auth provider modified
This commit is contained in:
parent
f54efc1e4e
commit
230ae3bde9
|
@ -114,6 +114,7 @@ public class ContainerConfigurationBinder {
|
|||
if (authorizationSection != null) {
|
||||
|
||||
String provider = authorizationSection.get("factory");
|
||||
String authEndpoint = authorizationSection.get("endpoint");
|
||||
AuthorizationProviderFactory<?> authProviderFactory;
|
||||
if (provider!=null) {
|
||||
try {
|
||||
|
@ -138,7 +139,7 @@ public class ContainerConfigurationBinder {
|
|||
}
|
||||
authorizationSection.to(credentials, "credentials.");
|
||||
|
||||
AuthorizationProvider authProvider = authProviderFactory.connect(credentials);
|
||||
AuthorizationProvider authProvider = authProviderFactory.connect(credentials, authEndpoint);
|
||||
|
||||
conf.setAuthorizationProvider(authProvider);
|
||||
}
|
||||
|
|
|
@ -164,7 +164,7 @@ public class ProfileManager extends ApplicationLifecycleHandler {
|
|||
@Observes(value = addToContext)
|
||||
void addTo(String token) {
|
||||
try {
|
||||
log.trace("publishing application with new token");
|
||||
log.trace("publishing application in new context");
|
||||
publisher.addTo(Collections.singleton(token));
|
||||
publisher.update();
|
||||
}catch (Exception e) {
|
||||
|
@ -183,7 +183,7 @@ public class ProfileManager extends ApplicationLifecycleHandler {
|
|||
@Observes(value = removeFromContext)
|
||||
void removeFrom(String token) {
|
||||
try {
|
||||
log.trace("unpublishing application with token");
|
||||
log.trace("unpublishing application from context");
|
||||
publisher.removeFrom(Collections.singleton(token));
|
||||
publisher.update();
|
||||
}catch (Exception e) {
|
||||
|
|
|
@ -47,8 +47,7 @@ public class ContainerPublisher extends AbstractProfilePublisher<HostingNode> {
|
|||
|
||||
@Override
|
||||
protected Set<String> getAllowedContexts() {
|
||||
// TODO Auto-generated method stub
|
||||
return null;
|
||||
return context.configuration().allowedContexts();
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -101,7 +101,7 @@ public class ContainerManager {
|
|||
Set<String> foundContexts;
|
||||
|
||||
try {
|
||||
foundContexts = context.configuration().authorizationProvider().getAllowedContexts();
|
||||
foundContexts = context.configuration().authorizationProvider().getContexts();
|
||||
} catch (Exception e) {
|
||||
log.error("error authorizing container",e);
|
||||
throw new RuntimeException("error authorizing container, moving the container to failed",e);
|
||||
|
|
|
@ -4,5 +4,5 @@ import java.util.Set;
|
|||
|
||||
public interface AuthorizationProvider {
|
||||
|
||||
Set<String> getAllowedContexts();
|
||||
Set<String> getContexts();
|
||||
}
|
||||
|
|
|
@ -2,6 +2,7 @@ package org.gcube.smartgears.security;
|
|||
|
||||
public interface AuthorizationProviderFactory<T extends AuthorizationProvider> {
|
||||
|
||||
T connect(Credentials credentials);
|
||||
T connect(Credentials credentials, String endpoint);
|
||||
|
||||
|
||||
}
|
||||
|
|
|
@ -11,9 +11,6 @@ public class SimpleCredentials implements Credentials{
|
|||
@NotNull @NotEmpty
|
||||
String secret;
|
||||
|
||||
@NotNull @NotEmpty
|
||||
String endpoint;
|
||||
|
||||
public String getClientID() {
|
||||
return clientID;
|
||||
}
|
||||
|
@ -22,14 +19,6 @@ public class SimpleCredentials implements Credentials{
|
|||
this.clientID = clientID;
|
||||
}
|
||||
|
||||
public String getEndpoint() {
|
||||
return endpoint;
|
||||
}
|
||||
|
||||
public void setEndpoint(String endpoint) {
|
||||
this.endpoint = endpoint;
|
||||
}
|
||||
|
||||
public String getSecret() {
|
||||
return secret;
|
||||
}
|
||||
|
|
|
@ -25,16 +25,22 @@ public class DefaultAuthorizationProvider implements AuthorizationProvider {
|
|||
|
||||
private SimpleCredentials credentials;
|
||||
|
||||
public DefaultAuthorizationProvider(SimpleCredentials credentials) {
|
||||
private String endpoint;
|
||||
|
||||
public DefaultAuthorizationProvider(SimpleCredentials credentials, String endpoint) {
|
||||
this.credentials = credentials;
|
||||
this.endpoint = endpoint;
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public Set<String> getAllowedContexts() {
|
||||
public Set<String> getContexts() {
|
||||
Set<String> contexts = new HashSet<String>();
|
||||
try {
|
||||
TokenResponse response = client.queryOIDCToken(new URL(credentials.getEndpoint()), credentials.getClientID(), credentials.getSecret());
|
||||
TokenResponse response;
|
||||
if (this.endpoint == null)
|
||||
response = client.queryOIDCToken(credentials.getClientID(), credentials.getSecret());
|
||||
else
|
||||
response = client.queryOIDCToken(new URL(this.endpoint), credentials.getClientID(), credentials.getSecret());
|
||||
Map<String, Access> resourceAccess = ModelUtils.getAccessTokenFrom(response).getResourceAccess();
|
||||
for (String context : resourceAccess.keySet()) {
|
||||
try {
|
||||
|
|
|
@ -7,10 +7,10 @@ import org.gcube.smartgears.security.SimpleCredentials;
|
|||
public class DefaultAuthorizationProviderFactory implements AuthorizationProviderFactory<DefaultAuthorizationProvider>{
|
||||
|
||||
@Override
|
||||
public DefaultAuthorizationProvider connect(Credentials credentials) {
|
||||
public DefaultAuthorizationProvider connect(Credentials credentials, String enpoint) {
|
||||
if (!SimpleCredentials.class.isInstance(credentials))
|
||||
throw new IllegalArgumentException("invalid credential type passed");
|
||||
return new DefaultAuthorizationProvider((SimpleCredentials)credentials);
|
||||
return new DefaultAuthorizationProvider((SimpleCredentials)credentials, enpoint);
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -30,10 +30,10 @@ location = rome
|
|||
; mandatory
|
||||
; optional fields: provider factory (=org.gcube.smartgears.security.defaults.DefaultAuthorizationProviderFactory)
|
||||
factory = org.gcube.smartgears.security.defaults.DefaultAuthorizationProviderFactory
|
||||
endpoint = testEndpoint
|
||||
credentials.class = org.gcube.smartgears.security.SimpleCredentials
|
||||
credentials.clientID = testClient
|
||||
credentials.secret = testSecret
|
||||
credentials.endpoint = testSecret
|
||||
|
||||
;[persistence]
|
||||
; not mandatory (default is LocalPersistence writing in the ghn home)
|
||||
|
|
|
@ -1,41 +0,0 @@
|
|||
[node]
|
||||
; mandatory
|
||||
; optional fields: mode (=online), publication-frequency-seconds (=60), authorizeChildrenContext (=false)
|
||||
mode = offline
|
||||
hostname = localhost
|
||||
protocol= https
|
||||
port = 8080
|
||||
infrastructure = gcube
|
||||
authorizeChildrenContext = true
|
||||
publicationFrequencyInSeconds = 60
|
||||
|
||||
[properties]
|
||||
; not mandatory
|
||||
SmartGearsDistribution = 0.0.1
|
||||
SmartGearsDistributionBundle = UnBundled
|
||||
|
||||
[site]
|
||||
; mandatory
|
||||
; optional fields: latitude, logitude
|
||||
country = it
|
||||
location = rome
|
||||
|
||||
[proxy]
|
||||
; not mandatory
|
||||
protocol = https
|
||||
hostname = proxy
|
||||
port = 80
|
||||
|
||||
[authorization]
|
||||
; mandatory
|
||||
; optional fields: factory provider (=org.gcube.smartgears.security.defaults.DefaultAuthorizationProviderFactory)
|
||||
factory = org.gcube.smartgears.security.defaults.DefaultAuthorizationProviderFactory
|
||||
credentials.class = org.gcube.smartgears.security.SimpleCredentials
|
||||
credentials.clientID = testClient
|
||||
credentials.secret = testSecret
|
||||
credentials.enpoint = https://accounts.dev.d4science.org/auth/realms/d4science/protocol/openid-connect/token
|
||||
|
||||
[persistence]
|
||||
; not mandatory (default is LocalPersistence writing in the ghn home)
|
||||
class = utils.PersistenceWriterTest
|
||||
location = /tmp
|
Loading…
Reference in New Issue