From 97ec52938aacd2f632bac0fe001c3c17544836ce Mon Sep 17 00:00:00 2001 From: "lucio.lelii" Date: Fri, 22 Jan 2016 16:28:11 +0000 Subject: [PATCH] git-svn-id: http://svn.research-infrastructures.eu/public/d4science/gcube/trunk/Common/authorization-common-library@122470 82a268e6-3cf1-43bd-a215-b396298e98cf --- .../AuthorizationInvocationHandler.java | 4 +- .../library/AuthorizedTasks.java | 21 +++++----- .../authorization/library/Policies.java | 38 +++++++++++++++++++ .../authorization/library/PolicyUtils.java | 36 ++---------------- .../library/policies/UserEntity.java | 5 +++ .../provider/AuthorizationProvider.java | 22 ++++------- 6 files changed, 67 insertions(+), 59 deletions(-) create mode 100644 src/main/java/org/gcube/common/authorization/library/Policies.java diff --git a/src/main/java/org/gcube/common/authorization/library/AuthorizationInvocationHandler.java b/src/main/java/org/gcube/common/authorization/library/AuthorizationInvocationHandler.java index 426394b..7dd37ad 100644 --- a/src/main/java/org/gcube/common/authorization/library/AuthorizationInvocationHandler.java +++ b/src/main/java/org/gcube/common/authorization/library/AuthorizationInvocationHandler.java @@ -4,7 +4,7 @@ import java.lang.reflect.InvocationHandler; import java.lang.reflect.Method; import org.gcube.common.authorization.library.provider.AuthorizationProvider; -import org.gcube.common.authorization.library.provider.UserInfo; +import org.gcube.common.authorization.library.provider.ClientInfo; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -27,7 +27,7 @@ public class AuthorizationInvocationHandler implements Invocatio public Object invoke(Object proxy, Method method, Object[] args) throws Throwable { log.trace("calling proxed method "+method.getName()+" on "+handledClass); - UserInfo info = AuthorizationProvider.instance.get(); + ClientInfo info = AuthorizationProvider.instance.get(); //checkSubjectToQuota(info, method); //checkIsAllowedFor(info, method); return method.invoke(obj, args); diff --git a/src/main/java/org/gcube/common/authorization/library/AuthorizedTasks.java b/src/main/java/org/gcube/common/authorization/library/AuthorizedTasks.java index 494aaf2..ecb01c1 100644 --- a/src/main/java/org/gcube/common/authorization/library/AuthorizedTasks.java +++ b/src/main/java/org/gcube/common/authorization/library/AuthorizedTasks.java @@ -3,7 +3,8 @@ package org.gcube.common.authorization.library; import java.util.concurrent.Callable; import org.gcube.common.authorization.library.provider.AuthorizationProvider; -import org.gcube.common.authorization.library.provider.UserInfo; +import org.gcube.common.authorization.library.provider.ClientInfo; +import org.gcube.common.authorization.library.provider.SecurityTokenProvider; import org.gcube.common.scope.api.ScopeProvider; @@ -18,22 +19,24 @@ public class AuthorizedTasks { final String callScope = ScopeProvider.instance.get(); - final UserInfo userCall = AuthorizationProvider.instance.get(); + final ClientInfo userCall = AuthorizationProvider.instance.get(); + + final String token = SecurityTokenProvider.instance.get(); return new Callable() { @Override public V call() throws Exception { - //bind underlying thread to callscope ScopeProvider.instance.set(callScope); - //bind underlying thread to call user AuthorizationProvider.instance.set(userCall); + SecurityTokenProvider.instance.set(token); try { return task.call(); } finally { ScopeProvider.instance.reset(); AuthorizationProvider.instance.reset(); + SecurityTokenProvider.instance.reset(); } } @@ -49,23 +52,23 @@ public class AuthorizedTasks { final String callScope = ScopeProvider.instance.get(); - final UserInfo userCall = AuthorizationProvider.instance.get(); + final ClientInfo userCall = AuthorizationProvider.instance.get(); + + final String token = SecurityTokenProvider.instance.get(); return new Runnable() { @Override public void run() { - - //bind underlying thread to callscope ScopeProvider.instance.set(callScope); - //bind underlying thread to call user AuthorizationProvider.instance.set(userCall); - + SecurityTokenProvider.instance.set(token); try { task.run(); } finally { ScopeProvider.instance.reset(); AuthorizationProvider.instance.reset(); + SecurityTokenProvider.instance.reset(); } } diff --git a/src/main/java/org/gcube/common/authorization/library/Policies.java b/src/main/java/org/gcube/common/authorization/library/Policies.java new file mode 100644 index 0000000..ef075b9 --- /dev/null +++ b/src/main/java/org/gcube/common/authorization/library/Policies.java @@ -0,0 +1,38 @@ +package org.gcube.common.authorization.library; + +import java.util.List; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElementRef; +import javax.xml.bind.annotation.XmlElementRefs; +import javax.xml.bind.annotation.XmlRootElement; + +import org.gcube.common.authorization.library.policies.Policy; +import org.gcube.common.authorization.library.policies.Service2ServicePolicy; +import org.gcube.common.authorization.library.policies.User2ServicePolicy; + +@XmlRootElement +@XmlAccessorType(XmlAccessType.FIELD) +public class Policies { + + @XmlElementRefs({ + @XmlElementRef(type = Service2ServicePolicy.class), + @XmlElementRef(type = User2ServicePolicy.class), + }) + List policies; + + + @SuppressWarnings("unused") + private Policies(){} + + public Policies(List policies) { + super(); + this.policies = policies; + } + + public List getPolicies() { + return policies; + } + +} diff --git a/src/main/java/org/gcube/common/authorization/library/PolicyUtils.java b/src/main/java/org/gcube/common/authorization/library/PolicyUtils.java index 921923a..0bbfd3e 100644 --- a/src/main/java/org/gcube/common/authorization/library/PolicyUtils.java +++ b/src/main/java/org/gcube/common/authorization/library/PolicyUtils.java @@ -1,17 +1,7 @@ package org.gcube.common.authorization.library; -import java.util.ArrayList; -import java.util.List; - -import org.gcube.common.authorization.library.policies.Policy; -import org.gcube.common.authorization.library.policies.PolicyType; -import org.gcube.common.authorization.library.policies.Service2ServicePolicy; -import org.gcube.common.authorization.library.policies.User2ServicePolicy; -import org.gcube.common.authorization.library.policies.UserEntity.UserEntityType; -import org.gcube.common.authorization.library.provider.ClientInfo; +import org.gcube.common.authorization.library.policies.ServiceAccess; import org.gcube.common.authorization.library.provider.ServiceIdentifier; -import org.gcube.common.authorization.library.provider.ServiceInfo; -import org.gcube.common.authorization.library.provider.UserInfo; /** * @@ -20,28 +10,8 @@ import org.gcube.common.authorization.library.provider.UserInfo; */ public class PolicyUtils { - public static List getRetainedPolicies(ClientInfo client, List policies){ - - List retainedPolicies = new ArrayList(); - - for (Policy policy: policies){ - if ((client instanceof UserInfo && policy.getPolicyType()==PolicyType.USER && checkPolicy((UserInfo) client, (User2ServicePolicy)policy)) - || (client instanceof ServiceInfo && policy.getPolicyType()==PolicyType.SERVICE && checkPolicy((ServiceInfo) client, (Service2ServicePolicy)policy))) - retainedPolicies.add(policy); - } - return retainedPolicies; - } - - private static boolean checkPolicy(UserInfo client, User2ServicePolicy policy) { - if (policy.getEntity().getType()== UserEntityType.USER) - return client.getId().equals(policy.getEntity().getIdentifier()); - else - return client.getRoles().contains(policy.getEntity().getIdentifier()); - } - - private static boolean checkPolicy(ServiceInfo client, Service2ServicePolicy policy) { - ServiceIdentifier serviceId = client.getServiceIdentifier(); - String policyAsString = policy.getClient().getAsString(); + public static boolean isPolicyValidForClient(ServiceAccess serviceAccess, ServiceIdentifier serviceId) { + String policyAsString = serviceAccess.getAsString(); return policyAsString.equals("*") || policyAsString.equals(serviceId.getServiceClass()+":*") || policyAsString.equals(serviceId.getServiceClass()+":"+serviceId.getServiceName()+":*") || policyAsString.equals(serviceId.getFullIdentifier()); diff --git a/src/main/java/org/gcube/common/authorization/library/policies/UserEntity.java b/src/main/java/org/gcube/common/authorization/library/policies/UserEntity.java index bd57eed..ebaa631 100644 --- a/src/main/java/org/gcube/common/authorization/library/policies/UserEntity.java +++ b/src/main/java/org/gcube/common/authorization/library/policies/UserEntity.java @@ -61,6 +61,11 @@ public abstract class UserEntity { return true; } + @Override + public String toString() { + return "UserEntity [ "+getAsString()+" ]"; + } + diff --git a/src/main/java/org/gcube/common/authorization/library/provider/AuthorizationProvider.java b/src/main/java/org/gcube/common/authorization/library/provider/AuthorizationProvider.java index b472fe0..06bdb94 100644 --- a/src/main/java/org/gcube/common/authorization/library/provider/AuthorizationProvider.java +++ b/src/main/java/org/gcube/common/authorization/library/provider/AuthorizationProvider.java @@ -1,18 +1,12 @@ package org.gcube.common.authorization.library.provider; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - public class AuthorizationProvider { public static AuthorizationProvider instance = new AuthorizationProvider(); - - private static Logger logger = LoggerFactory.getLogger(AuthorizationProvider.class); - + // Thread local variable containing each thread's ID - private static final InheritableThreadLocal threadAuth = - new InheritableThreadLocal() { + private static final InheritableThreadLocal threadAuth = + new InheritableThreadLocal() { @Override protected UserInfo initialValue() { return null; @@ -22,15 +16,13 @@ public class AuthorizationProvider { private AuthorizationProvider(){} - public UserInfo get(){ - UserInfo info = threadAuth.get(); - logger.trace("getting "+info+" in thread "+Thread.currentThread().getId() ); + public ClientInfo get(){ + ClientInfo info = threadAuth.get(); return info; } - public void set(UserInfo authorizationToken){ - threadAuth.set(authorizationToken); - logger.trace("setting "+authorizationToken+" in thread "+Thread.currentThread().getId() ); + public void set(ClientInfo info){ + threadAuth.set(info); } public void reset(){