Compare commits
9 Commits
Author | SHA1 | Date |
---|---|---|
Luca Frosini | 646101d4ef | |
Luca Frosini | 6859d535f3 | |
Luca Frosini | f18dd864da | |
luca.frosini | 0f1a5ad246 | |
luca.frosini | ac544d083e | |
luca.frosini | c0b7cf7165 | |
luca.frosini | c7af44e220 | |
Luca Frosini | 5a29295ca9 | |
luca.frosini | 0f17123724 |
|
@ -2,3 +2,4 @@
|
|||
/.project
|
||||
/.classpath
|
||||
/.settings
|
||||
/.DS_Store
|
||||
|
|
11
CHANGELOG.md
11
CHANGELOG.md
|
@ -2,6 +2,15 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
|
|||
|
||||
# Changelog for Authorization Utils
|
||||
|
||||
## [v2.3.0-SNAPSHOT]
|
||||
|
||||
- Added support for 'client_id' and backward compatibility with 'clientId' claim #25802
|
||||
- Deprecated class which will be no longer available in Smartgears 4 based components
|
||||
|
||||
## [v2.2.0]
|
||||
|
||||
- Switched to the new version of keycloak-client [#25295]
|
||||
|
||||
## [v2.1.0]
|
||||
|
||||
- Added remove() method in SecretManagerProvider
|
||||
|
@ -9,7 +18,7 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
|
|||
|
||||
## [v2.0.0]
|
||||
|
||||
- Refactored code to be integrated in Smartgears [#22871]
|
||||
- Refactored code to be integrated in Smartgears [#22871]
|
||||
- Fixed getRoles for JWTSecret [#22754]
|
||||
|
||||
## [v1.0.0]
|
||||
|
|
18
pom.xml
18
pom.xml
|
@ -10,7 +10,7 @@
|
|||
|
||||
<groupId>org.gcube.common</groupId>
|
||||
<artifactId>authorization-utils</artifactId>
|
||||
<version>2.1.0</version>
|
||||
<version>2.3.0-SNAPSHOT</version>
|
||||
|
||||
<properties>
|
||||
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
|
||||
|
@ -27,7 +27,7 @@
|
|||
<dependency>
|
||||
<groupId>org.gcube.distribution</groupId>
|
||||
<artifactId>gcube-bom</artifactId>
|
||||
<version>2.2.0</version>
|
||||
<version>2.4.0</version>
|
||||
<type>pom</type>
|
||||
<scope>import</scope>
|
||||
</dependency>
|
||||
|
@ -62,7 +62,19 @@
|
|||
<dependency>
|
||||
<groupId>org.gcube.common</groupId>
|
||||
<artifactId>keycloak-client</artifactId>
|
||||
<version>[1.0.0,2.0.0-SNAPSHOT)</version>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.gcube.resources</groupId>
|
||||
<artifactId>common-gcore-resources</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.gcube.resources.discovery</groupId>
|
||||
<artifactId>ic-client</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.gcube.resources.discovery</groupId>
|
||||
<artifactId>discovery-client</artifactId>
|
||||
</dependency>
|
||||
|
||||
<!-- Test Dependencies -->
|
||||
|
|
|
@ -18,19 +18,8 @@ public class ClientIDManager implements RenewalProvider {
|
|||
this.clientSecret = clientSecret;
|
||||
}
|
||||
|
||||
public Secret getSecret() throws Exception {
|
||||
TokenResponse tokenResponse = KeycloakClientFactory.newInstance().queryUMAToken(clientID, clientSecret, null);
|
||||
|
||||
JWTSecret jwtSecret = new JWTSecret(tokenResponse.getAccessToken());
|
||||
jwtSecret.setRenewalProvider(this);
|
||||
|
||||
jwtSecret.setTokenResponse(tokenResponse);
|
||||
|
||||
return jwtSecret;
|
||||
}
|
||||
|
||||
public Secret getSecret(String context) throws Exception {
|
||||
TokenResponse tokenResponse = KeycloakClientFactory.newInstance().queryUMAToken(clientID, clientSecret, context, null);
|
||||
TokenResponse tokenResponse = KeycloakClientFactory.newInstance().queryUMAToken(context, clientID, clientSecret, context, null);
|
||||
|
||||
JWTSecret jwtSecret = new JWTSecret(tokenResponse.getAccessToken());
|
||||
jwtSecret.setRenewalProvider(this);
|
||||
|
@ -41,8 +30,8 @@ public class ClientIDManager implements RenewalProvider {
|
|||
}
|
||||
|
||||
@Override
|
||||
public Secret renew() throws Exception {
|
||||
return getSecret();
|
||||
public Secret renew(String context) throws Exception {
|
||||
return getSecret(context);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -7,5 +7,5 @@ import org.gcube.common.authorization.utils.secret.Secret;
|
|||
*/
|
||||
public interface RenewalProvider {
|
||||
|
||||
public Secret renew() throws Exception;
|
||||
public Secret renew(String context) throws Exception;
|
||||
}
|
||||
|
|
|
@ -76,7 +76,7 @@ public class JWTSecret extends Secret {
|
|||
|
||||
if(expired && renewalProvider!=null) {
|
||||
try {
|
||||
JWTSecret renewed = (JWTSecret) renewalProvider.renew();
|
||||
JWTSecret renewed = (JWTSecret) renewalProvider.renew(getContext());
|
||||
this.token = renewed.token;
|
||||
this.accessToken = getAccessToken();
|
||||
}catch (Exception e) {
|
||||
|
|
|
@ -4,7 +4,10 @@ import java.util.regex.Pattern;
|
|||
|
||||
/**
|
||||
* @author Luca Frosini (ISTI - CNR)
|
||||
* This call will be no more available in
|
||||
* component Smartgears 4 based
|
||||
*/
|
||||
@Deprecated
|
||||
public class SecretUtility {
|
||||
|
||||
public static final String UUID_REGEX = "^([a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}-[a-fA-F0-9]{8,9}){1}$";
|
||||
|
|
|
@ -15,7 +15,8 @@ public class KeycloakUser extends AccessToken implements User {
|
|||
*/
|
||||
private static final long serialVersionUID = -7083648026885406300L;
|
||||
|
||||
public static final String CLIENT_ID_PROPERTY = "clientId";
|
||||
public static final String CLIENT_ID_PROPERTY_OLD_KEY = "clientId";
|
||||
public static final String CLIENT_ID_PROPERTY = "client_id";
|
||||
|
||||
protected Collection<String> roles;
|
||||
protected Boolean application;
|
||||
|
@ -26,10 +27,19 @@ public class KeycloakUser extends AccessToken implements User {
|
|||
return getPreferredUsername();
|
||||
}
|
||||
|
||||
@JsonIgnore
|
||||
protected String getClientId() {
|
||||
Object clientIdObj = getOtherClaims().get(CLIENT_ID_PROPERTY);
|
||||
if(clientIdObj==null) {
|
||||
clientIdObj = getOtherClaims().get(CLIENT_ID_PROPERTY_OLD_KEY);
|
||||
}
|
||||
return clientIdObj==null ? null : clientIdObj.toString();
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isApplication() {
|
||||
if(application==null) {
|
||||
application = getOtherClaims().get(CLIENT_ID_PROPERTY)!=null;
|
||||
application = getClientId()!=null;
|
||||
}
|
||||
return application;
|
||||
}
|
||||
|
@ -59,7 +69,10 @@ public class KeycloakUser extends AccessToken implements User {
|
|||
@Override
|
||||
public String getFullName(boolean nameSurname) {
|
||||
if(isApplication()) {
|
||||
String clientID = (String) getOtherClaims().getOrDefault("clientId", getUsername());
|
||||
String clientID = getClientId();
|
||||
if(clientID==null) {
|
||||
clientID = getUsername();
|
||||
}
|
||||
return clientID;
|
||||
}
|
||||
|
||||
|
|
|
@ -9,76 +9,168 @@ import java.util.Properties;
|
|||
|
||||
import org.gcube.common.authorization.utils.manager.SecretManager;
|
||||
import org.gcube.common.authorization.utils.manager.SecretManagerProvider;
|
||||
import org.gcube.common.authorization.utils.secret.JWTSecret;
|
||||
import org.gcube.common.authorization.utils.secret.Secret;
|
||||
import org.gcube.common.authorization.utils.secret.SecretUtility;
|
||||
import org.gcube.common.keycloak.KeycloakClientFactory;
|
||||
import org.gcube.common.keycloak.KeycloakClientHelper;
|
||||
import org.gcube.common.keycloak.model.TokenResponse;
|
||||
import org.junit.AfterClass;
|
||||
import org.junit.BeforeClass;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
/**
|
||||
* @author Luca Frosini (ISTI - CNR)
|
||||
*/
|
||||
public class ContextTest {
|
||||
|
||||
protected static Properties properties;
|
||||
protected static final String PROPERTIES_FILENAME = "token.properties";
|
||||
private static final Logger logger = LoggerFactory.getLogger(ContextTest.class);
|
||||
|
||||
public static final String ROOT;
|
||||
public static final String VO;
|
||||
public static final String VRE;
|
||||
protected static final String CONFIG_INI_FILENAME = "config.ini";
|
||||
|
||||
public static final String DEFAULT_TEST_SCOPE;
|
||||
|
||||
public static final String GCUBE;
|
||||
public static final String DEVNEXT;
|
||||
public static final String NEXTNEXT;
|
||||
public static final String DEVSEC;
|
||||
public static final String DEVVRE;
|
||||
|
||||
private static final String ROOT_PRE;
|
||||
private static final String VO_PREPROD;
|
||||
protected static final String VRE_GRSF_PRE;
|
||||
|
||||
private static final String ROOT_PROD;
|
||||
|
||||
protected static final Properties properties;
|
||||
|
||||
public static final String TYPE_PROPERTY_KEY = "type";
|
||||
public static final String USERNAME_PROPERTY_KEY = "username";
|
||||
public static final String PASSWORD_PROPERTY_KEY = "password";
|
||||
public static final String CLIENT_ID_PROPERTY_KEY = "clientId";
|
||||
|
||||
static {
|
||||
properties = new Properties();
|
||||
InputStream input = ContextTest.class.getClassLoader().getResourceAsStream(PROPERTIES_FILENAME);
|
||||
GCUBE = "/gcube";
|
||||
DEVNEXT = GCUBE + "/devNext";
|
||||
NEXTNEXT = DEVNEXT + "/NextNext";
|
||||
DEVSEC = GCUBE + "/devsec";
|
||||
DEVVRE = DEVSEC + "/devVRE";
|
||||
|
||||
ROOT_PRE = "/pred4s";
|
||||
VO_PREPROD = ROOT_PRE + "/preprod";
|
||||
VRE_GRSF_PRE = VO_PREPROD + "/GRSF_Pre";
|
||||
|
||||
ROOT_PROD = "/d4science.research-infrastructures.eu";
|
||||
|
||||
DEFAULT_TEST_SCOPE = DEVVRE;
|
||||
// DEFAULT_TEST_SCOPE = VRE_GRSF_PRE;
|
||||
|
||||
properties = new Properties();
|
||||
InputStream input = ContextTest.class.getClassLoader().getResourceAsStream(CONFIG_INI_FILENAME);
|
||||
try {
|
||||
// load the properties file
|
||||
properties.load(input);
|
||||
} catch(IOException e) {
|
||||
} catch (IOException e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
|
||||
// DEFAULT_TEST_SCOPE_NAME = "/pred4s/preprod/preVRE";
|
||||
// DEFAULT_TEST_SCOPE_NAME = "/gcube/devsec/devVRE";
|
||||
|
||||
ROOT = "/gcube";
|
||||
// VO = ROOT + "/devsec";
|
||||
// VRE = VO + "/devVRE";
|
||||
VO = ROOT + "/devNext";
|
||||
VRE = VO + "/NextNext";
|
||||
|
||||
}
|
||||
|
||||
private enum Type{
|
||||
USER, CLIENT_ID
|
||||
};
|
||||
|
||||
public static void set(Secret secret) throws Exception {
|
||||
SecretManagerProvider.instance.reset();
|
||||
SecretManager secretManager = new SecretManager();
|
||||
SecretManagerProvider.instance.set(secretManager);
|
||||
SecretManager secretManager = new SecretManager();
|
||||
secretManager.addSecret(secret);
|
||||
secretManager.set();
|
||||
SecretManagerProvider.instance.set(secretManager);
|
||||
SecretManagerProvider.instance.get().set();
|
||||
}
|
||||
|
||||
public static void setContextByName(String fullContextName) throws Exception {
|
||||
logger.debug("Going to set credentials for context {}", fullContextName);
|
||||
Secret secret = getSecretByContextName(fullContextName);
|
||||
set(secret);
|
||||
}
|
||||
|
||||
|
||||
private static TokenResponse getJWTAccessToken(String context) throws Exception {
|
||||
Type type = Type.valueOf(properties.get(TYPE_PROPERTY_KEY).toString());
|
||||
|
||||
TokenResponse tr = null;
|
||||
|
||||
int index = context.indexOf('/', 1);
|
||||
String root = context.substring(0, index == -1 ? context.length() : index);
|
||||
|
||||
switch (type) {
|
||||
case CLIENT_ID:
|
||||
String clientId = properties.getProperty(CLIENT_ID_PROPERTY_KEY);
|
||||
String clientSecret = properties.getProperty(root);
|
||||
|
||||
tr = KeycloakClientFactory.newInstance().queryUMAToken(context, clientId, clientSecret, context, null);
|
||||
break;
|
||||
|
||||
case USER:
|
||||
default:
|
||||
String username = properties.getProperty(USERNAME_PROPERTY_KEY);
|
||||
String password = properties.getProperty(PASSWORD_PROPERTY_KEY);
|
||||
|
||||
switch (root) {
|
||||
case "/gcube":
|
||||
default:
|
||||
clientId = "next.d4science.org";
|
||||
break;
|
||||
|
||||
case "/pred4s":
|
||||
clientId = "pre.d4science.org";
|
||||
break;
|
||||
|
||||
case "/d4science.research-infrastructures.eu":
|
||||
clientId = "services.d4science.org";
|
||||
break;
|
||||
}
|
||||
clientSecret = null;
|
||||
|
||||
tr = KeycloakClientHelper.getTokenForUser(context, username, password);
|
||||
break;
|
||||
|
||||
}
|
||||
|
||||
return tr;
|
||||
|
||||
}
|
||||
|
||||
public static Secret getSecretByContextName(String context) throws Exception {
|
||||
TokenResponse tr = getJWTAccessToken(context);
|
||||
Secret secret = new JWTSecret(tr.getAccessToken());
|
||||
return secret;
|
||||
}
|
||||
|
||||
public static void setContext(String token) throws Exception {
|
||||
Secret secret = getSecret(token);
|
||||
set(secret);
|
||||
}
|
||||
|
||||
public static void setContextByName(String fullContextName) throws Exception {
|
||||
Secret secret = getSecretByContextName(fullContextName);
|
||||
set(secret);
|
||||
}
|
||||
|
||||
private static Secret getSecret(String token) throws Exception {
|
||||
Secret secret = SecretUtility.getSecretByTokenString(token);
|
||||
return secret;
|
||||
}
|
||||
|
||||
private static Secret getSecretByContextName(String fullContextName) throws Exception {
|
||||
String token = ContextTest.properties.getProperty(fullContextName);
|
||||
return getSecret(token);
|
||||
public static String getUser() {
|
||||
String user = "UNKNOWN";
|
||||
try {
|
||||
user = SecretManagerProvider.instance.get().getUser().getUsername();
|
||||
} catch(Exception e) {
|
||||
logger.error("Unable to retrieve user. {} will be used", user);
|
||||
}
|
||||
return user;
|
||||
}
|
||||
|
||||
@BeforeClass
|
||||
public static void beforeClass() throws Exception {
|
||||
setContextByName(VRE);
|
||||
setContextByName(DEFAULT_TEST_SCOPE);
|
||||
}
|
||||
|
||||
@AfterClass
|
||||
|
@ -86,4 +178,4 @@ public class ContextTest {
|
|||
SecretManagerProvider.instance.reset();
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
|
|
@ -24,6 +24,11 @@ public class SecretManagerTest extends ContextTest {
|
|||
Set<Secret> secrets = secretHolder.getSecrets();
|
||||
for(Secret s : secrets) {
|
||||
logger.debug("{}: token={}", s.getClass().getSimpleName(), s.getToken());
|
||||
User user = s.getUser();
|
||||
String username = user.getUsername();
|
||||
String surnameName = user.getFullName();
|
||||
String nameSurname = user.getFullName(true);
|
||||
logger.debug("{} - {} - {}", username, surnameName, nameSurname);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -1,2 +1,3 @@
|
|||
/logback-test.xml
|
||||
/token.properties
|
||||
/config.ini
|
||||
|
|
Loading…
Reference in New Issue