auth provider modified
This commit is contained in:
parent
f54efc1e4e
commit
230ae3bde9
|
@ -114,6 +114,7 @@ public class ContainerConfigurationBinder {
|
||||||
if (authorizationSection != null) {
|
if (authorizationSection != null) {
|
||||||
|
|
||||||
String provider = authorizationSection.get("factory");
|
String provider = authorizationSection.get("factory");
|
||||||
|
String authEndpoint = authorizationSection.get("endpoint");
|
||||||
AuthorizationProviderFactory<?> authProviderFactory;
|
AuthorizationProviderFactory<?> authProviderFactory;
|
||||||
if (provider!=null) {
|
if (provider!=null) {
|
||||||
try {
|
try {
|
||||||
|
@ -138,7 +139,7 @@ public class ContainerConfigurationBinder {
|
||||||
}
|
}
|
||||||
authorizationSection.to(credentials, "credentials.");
|
authorizationSection.to(credentials, "credentials.");
|
||||||
|
|
||||||
AuthorizationProvider authProvider = authProviderFactory.connect(credentials);
|
AuthorizationProvider authProvider = authProviderFactory.connect(credentials, authEndpoint);
|
||||||
|
|
||||||
conf.setAuthorizationProvider(authProvider);
|
conf.setAuthorizationProvider(authProvider);
|
||||||
}
|
}
|
||||||
|
|
|
@ -164,7 +164,7 @@ public class ProfileManager extends ApplicationLifecycleHandler {
|
||||||
@Observes(value = addToContext)
|
@Observes(value = addToContext)
|
||||||
void addTo(String token) {
|
void addTo(String token) {
|
||||||
try {
|
try {
|
||||||
log.trace("publishing application with new token");
|
log.trace("publishing application in new context");
|
||||||
publisher.addTo(Collections.singleton(token));
|
publisher.addTo(Collections.singleton(token));
|
||||||
publisher.update();
|
publisher.update();
|
||||||
}catch (Exception e) {
|
}catch (Exception e) {
|
||||||
|
@ -183,7 +183,7 @@ public class ProfileManager extends ApplicationLifecycleHandler {
|
||||||
@Observes(value = removeFromContext)
|
@Observes(value = removeFromContext)
|
||||||
void removeFrom(String token) {
|
void removeFrom(String token) {
|
||||||
try {
|
try {
|
||||||
log.trace("unpublishing application with token");
|
log.trace("unpublishing application from context");
|
||||||
publisher.removeFrom(Collections.singleton(token));
|
publisher.removeFrom(Collections.singleton(token));
|
||||||
publisher.update();
|
publisher.update();
|
||||||
}catch (Exception e) {
|
}catch (Exception e) {
|
||||||
|
|
|
@ -47,8 +47,7 @@ public class ContainerPublisher extends AbstractProfilePublisher<HostingNode> {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected Set<String> getAllowedContexts() {
|
protected Set<String> getAllowedContexts() {
|
||||||
// TODO Auto-generated method stub
|
return context.configuration().allowedContexts();
|
||||||
return null;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -101,7 +101,7 @@ public class ContainerManager {
|
||||||
Set<String> foundContexts;
|
Set<String> foundContexts;
|
||||||
|
|
||||||
try {
|
try {
|
||||||
foundContexts = context.configuration().authorizationProvider().getAllowedContexts();
|
foundContexts = context.configuration().authorizationProvider().getContexts();
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
log.error("error authorizing container",e);
|
log.error("error authorizing container",e);
|
||||||
throw new RuntimeException("error authorizing container, moving the container to failed",e);
|
throw new RuntimeException("error authorizing container, moving the container to failed",e);
|
||||||
|
|
|
@ -4,5 +4,5 @@ import java.util.Set;
|
||||||
|
|
||||||
public interface AuthorizationProvider {
|
public interface AuthorizationProvider {
|
||||||
|
|
||||||
Set<String> getAllowedContexts();
|
Set<String> getContexts();
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,6 +2,7 @@ package org.gcube.smartgears.security;
|
||||||
|
|
||||||
public interface AuthorizationProviderFactory<T extends AuthorizationProvider> {
|
public interface AuthorizationProviderFactory<T extends AuthorizationProvider> {
|
||||||
|
|
||||||
T connect(Credentials credentials);
|
T connect(Credentials credentials, String endpoint);
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,9 +11,6 @@ public class SimpleCredentials implements Credentials{
|
||||||
@NotNull @NotEmpty
|
@NotNull @NotEmpty
|
||||||
String secret;
|
String secret;
|
||||||
|
|
||||||
@NotNull @NotEmpty
|
|
||||||
String endpoint;
|
|
||||||
|
|
||||||
public String getClientID() {
|
public String getClientID() {
|
||||||
return clientID;
|
return clientID;
|
||||||
}
|
}
|
||||||
|
@ -21,14 +18,6 @@ public class SimpleCredentials implements Credentials{
|
||||||
public void setClientID(String clientID) {
|
public void setClientID(String clientID) {
|
||||||
this.clientID = clientID;
|
this.clientID = clientID;
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getEndpoint() {
|
|
||||||
return endpoint;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setEndpoint(String endpoint) {
|
|
||||||
this.endpoint = endpoint;
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getSecret() {
|
public String getSecret() {
|
||||||
return secret;
|
return secret;
|
||||||
|
|
|
@ -25,16 +25,22 @@ public class DefaultAuthorizationProvider implements AuthorizationProvider {
|
||||||
|
|
||||||
private SimpleCredentials credentials;
|
private SimpleCredentials credentials;
|
||||||
|
|
||||||
public DefaultAuthorizationProvider(SimpleCredentials credentials) {
|
private String endpoint;
|
||||||
|
|
||||||
|
public DefaultAuthorizationProvider(SimpleCredentials credentials, String endpoint) {
|
||||||
this.credentials = credentials;
|
this.credentials = credentials;
|
||||||
|
this.endpoint = endpoint;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Set<String> getAllowedContexts() {
|
public Set<String> getContexts() {
|
||||||
Set<String> contexts = new HashSet<String>();
|
Set<String> contexts = new HashSet<String>();
|
||||||
try {
|
try {
|
||||||
TokenResponse response = client.queryOIDCToken(new URL(credentials.getEndpoint()), credentials.getClientID(), credentials.getSecret());
|
TokenResponse response;
|
||||||
|
if (this.endpoint == null)
|
||||||
|
response = client.queryOIDCToken(credentials.getClientID(), credentials.getSecret());
|
||||||
|
else
|
||||||
|
response = client.queryOIDCToken(new URL(this.endpoint), credentials.getClientID(), credentials.getSecret());
|
||||||
Map<String, Access> resourceAccess = ModelUtils.getAccessTokenFrom(response).getResourceAccess();
|
Map<String, Access> resourceAccess = ModelUtils.getAccessTokenFrom(response).getResourceAccess();
|
||||||
for (String context : resourceAccess.keySet()) {
|
for (String context : resourceAccess.keySet()) {
|
||||||
try {
|
try {
|
||||||
|
|
|
@ -7,10 +7,10 @@ import org.gcube.smartgears.security.SimpleCredentials;
|
||||||
public class DefaultAuthorizationProviderFactory implements AuthorizationProviderFactory<DefaultAuthorizationProvider>{
|
public class DefaultAuthorizationProviderFactory implements AuthorizationProviderFactory<DefaultAuthorizationProvider>{
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public DefaultAuthorizationProvider connect(Credentials credentials) {
|
public DefaultAuthorizationProvider connect(Credentials credentials, String enpoint) {
|
||||||
if (!SimpleCredentials.class.isInstance(credentials))
|
if (!SimpleCredentials.class.isInstance(credentials))
|
||||||
throw new IllegalArgumentException("invalid credential type passed");
|
throw new IllegalArgumentException("invalid credential type passed");
|
||||||
return new DefaultAuthorizationProvider((SimpleCredentials)credentials);
|
return new DefaultAuthorizationProvider((SimpleCredentials)credentials, enpoint);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -30,10 +30,10 @@ location = rome
|
||||||
; mandatory
|
; mandatory
|
||||||
; optional fields: provider factory (=org.gcube.smartgears.security.defaults.DefaultAuthorizationProviderFactory)
|
; optional fields: provider factory (=org.gcube.smartgears.security.defaults.DefaultAuthorizationProviderFactory)
|
||||||
factory = org.gcube.smartgears.security.defaults.DefaultAuthorizationProviderFactory
|
factory = org.gcube.smartgears.security.defaults.DefaultAuthorizationProviderFactory
|
||||||
|
endpoint = testEndpoint
|
||||||
credentials.class = org.gcube.smartgears.security.SimpleCredentials
|
credentials.class = org.gcube.smartgears.security.SimpleCredentials
|
||||||
credentials.clientID = testClient
|
credentials.clientID = testClient
|
||||||
credentials.secret = testSecret
|
credentials.secret = testSecret
|
||||||
credentials.endpoint = testSecret
|
|
||||||
|
|
||||||
;[persistence]
|
;[persistence]
|
||||||
; not mandatory (default is LocalPersistence writing in the ghn home)
|
; not mandatory (default is LocalPersistence writing in the ghn home)
|
||||||
|
|
|
@ -1,41 +0,0 @@
|
||||||
[node]
|
|
||||||
; mandatory
|
|
||||||
; optional fields: mode (=online), publication-frequency-seconds (=60), authorizeChildrenContext (=false)
|
|
||||||
mode = offline
|
|
||||||
hostname = localhost
|
|
||||||
protocol= https
|
|
||||||
port = 8080
|
|
||||||
infrastructure = gcube
|
|
||||||
authorizeChildrenContext = true
|
|
||||||
publicationFrequencyInSeconds = 60
|
|
||||||
|
|
||||||
[properties]
|
|
||||||
; not mandatory
|
|
||||||
SmartGearsDistribution = 0.0.1
|
|
||||||
SmartGearsDistributionBundle = UnBundled
|
|
||||||
|
|
||||||
[site]
|
|
||||||
; mandatory
|
|
||||||
; optional fields: latitude, logitude
|
|
||||||
country = it
|
|
||||||
location = rome
|
|
||||||
|
|
||||||
[proxy]
|
|
||||||
; not mandatory
|
|
||||||
protocol = https
|
|
||||||
hostname = proxy
|
|
||||||
port = 80
|
|
||||||
|
|
||||||
[authorization]
|
|
||||||
; mandatory
|
|
||||||
; optional fields: factory provider (=org.gcube.smartgears.security.defaults.DefaultAuthorizationProviderFactory)
|
|
||||||
factory = org.gcube.smartgears.security.defaults.DefaultAuthorizationProviderFactory
|
|
||||||
credentials.class = org.gcube.smartgears.security.SimpleCredentials
|
|
||||||
credentials.clientID = testClient
|
|
||||||
credentials.secret = testSecret
|
|
||||||
credentials.enpoint = https://accounts.dev.d4science.org/auth/realms/d4science/protocol/openid-connect/token
|
|
||||||
|
|
||||||
[persistence]
|
|
||||||
; not mandatory (default is LocalPersistence writing in the ghn home)
|
|
||||||
class = utils.PersistenceWriterTest
|
|
||||||
location = /tmp
|
|
Loading…
Reference in New Issue