removed all the patch added to solve auth-portlet bug
This commit is contained in:
parent
b84b4fad81
commit
430cf04416
|
@ -12,14 +12,11 @@ import javax.xml.bind.annotation.XmlRootElement;
|
|||
|
||||
import org.gcube.common.authorization.library.PolicyUtils;
|
||||
import org.gcube.common.authorization.library.policies.Policy;
|
||||
import org.gcube.common.authorization.library.policies.PolicyType;
|
||||
import org.gcube.common.authorization.library.policies.ServiceAccess;
|
||||
import org.gcube.common.authorization.library.policies.User2ServicePolicy;
|
||||
import org.gcube.common.authorization.library.policies.UserEntity;
|
||||
import org.gcube.common.authorization.library.provider.AuthorizationProvider;
|
||||
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
|
||||
import org.gcube.common.authorization.library.provider.ServiceIdentifier;
|
||||
import org.gcube.common.authorization.library.utils.Caller;
|
||||
import org.gcube.common.scope.api.ScopeProvider;
|
||||
import org.gcube.common.scope.impl.ScopeBean;
|
||||
import org.gcube.common.scope.impl.ScopeBean.Type;
|
||||
|
@ -128,25 +125,25 @@ public class RequestValidator extends RequestHandler {
|
|||
|
||||
List<Policy> policies = null;
|
||||
try {
|
||||
authorizationService().getPolicies(scope);
|
||||
policies = authorizationService().getPolicies(scope);
|
||||
}catch (Exception e) {
|
||||
invalid_request_error.fire("error contating authorization");
|
||||
invalid_request_error.fire("error contating authorization for polices");
|
||||
}
|
||||
|
||||
for (Policy policy: policies) {
|
||||
log.debug("policy: {}", policy.getPolicyAsString() );
|
||||
|
||||
if (PolicyUtils.isPolicyValidForClient(policy.getServiceAccess(), serviceIdentifier ) || isPolicyValidForService(policy.getServiceAccess(), serviceIdentifier)) {
|
||||
if (PolicyUtils.isPolicyValidForClient(policy.getServiceAccess(), serviceIdentifier )) {
|
||||
boolean toReject = false;
|
||||
UserEntity entity = (((User2ServicePolicy) policy).getEntity());
|
||||
if (entity.getIdentifier()!=null)
|
||||
toReject = entity.getIdentifier().trim().equals(callerId);
|
||||
toReject = entity.getIdentifier().equals(callerId);
|
||||
else if (entity.getExcludes().isEmpty())
|
||||
toReject = true;
|
||||
else toReject = !entity.getExcludes().contains(callerId);
|
||||
if (toReject) {
|
||||
log.error("rejecting call to {} : {} is not allowed to contact the service ",context.name(), callerId);
|
||||
RequestError.request_not_authorized_error.fire("rejecting call to "+context.name()+": "+callerId+" is not allowed to contact the service: "+serviceIdentifier.getServiceName() );
|
||||
RequestError.request_not_authorized_error.fire("rejecting call to "+context.name()+" for polices: "+callerId+" is not allowed to contact the service: "+serviceIdentifier.getServiceName() );
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -154,14 +151,6 @@ public class RequestValidator extends RequestHandler {
|
|||
|
||||
}
|
||||
|
||||
//TO resolve an error on Auth Portlet
|
||||
private boolean isPolicyValidForService(ServiceAccess serviceAccess, ServiceIdentifier serviceId) {
|
||||
String policyAsString = serviceAccess.getAsString();
|
||||
|
||||
return policyAsString.equals("ALL") || policyAsString.equals(serviceId.getServiceClass()+":ALL:ALL") ||
|
||||
policyAsString.equals(serviceId.getServiceClass()+":"+serviceId.getServiceName()+":ALL") ||
|
||||
policyAsString.equals(serviceId.getFullIdentifier());
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue