gCubeSystem
/
common-smartgears
16
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

removed all the patch added to solve auth-portlet bug

This commit is contained in:
Lucio Lelii 2022-03-07 16:56:31 +01:00
parent b84b4fad81
commit 430cf04416
1 changed files with 6 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
src/main/java/org/gcube/smartgears/handlers/application/request/RequestValidator.java
View File

@ -12,14 +12,11 @@ import javax.xml.bind.annotation.XmlRootElement;
import org.gcube.common.authorization.library.PolicyUtils; import org.gcube.common.authorization.library.PolicyUtils;
import org.gcube.common.authorization.library.policies.Policy; import org.gcube.common.authorization.library.policies.Policy;
import org.gcube.common.authorization.library.policies.PolicyType;
import org.gcube.common.authorization.library.policies.ServiceAccess;
import org.gcube.common.authorization.library.policies.User2ServicePolicy; import org.gcube.common.authorization.library.policies.User2ServicePolicy;
import org.gcube.common.authorization.library.policies.UserEntity; import org.gcube.common.authorization.library.policies.UserEntity;
import org.gcube.common.authorization.library.provider.AuthorizationProvider; import org.gcube.common.authorization.library.provider.AuthorizationProvider;
import org.gcube.common.authorization.library.provider.SecurityTokenProvider; import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
import org.gcube.common.authorization.library.provider.ServiceIdentifier; import org.gcube.common.authorization.library.provider.ServiceIdentifier;
import org.gcube.common.authorization.library.utils.Caller;
import org.gcube.common.scope.api.ScopeProvider; import org.gcube.common.scope.api.ScopeProvider;
import org.gcube.common.scope.impl.ScopeBean; import org.gcube.common.scope.impl.ScopeBean;
import org.gcube.common.scope.impl.ScopeBean.Type; import org.gcube.common.scope.impl.ScopeBean.Type;
@ -128,40 +125,32 @@ public class RequestValidator extends RequestHandler {
List<Policy> policies = null; List<Policy> policies = null;
try { try {
authorizationService().getPolicies(scope); policies = authorizationService().getPolicies(scope);
}catch (Exception e) { }catch (Exception e) {
invalid_request_error.fire("error contating authorization"); invalid_request_error.fire("error contating authorization for polices");
} }
for (Policy policy: policies) { for (Policy policy: policies) {
log.debug("policy: {}", policy.getPolicyAsString() ); log.debug("policy: {}", policy.getPolicyAsString() );
if (PolicyUtils.isPolicyValidForClient(policy.getServiceAccess(), serviceIdentifier ) || isPolicyValidForService(policy.getServiceAccess(), serviceIdentifier)) { if (PolicyUtils.isPolicyValidForClient(policy.getServiceAccess(), serviceIdentifier )) {
boolean toReject = false; boolean toReject = false;
UserEntity entity = (((User2ServicePolicy) policy).getEntity()); UserEntity entity = (((User2ServicePolicy) policy).getEntity());
if (entity.getIdentifier()!=null) if (entity.getIdentifier()!=null)
toReject = entity.getIdentifier().trim().equals(callerId); toReject = entity.getIdentifier().equals(callerId);
else if (entity.getExcludes().isEmpty()) else if (entity.getExcludes().isEmpty())
toReject = true; toReject = true;
else toReject = !entity.getExcludes().contains(callerId); else toReject = !entity.getExcludes().contains(callerId);
if (toReject) { if (toReject) {
log.error("rejecting call to {} : {} is not allowed to contact the service ",context.name(), callerId); log.error("rejecting call to {} : {} is not allowed to contact the service ",context.name(), callerId);
RequestError.request_not_authorized_error.fire("rejecting call to "+context.name()+": "+callerId+" is not allowed to contact the service: "+serviceIdentifier.getServiceName() ); RequestError.request_not_authorized_error.fire("rejecting call to "+context.name()+" for polices: "+callerId+" is not allowed to contact the service: "+serviceIdentifier.getServiceName() );
} }
} }
} }
} }
//TO resolve an error on Auth Portlet
private boolean isPolicyValidForService(ServiceAccess serviceAccess, ServiceIdentifier serviceId) {
String policyAsString = serviceAccess.getAsString();
return policyAsString.equals("ALL") || policyAsString.equals(serviceId.getServiceClass()+":ALL:ALL") ||
policyAsString.equals(serviceId.getServiceClass()+":"+serviceId.getServiceName()+":ALL") ||
policyAsString.equals(serviceId.getFullIdentifier());
}
} }