added AccessTokenSecret
This commit is contained in:
parent
5cdc51d173
commit
5d2f79d063
|
@ -3,7 +3,7 @@ package org.gcube.common.security;
|
|||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
public class Caller {
|
||||
public class Owner {
|
||||
|
||||
private String clientId;
|
||||
private List<String> roles = new ArrayList<String>();
|
||||
|
@ -24,14 +24,14 @@ public class Caller {
|
|||
private String contactOrganisation;
|
||||
|
||||
|
||||
public Caller(String clientId, List<String> roles, boolean external) {
|
||||
public Owner(String clientId, List<String> roles, boolean external) {
|
||||
super();
|
||||
this.clientId = clientId;
|
||||
this.roles = roles;
|
||||
this.externalClient = external;
|
||||
}
|
||||
|
||||
public Caller(String clientId, List<String> roles, String email, String firstName, String lastName,boolean external) {
|
||||
public Owner(String clientId, List<String> roles, String email, String firstName, String lastName,boolean external) {
|
||||
super();
|
||||
this.clientId = clientId;
|
||||
this.roles = roles;
|
|
@ -0,0 +1,81 @@
|
|||
package org.gcube.common.security.secrets;
|
||||
|
||||
import java.util.Base64;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
import org.gcube.com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import org.gcube.common.security.GCubeJWTObject;
|
||||
import org.gcube.common.security.Owner;
|
||||
|
||||
public class AccessTokenSecret extends Secret {
|
||||
|
||||
private String encodedAccessToken;
|
||||
|
||||
protected Owner owner;
|
||||
protected String context;
|
||||
|
||||
|
||||
private boolean initialised = false;
|
||||
|
||||
public AccessTokenSecret(String encodedAccessToken) {
|
||||
this.encodedAccessToken = encodedAccessToken;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Owner getOwner() {
|
||||
init();
|
||||
return this.owner;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getContext() {
|
||||
init();
|
||||
return this.context;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Map<String, String> getHTTPAuthorizationHeaders() {
|
||||
Map<String, String> authorizationHeaders = new HashMap<>();
|
||||
authorizationHeaders.put("Authorization", "Bearer " + this.encodedAccessToken.getBytes());
|
||||
return authorizationHeaders;
|
||||
|
||||
}
|
||||
|
||||
protected String getEncodedAccessToken() {
|
||||
return encodedAccessToken;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isExpired() {
|
||||
return false;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isRefreshable() {
|
||||
return false;
|
||||
}
|
||||
|
||||
private synchronized void init() {
|
||||
if (!initialised)
|
||||
try {
|
||||
|
||||
String realAccessTokenEncoded = encodedAccessToken.split("\\.")[1];
|
||||
|
||||
String decodedAccessPart = new String(Base64.getDecoder().decode(realAccessTokenEncoded.getBytes()));
|
||||
|
||||
ObjectMapper objectMapper = new ObjectMapper();
|
||||
GCubeJWTObject obj = objectMapper.readValue(decodedAccessPart, GCubeJWTObject.class);
|
||||
owner = new Owner(obj.getUsername(), obj.getRoles(), obj.getEmail(), obj.getFirstName(), obj.getLastName(), obj.isExternalService());
|
||||
owner.setClientName(obj.getClientName());
|
||||
owner.setContactOrganisation(obj.getContactOrganisation());
|
||||
owner.setClientName(obj.getClientName());
|
||||
context = obj.getContext();
|
||||
initialised = true;
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
|
@ -8,7 +8,7 @@ import java.util.regex.Pattern;
|
|||
import org.gcube.common.authorization.client.Constants;
|
||||
import org.gcube.common.authorization.library.AuthorizationEntry;
|
||||
import org.gcube.common.authorization.library.ClientType;
|
||||
import org.gcube.common.security.Caller;
|
||||
import org.gcube.common.security.Owner;
|
||||
|
||||
/**
|
||||
* @author Luca Frosini (ISTI - CNR)
|
||||
|
@ -18,7 +18,7 @@ public class GCubeSecret extends Secret {
|
|||
public static final String GCUBE_TOKEN_REGEX = "^([a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}-[a-fA-F0-9]{8,9}){1}$";
|
||||
|
||||
private String gcubeToken;
|
||||
private Caller caller;
|
||||
private Owner owner;
|
||||
private String context;
|
||||
|
||||
public GCubeSecret(String gcubeToken) {
|
||||
|
@ -30,22 +30,22 @@ public class GCubeSecret extends Secret {
|
|||
|
||||
private void init() throws Exception{
|
||||
AuthorizationEntry authorizationEntry = Constants.authorizationService().get(gcubeToken);
|
||||
this.caller = new Caller(authorizationEntry.getClientInfo().getId(),
|
||||
this.owner = new Owner(authorizationEntry.getClientInfo().getId(),
|
||||
authorizationEntry.getClientInfo().getRoles(), authorizationEntry.getClientInfo().getType()!=ClientType.USER);
|
||||
this.context = authorizationEntry.getContext();
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public Caller getCaller() {
|
||||
if (Objects.isNull(caller))
|
||||
public Owner getOwner() {
|
||||
if (Objects.isNull(owner))
|
||||
try {
|
||||
init();
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException("error retrieving context",e);
|
||||
}
|
||||
|
||||
return caller;
|
||||
return owner;
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
@ -12,8 +12,8 @@ import org.gcube.common.keycloak.model.ModelUtils;
|
|||
import org.gcube.common.keycloak.model.RefreshToken;
|
||||
import org.gcube.common.keycloak.model.TokenResponse;
|
||||
import org.gcube.common.keycloak.model.util.Time;
|
||||
import org.gcube.common.security.Caller;
|
||||
import org.gcube.common.security.GCubeJWTObject;
|
||||
import org.gcube.common.security.Owner;
|
||||
import org.gcube.common.security.providers.RenewalProvider;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
@ -37,7 +37,7 @@ public class JWTSecret extends Secret {
|
|||
protected AccessToken accessToken;
|
||||
protected TokenResponse tokenResponse;
|
||||
protected RenewalProvider renewalProvider;
|
||||
protected Caller caller;
|
||||
protected Owner owner;
|
||||
protected String context;
|
||||
|
||||
protected boolean initialised = false;
|
||||
|
@ -55,7 +55,7 @@ public class JWTSecret extends Secret {
|
|||
expired = true;
|
||||
if(tokenResponse!=null) {
|
||||
try {
|
||||
KeycloakClientFactory.newInstance().refreshToken(this.getCaller().getId(), tokenResponse);
|
||||
KeycloakClientFactory.newInstance().refreshToken(this.getOwner().getId(), tokenResponse);
|
||||
expired = false;
|
||||
}catch (Exception e) {
|
||||
logger.warn("Unable to refresh the token with RefreshToken. Going to try to renew it if possible.", e);
|
||||
|
@ -100,10 +100,10 @@ public class JWTSecret extends Secret {
|
|||
ObjectMapper objectMapper = new ObjectMapper();
|
||||
String accessTokenString = objectMapper.writeValueAsString(getAccessToken());
|
||||
GCubeJWTObject obj = objectMapper.readValue(accessTokenString, GCubeJWTObject.class);
|
||||
Caller caller = new Caller(obj.getUsername(), obj.getRoles(), obj.getEmail(), obj.getFirstName(), obj.getLastName(), obj.isExternalService());
|
||||
caller.setClientName(obj.getClientName());
|
||||
caller.setContactOrganisation(obj.getContactOrganisation());
|
||||
caller.setClientName(obj.getClientName());
|
||||
Owner owner = new Owner(obj.getUsername(), obj.getRoles(), obj.getEmail(), obj.getFirstName(), obj.getLastName(), obj.isExternalService());
|
||||
owner.setClientName(obj.getClientName());
|
||||
owner.setContactOrganisation(obj.getContactOrganisation());
|
||||
owner.setClientName(obj.getClientName());
|
||||
context = obj.getContext();
|
||||
initialised = true;
|
||||
} catch (Exception e) {
|
||||
|
@ -113,15 +113,15 @@ public class JWTSecret extends Secret {
|
|||
}
|
||||
|
||||
@Override
|
||||
public Caller getCaller() {
|
||||
public Owner getOwner() {
|
||||
init();
|
||||
return this.caller;
|
||||
return this.owner;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getContext() {
|
||||
init();
|
||||
return context;
|
||||
return this.context;
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
@ -2,14 +2,14 @@ package org.gcube.common.security.secrets;
|
|||
|
||||
import java.util.Map;
|
||||
|
||||
import org.gcube.common.security.Caller;
|
||||
import org.gcube.common.security.Owner;
|
||||
|
||||
/**
|
||||
* @author Luca Frosini (ISTI - CNR)
|
||||
*/
|
||||
public abstract class Secret {
|
||||
|
||||
public abstract Caller getCaller();
|
||||
public abstract Owner getOwner();
|
||||
|
||||
public abstract String getContext();
|
||||
|
||||
|
|
Loading…
Reference in New Issue