Compare commits
No commits in common. "master" and "master" have entirely different histories.
26
CHANGELOG.md
26
CHANGELOG.md
|
|
@ -2,32 +2,6 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
|
|||
|
||||
# Changelog for Common Smartgears
|
||||
|
||||
## [v3.1.6]
|
||||
|
||||
- Added Linux distribution version [#22933]
|
||||
|
||||
## [v3.1.5] - 2022-04-20
|
||||
|
||||
- Added roles to ExternalService Info on request handler verification
|
||||
|
||||
## [v3.1.4] - 2022-03-29
|
||||
|
||||
- fixes issue [#23075]
|
||||
|
||||
## [v3.1.3] - 2022-03-21
|
||||
|
||||
- fixed bug on policies
|
||||
|
||||
|
||||
## [v3.1.2] - 2022-01-19
|
||||
|
||||
- enabled policy check on smartgears
|
||||
- container configuration for test added
|
||||
|
||||
## [v3.1.1] - 2021-09-29
|
||||
|
||||
- minimal privilege granted also on empty resource_access in JWT token
|
||||
|
||||
## [v3.1.0] - 2021-05-14
|
||||
|
||||
- use of AccessTokenProvider
|
||||
|
|
|
|||
12
pom.xml
12
pom.xml
|
|
@ -11,7 +11,7 @@
|
|||
|
||||
<groupId>org.gcube.core</groupId>
|
||||
<artifactId>common-smartgears</artifactId>
|
||||
<version>3.1.6</version>
|
||||
<version>3.1.0</version>
|
||||
<name>SmartGears</name>
|
||||
|
||||
<dependencyManagement>
|
||||
|
|
@ -19,7 +19,7 @@
|
|||
<dependency>
|
||||
<groupId>org.gcube.distribution</groupId>
|
||||
<artifactId>gcube-bom</artifactId>
|
||||
<version>2.1.0</version>
|
||||
<version>2.0.1</version>
|
||||
<type>pom</type>
|
||||
<scope>import</scope>
|
||||
</dependency>
|
||||
|
|
@ -115,14 +115,6 @@
|
|||
<version>3.0.1</version>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
|
||||
<!-- Added to support Java 11 JDK -->
|
||||
<dependency>
|
||||
<groupId>javax.xml.bind</groupId>
|
||||
<artifactId>jaxb-api</artifactId>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
<!-- END Added to support Java 11 JDK -->
|
||||
|
||||
|
||||
<!-- ***************** test ******************* -->
|
||||
|
|
|
|||
|
|
@ -90,7 +90,7 @@ public class Bootstrap implements ServletContainerInitializer {
|
|||
* using gcube facilities annotation based
|
||||
* ( i.e org.gcube.common.validator.annotations)
|
||||
*/
|
||||
//context.configuration().validate();
|
||||
context.configuration().validate();
|
||||
|
||||
} catch (RuntimeException e) {
|
||||
|
||||
|
|
|
|||
|
|
@ -1,24 +0,0 @@
|
|||
package org.gcube.smartgears.handlers;
|
||||
|
||||
import java.util.Collection;
|
||||
|
||||
public class OfflineProfilePublisher implements ProfilePublisher {
|
||||
|
||||
@Override
|
||||
public void addTo(Collection<String> tokens) {
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addToAll() {
|
||||
}
|
||||
|
||||
@Override
|
||||
public void update() {
|
||||
}
|
||||
|
||||
@Override
|
||||
public void removeFrom(Collection<String> tokens) {
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
|
@ -1,23 +0,0 @@
|
|||
package org.gcube.smartgears.handlers;
|
||||
|
||||
import java.util.Collection;
|
||||
|
||||
public interface ProfilePublisher {
|
||||
|
||||
/**
|
||||
* Adds for the first time the current resource profile of the application in one or more scopes.
|
||||
* @param scopes the scopes
|
||||
*/
|
||||
void addTo(Collection<String> tokens);
|
||||
|
||||
void addToAll();
|
||||
|
||||
void update();
|
||||
|
||||
/**
|
||||
* Removes the application from one or more scopes.
|
||||
* @param scopes the scopes
|
||||
*/
|
||||
void removeFrom(Collection<String> tokens);
|
||||
|
||||
}
|
||||
|
|
@ -22,11 +22,8 @@ import org.gcube.common.events.Observes;
|
|||
import org.gcube.common.events.Observes.Kind;
|
||||
import org.gcube.common.resources.gcore.GCoreEndpoint;
|
||||
import org.gcube.smartgears.Constants;
|
||||
import org.gcube.smartgears.configuration.Mode;
|
||||
import org.gcube.smartgears.context.Property;
|
||||
import org.gcube.smartgears.context.application.ApplicationContext;
|
||||
import org.gcube.smartgears.handlers.OfflineProfilePublisher;
|
||||
import org.gcube.smartgears.handlers.ProfilePublisher;
|
||||
import org.gcube.smartgears.handlers.application.ApplicationLifecycleEvent;
|
||||
import org.gcube.smartgears.handlers.application.ApplicationLifecycleHandler;
|
||||
import org.gcube.smartgears.lifecycle.application.ApplicationLifecycle;
|
||||
|
|
@ -53,7 +50,7 @@ import org.slf4j.LoggerFactory;
|
|||
*
|
||||
* @author Fabio Simeoni
|
||||
* @see ProfileBuilder
|
||||
* @see ProfilePublisherImpl
|
||||
* @see ProfilePublisher
|
||||
*/
|
||||
@XmlRootElement(name = profile_management)
|
||||
public class ProfileManager extends ApplicationLifecycleHandler {
|
||||
|
|
@ -93,11 +90,8 @@ public class ProfileManager extends ApplicationLifecycleHandler {
|
|||
|
||||
share(profile);
|
||||
|
||||
publisher = context.container().configuration().mode()!=Mode.offline?
|
||||
new ProfilePublisherImpl(context):
|
||||
new OfflineProfilePublisher();
|
||||
|
||||
|
||||
publisher = new ProfilePublisher(context);
|
||||
|
||||
registerObservers();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -14,7 +14,6 @@ import org.gcube.common.resources.gcore.GCoreEndpoint;
|
|||
import org.gcube.informationsystem.publisher.ScopedPublisher;
|
||||
import org.gcube.smartgears.configuration.Mode;
|
||||
import org.gcube.smartgears.context.application.ApplicationContext;
|
||||
import org.gcube.smartgears.handlers.ProfilePublisher;
|
||||
import org.gcube.smartgears.provider.ProviderFactory;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
|
@ -28,9 +27,9 @@ import org.slf4j.LoggerFactory;
|
|||
* @author Fabio Simeoni
|
||||
*
|
||||
*/
|
||||
public class ProfilePublisherImpl implements ProfilePublisher {
|
||||
public class ProfilePublisher {
|
||||
|
||||
private static final Logger log = LoggerFactory.getLogger(ProfilePublisherImpl.class);
|
||||
private static final Logger log = LoggerFactory.getLogger(ProfilePublisher.class);
|
||||
|
||||
//the underlying IS publisher
|
||||
private final ScopedPublisher publisher;
|
||||
|
|
@ -43,7 +42,7 @@ public class ProfilePublisherImpl implements ProfilePublisher {
|
|||
* Creates an instance for a given application.
|
||||
* @param context the context of the application
|
||||
*/
|
||||
public ProfilePublisherImpl(ApplicationContext context) {
|
||||
public ProfilePublisher(ApplicationContext context) {
|
||||
this.context = context;
|
||||
this.publisher=ProviderFactory.provider().publisherFor(context);
|
||||
this.authProxy = ProviderFactory.provider().authorizationProxy();
|
||||
|
|
@ -53,7 +52,6 @@ public class ProfilePublisherImpl implements ProfilePublisher {
|
|||
* Adds for the first time the current resource profile of the application in one or more scopes.
|
||||
* @param scopes the scopes
|
||||
*/
|
||||
@Override
|
||||
public void addTo(Collection<String> tokens) {
|
||||
|
||||
notEmpty("tokens",tokens);
|
||||
|
|
@ -90,7 +88,7 @@ public class ProfilePublisherImpl implements ProfilePublisher {
|
|||
try{//This classloader set is needed for the jaxb context
|
||||
if (previousToken==null)
|
||||
SecurityTokenProvider.instance.set((String)tokens.toArray()[0]);
|
||||
if (context.container().configuration().mode()!=Mode.root) Thread.currentThread().setContextClassLoader(ProfilePublisherImpl.class.getClassLoader());
|
||||
if (context.container().configuration().mode()!=Mode.root) Thread.currentThread().setContextClassLoader(ProfilePublisher.class.getClassLoader());
|
||||
profile = publisher.create(profile, resolveScopesFromTokens(tokens));
|
||||
|
||||
} catch (Exception e) {
|
||||
|
|
@ -104,13 +102,11 @@ public class ProfilePublisherImpl implements ProfilePublisher {
|
|||
log.debug("shared profile with scopes {}", profile.scopes().asCollection());
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addToAll() {
|
||||
this.addTo(context.configuration().startTokens());
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public void update() {
|
||||
|
||||
|
||||
|
|
@ -144,7 +140,7 @@ public class ProfilePublisherImpl implements ProfilePublisher {
|
|||
SecurityTokenProvider.instance.set((String)context.configuration().startTokens().toArray()[0]);
|
||||
|
||||
if (context.container().configuration().mode()!=Mode.root)
|
||||
Thread.currentThread().setContextClassLoader(ProfilePublisherImpl.class.getClassLoader());
|
||||
Thread.currentThread().setContextClassLoader(ProfilePublisher.class.getClassLoader());
|
||||
profile = publisher.update(profile);
|
||||
|
||||
} catch (Exception e) {
|
||||
|
|
@ -163,7 +159,6 @@ public class ProfilePublisherImpl implements ProfilePublisher {
|
|||
* Removes the application from one or more scopes.
|
||||
* @param scopes the scopes
|
||||
*/
|
||||
@Override
|
||||
public void removeFrom(Collection<String> tokens) {
|
||||
|
||||
GCoreEndpoint profile = context.profile(GCoreEndpoint.class);
|
||||
|
|
@ -197,7 +192,7 @@ public class ProfilePublisherImpl implements ProfilePublisher {
|
|||
if (previousToken==null)
|
||||
SecurityTokenProvider.instance.set((String)tokens.toArray()[0]);
|
||||
if (context.container().configuration().mode()!=Mode.root)
|
||||
Thread.currentThread().setContextClassLoader(ProfilePublisherImpl.class.getClassLoader());
|
||||
Thread.currentThread().setContextClassLoader(ProfilePublisher.class.getClassLoader());
|
||||
profile = publisher.remove(profile, resolveScopesFromTokens(tokens));
|
||||
|
||||
} catch (Exception e) {
|
||||
|
|
@ -12,7 +12,6 @@ import org.gcube.common.authorization.library.provider.AuthorizationProvider;
|
|||
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
|
||||
import org.gcube.common.scope.api.ScopeProvider;
|
||||
import org.gcube.smartgears.Constants;
|
||||
import org.gcube.smartgears.configuration.Mode;
|
||||
import org.gcube.smartgears.context.application.ApplicationContext;
|
||||
import org.gcube.smartgears.handlers.application.RequestEvent;
|
||||
import org.gcube.smartgears.handlers.application.RequestHandler;
|
||||
|
|
@ -73,9 +72,8 @@ public class RequestAccounting extends RequestHandler {
|
|||
callerIp=e.request().getRemoteHost();
|
||||
|
||||
boolean success = e.response().getStatus()<400;
|
||||
|
||||
if (context.container().configuration().mode()!=Mode.offline)
|
||||
generateAccounting(caller,callerQualifier,callerIp==null?"UNKNOWN":callerIp , success, context);
|
||||
|
||||
generateAccounting(caller,callerQualifier,callerIp==null?"UNKNOWN":callerIp , success, context);
|
||||
|
||||
log.info("REQUEST SERVED ON {}:{}({}) CALLED FROM {}@{} IN SCOPE {} {}(CODE {}) IN {} millis",
|
||||
context.configuration().name(),context.configuration().serviceClass(), InnerMethodName.instance.get(),
|
||||
|
|
|
|||
|
|
@ -15,8 +15,6 @@ import org.gcube.common.authorization.client.exceptions.ObjectNotFound;
|
|||
import org.gcube.common.authorization.library.AuthorizationEntry;
|
||||
import org.gcube.common.authorization.library.provider.AccessTokenProvider;
|
||||
import org.gcube.common.authorization.library.provider.AuthorizationProvider;
|
||||
import org.gcube.common.authorization.library.provider.ClientInfo;
|
||||
import org.gcube.common.authorization.library.provider.ExternalServiceInfo;
|
||||
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
|
||||
import org.gcube.common.authorization.library.provider.UserInfo;
|
||||
import org.gcube.common.authorization.library.utils.Caller;
|
||||
|
|
@ -114,6 +112,7 @@ public class RequestContextRetriever extends RequestHandler {
|
|||
log.trace("retrieving context using uma token {} ", accessToken);
|
||||
|
||||
AccessTokenProvider.instance.set(accessToken);
|
||||
SecurityTokenProvider.instance.set(gcubeToken);
|
||||
parseAccessTokenAndSet(accessToken);
|
||||
log.info("retrieved request authorization info {} in scope {} ", AuthorizationProvider.instance.get(), ScopeProvider.instance.get());
|
||||
}
|
||||
|
|
@ -126,6 +125,7 @@ public class RequestContextRetriever extends RequestHandler {
|
|||
|
||||
ObjectMapper mapper = new ObjectMapper();
|
||||
|
||||
|
||||
GcubeJwt jwt = null;
|
||||
try {
|
||||
jwt = mapper.readValue(realUmaToken, GcubeJwt.class);
|
||||
|
|
@ -133,6 +133,7 @@ public class RequestContextRetriever extends RequestHandler {
|
|||
log.error("error decoding uma token",e);
|
||||
internal_server_error.fire("error parsing access token");
|
||||
}
|
||||
|
||||
|
||||
ScopeBean scopeBean = null;
|
||||
try {
|
||||
|
|
@ -142,14 +143,7 @@ public class RequestContextRetriever extends RequestHandler {
|
|||
internal_server_error.fire("invalid context in access token");
|
||||
}
|
||||
|
||||
ClientInfo clientInfo;
|
||||
if (!jwt.isExternalService())
|
||||
clientInfo = new UserInfo(jwt.getUsername(), jwt.getRoles(), jwt.getEmail(), jwt.getFirstName(), jwt.getLastName());
|
||||
else
|
||||
clientInfo = new ExternalServiceInfo(jwt.getUsername(), "unknown", jwt.getRoles());
|
||||
|
||||
log.info("caller type is {}",clientInfo.getType());
|
||||
AuthorizationProvider.instance.set(new Caller(clientInfo, "token"));
|
||||
AuthorizationProvider.instance.set(new Caller(new UserInfo(jwt.getUsername(), jwt.getRoles(), jwt.getEmail(), jwt.getFirstName(), jwt.getLastName()), "token"));
|
||||
|
||||
ScopeProvider.instance.set(scopeBean.toString());
|
||||
|
||||
|
|
|
|||
|
|
@ -1,34 +1,21 @@
|
|||
package org.gcube.smartgears.handlers.application.request;
|
||||
|
||||
import static org.gcube.common.authorization.client.Constants.authorizationService;
|
||||
import static org.gcube.smartgears.handlers.application.request.RequestError.application_failed_error;
|
||||
import static org.gcube.smartgears.handlers.application.request.RequestError.application_unavailable_error;
|
||||
import static org.gcube.smartgears.handlers.application.request.RequestError.invalid_request_error;
|
||||
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
|
||||
import javax.xml.bind.annotation.XmlAttribute;
|
||||
import javax.xml.bind.annotation.XmlRootElement;
|
||||
|
||||
import org.gcube.common.authorization.library.PolicyUtils;
|
||||
import org.gcube.common.authorization.library.policies.Policy;
|
||||
import org.gcube.common.authorization.library.policies.User2ServicePolicy;
|
||||
import org.gcube.common.authorization.library.policies.UserEntity;
|
||||
import org.gcube.common.authorization.library.provider.AccessTokenProvider;
|
||||
import org.gcube.common.authorization.library.provider.AuthorizationProvider;
|
||||
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
|
||||
import org.gcube.common.authorization.library.provider.ServiceIdentifier;
|
||||
import org.gcube.common.scope.api.ScopeProvider;
|
||||
import org.gcube.common.scope.impl.ScopeBean;
|
||||
import org.gcube.common.scope.impl.ScopeBean.Type;
|
||||
import org.gcube.smartgears.Constants;
|
||||
import org.gcube.smartgears.configuration.Mode;
|
||||
import org.gcube.smartgears.configuration.container.ContainerConfiguration;
|
||||
import org.gcube.smartgears.context.application.ApplicationContext;
|
||||
import org.gcube.smartgears.handlers.application.RequestEvent;
|
||||
import org.gcube.smartgears.handlers.application.RequestHandler;
|
||||
import org.gcube.smartgears.utils.Utils;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
|
|
@ -38,7 +25,7 @@ public class RequestValidator extends RequestHandler {
|
|||
@XmlAttribute(required=false, name="oauth")
|
||||
@Deprecated
|
||||
boolean oauthCompatibility = false;
|
||||
|
||||
|
||||
private static Logger log = LoggerFactory.getLogger(RequestValidator.class);
|
||||
|
||||
private ApplicationContext context;
|
||||
|
|
@ -47,30 +34,25 @@ public class RequestValidator extends RequestHandler {
|
|||
public String getName() {
|
||||
return Constants.request_validation;
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public void handleRequest(RequestEvent call) {
|
||||
|
||||
log.trace("executing request validator ON REQUEST");
|
||||
|
||||
log.trace("accessToken is null? {} \nGcubeToken is null ? {} \nscope rpvideris null? {}",
|
||||
AccessTokenProvider.instance.get()==null,
|
||||
SecurityTokenProvider.instance.get()==null,
|
||||
ScopeProvider.instance.get()==null);
|
||||
|
||||
context = call.context();
|
||||
|
||||
validateAgainstLifecycle(call);
|
||||
|
||||
|
||||
rejectUnauthorizedCalls(call);
|
||||
|
||||
if (context.container().configuration().mode()!=Mode.offline) {
|
||||
validateScopeCall();
|
||||
validatePolicy(ScopeProvider.instance.get(), call);
|
||||
}
|
||||
|
||||
validateScopeCall();
|
||||
|
||||
/*if (SecurityTokenProvider.instance.get()!=null)
|
||||
validatePolicy(SecurityTokenProvider.instance.get(), call);*/
|
||||
|
||||
}
|
||||
|
||||
|
||||
private void validateAgainstLifecycle(RequestEvent call) {
|
||||
|
||||
switch(context.lifecycle().state()) {
|
||||
|
|
@ -89,16 +71,16 @@ public class RequestValidator extends RequestHandler {
|
|||
}
|
||||
|
||||
private void validateScopeCall() {
|
||||
|
||||
|
||||
String scope = ScopeProvider.instance.get();
|
||||
|
||||
|
||||
if (scope == null) {
|
||||
log.warn("rejecting unscoped call to {}",context.name());
|
||||
invalid_request_error.fire("call is unscoped");
|
||||
}
|
||||
|
||||
|
||||
ScopeBean bean = new ScopeBean(scope);
|
||||
|
||||
|
||||
ContainerConfiguration conf = context.container().configuration();
|
||||
if (!conf.allowedContexts().contains(scope) &&
|
||||
!(conf.authorizeChildrenContext() && bean.is(Type.VRE) && conf.allowedContexts().contains(bean.enclosingScope().toString()) ) ) {
|
||||
|
|
@ -108,13 +90,25 @@ public class RequestValidator extends RequestHandler {
|
|||
}
|
||||
|
||||
private void rejectUnauthorizedCalls(RequestEvent call){
|
||||
|
||||
|
||||
String token = SecurityTokenProvider.instance.get();
|
||||
String accessToken = AccessTokenProvider.instance.get();
|
||||
|
||||
if (token == null && accessToken==null){
|
||||
String scope = ScopeProvider.instance.get();
|
||||
|
||||
if (token == null && scope==null){
|
||||
log.warn("rejecting call to {}, authorization required",context.name(),token);
|
||||
//if (call.context().container().configuration().authenticationEnpoint()==null){
|
||||
RequestError.request_not_authorized_error.fire(context.name()+": authorization required");
|
||||
/*}else {
|
||||
log.info("authorization enpoint found on configuration, redirecting the call");
|
||||
String recallLocation = String.format("http://%s:%d%s", call.context().container().configuration().hostname(), call.context().container().configuration().port(), call.uri());
|
||||
//call.response().setHeader("Allowed-Contexts", call.context().container().configuration().allowedContexts().toString());
|
||||
try {
|
||||
call.response().sendRedirect(context.container().configuration().authenticationEnpoint()+"?Recall-Location="+recallLocation);
|
||||
} catch (IOException e) {
|
||||
log.error("errror redirecting call",e );
|
||||
}
|
||||
}*/
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -123,47 +117,30 @@ public class RequestValidator extends RequestHandler {
|
|||
return getName();
|
||||
}
|
||||
|
||||
private void validatePolicy(String scope, RequestEvent call){
|
||||
log.info("accessing policy validator in scope {} ", scope);
|
||||
/*
|
||||
private void validatePolicy(String token, RequestEvent call){
|
||||
log.info("accessing policy validator with token {} ", token);
|
||||
AuthorizationEntry authEntry = null;
|
||||
try{
|
||||
authEntry = authorizationService().get(token);
|
||||
}catch(ObjectNotFound onf){
|
||||
log.warn("rejecting call to {}, invalid token {}",context.name(),token);
|
||||
invalid_request_error.fire(context.name()+" invalid token : "+token);
|
||||
}catch(Exception e){
|
||||
log.error("error contacting authorization service",e);
|
||||
internal_server_error.fire("error contacting authorization service");
|
||||
}
|
||||
|
||||
ServiceIdentifier serviceIdentifier = Utils.getServiceInfo(call.context()).getServiceIdentifier();
|
||||
|
||||
String previousToken = SecurityTokenProvider.instance.get();
|
||||
try {
|
||||
String serviceToken = context.configuration().startTokens().stream().findFirst().get();
|
||||
SecurityTokenProvider.instance.set(serviceToken);
|
||||
String callerId = AuthorizationProvider.instance.get().getClient().getId();
|
||||
|
||||
List<Policy> policies = Collections.emptyList();
|
||||
try {
|
||||
policies = authorizationService().getPolicies(scope);
|
||||
}catch (Exception e) {
|
||||
log.error("error contacting authorization services for policies");
|
||||
}
|
||||
|
||||
for (Policy policy: policies) {
|
||||
log.debug("policy: {}", policy.getPolicyAsString() );
|
||||
|
||||
if (PolicyUtils.isPolicyValidForClient(policy.getServiceAccess(), serviceIdentifier )) {
|
||||
boolean toReject = false;
|
||||
UserEntity entity = (((User2ServicePolicy) policy).getEntity());
|
||||
if (entity.getIdentifier()!=null)
|
||||
toReject = entity.getIdentifier().equals(callerId);
|
||||
else if (entity.getExcludes().isEmpty())
|
||||
toReject = true;
|
||||
else toReject = !entity.getExcludes().contains(callerId);
|
||||
if (toReject) {
|
||||
log.error("rejecting call to {} : {} is not allowed to contact the service ",context.name(), callerId);
|
||||
RequestError.request_not_authorized_error.fire("rejecting call to "+context.name()+" for polices: "+callerId+" is not allowed to contact the service: "+serviceIdentifier.getServiceName() );
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
}finally {
|
||||
SecurityTokenProvider.instance.set(previousToken);
|
||||
}
|
||||
}
|
||||
|
||||
for (Policy policy: authEntry.getPolicies())
|
||||
if (PolicyUtils.isPolicyValidForClient(policy.getServiceAccess(), serviceIdentifier)){
|
||||
log.error("rejecting call to {} : {} is not allowed to contact the service ",context.name(),authEntry.getClientInfo().getId());
|
||||
invalid_request_error.fire("rejecting call to "+context.name()+": "+authEntry.getClientInfo().getId()+" is not allowed to contact the service");
|
||||
}
|
||||
|
||||
}*/
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,93 +0,0 @@
|
|||
package org.gcube.smartgears.handlers.container.lifecycle;
|
||||
|
||||
import java.io.BufferedReader;
|
||||
import java.io.File;
|
||||
import java.io.FileReader;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStreamReader;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
/**
|
||||
* @author Luca Frosini (ISTI-CNR)
|
||||
*/
|
||||
public class LinuxDistributionInfo {
|
||||
|
||||
private static final Logger logger = LoggerFactory.getLogger(LinuxDistributionInfo.class);
|
||||
|
||||
public static final String LSB_RELEASE_COMMAND = "lsb_release -a";
|
||||
public static final String OS_RELEASE_FILE_PATH = "/etc/os-release";
|
||||
|
||||
protected Map<String, String> info;
|
||||
|
||||
protected Map<String, String> getInfoViaLsbReleaseCommand() throws IOException {
|
||||
logger.trace("Going to exec {}", LSB_RELEASE_COMMAND);
|
||||
Process process = Runtime.getRuntime().exec(LSB_RELEASE_COMMAND);
|
||||
BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(process.getInputStream()));
|
||||
Map<String, String> map = parseBufferedReader(bufferedReader);
|
||||
bufferedReader.close();
|
||||
return map;
|
||||
}
|
||||
|
||||
private Map<String, String> parseBufferedReader(BufferedReader bufferedReader) throws IOException {
|
||||
Map<String, String> map = new HashMap<>();
|
||||
String line = "";
|
||||
while ((line = bufferedReader.readLine()) != null) {
|
||||
String[] nameValue = parseLine(line);
|
||||
map.put(nameValue[0], nameValue[1]);
|
||||
}
|
||||
return map;
|
||||
}
|
||||
|
||||
private String[] parseLine(String line) {
|
||||
String[] splitted = line.split("=");
|
||||
if (splitted.length < 2) {
|
||||
splitted = line.split(":");
|
||||
}
|
||||
String[] ret = new String[2];
|
||||
ret[0] = splitted[0].trim();
|
||||
ret[1] = splitted[1].trim().replace("\"", "");
|
||||
return ret;
|
||||
}
|
||||
|
||||
private Map<String, String> getInfoViaFile(File file) throws IOException {
|
||||
logger.trace("Going to read file {}", file.getAbsolutePath());
|
||||
BufferedReader bufferedReader = new BufferedReader(new FileReader(file));
|
||||
Map<String, String> map = parseBufferedReader(bufferedReader);
|
||||
bufferedReader.close();
|
||||
return map;
|
||||
|
||||
}
|
||||
|
||||
protected Map<String, String> getInfoViaOsReleaseFile() throws IOException {
|
||||
File osReleaseFile = new File(OS_RELEASE_FILE_PATH);
|
||||
return getInfoViaFile(osReleaseFile);
|
||||
}
|
||||
|
||||
private Map<String, String> retriveInfo() {
|
||||
try {
|
||||
return getInfoViaLsbReleaseCommand();
|
||||
} catch (IOException e) {
|
||||
|
||||
}
|
||||
|
||||
try {
|
||||
return getInfoViaOsReleaseFile();
|
||||
}catch (IOException e) {
|
||||
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
public Map<String, String> getInfo() {
|
||||
if (info == null) {
|
||||
info = retriveInfo();
|
||||
}
|
||||
return info;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -282,15 +282,6 @@ public class ProfileBuilder {
|
|||
*/
|
||||
|
||||
|
||||
String osVersion = System.getProperty("os.name");
|
||||
if(osVersion.compareToIgnoreCase("Linux")==0) {
|
||||
LinuxDistributionInfo linuxDistributionInfo = new LinuxDistributionInfo();
|
||||
Map<String,String> info = linuxDistributionInfo.getInfo();
|
||||
for(String key : info.keySet()) {
|
||||
variables.add().keyAndValue(key, info.get(key));
|
||||
}
|
||||
}
|
||||
|
||||
variables.add().keyAndValue("Java", System.getProperty("java.version"));
|
||||
|
||||
SmartGearsConfiguration config = ProviderFactory.provider().smartgearsConfiguration();
|
||||
|
|
|
|||
|
|
@ -23,11 +23,8 @@ import javax.xml.bind.annotation.XmlRootElement;
|
|||
|
||||
import org.gcube.common.events.Observes;
|
||||
import org.gcube.common.resources.gcore.HostingNode;
|
||||
import org.gcube.smartgears.configuration.Mode;
|
||||
import org.gcube.smartgears.context.Property;
|
||||
import org.gcube.smartgears.context.container.ContainerContext;
|
||||
import org.gcube.smartgears.handlers.OfflineProfilePublisher;
|
||||
import org.gcube.smartgears.handlers.ProfilePublisher;
|
||||
import org.gcube.smartgears.handlers.container.ContainerHandler;
|
||||
import org.gcube.smartgears.handlers.container.ContainerLifecycleEvent.Start;
|
||||
import org.gcube.smartgears.lifecycle.container.ContainerLifecycle;
|
||||
|
|
@ -86,9 +83,7 @@ public class ProfileManager extends ContainerHandler {
|
|||
|
||||
share(profile);
|
||||
|
||||
publisher = context.configuration().mode()!=Mode.offline?
|
||||
new ProfilePublisherImpl(context):
|
||||
new OfflineProfilePublisher();
|
||||
publisher = new ProfilePublisher(context);
|
||||
|
||||
registerObservers();
|
||||
|
||||
|
|
|
|||
|
|
@ -14,7 +14,6 @@ import org.gcube.informationsystem.publisher.ScopedPublisher;
|
|||
import org.gcube.smartgears.configuration.Mode;
|
||||
import org.gcube.smartgears.context.container.ContainerContext;
|
||||
import org.gcube.smartgears.handlers.ProfileEvents;
|
||||
import org.gcube.smartgears.handlers.ProfilePublisher;
|
||||
import org.gcube.smartgears.provider.ProviderFactory;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
|
@ -27,9 +26,9 @@ import org.slf4j.LoggerFactory;
|
|||
* @author Fabio Simeoni
|
||||
*
|
||||
*/
|
||||
public class ProfilePublisherImpl implements ProfilePublisher {
|
||||
public class ProfilePublisher {
|
||||
|
||||
private static final Logger log = LoggerFactory.getLogger(ProfilePublisherImpl.class);
|
||||
private static final Logger log = LoggerFactory.getLogger(ProfilePublisher.class);
|
||||
|
||||
//the underlying IS publisher
|
||||
private final ScopedPublisher publisher;
|
||||
|
|
@ -42,7 +41,7 @@ public class ProfilePublisherImpl implements ProfilePublisher {
|
|||
* Creates an instance for the container.
|
||||
* @param context the context of the application
|
||||
*/
|
||||
public ProfilePublisherImpl(ContainerContext context) {
|
||||
public ProfilePublisher(ContainerContext context) {
|
||||
this.context = context;
|
||||
this.publisher=ProviderFactory.provider().publisherFor(context);
|
||||
this.authProxy = ProviderFactory.provider().authorizationProxy();
|
||||
|
|
@ -96,7 +95,7 @@ public class ProfilePublisherImpl implements ProfilePublisher {
|
|||
if (previousToken==null)
|
||||
SecurityTokenProvider.instance.set((String)tokens.toArray()[0]);
|
||||
if (context.configuration().mode()!=Mode.root)
|
||||
Thread.currentThread().setContextClassLoader(ProfilePublisherImpl.class.getClassLoader());
|
||||
Thread.currentThread().setContextClassLoader(ProfilePublisher.class.getClassLoader());
|
||||
profile = publisher.create(profile, resolveScopesFromTokens(tokens));
|
||||
} catch (Exception e) {
|
||||
rethrowUnchecked(e);
|
||||
|
|
@ -158,7 +157,7 @@ public class ProfilePublisherImpl implements ProfilePublisher {
|
|||
SecurityTokenProvider.instance.set((String)context.configuration().startTokens().toArray()[0]);
|
||||
|
||||
if (context.configuration().mode()!=Mode.root)
|
||||
Thread.currentThread().setContextClassLoader(ProfilePublisherImpl.class.getClassLoader());
|
||||
Thread.currentThread().setContextClassLoader(ProfilePublisher.class.getClassLoader());
|
||||
profile = publisher.update(profile);
|
||||
} catch (Exception e) {
|
||||
rethrowUnchecked(e);
|
||||
|
|
@ -210,7 +209,7 @@ public class ProfilePublisherImpl implements ProfilePublisher {
|
|||
if (previousToken==null)
|
||||
SecurityTokenProvider.instance.set((String)tokens.toArray()[0]);
|
||||
if (context.configuration().mode()!=Mode.root)
|
||||
Thread.currentThread().setContextClassLoader(ProfilePublisherImpl.class.getClassLoader());
|
||||
Thread.currentThread().setContextClassLoader(ProfilePublisher.class.getClassLoader());
|
||||
profile = publisher.remove(profile, resolveScopesFromTokens(tokens));
|
||||
} catch (Exception e) {
|
||||
rethrowUnchecked(e);
|
||||
|
|
@ -27,7 +27,6 @@ import org.gcube.common.authorization.client.proxy.AuthorizationProxy;
|
|||
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
|
||||
import org.gcube.common.events.Observes;
|
||||
import org.gcube.smartgears.Constants;
|
||||
import org.gcube.smartgears.configuration.Mode;
|
||||
import org.gcube.smartgears.configuration.application.ApplicationExtensions;
|
||||
import org.gcube.smartgears.configuration.application.ApplicationHandlers;
|
||||
import org.gcube.smartgears.context.application.ApplicationContext;
|
||||
|
|
@ -75,18 +74,17 @@ public class ApplicationManager {
|
|||
for (Entry<String,? extends ServletRegistration> servlet : application.getServletRegistrations().entrySet())
|
||||
log.trace("servlet {} : {} {} ", application.getServletContextName(),servlet.getKey(), servlet.getValue().getMappings());
|
||||
|
||||
|
||||
|
||||
|
||||
context.configuration().validate();
|
||||
|
||||
/* if (context.configuration().secure() &&
|
||||
container.configuration().securePort()==null)
|
||||
throw new IllegalStateException(
|
||||
String.format("Application %s cannot be managed because is declared as secure without a secure connector port declared in the container", context.application().getContextPath()));
|
||||
*/
|
||||
|
||||
if (context.container().configuration().mode()!=Mode.offline) {
|
||||
context.configuration().startTokens(generateTokensForApplication(container).stream().collect(Collectors.toSet()));
|
||||
context.configuration().validate();
|
||||
}
|
||||
|
||||
context.configuration().startTokens(generateTokensForApplication(container).stream().collect(Collectors.toSet()));
|
||||
|
||||
saveApplicationState();
|
||||
|
||||
// make context available to application in case it is gcube-aware
|
||||
|
|
|
|||
|
|
@ -21,7 +21,6 @@ import org.gcube.common.authorization.library.provider.ClientInfo;
|
|||
import org.gcube.common.authorization.library.provider.ContainerInfo;
|
||||
import org.gcube.common.events.Observes;
|
||||
import org.gcube.common.events.Observes.Kind;
|
||||
import org.gcube.smartgears.configuration.Mode;
|
||||
import org.gcube.smartgears.configuration.container.ContainerHandlers;
|
||||
import org.gcube.smartgears.context.application.ApplicationContext;
|
||||
import org.gcube.smartgears.context.container.ContainerContext;
|
||||
|
|
@ -63,10 +62,12 @@ public class ContainerManager {
|
|||
this.context = context;
|
||||
|
||||
try {
|
||||
|
||||
|
||||
if (context.configuration().mode()!=Mode.offline)
|
||||
validateContainer(context);
|
||||
// TODO Ask if is not enough that is already done in
|
||||
// Bootstrap.initialiseContainer() function;
|
||||
context.configuration().validate();
|
||||
|
||||
validateContainer(context);
|
||||
|
||||
saveContainerState();
|
||||
|
||||
|
|
@ -111,7 +112,6 @@ public class ContainerManager {
|
|||
|
||||
private void validateContainer(ContainerContext context) {
|
||||
//List<String> tokensToRemove = new ArrayList<String>();
|
||||
context.configuration().validate();
|
||||
Set<String> foundContexts= new HashSet<String>();
|
||||
|
||||
try {
|
||||
|
|
|
|||
|
|
@ -4,7 +4,6 @@ import java.io.UnsupportedEncodingException;
|
|||
import java.net.URLDecoder;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
|
@ -15,7 +14,7 @@ import org.gcube.com.fasterxml.jackson.annotation.JsonProperty;
|
|||
@JsonIgnoreProperties(ignoreUnknown = true)
|
||||
public class GcubeJwt {
|
||||
|
||||
protected final static List<String> MINIMAL_ROLES = Arrays.asList("Member");
|
||||
protected final static List<String> MINIMAL_ROLES = List.of("Member");
|
||||
|
||||
@JsonProperty("aud")
|
||||
private String context;
|
||||
|
|
@ -32,9 +31,6 @@ public class GcubeJwt {
|
|||
@JsonProperty("family_name")
|
||||
private String lastName;
|
||||
|
||||
@JsonProperty("clientId")
|
||||
private String clientId;
|
||||
|
||||
@JsonProperty("email")
|
||||
private String email;
|
||||
|
||||
|
|
@ -54,10 +50,6 @@ public class GcubeJwt {
|
|||
return username;
|
||||
}
|
||||
|
||||
public boolean isExternalService() {
|
||||
return clientId != null;
|
||||
}
|
||||
|
||||
public String getFirstName() {
|
||||
return firstName;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue