commit for new IAM release
This commit is contained in:
parent
441baf14b3
commit
a4462eb325
9
pom.xml
9
pom.xml
|
@ -11,7 +11,7 @@
|
||||||
|
|
||||||
<groupId>org.gcube.core</groupId>
|
<groupId>org.gcube.core</groupId>
|
||||||
<artifactId>common-smartgears</artifactId>
|
<artifactId>common-smartgears</artifactId>
|
||||||
<version>2.2.0</version>
|
<version>2.3.0-SNAPSHOT</version>
|
||||||
<name>SmartGears</name>
|
<name>SmartGears</name>
|
||||||
|
|
||||||
<dependencyManagement>
|
<dependencyManagement>
|
||||||
|
@ -41,6 +41,12 @@
|
||||||
|
|
||||||
<dependencies>
|
<dependencies>
|
||||||
|
|
||||||
|
<dependency>
|
||||||
|
<groupId>com.eclipsesource.minimal-json</groupId>
|
||||||
|
<artifactId>minimal-json</artifactId>
|
||||||
|
<version>0.9.4</version>
|
||||||
|
</dependency>
|
||||||
|
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.gcube.common</groupId>
|
<groupId>org.gcube.common</groupId>
|
||||||
<artifactId>authorization-client</artifactId>
|
<artifactId>authorization-client</artifactId>
|
||||||
|
@ -165,7 +171,6 @@
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>ch.qos.logback</groupId>
|
<groupId>ch.qos.logback</groupId>
|
||||||
<artifactId>logback-classic</artifactId>
|
<artifactId>logback-classic</artifactId>
|
||||||
<version>1.2.3</version>
|
|
||||||
<scope>runtime</scope>
|
<scope>runtime</scope>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
|
||||||
|
|
|
@ -8,5 +8,6 @@ package org.gcube.smartgears.configuration;
|
||||||
*/
|
*/
|
||||||
public enum Mode {
|
public enum Mode {
|
||||||
online,
|
online,
|
||||||
offline
|
offline,
|
||||||
|
root
|
||||||
}
|
}
|
|
@ -12,6 +12,7 @@ import org.gcube.common.authorization.client.proxy.AuthorizationProxy;
|
||||||
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
|
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
|
||||||
import org.gcube.common.resources.gcore.GCoreEndpoint;
|
import org.gcube.common.resources.gcore.GCoreEndpoint;
|
||||||
import org.gcube.informationsystem.publisher.ScopedPublisher;
|
import org.gcube.informationsystem.publisher.ScopedPublisher;
|
||||||
|
import org.gcube.smartgears.configuration.Mode;
|
||||||
import org.gcube.smartgears.context.application.ApplicationContext;
|
import org.gcube.smartgears.context.application.ApplicationContext;
|
||||||
import org.gcube.smartgears.provider.ProviderFactory;
|
import org.gcube.smartgears.provider.ProviderFactory;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
|
@ -81,18 +82,20 @@ public class ProfilePublisher {
|
||||||
|
|
||||||
ClassLoader contextCL = Thread.currentThread().getContextClassLoader();
|
ClassLoader contextCL = Thread.currentThread().getContextClassLoader();
|
||||||
|
|
||||||
|
log.debug("using context {}",contextCL.getClass().getSimpleName());
|
||||||
|
|
||||||
String previousToken = SecurityTokenProvider.instance.get();
|
String previousToken = SecurityTokenProvider.instance.get();
|
||||||
try{//This classloader set is needed for the jaxb context
|
try{//This classloader set is needed for the jaxb context
|
||||||
if (previousToken==null)
|
if (previousToken==null)
|
||||||
SecurityTokenProvider.instance.set((String)tokens.toArray()[0]);
|
SecurityTokenProvider.instance.set((String)tokens.toArray()[0]);
|
||||||
Thread.currentThread().setContextClassLoader(ProfilePublisher.class.getClassLoader());
|
if (context.container().configuration().mode()!=Mode.root) Thread.currentThread().setContextClassLoader(ProfilePublisher.class.getClassLoader());
|
||||||
profile = publisher.create(profile, resolveScopesFromTokens(tokens));
|
profile = publisher.create(profile, resolveScopesFromTokens(tokens));
|
||||||
|
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
rethrowUnchecked(e);
|
rethrowUnchecked(e);
|
||||||
} finally{
|
} finally{
|
||||||
SecurityTokenProvider.instance.set(previousToken);
|
SecurityTokenProvider.instance.set(previousToken);
|
||||||
Thread.currentThread().setContextClassLoader(contextCL);
|
if (context.container().configuration().mode()!=Mode.root) Thread.currentThread().setContextClassLoader(contextCL);
|
||||||
}
|
}
|
||||||
|
|
||||||
sharePublished(profile);
|
sharePublished(profile);
|
||||||
|
@ -129,19 +132,23 @@ public class ProfilePublisher {
|
||||||
|
|
||||||
ClassLoader contextCL = Thread.currentThread().getContextClassLoader();
|
ClassLoader contextCL = Thread.currentThread().getContextClassLoader();
|
||||||
|
|
||||||
|
log.debug("using context {}",contextCL.getClass().getSimpleName());
|
||||||
|
|
||||||
String previousToken = SecurityTokenProvider.instance.get();
|
String previousToken = SecurityTokenProvider.instance.get();
|
||||||
try{//This classloader set is needed for the jaxb context
|
try{//This classloader set is needed for the jaxb context
|
||||||
if (previousToken==null)
|
if (previousToken==null)
|
||||||
SecurityTokenProvider.instance.set((String)context.configuration().startTokens().toArray()[0]);
|
SecurityTokenProvider.instance.set((String)context.configuration().startTokens().toArray()[0]);
|
||||||
|
|
||||||
Thread.currentThread().setContextClassLoader(ProfilePublisher.class.getClassLoader());
|
if (context.container().configuration().mode()!=Mode.root)
|
||||||
|
Thread.currentThread().setContextClassLoader(ProfilePublisher.class.getClassLoader());
|
||||||
profile = publisher.update(profile);
|
profile = publisher.update(profile);
|
||||||
|
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
rethrowUnchecked(e);
|
rethrowUnchecked(e);
|
||||||
} finally{
|
} finally{
|
||||||
SecurityTokenProvider.instance.set(previousToken);
|
SecurityTokenProvider.instance.set(previousToken);
|
||||||
Thread.currentThread().setContextClassLoader(contextCL);
|
if (context.container().configuration().mode()!=Mode.root)
|
||||||
|
Thread.currentThread().setContextClassLoader(contextCL);
|
||||||
}
|
}
|
||||||
|
|
||||||
sharePublished(profile);
|
sharePublished(profile);
|
||||||
|
@ -178,18 +185,22 @@ public class ProfilePublisher {
|
||||||
|
|
||||||
ClassLoader contextCL = Thread.currentThread().getContextClassLoader();
|
ClassLoader contextCL = Thread.currentThread().getContextClassLoader();
|
||||||
|
|
||||||
|
log.debug("using context {}",contextCL.getClass().getSimpleName());
|
||||||
|
|
||||||
String previousToken = SecurityTokenProvider.instance.get();
|
String previousToken = SecurityTokenProvider.instance.get();
|
||||||
try{//This classloader set is needed for the jaxb context
|
try{//This classloader set is needed for the jaxb context
|
||||||
if (previousToken==null)
|
if (previousToken==null)
|
||||||
SecurityTokenProvider.instance.set((String)tokens.toArray()[0]);
|
SecurityTokenProvider.instance.set((String)tokens.toArray()[0]);
|
||||||
Thread.currentThread().setContextClassLoader(ProfilePublisher.class.getClassLoader());
|
if (context.container().configuration().mode()!=Mode.root)
|
||||||
|
Thread.currentThread().setContextClassLoader(ProfilePublisher.class.getClassLoader());
|
||||||
profile = publisher.remove(profile, resolveScopesFromTokens(tokens));
|
profile = publisher.remove(profile, resolveScopesFromTokens(tokens));
|
||||||
|
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
rethrowUnchecked(e);
|
rethrowUnchecked(e);
|
||||||
} finally{
|
} finally{
|
||||||
SecurityTokenProvider.instance.set(previousToken);
|
SecurityTokenProvider.instance.set(previousToken);
|
||||||
Thread.currentThread().setContextClassLoader(contextCL);
|
if (context.container().configuration().mode()!=Mode.root)
|
||||||
|
Thread.currentThread().setContextClassLoader(contextCL);
|
||||||
}
|
}
|
||||||
log.debug("after remove application profile contains scopes {}",profile.scopes().asCollection());
|
log.debug("after remove application profile contains scopes {}",profile.scopes().asCollection());
|
||||||
sharePublished(profile);
|
sharePublished(profile);
|
||||||
|
|
|
@ -42,6 +42,7 @@ public class RequestAccounting extends RequestHandler {
|
||||||
calledMethod = e.request().getRequestURI().substring(e.request().getContextPath().length());
|
calledMethod = e.request().getRequestURI().substring(e.request().getContextPath().length());
|
||||||
if (calledMethod.isEmpty())
|
if (calledMethod.isEmpty())
|
||||||
calledMethod = "/";
|
calledMethod = "/";
|
||||||
|
calledMethod= e.request().getMethod()+" "+calledMethod;
|
||||||
}
|
}
|
||||||
InnerMethodName.instance.set(calledMethod);
|
InnerMethodName.instance.set(calledMethod);
|
||||||
String caller = AuthorizationProvider.instance.get()!=null? AuthorizationProvider.instance.get().getClient().getId(): "UNKNOWN";
|
String caller = AuthorizationProvider.instance.get()!=null? AuthorizationProvider.instance.get().getClient().getId(): "UNKNOWN";
|
||||||
|
|
|
@ -6,15 +6,23 @@ import static org.gcube.smartgears.Constants.token_header;
|
||||||
import static org.gcube.smartgears.handlers.application.request.RequestError.internal_server_error;
|
import static org.gcube.smartgears.handlers.application.request.RequestError.internal_server_error;
|
||||||
import static org.gcube.smartgears.handlers.application.request.RequestError.invalid_request_error;
|
import static org.gcube.smartgears.handlers.application.request.RequestError.invalid_request_error;
|
||||||
|
|
||||||
import javax.xml.bind.DatatypeConverter;
|
import java.net.URLDecoder;
|
||||||
|
import java.nio.charset.StandardCharsets;
|
||||||
|
import java.util.ArrayList;
|
||||||
|
import java.util.Base64;
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
import javax.xml.bind.annotation.XmlRootElement;
|
import javax.xml.bind.annotation.XmlRootElement;
|
||||||
|
|
||||||
import org.gcube.common.authorization.client.exceptions.ObjectNotFound;
|
import org.gcube.common.authorization.client.exceptions.ObjectNotFound;
|
||||||
import org.gcube.common.authorization.library.AuthorizationEntry;
|
import org.gcube.common.authorization.library.AuthorizationEntry;
|
||||||
import org.gcube.common.authorization.library.provider.AuthorizationProvider;
|
import org.gcube.common.authorization.library.provider.AuthorizationProvider;
|
||||||
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
|
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
|
||||||
|
import org.gcube.common.authorization.library.provider.UmaJWTProvider;
|
||||||
|
import org.gcube.common.authorization.library.provider.UserInfo;
|
||||||
import org.gcube.common.authorization.library.utils.Caller;
|
import org.gcube.common.authorization.library.utils.Caller;
|
||||||
import org.gcube.common.scope.api.ScopeProvider;
|
import org.gcube.common.scope.api.ScopeProvider;
|
||||||
|
import org.gcube.common.scope.impl.ScopeBean;
|
||||||
import org.gcube.smartgears.Constants;
|
import org.gcube.smartgears.Constants;
|
||||||
import org.gcube.smartgears.handlers.application.RequestEvent;
|
import org.gcube.smartgears.handlers.application.RequestEvent;
|
||||||
import org.gcube.smartgears.handlers.application.RequestHandler;
|
import org.gcube.smartgears.handlers.application.RequestHandler;
|
||||||
|
@ -22,6 +30,10 @@ import org.gcube.smartgears.handlers.application.ResponseEvent;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
|
import com.eclipsesource.json.Json;
|
||||||
|
import com.eclipsesource.json.JsonArray;
|
||||||
|
import com.eclipsesource.json.JsonObject;
|
||||||
|
|
||||||
@XmlRootElement(name = Constants.request_context_retriever)
|
@XmlRootElement(name = Constants.request_context_retriever)
|
||||||
public class RequestContextRetriever extends RequestHandler {
|
public class RequestContextRetriever extends RequestHandler {
|
||||||
|
|
||||||
|
@ -41,23 +53,29 @@ public class RequestContextRetriever extends RequestHandler {
|
||||||
String token = call.request().getParameter(token_header)==null? call.request().getHeader(token_header):call.request().getParameter(token_header);
|
String token = call.request().getParameter(token_header)==null? call.request().getHeader(token_header):call.request().getParameter(token_header);
|
||||||
String scope = call.request().getParameter(scope_header)==null? call.request().getHeader(scope_header):call.request().getParameter(scope_header);
|
String scope = call.request().getParameter(scope_header)==null? call.request().getHeader(scope_header):call.request().getParameter(scope_header);
|
||||||
|
|
||||||
if (token==null && call.request().getHeader(Constants.authorization_header)!=null){
|
String authHeader = call.request().getHeader(Constants.authorization_header);
|
||||||
|
|
||||||
String authorization = call.request().getHeader(Constants.authorization_header);
|
log.trace("auth header is {}",authHeader);
|
||||||
|
|
||||||
if (authorization.contains(BASIC_AUTH_PREFIX)) {
|
String umaToken = null;
|
||||||
String base64Credentials = authorization.substring(BASIC_AUTH_PREFIX.length()).trim();
|
if (authHeader!=null && !authHeader.isEmpty()) {
|
||||||
String credentials = new String(DatatypeConverter.parseBase64Binary(base64Credentials));
|
if (authHeader.startsWith(BEARER_AUTH_PREFIX))
|
||||||
// credentials = username:password
|
umaToken = authHeader.substring(BEARER_AUTH_PREFIX.length()).trim();
|
||||||
final String[] values = credentials.split(":",2);
|
else if (token==null && authHeader.startsWith(BASIC_AUTH_PREFIX)) {
|
||||||
token = values[1];
|
String basicAuthToken = authHeader.substring(BASIC_AUTH_PREFIX.length()).trim();
|
||||||
} else if (authorization.contains(BEARER_AUTH_PREFIX))
|
String decodedAuth = new String(Base64.getDecoder().decode(basicAuthToken.getBytes()));
|
||||||
token = authorization.substring(BEARER_AUTH_PREFIX.length()).trim();
|
token = decodedAuth.split(":")[1];
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
//Gives priority to the token
|
//Gives priority to the token
|
||||||
if (token!=null)
|
if (umaToken!=null) {
|
||||||
this.retreiveAndSetInfo(token, call);
|
this.retreiveAndSetInfoUmaToken(umaToken, token, call);
|
||||||
|
} else if (token!=null)
|
||||||
|
this.retreiveAndSetInfoGcubeToken(token, call);
|
||||||
else if (scope!=null)
|
else if (scope!=null)
|
||||||
ScopeProvider.instance.set(scope);
|
ScopeProvider.instance.set(scope);
|
||||||
|
|
||||||
|
@ -67,12 +85,13 @@ public class RequestContextRetriever extends RequestHandler {
|
||||||
public void handleResponse(ResponseEvent e) {
|
public void handleResponse(ResponseEvent e) {
|
||||||
SecurityTokenProvider.instance.reset();
|
SecurityTokenProvider.instance.reset();
|
||||||
AuthorizationProvider.instance.reset();
|
AuthorizationProvider.instance.reset();
|
||||||
|
UmaJWTProvider.instance.reset();
|
||||||
ScopeProvider.instance.reset();
|
ScopeProvider.instance.reset();
|
||||||
log.debug("resetting all the Thread local for this call.");
|
log.debug("resetting all the Thread local for this call.");
|
||||||
}
|
}
|
||||||
|
|
||||||
private void retreiveAndSetInfo(String token, RequestEvent call){
|
private void retreiveAndSetInfoGcubeToken(String token, RequestEvent call){
|
||||||
log.info("retrieving context using token {} ", token);
|
log.trace("retrieving context using token {} ", token);
|
||||||
AuthorizationEntry authEntry = null;
|
AuthorizationEntry authEntry = null;
|
||||||
try{
|
try{
|
||||||
authEntry = authorizationService().get(token);
|
authEntry = authorizationService().get(token);
|
||||||
|
@ -89,4 +108,55 @@ public class RequestContextRetriever extends RequestHandler {
|
||||||
ScopeProvider.instance.set(authEntry.getContext());
|
ScopeProvider.instance.set(authEntry.getContext());
|
||||||
log.info("retrieved request authorization info {} in scope {} ", AuthorizationProvider.instance.get(), authEntry.getContext());
|
log.info("retrieved request authorization info {} in scope {} ", AuthorizationProvider.instance.get(), authEntry.getContext());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private void retreiveAndSetInfoUmaToken(String umaToken, String gcubeToken, RequestEvent call){
|
||||||
|
log.debug("using UMA token for authorization");
|
||||||
|
log.trace("retrieving context using uma token {} ", umaToken);
|
||||||
|
|
||||||
|
UmaJWTProvider.instance.set(umaToken);
|
||||||
|
SecurityTokenProvider.instance.set(gcubeToken);
|
||||||
|
parseUmaTokenAndSet(umaToken);
|
||||||
|
log.info("retrieved request authorization info {} in scope {} ", AuthorizationProvider.instance.get(), ScopeProvider.instance.get());
|
||||||
|
}
|
||||||
|
|
||||||
|
private void parseUmaTokenAndSet(String umaToken) {
|
||||||
|
|
||||||
|
String realUmaTokenEncoded = umaToken.split("\\.")[1];
|
||||||
|
|
||||||
|
String realUmaToken = new String(Base64.getDecoder().decode(realUmaTokenEncoded.getBytes()));
|
||||||
|
|
||||||
|
JsonObject object = Json.parse(realUmaToken).asObject();
|
||||||
|
String username = object.get("preferred_username").asString();
|
||||||
|
|
||||||
|
String scope = object.getString("aud", null);
|
||||||
|
|
||||||
|
log.trace("token related context is {}", scope);
|
||||||
|
|
||||||
|
JsonObject resource = object.get("resource_access").asObject();
|
||||||
|
|
||||||
|
log.trace("resource access is {}", resource.toString());
|
||||||
|
|
||||||
|
JsonObject scopeObject = resource.get(scope).asObject();
|
||||||
|
|
||||||
|
ScopeBean scopeBean = null;
|
||||||
|
try {
|
||||||
|
String decodedName = URLDecoder.decode(scope, StandardCharsets.UTF_8.toString());
|
||||||
|
scopeBean = new ScopeBean(decodedName);
|
||||||
|
}catch(Exception e){
|
||||||
|
log.error("error decoding uma token",e);
|
||||||
|
internal_server_error.fire("error contacting authorization service");
|
||||||
|
}
|
||||||
|
|
||||||
|
JsonArray roles = scopeObject.get("roles").asArray();
|
||||||
|
|
||||||
|
List<String> userRoles = new ArrayList<String>();
|
||||||
|
roles.forEach((e)->userRoles.add(e.asString()));
|
||||||
|
|
||||||
|
AuthorizationProvider.instance.set(new Caller(new UserInfo(username, userRoles), "token"));
|
||||||
|
ScopeProvider.instance.set(scopeBean.toString());
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,9 +1,7 @@
|
||||||
package org.gcube.smartgears.handlers.application.request;
|
package org.gcube.smartgears.handlers.application.request;
|
||||||
|
|
||||||
import static org.gcube.common.authorization.client.Constants.authorizationService;
|
|
||||||
import static org.gcube.smartgears.handlers.application.request.RequestError.application_failed_error;
|
import static org.gcube.smartgears.handlers.application.request.RequestError.application_failed_error;
|
||||||
import static org.gcube.smartgears.handlers.application.request.RequestError.application_unavailable_error;
|
import static org.gcube.smartgears.handlers.application.request.RequestError.application_unavailable_error;
|
||||||
import static org.gcube.smartgears.handlers.application.request.RequestError.internal_server_error;
|
|
||||||
import static org.gcube.smartgears.handlers.application.request.RequestError.invalid_request_error;
|
import static org.gcube.smartgears.handlers.application.request.RequestError.invalid_request_error;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
@ -11,12 +9,7 @@ import java.io.IOException;
|
||||||
import javax.xml.bind.annotation.XmlAttribute;
|
import javax.xml.bind.annotation.XmlAttribute;
|
||||||
import javax.xml.bind.annotation.XmlRootElement;
|
import javax.xml.bind.annotation.XmlRootElement;
|
||||||
|
|
||||||
import org.gcube.common.authorization.client.exceptions.ObjectNotFound;
|
|
||||||
import org.gcube.common.authorization.library.AuthorizationEntry;
|
|
||||||
import org.gcube.common.authorization.library.PolicyUtils;
|
|
||||||
import org.gcube.common.authorization.library.policies.Policy;
|
|
||||||
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
|
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
|
||||||
import org.gcube.common.authorization.library.provider.ServiceIdentifier;
|
|
||||||
import org.gcube.common.scope.api.ScopeProvider;
|
import org.gcube.common.scope.api.ScopeProvider;
|
||||||
import org.gcube.common.scope.impl.ScopeBean;
|
import org.gcube.common.scope.impl.ScopeBean;
|
||||||
import org.gcube.common.scope.impl.ScopeBean.Type;
|
import org.gcube.common.scope.impl.ScopeBean.Type;
|
||||||
|
@ -25,7 +18,6 @@ import org.gcube.smartgears.configuration.container.ContainerConfiguration;
|
||||||
import org.gcube.smartgears.context.application.ApplicationContext;
|
import org.gcube.smartgears.context.application.ApplicationContext;
|
||||||
import org.gcube.smartgears.handlers.application.RequestEvent;
|
import org.gcube.smartgears.handlers.application.RequestEvent;
|
||||||
import org.gcube.smartgears.handlers.application.RequestHandler;
|
import org.gcube.smartgears.handlers.application.RequestHandler;
|
||||||
import org.gcube.smartgears.utils.Utils;
|
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
|
@ -58,8 +50,8 @@ public class RequestValidator extends RequestHandler {
|
||||||
|
|
||||||
validateScopeCall();
|
validateScopeCall();
|
||||||
|
|
||||||
if (SecurityTokenProvider.instance.get()!=null)
|
/*if (SecurityTokenProvider.instance.get()!=null)
|
||||||
validatePolicy(SecurityTokenProvider.instance.get(), call);
|
validatePolicy(SecurityTokenProvider.instance.get(), call);*/
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -128,6 +120,7 @@ public class RequestValidator extends RequestHandler {
|
||||||
return getName();
|
return getName();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
private void validatePolicy(String token, RequestEvent call){
|
private void validatePolicy(String token, RequestEvent call){
|
||||||
log.info("accessing policy validator with token {} ", token);
|
log.info("accessing policy validator with token {} ", token);
|
||||||
AuthorizationEntry authEntry = null;
|
AuthorizationEntry authEntry = null;
|
||||||
|
@ -149,7 +142,7 @@ public class RequestValidator extends RequestHandler {
|
||||||
invalid_request_error.fire("rejecting call to "+context.name()+": "+authEntry.getClientInfo().getId()+" is not allowed to contact the service");
|
invalid_request_error.fire("rejecting call to "+context.name()+": "+authEntry.getClientInfo().getId()+" is not allowed to contact the service");
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}*/
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -11,6 +11,7 @@ import org.gcube.common.authorization.client.proxy.AuthorizationProxy;
|
||||||
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
|
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
|
||||||
import org.gcube.common.resources.gcore.HostingNode;
|
import org.gcube.common.resources.gcore.HostingNode;
|
||||||
import org.gcube.informationsystem.publisher.ScopedPublisher;
|
import org.gcube.informationsystem.publisher.ScopedPublisher;
|
||||||
|
import org.gcube.smartgears.configuration.Mode;
|
||||||
import org.gcube.smartgears.context.container.ContainerContext;
|
import org.gcube.smartgears.context.container.ContainerContext;
|
||||||
import org.gcube.smartgears.handlers.ProfileEvents;
|
import org.gcube.smartgears.handlers.ProfileEvents;
|
||||||
import org.gcube.smartgears.provider.ProviderFactory;
|
import org.gcube.smartgears.provider.ProviderFactory;
|
||||||
|
@ -88,18 +89,20 @@ public class ProfilePublisher {
|
||||||
}*/
|
}*/
|
||||||
|
|
||||||
ClassLoader contextCL = Thread.currentThread().getContextClassLoader();
|
ClassLoader contextCL = Thread.currentThread().getContextClassLoader();
|
||||||
|
log.debug("using context {}",contextCL.getClass().getSimpleName());
|
||||||
String previousToken = SecurityTokenProvider.instance.get();
|
String previousToken = SecurityTokenProvider.instance.get();
|
||||||
try{//This classloader set is needed for the jaxb context
|
try{//This classloader set is needed for the jaxb context
|
||||||
if (previousToken==null)
|
if (previousToken==null)
|
||||||
SecurityTokenProvider.instance.set((String)tokens.toArray()[0]);
|
SecurityTokenProvider.instance.set((String)tokens.toArray()[0]);
|
||||||
Thread.currentThread().setContextClassLoader(ProfilePublisher.class.getClassLoader());
|
if (context.configuration().mode()!=Mode.root)
|
||||||
|
Thread.currentThread().setContextClassLoader(ProfilePublisher.class.getClassLoader());
|
||||||
profile = publisher.create(profile, resolveScopesFromTokens(tokens));
|
profile = publisher.create(profile, resolveScopesFromTokens(tokens));
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
rethrowUnchecked(e);
|
rethrowUnchecked(e);
|
||||||
} finally {
|
} finally {
|
||||||
SecurityTokenProvider.instance.set(previousToken);
|
SecurityTokenProvider.instance.set(previousToken);
|
||||||
Thread.currentThread().setContextClassLoader(contextCL);
|
if (context.configuration().mode()!=Mode.root)
|
||||||
|
Thread.currentThread().setContextClassLoader(contextCL);
|
||||||
}
|
}
|
||||||
|
|
||||||
sharePublished(profile);
|
sharePublished(profile);
|
||||||
|
@ -147,19 +150,21 @@ public class ProfilePublisher {
|
||||||
log.debug("[update] resource scopes are : {} ",profile.scopes().asCollection());
|
log.debug("[update] resource scopes are : {} ",profile.scopes().asCollection());
|
||||||
|
|
||||||
ClassLoader contextCL = Thread.currentThread().getContextClassLoader();
|
ClassLoader contextCL = Thread.currentThread().getContextClassLoader();
|
||||||
|
log.debug("using context {}",contextCL.getClass().getSimpleName());
|
||||||
String previousToken = SecurityTokenProvider.instance.get();
|
String previousToken = SecurityTokenProvider.instance.get();
|
||||||
try{//This classloader set is needed for the jaxb context
|
try{//This classloader set is needed for the jaxb context
|
||||||
if (previousToken==null)
|
if (previousToken==null)
|
||||||
SecurityTokenProvider.instance.set((String)context.configuration().startTokens().toArray()[0]);
|
SecurityTokenProvider.instance.set((String)context.configuration().startTokens().toArray()[0]);
|
||||||
|
|
||||||
Thread.currentThread().setContextClassLoader(ProfilePublisher.class.getClassLoader());
|
if (context.configuration().mode()!=Mode.root)
|
||||||
|
Thread.currentThread().setContextClassLoader(ProfilePublisher.class.getClassLoader());
|
||||||
profile = publisher.update(profile);
|
profile = publisher.update(profile);
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
rethrowUnchecked(e);
|
rethrowUnchecked(e);
|
||||||
} finally {
|
} finally {
|
||||||
SecurityTokenProvider.instance.set(previousToken);
|
SecurityTokenProvider.instance.set(previousToken);
|
||||||
Thread.currentThread().setContextClassLoader(contextCL);
|
if (context.configuration().mode()!=Mode.root)
|
||||||
|
Thread.currentThread().setContextClassLoader(contextCL);
|
||||||
}
|
}
|
||||||
|
|
||||||
sharePublished(profile);
|
sharePublished(profile);
|
||||||
|
@ -198,18 +203,20 @@ public class ProfilePublisher {
|
||||||
} */
|
} */
|
||||||
|
|
||||||
ClassLoader contextCL = Thread.currentThread().getContextClassLoader();
|
ClassLoader contextCL = Thread.currentThread().getContextClassLoader();
|
||||||
|
log.debug("using context {}",contextCL.getClass().getSimpleName());
|
||||||
String previousToken = SecurityTokenProvider.instance.get();
|
String previousToken = SecurityTokenProvider.instance.get();
|
||||||
try{//This classloader set is needed for the jaxb context
|
try{//This classloader set is needed for the jaxb context
|
||||||
if (previousToken==null)
|
if (previousToken==null)
|
||||||
SecurityTokenProvider.instance.set((String)tokens.toArray()[0]);
|
SecurityTokenProvider.instance.set((String)tokens.toArray()[0]);
|
||||||
Thread.currentThread().setContextClassLoader(ProfilePublisher.class.getClassLoader());
|
if (context.configuration().mode()!=Mode.root)
|
||||||
|
Thread.currentThread().setContextClassLoader(ProfilePublisher.class.getClassLoader());
|
||||||
profile = publisher.remove(profile, resolveScopesFromTokens(tokens));
|
profile = publisher.remove(profile, resolveScopesFromTokens(tokens));
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
rethrowUnchecked(e);
|
rethrowUnchecked(e);
|
||||||
} finally {
|
} finally {
|
||||||
SecurityTokenProvider.instance.set(previousToken);
|
SecurityTokenProvider.instance.set(previousToken);
|
||||||
Thread.currentThread().setContextClassLoader(contextCL);
|
if (context.configuration().mode()!=Mode.root)
|
||||||
|
Thread.currentThread().setContextClassLoader(contextCL);
|
||||||
}
|
}
|
||||||
|
|
||||||
log.debug("after remove container profile contains scopes {}",profile.scopes().asCollection());
|
log.debug("after remove container profile contains scopes {}",profile.scopes().asCollection());
|
||||||
|
|
Loading…
Reference in New Issue