From 5d2f79d06314498e43355ef4b97c35e3f50cf665 Mon Sep 17 00:00:00 2001 From: lucio Date: Mon, 30 May 2022 18:31:11 +0200 Subject: [PATCH] added AccessTokenSecret --- .../security/{Caller.java => Owner.java} | 6 +- .../security/secrets/AccessTokenSecret.java | 81 +++++++++++++++++++ .../common/security/secrets/GCubeSecret.java | 12 +-- .../common/security/secrets/JWTSecret.java | 20 ++--- .../gcube/common/security/secrets/Secret.java | 4 +- 5 files changed, 102 insertions(+), 21 deletions(-) rename src/main/java/org/gcube/common/security/{Caller.java => Owner.java} (89%) create mode 100644 src/main/java/org/gcube/common/security/secrets/AccessTokenSecret.java diff --git a/src/main/java/org/gcube/common/security/Caller.java b/src/main/java/org/gcube/common/security/Owner.java similarity index 89% rename from src/main/java/org/gcube/common/security/Caller.java rename to src/main/java/org/gcube/common/security/Owner.java index f8b1b30..54ec85c 100644 --- a/src/main/java/org/gcube/common/security/Caller.java +++ b/src/main/java/org/gcube/common/security/Owner.java @@ -3,7 +3,7 @@ package org.gcube.common.security; import java.util.ArrayList; import java.util.List; -public class Caller { +public class Owner { private String clientId; private List roles = new ArrayList(); @@ -24,14 +24,14 @@ public class Caller { private String contactOrganisation; - public Caller(String clientId, List roles, boolean external) { + public Owner(String clientId, List roles, boolean external) { super(); this.clientId = clientId; this.roles = roles; this.externalClient = external; } - public Caller(String clientId, List roles, String email, String firstName, String lastName,boolean external) { + public Owner(String clientId, List roles, String email, String firstName, String lastName,boolean external) { super(); this.clientId = clientId; this.roles = roles; diff --git a/src/main/java/org/gcube/common/security/secrets/AccessTokenSecret.java b/src/main/java/org/gcube/common/security/secrets/AccessTokenSecret.java new file mode 100644 index 0000000..cc5deca --- /dev/null +++ b/src/main/java/org/gcube/common/security/secrets/AccessTokenSecret.java @@ -0,0 +1,81 @@ +package org.gcube.common.security.secrets; + +import java.util.Base64; +import java.util.HashMap; +import java.util.Map; + +import org.gcube.com.fasterxml.jackson.databind.ObjectMapper; +import org.gcube.common.security.GCubeJWTObject; +import org.gcube.common.security.Owner; + +public class AccessTokenSecret extends Secret { + + private String encodedAccessToken; + + protected Owner owner; + protected String context; + + + private boolean initialised = false; + + public AccessTokenSecret(String encodedAccessToken) { + this.encodedAccessToken = encodedAccessToken; + } + + @Override + public Owner getOwner() { + init(); + return this.owner; + } + + @Override + public String getContext() { + init(); + return this.context; + } + + @Override + public Map getHTTPAuthorizationHeaders() { + Map authorizationHeaders = new HashMap<>(); + authorizationHeaders.put("Authorization", "Bearer " + this.encodedAccessToken.getBytes()); + return authorizationHeaders; + + } + + protected String getEncodedAccessToken() { + return encodedAccessToken; + } + + @Override + public boolean isExpired() { + return false; + } + + @Override + public boolean isRefreshable() { + return false; + } + + private synchronized void init() { + if (!initialised) + try { + + String realAccessTokenEncoded = encodedAccessToken.split("\\.")[1]; + + String decodedAccessPart = new String(Base64.getDecoder().decode(realAccessTokenEncoded.getBytes())); + + ObjectMapper objectMapper = new ObjectMapper(); + GCubeJWTObject obj = objectMapper.readValue(decodedAccessPart, GCubeJWTObject.class); + owner = new Owner(obj.getUsername(), obj.getRoles(), obj.getEmail(), obj.getFirstName(), obj.getLastName(), obj.isExternalService()); + owner.setClientName(obj.getClientName()); + owner.setContactOrganisation(obj.getContactOrganisation()); + owner.setClientName(obj.getClientName()); + context = obj.getContext(); + initialised = true; + } catch (Exception e) { + throw new RuntimeException(e); + } + + } + +} diff --git a/src/main/java/org/gcube/common/security/secrets/GCubeSecret.java b/src/main/java/org/gcube/common/security/secrets/GCubeSecret.java index ca74f44..ca5e68c 100644 --- a/src/main/java/org/gcube/common/security/secrets/GCubeSecret.java +++ b/src/main/java/org/gcube/common/security/secrets/GCubeSecret.java @@ -8,7 +8,7 @@ import java.util.regex.Pattern; import org.gcube.common.authorization.client.Constants; import org.gcube.common.authorization.library.AuthorizationEntry; import org.gcube.common.authorization.library.ClientType; -import org.gcube.common.security.Caller; +import org.gcube.common.security.Owner; /** * @author Luca Frosini (ISTI - CNR) @@ -18,7 +18,7 @@ public class GCubeSecret extends Secret { public static final String GCUBE_TOKEN_REGEX = "^([a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}-[a-fA-F0-9]{8,9}){1}$"; private String gcubeToken; - private Caller caller; + private Owner owner; private String context; public GCubeSecret(String gcubeToken) { @@ -30,22 +30,22 @@ public class GCubeSecret extends Secret { private void init() throws Exception{ AuthorizationEntry authorizationEntry = Constants.authorizationService().get(gcubeToken); - this.caller = new Caller(authorizationEntry.getClientInfo().getId(), + this.owner = new Owner(authorizationEntry.getClientInfo().getId(), authorizationEntry.getClientInfo().getRoles(), authorizationEntry.getClientInfo().getType()!=ClientType.USER); this.context = authorizationEntry.getContext(); } @Override - public Caller getCaller() { - if (Objects.isNull(caller)) + public Owner getOwner() { + if (Objects.isNull(owner)) try { init(); } catch (Exception e) { throw new RuntimeException("error retrieving context",e); } - return caller; + return owner; } @Override diff --git a/src/main/java/org/gcube/common/security/secrets/JWTSecret.java b/src/main/java/org/gcube/common/security/secrets/JWTSecret.java index 9d03f3b..d093af4 100644 --- a/src/main/java/org/gcube/common/security/secrets/JWTSecret.java +++ b/src/main/java/org/gcube/common/security/secrets/JWTSecret.java @@ -12,8 +12,8 @@ import org.gcube.common.keycloak.model.ModelUtils; import org.gcube.common.keycloak.model.RefreshToken; import org.gcube.common.keycloak.model.TokenResponse; import org.gcube.common.keycloak.model.util.Time; -import org.gcube.common.security.Caller; import org.gcube.common.security.GCubeJWTObject; +import org.gcube.common.security.Owner; import org.gcube.common.security.providers.RenewalProvider; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -37,7 +37,7 @@ public class JWTSecret extends Secret { protected AccessToken accessToken; protected TokenResponse tokenResponse; protected RenewalProvider renewalProvider; - protected Caller caller; + protected Owner owner; protected String context; protected boolean initialised = false; @@ -55,7 +55,7 @@ public class JWTSecret extends Secret { expired = true; if(tokenResponse!=null) { try { - KeycloakClientFactory.newInstance().refreshToken(this.getCaller().getId(), tokenResponse); + KeycloakClientFactory.newInstance().refreshToken(this.getOwner().getId(), tokenResponse); expired = false; }catch (Exception e) { logger.warn("Unable to refresh the token with RefreshToken. Going to try to renew it if possible.", e); @@ -100,10 +100,10 @@ public class JWTSecret extends Secret { ObjectMapper objectMapper = new ObjectMapper(); String accessTokenString = objectMapper.writeValueAsString(getAccessToken()); GCubeJWTObject obj = objectMapper.readValue(accessTokenString, GCubeJWTObject.class); - Caller caller = new Caller(obj.getUsername(), obj.getRoles(), obj.getEmail(), obj.getFirstName(), obj.getLastName(), obj.isExternalService()); - caller.setClientName(obj.getClientName()); - caller.setContactOrganisation(obj.getContactOrganisation()); - caller.setClientName(obj.getClientName()); + Owner owner = new Owner(obj.getUsername(), obj.getRoles(), obj.getEmail(), obj.getFirstName(), obj.getLastName(), obj.isExternalService()); + owner.setClientName(obj.getClientName()); + owner.setContactOrganisation(obj.getContactOrganisation()); + owner.setClientName(obj.getClientName()); context = obj.getContext(); initialised = true; } catch (Exception e) { @@ -113,15 +113,15 @@ public class JWTSecret extends Secret { } @Override - public Caller getCaller() { + public Owner getOwner() { init(); - return this.caller; + return this.owner; } @Override public String getContext() { init(); - return context; + return this.context; } @Override diff --git a/src/main/java/org/gcube/common/security/secrets/Secret.java b/src/main/java/org/gcube/common/security/secrets/Secret.java index 917d573..48c6668 100644 --- a/src/main/java/org/gcube/common/security/secrets/Secret.java +++ b/src/main/java/org/gcube/common/security/secrets/Secret.java @@ -2,14 +2,14 @@ package org.gcube.common.security.secrets; import java.util.Map; -import org.gcube.common.security.Caller; +import org.gcube.common.security.Owner; /** * @author Luca Frosini (ISTI - CNR) */ public abstract class Secret { - public abstract Caller getCaller(); + public abstract Owner getOwner(); public abstract String getContext();