git-svn-id: http://svn.research-infrastructures.eu/public/d4science/gcube/trunk/Common/authorization-common-library@122470 82a268e6-3cf1-43bd-a215-b396298e98cf
This commit is contained in:
parent
fe151091b1
commit
97ec52938a
|
|
@ -4,7 +4,7 @@ import java.lang.reflect.InvocationHandler;
|
||||||
import java.lang.reflect.Method;
|
import java.lang.reflect.Method;
|
||||||
|
|
||||||
import org.gcube.common.authorization.library.provider.AuthorizationProvider;
|
import org.gcube.common.authorization.library.provider.AuthorizationProvider;
|
||||||
import org.gcube.common.authorization.library.provider.UserInfo;
|
import org.gcube.common.authorization.library.provider.ClientInfo;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
|
|
@ -27,7 +27,7 @@ public class AuthorizationInvocationHandler<T, I extends T> implements Invocatio
|
||||||
public Object invoke(Object proxy, Method method,
|
public Object invoke(Object proxy, Method method,
|
||||||
Object[] args) throws Throwable {
|
Object[] args) throws Throwable {
|
||||||
log.trace("calling proxed method "+method.getName()+" on "+handledClass);
|
log.trace("calling proxed method "+method.getName()+" on "+handledClass);
|
||||||
UserInfo info = AuthorizationProvider.instance.get();
|
ClientInfo info = AuthorizationProvider.instance.get();
|
||||||
//checkSubjectToQuota(info, method);
|
//checkSubjectToQuota(info, method);
|
||||||
//checkIsAllowedFor(info, method);
|
//checkIsAllowedFor(info, method);
|
||||||
return method.invoke(obj, args);
|
return method.invoke(obj, args);
|
||||||
|
|
|
||||||
|
|
@ -3,7 +3,8 @@ package org.gcube.common.authorization.library;
|
||||||
import java.util.concurrent.Callable;
|
import java.util.concurrent.Callable;
|
||||||
|
|
||||||
import org.gcube.common.authorization.library.provider.AuthorizationProvider;
|
import org.gcube.common.authorization.library.provider.AuthorizationProvider;
|
||||||
import org.gcube.common.authorization.library.provider.UserInfo;
|
import org.gcube.common.authorization.library.provider.ClientInfo;
|
||||||
|
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
|
||||||
import org.gcube.common.scope.api.ScopeProvider;
|
import org.gcube.common.scope.api.ScopeProvider;
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -18,22 +19,24 @@ public class AuthorizedTasks {
|
||||||
|
|
||||||
final String callScope = ScopeProvider.instance.get();
|
final String callScope = ScopeProvider.instance.get();
|
||||||
|
|
||||||
final UserInfo userCall = AuthorizationProvider.instance.get();
|
final ClientInfo userCall = AuthorizationProvider.instance.get();
|
||||||
|
|
||||||
|
final String token = SecurityTokenProvider.instance.get();
|
||||||
|
|
||||||
return new Callable<V>() {
|
return new Callable<V>() {
|
||||||
@Override
|
@Override
|
||||||
public V call() throws Exception {
|
public V call() throws Exception {
|
||||||
|
|
||||||
//bind underlying thread to callscope
|
|
||||||
ScopeProvider.instance.set(callScope);
|
ScopeProvider.instance.set(callScope);
|
||||||
//bind underlying thread to call user
|
|
||||||
AuthorizationProvider.instance.set(userCall);
|
AuthorizationProvider.instance.set(userCall);
|
||||||
|
SecurityTokenProvider.instance.set(token);
|
||||||
try {
|
try {
|
||||||
return task.call();
|
return task.call();
|
||||||
}
|
}
|
||||||
finally {
|
finally {
|
||||||
ScopeProvider.instance.reset();
|
ScopeProvider.instance.reset();
|
||||||
AuthorizationProvider.instance.reset();
|
AuthorizationProvider.instance.reset();
|
||||||
|
SecurityTokenProvider.instance.reset();
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
@ -49,23 +52,23 @@ public class AuthorizedTasks {
|
||||||
|
|
||||||
final String callScope = ScopeProvider.instance.get();
|
final String callScope = ScopeProvider.instance.get();
|
||||||
|
|
||||||
final UserInfo userCall = AuthorizationProvider.instance.get();
|
final ClientInfo userCall = AuthorizationProvider.instance.get();
|
||||||
|
|
||||||
|
final String token = SecurityTokenProvider.instance.get();
|
||||||
|
|
||||||
return new Runnable() {
|
return new Runnable() {
|
||||||
@Override
|
@Override
|
||||||
public void run() {
|
public void run() {
|
||||||
|
|
||||||
//bind underlying thread to callscope
|
|
||||||
ScopeProvider.instance.set(callScope);
|
ScopeProvider.instance.set(callScope);
|
||||||
//bind underlying thread to call user
|
|
||||||
AuthorizationProvider.instance.set(userCall);
|
AuthorizationProvider.instance.set(userCall);
|
||||||
|
SecurityTokenProvider.instance.set(token);
|
||||||
try {
|
try {
|
||||||
task.run();
|
task.run();
|
||||||
}
|
}
|
||||||
finally {
|
finally {
|
||||||
ScopeProvider.instance.reset();
|
ScopeProvider.instance.reset();
|
||||||
AuthorizationProvider.instance.reset();
|
AuthorizationProvider.instance.reset();
|
||||||
|
SecurityTokenProvider.instance.reset();
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,38 @@
|
||||||
|
package org.gcube.common.authorization.library;
|
||||||
|
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
import javax.xml.bind.annotation.XmlAccessType;
|
||||||
|
import javax.xml.bind.annotation.XmlAccessorType;
|
||||||
|
import javax.xml.bind.annotation.XmlElementRef;
|
||||||
|
import javax.xml.bind.annotation.XmlElementRefs;
|
||||||
|
import javax.xml.bind.annotation.XmlRootElement;
|
||||||
|
|
||||||
|
import org.gcube.common.authorization.library.policies.Policy;
|
||||||
|
import org.gcube.common.authorization.library.policies.Service2ServicePolicy;
|
||||||
|
import org.gcube.common.authorization.library.policies.User2ServicePolicy;
|
||||||
|
|
||||||
|
@XmlRootElement
|
||||||
|
@XmlAccessorType(XmlAccessType.FIELD)
|
||||||
|
public class Policies {
|
||||||
|
|
||||||
|
@XmlElementRefs({
|
||||||
|
@XmlElementRef(type = Service2ServicePolicy.class),
|
||||||
|
@XmlElementRef(type = User2ServicePolicy.class),
|
||||||
|
})
|
||||||
|
List<Policy> policies;
|
||||||
|
|
||||||
|
|
||||||
|
@SuppressWarnings("unused")
|
||||||
|
private Policies(){}
|
||||||
|
|
||||||
|
public Policies(List<Policy> policies) {
|
||||||
|
super();
|
||||||
|
this.policies = policies;
|
||||||
|
}
|
||||||
|
|
||||||
|
public List<Policy> getPolicies() {
|
||||||
|
return policies;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
@ -1,17 +1,7 @@
|
||||||
package org.gcube.common.authorization.library;
|
package org.gcube.common.authorization.library;
|
||||||
|
|
||||||
import java.util.ArrayList;
|
import org.gcube.common.authorization.library.policies.ServiceAccess;
|
||||||
import java.util.List;
|
|
||||||
|
|
||||||
import org.gcube.common.authorization.library.policies.Policy;
|
|
||||||
import org.gcube.common.authorization.library.policies.PolicyType;
|
|
||||||
import org.gcube.common.authorization.library.policies.Service2ServicePolicy;
|
|
||||||
import org.gcube.common.authorization.library.policies.User2ServicePolicy;
|
|
||||||
import org.gcube.common.authorization.library.policies.UserEntity.UserEntityType;
|
|
||||||
import org.gcube.common.authorization.library.provider.ClientInfo;
|
|
||||||
import org.gcube.common.authorization.library.provider.ServiceIdentifier;
|
import org.gcube.common.authorization.library.provider.ServiceIdentifier;
|
||||||
import org.gcube.common.authorization.library.provider.ServiceInfo;
|
|
||||||
import org.gcube.common.authorization.library.provider.UserInfo;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
*
|
*
|
||||||
|
|
@ -20,28 +10,8 @@ import org.gcube.common.authorization.library.provider.UserInfo;
|
||||||
*/
|
*/
|
||||||
public class PolicyUtils {
|
public class PolicyUtils {
|
||||||
|
|
||||||
public static List<Policy> getRetainedPolicies(ClientInfo client, List<Policy> policies){
|
public static boolean isPolicyValidForClient(ServiceAccess serviceAccess, ServiceIdentifier serviceId) {
|
||||||
|
String policyAsString = serviceAccess.getAsString();
|
||||||
List<Policy> retainedPolicies = new ArrayList<Policy>();
|
|
||||||
|
|
||||||
for (Policy policy: policies){
|
|
||||||
if ((client instanceof UserInfo && policy.getPolicyType()==PolicyType.USER && checkPolicy((UserInfo) client, (User2ServicePolicy)policy))
|
|
||||||
|| (client instanceof ServiceInfo && policy.getPolicyType()==PolicyType.SERVICE && checkPolicy((ServiceInfo) client, (Service2ServicePolicy)policy)))
|
|
||||||
retainedPolicies.add(policy);
|
|
||||||
}
|
|
||||||
return retainedPolicies;
|
|
||||||
}
|
|
||||||
|
|
||||||
private static boolean checkPolicy(UserInfo client, User2ServicePolicy policy) {
|
|
||||||
if (policy.getEntity().getType()== UserEntityType.USER)
|
|
||||||
return client.getId().equals(policy.getEntity().getIdentifier());
|
|
||||||
else
|
|
||||||
return client.getRoles().contains(policy.getEntity().getIdentifier());
|
|
||||||
}
|
|
||||||
|
|
||||||
private static boolean checkPolicy(ServiceInfo client, Service2ServicePolicy policy) {
|
|
||||||
ServiceIdentifier serviceId = client.getServiceIdentifier();
|
|
||||||
String policyAsString = policy.getClient().getAsString();
|
|
||||||
return policyAsString.equals("*") || policyAsString.equals(serviceId.getServiceClass()+":*") ||
|
return policyAsString.equals("*") || policyAsString.equals(serviceId.getServiceClass()+":*") ||
|
||||||
policyAsString.equals(serviceId.getServiceClass()+":"+serviceId.getServiceName()+":*") ||
|
policyAsString.equals(serviceId.getServiceClass()+":"+serviceId.getServiceName()+":*") ||
|
||||||
policyAsString.equals(serviceId.getFullIdentifier());
|
policyAsString.equals(serviceId.getFullIdentifier());
|
||||||
|
|
|
||||||
|
|
@ -61,6 +61,11 @@ public abstract class UserEntity {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String toString() {
|
||||||
|
return "UserEntity [ "+getAsString()+" ]";
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,18 +1,12 @@
|
||||||
package org.gcube.common.authorization.library.provider;
|
package org.gcube.common.authorization.library.provider;
|
||||||
|
|
||||||
|
|
||||||
import org.slf4j.Logger;
|
|
||||||
import org.slf4j.LoggerFactory;
|
|
||||||
|
|
||||||
public class AuthorizationProvider {
|
public class AuthorizationProvider {
|
||||||
|
|
||||||
public static AuthorizationProvider instance = new AuthorizationProvider();
|
public static AuthorizationProvider instance = new AuthorizationProvider();
|
||||||
|
|
||||||
private static Logger logger = LoggerFactory.getLogger(AuthorizationProvider.class);
|
|
||||||
|
|
||||||
// Thread local variable containing each thread's ID
|
// Thread local variable containing each thread's ID
|
||||||
private static final InheritableThreadLocal<UserInfo> threadAuth =
|
private static final InheritableThreadLocal<ClientInfo> threadAuth =
|
||||||
new InheritableThreadLocal<UserInfo>() {
|
new InheritableThreadLocal<ClientInfo>() {
|
||||||
|
|
||||||
@Override protected UserInfo initialValue() {
|
@Override protected UserInfo initialValue() {
|
||||||
return null;
|
return null;
|
||||||
|
|
@ -22,15 +16,13 @@ public class AuthorizationProvider {
|
||||||
|
|
||||||
private AuthorizationProvider(){}
|
private AuthorizationProvider(){}
|
||||||
|
|
||||||
public UserInfo get(){
|
public ClientInfo get(){
|
||||||
UserInfo info = threadAuth.get();
|
ClientInfo info = threadAuth.get();
|
||||||
logger.trace("getting "+info+" in thread "+Thread.currentThread().getId() );
|
|
||||||
return info;
|
return info;
|
||||||
}
|
}
|
||||||
|
|
||||||
public void set(UserInfo authorizationToken){
|
public void set(ClientInfo info){
|
||||||
threadAuth.set(authorizationToken);
|
threadAuth.set(info);
|
||||||
logger.trace("setting "+authorizationToken+" in thread "+Thread.currentThread().getId() );
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public void reset(){
|
public void reset(){
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue