diff --git a/CHANGELOG.md b/CHANGELOG.md
index b35f0ec..f50afed 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,6 +13,10 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
- Added SecretManagerProvider thread local from authorization-utils [#22871]
- Added Linux distribution version [#22933]
+## [v3.1.3] - 2022-03-21
+
+- fixed bug on policies
+
## [v3.1.2] - 2022-01-19
diff --git a/pom.xml b/pom.xml
index a5ab099..9e05530 100644
--- a/pom.xml
+++ b/pom.xml
@@ -12,6 +12,7 @@
org.gcube.core
common-smartgears
4.0.0-SNAPSHOT
+
SmartGears
diff --git a/src/main/java/org/gcube/smartgears/extensions/HttpController.java b/src/main/java/org/gcube/smartgears/extensions/HttpController.java
index 8a2d7a7..4c78aa0 100644
--- a/src/main/java/org/gcube/smartgears/extensions/HttpController.java
+++ b/src/main/java/org/gcube/smartgears/extensions/HttpController.java
@@ -176,8 +176,6 @@ public class HttpController extends HttpExtension {
case OPTIONS:
resource.doOptions(request, response);
break;
- case TRACE:
- resource.doTrace(request, response);
}
}
diff --git a/src/main/java/org/gcube/smartgears/extensions/HttpExtension.java b/src/main/java/org/gcube/smartgears/extensions/HttpExtension.java
index c97a9e7..d8edea6 100644
--- a/src/main/java/org/gcube/smartgears/extensions/HttpExtension.java
+++ b/src/main/java/org/gcube/smartgears/extensions/HttpExtension.java
@@ -11,7 +11,7 @@ import javax.xml.bind.annotation.XmlAttribute;
import org.gcube.common.validator.annotations.NotEmpty;
import org.gcube.smartgears.configuration.application.Exclude;
import org.gcube.smartgears.context.application.ApplicationContext;
-
+import javax.ws.rs.HttpMethod;
/**
* An {@link ApplicationExtension} that implements the {@link HttpServlet} interface
*
@@ -27,7 +27,25 @@ public abstract class HttpExtension extends HttpServlet implements ApplicationEx
*
*/
public static enum Method {
- GET, PUT, POST, HEAD, DELETE, OPTIONS, TRACE
+ GET(HttpMethod.GET),
+ PUT(HttpMethod.PUT),
+ POST(HttpMethod.POST),
+ HEAD(HttpMethod.HEAD),
+ DELETE(HttpMethod.DELETE),
+ OPTIONS(HttpMethod.OPTIONS);
+
+
+ private String value;
+
+
+ private Method(String value) {
+ this.value = value;
+ }
+
+
+ public String getValue() {
+ return this.value;
+ }
}
@XmlAttribute @NotEmpty
diff --git a/src/main/java/org/gcube/smartgears/handlers/application/request/RequestContextRetriever.java b/src/main/java/org/gcube/smartgears/handlers/application/request/RequestContextRetriever.java
index 3ef9060..787baaf 100644
--- a/src/main/java/org/gcube/smartgears/handlers/application/request/RequestContextRetriever.java
+++ b/src/main/java/org/gcube/smartgears/handlers/application/request/RequestContextRetriever.java
@@ -99,4 +99,4 @@ public class RequestContextRetriever extends RequestHandler {
SecretManagerProvider.instance.reset();
}
-}
+}
\ No newline at end of file
diff --git a/src/main/java/org/gcube/smartgears/handlers/application/request/RequestValidator.java b/src/main/java/org/gcube/smartgears/handlers/application/request/RequestValidator.java
index b894db1..dff908f 100644
--- a/src/main/java/org/gcube/smartgears/handlers/application/request/RequestValidator.java
+++ b/src/main/java/org/gcube/smartgears/handlers/application/request/RequestValidator.java
@@ -1,21 +1,12 @@
package org.gcube.smartgears.handlers.application.request;
-import static org.gcube.common.authorization.client.Constants.authorizationService;
import static org.gcube.smartgears.handlers.application.request.RequestError.application_failed_error;
import static org.gcube.smartgears.handlers.application.request.RequestError.application_unavailable_error;
import static org.gcube.smartgears.handlers.application.request.RequestError.invalid_request_error;
-import java.util.List;
-
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlRootElement;
-
-import org.gcube.common.authorization.library.PolicyUtils;
-import org.gcube.common.authorization.library.policies.Policy;
-import org.gcube.common.authorization.library.policies.User2ServicePolicy;
-import org.gcube.common.authorization.library.policies.UserEntity;
-import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
-import org.gcube.common.authorization.library.provider.ServiceIdentifier;
+import org.gcube.common.authorization.utils.manager.SecretManager;
import org.gcube.common.authorization.utils.manager.SecretManagerProvider;
import org.gcube.common.scope.api.ScopeProvider;
import org.gcube.common.scope.impl.ScopeBean;
@@ -26,7 +17,6 @@ import org.gcube.smartgears.configuration.container.ContainerConfiguration;
import org.gcube.smartgears.context.application.ApplicationContext;
import org.gcube.smartgears.handlers.application.RequestEvent;
import org.gcube.smartgears.handlers.application.RequestHandler;
-import org.gcube.smartgears.utils.Utils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -83,30 +73,30 @@ public class RequestValidator extends RequestHandler {
private void validateScopeCall() {
- String scope = ScopeProvider.instance.get();
+ String context = SecretManagerProvider.instance.get().getContext();
- if (scope == null) {
+ if (context == null) {
log.warn("rejecting unscoped call to {}",appContext.name());
invalid_request_error.fire("call is unscoped");
}
- ScopeBean bean = new ScopeBean(scope);
+ ScopeBean bean = new ScopeBean(context);
ContainerConfiguration conf = appContext.container().configuration();
- if (!conf.allowedContexts().contains(scope) &&
- !(conf.authorizeChildrenContext() && bean.is(Type.VRE) && conf.allowedContexts().contains(bean.enclosingScope().toString()) ) ) {
- log.warn("rejecting call to {} in invalid context {}, allowed context are {}",appContext.name(),scope,appContext.container().configuration().allowedContexts());
- invalid_request_error.fire(appContext.name()+" cannot be called in scope "+scope);
+ if (!conf.allowedContexts().contains(context) &&
+ !(conf.authorizeChildrenContext() && bean.is(Type.VRE)
+ && conf.allowedContexts().contains(bean.enclosingScope().toString()) ) ) {
+ log.warn("rejecting call to {} in invalid context {}, allowed context are {}",appContext.name(),context,appContext.container().configuration().allowedContexts());
+ invalid_request_error.fire(appContext.name()+" cannot be called in scope "+context);
}
}
private void rejectUnauthorizedCalls(RequestEvent call){
-
- String token = SecurityTokenProvider.instance.get();
- String context = SecretManagerProvider.instance.get().getContext();
-
- if (token == null && context==null){
- log.warn("rejecting call to {}, authorization required",appContext.name(),token);
+
+ SecretManager secretManager = SecretManagerProvider.instance.get();
+
+ if (secretManager.getCurrentSecretHolder().getSecrets().size()>0){
+ log.warn("rejecting call to {}, authorization required",appContext.name());
RequestError.request_not_authorized_error.fire(appContext.name()+": authorization required");
}
}
@@ -117,40 +107,10 @@ public class RequestValidator extends RequestHandler {
}
private void validatePolicy(String scope, RequestEvent call){
- log.info("accessing policy validator in scope {} ", scope);
-
- ServiceIdentifier serviceIdentifier = Utils.getServiceInfo(call.context()).getServiceIdentifier();
-
- String callerId = SecretManagerProvider.instance.get().getUser().getUsername();
-
- List policies = null;
- try {
- policies = authorizationService().getPolicies(scope);
- }catch (Exception e) {
- invalid_request_error.fire("error contating authorization for polices");
- }
-
- for (Policy policy: policies) {
- log.debug("policy: {}", policy.getPolicyAsString() );
-
- if (PolicyUtils.isPolicyValidForClient(policy.getServiceAccess(), serviceIdentifier )) {
- boolean toReject = false;
- UserEntity entity = (((User2ServicePolicy) policy).getEntity());
- if (entity.getIdentifier()!=null)
- toReject = entity.getIdentifier().equals(callerId);
- else if (entity.getExcludes().isEmpty())
- toReject = true;
- else toReject = !entity.getExcludes().contains(callerId);
- if (toReject) {
- log.error("rejecting call to {} : {} is not allowed to contact the service ",appContext.name(), callerId);
- RequestError.request_not_authorized_error.fire("rejecting call to "+appContext.name()+" for polices: "+callerId+" is not allowed to contact the service: "+serviceIdentifier.getServiceName() );
- }
- }
-
- }
-
+ //TODO: must be re-think
}
+
}
diff --git a/src/test/java/app/Request.java b/src/test/java/app/Request.java
index 106f1ea..99eae31 100644
--- a/src/test/java/app/Request.java
+++ b/src/test/java/app/Request.java
@@ -1,6 +1,7 @@
package app;
import java.util.ArrayList;
+import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@@ -10,6 +11,7 @@ import java.util.concurrent.TimeUnit;
import java.util.logging.Logger;
import javax.ws.rs.HttpMethod;
+import javax.ws.rs.WebApplicationException;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.client.Invocation.Builder;
@@ -17,6 +19,7 @@ import javax.ws.rs.client.Invocation.Builder;
import org.gcube.common.authorization.library.provider.AuthorizationProvider;
import org.gcube.common.authorization.library.provider.UserInfo;
import org.gcube.common.authorization.library.utils.Caller;
+import org.gcube.smartgears.extensions.HttpExtension.Method;
import org.glassfish.jersey.client.ClientConfig;
import org.glassfish.jersey.client.ClientResponse;
import org.glassfish.jersey.logging.LoggingFeature;
@@ -63,12 +66,12 @@ public class Request {
}
public Request with(String name, String value) {
- this.headers.put(name, value);
+ this.headers.put(name, Collections.singletonList(value));
return this;
}
- public Request using(String method) {
- this.method=method;
+ public Request using(Method method) {
+ this.method=method.getValue();
return this;
}
@@ -98,7 +101,7 @@ public class Request {
class Box {
- volatile Exception failure;
+ volatile WebApplicationException failure;
volatile ClientResponse response;
}
@@ -143,13 +146,13 @@ public class Request {
//throws an exception if there response has error status
if (response.getStatus()>300)
- throw new Exception(response.getStatus());
+ throw new WebApplicationException(response.getStatus());
box.response=response;
}
- } catch (Exception t) {
+ } catch (WebApplicationException t) {
box.failure=t;
}
@@ -178,7 +181,7 @@ public class Request {
path = (path.isEmpty() || path.startsWith("/"))?path:"/"+path;
- return "http://localhost:" + port+ "/" + context_root+path;
+ return "http://localhost:" + port+ "/" + TestUtils.context_root+path;
}
}
diff --git a/src/test/java/app/SomeApp.java b/src/test/java/app/SomeApp.java
index 76d5a82..9e1483a 100644
--- a/src/test/java/app/SomeApp.java
+++ b/src/test/java/app/SomeApp.java
@@ -27,14 +27,13 @@ import org.gcube.smartgears.configuration.container.ContainerConfiguration;
import org.gcube.smartgears.context.application.ApplicationContext;
import org.gcube.smartgears.managers.ContainerManager;
import org.gcube.smartgears.provider.ProviderFactory;
+import org.glassfish.jersey.client.ClientResponse;
import org.jboss.shrinkwrap.api.ShrinkWrap;
import org.jboss.shrinkwrap.api.asset.StringAsset;
import org.jboss.shrinkwrap.api.exporter.ZipExporter;
import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.jboss.shrinkwrap.impl.base.path.BasicPath;
-import com.sun.jersey.api.client.ClientResponse;
-
import utils.TestProvider;
import utils.TestUtils;
@@ -308,7 +307,7 @@ public class SomeApp {
*/
public String send(Request call) {
- return call.make(port()).getEntity(String.class);
+ return (String) call.make(port()).getEntity();
}
/**
diff --git a/src/test/java/test/application/CallValidationTest.java b/src/test/java/test/application/CallValidationTest.java
index a980908..e2e8d5b 100644
--- a/src/test/java/test/application/CallValidationTest.java
+++ b/src/test/java/test/application/CallValidationTest.java
@@ -14,6 +14,8 @@ import static utils.TestUtils.scope;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;
+import javax.ws.rs.WebApplicationException;
+
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
import org.gcube.smartgears.Constants;
import org.gcube.smartgears.configuration.application.Exclude;
@@ -24,7 +26,6 @@ import org.junit.Test;
import app.SomeApp;
-import com.sun.jersey.api.client.UniformInterfaceException;
public class CallValidationTest {
@@ -52,7 +53,7 @@ public class CallValidationTest {
try {
app.send(request());
}
- catch(UniformInterfaceException e) {
+ catch(WebApplicationException e) {
assertEquals(application_unavailable_error.code(), e.getResponse().getStatus());
}
@@ -62,7 +63,7 @@ public class CallValidationTest {
try {
app.send(request());
}
- catch(UniformInterfaceException e) {
+ catch(WebApplicationException e) {
assertEquals(application_failed_error.code(), e.getResponse().getStatus());
}
@@ -82,7 +83,7 @@ public class CallValidationTest {
app.send(request().inScope(null));; //call in no scope
fail();
}
- catch(UniformInterfaceException e) {
+ catch(WebApplicationException e) {
assertEquals(request_not_authorized_error.code(), e.getResponse().getStatus());
}
@@ -101,7 +102,7 @@ public class CallValidationTest {
app.send(request().inScope("/bad/scope")); //call in no scope
fail();
}
- catch(UniformInterfaceException e) {
+ catch(WebApplicationException e) {
assertEquals(invalid_request_error.code(), e.getResponse().getStatus());
}
diff --git a/src/test/java/test/application/ControllerTest.java b/src/test/java/test/application/ControllerTest.java
index cbdbb97..13fcf34 100644
--- a/src/test/java/test/application/ControllerTest.java
+++ b/src/test/java/test/application/ControllerTest.java
@@ -1,31 +1,42 @@
package test.application;
-import static app.Request.*;
-import static org.gcube.smartgears.Constants.*;
-import static org.gcube.smartgears.extensions.ApiResource.*;
-import static org.gcube.smartgears.extensions.HttpExtension.Method.*;
-import static org.gcube.smartgears.handlers.application.request.RequestError.*;
-import static org.junit.Assert.*;
+import static app.Request.request;
+import static org.gcube.smartgears.Constants.accept;
+import static org.gcube.smartgears.Constants.allow;
+import static org.gcube.smartgears.Constants.content_type;
+import static org.gcube.smartgears.extensions.ApiResource.handles;
+import static org.gcube.smartgears.extensions.ApiResource.method;
+import static org.gcube.smartgears.extensions.HttpExtension.Method.GET;
+import static org.gcube.smartgears.extensions.HttpExtension.Method.POST;
+import static org.gcube.smartgears.extensions.HttpExtension.Method.PUT;
+import static org.gcube.smartgears.handlers.application.request.RequestError.incoming_contenttype_unsupported_error;
+import static org.gcube.smartgears.handlers.application.request.RequestError.method_unsupported_error;
+import static org.gcube.smartgears.handlers.application.request.RequestError.outgoing_contenttype_unsupported_error;
+import static org.gcube.smartgears.handlers.application.request.RequestError.resource_notfound_error;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.ws.rs.WebApplicationException;
import org.gcube.smartgears.Constants;
import org.gcube.smartgears.extensions.ApiResource;
import org.gcube.smartgears.extensions.ApiSignature;
import org.gcube.smartgears.extensions.HttpController;
import org.gcube.smartgears.extensions.HttpExtension;
+import org.glassfish.jersey.client.ClientResponse;
import org.junit.Test;
import app.Request;
import app.SomeApp;
-import com.sun.jersey.api.client.ClientResponse;
-import com.sun.jersey.api.client.UniformInterfaceException;
-
public class ControllerTest {
String name = "name";
@@ -74,7 +85,7 @@ public class ControllerTest {
try {
app.send(request);
fail();
- } catch (UniformInterfaceException e) {
+ } catch (WebApplicationException e) {
assertEquals(resource_notfound_error.code(), e.getResponse().getStatus());
}
}
@@ -91,7 +102,7 @@ public class ControllerTest {
try {
app.send(request);
fail();
- } catch (UniformInterfaceException e) {
+ } catch (WebApplicationException e) {
assertEquals(method_unsupported_error.code(), e.getResponse().getStatus());
assertNotNull(e.getResponse().getHeaders().toString(),e.getResponse().getHeaders().get(allow));
}
@@ -109,7 +120,7 @@ public class ControllerTest {
try {
app.send(request);
fail();
- } catch (UniformInterfaceException e) {
+ } catch (WebApplicationException e) {
assertEquals(outgoing_contenttype_unsupported_error.code(), e.getResponse().getStatus());
}
@@ -127,7 +138,7 @@ public class ControllerTest {
try {
app.send(request);
fail();
- } catch (UniformInterfaceException e) {
+ } catch (WebApplicationException e) {
assertEquals(outgoing_contenttype_unsupported_error.code(), e.getResponse().getStatus());
}
}
@@ -189,7 +200,7 @@ public class ControllerTest {
try {
app.send(request);
fail();
- } catch (UniformInterfaceException e) {
+ } catch (WebApplicationException e) {
assertEquals(incoming_contenttype_unsupported_error.code(), e.getResponse().getStatus());
}
}
diff --git a/src/test/java/test/application/ExtensionsTest.java b/src/test/java/test/application/ExtensionsTest.java
index 030fb8a..59b86cd 100644
--- a/src/test/java/test/application/ExtensionsTest.java
+++ b/src/test/java/test/application/ExtensionsTest.java
@@ -12,6 +12,7 @@ import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
+import javax.ws.rs.WebApplicationException;
import javax.xml.bind.annotation.XmlRootElement;
import org.gcube.smartgears.Constants;
@@ -24,8 +25,6 @@ import org.junit.Test;
import app.SomeApp;
-import com.sun.jersey.api.client.UniformInterfaceException;
-
public class ExtensionsTest {
String name = "name";
@@ -144,7 +143,7 @@ public class ExtensionsTest {
app.send(request().at(Constants.root_mapping+extension_path));
fail();
}
- catch(UniformInterfaceException e) {
+ catch(WebApplicationException e) {
assertEquals(error.code(),e.getResponse().getStatus());
}
@@ -177,9 +176,9 @@ public class ExtensionsTest {
app.send(request().at(Constants.root_mapping+extension_path).inScope(null));
fail();
}
- catch(UniformInterfaceException e) {
+ catch(WebApplicationException e) {
- assertEquals(e.getResponse().getEntity(String.class),invalid_request_error.code(),e.getResponse().getStatus());
+ assertEquals((String)e.getResponse().getEntity(),invalid_request_error.code(),e.getResponse().getStatus());
}
}
}
diff --git a/src/test/java/test/container/ContainerLifecycleTest.java b/src/test/java/test/container/ContainerLifecycleTest.java
index 91a2cf0..87f387b 100644
--- a/src/test/java/test/container/ContainerLifecycleTest.java
+++ b/src/test/java/test/container/ContainerLifecycleTest.java
@@ -8,6 +8,7 @@ import org.gcube.smartgears.lifecycle.application.ApplicationState;
import org.gcube.smartgears.lifecycle.container.ContainerState;
import org.gcube.smartgears.managers.ContainerManager;
import org.junit.After;
+import org.junit.Before;
import org.junit.Ignore;
import org.junit.Test;
@@ -15,7 +16,14 @@ import app.SomeApp;
public class ContainerLifecycleTest {
- SomeApp app = new SomeApp();
+
+ SomeApp app;
+
+
+ @Before
+ public void init() {
+ app = new SomeApp();
+ }
@After
public void teardown() {
diff --git a/src/test/java/utils/TestUtils.java b/src/test/java/utils/TestUtils.java
index a148ca3..a043481 100644
--- a/src/test/java/utils/TestUtils.java
+++ b/src/test/java/utils/TestUtils.java
@@ -18,7 +18,7 @@ import org.gcube.smartgears.handlers.application.ApplicationHandler;
public class TestUtils {
- public static String location = "target/ghn-home";
+ public static String location = "/tmp/ghn-home";
public static String context_root = "test-app";
public static String context_root_path = "/" + context_root;
public static String servlet_name = "test";