git-svn-id: http://svn.research-infrastructures.eu/public/d4science/gcube/trunk/Common/authorization-common-library@122470 82a268e6-3cf1-43bd-a215-b396298e98cf
This commit is contained in:
parent
fe151091b1
commit
97ec52938a
|
@ -4,7 +4,7 @@ import java.lang.reflect.InvocationHandler;
|
|||
import java.lang.reflect.Method;
|
||||
|
||||
import org.gcube.common.authorization.library.provider.AuthorizationProvider;
|
||||
import org.gcube.common.authorization.library.provider.UserInfo;
|
||||
import org.gcube.common.authorization.library.provider.ClientInfo;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
|
@ -27,7 +27,7 @@ public class AuthorizationInvocationHandler<T, I extends T> implements Invocatio
|
|||
public Object invoke(Object proxy, Method method,
|
||||
Object[] args) throws Throwable {
|
||||
log.trace("calling proxed method "+method.getName()+" on "+handledClass);
|
||||
UserInfo info = AuthorizationProvider.instance.get();
|
||||
ClientInfo info = AuthorizationProvider.instance.get();
|
||||
//checkSubjectToQuota(info, method);
|
||||
//checkIsAllowedFor(info, method);
|
||||
return method.invoke(obj, args);
|
||||
|
|
|
@ -3,7 +3,8 @@ package org.gcube.common.authorization.library;
|
|||
import java.util.concurrent.Callable;
|
||||
|
||||
import org.gcube.common.authorization.library.provider.AuthorizationProvider;
|
||||
import org.gcube.common.authorization.library.provider.UserInfo;
|
||||
import org.gcube.common.authorization.library.provider.ClientInfo;
|
||||
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
|
||||
import org.gcube.common.scope.api.ScopeProvider;
|
||||
|
||||
|
||||
|
@ -18,22 +19,24 @@ public class AuthorizedTasks {
|
|||
|
||||
final String callScope = ScopeProvider.instance.get();
|
||||
|
||||
final UserInfo userCall = AuthorizationProvider.instance.get();
|
||||
final ClientInfo userCall = AuthorizationProvider.instance.get();
|
||||
|
||||
final String token = SecurityTokenProvider.instance.get();
|
||||
|
||||
return new Callable<V>() {
|
||||
@Override
|
||||
public V call() throws Exception {
|
||||
|
||||
//bind underlying thread to callscope
|
||||
ScopeProvider.instance.set(callScope);
|
||||
//bind underlying thread to call user
|
||||
AuthorizationProvider.instance.set(userCall);
|
||||
SecurityTokenProvider.instance.set(token);
|
||||
try {
|
||||
return task.call();
|
||||
}
|
||||
finally {
|
||||
ScopeProvider.instance.reset();
|
||||
AuthorizationProvider.instance.reset();
|
||||
SecurityTokenProvider.instance.reset();
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -49,23 +52,23 @@ public class AuthorizedTasks {
|
|||
|
||||
final String callScope = ScopeProvider.instance.get();
|
||||
|
||||
final UserInfo userCall = AuthorizationProvider.instance.get();
|
||||
final ClientInfo userCall = AuthorizationProvider.instance.get();
|
||||
|
||||
final String token = SecurityTokenProvider.instance.get();
|
||||
|
||||
return new Runnable() {
|
||||
@Override
|
||||
public void run() {
|
||||
|
||||
//bind underlying thread to callscope
|
||||
ScopeProvider.instance.set(callScope);
|
||||
//bind underlying thread to call user
|
||||
AuthorizationProvider.instance.set(userCall);
|
||||
|
||||
SecurityTokenProvider.instance.set(token);
|
||||
try {
|
||||
task.run();
|
||||
}
|
||||
finally {
|
||||
ScopeProvider.instance.reset();
|
||||
AuthorizationProvider.instance.reset();
|
||||
SecurityTokenProvider.instance.reset();
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -0,0 +1,38 @@
|
|||
package org.gcube.common.authorization.library;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import javax.xml.bind.annotation.XmlAccessType;
|
||||
import javax.xml.bind.annotation.XmlAccessorType;
|
||||
import javax.xml.bind.annotation.XmlElementRef;
|
||||
import javax.xml.bind.annotation.XmlElementRefs;
|
||||
import javax.xml.bind.annotation.XmlRootElement;
|
||||
|
||||
import org.gcube.common.authorization.library.policies.Policy;
|
||||
import org.gcube.common.authorization.library.policies.Service2ServicePolicy;
|
||||
import org.gcube.common.authorization.library.policies.User2ServicePolicy;
|
||||
|
||||
@XmlRootElement
|
||||
@XmlAccessorType(XmlAccessType.FIELD)
|
||||
public class Policies {
|
||||
|
||||
@XmlElementRefs({
|
||||
@XmlElementRef(type = Service2ServicePolicy.class),
|
||||
@XmlElementRef(type = User2ServicePolicy.class),
|
||||
})
|
||||
List<Policy> policies;
|
||||
|
||||
|
||||
@SuppressWarnings("unused")
|
||||
private Policies(){}
|
||||
|
||||
public Policies(List<Policy> policies) {
|
||||
super();
|
||||
this.policies = policies;
|
||||
}
|
||||
|
||||
public List<Policy> getPolicies() {
|
||||
return policies;
|
||||
}
|
||||
|
||||
}
|
|
@ -1,17 +1,7 @@
|
|||
package org.gcube.common.authorization.library;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
import org.gcube.common.authorization.library.policies.Policy;
|
||||
import org.gcube.common.authorization.library.policies.PolicyType;
|
||||
import org.gcube.common.authorization.library.policies.Service2ServicePolicy;
|
||||
import org.gcube.common.authorization.library.policies.User2ServicePolicy;
|
||||
import org.gcube.common.authorization.library.policies.UserEntity.UserEntityType;
|
||||
import org.gcube.common.authorization.library.provider.ClientInfo;
|
||||
import org.gcube.common.authorization.library.policies.ServiceAccess;
|
||||
import org.gcube.common.authorization.library.provider.ServiceIdentifier;
|
||||
import org.gcube.common.authorization.library.provider.ServiceInfo;
|
||||
import org.gcube.common.authorization.library.provider.UserInfo;
|
||||
|
||||
/**
|
||||
*
|
||||
|
@ -20,28 +10,8 @@ import org.gcube.common.authorization.library.provider.UserInfo;
|
|||
*/
|
||||
public class PolicyUtils {
|
||||
|
||||
public static List<Policy> getRetainedPolicies(ClientInfo client, List<Policy> policies){
|
||||
|
||||
List<Policy> retainedPolicies = new ArrayList<Policy>();
|
||||
|
||||
for (Policy policy: policies){
|
||||
if ((client instanceof UserInfo && policy.getPolicyType()==PolicyType.USER && checkPolicy((UserInfo) client, (User2ServicePolicy)policy))
|
||||
|| (client instanceof ServiceInfo && policy.getPolicyType()==PolicyType.SERVICE && checkPolicy((ServiceInfo) client, (Service2ServicePolicy)policy)))
|
||||
retainedPolicies.add(policy);
|
||||
}
|
||||
return retainedPolicies;
|
||||
}
|
||||
|
||||
private static boolean checkPolicy(UserInfo client, User2ServicePolicy policy) {
|
||||
if (policy.getEntity().getType()== UserEntityType.USER)
|
||||
return client.getId().equals(policy.getEntity().getIdentifier());
|
||||
else
|
||||
return client.getRoles().contains(policy.getEntity().getIdentifier());
|
||||
}
|
||||
|
||||
private static boolean checkPolicy(ServiceInfo client, Service2ServicePolicy policy) {
|
||||
ServiceIdentifier serviceId = client.getServiceIdentifier();
|
||||
String policyAsString = policy.getClient().getAsString();
|
||||
public static boolean isPolicyValidForClient(ServiceAccess serviceAccess, ServiceIdentifier serviceId) {
|
||||
String policyAsString = serviceAccess.getAsString();
|
||||
return policyAsString.equals("*") || policyAsString.equals(serviceId.getServiceClass()+":*") ||
|
||||
policyAsString.equals(serviceId.getServiceClass()+":"+serviceId.getServiceName()+":*") ||
|
||||
policyAsString.equals(serviceId.getFullIdentifier());
|
||||
|
|
|
@ -61,6 +61,11 @@ public abstract class UserEntity {
|
|||
return true;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return "UserEntity [ "+getAsString()+" ]";
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
|
|
@ -1,18 +1,12 @@
|
|||
package org.gcube.common.authorization.library.provider;
|
||||
|
||||
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
public class AuthorizationProvider {
|
||||
|
||||
public static AuthorizationProvider instance = new AuthorizationProvider();
|
||||
|
||||
private static Logger logger = LoggerFactory.getLogger(AuthorizationProvider.class);
|
||||
|
||||
|
||||
// Thread local variable containing each thread's ID
|
||||
private static final InheritableThreadLocal<UserInfo> threadAuth =
|
||||
new InheritableThreadLocal<UserInfo>() {
|
||||
private static final InheritableThreadLocal<ClientInfo> threadAuth =
|
||||
new InheritableThreadLocal<ClientInfo>() {
|
||||
|
||||
@Override protected UserInfo initialValue() {
|
||||
return null;
|
||||
|
@ -22,15 +16,13 @@ public class AuthorizationProvider {
|
|||
|
||||
private AuthorizationProvider(){}
|
||||
|
||||
public UserInfo get(){
|
||||
UserInfo info = threadAuth.get();
|
||||
logger.trace("getting "+info+" in thread "+Thread.currentThread().getId() );
|
||||
public ClientInfo get(){
|
||||
ClientInfo info = threadAuth.get();
|
||||
return info;
|
||||
}
|
||||
|
||||
public void set(UserInfo authorizationToken){
|
||||
threadAuth.set(authorizationToken);
|
||||
logger.trace("setting "+authorizationToken+" in thread "+Thread.currentThread().getId() );
|
||||
public void set(ClientInfo info){
|
||||
threadAuth.set(info);
|
||||
}
|
||||
|
||||
public void reset(){
|
||||
|
|
Loading…
Reference in New Issue