Compare commits
9 Commits
Author | SHA1 | Date |
---|---|---|
Luca Frosini | 646101d4ef | |
Luca Frosini | 6859d535f3 | |
Luca Frosini | f18dd864da | |
luca.frosini | 0f1a5ad246 | |
luca.frosini | ac544d083e | |
luca.frosini | c0b7cf7165 | |
luca.frosini | c7af44e220 | |
Luca Frosini | 5a29295ca9 | |
luca.frosini | 0f17123724 |
|
@ -2,3 +2,4 @@
|
||||||
/.project
|
/.project
|
||||||
/.classpath
|
/.classpath
|
||||||
/.settings
|
/.settings
|
||||||
|
/.DS_Store
|
||||||
|
|
11
CHANGELOG.md
11
CHANGELOG.md
|
@ -2,6 +2,15 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
|
||||||
|
|
||||||
# Changelog for Authorization Utils
|
# Changelog for Authorization Utils
|
||||||
|
|
||||||
|
## [v2.3.0-SNAPSHOT]
|
||||||
|
|
||||||
|
- Added support for 'client_id' and backward compatibility with 'clientId' claim #25802
|
||||||
|
- Deprecated class which will be no longer available in Smartgears 4 based components
|
||||||
|
|
||||||
|
## [v2.2.0]
|
||||||
|
|
||||||
|
- Switched to the new version of keycloak-client [#25295]
|
||||||
|
|
||||||
## [v2.1.0]
|
## [v2.1.0]
|
||||||
|
|
||||||
- Added remove() method in SecretManagerProvider
|
- Added remove() method in SecretManagerProvider
|
||||||
|
@ -9,7 +18,7 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
|
||||||
|
|
||||||
## [v2.0.0]
|
## [v2.0.0]
|
||||||
|
|
||||||
- Refactored code to be integrated in Smartgears [#22871]
|
- Refactored code to be integrated in Smartgears [#22871]
|
||||||
- Fixed getRoles for JWTSecret [#22754]
|
- Fixed getRoles for JWTSecret [#22754]
|
||||||
|
|
||||||
## [v1.0.0]
|
## [v1.0.0]
|
||||||
|
|
18
pom.xml
18
pom.xml
|
@ -10,7 +10,7 @@
|
||||||
|
|
||||||
<groupId>org.gcube.common</groupId>
|
<groupId>org.gcube.common</groupId>
|
||||||
<artifactId>authorization-utils</artifactId>
|
<artifactId>authorization-utils</artifactId>
|
||||||
<version>2.1.0</version>
|
<version>2.3.0-SNAPSHOT</version>
|
||||||
|
|
||||||
<properties>
|
<properties>
|
||||||
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
|
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
|
||||||
|
@ -27,7 +27,7 @@
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.gcube.distribution</groupId>
|
<groupId>org.gcube.distribution</groupId>
|
||||||
<artifactId>gcube-bom</artifactId>
|
<artifactId>gcube-bom</artifactId>
|
||||||
<version>2.2.0</version>
|
<version>2.4.0</version>
|
||||||
<type>pom</type>
|
<type>pom</type>
|
||||||
<scope>import</scope>
|
<scope>import</scope>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
@ -62,7 +62,19 @@
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.gcube.common</groupId>
|
<groupId>org.gcube.common</groupId>
|
||||||
<artifactId>keycloak-client</artifactId>
|
<artifactId>keycloak-client</artifactId>
|
||||||
<version>[1.0.0,2.0.0-SNAPSHOT)</version>
|
</dependency>
|
||||||
|
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.gcube.resources</groupId>
|
||||||
|
<artifactId>common-gcore-resources</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.gcube.resources.discovery</groupId>
|
||||||
|
<artifactId>ic-client</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.gcube.resources.discovery</groupId>
|
||||||
|
<artifactId>discovery-client</artifactId>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
|
||||||
<!-- Test Dependencies -->
|
<!-- Test Dependencies -->
|
||||||
|
|
|
@ -18,19 +18,8 @@ public class ClientIDManager implements RenewalProvider {
|
||||||
this.clientSecret = clientSecret;
|
this.clientSecret = clientSecret;
|
||||||
}
|
}
|
||||||
|
|
||||||
public Secret getSecret() throws Exception {
|
|
||||||
TokenResponse tokenResponse = KeycloakClientFactory.newInstance().queryUMAToken(clientID, clientSecret, null);
|
|
||||||
|
|
||||||
JWTSecret jwtSecret = new JWTSecret(tokenResponse.getAccessToken());
|
|
||||||
jwtSecret.setRenewalProvider(this);
|
|
||||||
|
|
||||||
jwtSecret.setTokenResponse(tokenResponse);
|
|
||||||
|
|
||||||
return jwtSecret;
|
|
||||||
}
|
|
||||||
|
|
||||||
public Secret getSecret(String context) throws Exception {
|
public Secret getSecret(String context) throws Exception {
|
||||||
TokenResponse tokenResponse = KeycloakClientFactory.newInstance().queryUMAToken(clientID, clientSecret, context, null);
|
TokenResponse tokenResponse = KeycloakClientFactory.newInstance().queryUMAToken(context, clientID, clientSecret, context, null);
|
||||||
|
|
||||||
JWTSecret jwtSecret = new JWTSecret(tokenResponse.getAccessToken());
|
JWTSecret jwtSecret = new JWTSecret(tokenResponse.getAccessToken());
|
||||||
jwtSecret.setRenewalProvider(this);
|
jwtSecret.setRenewalProvider(this);
|
||||||
|
@ -41,8 +30,8 @@ public class ClientIDManager implements RenewalProvider {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Secret renew() throws Exception {
|
public Secret renew(String context) throws Exception {
|
||||||
return getSecret();
|
return getSecret(context);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,5 +7,5 @@ import org.gcube.common.authorization.utils.secret.Secret;
|
||||||
*/
|
*/
|
||||||
public interface RenewalProvider {
|
public interface RenewalProvider {
|
||||||
|
|
||||||
public Secret renew() throws Exception;
|
public Secret renew(String context) throws Exception;
|
||||||
}
|
}
|
||||||
|
|
|
@ -76,7 +76,7 @@ public class JWTSecret extends Secret {
|
||||||
|
|
||||||
if(expired && renewalProvider!=null) {
|
if(expired && renewalProvider!=null) {
|
||||||
try {
|
try {
|
||||||
JWTSecret renewed = (JWTSecret) renewalProvider.renew();
|
JWTSecret renewed = (JWTSecret) renewalProvider.renew(getContext());
|
||||||
this.token = renewed.token;
|
this.token = renewed.token;
|
||||||
this.accessToken = getAccessToken();
|
this.accessToken = getAccessToken();
|
||||||
}catch (Exception e) {
|
}catch (Exception e) {
|
||||||
|
|
|
@ -4,7 +4,10 @@ import java.util.regex.Pattern;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author Luca Frosini (ISTI - CNR)
|
* @author Luca Frosini (ISTI - CNR)
|
||||||
|
* This call will be no more available in
|
||||||
|
* component Smartgears 4 based
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public class SecretUtility {
|
public class SecretUtility {
|
||||||
|
|
||||||
public static final String UUID_REGEX = "^([a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}-[a-fA-F0-9]{8,9}){1}$";
|
public static final String UUID_REGEX = "^([a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}-[a-fA-F0-9]{8,9}){1}$";
|
||||||
|
|
|
@ -15,7 +15,8 @@ public class KeycloakUser extends AccessToken implements User {
|
||||||
*/
|
*/
|
||||||
private static final long serialVersionUID = -7083648026885406300L;
|
private static final long serialVersionUID = -7083648026885406300L;
|
||||||
|
|
||||||
public static final String CLIENT_ID_PROPERTY = "clientId";
|
public static final String CLIENT_ID_PROPERTY_OLD_KEY = "clientId";
|
||||||
|
public static final String CLIENT_ID_PROPERTY = "client_id";
|
||||||
|
|
||||||
protected Collection<String> roles;
|
protected Collection<String> roles;
|
||||||
protected Boolean application;
|
protected Boolean application;
|
||||||
|
@ -26,10 +27,19 @@ public class KeycloakUser extends AccessToken implements User {
|
||||||
return getPreferredUsername();
|
return getPreferredUsername();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@JsonIgnore
|
||||||
|
protected String getClientId() {
|
||||||
|
Object clientIdObj = getOtherClaims().get(CLIENT_ID_PROPERTY);
|
||||||
|
if(clientIdObj==null) {
|
||||||
|
clientIdObj = getOtherClaims().get(CLIENT_ID_PROPERTY_OLD_KEY);
|
||||||
|
}
|
||||||
|
return clientIdObj==null ? null : clientIdObj.toString();
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean isApplication() {
|
public boolean isApplication() {
|
||||||
if(application==null) {
|
if(application==null) {
|
||||||
application = getOtherClaims().get(CLIENT_ID_PROPERTY)!=null;
|
application = getClientId()!=null;
|
||||||
}
|
}
|
||||||
return application;
|
return application;
|
||||||
}
|
}
|
||||||
|
@ -59,7 +69,10 @@ public class KeycloakUser extends AccessToken implements User {
|
||||||
@Override
|
@Override
|
||||||
public String getFullName(boolean nameSurname) {
|
public String getFullName(boolean nameSurname) {
|
||||||
if(isApplication()) {
|
if(isApplication()) {
|
||||||
String clientID = (String) getOtherClaims().getOrDefault("clientId", getUsername());
|
String clientID = getClientId();
|
||||||
|
if(clientID==null) {
|
||||||
|
clientID = getUsername();
|
||||||
|
}
|
||||||
return clientID;
|
return clientID;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -9,76 +9,168 @@ import java.util.Properties;
|
||||||
|
|
||||||
import org.gcube.common.authorization.utils.manager.SecretManager;
|
import org.gcube.common.authorization.utils.manager.SecretManager;
|
||||||
import org.gcube.common.authorization.utils.manager.SecretManagerProvider;
|
import org.gcube.common.authorization.utils.manager.SecretManagerProvider;
|
||||||
|
import org.gcube.common.authorization.utils.secret.JWTSecret;
|
||||||
import org.gcube.common.authorization.utils.secret.Secret;
|
import org.gcube.common.authorization.utils.secret.Secret;
|
||||||
import org.gcube.common.authorization.utils.secret.SecretUtility;
|
import org.gcube.common.authorization.utils.secret.SecretUtility;
|
||||||
|
import org.gcube.common.keycloak.KeycloakClientFactory;
|
||||||
|
import org.gcube.common.keycloak.KeycloakClientHelper;
|
||||||
|
import org.gcube.common.keycloak.model.TokenResponse;
|
||||||
import org.junit.AfterClass;
|
import org.junit.AfterClass;
|
||||||
import org.junit.BeforeClass;
|
import org.junit.BeforeClass;
|
||||||
|
import org.slf4j.Logger;
|
||||||
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author Luca Frosini (ISTI - CNR)
|
* @author Luca Frosini (ISTI - CNR)
|
||||||
*/
|
*/
|
||||||
public class ContextTest {
|
public class ContextTest {
|
||||||
|
|
||||||
protected static Properties properties;
|
private static final Logger logger = LoggerFactory.getLogger(ContextTest.class);
|
||||||
protected static final String PROPERTIES_FILENAME = "token.properties";
|
|
||||||
|
|
||||||
public static final String ROOT;
|
protected static final String CONFIG_INI_FILENAME = "config.ini";
|
||||||
public static final String VO;
|
|
||||||
public static final String VRE;
|
public static final String DEFAULT_TEST_SCOPE;
|
||||||
|
|
||||||
|
public static final String GCUBE;
|
||||||
|
public static final String DEVNEXT;
|
||||||
|
public static final String NEXTNEXT;
|
||||||
|
public static final String DEVSEC;
|
||||||
|
public static final String DEVVRE;
|
||||||
|
|
||||||
|
private static final String ROOT_PRE;
|
||||||
|
private static final String VO_PREPROD;
|
||||||
|
protected static final String VRE_GRSF_PRE;
|
||||||
|
|
||||||
|
private static final String ROOT_PROD;
|
||||||
|
|
||||||
|
protected static final Properties properties;
|
||||||
|
|
||||||
|
public static final String TYPE_PROPERTY_KEY = "type";
|
||||||
|
public static final String USERNAME_PROPERTY_KEY = "username";
|
||||||
|
public static final String PASSWORD_PROPERTY_KEY = "password";
|
||||||
|
public static final String CLIENT_ID_PROPERTY_KEY = "clientId";
|
||||||
|
|
||||||
static {
|
static {
|
||||||
properties = new Properties();
|
GCUBE = "/gcube";
|
||||||
InputStream input = ContextTest.class.getClassLoader().getResourceAsStream(PROPERTIES_FILENAME);
|
DEVNEXT = GCUBE + "/devNext";
|
||||||
|
NEXTNEXT = DEVNEXT + "/NextNext";
|
||||||
|
DEVSEC = GCUBE + "/devsec";
|
||||||
|
DEVVRE = DEVSEC + "/devVRE";
|
||||||
|
|
||||||
|
ROOT_PRE = "/pred4s";
|
||||||
|
VO_PREPROD = ROOT_PRE + "/preprod";
|
||||||
|
VRE_GRSF_PRE = VO_PREPROD + "/GRSF_Pre";
|
||||||
|
|
||||||
|
ROOT_PROD = "/d4science.research-infrastructures.eu";
|
||||||
|
|
||||||
|
DEFAULT_TEST_SCOPE = DEVVRE;
|
||||||
|
// DEFAULT_TEST_SCOPE = VRE_GRSF_PRE;
|
||||||
|
|
||||||
|
properties = new Properties();
|
||||||
|
InputStream input = ContextTest.class.getClassLoader().getResourceAsStream(CONFIG_INI_FILENAME);
|
||||||
try {
|
try {
|
||||||
// load the properties file
|
// load the properties file
|
||||||
properties.load(input);
|
properties.load(input);
|
||||||
} catch(IOException e) {
|
} catch (IOException e) {
|
||||||
throw new RuntimeException(e);
|
throw new RuntimeException(e);
|
||||||
}
|
}
|
||||||
|
|
||||||
// DEFAULT_TEST_SCOPE_NAME = "/pred4s/preprod/preVRE";
|
|
||||||
// DEFAULT_TEST_SCOPE_NAME = "/gcube/devsec/devVRE";
|
|
||||||
|
|
||||||
ROOT = "/gcube";
|
|
||||||
// VO = ROOT + "/devsec";
|
|
||||||
// VRE = VO + "/devVRE";
|
|
||||||
VO = ROOT + "/devNext";
|
|
||||||
VRE = VO + "/NextNext";
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private enum Type{
|
||||||
|
USER, CLIENT_ID
|
||||||
|
};
|
||||||
|
|
||||||
public static void set(Secret secret) throws Exception {
|
public static void set(Secret secret) throws Exception {
|
||||||
SecretManagerProvider.instance.reset();
|
SecretManagerProvider.instance.reset();
|
||||||
SecretManager secretManager = new SecretManager();
|
SecretManager secretManager = new SecretManager();
|
||||||
SecretManagerProvider.instance.set(secretManager);
|
|
||||||
secretManager.addSecret(secret);
|
secretManager.addSecret(secret);
|
||||||
secretManager.set();
|
SecretManagerProvider.instance.set(secretManager);
|
||||||
|
SecretManagerProvider.instance.get().set();
|
||||||
|
}
|
||||||
|
|
||||||
|
public static void setContextByName(String fullContextName) throws Exception {
|
||||||
|
logger.debug("Going to set credentials for context {}", fullContextName);
|
||||||
|
Secret secret = getSecretByContextName(fullContextName);
|
||||||
|
set(secret);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
private static TokenResponse getJWTAccessToken(String context) throws Exception {
|
||||||
|
Type type = Type.valueOf(properties.get(TYPE_PROPERTY_KEY).toString());
|
||||||
|
|
||||||
|
TokenResponse tr = null;
|
||||||
|
|
||||||
|
int index = context.indexOf('/', 1);
|
||||||
|
String root = context.substring(0, index == -1 ? context.length() : index);
|
||||||
|
|
||||||
|
switch (type) {
|
||||||
|
case CLIENT_ID:
|
||||||
|
String clientId = properties.getProperty(CLIENT_ID_PROPERTY_KEY);
|
||||||
|
String clientSecret = properties.getProperty(root);
|
||||||
|
|
||||||
|
tr = KeycloakClientFactory.newInstance().queryUMAToken(context, clientId, clientSecret, context, null);
|
||||||
|
break;
|
||||||
|
|
||||||
|
case USER:
|
||||||
|
default:
|
||||||
|
String username = properties.getProperty(USERNAME_PROPERTY_KEY);
|
||||||
|
String password = properties.getProperty(PASSWORD_PROPERTY_KEY);
|
||||||
|
|
||||||
|
switch (root) {
|
||||||
|
case "/gcube":
|
||||||
|
default:
|
||||||
|
clientId = "next.d4science.org";
|
||||||
|
break;
|
||||||
|
|
||||||
|
case "/pred4s":
|
||||||
|
clientId = "pre.d4science.org";
|
||||||
|
break;
|
||||||
|
|
||||||
|
case "/d4science.research-infrastructures.eu":
|
||||||
|
clientId = "services.d4science.org";
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
clientSecret = null;
|
||||||
|
|
||||||
|
tr = KeycloakClientHelper.getTokenForUser(context, username, password);
|
||||||
|
break;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
return tr;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
public static Secret getSecretByContextName(String context) throws Exception {
|
||||||
|
TokenResponse tr = getJWTAccessToken(context);
|
||||||
|
Secret secret = new JWTSecret(tr.getAccessToken());
|
||||||
|
return secret;
|
||||||
}
|
}
|
||||||
|
|
||||||
public static void setContext(String token) throws Exception {
|
public static void setContext(String token) throws Exception {
|
||||||
Secret secret = getSecret(token);
|
Secret secret = getSecret(token);
|
||||||
set(secret);
|
set(secret);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static void setContextByName(String fullContextName) throws Exception {
|
|
||||||
Secret secret = getSecretByContextName(fullContextName);
|
|
||||||
set(secret);
|
|
||||||
}
|
|
||||||
|
|
||||||
private static Secret getSecret(String token) throws Exception {
|
private static Secret getSecret(String token) throws Exception {
|
||||||
Secret secret = SecretUtility.getSecretByTokenString(token);
|
Secret secret = SecretUtility.getSecretByTokenString(token);
|
||||||
return secret;
|
return secret;
|
||||||
}
|
}
|
||||||
|
|
||||||
private static Secret getSecretByContextName(String fullContextName) throws Exception {
|
public static String getUser() {
|
||||||
String token = ContextTest.properties.getProperty(fullContextName);
|
String user = "UNKNOWN";
|
||||||
return getSecret(token);
|
try {
|
||||||
|
user = SecretManagerProvider.instance.get().getUser().getUsername();
|
||||||
|
} catch(Exception e) {
|
||||||
|
logger.error("Unable to retrieve user. {} will be used", user);
|
||||||
|
}
|
||||||
|
return user;
|
||||||
}
|
}
|
||||||
|
|
||||||
@BeforeClass
|
@BeforeClass
|
||||||
public static void beforeClass() throws Exception {
|
public static void beforeClass() throws Exception {
|
||||||
setContextByName(VRE);
|
setContextByName(DEFAULT_TEST_SCOPE);
|
||||||
}
|
}
|
||||||
|
|
||||||
@AfterClass
|
@AfterClass
|
||||||
|
@ -86,4 +178,4 @@ public class ContextTest {
|
||||||
SecretManagerProvider.instance.reset();
|
SecretManagerProvider.instance.reset();
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -24,6 +24,11 @@ public class SecretManagerTest extends ContextTest {
|
||||||
Set<Secret> secrets = secretHolder.getSecrets();
|
Set<Secret> secrets = secretHolder.getSecrets();
|
||||||
for(Secret s : secrets) {
|
for(Secret s : secrets) {
|
||||||
logger.debug("{}: token={}", s.getClass().getSimpleName(), s.getToken());
|
logger.debug("{}: token={}", s.getClass().getSimpleName(), s.getToken());
|
||||||
|
User user = s.getUser();
|
||||||
|
String username = user.getUsername();
|
||||||
|
String surnameName = user.getFullName();
|
||||||
|
String nameSurname = user.getFullName(true);
|
||||||
|
logger.debug("{} - {} - {}", username, surnameName, nameSurname);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,2 +1,3 @@
|
||||||
/logback-test.xml
|
/logback-test.xml
|
||||||
/token.properties
|
/token.properties
|
||||||
|
/config.ini
|
||||||
|
|
Loading…
Reference in New Issue