Deprecated class which will be no longer available in Smartgears 4 based

components

.gitignore

@@ -2,3 +2,4 @@
 /.project
 /.classpath
 /.settings
+/.DS_Store

CHANGELOG.md

@@ -2,6 +2,15 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
 
 # Changelog for Authorization Utils
 
+## [v2.3.0-SNAPSHOT]
+
+- Added support for 'client_id' and backward compatibility with 'clientId' claim #25802
+- Deprecated class which will be no longer available in Smartgears 4 based components
+
+## [v2.2.0]
+
+- Switched to the new version of keycloak-client [#25295]
+
 ## [v2.1.0]
 
 - Added remove() method in SecretManagerProvider
@@ -9,7 +18,7 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
 
 ## [v2.0.0] 
 
-- Refactored code to be integrated in Smartgears  [#22871] 
+- Refactored code to be integrated in Smartgears [#22871] 
 - Fixed getRoles for JWTSecret [#22754]
 
 ## [v1.0.0] 

pom.xml

@@ -10,7 +10,7 @@
 	
 	<groupId>org.gcube.common</groupId>
 	<artifactId>authorization-utils</artifactId>
-	<version>2.1.0</version>
+	<version>2.3.0-SNAPSHOT</version>
 	
 	<properties>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
@@ -27,7 +27,7 @@
 			<dependency>
 				<groupId>org.gcube.distribution</groupId>
 				<artifactId>gcube-bom</artifactId>
-				<version>2.2.0</version>
+				<version>2.4.0</version>
 				<type>pom</type>
 				<scope>import</scope>
 			</dependency>
@@ -62,7 +62,19 @@
 		<dependency>
 			<groupId>org.gcube.common</groupId>
 			<artifactId>keycloak-client</artifactId>
-			<version>[1.0.0,2.0.0-SNAPSHOT)</version>
+		</dependency>
+		
+		<dependency>
+			<groupId>org.gcube.resources</groupId>
+			<artifactId>common-gcore-resources</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.gcube.resources.discovery</groupId>
+			<artifactId>ic-client</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.gcube.resources.discovery</groupId>
+			<artifactId>discovery-client</artifactId>
 		</dependency>
 		
 		<!-- Test Dependencies -->

src/main/java/org/gcube/common/authorization/utils/clientid/ClientIDManager.java

@@ -18,19 +18,8 @@ public class ClientIDManager implements RenewalProvider {
 		this.clientSecret = clientSecret;
 	}
 	
-	public Secret getSecret() throws Exception {
-		TokenResponse tokenResponse = KeycloakClientFactory.newInstance().queryUMAToken(clientID, clientSecret, null);
-		
-		JWTSecret jwtSecret = new JWTSecret(tokenResponse.getAccessToken());
-		jwtSecret.setRenewalProvider(this);
-		
-		jwtSecret.setTokenResponse(tokenResponse);
-		
-		return jwtSecret;
-	}
-	
 	public Secret getSecret(String context) throws Exception {
-		TokenResponse tokenResponse = KeycloakClientFactory.newInstance().queryUMAToken(clientID, clientSecret, context, null);
+		TokenResponse tokenResponse = KeycloakClientFactory.newInstance().queryUMAToken(context, clientID, clientSecret, context, null);
 		
 		JWTSecret jwtSecret = new JWTSecret(tokenResponse.getAccessToken());
 		jwtSecret.setRenewalProvider(this);
@@ -41,8 +30,8 @@ public class ClientIDManager implements RenewalProvider {
 	}
 	
 	@Override
-	public Secret renew() throws Exception {
-		return getSecret();
+	public Secret renew(String context) throws Exception {
+		return getSecret(context);
 	}
 	
 }

src/main/java/org/gcube/common/authorization/utils/clientid/RenewalProvider.java

@@ -7,5 +7,5 @@ import org.gcube.common.authorization.utils.secret.Secret;
  */
 public interface RenewalProvider {
 
-	public Secret renew() throws Exception;
+	public Secret renew(String context) throws Exception;
 }

src/main/java/org/gcube/common/authorization/utils/secret/JWTSecret.java

@@ -76,7 +76,7 @@ public class JWTSecret extends Secret {
 			
 			if(expired && renewalProvider!=null) {
 				try {
-					JWTSecret renewed = (JWTSecret) renewalProvider.renew();
+					JWTSecret renewed = (JWTSecret) renewalProvider.renew(getContext());
 					this.token = renewed.token;
 					this.accessToken = getAccessToken();
 				}catch (Exception e) {

src/main/java/org/gcube/common/authorization/utils/secret/SecretUtility.java

@@ -4,7 +4,10 @@ import java.util.regex.Pattern;
 
 /**
  * @author Luca Frosini (ISTI - CNR)
+ * This call will be no more available in  
+ * component Smartgears 4 based
  */
+@Deprecated
 public class SecretUtility {
 
 	public static final String UUID_REGEX = "^([a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}-[a-fA-F0-9]{8,9}){1}$";

src/main/java/org/gcube/common/authorization/utils/user/KeycloakUser.java

@@ -15,7 +15,8 @@ public class KeycloakUser extends AccessToken implements User {
 	 */
 	private static final long serialVersionUID = -7083648026885406300L;
 
-	public static final String CLIENT_ID_PROPERTY = "clientId";
+	public static final String CLIENT_ID_PROPERTY_OLD_KEY = "clientId";
+	public static final String CLIENT_ID_PROPERTY = "client_id";
 	
 	protected Collection<String> roles;
 	protected Boolean application;
@@ -26,10 +27,19 @@ public class KeycloakUser extends AccessToken implements User {
 		return getPreferredUsername();
 	}
 
+	@JsonIgnore
+	protected String getClientId() {
+		Object clientIdObj = getOtherClaims().get(CLIENT_ID_PROPERTY);
+		if(clientIdObj==null) {
+			clientIdObj = getOtherClaims().get(CLIENT_ID_PROPERTY_OLD_KEY);
+		}
+		return clientIdObj==null ? null : clientIdObj.toString();
+	}
+	
 	@Override
 	public boolean isApplication() {
 		if(application==null) {
-			application = getOtherClaims().get(CLIENT_ID_PROPERTY)!=null;
+			application = getClientId()!=null;
 		}
 		return application;
 	}
@@ -59,7 +69,10 @@ public class KeycloakUser extends AccessToken implements User {
 	@Override
 	public String getFullName(boolean nameSurname) {
 		if(isApplication()) {
-			String clientID = (String) getOtherClaims().getOrDefault("clientId", getUsername());
+			String clientID = getClientId();
+			if(clientID==null) {
+				clientID = getUsername();
+			}
 			return clientID; 
 		}
 		

src/test/java/org/gcube/common/authorization/utils/ContextTest.java

@@ -9,76 +9,168 @@ import java.util.Properties;
 
 import org.gcube.common.authorization.utils.manager.SecretManager;
 import org.gcube.common.authorization.utils.manager.SecretManagerProvider;
+import org.gcube.common.authorization.utils.secret.JWTSecret;
 import org.gcube.common.authorization.utils.secret.Secret;
 import org.gcube.common.authorization.utils.secret.SecretUtility;
+import org.gcube.common.keycloak.KeycloakClientFactory;
+import org.gcube.common.keycloak.KeycloakClientHelper;
+import org.gcube.common.keycloak.model.TokenResponse;
 import org.junit.AfterClass;
 import org.junit.BeforeClass;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 /**
  * @author Luca Frosini (ISTI - CNR)
  */
 public class ContextTest {
 	
-	protected static Properties properties;
-	protected static final String PROPERTIES_FILENAME = "token.properties";
+	private static final Logger logger = LoggerFactory.getLogger(ContextTest.class);
 	
-	public static final String ROOT;
-	public static final String VO;
-	public static final String VRE;
+	protected static final String CONFIG_INI_FILENAME = "config.ini";
+	
+	public static final String DEFAULT_TEST_SCOPE;
+	
+	public static final String GCUBE;
+	public static final String DEVNEXT;
+	public static final String NEXTNEXT;
+	public static final String DEVSEC;
+	public static final String DEVVRE;
+	
+	private static final String ROOT_PRE;
+	private static final String VO_PREPROD;
+	protected static final String VRE_GRSF_PRE;
+	
+	private static final String ROOT_PROD;
+	
+	protected static final Properties properties;
+	
+	public static final String TYPE_PROPERTY_KEY = "type";
+	public static final String USERNAME_PROPERTY_KEY = "username"; 
+	public static final String PASSWORD_PROPERTY_KEY = "password"; 
+	public static final String CLIENT_ID_PROPERTY_KEY = "clientId"; 
 	
 	static {
-		properties = new Properties();
-		InputStream input = ContextTest.class.getClassLoader().getResourceAsStream(PROPERTIES_FILENAME);
+		GCUBE = "/gcube";
+		DEVNEXT = GCUBE + "/devNext";
+		NEXTNEXT = DEVNEXT + "/NextNext";
+		DEVSEC = GCUBE + "/devsec";
+		DEVVRE = DEVSEC + "/devVRE";
 		
+		ROOT_PRE = "/pred4s";
+		VO_PREPROD = ROOT_PRE + "/preprod";
+		VRE_GRSF_PRE = VO_PREPROD + "/GRSF_Pre";
+		
+		ROOT_PROD = "/d4science.research-infrastructures.eu";
+		
+		DEFAULT_TEST_SCOPE = DEVVRE;
+//		DEFAULT_TEST_SCOPE = VRE_GRSF_PRE;
+		
+		properties = new Properties();
+		InputStream input = ContextTest.class.getClassLoader().getResourceAsStream(CONFIG_INI_FILENAME);
 		try {
 			// load the properties file
 			properties.load(input);
-		} catch(IOException e) {
+		} catch (IOException e) {
 			throw new RuntimeException(e);
 		}
 		
-		// DEFAULT_TEST_SCOPE_NAME = "/pred4s/preprod/preVRE";
-		// DEFAULT_TEST_SCOPE_NAME = "/gcube/devsec/devVRE";
-		
-		ROOT = "/gcube";
-		// VO = ROOT + "/devsec";
-		// VRE = VO + "/devVRE";
-		VO = ROOT + "/devNext";
-		VRE = VO + "/NextNext";
-		
 	}
 	
+	private enum Type{
+		USER, CLIENT_ID
+	};
+	
 	public static void set(Secret secret) throws Exception {
 		SecretManagerProvider.instance.reset();
-		SecretManager secretManager = new SecretManager(); 
-		SecretManagerProvider.instance.set(secretManager);
+		SecretManager secretManager = new SecretManager();
 		secretManager.addSecret(secret);
-		secretManager.set();
+		SecretManagerProvider.instance.set(secretManager);
+		SecretManagerProvider.instance.get().set();
+	}
+	
+	public static void setContextByName(String fullContextName) throws Exception {
+		logger.debug("Going to set credentials for context {}", fullContextName);
+		Secret secret = getSecretByContextName(fullContextName);
+		set(secret);
+	}
+	
+	
+	private static TokenResponse getJWTAccessToken(String context) throws Exception {
+		Type type = Type.valueOf(properties.get(TYPE_PROPERTY_KEY).toString());
+		
+		TokenResponse tr = null;
+		
+		int index = context.indexOf('/', 1);
+		String root = context.substring(0, index == -1 ? context.length() : index);
+		
+		switch (type) {
+			case CLIENT_ID:
+				String clientId = properties.getProperty(CLIENT_ID_PROPERTY_KEY);
+				String clientSecret = properties.getProperty(root);
+				
+				tr = KeycloakClientFactory.newInstance().queryUMAToken(context, clientId, clientSecret, context, null);
+				break;
+		
+			case USER:
+			default:
+				String username = properties.getProperty(USERNAME_PROPERTY_KEY);
+				String password = properties.getProperty(PASSWORD_PROPERTY_KEY);
+				
+				switch (root) {
+					case "/gcube":
+					default:
+						clientId = "next.d4science.org";
+						break;
+					
+					case "/pred4s":
+						clientId = "pre.d4science.org";
+						break;
+					
+					case "/d4science.research-infrastructures.eu":
+						clientId = "services.d4science.org";
+						break;
+				}
+				clientSecret = null;
+				
+				tr = KeycloakClientHelper.getTokenForUser(context, username, password);
+				break;
+				
+		}
+
+		return tr;
+		
+	}
+	
+	public static Secret getSecretByContextName(String context) throws Exception {
+		TokenResponse tr = getJWTAccessToken(context);
+		Secret secret = new JWTSecret(tr.getAccessToken());
+		return secret;
 	}
 	
 	public static void setContext(String token) throws Exception {
 		Secret secret = getSecret(token);
 		set(secret);
 	}
-
-	public static void setContextByName(String fullContextName) throws Exception {
-		Secret secret = getSecretByContextName(fullContextName);
-		set(secret);
-	}
 	
 	private static Secret getSecret(String token) throws Exception {
 		Secret secret = SecretUtility.getSecretByTokenString(token);
 		return secret;
 	}
 	
-	private static Secret getSecretByContextName(String fullContextName) throws Exception {
-		String token = ContextTest.properties.getProperty(fullContextName);
-		return getSecret(token);
+	public static String getUser() {
+		String user = "UNKNOWN";
+		try {
+			user = SecretManagerProvider.instance.get().getUser().getUsername();
+		} catch(Exception e) {
+			logger.error("Unable to retrieve user. {} will be used", user);
+		}
+		return user;
 	}
 	
 	@BeforeClass
 	public static void beforeClass() throws Exception {
-		setContextByName(VRE);
+		setContextByName(DEFAULT_TEST_SCOPE);
 	}
 	
 	@AfterClass
@@ -86,4 +178,4 @@ public class ContextTest {
 		SecretManagerProvider.instance.reset();
 	}
 	
-}
+}

src/test/java/org/gcube/common/authorization/utils/manager/SecretManagerTest.java

@@ -24,6 +24,11 @@ public class SecretManagerTest extends ContextTest {
 		Set<Secret> secrets = secretHolder.getSecrets();
 		for(Secret s : secrets) {
 			logger.debug("{}: token={}", s.getClass().getSimpleName(), s.getToken());
+			User user = s.getUser();
+			String username = user.getUsername();
+			String surnameName =  user.getFullName();
+			String nameSurname =  user.getFullName(true);
+			logger.debug("{} - {} - {}", username, surnameName, nameSurname);
 		}
 	}
 	

src/test/resources/.gitignore

@@ -1,2 +1,3 @@
 /logback-test.xml
 /token.properties
+/config.ini