Compare commits
52 Commits
Author | SHA1 | Date |
---|---|---|
Luca Frosini | d024c129d5 | |
Roberto Cirillo | f01ee71e32 | |
Luca Frosini | 952703c780 | |
Lucio Lelii | 0bf0708efd | |
Lucio Lelii | a71d8d1fac | |
Lucio Lelii | 72a5e54edd | |
Lucio Lelii | 64d0c69ca2 | |
Lucio Lelii | 3af9a558f6 | |
Lucio Lelii | c23e98d9bb | |
Lucio Lelii | 430cf04416 | |
Lucio Lelii | b84b4fad81 | |
Lucio Lelii | e9b6a7ad25 | |
Lucio Lelii | 0fe819c2ee | |
Lucio Lelii | 4b1b6471ca | |
Lucio Lelii | 125dc5b332 | |
Lucio Lelii | 8455825bb1 | |
Lucio Lelii | 9e5746fc37 | |
lucio.lelii | 1e66ce01c0 | |
lucio.lelii | c42094df38 | |
Lucio Lelii | 3441742d44 | |
Marco Lettere | db87ad7f3b | |
lucio.lelii | 406016cd29 | |
lucio.lelii | 64c3f02996 | |
lucio.lelii | e27784741b | |
lucio.lelii | e8a32631f2 | |
lucio.lelii | bc1f02cdb5 | |
Lucio Lelii | 0ab8e327cf | |
Luca Frosini | 943dc7065b | |
user1 | 47f09fe3a5 | |
user1 | ed8e7d8811 | |
Lucio Lelii | fd766ce080 | |
Lucio Lelii | a4462eb325 | |
Luca Frosini | fd6857ab60 | |
Roberto Cirillo | 621fd9d20c | |
Luca Frosini | d2f3af7f9e | |
Luca Frosini | f17d3e107d | |
Luca Frosini | 9873a148f2 | |
Luca Frosini | 7944226cca | |
Luca Frosini | b503e017cc | |
Luca Frosini | 74dabde6f5 | |
Luca Frosini | 0f54034ef9 | |
Luca Frosini | 216f0f1389 | |
Luca Frosini | c04b3df2ff | |
Luca Frosini | f80301b867 | |
Luca Frosini | 132f249e05 | |
Luca Frosini | fb52eb958b | |
Luca Frosini | 568be1f0bb | |
Luca Frosini | 72dbecf46d | |
Luca Frosini | d462893125 | |
Lucio Lelii | 441baf14b3 | |
lucio | c1e4956764 | |
lucio | ef7c65e0fb |
43
.classpath
43
.classpath
|
@ -1,43 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<classpath>
|
||||
<classpathentry kind="src" output="target/classes" path="src/main/java">
|
||||
<attributes>
|
||||
<attribute name="optional" value="true"/>
|
||||
<attribute name="maven.pomderived" value="true"/>
|
||||
</attributes>
|
||||
</classpathentry>
|
||||
<classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources">
|
||||
<attributes>
|
||||
<attribute name="maven.pomderived" value="true"/>
|
||||
</attributes>
|
||||
</classpathentry>
|
||||
<classpathentry kind="src" output="target/test-classes" path="src/test/java">
|
||||
<attributes>
|
||||
<attribute name="optional" value="true"/>
|
||||
<attribute name="maven.pomderived" value="true"/>
|
||||
<attribute name="test" value="true"/>
|
||||
</attributes>
|
||||
</classpathentry>
|
||||
<classpathentry excluding="**" kind="src" output="target/test-classes" path="src/test/resources">
|
||||
<attributes>
|
||||
<attribute name="maven.pomderived" value="true"/>
|
||||
<attribute name="test" value="true"/>
|
||||
</attributes>
|
||||
</classpathentry>
|
||||
<classpathentry kind="src" path="target/generated-sources">
|
||||
<attributes>
|
||||
<attribute name="optional" value="true"/>
|
||||
</attributes>
|
||||
</classpathentry>
|
||||
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.8">
|
||||
<attributes>
|
||||
<attribute name="maven.pomderived" value="true"/>
|
||||
</attributes>
|
||||
</classpathentry>
|
||||
<classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER">
|
||||
<attributes>
|
||||
<attribute name="maven.pomderived" value="true"/>
|
||||
</attributes>
|
||||
</classpathentry>
|
||||
<classpathentry kind="output" path="target/classes"/>
|
||||
</classpath>
|
|
@ -0,0 +1,3 @@
|
|||
/target/
|
||||
/.classpath
|
||||
/bin/
|
|
@ -0,0 +1,3 @@
|
|||
/org.eclipse.core.resources.prefs
|
||||
/org.eclipse.jdt.core.prefs
|
||||
/org.eclipse.m2e.core.prefs
|
|
@ -0,0 +1,157 @@
|
|||
This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
||||
|
||||
# Changelog for Common Smartgears
|
||||
|
||||
## [v3.1.6]
|
||||
|
||||
- Added Linux distribution version [#22933]
|
||||
|
||||
## [v3.1.5] - 2022-04-20
|
||||
|
||||
- Added roles to ExternalService Info on request handler verification
|
||||
|
||||
## [v3.1.4] - 2022-03-29
|
||||
|
||||
- fixes issue [#23075]
|
||||
|
||||
## [v3.1.3] - 2022-03-21
|
||||
|
||||
- fixed bug on policies
|
||||
|
||||
|
||||
## [v3.1.2] - 2022-01-19
|
||||
|
||||
- enabled policy check on smartgears
|
||||
- container configuration for test added
|
||||
|
||||
## [v3.1.1] - 2021-09-29
|
||||
|
||||
- minimal privilege granted also on empty resource_access in JWT token
|
||||
|
||||
## [v3.1.0] - 2021-05-14
|
||||
|
||||
- use of AccessTokenProvider
|
||||
- use gcube-jackson instead of minimal-json for access token parsing [#21097]
|
||||
|
||||
|
||||
## [v3.0.2] - 2020-03-01
|
||||
|
||||
- check if response is already committed on error
|
||||
|
||||
|
||||
## [v3.0.1] - 2020-11-18
|
||||
|
||||
- new Uma Token integration
|
||||
|
||||
## [v3.0.0] - 2020-10-20
|
||||
|
||||
- Switched container JSON management to gcube-jackson [#19283]
|
||||
|
||||
## [v.2.2.0] - 2020-01-23
|
||||
|
||||
- Multiple token are generated in the same call in place of one per call
|
||||
|
||||
|
||||
## [v.2.1.9] - 2019-11-08
|
||||
|
||||
- Project adapted to be build with Jenkins
|
||||
|
||||
|
||||
## [v.2.1.8] - 2019-05-27
|
||||
|
||||
- Support oauth2 protocol accepting token in the auhtorization header field
|
||||
|
||||
|
||||
## [v.2.1.7] - 2019-02-26
|
||||
|
||||
- Added Proxy Address to Application Configuration
|
||||
- Added protocol to Container Configuration (http by default)
|
||||
- Changed the logs in accounting handler to log error or success and eventually error code
|
||||
|
||||
|
||||
## [v.2.1.5] - 2017-09-19
|
||||
|
||||
- Added ThreadLocal InnerMethodName to set method name from application
|
||||
|
||||
|
||||
## [v.2.1.4] - 2017-07-25
|
||||
|
||||
- Validation handler for application split in 2 different handlers: - ContextRetriever that set Token and Scope - RequestValidation that does all the required checks
|
||||
|
||||
|
||||
## [v.2.1.3] - 2017-06-06
|
||||
|
||||
- Added gcube bom dependency
|
||||
- Search for handlers in the root classpath
|
||||
|
||||
|
||||
## [v.2.1.2] - 2017-05-02
|
||||
|
||||
- Modified the Authorization filter to accept also children scope when authorizeChildrenContext is enabled on ContianerConfiguration
|
||||
- Shutdown of Accounting thread added
|
||||
|
||||
|
||||
## [v.2.1.1] - 2017-03-16
|
||||
|
||||
- Minor issue on filter exclusion fixed
|
||||
|
||||
|
||||
## [v.2.0.1] - 2016-12-15
|
||||
|
||||
- Proxy configuration added
|
||||
- Solved a bug in events registration for ProfileManager
|
||||
- Added a scheduler for period update of GCoreEnpoints
|
||||
- Exclude modified to support exclude for sub-group of handlers
|
||||
|
||||
|
||||
## [v.2.0.0] - 2016-11-07
|
||||
|
||||
- Integration with Authorization 2.0
|
||||
|
||||
|
||||
## [v.1.2.7] - 2016-05-18
|
||||
|
||||
- Removed commons-io dependency [#2355]
|
||||
|
||||
## [v.1.2.6] - 2016-04-08
|
||||
|
||||
- Added missing class for service loader of org.gcube.smartgears.handlers.container.ContainerHandler [#2474]
|
||||
- Added flush of accounting data [#1353]
|
||||
|
||||
|
||||
## [v.1.2.5] - 2016-02-08
|
||||
|
||||
- Enhanced accounting version
|
||||
|
||||
|
||||
## [v.1.2.4] - 2015-12-09
|
||||
|
||||
- Transparent accounting added on service calls
|
||||
|
||||
|
||||
## [v.1.2.3] - 2015-07-27
|
||||
|
||||
- Authorization token control added
|
||||
- Added support to HTTP Basic authorization
|
||||
|
||||
|
||||
## [v.1.2.2] - 2015-04-27
|
||||
|
||||
- Fixed available space information on ghn profile
|
||||
|
||||
|
||||
## [v.1.2.1] - 2014-02-13
|
||||
|
||||
- Scopes can be removed from container
|
||||
- Node profile set to static
|
||||
- Internal adjustments for move to Java 7
|
||||
- Wildcard allowed in exclude directives
|
||||
- Domain corrected derived in gHN profile
|
||||
- Cleaner shutdown
|
||||
- Further improvement in shutdown handling
|
||||
|
||||
|
||||
## [v.1.0.0] - 2013-10-24
|
||||
|
||||
- First Release
|
||||
|
|
@ -0,0 +1,312 @@
|
|||
# European Union Public Licence V. 1.1
|
||||
|
||||
|
||||
EUPL © the European Community 2007
|
||||
|
||||
|
||||
This European Union Public Licence (the “EUPL”) applies to the Work or Software
|
||||
(as defined below) which is provided under the terms of this Licence. Any use of
|
||||
the Work, other than as authorised under this Licence is prohibited (to the
|
||||
extent such use is covered by a right of the copyright holder of the Work).
|
||||
|
||||
The Original Work is provided under the terms of this Licence when the Licensor
|
||||
(as defined below) has placed the following notice immediately following the
|
||||
copyright notice for the Original Work:
|
||||
|
||||
Licensed under the EUPL V.1.1
|
||||
|
||||
or has expressed by any other mean his willingness to license under the EUPL.
|
||||
|
||||
|
||||
|
||||
## 1. Definitions
|
||||
|
||||
In this Licence, the following terms have the following meaning:
|
||||
|
||||
- The Licence: this Licence.
|
||||
|
||||
- The Original Work or the Software: the software distributed and/or
|
||||
communicated by the Licensor under this Licence, available as Source Code and
|
||||
also as Executable Code as the case may be.
|
||||
|
||||
- Derivative Works: the works or software that could be created by the Licensee,
|
||||
based upon the Original Work or modifications thereof. This Licence does not
|
||||
define the extent of modification or dependence on the Original Work required
|
||||
in order to classify a work as a Derivative Work; this extent is determined by
|
||||
copyright law applicable in the country mentioned in Article 15.
|
||||
|
||||
- The Work: the Original Work and/or its Derivative Works.
|
||||
|
||||
- The Source Code: the human-readable form of the Work which is the most
|
||||
convenient for people to study and modify.
|
||||
|
||||
- The Executable Code: any code which has generally been compiled and which is
|
||||
meant to be interpreted by a computer as a program.
|
||||
|
||||
- The Licensor: the natural or legal person that distributes and/or communicates
|
||||
the Work under the Licence.
|
||||
|
||||
- Contributor(s): any natural or legal person who modifies the Work under the
|
||||
Licence, or otherwise contributes to the creation of a Derivative Work.
|
||||
|
||||
- The Licensee or “You”: any natural or legal person who makes any usage of the
|
||||
Software under the terms of the Licence.
|
||||
|
||||
- Distribution and/or Communication: any act of selling, giving, lending,
|
||||
renting, distributing, communicating, transmitting, or otherwise making
|
||||
available, on-line or off-line, copies of the Work or providing access to its
|
||||
essential functionalities at the disposal of any other natural or legal
|
||||
person.
|
||||
|
||||
|
||||
|
||||
## 2. Scope of the rights granted by the Licence
|
||||
|
||||
The Licensor hereby grants You a world-wide, royalty-free, non-exclusive,
|
||||
sub-licensable licence to do the following, for the duration of copyright vested
|
||||
in the Original Work:
|
||||
|
||||
- use the Work in any circumstance and for all usage, reproduce the Work, modify
|
||||
- the Original Work, and make Derivative Works based upon the Work, communicate
|
||||
- to the public, including the right to make available or display the Work or
|
||||
- copies thereof to the public and perform publicly, as the case may be, the
|
||||
- Work, distribute the Work or copies thereof, lend and rent the Work or copies
|
||||
- thereof, sub-license rights in the Work or copies thereof.
|
||||
|
||||
Those rights can be exercised on any media, supports and formats, whether now
|
||||
known or later invented, as far as the applicable law permits so.
|
||||
|
||||
In the countries where moral rights apply, the Licensor waives his right to
|
||||
exercise his moral right to the extent allowed by law in order to make effective
|
||||
the licence of the economic rights here above listed.
|
||||
|
||||
The Licensor grants to the Licensee royalty-free, non exclusive usage rights to
|
||||
any patents held by the Licensor, to the extent necessary to make use of the
|
||||
rights granted on the Work under this Licence.
|
||||
|
||||
|
||||
|
||||
## 3. Communication of the Source Code
|
||||
|
||||
The Licensor may provide the Work either in its Source Code form, or as
|
||||
Executable Code. If the Work is provided as Executable Code, the Licensor
|
||||
provides in addition a machine-readable copy of the Source Code of the Work
|
||||
along with each copy of the Work that the Licensor distributes or indicates, in
|
||||
a notice following the copyright notice attached to the Work, a repository where
|
||||
the Source Code is easily and freely accessible for as long as the Licensor
|
||||
continues to distribute and/or communicate the Work.
|
||||
|
||||
|
||||
|
||||
## 4. Limitations on copyright
|
||||
|
||||
Nothing in this Licence is intended to deprive the Licensee of the benefits from
|
||||
any exception or limitation to the exclusive rights of the rights owners in the
|
||||
Original Work or Software, of the exhaustion of those rights or of other
|
||||
applicable limitations thereto.
|
||||
|
||||
|
||||
|
||||
## 5. Obligations of the Licensee
|
||||
|
||||
The grant of the rights mentioned above is subject to some restrictions and
|
||||
obligations imposed on the Licensee. Those obligations are the following:
|
||||
|
||||
Attribution right: the Licensee shall keep intact all copyright, patent or
|
||||
trademarks notices and all notices that refer to the Licence and to the
|
||||
disclaimer of warranties. The Licensee must include a copy of such notices and a
|
||||
copy of the Licence with every copy of the Work he/she distributes and/or
|
||||
communicates. The Licensee must cause any Derivative Work to carry prominent
|
||||
notices stating that the Work has been modified and the date of modification.
|
||||
|
||||
Copyleft clause: If the Licensee distributes and/or communicates copies of the
|
||||
Original Works or Derivative Works based upon the Original Work, this
|
||||
Distribution and/or Communication will be done under the terms of this Licence
|
||||
or of a later version of this Licence unless the Original Work is expressly
|
||||
distributed only under this version of the Licence. The Licensee (becoming
|
||||
Licensor) cannot offer or impose any additional terms or conditions on the Work
|
||||
or Derivative Work that alter or restrict the terms of the Licence.
|
||||
|
||||
Compatibility clause: If the Licensee Distributes and/or Communicates Derivative
|
||||
Works or copies thereof based upon both the Original Work and another work
|
||||
licensed under a Compatible Licence, this Distribution and/or Communication can
|
||||
be done under the terms of this Compatible Licence. For the sake of this clause,
|
||||
“Compatible Licence” refers to the licences listed in the appendix attached to
|
||||
this Licence. Should the Licensee’s obligations under the Compatible Licence
|
||||
conflict with his/her obligations under this Licence, the obligations of the
|
||||
Compatible Licence shall prevail.
|
||||
|
||||
Provision of Source Code: When distributing and/or communicating copies of the
|
||||
Work, the Licensee will provide a machine-readable copy of the Source Code or
|
||||
indicate a repository where this Source will be easily and freely available for
|
||||
as long as the Licensee continues to distribute and/or communicate the Work.
|
||||
|
||||
Legal Protection: This Licence does not grant permission to use the trade names,
|
||||
trademarks, service marks, or names of the Licensor, except as required for
|
||||
reasonable and customary use in describing the origin of the Work and
|
||||
reproducing the content of the copyright notice.
|
||||
|
||||
|
||||
|
||||
## 6. Chain of Authorship
|
||||
|
||||
The original Licensor warrants that the copyright in the Original Work granted
|
||||
hereunder is owned by him/her or licensed to him/her and that he/she has the
|
||||
power and authority to grant the Licence.
|
||||
|
||||
Each Contributor warrants that the copyright in the modifications he/she brings
|
||||
to the Work are owned by him/her or licensed to him/her and that he/she has the
|
||||
power and authority to grant the Licence.
|
||||
|
||||
Each time You accept the Licence, the original Licensor and subsequent
|
||||
Contributors grant You a licence to their contributions to the Work, under the
|
||||
terms of this Licence.
|
||||
|
||||
|
||||
|
||||
## 7. Disclaimer of Warranty
|
||||
|
||||
The Work is a work in progress, which is continuously improved by numerous
|
||||
contributors. It is not a finished work and may therefore contain defects or
|
||||
“bugs” inherent to this type of software development.
|
||||
|
||||
For the above reason, the Work is provided under the Licence on an “as is” basis
|
||||
and without warranties of any kind concerning the Work, including without
|
||||
limitation merchantability, fitness for a particular purpose, absence of defects
|
||||
or errors, accuracy, non-infringement of intellectual property rights other than
|
||||
copyright as stated in Article 6 of this Licence.
|
||||
|
||||
This disclaimer of warranty is an essential part of the Licence and a condition
|
||||
for the grant of any rights to the Work.
|
||||
|
||||
|
||||
|
||||
## 8. Disclaimer of Liability
|
||||
|
||||
Except in the cases of wilful misconduct or damages directly caused to natural
|
||||
persons, the Licensor will in no event be liable for any direct or indirect,
|
||||
material or moral, damages of any kind, arising out of the Licence or of the use
|
||||
of the Work, including without limitation, damages for loss of goodwill, work
|
||||
stoppage, computer failure or malfunction, loss of data or any commercial
|
||||
damage, even if the Licensor has been advised of the possibility of such
|
||||
damage. However, the Licensor will be liable under statutory product liability
|
||||
laws as far such laws apply to the Work.
|
||||
|
||||
|
||||
|
||||
## 9. Additional agreements
|
||||
|
||||
While distributing the Original Work or Derivative Works, You may choose to
|
||||
conclude an additional agreement to offer, and charge a fee for, acceptance of
|
||||
support, warranty, indemnity, or other liability obligations and/or services
|
||||
consistent with this Licence. However, in accepting such obligations, You may
|
||||
act only on your own behalf and on your sole responsibility, not on behalf of
|
||||
the original Licensor or any other Contributor, and only if You agree to
|
||||
indemnify, defend, and hold each Contributor harmless for any liability incurred
|
||||
by, or claims asserted against such Contributor by the fact You have accepted
|
||||
any such warranty or additional liability.
|
||||
|
||||
|
||||
|
||||
## 10. Acceptance of the Licence
|
||||
|
||||
The provisions of this Licence can be accepted by clicking on an icon “I agree”
|
||||
placed under the bottom of a window displaying the text of this Licence or by
|
||||
affirming consent in any other similar way, in accordance with the rules of
|
||||
applicable law. Clicking on that icon indicates your clear and irrevocable
|
||||
acceptance of this Licence and all of its terms and conditions.
|
||||
|
||||
Similarly, you irrevocably accept this Licence and all of its terms and
|
||||
conditions by exercising any rights granted to You by Article 2 of this Licence,
|
||||
such as the use of the Work, the creation by You of a Derivative Work or the
|
||||
Distribution and/or Communication by You of the Work or copies thereof.
|
||||
|
||||
|
||||
|
||||
## 11. Information to the public
|
||||
|
||||
In case of any Distribution and/or Communication of the Work by means of
|
||||
electronic communication by You (for example, by offering to download the Work
|
||||
from a remote location) the distribution channel or media (for example, a
|
||||
website) must at least provide to the public the information requested by the
|
||||
applicable law regarding the Licensor, the Licence and the way it may be
|
||||
accessible, concluded, stored and reproduced by the Licensee.
|
||||
|
||||
|
||||
|
||||
## 12. Termination of the Licence
|
||||
|
||||
The Licence and the rights granted hereunder will terminate automatically upon
|
||||
any breach by the Licensee of the terms of the Licence.
|
||||
|
||||
Such a termination will not terminate the licences of any person who has
|
||||
received the Work from the Licensee under the Licence, provided such persons
|
||||
remain in full compliance with the Licence.
|
||||
|
||||
|
||||
|
||||
## 13. Miscellaneous
|
||||
|
||||
Without prejudice of Article 9 above, the Licence represents the complete
|
||||
agreement between the Parties as to the Work licensed hereunder.
|
||||
|
||||
If any provision of the Licence is invalid or unenforceable under applicable
|
||||
law, this will not affect the validity or enforceability of the Licence as a
|
||||
whole. Such provision will be construed and/or reformed so as necessary to make
|
||||
it valid and enforceable.
|
||||
|
||||
The European Commission may publish other linguistic versions and/or new
|
||||
versions of this Licence, so far this is required and reasonable, without
|
||||
reducing the scope of the rights granted by the Licence. New versions of the
|
||||
Licence will be published with a unique version number.
|
||||
|
||||
All linguistic versions of this Licence, approved by the European Commission,
|
||||
have identical value. Parties can take advantage of the linguistic version of
|
||||
their choice.
|
||||
|
||||
|
||||
|
||||
## 14. Jurisdiction
|
||||
|
||||
Any litigation resulting from the interpretation of this License, arising
|
||||
between the European Commission, as a Licensor, and any Licensee, will be
|
||||
subject to the jurisdiction of the Court of Justice of the European Communities,
|
||||
as laid down in article 238 of the Treaty establishing the European Community.
|
||||
|
||||
Any litigation arising between Parties, other than the European Commission, and
|
||||
resulting from the interpretation of this License, will be subject to the
|
||||
exclusive jurisdiction of the competent court where the Licensor resides or
|
||||
conducts its primary business.
|
||||
|
||||
|
||||
|
||||
## 15. Applicable Law
|
||||
|
||||
This Licence shall be governed by the law of the European Union country where
|
||||
the Licensor resides or has his registered office.
|
||||
|
||||
This licence shall be governed by the Belgian law if:
|
||||
|
||||
- a litigation arises between the European Commission, as a Licensor, and any
|
||||
- Licensee; the Licensor, other than the European Commission, has no residence
|
||||
- or registered office inside a European Union country.
|
||||
|
||||
|
||||
|
||||
## Appendix
|
||||
|
||||
|
||||
|
||||
“Compatible Licences” according to article 5 EUPL are:
|
||||
|
||||
|
||||
- GNU General Public License (GNU GPL) v. 2
|
||||
|
||||
- Open Software License (OSL) v. 2.1, v. 3.0
|
||||
|
||||
- Common Public License v. 1.0
|
||||
|
||||
- Eclipse Public License v. 1.0
|
||||
|
||||
- Cecill v. 2.0
|
||||
|
|
@ -0,0 +1,79 @@
|
|||
# Common Smartgears
|
||||
|
||||
A core gCube library which empower a servlet container (e.g. tomcat) with a set of functionality such as:
|
||||
|
||||
- node and application infrastructure registration
|
||||
- authorization
|
||||
- accounting
|
||||
|
||||
|
||||
## Built With
|
||||
|
||||
* [OpenJDK](https://openjdk.java.net/) - The JDK used
|
||||
* [Maven](https://maven.apache.org/) - Dependency Management
|
||||
|
||||
## Documentation
|
||||
|
||||
[SmartGears](https://wiki.gcube-system.org/gcube/SmartGears)
|
||||
|
||||
## Change log
|
||||
|
||||
See [Releases](https://code-repo.d4science.org/gCubeSystem/common-smartgears/releases).
|
||||
|
||||
## Authors
|
||||
|
||||
* **Luca Frosini** ([ORCID](https://orcid.org/0000-0003-3183-2291)) - [ISTI-CNR Infrascience Group](http://nemis.isti.cnr.it/groups/infrascience)
|
||||
* **Lucio Lelii** - [ISTI-CNR Infrascience Group](http://nemis.isti.cnr.it/groups/infrascience)
|
||||
* **Fabio Simeoni** - FAO of the UN, Italy
|
||||
|
||||
|
||||
## How to Cite this Software
|
||||
|
||||
Tell people how to cite this software.
|
||||
* Cite an associated paper?
|
||||
* Use a specific BibTeX entry for the software?
|
||||
|
||||
|
||||
@Manual{,
|
||||
title = {Common Smartgears},
|
||||
author = {{Frosini, Luca}, {Lelii, Lucio}, {Simeoni, Fabio}},
|
||||
organization = {{ISTI - CNR}, {FAO}},
|
||||
address = {{Pisa, Italy}, {Roma, Italy}},
|
||||
year = 2019,
|
||||
url = {http://www.gcube-system.org/}
|
||||
}
|
||||
|
||||
## License
|
||||
|
||||
This project is licensed under the EUPL V.1.1 License - see the [LICENSE.md](LICENSE.md) file for details.
|
||||
|
||||
|
||||
## About the gCube Framework
|
||||
This software is part of the [gCubeFramework](https://www.gcube-system.org/ "gCubeFramework"): an
|
||||
open-source software toolkit used for building and operating Hybrid Data
|
||||
Infrastructures enabling the dynamic deployment of Virtual Research Environments
|
||||
by favouring the realisation of reuse oriented policies.
|
||||
|
||||
The projects leading to this software have received funding from a series of European Union programmes including:
|
||||
|
||||
- the Sixth Framework Programme for Research and Technological Development
|
||||
- DILIGENT (grant no. 004260).
|
||||
- the Seventh Framework Programme for research, technological development and demonstration
|
||||
- D4Science (grant no. 212488);
|
||||
- D4Science-II (grant no.239019);
|
||||
- ENVRI (grant no. 283465);
|
||||
- iMarine(grant no. 283644);
|
||||
- EUBrazilOpenBio (grant no. 288754).
|
||||
- the H2020 research and innovation programme
|
||||
- SoBigData (grant no. 654024);
|
||||
- PARTHENOS (grant no. 654119);
|
||||
- EGIEngage (grant no. 654142);
|
||||
- ENVRIplus (grant no. 654182);
|
||||
- BlueBRIDGE (grant no. 675680);
|
||||
- PerformFish (grant no. 727610);
|
||||
- AGINFRAplus (grant no. 731001);
|
||||
- DESIRA (grant no. 818194);
|
||||
- ARIADNEplus (grant no. 823914);
|
||||
- RISIS2 (grant no. 824091);
|
||||
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
gCube System - License
|
||||
------------------------------------------------------------
|
||||
|
||||
${gcube.license}
|
|
@ -1,70 +0,0 @@
|
|||
The gCube System - ${name}
|
||||
--------------------------------------------------
|
||||
|
||||
${description}
|
||||
|
||||
|
||||
${gcube.description}
|
||||
|
||||
${gcube.funding}
|
||||
|
||||
|
||||
Version
|
||||
--------------------------------------------------
|
||||
|
||||
${version} (${buildDate})
|
||||
|
||||
Please see the file named "changelog.xml" in this directory for the release notes.
|
||||
|
||||
|
||||
Authors
|
||||
--------------------------------------------------
|
||||
|
||||
* Fabio Simeoni (fabio.simeoni@fao.org), FAO of the UN, Italy
|
||||
* Luca Frosini (luca.frosini@isti.cnr.it), CNR, Italy
|
||||
* Lucio Lelii (lucio.lelii@isti.cnr.it), CNT, Italy
|
||||
|
||||
|
||||
Maintainers
|
||||
-----------
|
||||
|
||||
* Luca Frosini (luca.frosini@isti.cnr.it), CNR, Italy
|
||||
* Lucio Lelii (lucio.lelii@isti.cnr.it), CNT, Italy
|
||||
|
||||
|
||||
Download information
|
||||
--------------------------------------------------
|
||||
|
||||
Source code is available from SVN:
|
||||
${scm.url}
|
||||
|
||||
Binaries can be downloaded from the gCube website:
|
||||
${gcube.website}
|
||||
|
||||
|
||||
Installation
|
||||
--------------------------------------------------
|
||||
|
||||
Installation documentation is available on-line in the gCube Wiki:
|
||||
${gcube.wikiRoot}/Smartgears
|
||||
|
||||
|
||||
Documentation
|
||||
--------------------------------------------------
|
||||
|
||||
Documentation is available on-line in the gCube Wiki:
|
||||
${gcube.wikiRoot}/Smartgears
|
||||
|
||||
|
||||
Support
|
||||
--------------------------------------------------
|
||||
|
||||
Bugs and support requests can be reported in the gCube issue tracking tool:
|
||||
${gcube.issueTracking}
|
||||
|
||||
|
||||
Licensing
|
||||
--------------------------------------------------
|
||||
|
||||
This software is licensed under the terms you may find in the file named "LICENSE" in this directory.
|
||||
|
|
@ -1,68 +0,0 @@
|
|||
<ReleaseNotes>
|
||||
<Changeset component="common-smartgears-2.1.9" date="2019-03-21">
|
||||
<Change>Support oauth2 protocol accepting token in the auhtorization header field</Change>
|
||||
</Changeset>
|
||||
<Changeset component="common-smartgears-2.1.7" date="2017-01-16">
|
||||
<Change>Added Proxy Address to Application Configuration</Change>
|
||||
<Change>Added protocol to Container Configuration (http by default)</Change>
|
||||
<Change>Changed the logs in accounting handler to log error or success and eventually error code</Change>
|
||||
</Changeset>
|
||||
<Changeset component="common-smartgears-2.1.5" date="2017-07-18">
|
||||
<Change>Added ThreadLocal InnerMethodName to set method name from application</Change>
|
||||
</Changeset>
|
||||
<Changeset component="common-smartgears-2.1.4" date="2017-05-30">
|
||||
<Change>Validation handler for application split in 2 different handlers:
|
||||
- ContextRetriever that set Token and Scope
|
||||
- RequestValidation that does all the required checks
|
||||
</Change>
|
||||
</Changeset>
|
||||
<Changeset component="common-smartgears-2.1.3" date="2017-05-12">
|
||||
<Change>Added gcube bom dependency</Change>
|
||||
<Change>Search for handlers in the root classpath</Change>
|
||||
</Changeset>
|
||||
<Changeset component="common-smartgears-2.1.2" date="2017-03-22">
|
||||
<Change>Modified the Authorization filter to accept also children
|
||||
scope when authorizeChildrenContext is enabled on ContianerConfiguration</Change>
|
||||
<Change>Shutdown of Accounting thread added</Change>
|
||||
</Changeset>
|
||||
<Changeset component="common-smartgears-2.1.1" date="2017-01-25">
|
||||
<Change>Minor issue on filter exclusion fixed</Change>
|
||||
</Changeset>
|
||||
<Changeset component="common-smartgears-2.1.0" date="2016-10-24">
|
||||
<Change>proxy configuration added</Change>
|
||||
<Change>solved a bug in events registration for ProfileManager</Change>
|
||||
<Change>added a scheduler for period update of GCoreEnpoints</Change>
|
||||
<Change>Exclude modified to support exclude for sub-group of handlers</Change>
|
||||
</Changeset>
|
||||
<Changeset component="common-smartgears-2.0.0" date="2016-03-10">
|
||||
<Change>integration with Authorization 2.0</Change>
|
||||
</Changeset>
|
||||
<Changeset component="common-smartgears-1.2.6" date="2015-12-22">
|
||||
<Change>Added flush of accounting data</Change>
|
||||
</Changeset>
|
||||
<Changeset component="common-smartgears-1.2.5" date="2015-12-22">
|
||||
<Change>Changed accounting version</Change>
|
||||
</Changeset>
|
||||
<Changeset component="common-smartgears-1.2.4" date="2015-10-06">
|
||||
<Change>Transparent accounting added on service calls</Change>
|
||||
</Changeset>
|
||||
<Changeset component="common-smartgears-1.2.3" date="2015-07-27">
|
||||
<Change>Authorization token control added</Change>
|
||||
<Change>Added support to HTTP Basic authorization</Change>
|
||||
</Changeset>
|
||||
<Changeset component="common-smartgears-1.2.2" date="2015-04-27">
|
||||
<Change>Fixed available space information on ghn profile</Change>
|
||||
</Changeset>
|
||||
<Changeset component="common-smartgears-1.2.1" date="2014-02-13">
|
||||
<Change>scopes can be removed from container</Change>
|
||||
<Change>node profile set to static</Change>
|
||||
<Change>internal adjustments for move to Java 7</Change>
|
||||
<Change>wildcard allowed in exclude directives</Change>
|
||||
<Change>domain corrected derived in gHN profile</Change>
|
||||
<Change>cleaner shutdown</Change>
|
||||
<Change>further improvement in shutdown handling</Change>
|
||||
</Changeset>
|
||||
<Changeset component="common-smartgears-1.0.0" date="2013-10-24">
|
||||
<Change>First Release</Change>
|
||||
</Changeset>
|
||||
</ReleaseNotes>
|
|
@ -1,31 +0,0 @@
|
|||
<assembly
|
||||
xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0 http://maven.apache.org/xsd/assembly-1.1.0.xsd">
|
||||
<id>servicearchive</id>
|
||||
<formats>
|
||||
<format>tar.gz</format>
|
||||
</formats>
|
||||
<baseDirectory>/</baseDirectory>
|
||||
<fileSets>
|
||||
<fileSet>
|
||||
<directory>${distroDirectory}</directory>
|
||||
<outputDirectory>${file.separator}</outputDirectory>
|
||||
<useDefaultExcludes>true</useDefaultExcludes>
|
||||
<includes>
|
||||
<include>README</include>
|
||||
<include>LICENSE</include>
|
||||
<include>changelog.xml</include>
|
||||
<include>profile.xml</include>
|
||||
</includes>
|
||||
<fileMode>755</fileMode>
|
||||
<filtered>true</filtered>
|
||||
</fileSet>
|
||||
</fileSets>
|
||||
<files>
|
||||
<file>
|
||||
<source>target${file.separator}${build.finalName}.${project.packaging}</source>
|
||||
<outputDirectory>${file.separator}${artifactId}</outputDirectory>
|
||||
</file>
|
||||
</files>
|
||||
</assembly>
|
66
pom.xml
66
pom.xml
|
@ -11,7 +11,7 @@
|
|||
|
||||
<groupId>org.gcube.core</groupId>
|
||||
<artifactId>common-smartgears</artifactId>
|
||||
<version>2.1.10</version>
|
||||
<version>3.1.6</version>
|
||||
<name>SmartGears</name>
|
||||
|
||||
<dependencyManagement>
|
||||
|
@ -19,7 +19,7 @@
|
|||
<dependency>
|
||||
<groupId>org.gcube.distribution</groupId>
|
||||
<artifactId>gcube-bom</artifactId>
|
||||
<version>LATEST</version>
|
||||
<version>2.1.0</version>
|
||||
<type>pom</type>
|
||||
<scope>import</scope>
|
||||
</dependency>
|
||||
|
@ -34,13 +34,29 @@
|
|||
</properties>
|
||||
|
||||
<scm>
|
||||
<connection>scm:git:https://code-repo.d4science.org/gCubeSystem/commmon-smartgears.git</connection>
|
||||
<developerConnection>scm:git:https://code-repo.d4science.org/gCubeSystem/commmon-smartgears.git</developerConnection>
|
||||
<url>https://code-repo.d4science.org/gCubeSystem/commmon-smartgears</url>
|
||||
<connection>scm:git:https://code-repo.d4science.org/gCubeSystem/common-smartgears.git</connection>
|
||||
<developerConnection>scm:git:https://code-repo.d4science.org/gCubeSystem/common-smartgears.git</developerConnection>
|
||||
<url>https://code-repo.d4science.org/gCubeSystem/common-smartgears</url>
|
||||
</scm>
|
||||
|
||||
<dependencies>
|
||||
|
||||
<!-- gCube Jackson -->
|
||||
<dependency>
|
||||
<groupId>org.gcube.common</groupId>
|
||||
<artifactId>gcube-jackson-databind</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.gcube.common</groupId>
|
||||
<artifactId>gcube-jackson-annotations</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.gcube.common</groupId>
|
||||
<artifactId>gcube-jackson-core</artifactId>
|
||||
</dependency>
|
||||
<!-- END gCube Jackson -->
|
||||
|
||||
|
||||
<dependency>
|
||||
<groupId>org.gcube.common</groupId>
|
||||
<artifactId>authorization-client</artifactId>
|
||||
|
@ -79,7 +95,7 @@
|
|||
<dependency>
|
||||
<groupId>org.gcube.core</groupId>
|
||||
<artifactId>common-validator</artifactId>
|
||||
<version>[1.0.0-SNAPSHOT,2.0.0-SNAPSHOT)</version>
|
||||
<version>[1.0.0,2.0.0-SNAPSHOT)</version>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
|
@ -90,7 +106,7 @@
|
|||
<dependency>
|
||||
<groupId>org.gcube.core</groupId>
|
||||
<artifactId>common-events</artifactId>
|
||||
<version>[1.0.0-SNAPSHOT,2.0.0-SNAPSHOT)</version>
|
||||
<version>[1.0.0,2.0.0-SNAPSHOT)</version>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
|
@ -99,6 +115,14 @@
|
|||
<version>3.0.1</version>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
|
||||
<!-- Added to support Java 11 JDK -->
|
||||
<dependency>
|
||||
<groupId>javax.xml.bind</groupId>
|
||||
<artifactId>jaxb-api</artifactId>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
<!-- END Added to support Java 11 JDK -->
|
||||
|
||||
|
||||
<!-- ***************** test ******************* -->
|
||||
|
@ -165,7 +189,6 @@
|
|||
<dependency>
|
||||
<groupId>ch.qos.logback</groupId>
|
||||
<artifactId>logback-classic</artifactId>
|
||||
<version>1.2.3</version>
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
|
||||
|
@ -181,29 +204,10 @@
|
|||
<build>
|
||||
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-assembly-plugin</artifactId>
|
||||
<configuration>
|
||||
<descriptors>
|
||||
<descriptor>${distroDirectory}/descriptor.xml</descriptor>
|
||||
</descriptors>
|
||||
</configuration>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>servicearchive</id>
|
||||
<phase>install</phase>
|
||||
<goals>
|
||||
<goal>single</goal>
|
||||
</goals>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
|
||||
<!-- excludes probe package from jar -->
|
||||
<plugin>
|
||||
<artifactId>maven-jar-plugin</artifactId>
|
||||
<version>2.3.2</version>
|
||||
<!-- version>2.3.2</version -->
|
||||
<executions>
|
||||
<execution>
|
||||
<id>default-jar</id>
|
||||
|
@ -224,7 +228,7 @@
|
|||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-war-plugin</artifactId>
|
||||
<version>2.4</version>
|
||||
<!-- version>2.4</version -->
|
||||
<configuration>
|
||||
<primaryArtifact>false</primaryArtifact>
|
||||
<classifier>probe</classifier>
|
||||
|
@ -247,7 +251,7 @@
|
|||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-surefire-plugin</artifactId>
|
||||
<version>2.15</version>
|
||||
<!-- version>2.15</version -->
|
||||
<configuration>
|
||||
<!-- tomcat annotation discovery won't work with the default manifest-only
|
||||
jar -->
|
||||
|
@ -286,4 +290,4 @@
|
|||
|
||||
</plugins>
|
||||
</build>
|
||||
</project>
|
||||
</project>
|
||||
|
|
|
@ -90,7 +90,7 @@ public class Bootstrap implements ServletContainerInitializer {
|
|||
* using gcube facilities annotation based
|
||||
* ( i.e org.gcube.common.validator.annotations)
|
||||
*/
|
||||
context.configuration().validate();
|
||||
//context.configuration().validate();
|
||||
|
||||
} catch (RuntimeException e) {
|
||||
|
||||
|
|
|
@ -8,5 +8,6 @@ package org.gcube.smartgears.configuration;
|
|||
*/
|
||||
public enum Mode {
|
||||
online,
|
||||
offline
|
||||
offline,
|
||||
root
|
||||
}
|
|
@ -15,7 +15,7 @@ import org.slf4j.LoggerFactory;
|
|||
/**
|
||||
*
|
||||
* @author Fabio Simeoni
|
||||
* @author Luca Frosini (ISTI - CNR) http://www.lucafrosini.com/
|
||||
* @author Luca Frosini (ISTI - CNR)
|
||||
*/
|
||||
public class BridgedApplicationConfiguration implements ApplicationConfiguration {
|
||||
|
||||
|
|
|
@ -28,7 +28,7 @@ import org.gcube.smartgears.persistence.Persistence;
|
|||
* Includes the list of its client services.
|
||||
*
|
||||
* @author Fabio Simeoni
|
||||
* @author Luca Frosini (ISTI - CNR) http://www.lucafrosini.com/
|
||||
* @author Luca Frosini (ISTI - CNR)
|
||||
*
|
||||
*/
|
||||
@XmlRootElement(name="application")
|
||||
|
|
|
@ -32,7 +32,7 @@ import org.gcube.smartgears.persistence.Persistence;
|
|||
* The configuration of the container.
|
||||
*
|
||||
* @author Fabio Simeoni
|
||||
* @author Luca Frosini (ISTI - CNR) http://www.lucafrosini.com/
|
||||
* @author Luca Frosini (ISTI - CNR)
|
||||
*/
|
||||
@XmlRootElement(name="container")
|
||||
public class ContainerConfiguration {
|
||||
|
|
|
@ -0,0 +1,24 @@
|
|||
package org.gcube.smartgears.handlers;
|
||||
|
||||
import java.util.Collection;
|
||||
|
||||
public class OfflineProfilePublisher implements ProfilePublisher {
|
||||
|
||||
@Override
|
||||
public void addTo(Collection<String> tokens) {
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addToAll() {
|
||||
}
|
||||
|
||||
@Override
|
||||
public void update() {
|
||||
}
|
||||
|
||||
@Override
|
||||
public void removeFrom(Collection<String> tokens) {
|
||||
}
|
||||
|
||||
|
||||
}
|
|
@ -0,0 +1,23 @@
|
|||
package org.gcube.smartgears.handlers;
|
||||
|
||||
import java.util.Collection;
|
||||
|
||||
public interface ProfilePublisher {
|
||||
|
||||
/**
|
||||
* Adds for the first time the current resource profile of the application in one or more scopes.
|
||||
* @param scopes the scopes
|
||||
*/
|
||||
void addTo(Collection<String> tokens);
|
||||
|
||||
void addToAll();
|
||||
|
||||
void update();
|
||||
|
||||
/**
|
||||
* Removes the application from one or more scopes.
|
||||
* @param scopes the scopes
|
||||
*/
|
||||
void removeFrom(Collection<String> tokens);
|
||||
|
||||
}
|
|
@ -12,14 +12,12 @@ import org.gcube.common.resources.gcore.HostingNode;
|
|||
import org.gcube.smartgears.configuration.application.ApplicationConfiguration;
|
||||
import org.gcube.smartgears.configuration.container.ContainerConfiguration;
|
||||
import org.gcube.smartgears.context.application.ApplicationContext;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
public class ProfileBuilder {
|
||||
|
||||
private static List<String> servletExcludes = Arrays.asList("default","jsp");
|
||||
|
||||
private static final Logger log = LoggerFactory.getLogger(ProfileBuilder.class);
|
||||
// private static final Logger log = LoggerFactory.getLogger(ProfileBuilder.class);
|
||||
|
||||
private ApplicationContext context;
|
||||
|
||||
|
|
|
@ -22,8 +22,11 @@ import org.gcube.common.events.Observes;
|
|||
import org.gcube.common.events.Observes.Kind;
|
||||
import org.gcube.common.resources.gcore.GCoreEndpoint;
|
||||
import org.gcube.smartgears.Constants;
|
||||
import org.gcube.smartgears.configuration.Mode;
|
||||
import org.gcube.smartgears.context.Property;
|
||||
import org.gcube.smartgears.context.application.ApplicationContext;
|
||||
import org.gcube.smartgears.handlers.OfflineProfilePublisher;
|
||||
import org.gcube.smartgears.handlers.ProfilePublisher;
|
||||
import org.gcube.smartgears.handlers.application.ApplicationLifecycleEvent;
|
||||
import org.gcube.smartgears.handlers.application.ApplicationLifecycleHandler;
|
||||
import org.gcube.smartgears.lifecycle.application.ApplicationLifecycle;
|
||||
|
@ -50,7 +53,7 @@ import org.slf4j.LoggerFactory;
|
|||
*
|
||||
* @author Fabio Simeoni
|
||||
* @see ProfileBuilder
|
||||
* @see ProfilePublisher
|
||||
* @see ProfilePublisherImpl
|
||||
*/
|
||||
@XmlRootElement(name = profile_management)
|
||||
public class ProfileManager extends ApplicationLifecycleHandler {
|
||||
|
@ -90,8 +93,11 @@ public class ProfileManager extends ApplicationLifecycleHandler {
|
|||
|
||||
share(profile);
|
||||
|
||||
publisher = new ProfilePublisher(context);
|
||||
|
||||
publisher = context.container().configuration().mode()!=Mode.offline?
|
||||
new ProfilePublisherImpl(context):
|
||||
new OfflineProfilePublisher();
|
||||
|
||||
|
||||
registerObservers();
|
||||
}
|
||||
|
||||
|
|
|
@ -12,7 +12,9 @@ import org.gcube.common.authorization.client.proxy.AuthorizationProxy;
|
|||
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
|
||||
import org.gcube.common.resources.gcore.GCoreEndpoint;
|
||||
import org.gcube.informationsystem.publisher.ScopedPublisher;
|
||||
import org.gcube.smartgears.configuration.Mode;
|
||||
import org.gcube.smartgears.context.application.ApplicationContext;
|
||||
import org.gcube.smartgears.handlers.ProfilePublisher;
|
||||
import org.gcube.smartgears.provider.ProviderFactory;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
@ -26,9 +28,9 @@ import org.slf4j.LoggerFactory;
|
|||
* @author Fabio Simeoni
|
||||
*
|
||||
*/
|
||||
public class ProfilePublisher {
|
||||
public class ProfilePublisherImpl implements ProfilePublisher {
|
||||
|
||||
private static final Logger log = LoggerFactory.getLogger(ProfilePublisher.class);
|
||||
private static final Logger log = LoggerFactory.getLogger(ProfilePublisherImpl.class);
|
||||
|
||||
//the underlying IS publisher
|
||||
private final ScopedPublisher publisher;
|
||||
|
@ -41,7 +43,7 @@ public class ProfilePublisher {
|
|||
* Creates an instance for a given application.
|
||||
* @param context the context of the application
|
||||
*/
|
||||
public ProfilePublisher(ApplicationContext context) {
|
||||
public ProfilePublisherImpl(ApplicationContext context) {
|
||||
this.context = context;
|
||||
this.publisher=ProviderFactory.provider().publisherFor(context);
|
||||
this.authProxy = ProviderFactory.provider().authorizationProxy();
|
||||
|
@ -51,6 +53,7 @@ public class ProfilePublisher {
|
|||
* Adds for the first time the current resource profile of the application in one or more scopes.
|
||||
* @param scopes the scopes
|
||||
*/
|
||||
@Override
|
||||
public void addTo(Collection<String> tokens) {
|
||||
|
||||
notEmpty("tokens",tokens);
|
||||
|
@ -78,32 +81,36 @@ public class ProfilePublisher {
|
|||
SecurityTokenProvider.instance.set(previousToken);
|
||||
}
|
||||
*/
|
||||
|
||||
|
||||
ClassLoader contextCL = Thread.currentThread().getContextClassLoader();
|
||||
|
||||
log.debug("using context {}",contextCL.getClass().getSimpleName());
|
||||
|
||||
String previousToken = SecurityTokenProvider.instance.get();
|
||||
try{//This classloader set is needed for the jaxb context
|
||||
if (previousToken==null)
|
||||
SecurityTokenProvider.instance.set((String)tokens.toArray()[0]);
|
||||
Thread.currentThread().setContextClassLoader(ProfilePublisher.class.getClassLoader());
|
||||
if (context.container().configuration().mode()!=Mode.root) Thread.currentThread().setContextClassLoader(ProfilePublisherImpl.class.getClassLoader());
|
||||
profile = publisher.create(profile, resolveScopesFromTokens(tokens));
|
||||
|
||||
} catch (Exception e) {
|
||||
rethrowUnchecked(e);
|
||||
} finally{
|
||||
SecurityTokenProvider.instance.set(previousToken);
|
||||
Thread.currentThread().setContextClassLoader(contextCL);
|
||||
if (context.container().configuration().mode()!=Mode.root) Thread.currentThread().setContextClassLoader(contextCL);
|
||||
}
|
||||
|
||||
sharePublished(profile);
|
||||
log.debug("shared profile with scopes {}", profile.scopes().asCollection());
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addToAll() {
|
||||
this.addTo(context.configuration().startTokens());
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public void update() {
|
||||
|
||||
|
||||
|
@ -129,19 +136,23 @@ public class ProfilePublisher {
|
|||
|
||||
ClassLoader contextCL = Thread.currentThread().getContextClassLoader();
|
||||
|
||||
log.debug("using context {}",contextCL.getClass().getSimpleName());
|
||||
|
||||
String previousToken = SecurityTokenProvider.instance.get();
|
||||
try{//This classloader set is needed for the jaxb context
|
||||
if (previousToken==null)
|
||||
SecurityTokenProvider.instance.set((String)context.configuration().startTokens().toArray()[0]);
|
||||
|
||||
Thread.currentThread().setContextClassLoader(ProfilePublisher.class.getClassLoader());
|
||||
if (context.container().configuration().mode()!=Mode.root)
|
||||
Thread.currentThread().setContextClassLoader(ProfilePublisherImpl.class.getClassLoader());
|
||||
profile = publisher.update(profile);
|
||||
|
||||
} catch (Exception e) {
|
||||
rethrowUnchecked(e);
|
||||
} finally{
|
||||
SecurityTokenProvider.instance.set(previousToken);
|
||||
Thread.currentThread().setContextClassLoader(contextCL);
|
||||
if (context.container().configuration().mode()!=Mode.root)
|
||||
Thread.currentThread().setContextClassLoader(contextCL);
|
||||
}
|
||||
|
||||
sharePublished(profile);
|
||||
|
@ -152,6 +163,7 @@ public class ProfilePublisher {
|
|||
* Removes the application from one or more scopes.
|
||||
* @param scopes the scopes
|
||||
*/
|
||||
@Override
|
||||
public void removeFrom(Collection<String> tokens) {
|
||||
|
||||
GCoreEndpoint profile = context.profile(GCoreEndpoint.class);
|
||||
|
@ -178,18 +190,22 @@ public class ProfilePublisher {
|
|||
|
||||
ClassLoader contextCL = Thread.currentThread().getContextClassLoader();
|
||||
|
||||
log.debug("using context {}",contextCL.getClass().getSimpleName());
|
||||
|
||||
String previousToken = SecurityTokenProvider.instance.get();
|
||||
try{//This classloader set is needed for the jaxb context
|
||||
if (previousToken==null)
|
||||
SecurityTokenProvider.instance.set((String)tokens.toArray()[0]);
|
||||
Thread.currentThread().setContextClassLoader(ProfilePublisher.class.getClassLoader());
|
||||
if (context.container().configuration().mode()!=Mode.root)
|
||||
Thread.currentThread().setContextClassLoader(ProfilePublisherImpl.class.getClassLoader());
|
||||
profile = publisher.remove(profile, resolveScopesFromTokens(tokens));
|
||||
|
||||
} catch (Exception e) {
|
||||
rethrowUnchecked(e);
|
||||
} finally{
|
||||
SecurityTokenProvider.instance.set(previousToken);
|
||||
Thread.currentThread().setContextClassLoader(contextCL);
|
||||
if (context.container().configuration().mode()!=Mode.root)
|
||||
Thread.currentThread().setContextClassLoader(contextCL);
|
||||
}
|
||||
log.debug("after remove application profile contains scopes {}",profile.scopes().asCollection());
|
||||
sharePublished(profile);
|
|
@ -12,6 +12,7 @@ import org.gcube.common.authorization.library.provider.AuthorizationProvider;
|
|||
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
|
||||
import org.gcube.common.scope.api.ScopeProvider;
|
||||
import org.gcube.smartgears.Constants;
|
||||
import org.gcube.smartgears.configuration.Mode;
|
||||
import org.gcube.smartgears.context.application.ApplicationContext;
|
||||
import org.gcube.smartgears.handlers.application.RequestEvent;
|
||||
import org.gcube.smartgears.handlers.application.RequestHandler;
|
||||
|
@ -42,6 +43,7 @@ public class RequestAccounting extends RequestHandler {
|
|||
calledMethod = e.request().getRequestURI().substring(e.request().getContextPath().length());
|
||||
if (calledMethod.isEmpty())
|
||||
calledMethod = "/";
|
||||
calledMethod= e.request().getMethod()+" "+calledMethod;
|
||||
}
|
||||
InnerMethodName.instance.set(calledMethod);
|
||||
String caller = AuthorizationProvider.instance.get()!=null? AuthorizationProvider.instance.get().getClient().getId(): "UNKNOWN";
|
||||
|
@ -71,8 +73,9 @@ public class RequestAccounting extends RequestHandler {
|
|||
callerIp=e.request().getRemoteHost();
|
||||
|
||||
boolean success = e.response().getStatus()<400;
|
||||
|
||||
generateAccounting(caller,callerQualifier,callerIp==null?"UNKNOWN":callerIp , success, context);
|
||||
|
||||
if (context.container().configuration().mode()!=Mode.offline)
|
||||
generateAccounting(caller,callerQualifier,callerIp==null?"UNKNOWN":callerIp , success, context);
|
||||
|
||||
log.info("REQUEST SERVED ON {}:{}({}) CALLED FROM {}@{} IN SCOPE {} {}(CODE {}) IN {} millis",
|
||||
context.configuration().name(),context.configuration().serviceClass(), InnerMethodName.instance.get(),
|
||||
|
|
|
@ -6,19 +6,27 @@ import static org.gcube.smartgears.Constants.token_header;
|
|||
import static org.gcube.smartgears.handlers.application.request.RequestError.internal_server_error;
|
||||
import static org.gcube.smartgears.handlers.application.request.RequestError.invalid_request_error;
|
||||
|
||||
import javax.xml.bind.DatatypeConverter;
|
||||
import java.util.Base64;
|
||||
|
||||
import javax.xml.bind.annotation.XmlRootElement;
|
||||
|
||||
import org.gcube.com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import org.gcube.common.authorization.client.exceptions.ObjectNotFound;
|
||||
import org.gcube.common.authorization.library.AuthorizationEntry;
|
||||
import org.gcube.common.authorization.library.provider.AccessTokenProvider;
|
||||
import org.gcube.common.authorization.library.provider.AuthorizationProvider;
|
||||
import org.gcube.common.authorization.library.provider.ClientInfo;
|
||||
import org.gcube.common.authorization.library.provider.ExternalServiceInfo;
|
||||
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
|
||||
import org.gcube.common.authorization.library.provider.UserInfo;
|
||||
import org.gcube.common.authorization.library.utils.Caller;
|
||||
import org.gcube.common.scope.api.ScopeProvider;
|
||||
import org.gcube.common.scope.impl.ScopeBean;
|
||||
import org.gcube.smartgears.Constants;
|
||||
import org.gcube.smartgears.handlers.application.RequestEvent;
|
||||
import org.gcube.smartgears.handlers.application.RequestHandler;
|
||||
import org.gcube.smartgears.handlers.application.ResponseEvent;
|
||||
import org.gcube.smartgears.utils.GcubeJwt;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
|
@ -40,42 +48,53 @@ public class RequestContextRetriever extends RequestHandler {
|
|||
public void handleRequest(RequestEvent call) {
|
||||
String token = call.request().getParameter(token_header)==null? call.request().getHeader(token_header):call.request().getParameter(token_header);
|
||||
String scope = call.request().getParameter(scope_header)==null? call.request().getHeader(scope_header):call.request().getParameter(scope_header);
|
||||
|
||||
if (token==null && call.request().getHeader(Constants.authorization_header)!=null){
|
||||
|
||||
String authorization = call.request().getHeader(Constants.authorization_header);
|
||||
|
||||
if (authorization.contains(BASIC_AUTH_PREFIX)) {
|
||||
String base64Credentials = authorization.substring(BASIC_AUTH_PREFIX.length()).trim();
|
||||
String credentials = new String(DatatypeConverter.parseBase64Binary(base64Credentials));
|
||||
// credentials = username:password
|
||||
final String[] values = credentials.split(":",2);
|
||||
token = values[1];
|
||||
} else if (authorization.contains(BEARER_AUTH_PREFIX))
|
||||
token = authorization.substring(BEARER_AUTH_PREFIX.length()).trim();
|
||||
|
||||
String authHeader = call.request().getHeader(Constants.authorization_header);
|
||||
|
||||
log.trace("authorization header is {}",authHeader);
|
||||
log.trace("token header is {}",token);
|
||||
log.trace("scope header is {}",scope);
|
||||
|
||||
String retrievedUser = null;
|
||||
String accessToken = null;
|
||||
if (authHeader!=null && !authHeader.isEmpty()) {
|
||||
if (authHeader.startsWith(BEARER_AUTH_PREFIX))
|
||||
accessToken = authHeader.substring(BEARER_AUTH_PREFIX.length()).trim();
|
||||
else if (token==null && authHeader.startsWith(BASIC_AUTH_PREFIX)) {
|
||||
String basicAuthToken = authHeader.substring(BASIC_AUTH_PREFIX.length()).trim();
|
||||
String decodedAuth = new String(Base64.getDecoder().decode(basicAuthToken.getBytes()));
|
||||
String[] splitAuth = decodedAuth.split(":");
|
||||
token = splitAuth[1];
|
||||
retrievedUser = splitAuth[0];
|
||||
}
|
||||
}
|
||||
|
||||
//Gives priority to the token
|
||||
if (token!=null)
|
||||
this.retreiveAndSetInfo(token, call);
|
||||
|
||||
//Gives priority to the umaToken
|
||||
if (accessToken!=null) {
|
||||
this.retreiveAndSetInfoUmaToken(accessToken, token, call);
|
||||
} else if (token!=null)
|
||||
this.retreiveAndSetInfoGcubeToken(token, retrievedUser, call);
|
||||
else if (scope!=null)
|
||||
ScopeProvider.instance.set(scope);
|
||||
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public void handleResponse(ResponseEvent e) {
|
||||
SecurityTokenProvider.instance.reset();
|
||||
AuthorizationProvider.instance.reset();
|
||||
AccessTokenProvider.instance.reset();
|
||||
ScopeProvider.instance.reset();
|
||||
log.debug("resetting all the Thread local for this call.");
|
||||
}
|
||||
|
||||
private void retreiveAndSetInfo(String token, RequestEvent call){
|
||||
log.info("retrieving context using token {} ", token);
|
||||
private void retreiveAndSetInfoGcubeToken(String token, String retrievedUser, RequestEvent call){
|
||||
log.trace("retrieving context using token {} ", token);
|
||||
AuthorizationEntry authEntry = null;
|
||||
try{
|
||||
authEntry = authorizationService().get(token);
|
||||
if (retrievedUser != null && !authEntry.getClientInfo().getId().equals(retrievedUser))
|
||||
throw new Exception("user and token owner are not the same");
|
||||
}catch(ObjectNotFound onf){
|
||||
log.warn("rejecting call to {}, invalid token {}",call.context().name(),token);
|
||||
invalid_request_error.fire(call.context().name()+" invalid token : "+token);
|
||||
|
@ -89,4 +108,53 @@ public class RequestContextRetriever extends RequestHandler {
|
|||
ScopeProvider.instance.set(authEntry.getContext());
|
||||
log.info("retrieved request authorization info {} in scope {} ", AuthorizationProvider.instance.get(), authEntry.getContext());
|
||||
}
|
||||
|
||||
private void retreiveAndSetInfoUmaToken(String accessToken, String gcubeToken, RequestEvent call){
|
||||
log.debug("using UMA token for authorization");
|
||||
log.trace("retrieving context using uma token {} ", accessToken);
|
||||
|
||||
AccessTokenProvider.instance.set(accessToken);
|
||||
parseAccessTokenAndSet(accessToken);
|
||||
log.info("retrieved request authorization info {} in scope {} ", AuthorizationProvider.instance.get(), ScopeProvider.instance.get());
|
||||
}
|
||||
|
||||
private void parseAccessTokenAndSet(String umaToken) {
|
||||
|
||||
String realUmaTokenEncoded = umaToken.split("\\.")[1];
|
||||
|
||||
String realUmaToken = new String(Base64.getDecoder().decode(realUmaTokenEncoded.getBytes()));
|
||||
|
||||
ObjectMapper mapper = new ObjectMapper();
|
||||
|
||||
GcubeJwt jwt = null;
|
||||
try {
|
||||
jwt = mapper.readValue(realUmaToken, GcubeJwt.class);
|
||||
}catch(Exception e){
|
||||
log.error("error decoding uma token",e);
|
||||
internal_server_error.fire("error parsing access token");
|
||||
}
|
||||
|
||||
ScopeBean scopeBean = null;
|
||||
try {
|
||||
scopeBean = new ScopeBean(jwt.getContext());
|
||||
}catch(Exception e){
|
||||
log.error("error decoding uma token",e);
|
||||
internal_server_error.fire("invalid context in access token");
|
||||
}
|
||||
|
||||
ClientInfo clientInfo;
|
||||
if (!jwt.isExternalService())
|
||||
clientInfo = new UserInfo(jwt.getUsername(), jwt.getRoles(), jwt.getEmail(), jwt.getFirstName(), jwt.getLastName());
|
||||
else
|
||||
clientInfo = new ExternalServiceInfo(jwt.getUsername(), "unknown", jwt.getRoles());
|
||||
|
||||
log.info("caller type is {}",clientInfo.getType());
|
||||
AuthorizationProvider.instance.set(new Caller(clientInfo, "token"));
|
||||
|
||||
ScopeProvider.instance.set(scopeBean.toString());
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
|
|
@ -3,24 +3,27 @@ package org.gcube.smartgears.handlers.application.request;
|
|||
import static org.gcube.common.authorization.client.Constants.authorizationService;
|
||||
import static org.gcube.smartgears.handlers.application.request.RequestError.application_failed_error;
|
||||
import static org.gcube.smartgears.handlers.application.request.RequestError.application_unavailable_error;
|
||||
import static org.gcube.smartgears.handlers.application.request.RequestError.internal_server_error;
|
||||
import static org.gcube.smartgears.handlers.application.request.RequestError.invalid_request_error;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
|
||||
import javax.xml.bind.annotation.XmlAttribute;
|
||||
import javax.xml.bind.annotation.XmlRootElement;
|
||||
|
||||
import org.gcube.common.authorization.client.exceptions.ObjectNotFound;
|
||||
import org.gcube.common.authorization.library.AuthorizationEntry;
|
||||
import org.gcube.common.authorization.library.PolicyUtils;
|
||||
import org.gcube.common.authorization.library.policies.Policy;
|
||||
import org.gcube.common.authorization.library.policies.User2ServicePolicy;
|
||||
import org.gcube.common.authorization.library.policies.UserEntity;
|
||||
import org.gcube.common.authorization.library.provider.AccessTokenProvider;
|
||||
import org.gcube.common.authorization.library.provider.AuthorizationProvider;
|
||||
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
|
||||
import org.gcube.common.authorization.library.provider.ServiceIdentifier;
|
||||
import org.gcube.common.scope.api.ScopeProvider;
|
||||
import org.gcube.common.scope.impl.ScopeBean;
|
||||
import org.gcube.common.scope.impl.ScopeBean.Type;
|
||||
import org.gcube.smartgears.Constants;
|
||||
import org.gcube.smartgears.configuration.Mode;
|
||||
import org.gcube.smartgears.configuration.container.ContainerConfiguration;
|
||||
import org.gcube.smartgears.context.application.ApplicationContext;
|
||||
import org.gcube.smartgears.handlers.application.RequestEvent;
|
||||
|
@ -35,7 +38,7 @@ public class RequestValidator extends RequestHandler {
|
|||
@XmlAttribute(required=false, name="oauth")
|
||||
@Deprecated
|
||||
boolean oauthCompatibility = false;
|
||||
|
||||
|
||||
private static Logger log = LoggerFactory.getLogger(RequestValidator.class);
|
||||
|
||||
private ApplicationContext context;
|
||||
|
@ -44,25 +47,30 @@ public class RequestValidator extends RequestHandler {
|
|||
public String getName() {
|
||||
return Constants.request_validation;
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public void handleRequest(RequestEvent call) {
|
||||
|
||||
log.trace("executing request validator ON REQUEST");
|
||||
|
||||
log.trace("accessToken is null? {} \nGcubeToken is null ? {} \nscope rpvideris null? {}",
|
||||
AccessTokenProvider.instance.get()==null,
|
||||
SecurityTokenProvider.instance.get()==null,
|
||||
ScopeProvider.instance.get()==null);
|
||||
|
||||
context = call.context();
|
||||
|
||||
validateAgainstLifecycle(call);
|
||||
|
||||
|
||||
rejectUnauthorizedCalls(call);
|
||||
|
||||
validateScopeCall();
|
||||
|
||||
if (SecurityTokenProvider.instance.get()!=null)
|
||||
validatePolicy(SecurityTokenProvider.instance.get(), call);
|
||||
|
||||
if (context.container().configuration().mode()!=Mode.offline) {
|
||||
validateScopeCall();
|
||||
validatePolicy(ScopeProvider.instance.get(), call);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
private void validateAgainstLifecycle(RequestEvent call) {
|
||||
|
||||
switch(context.lifecycle().state()) {
|
||||
|
@ -81,16 +89,16 @@ public class RequestValidator extends RequestHandler {
|
|||
}
|
||||
|
||||
private void validateScopeCall() {
|
||||
|
||||
|
||||
String scope = ScopeProvider.instance.get();
|
||||
|
||||
|
||||
if (scope == null) {
|
||||
log.warn("rejecting unscoped call to {}",context.name());
|
||||
invalid_request_error.fire("call is unscoped");
|
||||
}
|
||||
|
||||
|
||||
ScopeBean bean = new ScopeBean(scope);
|
||||
|
||||
|
||||
ContainerConfiguration conf = context.container().configuration();
|
||||
if (!conf.allowedContexts().contains(scope) &&
|
||||
!(conf.authorizeChildrenContext() && bean.is(Type.VRE) && conf.allowedContexts().contains(bean.enclosingScope().toString()) ) ) {
|
||||
|
@ -100,26 +108,13 @@ public class RequestValidator extends RequestHandler {
|
|||
}
|
||||
|
||||
private void rejectUnauthorizedCalls(RequestEvent call){
|
||||
|
||||
String token = SecurityTokenProvider.instance.get();
|
||||
String scope = ScopeProvider.instance.get();
|
||||
|
||||
if (token == null && scope==null){
|
||||
log.warn("rejecting call to {}, authorization required",context.name(),token);
|
||||
if (call.context().container().configuration().authenticationEnpoint()==null){
|
||||
log.warn("rejecting call to {}, authorization required",context.name(),token);
|
||||
RequestError.request_not_authorized_error.fire(context.name()+": authorization required");
|
||||
}else {
|
||||
log.info("authorization enpoint found on configuration, redirecting the call");
|
||||
String recallLocation = String.format("http://%s:%d%s", call.context().container().configuration().hostname(), call.context().container().configuration().port(), call.uri());
|
||||
//call.response().setHeader("Allowed-Contexts", call.context().container().configuration().allowedContexts().toString());
|
||||
try {
|
||||
call.response().sendRedirect(context.container().configuration().authenticationEnpoint()+"?Recall-Location="+recallLocation);
|
||||
} catch (IOException e) {
|
||||
log.error("errror redirecting call",e );
|
||||
}
|
||||
}
|
||||
|
||||
String token = SecurityTokenProvider.instance.get();
|
||||
String accessToken = AccessTokenProvider.instance.get();
|
||||
|
||||
if (token == null && accessToken==null){
|
||||
log.warn("rejecting call to {}, authorization required",context.name(),token);
|
||||
RequestError.request_not_authorized_error.fire(context.name()+": authorization required");
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -128,29 +123,47 @@ public class RequestValidator extends RequestHandler {
|
|||
return getName();
|
||||
}
|
||||
|
||||
private void validatePolicy(String token, RequestEvent call){
|
||||
log.info("accessing policy validator with token {} ", token);
|
||||
AuthorizationEntry authEntry = null;
|
||||
try{
|
||||
authEntry = authorizationService().get(token);
|
||||
}catch(ObjectNotFound onf){
|
||||
log.warn("rejecting call to {}, invalid token {}",context.name(),token);
|
||||
invalid_request_error.fire(context.name()+" invalid token : "+token);
|
||||
}catch(Exception e){
|
||||
log.error("error contacting authorization service",e);
|
||||
internal_server_error.fire("error contacting authorization service");
|
||||
}
|
||||
private void validatePolicy(String scope, RequestEvent call){
|
||||
log.info("accessing policy validator in scope {} ", scope);
|
||||
|
||||
ServiceIdentifier serviceIdentifier = Utils.getServiceInfo(call.context()).getServiceIdentifier();
|
||||
|
||||
for (Policy policy: authEntry.getPolicies())
|
||||
if (PolicyUtils.isPolicyValidForClient(policy.getServiceAccess(), serviceIdentifier)){
|
||||
log.error("rejecting call to {} : {} is not allowed to contact the service ",context.name(),authEntry.getClientInfo().getId());
|
||||
invalid_request_error.fire("rejecting call to "+context.name()+": "+authEntry.getClientInfo().getId()+" is not allowed to contact the service");
|
||||
}
|
||||
String previousToken = SecurityTokenProvider.instance.get();
|
||||
try {
|
||||
String serviceToken = context.configuration().startTokens().stream().findFirst().get();
|
||||
SecurityTokenProvider.instance.set(serviceToken);
|
||||
String callerId = AuthorizationProvider.instance.get().getClient().getId();
|
||||
|
||||
List<Policy> policies = Collections.emptyList();
|
||||
try {
|
||||
policies = authorizationService().getPolicies(scope);
|
||||
}catch (Exception e) {
|
||||
log.error("error contacting authorization services for policies");
|
||||
}
|
||||
|
||||
for (Policy policy: policies) {
|
||||
log.debug("policy: {}", policy.getPolicyAsString() );
|
||||
|
||||
if (PolicyUtils.isPolicyValidForClient(policy.getServiceAccess(), serviceIdentifier )) {
|
||||
boolean toReject = false;
|
||||
UserEntity entity = (((User2ServicePolicy) policy).getEntity());
|
||||
if (entity.getIdentifier()!=null)
|
||||
toReject = entity.getIdentifier().equals(callerId);
|
||||
else if (entity.getExcludes().isEmpty())
|
||||
toReject = true;
|
||||
else toReject = !entity.getExcludes().contains(callerId);
|
||||
if (toReject) {
|
||||
log.error("rejecting call to {} : {} is not allowed to contact the service ",context.name(), callerId);
|
||||
RequestError.request_not_authorized_error.fire("rejecting call to "+context.name()+" for polices: "+callerId+" is not allowed to contact the service: "+serviceIdentifier.getServiceName() );
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
}finally {
|
||||
SecurityTokenProvider.instance.set(previousToken);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
|
|
@ -14,7 +14,7 @@ import org.slf4j.Logger;
|
|||
import org.slf4j.LoggerFactory;
|
||||
|
||||
/**
|
||||
* @author Luca Frosini (ISTI - CNR) http://www.lucafrosini.com/
|
||||
* @author Luca Frosini (ISTI - CNR)
|
||||
*/
|
||||
@XmlRootElement(name = accounting_management)
|
||||
public class AccountingManager extends ContainerHandler {
|
||||
|
|
|
@ -0,0 +1,93 @@
|
|||
package org.gcube.smartgears.handlers.container.lifecycle;
|
||||
|
||||
import java.io.BufferedReader;
|
||||
import java.io.File;
|
||||
import java.io.FileReader;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStreamReader;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
/**
|
||||
* @author Luca Frosini (ISTI-CNR)
|
||||
*/
|
||||
public class LinuxDistributionInfo {
|
||||
|
||||
private static final Logger logger = LoggerFactory.getLogger(LinuxDistributionInfo.class);
|
||||
|
||||
public static final String LSB_RELEASE_COMMAND = "lsb_release -a";
|
||||
public static final String OS_RELEASE_FILE_PATH = "/etc/os-release";
|
||||
|
||||
protected Map<String, String> info;
|
||||
|
||||
protected Map<String, String> getInfoViaLsbReleaseCommand() throws IOException {
|
||||
logger.trace("Going to exec {}", LSB_RELEASE_COMMAND);
|
||||
Process process = Runtime.getRuntime().exec(LSB_RELEASE_COMMAND);
|
||||
BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(process.getInputStream()));
|
||||
Map<String, String> map = parseBufferedReader(bufferedReader);
|
||||
bufferedReader.close();
|
||||
return map;
|
||||
}
|
||||
|
||||
private Map<String, String> parseBufferedReader(BufferedReader bufferedReader) throws IOException {
|
||||
Map<String, String> map = new HashMap<>();
|
||||
String line = "";
|
||||
while ((line = bufferedReader.readLine()) != null) {
|
||||
String[] nameValue = parseLine(line);
|
||||
map.put(nameValue[0], nameValue[1]);
|
||||
}
|
||||
return map;
|
||||
}
|
||||
|
||||
private String[] parseLine(String line) {
|
||||
String[] splitted = line.split("=");
|
||||
if (splitted.length < 2) {
|
||||
splitted = line.split(":");
|
||||
}
|
||||
String[] ret = new String[2];
|
||||
ret[0] = splitted[0].trim();
|
||||
ret[1] = splitted[1].trim().replace("\"", "");
|
||||
return ret;
|
||||
}
|
||||
|
||||
private Map<String, String> getInfoViaFile(File file) throws IOException {
|
||||
logger.trace("Going to read file {}", file.getAbsolutePath());
|
||||
BufferedReader bufferedReader = new BufferedReader(new FileReader(file));
|
||||
Map<String, String> map = parseBufferedReader(bufferedReader);
|
||||
bufferedReader.close();
|
||||
return map;
|
||||
|
||||
}
|
||||
|
||||
protected Map<String, String> getInfoViaOsReleaseFile() throws IOException {
|
||||
File osReleaseFile = new File(OS_RELEASE_FILE_PATH);
|
||||
return getInfoViaFile(osReleaseFile);
|
||||
}
|
||||
|
||||
private Map<String, String> retriveInfo() {
|
||||
try {
|
||||
return getInfoViaLsbReleaseCommand();
|
||||
} catch (IOException e) {
|
||||
|
||||
}
|
||||
|
||||
try {
|
||||
return getInfoViaOsReleaseFile();
|
||||
}catch (IOException e) {
|
||||
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
public Map<String, String> getInfo() {
|
||||
if (info == null) {
|
||||
info = retriveInfo();
|
||||
}
|
||||
return info;
|
||||
}
|
||||
|
||||
}
|
|
@ -32,7 +32,7 @@ import org.slf4j.LoggerFactory;
|
|||
|
||||
/**
|
||||
* @author Fabio Simeoni
|
||||
* @author Luca Frosini (ISTI - CNR) http://www.lucafrosini.com/
|
||||
* @author Luca Frosini (ISTI - CNR)
|
||||
*
|
||||
*/
|
||||
public class ProfileBuilder {
|
||||
|
@ -282,6 +282,15 @@ public class ProfileBuilder {
|
|||
*/
|
||||
|
||||
|
||||
String osVersion = System.getProperty("os.name");
|
||||
if(osVersion.compareToIgnoreCase("Linux")==0) {
|
||||
LinuxDistributionInfo linuxDistributionInfo = new LinuxDistributionInfo();
|
||||
Map<String,String> info = linuxDistributionInfo.getInfo();
|
||||
for(String key : info.keySet()) {
|
||||
variables.add().keyAndValue(key, info.get(key));
|
||||
}
|
||||
}
|
||||
|
||||
variables.add().keyAndValue("Java", System.getProperty("java.version"));
|
||||
|
||||
SmartGearsConfiguration config = ProviderFactory.provider().smartgearsConfiguration();
|
||||
|
|
|
@ -23,8 +23,11 @@ import javax.xml.bind.annotation.XmlRootElement;
|
|||
|
||||
import org.gcube.common.events.Observes;
|
||||
import org.gcube.common.resources.gcore.HostingNode;
|
||||
import org.gcube.smartgears.configuration.Mode;
|
||||
import org.gcube.smartgears.context.Property;
|
||||
import org.gcube.smartgears.context.container.ContainerContext;
|
||||
import org.gcube.smartgears.handlers.OfflineProfilePublisher;
|
||||
import org.gcube.smartgears.handlers.ProfilePublisher;
|
||||
import org.gcube.smartgears.handlers.container.ContainerHandler;
|
||||
import org.gcube.smartgears.handlers.container.ContainerLifecycleEvent.Start;
|
||||
import org.gcube.smartgears.lifecycle.container.ContainerLifecycle;
|
||||
|
@ -83,7 +86,9 @@ public class ProfileManager extends ContainerHandler {
|
|||
|
||||
share(profile);
|
||||
|
||||
publisher = new ProfilePublisher(context);
|
||||
publisher = context.configuration().mode()!=Mode.offline?
|
||||
new ProfilePublisherImpl(context):
|
||||
new OfflineProfilePublisher();
|
||||
|
||||
registerObservers();
|
||||
|
||||
|
|
|
@ -11,8 +11,10 @@ import org.gcube.common.authorization.client.proxy.AuthorizationProxy;
|
|||
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
|
||||
import org.gcube.common.resources.gcore.HostingNode;
|
||||
import org.gcube.informationsystem.publisher.ScopedPublisher;
|
||||
import org.gcube.smartgears.configuration.Mode;
|
||||
import org.gcube.smartgears.context.container.ContainerContext;
|
||||
import org.gcube.smartgears.handlers.ProfileEvents;
|
||||
import org.gcube.smartgears.handlers.ProfilePublisher;
|
||||
import org.gcube.smartgears.provider.ProviderFactory;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
@ -25,9 +27,9 @@ import org.slf4j.LoggerFactory;
|
|||
* @author Fabio Simeoni
|
||||
*
|
||||
*/
|
||||
public class ProfilePublisher {
|
||||
public class ProfilePublisherImpl implements ProfilePublisher {
|
||||
|
||||
private static final Logger log = LoggerFactory.getLogger(ProfilePublisher.class);
|
||||
private static final Logger log = LoggerFactory.getLogger(ProfilePublisherImpl.class);
|
||||
|
||||
//the underlying IS publisher
|
||||
private final ScopedPublisher publisher;
|
||||
|
@ -40,7 +42,7 @@ public class ProfilePublisher {
|
|||
* Creates an instance for the container.
|
||||
* @param context the context of the application
|
||||
*/
|
||||
public ProfilePublisher(ContainerContext context) {
|
||||
public ProfilePublisherImpl(ContainerContext context) {
|
||||
this.context = context;
|
||||
this.publisher=ProviderFactory.provider().publisherFor(context);
|
||||
this.authProxy = ProviderFactory.provider().authorizationProxy();
|
||||
|
@ -88,18 +90,20 @@ public class ProfilePublisher {
|
|||
}*/
|
||||
|
||||
ClassLoader contextCL = Thread.currentThread().getContextClassLoader();
|
||||
|
||||
log.debug("using context {}",contextCL.getClass().getSimpleName());
|
||||
String previousToken = SecurityTokenProvider.instance.get();
|
||||
try{//This classloader set is needed for the jaxb context
|
||||
if (previousToken==null)
|
||||
SecurityTokenProvider.instance.set((String)tokens.toArray()[0]);
|
||||
Thread.currentThread().setContextClassLoader(ProfilePublisher.class.getClassLoader());
|
||||
if (context.configuration().mode()!=Mode.root)
|
||||
Thread.currentThread().setContextClassLoader(ProfilePublisherImpl.class.getClassLoader());
|
||||
profile = publisher.create(profile, resolveScopesFromTokens(tokens));
|
||||
} catch (Exception e) {
|
||||
rethrowUnchecked(e);
|
||||
} finally {
|
||||
SecurityTokenProvider.instance.set(previousToken);
|
||||
Thread.currentThread().setContextClassLoader(contextCL);
|
||||
if (context.configuration().mode()!=Mode.root)
|
||||
Thread.currentThread().setContextClassLoader(contextCL);
|
||||
}
|
||||
|
||||
sharePublished(profile);
|
||||
|
@ -147,19 +151,21 @@ public class ProfilePublisher {
|
|||
log.debug("[update] resource scopes are : {} ",profile.scopes().asCollection());
|
||||
|
||||
ClassLoader contextCL = Thread.currentThread().getContextClassLoader();
|
||||
|
||||
log.debug("using context {}",contextCL.getClass().getSimpleName());
|
||||
String previousToken = SecurityTokenProvider.instance.get();
|
||||
try{//This classloader set is needed for the jaxb context
|
||||
if (previousToken==null)
|
||||
SecurityTokenProvider.instance.set((String)context.configuration().startTokens().toArray()[0]);
|
||||
|
||||
Thread.currentThread().setContextClassLoader(ProfilePublisher.class.getClassLoader());
|
||||
if (context.configuration().mode()!=Mode.root)
|
||||
Thread.currentThread().setContextClassLoader(ProfilePublisherImpl.class.getClassLoader());
|
||||
profile = publisher.update(profile);
|
||||
} catch (Exception e) {
|
||||
rethrowUnchecked(e);
|
||||
} finally {
|
||||
SecurityTokenProvider.instance.set(previousToken);
|
||||
Thread.currentThread().setContextClassLoader(contextCL);
|
||||
if (context.configuration().mode()!=Mode.root)
|
||||
Thread.currentThread().setContextClassLoader(contextCL);
|
||||
}
|
||||
|
||||
sharePublished(profile);
|
||||
|
@ -198,18 +204,20 @@ public class ProfilePublisher {
|
|||
} */
|
||||
|
||||
ClassLoader contextCL = Thread.currentThread().getContextClassLoader();
|
||||
|
||||
log.debug("using context {}",contextCL.getClass().getSimpleName());
|
||||
String previousToken = SecurityTokenProvider.instance.get();
|
||||
try{//This classloader set is needed for the jaxb context
|
||||
if (previousToken==null)
|
||||
SecurityTokenProvider.instance.set((String)tokens.toArray()[0]);
|
||||
Thread.currentThread().setContextClassLoader(ProfilePublisher.class.getClassLoader());
|
||||
if (context.configuration().mode()!=Mode.root)
|
||||
Thread.currentThread().setContextClassLoader(ProfilePublisherImpl.class.getClassLoader());
|
||||
profile = publisher.remove(profile, resolveScopesFromTokens(tokens));
|
||||
} catch (Exception e) {
|
||||
rethrowUnchecked(e);
|
||||
} finally {
|
||||
SecurityTokenProvider.instance.set(previousToken);
|
||||
Thread.currentThread().setContextClassLoader(contextCL);
|
||||
if (context.configuration().mode()!=Mode.root)
|
||||
Thread.currentThread().setContextClassLoader(contextCL);
|
||||
}
|
||||
|
||||
log.debug("after remove container profile contains scopes {}",profile.scopes().asCollection());
|
|
@ -13,10 +13,9 @@ import java.io.File;
|
|||
import java.io.FileOutputStream;
|
||||
import java.io.ObjectOutputStream;
|
||||
import java.util.Collection;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Map.Entry;
|
||||
import java.util.Set;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
import javax.servlet.FilterRegistration;
|
||||
import javax.servlet.ServletContext;
|
||||
|
@ -28,6 +27,7 @@ import org.gcube.common.authorization.client.proxy.AuthorizationProxy;
|
|||
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
|
||||
import org.gcube.common.events.Observes;
|
||||
import org.gcube.smartgears.Constants;
|
||||
import org.gcube.smartgears.configuration.Mode;
|
||||
import org.gcube.smartgears.configuration.application.ApplicationExtensions;
|
||||
import org.gcube.smartgears.configuration.application.ApplicationHandlers;
|
||||
import org.gcube.smartgears.context.application.ApplicationContext;
|
||||
|
@ -71,21 +71,22 @@ public class ApplicationManager {
|
|||
try {
|
||||
|
||||
context = provider().contextFor(container, application);
|
||||
|
||||
|
||||
for (Entry<String,? extends ServletRegistration> servlet : application.getServletRegistrations().entrySet())
|
||||
log.trace("servlet {} : {} {} ", application.getServletContextName(),servlet.getKey(), servlet.getValue().getMappings());
|
||||
|
||||
|
||||
|
||||
context.configuration().validate();
|
||||
|
||||
/* if (context.configuration().secure() &&
|
||||
/* if (context.configuration().secure() &&
|
||||
container.configuration().securePort()==null)
|
||||
throw new IllegalStateException(
|
||||
String.format("Application %s cannot be managed because is declared as secure without a secure connector port declared in the container", context.application().getContextPath()));
|
||||
*/
|
||||
|
||||
context.configuration().startTokens(generateTokensForApplication(container));
|
||||
|
||||
*/
|
||||
|
||||
if (context.container().configuration().mode()!=Mode.offline) {
|
||||
context.configuration().startTokens(generateTokensForApplication(container).stream().collect(Collectors.toSet()));
|
||||
context.configuration().validate();
|
||||
}
|
||||
saveApplicationState();
|
||||
|
||||
// make context available to application in case it is gcube-aware
|
||||
|
@ -128,8 +129,8 @@ public class ApplicationManager {
|
|||
return context;
|
||||
|
||||
} catch (RuntimeException e) {
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
if (context != null) {
|
||||
log.error("error starting application {}",context.name(), e);
|
||||
|
@ -142,13 +143,25 @@ public class ApplicationManager {
|
|||
|
||||
}
|
||||
|
||||
private Set<String> generateTokensForApplication(ContainerContext container){
|
||||
private List<String> generateTokensForApplication(ContainerContext container){
|
||||
log.info("generating token for app {}",context.configuration().name());
|
||||
Set<String> tokens = new HashSet<String>();
|
||||
AuthorizationProxy authProxy = provider().authorizationProxy();
|
||||
for (String containerToken :container.configuration().startTokens())
|
||||
tokens.add(generateApplicationToken(containerToken, authProxy));
|
||||
return tokens;
|
||||
|
||||
SecurityTokenProvider.instance.set(container.configuration().startTokens().get(0));
|
||||
try {
|
||||
AuthorizationProxy authProxy = provider().authorizationProxy();
|
||||
try {
|
||||
return authProxy.generateServiceToken(Utils.getServiceInfo(context), container.configuration().startTokens());
|
||||
}catch (Exception e) {
|
||||
log.error("error generating service token",e);
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException("error contacting authorization service",e);
|
||||
} finally{
|
||||
SecurityTokenProvider.instance.reset();
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
private String generateApplicationToken(String containerToken, AuthorizationProxy authProxy){
|
||||
|
@ -161,7 +174,7 @@ public class ApplicationManager {
|
|||
} finally{
|
||||
SecurityTokenProvider.instance.reset();
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
@ -243,12 +256,12 @@ public class ApplicationManager {
|
|||
|
||||
extension.init(context);
|
||||
|
||||
|
||||
|
||||
if (context.configuration().includes().isEmpty()) {
|
||||
//register excludes for extension in case of includes they are excluded by default
|
||||
context.configuration().excludes().addAll(extension.excludes());
|
||||
}
|
||||
|
||||
|
||||
String mapping = extension.mapping();
|
||||
|
||||
application.addServlet(context.configuration().name() + "-" + extension.name(), extension)
|
||||
|
@ -315,6 +328,7 @@ public class ApplicationManager {
|
|||
log.trace("app token created : {} ", appToken);
|
||||
context.events().fire(appToken, ProfileEvents.addToContext);
|
||||
context.events().fire(appToken, Constants.token_registered);
|
||||
saveApplicationState();
|
||||
}
|
||||
|
||||
@Observes(value = ContextEvents.REMOVE_TOKEN_FROM_APPLICATION, kind = critical)
|
||||
|
@ -325,8 +339,9 @@ public class ApplicationManager {
|
|||
log.trace("app token removed : {} ", appToken);
|
||||
context.events().fire(appToken, ProfileEvents.removeFromContext);
|
||||
context.events().fire(appToken, Constants.token_removed);
|
||||
saveApplicationState();
|
||||
}
|
||||
|
||||
|
||||
};
|
||||
|
||||
context.container().events().subscribe(observer);
|
||||
|
|
|
@ -10,7 +10,6 @@ import static org.gcube.smartgears.provider.ProviderFactory.provider;
|
|||
import java.io.File;
|
||||
import java.io.FileOutputStream;
|
||||
import java.io.ObjectOutputStream;
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
|
@ -22,6 +21,7 @@ import org.gcube.common.authorization.library.provider.ClientInfo;
|
|||
import org.gcube.common.authorization.library.provider.ContainerInfo;
|
||||
import org.gcube.common.events.Observes;
|
||||
import org.gcube.common.events.Observes.Kind;
|
||||
import org.gcube.smartgears.configuration.Mode;
|
||||
import org.gcube.smartgears.configuration.container.ContainerHandlers;
|
||||
import org.gcube.smartgears.context.application.ApplicationContext;
|
||||
import org.gcube.smartgears.context.container.ContainerContext;
|
||||
|
@ -63,12 +63,10 @@ public class ContainerManager {
|
|||
this.context = context;
|
||||
|
||||
try {
|
||||
|
||||
|
||||
// TODO Ask if is not enough that is already done in
|
||||
// Bootstrap.initialiseContainer() function;
|
||||
context.configuration().validate();
|
||||
|
||||
validateContainer(context);
|
||||
if (context.configuration().mode()!=Mode.offline)
|
||||
validateContainer(context);
|
||||
|
||||
saveContainerState();
|
||||
|
||||
|
@ -112,24 +110,30 @@ public class ContainerManager {
|
|||
}
|
||||
|
||||
private void validateContainer(ContainerContext context) {
|
||||
List<String> tokensToRemove = new ArrayList<String>();
|
||||
//List<String> tokensToRemove = new ArrayList<String>();
|
||||
context.configuration().validate();
|
||||
Set<String> foundContexts= new HashSet<String>();
|
||||
|
||||
for (String token : context.configuration().startTokens()){
|
||||
String tokenContext = resolveTokenForAdd(foundContexts, token);
|
||||
if (tokenContext!=null){
|
||||
log.info("the container will be started in context {}",tokenContext);
|
||||
foundContexts.add(tokenContext);
|
||||
} else
|
||||
tokensToRemove.add(token);
|
||||
}
|
||||
|
||||
try {
|
||||
List<AuthorizationEntry> entries = authProvider.get(context.configuration().startTokens());
|
||||
|
||||
log.info("requesting auth on {} tokens returned {} entries", context.configuration().startTokens().size(),entries.size());
|
||||
|
||||
for (AuthorizationEntry entry : entries ) {
|
||||
log.info("the container will be started in context {}",entry.getContext());
|
||||
foundContexts.add(entry.getContext());
|
||||
}
|
||||
|
||||
} catch (Exception e) {
|
||||
log.error("error contacting auth service on container",e);
|
||||
}
|
||||
|
||||
if (foundContexts.isEmpty()){
|
||||
log.error("no valid starting token are specified, moving the container to failed");
|
||||
throw new RuntimeException("no valid starting token are specified");
|
||||
}
|
||||
|
||||
context.configuration().startTokens().removeAll(tokensToRemove);
|
||||
//context.configuration().startTokens().removeAll(tokensToRemove);
|
||||
context.configuration().allowedContexts(foundContexts);
|
||||
}
|
||||
|
||||
|
|
|
@ -98,7 +98,7 @@ public class RequestManager implements Filter {
|
|||
// dispatch to other filters for this servlet
|
||||
chain.doFilter(request, response);
|
||||
}catch(ServletException t){
|
||||
log.error("error in doFilter",t.getRootCause());
|
||||
log.error("error in doFilter",t);
|
||||
handleError(httprequest,httpresponse,t.getRootCause());
|
||||
}
|
||||
|
||||
|
@ -260,7 +260,8 @@ public class RequestManager implements Filter {
|
|||
RequestException.class.cast(t).error():
|
||||
application_error;
|
||||
|
||||
response.resetBuffer();
|
||||
if (!response.isCommitted())
|
||||
response.resetBuffer();
|
||||
if (error == request_not_authorized_error){
|
||||
response.setHeader("WWW-Authenticate", "Basic realm=\"Smartgears\"");
|
||||
log.info("setting WWW-Authenticate to response header");
|
||||
|
|
|
@ -0,0 +1,86 @@
|
|||
package org.gcube.smartgears.utils;
|
||||
|
||||
import java.io.UnsupportedEncodingException;
|
||||
import java.net.URLDecoder;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import org.gcube.com.fasterxml.jackson.annotation.JsonIgnoreProperties;
|
||||
import org.gcube.com.fasterxml.jackson.annotation.JsonProperty;
|
||||
|
||||
@JsonIgnoreProperties(ignoreUnknown = true)
|
||||
public class GcubeJwt {
|
||||
|
||||
protected final static List<String> MINIMAL_ROLES = Arrays.asList("Member");
|
||||
|
||||
@JsonProperty("aud")
|
||||
private String context;
|
||||
|
||||
@JsonProperty("resource_access")
|
||||
private Map<String, Roles> contextAccess = new HashMap<>();
|
||||
|
||||
@JsonProperty("preferred_username")
|
||||
private String username;
|
||||
|
||||
@JsonProperty("given_name")
|
||||
private String firstName;
|
||||
|
||||
@JsonProperty("family_name")
|
||||
private String lastName;
|
||||
|
||||
@JsonProperty("clientId")
|
||||
private String clientId;
|
||||
|
||||
@JsonProperty("email")
|
||||
private String email;
|
||||
|
||||
public List<String> getRoles(){
|
||||
return contextAccess.get(this.context) == null ? MINIMAL_ROLES : contextAccess.get(this.context).roles;
|
||||
}
|
||||
|
||||
public String getContext() {
|
||||
try {
|
||||
return URLDecoder.decode(context, StandardCharsets.UTF_8.toString());
|
||||
}catch (UnsupportedEncodingException e) {
|
||||
return context;
|
||||
}
|
||||
}
|
||||
|
||||
public String getUsername() {
|
||||
return username;
|
||||
}
|
||||
|
||||
public boolean isExternalService() {
|
||||
return clientId != null;
|
||||
}
|
||||
|
||||
public String getFirstName() {
|
||||
return firstName;
|
||||
}
|
||||
|
||||
public String getLastName() {
|
||||
return lastName;
|
||||
}
|
||||
|
||||
public String getEmail() {
|
||||
return email;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return "GcubeJwt [context=" + getContext() + ", roles=" + getRoles() + ", username=" + username
|
||||
+ ", firstName=" + firstName + ", lastName=" + lastName + ", email=" + email + "]";
|
||||
}
|
||||
|
||||
public static class Roles {
|
||||
|
||||
@JsonProperty("roles")
|
||||
List<String> roles = new ArrayList<>();
|
||||
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1 @@
|
|||
/smartgears-config.xml
|
Loading…
Reference in New Issue