From a1d1770cb2148792c0f234ab46e85db3af2e7467 Mon Sep 17 00:00:00 2001 From: "lucio.lelii" Date: Tue, 24 Nov 2015 18:26:46 +0000 Subject: [PATCH] git-svn-id: http://svn.research-infrastructures.eu/public/d4science/gcube/trunk/Common/authorization-common-library@120401 82a268e6-3cf1-43bd-a215-b396298e98cf --- pom.xml | 8 +- .../library/AuthorizationEntry.java | 30 ++--- .../AuthorizationInvocationHandler.java | 24 ++-- .../library/AuthorizedTasks.java | 6 +- .../authorization/library/BannedService.java | 86 ------------- .../authorization/library/BannedServices.java | 30 ----- .../authorization/library/CalledService.java | 32 +++++ .../library/policies/EnvironmentPolicy.java | 77 ++++++++++++ .../library/policies/Policy.java | 17 +++ .../library/policies/PolicyType.java | 8 ++ .../library/policies/ServiceAccess.java | 113 ++++++++++++++++++ .../library/policies/ServicePolicy.java | 93 ++++++++++++++ .../library/policies/UserPolicy.java | 87 ++++++++++++++ .../provider/AuthorizationProvider.java | 12 +- .../{UserInfo.java => ClientInfo.java} | 68 ++++++----- .../library/policies/SerializationTest.java | 47 ++++++++ 16 files changed, 552 insertions(+), 186 deletions(-) delete mode 100644 src/main/java/org/gcube/common/authorization/library/BannedService.java delete mode 100644 src/main/java/org/gcube/common/authorization/library/BannedServices.java create mode 100644 src/main/java/org/gcube/common/authorization/library/CalledService.java create mode 100644 src/main/java/org/gcube/common/authorization/library/policies/EnvironmentPolicy.java create mode 100644 src/main/java/org/gcube/common/authorization/library/policies/Policy.java create mode 100644 src/main/java/org/gcube/common/authorization/library/policies/PolicyType.java create mode 100644 src/main/java/org/gcube/common/authorization/library/policies/ServiceAccess.java create mode 100644 src/main/java/org/gcube/common/authorization/library/policies/ServicePolicy.java create mode 100644 src/main/java/org/gcube/common/authorization/library/policies/UserPolicy.java rename src/main/java/org/gcube/common/authorization/library/provider/{UserInfo.java => ClientInfo.java} (50%) create mode 100644 src/test/java/org/gcube/common/authorization/library/policies/SerializationTest.java diff --git a/pom.xml b/pom.xml index f731812..f1f7731 100644 --- a/pom.xml +++ b/pom.xml @@ -3,7 +3,7 @@ 4.0.0 org.gcube.common common-authorization - 1.0.0-SNAPSHOT + 2.0.0-SNAPSHOT authorization service common library @@ -22,6 +22,12 @@ common-scope [1.0.0-SNAPSHOT, 2.0.0-SNAPSHOT) + + junit + junit + 4.11 + test + org.slf4j slf4j-api diff --git a/src/main/java/org/gcube/common/authorization/library/AuthorizationEntry.java b/src/main/java/org/gcube/common/authorization/library/AuthorizationEntry.java index 434aab2..6171f07 100644 --- a/src/main/java/org/gcube/common/authorization/library/AuthorizationEntry.java +++ b/src/main/java/org/gcube/common/authorization/library/AuthorizationEntry.java @@ -11,49 +11,49 @@ import javax.xml.bind.annotation.XmlRootElement; @XmlAccessorType(XmlAccessType.FIELD) public class AuthorizationEntry { - private String userName; + private String clientId; private List roles; - private String scope; - private List bannedServices = new ArrayList(); + private String context; + private List bannedServices = new ArrayList(); protected AuthorizationEntry(){} - public AuthorizationEntry(String userName, List roles, String scope) { + public AuthorizationEntry(String clientId, List roles, String context) { super(); - this.userName = userName; + this.clientId = clientId; this.roles = roles; - this.scope = scope; + this.context = context; } - public AuthorizationEntry(String userName, List roles, String scope, List bannedServices) { + public AuthorizationEntry(String userName, List roles, String scope, List bannedServices) { this(userName, roles, scope); this.bannedServices = bannedServices; } - public String getUserName() { - return userName; + public String getClientId() { + return clientId; } public List getRoles() { return roles; } - public String getScope() { - return scope; + public String getContext() { + return context; } - public List getBannedServices() { + public List getBannedServices() { return bannedServices; } - public void setBannedServices(List bannedServices) { + public void setBannedServices(List bannedServices) { this.bannedServices = bannedServices; } @Override public String toString() { - return "AuthorizationEntry [userName=" + userName + ", roles=" + roles - + ", scope=" + scope + " bannedServices "+ bannedServices+"]"; + return "AuthorizationEntry [clientId=" + clientId + ", roles=" + roles + + ", context=" + context + " bannedServices "+ bannedServices+"]"; } diff --git a/src/main/java/org/gcube/common/authorization/library/AuthorizationInvocationHandler.java b/src/main/java/org/gcube/common/authorization/library/AuthorizationInvocationHandler.java index c294760..7dd37ad 100644 --- a/src/main/java/org/gcube/common/authorization/library/AuthorizationInvocationHandler.java +++ b/src/main/java/org/gcube/common/authorization/library/AuthorizationInvocationHandler.java @@ -2,13 +2,9 @@ package org.gcube.common.authorization.library; import java.lang.reflect.InvocationHandler; import java.lang.reflect.Method; -import java.util.Arrays; -import java.util.List; -import org.gcube.common.authorization.library.annotations.IsAllowedFor; -import org.gcube.common.authorization.library.annotations.SubjectToQuota; import org.gcube.common.authorization.library.provider.AuthorizationProvider; -import org.gcube.common.authorization.library.provider.UserInfo; +import org.gcube.common.authorization.library.provider.ClientInfo; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -21,7 +17,7 @@ public class AuthorizationInvocationHandler implements Invocatio private Object obj; ResourceAuthorizationProxy resourceAuthorizationProxy; - + protected AuthorizationInvocationHandler(I obj, String className, ResourceAuthorizationProxy resourceAuthorizationProxy) { handledClass = className; this.obj = obj; @@ -31,12 +27,12 @@ public class AuthorizationInvocationHandler implements Invocatio public Object invoke(Object proxy, Method method, Object[] args) throws Throwable { log.trace("calling proxed method "+method.getName()+" on "+handledClass); - UserInfo info = AuthorizationProvider.instance.get(); - checkSubjectToQuota(info, method); - checkIsAllowedFor(info, method); + ClientInfo info = AuthorizationProvider.instance.get(); + //checkSubjectToQuota(info, method); + //checkIsAllowedFor(info, method); return method.invoke(obj, args); } - +/* private static boolean isOneElementContainedinRoles(List elements, String[] allowedRoles){ for (String role: allowedRoles ) if (elements.contains(role)) @@ -44,11 +40,11 @@ public class AuthorizationInvocationHandler implements Invocatio return false; } - private void checkSubjectToQuota(UserInfo info, Method method){ + private void checkSubjectToQuota(ClientInfo info, Method method){ if(method.isAnnotationPresent(SubjectToQuota.class)){ BannedService service = new BannedService(resourceAuthorizationProxy.getServiceClass(), resourceAuthorizationProxy.getServiceName()); log.debug("subjectToQuota annotation present, checking for service {} in bannedServices {}",service, info.getBannedServices()); - if (info.getBannedServices().contains(service)){ + if (info.getPolicies().contains(service)){ String message = "blocking method "+method.getName()+" for user "+info.getUserName()+": overquota reached"; log.warn(message); throw new SecurityException(message); @@ -56,7 +52,7 @@ public class AuthorizationInvocationHandler implements Invocatio } else log.debug("is subjectToQuota not present in "+method.getName()); } - private void checkIsAllowedFor(UserInfo info, Method method){ + private void checkIsAllowedFor(ClientInfo info, Method method){ if(method.isAnnotationPresent(IsAllowedFor.class)){ IsAllowedFor allowed = method.getAnnotation(IsAllowedFor.class); if (allowed.roles().length>0 && !isOneElementContainedinRoles(info.getRoles(), allowed.roles())){ @@ -66,5 +62,5 @@ public class AuthorizationInvocationHandler implements Invocatio } } else log.debug("is allowedFor not present in "+method.getName()); } - + */ } diff --git a/src/main/java/org/gcube/common/authorization/library/AuthorizedTasks.java b/src/main/java/org/gcube/common/authorization/library/AuthorizedTasks.java index 494aaf2..8e1f8ee 100644 --- a/src/main/java/org/gcube/common/authorization/library/AuthorizedTasks.java +++ b/src/main/java/org/gcube/common/authorization/library/AuthorizedTasks.java @@ -3,7 +3,7 @@ package org.gcube.common.authorization.library; import java.util.concurrent.Callable; import org.gcube.common.authorization.library.provider.AuthorizationProvider; -import org.gcube.common.authorization.library.provider.UserInfo; +import org.gcube.common.authorization.library.provider.ClientInfo; import org.gcube.common.scope.api.ScopeProvider; @@ -18,7 +18,7 @@ public class AuthorizedTasks { final String callScope = ScopeProvider.instance.get(); - final UserInfo userCall = AuthorizationProvider.instance.get(); + final ClientInfo userCall = AuthorizationProvider.instance.get(); return new Callable() { @Override @@ -49,7 +49,7 @@ public class AuthorizedTasks { final String callScope = ScopeProvider.instance.get(); - final UserInfo userCall = AuthorizationProvider.instance.get(); + final ClientInfo userCall = AuthorizationProvider.instance.get(); return new Runnable() { @Override diff --git a/src/main/java/org/gcube/common/authorization/library/BannedService.java b/src/main/java/org/gcube/common/authorization/library/BannedService.java deleted file mode 100644 index 89a8137..0000000 --- a/src/main/java/org/gcube/common/authorization/library/BannedService.java +++ /dev/null @@ -1,86 +0,0 @@ -package org.gcube.common.authorization.library; - -import java.util.Calendar; - -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlRootElement; - -@XmlRootElement -@XmlAccessorType(XmlAccessType.FIELD) -public class BannedService { - - private String serviceClass; - private String serviceName; - private Calendar banTime; - - protected BannedService() { - super(); - } - - public BannedService(String serviceClass, String serviceName, Calendar banTime) { - super(); - this.serviceClass = serviceClass; - this.serviceName = serviceName; - this.banTime = banTime; - } - - public BannedService(String serviceClass, String serviceName) { - super(); - this.serviceClass = serviceClass; - this.serviceName = serviceName; - this.banTime = Calendar.getInstance(); - } - - public String getServiceClass() { - return serviceClass; - } - - public String getServiceName() { - return serviceName; - } - - public Calendar getCreationTime() { - return banTime; - } - - @Override - public int hashCode() { - final int prime = 31; - int result = 1; - result = prime * result - + ((serviceClass == null) ? 0 : serviceClass.hashCode()); - result = prime * result - + ((serviceName == null) ? 0 : serviceName.hashCode()); - return result; - } - - @Override - public boolean equals(Object obj) { - if (this == obj) - return true; - if (obj == null) - return false; - if (getClass() != obj.getClass()) - return false; - BannedService other = (BannedService) obj; - if (serviceClass == null) { - if (other.serviceClass != null) - return false; - } else if (!serviceClass.equals(other.serviceClass)) - return false; - if (serviceName == null) { - if (other.serviceName != null) - return false; - } else if (!serviceName.equals(other.serviceName)) - return false; - return true; - } - - @Override - public String toString() { - return "BannedService [serviceClass=" + serviceClass + ", serviceName=" - + serviceName + ", banTime=" + banTime.getTimeInMillis() + "]"; - } - -} diff --git a/src/main/java/org/gcube/common/authorization/library/BannedServices.java b/src/main/java/org/gcube/common/authorization/library/BannedServices.java deleted file mode 100644 index 1e2ce55..0000000 --- a/src/main/java/org/gcube/common/authorization/library/BannedServices.java +++ /dev/null @@ -1,30 +0,0 @@ -package org.gcube.common.authorization.library; - -import java.util.List; - -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlRootElement; - -@XmlRootElement -@XmlAccessorType(XmlAccessType.FIELD) -public class BannedServices { - - private List services; - - protected BannedServices(){} - - public BannedServices(List services) { - super(); - this.services = services; - } - - - - public List get() { - return services; - } - - - -} diff --git a/src/main/java/org/gcube/common/authorization/library/CalledService.java b/src/main/java/org/gcube/common/authorization/library/CalledService.java new file mode 100644 index 0000000..2ce330c --- /dev/null +++ b/src/main/java/org/gcube/common/authorization/library/CalledService.java @@ -0,0 +1,32 @@ +package org.gcube.common.authorization.library; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlRootElement; + +@XmlRootElement +@XmlAccessorType(XmlAccessType.FIELD) +public class CalledService { + + private String serviceClass; + private String serviceName; + + protected CalledService() { + super(); + } + + public CalledService(String serviceClass, String serviceName) { + super(); + this.serviceClass = serviceClass; + this.serviceName = serviceName; + } + + public String getServiceClass() { + return serviceClass; + } + + public String getServiceName() { + return serviceName; + } + +} diff --git a/src/main/java/org/gcube/common/authorization/library/policies/EnvironmentPolicy.java b/src/main/java/org/gcube/common/authorization/library/policies/EnvironmentPolicy.java new file mode 100644 index 0000000..4fa20bd --- /dev/null +++ b/src/main/java/org/gcube/common/authorization/library/policies/EnvironmentPolicy.java @@ -0,0 +1,77 @@ +package org.gcube.common.authorization.library.policies; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlRootElement; + +@XmlRootElement +@XmlAccessorType(XmlAccessType.FIELD) +public class EnvironmentPolicy extends Policy{ + + private String environment; + private ServiceAccess service; + + + protected EnvironmentPolicy() {} + + public EnvironmentPolicy(String environment, ServiceAccess service) { + super(); + this.environment = environment; + this.service = service; + } + + @Override + public PolicyType getPolicyType() { + return PolicyType.ENVIRONMENT; + } + + @Override + public String getPolicyAsString() { + return service.getAsString(); + } + + public String getEnvironment() { + return environment; + } + + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + + ((environment == null) ? 0 : environment.hashCode()); + result = prime * result + ((service == null) ? 0 : service.hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + EnvironmentPolicy other = (EnvironmentPolicy) obj; + if (environment == null) { + if (other.environment != null) + return false; + } else if (!environment.equals(other.environment)) + return false; + if (service == null) { + if (other.service != null) + return false; + } else if (!service.equals(other.service)) + return false; + return true; + } + + @Override + public String toString() { + return "EnvironmentPolicy [environment=" + environment + ", service=" + + service + "]"; + } + + + +} diff --git a/src/main/java/org/gcube/common/authorization/library/policies/Policy.java b/src/main/java/org/gcube/common/authorization/library/policies/Policy.java new file mode 100644 index 0000000..390f6df --- /dev/null +++ b/src/main/java/org/gcube/common/authorization/library/policies/Policy.java @@ -0,0 +1,17 @@ +package org.gcube.common.authorization.library.policies; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlRootElement; + +@XmlRootElement +@XmlAccessorType(XmlAccessType.FIELD) +public abstract class Policy { + + protected Policy() {} + + public abstract PolicyType getPolicyType(); + + public abstract String getPolicyAsString(); + +} diff --git a/src/main/java/org/gcube/common/authorization/library/policies/PolicyType.java b/src/main/java/org/gcube/common/authorization/library/policies/PolicyType.java new file mode 100644 index 0000000..0593348 --- /dev/null +++ b/src/main/java/org/gcube/common/authorization/library/policies/PolicyType.java @@ -0,0 +1,8 @@ +package org.gcube.common.authorization.library.policies; + +public enum PolicyType { + + ENVIRONMENT, + SERVICE, + USER +} diff --git a/src/main/java/org/gcube/common/authorization/library/policies/ServiceAccess.java b/src/main/java/org/gcube/common/authorization/library/policies/ServiceAccess.java new file mode 100644 index 0000000..89a509e --- /dev/null +++ b/src/main/java/org/gcube/common/authorization/library/policies/ServiceAccess.java @@ -0,0 +1,113 @@ +package org.gcube.common.authorization.library.policies; + +import java.util.HashMap; +import java.util.Map.Entry; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlRootElement; + +@XmlRootElement +@XmlAccessorType(XmlAccessType.FIELD) +public class ServiceAccess { + + private String serviceClass; + private String name ; + private String serviceId; + private HashMap serviceSpecificPolices; + + public ServiceAccess() {} + + public ServiceAccess(String name, String serviceClass) { + super(); + this.name = name; + this.serviceClass = serviceClass; + } + + public ServiceAccess(String name, String serviceClass, String serviceId) { + this(name, serviceClass); + this.serviceId = serviceId; + } + + public ServiceAccess(String name, String serviceClass, String serviceId, + HashMap serviceSpecificPolices) { + this(name, serviceClass, serviceId); + this.serviceSpecificPolices = serviceSpecificPolices; + } + + public String getAsString(){ + if (serviceClass == null) + return "*"; + StringBuilder toReturn = new StringBuilder(serviceClass); + if (name == null) + return toReturn.append(":").append("*").toString(); + toReturn.append(":").append(name); + if (serviceId==null && (serviceSpecificPolices==null || serviceSpecificPolices.size()==0)) + return toReturn.append(":").append("*").toString(); + if (serviceId!=null) + toReturn.append(":").append(serviceId); + if (serviceSpecificPolices!=null && serviceSpecificPolices.size()!=0){ + toReturn.append("{"); + for (Entry entry: serviceSpecificPolices.entrySet()) + toReturn.append(entry.getKey()).append(":").append(entry.getValue()); + toReturn.append("}"); + } + return toReturn.toString(); + } + + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + ((name == null) ? 0 : name.hashCode()); + result = prime * result + + ((serviceClass == null) ? 0 : serviceClass.hashCode()); + result = prime * result + + ((serviceId == null) ? 0 : serviceId.hashCode()); + result = prime + * result + + ((serviceSpecificPolices == null) ? 0 + : serviceSpecificPolices.hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + ServiceAccess other = (ServiceAccess) obj; + if (name == null) { + if (other.name != null) + return false; + } else if (!name.equals(other.name)) + return false; + if (serviceClass == null) { + if (other.serviceClass != null) + return false; + } else if (!serviceClass.equals(other.serviceClass)) + return false; + if (serviceId == null) { + if (other.serviceId != null) + return false; + } else if (!serviceId.equals(other.serviceId)) + return false; + if (serviceSpecificPolices == null) { + if (other.serviceSpecificPolices != null) + return false; + } else if (!serviceSpecificPolices.equals(other.serviceSpecificPolices)) + return false; + return true; + } + + @Override + public String toString() { + return "ServiceAccess ["+getAsString()+"]"; + } + + + +} diff --git a/src/main/java/org/gcube/common/authorization/library/policies/ServicePolicy.java b/src/main/java/org/gcube/common/authorization/library/policies/ServicePolicy.java new file mode 100644 index 0000000..a018df0 --- /dev/null +++ b/src/main/java/org/gcube/common/authorization/library/policies/ServicePolicy.java @@ -0,0 +1,93 @@ +package org.gcube.common.authorization.library.policies; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlRootElement; + +@XmlRootElement +@XmlAccessorType(XmlAccessType.FIELD) +public class ServicePolicy extends Policy{ + + private String clientID; + private String environment; + private ServiceAccess serviceAccess; + + protected ServicePolicy(){} + + public ServicePolicy(String environment, ServiceAccess serviceAccess, + String clientID) { + this.environment = environment; + this.serviceAccess = serviceAccess; + this.clientID = clientID; + } + + @Override + public PolicyType getPolicyType() { + return PolicyType.SERVICE; + } + + @Override + public String getPolicyAsString() { + return serviceAccess.getAsString(); + } + + public String getClientID() { + return clientID; + } + + public String getEnvironment() { + return environment; + } + + public ServiceAccess getServiceAccess() { + return serviceAccess; + } + + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + + ((clientID == null) ? 0 : clientID.hashCode()); + result = prime * result + + ((environment == null) ? 0 : environment.hashCode()); + result = prime * result + + ((serviceAccess == null) ? 0 : serviceAccess.hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + ServicePolicy other = (ServicePolicy) obj; + if (clientID == null) { + if (other.clientID != null) + return false; + } else if (!clientID.equals(other.clientID)) + return false; + if (environment == null) { + if (other.environment != null) + return false; + } else if (!environment.equals(other.environment)) + return false; + if (serviceAccess == null) { + if (other.serviceAccess != null) + return false; + } else if (!serviceAccess.equals(other.serviceAccess)) + return false; + return true; + } + + @Override + public String toString() { + return "ServicePolicy [clientID=" + clientID + ", environment=" + + environment + ", serviceAccess=" + serviceAccess + "]"; + } + + +} diff --git a/src/main/java/org/gcube/common/authorization/library/policies/UserPolicy.java b/src/main/java/org/gcube/common/authorization/library/policies/UserPolicy.java new file mode 100644 index 0000000..7cc0d5c --- /dev/null +++ b/src/main/java/org/gcube/common/authorization/library/policies/UserPolicy.java @@ -0,0 +1,87 @@ +package org.gcube.common.authorization.library.policies; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlRootElement; + +@XmlRootElement +@XmlAccessorType(XmlAccessType.FIELD) +public class UserPolicy extends Policy { + + private String clientID; + private String environment; + private ServiceAccess serviceAccess; + + protected UserPolicy(){} + + public UserPolicy(String environment, ServiceAccess serviceAccess, String clientID) { + this.environment = environment; + this.serviceAccess = serviceAccess; + this.clientID = clientID; + } + + public String getClientID() { + return clientID; + } + + @Override + public PolicyType getPolicyType() { + return PolicyType.USER; + } + + @Override + public String getPolicyAsString() { + return serviceAccess.getAsString(); + } + + public String getEnvironment() { + return environment; + } + + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + + ((clientID == null) ? 0 : clientID.hashCode()); + result = prime * result + + ((environment == null) ? 0 : environment.hashCode()); + result = prime * result + + ((serviceAccess == null) ? 0 : serviceAccess.hashCode()); + return result; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (obj == null) + return false; + if (getClass() != obj.getClass()) + return false; + UserPolicy other = (UserPolicy) obj; + if (clientID == null) { + if (other.clientID != null) + return false; + } else if (!clientID.equals(other.clientID)) + return false; + if (environment == null) { + if (other.environment != null) + return false; + } else if (!environment.equals(other.environment)) + return false; + if (serviceAccess == null) { + if (other.serviceAccess != null) + return false; + } else if (!serviceAccess.equals(other.serviceAccess)) + return false; + return true; + } + + @Override + public String toString() { + return "UserPolicy [clientID=" + clientID + ", environment=" + + environment + ", serviceAccess=" + serviceAccess + "]"; + } + +} diff --git a/src/main/java/org/gcube/common/authorization/library/provider/AuthorizationProvider.java b/src/main/java/org/gcube/common/authorization/library/provider/AuthorizationProvider.java index b472fe0..eb4ada4 100644 --- a/src/main/java/org/gcube/common/authorization/library/provider/AuthorizationProvider.java +++ b/src/main/java/org/gcube/common/authorization/library/provider/AuthorizationProvider.java @@ -11,10 +11,10 @@ public class AuthorizationProvider { private static Logger logger = LoggerFactory.getLogger(AuthorizationProvider.class); // Thread local variable containing each thread's ID - private static final InheritableThreadLocal threadAuth = - new InheritableThreadLocal() { + private static final InheritableThreadLocal threadAuth = + new InheritableThreadLocal() { - @Override protected UserInfo initialValue() { + @Override protected ClientInfo initialValue() { return null; } @@ -22,13 +22,13 @@ public class AuthorizationProvider { private AuthorizationProvider(){} - public UserInfo get(){ - UserInfo info = threadAuth.get(); + public ClientInfo get(){ + ClientInfo info = threadAuth.get(); logger.trace("getting "+info+" in thread "+Thread.currentThread().getId() ); return info; } - public void set(UserInfo authorizationToken){ + public void set(ClientInfo authorizationToken){ threadAuth.set(authorizationToken); logger.trace("setting "+authorizationToken+" in thread "+Thread.currentThread().getId() ); } diff --git a/src/main/java/org/gcube/common/authorization/library/provider/UserInfo.java b/src/main/java/org/gcube/common/authorization/library/provider/ClientInfo.java similarity index 50% rename from src/main/java/org/gcube/common/authorization/library/provider/UserInfo.java rename to src/main/java/org/gcube/common/authorization/library/provider/ClientInfo.java index 465b056..b720331 100644 --- a/src/main/java/org/gcube/common/authorization/library/provider/UserInfo.java +++ b/src/main/java/org/gcube/common/authorization/library/provider/ClientInfo.java @@ -1,56 +1,55 @@ package org.gcube.common.authorization.library.provider; +import java.util.Collections; import java.util.List; import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessorType; import javax.xml.bind.annotation.XmlRootElement; -import org.gcube.common.authorization.library.BannedService; +import org.gcube.common.authorization.library.policies.Policy; @XmlRootElement @XmlAccessorType(XmlAccessType.FIELD) -public class UserInfo { +public class ClientInfo { - private String userName; - private List roles; - private List bannedServices; + private String clientId; + private List roles = Collections.emptyList(); + private List policies; - protected UserInfo(){} + protected ClientInfo(){} - public UserInfo(String userName, List roles, List bannedServices) { + public ClientInfo(String clientId, List roles, List policies) { super(); - this.userName = userName; + this.clientId = clientId; this.roles = roles; - this.bannedServices = bannedServices; + this.policies = policies; } - public String getUserName() { - return userName; + public String getClientId() { + return clientId; } - public List getRoles() { - return roles; + public List getPolicies() { + return policies; } - - public List getBannedServices() { - return bannedServices; - } - + /* public boolean isTokenBannedForService(BannedService service){ return (bannedServices.contains(service)); - } - + }*/ + @Override public int hashCode() { final int prime = 31; int result = 1; - result = prime * result + ((roles == null) ? 0 : roles.hashCode()); result = prime * result - + ((userName == null) ? 0 : userName.hashCode()); + + ((clientId == null) ? 0 : clientId.hashCode()); + result = prime * result + + ((policies == null) ? 0 : policies.hashCode()); + result = prime * result + ((roles == null) ? 0 : roles.hashCode()); return result; } - + @Override public boolean equals(Object obj) { if (this == obj) @@ -59,25 +58,32 @@ public class UserInfo { return false; if (getClass() != obj.getClass()) return false; - UserInfo other = (UserInfo) obj; + ClientInfo other = (ClientInfo) obj; + if (clientId == null) { + if (other.clientId != null) + return false; + } else if (!clientId.equals(other.clientId)) + return false; + if (policies == null) { + if (other.policies != null) + return false; + } else if (!policies.equals(other.policies)) + return false; if (roles == null) { if (other.roles != null) return false; } else if (!roles.equals(other.roles)) return false; - if (userName == null) { - if (other.userName != null) - return false; - } else if (!userName.equals(other.userName)) - return false; return true; } @Override public String toString() { - return "UserInfo [userName=" + userName + ", roles=" + roles + "]"; + return "ClientInfo [clientId=" + clientId + ", roles=" + roles + + ", policies=" + policies + "]"; } - + + } diff --git a/src/test/java/org/gcube/common/authorization/library/policies/SerializationTest.java b/src/test/java/org/gcube/common/authorization/library/policies/SerializationTest.java new file mode 100644 index 0000000..e2168c1 --- /dev/null +++ b/src/test/java/org/gcube/common/authorization/library/policies/SerializationTest.java @@ -0,0 +1,47 @@ +package org.gcube.common.authorization.library.policies; + +import java.io.StringReader; +import java.io.StringWriter; + +import javax.xml.bind.JAXBContext; + +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.Test; + +public class SerializationTest { + + static JAXBContext context; + + @BeforeClass + public static void before() throws Exception{ + context = JAXBContext.newInstance(EnvironmentPolicy.class, UserPolicy.class, ServicePolicy.class); + } + + @Test + public void serializeEnvironmentPolicy() throws Exception{ + EnvironmentPolicy ep = new EnvironmentPolicy("/gcube", new ServiceAccess()); + StringWriter sw = new StringWriter(); + context.createMarshaller().marshal(ep, sw); + EnvironmentPolicy epCopy = (EnvironmentPolicy)context.createUnmarshaller().unmarshal(new StringReader(sw.toString())); + Assert.assertEquals(ep, epCopy); + } + + @Test + public void serializeUserPolicy() throws Exception{ + UserPolicy up = new UserPolicy("/gcube", new ServiceAccess("ServiceName", "ServiceClass","serviceID"), "userID"); + StringWriter sw = new StringWriter(); + context.createMarshaller().marshal(up, sw); + UserPolicy upCopy = (UserPolicy)context.createUnmarshaller().unmarshal(new StringReader(sw.toString())); + Assert.assertEquals(up, upCopy); + } + + @Test + public void serializeServicePolicy() throws Exception{ + ServicePolicy sp = new ServicePolicy("/gcube", new ServiceAccess("ServiceName","ServiceClass"),"ServiceName:ServiceClass"); + StringWriter sw = new StringWriter(); + context.createMarshaller().marshal(sp, sw); + ServicePolicy spCopy = (ServicePolicy)context.createUnmarshaller().unmarshal(new StringReader(sw.toString())); + Assert.assertEquals(sp, spCopy); + } +}