getHTTPAuthorizationHeaders() {
|
public Map<String, String> getHTTPAuthorizationHeaders() {
|
||||||
Map<String, String> authorizationHeaders = new HashMap<>();
|
Map<String, String> authorizationHeaders = new HashMap<>();
|
||||||
|
|
|
@ -6,12 +6,10 @@ import java.util.Map;
|
||||||
|
|
||||||
import org.gcube.com.fasterxml.jackson.databind.ObjectMapper;
|
import org.gcube.com.fasterxml.jackson.databind.ObjectMapper;
|
||||||
import org.gcube.common.authorization.library.provider.AccessTokenProvider;
|
import org.gcube.common.authorization.library.provider.AccessTokenProvider;
|
||||||
import org.gcube.common.authorization.library.provider.AuthorizationProvider;
|
|
||||||
import org.gcube.common.authorization.library.provider.ClientInfo;
|
import org.gcube.common.authorization.library.provider.ClientInfo;
|
||||||
import org.gcube.common.authorization.library.provider.UserInfo;
|
import org.gcube.common.authorization.library.provider.UserInfo;
|
||||||
import org.gcube.common.authorization.library.utils.Caller;
|
import org.gcube.common.authorization.library.utils.Caller;
|
||||||
import org.gcube.common.authorization.utils.secret.jwt.JWToken;
|
import org.gcube.common.authorization.utils.secret.jwt.JWToken;
|
||||||
import org.gcube.common.scope.api.ScopeProvider;
|
|
||||||
import org.gcube.common.scope.impl.ScopeBean;
|
import org.gcube.common.scope.impl.ScopeBean;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
@ -23,44 +21,56 @@ public class JWTSecret extends Secret {
|
||||||
|
|
||||||
private static final Logger logger = LoggerFactory.getLogger(JWTSecret.class);
|
private static final Logger logger = LoggerFactory.getLogger(JWTSecret.class);
|
||||||
|
|
||||||
|
protected JWToken jwt;
|
||||||
|
|
||||||
public JWTSecret(String token) {
|
public JWTSecret(String token) {
|
||||||
super(10, token);
|
super(10, token);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void set() throws Exception {
|
public void setToken() throws Exception {
|
||||||
AccessTokenProvider.instance.set(token);
|
AccessTokenProvider.instance.set(token);
|
||||||
|
}
|
||||||
|
|
||||||
|
protected JWToken getJWToken() throws Exception {
|
||||||
|
if(jwt==null) {
|
||||||
String realUmaTokenEncoded = token.split("\\.")[1];
|
String realUmaTokenEncoded = token.split("\\.")[1];
|
||||||
String realUmaToken = new String(Base64.getDecoder().decode(realUmaTokenEncoded.getBytes()));
|
String realUmaToken = new String(Base64.getDecoder().decode(realUmaTokenEncoded.getBytes()));
|
||||||
ObjectMapper mapper = new ObjectMapper();
|
ObjectMapper mapper = new ObjectMapper();
|
||||||
JWToken jwt = null;
|
|
||||||
try {
|
try {
|
||||||
jwt = mapper.readValue(realUmaToken, JWToken.class);
|
jwt = mapper.readValue(realUmaToken, JWToken.class);
|
||||||
}catch(Exception e){
|
}catch(Exception e){
|
||||||
logger.error("Error parsing JWT token",e);
|
logger.error("Error parsing JWT token",e);
|
||||||
throw new Exception("Error parsing JWT token", e);
|
throw new Exception("Error parsing JWT token", e);
|
||||||
}
|
}
|
||||||
|
|
||||||
ClientInfo clientInfo = new UserInfo(jwt.getUsername(), jwt.getRoles(), jwt.getEmail(), jwt.getFirstName(), jwt.getLastName());
|
|
||||||
Caller caller = new Caller(clientInfo, "token");
|
|
||||||
AuthorizationProvider.instance.set(caller);
|
|
||||||
|
|
||||||
ScopeBean scopeBean = null;
|
|
||||||
try {
|
|
||||||
scopeBean = new ScopeBean(jwt.getContext());
|
|
||||||
}catch(Exception e){
|
|
||||||
logger.error("Invalid context in access token",e);
|
|
||||||
throw new Exception("Invalid context in access token");
|
|
||||||
}
|
}
|
||||||
ScopeProvider.instance.set(scopeBean.toString());
|
return jwt;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public ClientInfo getClientInfo() throws Exception {
|
||||||
|
getJWToken();
|
||||||
|
ClientInfo clientInfo = new UserInfo(jwt.getUsername(), jwt.getRoles(), jwt.getEmail(), jwt.getFirstName(), jwt.getLastName());
|
||||||
|
return clientInfo;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Caller getCaller() throws Exception {
|
||||||
|
Caller caller = new Caller(getClientInfo(), "token");
|
||||||
|
return caller;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public String getContext() throws Exception {
|
public String getContext() throws Exception {
|
||||||
// TODO Auto-generated method stub
|
ScopeBean scopeBean = null;
|
||||||
return null;
|
try {
|
||||||
|
scopeBean = new ScopeBean(getJWToken().getContext());
|
||||||
|
}catch(Exception e){
|
||||||
|
logger.error("Invalid context in access token",e);
|
||||||
|
throw new Exception("Invalid context in access token");
|
||||||
|
}
|
||||||
|
return scopeBean.toString();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -76,4 +86,8 @@ public class JWTSecret extends Secret {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,6 +4,10 @@ import java.util.Map;
|
||||||
import java.util.Objects;
|
import java.util.Objects;
|
||||||
|
|
||||||
import org.gcube.common.authorization.library.exception.AuthorizationException;
|
import org.gcube.common.authorization.library.exception.AuthorizationException;
|
||||||
|
import org.gcube.common.authorization.library.provider.AuthorizationProvider;
|
||||||
|
import org.gcube.common.authorization.library.provider.ClientInfo;
|
||||||
|
import org.gcube.common.authorization.library.utils.Caller;
|
||||||
|
import org.gcube.common.scope.api.ScopeProvider;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
|
@ -36,7 +40,20 @@ public abstract class Secret implements Comparable<Secret> {
|
||||||
return token;
|
return token;
|
||||||
}
|
}
|
||||||
|
|
||||||
public abstract void set() throws Exception;
|
public void set() throws Exception {
|
||||||
|
setToken();
|
||||||
|
|
||||||
|
Caller caller = getCaller();
|
||||||
|
AuthorizationProvider.instance.set(caller);
|
||||||
|
|
||||||
|
ScopeProvider.instance.set(getContext());
|
||||||
|
}
|
||||||
|
|
||||||
|
public abstract void setToken() throws Exception;
|
||||||
|
|
||||||
|
public abstract ClientInfo getClientInfo() throws Exception;
|
||||||
|
|
||||||
|
public abstract Caller getCaller() throws Exception;
|
||||||
|
|
||||||
public abstract String getContext() throws Exception;
|
public abstract String getContext() throws Exception;
|
||||||
|
|
||||||
|
@ -75,4 +92,8 @@ public abstract class Secret implements Comparable<Secret> {
|
||||||
return token.compareTo(obj.token);
|
return token.compareTo(obj.token);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue