added AccessTokenSecret
This commit is contained in:
parent
5cdc51d173
commit
5d2f79d063
|
@ -3,7 +3,7 @@ package org.gcube.common.security;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
public class Caller {
|
public class Owner {
|
||||||
|
|
||||||
private String clientId;
|
private String clientId;
|
||||||
private List<String> roles = new ArrayList<String>();
|
private List<String> roles = new ArrayList<String>();
|
||||||
|
@ -24,14 +24,14 @@ public class Caller {
|
||||||
private String contactOrganisation;
|
private String contactOrganisation;
|
||||||
|
|
||||||
|
|
||||||
public Caller(String clientId, List<String> roles, boolean external) {
|
public Owner(String clientId, List<String> roles, boolean external) {
|
||||||
super();
|
super();
|
||||||
this.clientId = clientId;
|
this.clientId = clientId;
|
||||||
this.roles = roles;
|
this.roles = roles;
|
||||||
this.externalClient = external;
|
this.externalClient = external;
|
||||||
}
|
}
|
||||||
|
|
||||||
public Caller(String clientId, List<String> roles, String email, String firstName, String lastName,boolean external) {
|
public Owner(String clientId, List<String> roles, String email, String firstName, String lastName,boolean external) {
|
||||||
super();
|
super();
|
||||||
this.clientId = clientId;
|
this.clientId = clientId;
|
||||||
this.roles = roles;
|
this.roles = roles;
|
|
@ -0,0 +1,81 @@
|
||||||
|
package org.gcube.common.security.secrets;
|
||||||
|
|
||||||
|
import java.util.Base64;
|
||||||
|
import java.util.HashMap;
|
||||||
|
import java.util.Map;
|
||||||
|
|
||||||
|
import org.gcube.com.fasterxml.jackson.databind.ObjectMapper;
|
||||||
|
import org.gcube.common.security.GCubeJWTObject;
|
||||||
|
import org.gcube.common.security.Owner;
|
||||||
|
|
||||||
|
public class AccessTokenSecret extends Secret {
|
||||||
|
|
||||||
|
private String encodedAccessToken;
|
||||||
|
|
||||||
|
protected Owner owner;
|
||||||
|
protected String context;
|
||||||
|
|
||||||
|
|
||||||
|
private boolean initialised = false;
|
||||||
|
|
||||||
|
public AccessTokenSecret(String encodedAccessToken) {
|
||||||
|
this.encodedAccessToken = encodedAccessToken;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Owner getOwner() {
|
||||||
|
init();
|
||||||
|
return this.owner;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String getContext() {
|
||||||
|
init();
|
||||||
|
return this.context;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Map<String, String> getHTTPAuthorizationHeaders() {
|
||||||
|
Map<String, String> authorizationHeaders = new HashMap<>();
|
||||||
|
authorizationHeaders.put("Authorization", "Bearer " + this.encodedAccessToken.getBytes());
|
||||||
|
return authorizationHeaders;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
protected String getEncodedAccessToken() {
|
||||||
|
return encodedAccessToken;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean isExpired() {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean isRefreshable() {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
private synchronized void init() {
|
||||||
|
if (!initialised)
|
||||||
|
try {
|
||||||
|
|
||||||
|
String realAccessTokenEncoded = encodedAccessToken.split("\\.")[1];
|
||||||
|
|
||||||
|
String decodedAccessPart = new String(Base64.getDecoder().decode(realAccessTokenEncoded.getBytes()));
|
||||||
|
|
||||||
|
ObjectMapper objectMapper = new ObjectMapper();
|
||||||
|
GCubeJWTObject obj = objectMapper.readValue(decodedAccessPart, GCubeJWTObject.class);
|
||||||
|
owner = new Owner(obj.getUsername(), obj.getRoles(), obj.getEmail(), obj.getFirstName(), obj.getLastName(), obj.isExternalService());
|
||||||
|
owner.setClientName(obj.getClientName());
|
||||||
|
owner.setContactOrganisation(obj.getContactOrganisation());
|
||||||
|
owner.setClientName(obj.getClientName());
|
||||||
|
context = obj.getContext();
|
||||||
|
initialised = true;
|
||||||
|
} catch (Exception e) {
|
||||||
|
throw new RuntimeException(e);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -8,7 +8,7 @@ import java.util.regex.Pattern;
|
||||||
import org.gcube.common.authorization.client.Constants;
|
import org.gcube.common.authorization.client.Constants;
|
||||||
import org.gcube.common.authorization.library.AuthorizationEntry;
|
import org.gcube.common.authorization.library.AuthorizationEntry;
|
||||||
import org.gcube.common.authorization.library.ClientType;
|
import org.gcube.common.authorization.library.ClientType;
|
||||||
import org.gcube.common.security.Caller;
|
import org.gcube.common.security.Owner;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author Luca Frosini (ISTI - CNR)
|
* @author Luca Frosini (ISTI - CNR)
|
||||||
|
@ -18,7 +18,7 @@ public class GCubeSecret extends Secret {
|
||||||
public static final String GCUBE_TOKEN_REGEX = "^([a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}-[a-fA-F0-9]{8,9}){1}$";
|
public static final String GCUBE_TOKEN_REGEX = "^([a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}-[a-fA-F0-9]{8,9}){1}$";
|
||||||
|
|
||||||
private String gcubeToken;
|
private String gcubeToken;
|
||||||
private Caller caller;
|
private Owner owner;
|
||||||
private String context;
|
private String context;
|
||||||
|
|
||||||
public GCubeSecret(String gcubeToken) {
|
public GCubeSecret(String gcubeToken) {
|
||||||
|
@ -30,22 +30,22 @@ public class GCubeSecret extends Secret {
|
||||||
|
|
||||||
private void init() throws Exception{
|
private void init() throws Exception{
|
||||||
AuthorizationEntry authorizationEntry = Constants.authorizationService().get(gcubeToken);
|
AuthorizationEntry authorizationEntry = Constants.authorizationService().get(gcubeToken);
|
||||||
this.caller = new Caller(authorizationEntry.getClientInfo().getId(),
|
this.owner = new Owner(authorizationEntry.getClientInfo().getId(),
|
||||||
authorizationEntry.getClientInfo().getRoles(), authorizationEntry.getClientInfo().getType()!=ClientType.USER);
|
authorizationEntry.getClientInfo().getRoles(), authorizationEntry.getClientInfo().getType()!=ClientType.USER);
|
||||||
this.context = authorizationEntry.getContext();
|
this.context = authorizationEntry.getContext();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Caller getCaller() {
|
public Owner getOwner() {
|
||||||
if (Objects.isNull(caller))
|
if (Objects.isNull(owner))
|
||||||
try {
|
try {
|
||||||
init();
|
init();
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
throw new RuntimeException("error retrieving context",e);
|
throw new RuntimeException("error retrieving context",e);
|
||||||
}
|
}
|
||||||
|
|
||||||
return caller;
|
return owner;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
@ -12,8 +12,8 @@ import org.gcube.common.keycloak.model.ModelUtils;
|
||||||
import org.gcube.common.keycloak.model.RefreshToken;
|
import org.gcube.common.keycloak.model.RefreshToken;
|
||||||
import org.gcube.common.keycloak.model.TokenResponse;
|
import org.gcube.common.keycloak.model.TokenResponse;
|
||||||
import org.gcube.common.keycloak.model.util.Time;
|
import org.gcube.common.keycloak.model.util.Time;
|
||||||
import org.gcube.common.security.Caller;
|
|
||||||
import org.gcube.common.security.GCubeJWTObject;
|
import org.gcube.common.security.GCubeJWTObject;
|
||||||
|
import org.gcube.common.security.Owner;
|
||||||
import org.gcube.common.security.providers.RenewalProvider;
|
import org.gcube.common.security.providers.RenewalProvider;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
@ -37,7 +37,7 @@ public class JWTSecret extends Secret {
|
||||||
protected AccessToken accessToken;
|
protected AccessToken accessToken;
|
||||||
protected TokenResponse tokenResponse;
|
protected TokenResponse tokenResponse;
|
||||||
protected RenewalProvider renewalProvider;
|
protected RenewalProvider renewalProvider;
|
||||||
protected Caller caller;
|
protected Owner owner;
|
||||||
protected String context;
|
protected String context;
|
||||||
|
|
||||||
protected boolean initialised = false;
|
protected boolean initialised = false;
|
||||||
|
@ -55,7 +55,7 @@ public class JWTSecret extends Secret {
|
||||||
expired = true;
|
expired = true;
|
||||||
if(tokenResponse!=null) {
|
if(tokenResponse!=null) {
|
||||||
try {
|
try {
|
||||||
KeycloakClientFactory.newInstance().refreshToken(this.getCaller().getId(), tokenResponse);
|
KeycloakClientFactory.newInstance().refreshToken(this.getOwner().getId(), tokenResponse);
|
||||||
expired = false;
|
expired = false;
|
||||||
}catch (Exception e) {
|
}catch (Exception e) {
|
||||||
logger.warn("Unable to refresh the token with RefreshToken. Going to try to renew it if possible.", e);
|
logger.warn("Unable to refresh the token with RefreshToken. Going to try to renew it if possible.", e);
|
||||||
|
@ -100,10 +100,10 @@ public class JWTSecret extends Secret {
|
||||||
ObjectMapper objectMapper = new ObjectMapper();
|
ObjectMapper objectMapper = new ObjectMapper();
|
||||||
String accessTokenString = objectMapper.writeValueAsString(getAccessToken());
|
String accessTokenString = objectMapper.writeValueAsString(getAccessToken());
|
||||||
GCubeJWTObject obj = objectMapper.readValue(accessTokenString, GCubeJWTObject.class);
|
GCubeJWTObject obj = objectMapper.readValue(accessTokenString, GCubeJWTObject.class);
|
||||||
Caller caller = new Caller(obj.getUsername(), obj.getRoles(), obj.getEmail(), obj.getFirstName(), obj.getLastName(), obj.isExternalService());
|
Owner owner = new Owner(obj.getUsername(), obj.getRoles(), obj.getEmail(), obj.getFirstName(), obj.getLastName(), obj.isExternalService());
|
||||||
caller.setClientName(obj.getClientName());
|
owner.setClientName(obj.getClientName());
|
||||||
caller.setContactOrganisation(obj.getContactOrganisation());
|
owner.setContactOrganisation(obj.getContactOrganisation());
|
||||||
caller.setClientName(obj.getClientName());
|
owner.setClientName(obj.getClientName());
|
||||||
context = obj.getContext();
|
context = obj.getContext();
|
||||||
initialised = true;
|
initialised = true;
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
|
@ -113,15 +113,15 @@ public class JWTSecret extends Secret {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Caller getCaller() {
|
public Owner getOwner() {
|
||||||
init();
|
init();
|
||||||
return this.caller;
|
return this.owner;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public String getContext() {
|
public String getContext() {
|
||||||
init();
|
init();
|
||||||
return context;
|
return this.context;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
@ -2,14 +2,14 @@ package org.gcube.common.security.secrets;
|
||||||
|
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
|
||||||
import org.gcube.common.security.Caller;
|
import org.gcube.common.security.Owner;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author Luca Frosini (ISTI - CNR)
|
* @author Luca Frosini (ISTI - CNR)
|
||||||
*/
|
*/
|
||||||
public abstract class Secret {
|
public abstract class Secret {
|
||||||
|
|
||||||
public abstract Caller getCaller();
|
public abstract Owner getOwner();
|
||||||
|
|
||||||
public abstract String getContext();
|
public abstract String getContext();
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue