common-smartgears/src/main/java/org/gcube/smartgears/security/defaults/DefaultAuthorizationProvide...

package org.gcube.smartgears.security.defaults;

import java.net.URL;
import java.util.Collections;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;

import org.gcube.common.keycloak.KeycloakClient;
import org.gcube.common.keycloak.KeycloakClientFactory;
import org.gcube.common.keycloak.model.AccessToken.Access;
import org.gcube.common.keycloak.model.ModelUtils;
import org.gcube.common.keycloak.model.TokenResponse;
import org.gcube.common.security.ContextBean;
import org.gcube.common.security.secrets.Secret;
import org.gcube.common.security.secrets.UmaTokenSecret;
import org.gcube.smartgears.security.AuthorizationProvider;
import org.gcube.smartgears.security.SimpleCredentials;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

public class DefaultAuthorizationProvider implements AuthorizationProvider {

	private static Logger LOG = LoggerFactory.getLogger(DefaultAuthorizationProvider.class);
	
	private KeycloakClient client = KeycloakClientFactory.newInstance();
	
	private SimpleCredentials credentials;
	
	private String endpoint;
	
	public DefaultAuthorizationProvider(SimpleCredentials credentials, String endpoint) {
		this.credentials = credentials;				
		this.endpoint = endpoint;
	}
	
	@Override
	public Set<String> getContexts() {
		Set<String> contexts = new HashSet<String>();
		try {
			TokenResponse response = client.queryOIDCToken(new URL(this.endpoint), credentials.getClientID(), credentials.getSecret());
			Map<String, Access> resourceAccess = ModelUtils.getAccessTokenFrom(response).getResourceAccess();
			for (String context : resourceAccess.keySet()) {
				try {
					ContextBean scope = new ContextBean(context.replaceAll("%2F", "/"));
					contexts.add(scope.toString());
					LOG.debug("found context {}",context);
				}catch (IllegalArgumentException e) {
					LOG.debug("invalid context found in token: {}", context);
				}
			}
		} catch (Exception e) {
			LOG.error("error getting OIDToken from keycloak",e);
			return Collections.emptySet();
		}
		return contexts;
	}

	
	@Override
	public Secret getSecretForContext(String context) {
		try {
			TokenResponse response = client.queryUMAToken(new URL(this.endpoint), credentials.getClientID(), credentials.getSecret(), context, null);
			return new UmaTokenSecret(response.getAccessToken());
			
		} catch (Exception e) {
			LOG.error("error getting OIDToken from keycloak",e);
			throw new RuntimeException("error getting access token for context "+context, e);
		}
		
	}
	
	public SimpleCredentials getCredentials() {
		return credentials;
	}
}
handler configuration removed test removed 2022-05-25 18:56:42 +02:00			`package org.gcube.smartgears.security.defaults;`
moving smartgears to a .ini Configuration file type 2022-03-17 17:17:15 +01:00
handler configuration removed test removed 2022-05-25 18:56:42 +02:00			`import java.net.URL;`
update for 4.0.0 2022-03-31 11:58:49 +02:00			`import java.util.Collections;`
			`import java.util.HashSet;`
			`import java.util.Map;`
new features for configuration file type changing 2022-03-21 11:17:07 +01:00			`import java.util.Set;`
moving smartgears to a .ini Configuration file type 2022-03-17 17:17:15 +01:00
update for 4.0.0 2022-03-31 11:58:49 +02:00			`import org.gcube.common.keycloak.KeycloakClient;`
			`import org.gcube.common.keycloak.KeycloakClientFactory;`
			`import org.gcube.common.keycloak.model.AccessToken.Access;`
			`import org.gcube.common.keycloak.model.ModelUtils;`
			`import org.gcube.common.keycloak.model.TokenResponse;`
Publishing externalized to libraries in classpath 2022-06-10 17:08:44 +02:00			`import org.gcube.common.security.ContextBean;`
Removed old VAleve 2022-05-30 18:29:46 +02:00			`import org.gcube.common.security.secrets.Secret;`
removed all JAXB dependencies 2023-02-06 17:34:18 +01:00			`import org.gcube.common.security.secrets.UmaTokenSecret;`
handler configuration removed test removed 2022-05-25 18:56:42 +02:00			`import org.gcube.smartgears.security.AuthorizationProvider;`
			`import org.gcube.smartgears.security.SimpleCredentials;`
update for 4.0.0 2022-03-31 11:58:49 +02:00			`import org.slf4j.Logger;`
			`import org.slf4j.LoggerFactory;`

moving smartgears to a .ini Configuration file type 2022-03-17 17:17:15 +01:00			`public class DefaultAuthorizationProvider implements AuthorizationProvider {`

update for 4.0.0 2022-03-31 11:58:49 +02:00			`private static Logger LOG = LoggerFactory.getLogger(DefaultAuthorizationProvider.class);`

			`private KeycloakClient client = KeycloakClientFactory.newInstance();`
moving smartgears to a .ini Configuration file type 2022-03-17 17:17:15 +01:00
handler configuration removed test removed 2022-05-25 18:56:42 +02:00			`private SimpleCredentials credentials;`

auth provider modified 2022-05-26 14:39:31 +02:00			`private String endpoint;`

			`public DefaultAuthorizationProvider(SimpleCredentials credentials, String endpoint) {`
handler configuration removed test removed 2022-05-25 18:56:42 +02:00			`this.credentials = credentials;`
auth provider modified 2022-05-26 14:39:31 +02:00			`this.endpoint = endpoint;`
moving smartgears to a .ini Configuration file type 2022-03-17 17:17:15 +01:00			`}`
handler configuration removed test removed 2022-05-25 18:56:42 +02:00
new features for configuration file type changing 2022-03-21 11:17:07 +01:00			`@Override`
auth provider modified 2022-05-26 14:39:31 +02:00			`public Set<String> getContexts() {`
update for 4.0.0 2022-03-31 11:58:49 +02:00			`Set<String> contexts = new HashSet<String>();`
			`try {`
Publishing externalized to libraries in classpath 2022-06-10 17:08:44 +02:00			`TokenResponse response = client.queryOIDCToken(new URL(this.endpoint), credentials.getClientID(), credentials.getSecret());`
update for 4.0.0 2022-03-31 11:58:49 +02:00			`Map<String, Access> resourceAccess = ModelUtils.getAccessTokenFrom(response).getResourceAccess();`
			`for (String context : resourceAccess.keySet()) {`
			`try {`
Publishing externalized to libraries in classpath 2022-06-10 17:08:44 +02:00			`ContextBean scope = new ContextBean(context.replaceAll("%2F", "/"));`
update for 4.0.0 2022-03-31 11:58:49 +02:00			`contexts.add(scope.toString());`
put context logs to debug 2022-08-03 12:29:53 +02:00			`LOG.debug("found context {}",context);`
update for 4.0.0 2022-03-31 11:58:49 +02:00			`}catch (IllegalArgumentException e) {`
log updated 2024-02-20 12:20:16 +01:00			`LOG.debug("invalid context found in token: {}", context);`
update for 4.0.0 2022-03-31 11:58:49 +02:00			`}`
			`}`
			`} catch (Exception e) {`
			`LOG.error("error getting OIDToken from keycloak",e);`
			`return Collections.emptySet();`
			`}`
			`return contexts;`
new features for configuration file type changing 2022-03-21 11:17:07 +01:00			`}`

Removed old VAleve 2022-05-30 18:29:46 +02:00
			`@Override`
			`public Secret getSecretForContext(String context) {`
			`try {`
Publishing externalized to libraries in classpath 2022-06-10 17:08:44 +02:00			`TokenResponse response = client.queryUMAToken(new URL(this.endpoint), credentials.getClientID(), credentials.getSecret(), context, null);`
removed all JAXB dependencies 2023-02-06 17:34:18 +01:00			`return new UmaTokenSecret(response.getAccessToken());`
Removed old VAleve 2022-05-30 18:29:46 +02:00
			`} catch (Exception e) {`
			`LOG.error("error getting OIDToken from keycloak",e);`
			`throw new RuntimeException("error getting access token for context "+context, e);`
			`}`

			`}`

Profile and App events updated 2022-06-22 18:50:54 +02:00			`public SimpleCredentials getCredentials() {`
			`return credentials;`
			`}`
moving smartgears to a .ini Configuration file type 2022-03-17 17:17:15 +01:00			`}`