From 454533abcd6cca2bf71cb35f0dd98ce03009fe2c Mon Sep 17 00:00:00 2001 From: lucio lelii Date: Tue, 29 Mar 2022 15:05:28 +0200 Subject: [PATCH] update --- CHANGELOG.md | 4 ++ pom.xml | 1 + .../smartgears/extensions/HttpController.java | 2 - .../smartgears/extensions/HttpExtension.java | 22 +++++- .../request/RequestContextRetriever.java | 2 +- .../application/request/RequestValidator.java | 72 +++++-------------- src/test/java/app/Request.java | 17 +++-- src/test/java/app/SomeApp.java | 5 +- .../test/application/CallValidationTest.java | 11 +-- .../java/test/application/ControllerTest.java | 39 ++++++---- .../java/test/application/ExtensionsTest.java | 9 ++- .../container/ContainerLifecycleTest.java | 10 ++- src/test/java/utils/TestUtils.java | 2 +- 13 files changed, 99 insertions(+), 97 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b35f0ec..f50afed 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,10 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm - Added SecretManagerProvider thread local from authorization-utils [#22871] - Added Linux distribution version [#22933] +## [v3.1.3] - 2022-03-21 + +- fixed bug on policies + ## [v3.1.2] - 2022-01-19 diff --git a/pom.xml b/pom.xml index a5ab099..9e05530 100644 --- a/pom.xml +++ b/pom.xml @@ -12,6 +12,7 @@ org.gcube.core common-smartgears 4.0.0-SNAPSHOT + SmartGears diff --git a/src/main/java/org/gcube/smartgears/extensions/HttpController.java b/src/main/java/org/gcube/smartgears/extensions/HttpController.java index 8a2d7a7..4c78aa0 100644 --- a/src/main/java/org/gcube/smartgears/extensions/HttpController.java +++ b/src/main/java/org/gcube/smartgears/extensions/HttpController.java @@ -176,8 +176,6 @@ public class HttpController extends HttpExtension { case OPTIONS: resource.doOptions(request, response); break; - case TRACE: - resource.doTrace(request, response); } } diff --git a/src/main/java/org/gcube/smartgears/extensions/HttpExtension.java b/src/main/java/org/gcube/smartgears/extensions/HttpExtension.java index c97a9e7..d8edea6 100644 --- a/src/main/java/org/gcube/smartgears/extensions/HttpExtension.java +++ b/src/main/java/org/gcube/smartgears/extensions/HttpExtension.java @@ -11,7 +11,7 @@ import javax.xml.bind.annotation.XmlAttribute; import org.gcube.common.validator.annotations.NotEmpty; import org.gcube.smartgears.configuration.application.Exclude; import org.gcube.smartgears.context.application.ApplicationContext; - +import javax.ws.rs.HttpMethod; /** * An {@link ApplicationExtension} that implements the {@link HttpServlet} interface * @@ -27,7 +27,25 @@ public abstract class HttpExtension extends HttpServlet implements ApplicationEx * */ public static enum Method { - GET, PUT, POST, HEAD, DELETE, OPTIONS, TRACE + GET(HttpMethod.GET), + PUT(HttpMethod.PUT), + POST(HttpMethod.POST), + HEAD(HttpMethod.HEAD), + DELETE(HttpMethod.DELETE), + OPTIONS(HttpMethod.OPTIONS); + + + private String value; + + + private Method(String value) { + this.value = value; + } + + + public String getValue() { + return this.value; + } } @XmlAttribute @NotEmpty diff --git a/src/main/java/org/gcube/smartgears/handlers/application/request/RequestContextRetriever.java b/src/main/java/org/gcube/smartgears/handlers/application/request/RequestContextRetriever.java index 3ef9060..787baaf 100644 --- a/src/main/java/org/gcube/smartgears/handlers/application/request/RequestContextRetriever.java +++ b/src/main/java/org/gcube/smartgears/handlers/application/request/RequestContextRetriever.java @@ -99,4 +99,4 @@ public class RequestContextRetriever extends RequestHandler { SecretManagerProvider.instance.reset(); } -} +} \ No newline at end of file diff --git a/src/main/java/org/gcube/smartgears/handlers/application/request/RequestValidator.java b/src/main/java/org/gcube/smartgears/handlers/application/request/RequestValidator.java index b894db1..dff908f 100644 --- a/src/main/java/org/gcube/smartgears/handlers/application/request/RequestValidator.java +++ b/src/main/java/org/gcube/smartgears/handlers/application/request/RequestValidator.java @@ -1,21 +1,12 @@ package org.gcube.smartgears.handlers.application.request; -import static org.gcube.common.authorization.client.Constants.authorizationService; import static org.gcube.smartgears.handlers.application.request.RequestError.application_failed_error; import static org.gcube.smartgears.handlers.application.request.RequestError.application_unavailable_error; import static org.gcube.smartgears.handlers.application.request.RequestError.invalid_request_error; -import java.util.List; - import javax.xml.bind.annotation.XmlAttribute; import javax.xml.bind.annotation.XmlRootElement; - -import org.gcube.common.authorization.library.PolicyUtils; -import org.gcube.common.authorization.library.policies.Policy; -import org.gcube.common.authorization.library.policies.User2ServicePolicy; -import org.gcube.common.authorization.library.policies.UserEntity; -import org.gcube.common.authorization.library.provider.SecurityTokenProvider; -import org.gcube.common.authorization.library.provider.ServiceIdentifier; +import org.gcube.common.authorization.utils.manager.SecretManager; import org.gcube.common.authorization.utils.manager.SecretManagerProvider; import org.gcube.common.scope.api.ScopeProvider; import org.gcube.common.scope.impl.ScopeBean; @@ -26,7 +17,6 @@ import org.gcube.smartgears.configuration.container.ContainerConfiguration; import org.gcube.smartgears.context.application.ApplicationContext; import org.gcube.smartgears.handlers.application.RequestEvent; import org.gcube.smartgears.handlers.application.RequestHandler; -import org.gcube.smartgears.utils.Utils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -83,30 +73,30 @@ public class RequestValidator extends RequestHandler { private void validateScopeCall() { - String scope = ScopeProvider.instance.get(); + String context = SecretManagerProvider.instance.get().getContext(); - if (scope == null) { + if (context == null) { log.warn("rejecting unscoped call to {}",appContext.name()); invalid_request_error.fire("call is unscoped"); } - ScopeBean bean = new ScopeBean(scope); + ScopeBean bean = new ScopeBean(context); ContainerConfiguration conf = appContext.container().configuration(); - if (!conf.allowedContexts().contains(scope) && - !(conf.authorizeChildrenContext() && bean.is(Type.VRE) && conf.allowedContexts().contains(bean.enclosingScope().toString()) ) ) { - log.warn("rejecting call to {} in invalid context {}, allowed context are {}",appContext.name(),scope,appContext.container().configuration().allowedContexts()); - invalid_request_error.fire(appContext.name()+" cannot be called in scope "+scope); + if (!conf.allowedContexts().contains(context) && + !(conf.authorizeChildrenContext() && bean.is(Type.VRE) + && conf.allowedContexts().contains(bean.enclosingScope().toString()) ) ) { + log.warn("rejecting call to {} in invalid context {}, allowed context are {}",appContext.name(),context,appContext.container().configuration().allowedContexts()); + invalid_request_error.fire(appContext.name()+" cannot be called in scope "+context); } } private void rejectUnauthorizedCalls(RequestEvent call){ - - String token = SecurityTokenProvider.instance.get(); - String context = SecretManagerProvider.instance.get().getContext(); - - if (token == null && context==null){ - log.warn("rejecting call to {}, authorization required",appContext.name(),token); + + SecretManager secretManager = SecretManagerProvider.instance.get(); + + if (secretManager.getCurrentSecretHolder().getSecrets().size()>0){ + log.warn("rejecting call to {}, authorization required",appContext.name()); RequestError.request_not_authorized_error.fire(appContext.name()+": authorization required"); } } @@ -117,40 +107,10 @@ public class RequestValidator extends RequestHandler { } private void validatePolicy(String scope, RequestEvent call){ - log.info("accessing policy validator in scope {} ", scope); - - ServiceIdentifier serviceIdentifier = Utils.getServiceInfo(call.context()).getServiceIdentifier(); - - String callerId = SecretManagerProvider.instance.get().getUser().getUsername(); - - List policies = null; - try { - policies = authorizationService().getPolicies(scope); - }catch (Exception e) { - invalid_request_error.fire("error contating authorization for polices"); - } - - for (Policy policy: policies) { - log.debug("policy: {}", policy.getPolicyAsString() ); - - if (PolicyUtils.isPolicyValidForClient(policy.getServiceAccess(), serviceIdentifier )) { - boolean toReject = false; - UserEntity entity = (((User2ServicePolicy) policy).getEntity()); - if (entity.getIdentifier()!=null) - toReject = entity.getIdentifier().equals(callerId); - else if (entity.getExcludes().isEmpty()) - toReject = true; - else toReject = !entity.getExcludes().contains(callerId); - if (toReject) { - log.error("rejecting call to {} : {} is not allowed to contact the service ",appContext.name(), callerId); - RequestError.request_not_authorized_error.fire("rejecting call to "+appContext.name()+" for polices: "+callerId+" is not allowed to contact the service: "+serviceIdentifier.getServiceName() ); - } - } - - } - + //TODO: must be re-think } + } diff --git a/src/test/java/app/Request.java b/src/test/java/app/Request.java index 106f1ea..99eae31 100644 --- a/src/test/java/app/Request.java +++ b/src/test/java/app/Request.java @@ -1,6 +1,7 @@ package app; import java.util.ArrayList; +import java.util.Collections; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -10,6 +11,7 @@ import java.util.concurrent.TimeUnit; import java.util.logging.Logger; import javax.ws.rs.HttpMethod; +import javax.ws.rs.WebApplicationException; import javax.ws.rs.client.Client; import javax.ws.rs.client.ClientBuilder; import javax.ws.rs.client.Invocation.Builder; @@ -17,6 +19,7 @@ import javax.ws.rs.client.Invocation.Builder; import org.gcube.common.authorization.library.provider.AuthorizationProvider; import org.gcube.common.authorization.library.provider.UserInfo; import org.gcube.common.authorization.library.utils.Caller; +import org.gcube.smartgears.extensions.HttpExtension.Method; import org.glassfish.jersey.client.ClientConfig; import org.glassfish.jersey.client.ClientResponse; import org.glassfish.jersey.logging.LoggingFeature; @@ -63,12 +66,12 @@ public class Request { } public Request with(String name, String value) { - this.headers.put(name, value); + this.headers.put(name, Collections.singletonList(value)); return this; } - public Request using(String method) { - this.method=method; + public Request using(Method method) { + this.method=method.getValue(); return this; } @@ -98,7 +101,7 @@ public class Request { class Box { - volatile Exception failure; + volatile WebApplicationException failure; volatile ClientResponse response; } @@ -143,13 +146,13 @@ public class Request { //throws an exception if there response has error status if (response.getStatus()>300) - throw new Exception(response.getStatus()); + throw new WebApplicationException(response.getStatus()); box.response=response; } - } catch (Exception t) { + } catch (WebApplicationException t) { box.failure=t; } @@ -178,7 +181,7 @@ public class Request { path = (path.isEmpty() || path.startsWith("/"))?path:"/"+path; - return "http://localhost:" + port+ "/" + context_root+path; + return "http://localhost:" + port+ "/" + TestUtils.context_root+path; } } diff --git a/src/test/java/app/SomeApp.java b/src/test/java/app/SomeApp.java index 76d5a82..9e1483a 100644 --- a/src/test/java/app/SomeApp.java +++ b/src/test/java/app/SomeApp.java @@ -27,14 +27,13 @@ import org.gcube.smartgears.configuration.container.ContainerConfiguration; import org.gcube.smartgears.context.application.ApplicationContext; import org.gcube.smartgears.managers.ContainerManager; import org.gcube.smartgears.provider.ProviderFactory; +import org.glassfish.jersey.client.ClientResponse; import org.jboss.shrinkwrap.api.ShrinkWrap; import org.jboss.shrinkwrap.api.asset.StringAsset; import org.jboss.shrinkwrap.api.exporter.ZipExporter; import org.jboss.shrinkwrap.api.spec.WebArchive; import org.jboss.shrinkwrap.impl.base.path.BasicPath; -import com.sun.jersey.api.client.ClientResponse; - import utils.TestProvider; import utils.TestUtils; @@ -308,7 +307,7 @@ public class SomeApp { */ public String send(Request call) { - return call.make(port()).getEntity(String.class); + return (String) call.make(port()).getEntity(); } /** diff --git a/src/test/java/test/application/CallValidationTest.java b/src/test/java/test/application/CallValidationTest.java index a980908..e2e8d5b 100644 --- a/src/test/java/test/application/CallValidationTest.java +++ b/src/test/java/test/application/CallValidationTest.java @@ -14,6 +14,8 @@ import static utils.TestUtils.scope; import java.util.concurrent.CountDownLatch; import java.util.concurrent.TimeUnit; +import javax.ws.rs.WebApplicationException; + import org.gcube.common.authorization.library.provider.SecurityTokenProvider; import org.gcube.smartgears.Constants; import org.gcube.smartgears.configuration.application.Exclude; @@ -24,7 +26,6 @@ import org.junit.Test; import app.SomeApp; -import com.sun.jersey.api.client.UniformInterfaceException; public class CallValidationTest { @@ -52,7 +53,7 @@ public class CallValidationTest { try { app.send(request()); } - catch(UniformInterfaceException e) { + catch(WebApplicationException e) { assertEquals(application_unavailable_error.code(), e.getResponse().getStatus()); } @@ -62,7 +63,7 @@ public class CallValidationTest { try { app.send(request()); } - catch(UniformInterfaceException e) { + catch(WebApplicationException e) { assertEquals(application_failed_error.code(), e.getResponse().getStatus()); } @@ -82,7 +83,7 @@ public class CallValidationTest { app.send(request().inScope(null));; //call in no scope fail(); } - catch(UniformInterfaceException e) { + catch(WebApplicationException e) { assertEquals(request_not_authorized_error.code(), e.getResponse().getStatus()); } @@ -101,7 +102,7 @@ public class CallValidationTest { app.send(request().inScope("/bad/scope")); //call in no scope fail(); } - catch(UniformInterfaceException e) { + catch(WebApplicationException e) { assertEquals(invalid_request_error.code(), e.getResponse().getStatus()); } diff --git a/src/test/java/test/application/ControllerTest.java b/src/test/java/test/application/ControllerTest.java index cbdbb97..13fcf34 100644 --- a/src/test/java/test/application/ControllerTest.java +++ b/src/test/java/test/application/ControllerTest.java @@ -1,31 +1,42 @@ package test.application; -import static app.Request.*; -import static org.gcube.smartgears.Constants.*; -import static org.gcube.smartgears.extensions.ApiResource.*; -import static org.gcube.smartgears.extensions.HttpExtension.Method.*; -import static org.gcube.smartgears.handlers.application.request.RequestError.*; -import static org.junit.Assert.*; +import static app.Request.request; +import static org.gcube.smartgears.Constants.accept; +import static org.gcube.smartgears.Constants.allow; +import static org.gcube.smartgears.Constants.content_type; +import static org.gcube.smartgears.extensions.ApiResource.handles; +import static org.gcube.smartgears.extensions.ApiResource.method; +import static org.gcube.smartgears.extensions.HttpExtension.Method.GET; +import static org.gcube.smartgears.extensions.HttpExtension.Method.POST; +import static org.gcube.smartgears.extensions.HttpExtension.Method.PUT; +import static org.gcube.smartgears.handlers.application.request.RequestError.incoming_contenttype_unsupported_error; +import static org.gcube.smartgears.handlers.application.request.RequestError.method_unsupported_error; +import static org.gcube.smartgears.handlers.application.request.RequestError.outgoing_contenttype_unsupported_error; +import static org.gcube.smartgears.handlers.application.request.RequestError.resource_notfound_error; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertTrue; +import static org.junit.Assert.fail; import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.ws.rs.WebApplicationException; import org.gcube.smartgears.Constants; import org.gcube.smartgears.extensions.ApiResource; import org.gcube.smartgears.extensions.ApiSignature; import org.gcube.smartgears.extensions.HttpController; import org.gcube.smartgears.extensions.HttpExtension; +import org.glassfish.jersey.client.ClientResponse; import org.junit.Test; import app.Request; import app.SomeApp; -import com.sun.jersey.api.client.ClientResponse; -import com.sun.jersey.api.client.UniformInterfaceException; - public class ControllerTest { String name = "name"; @@ -74,7 +85,7 @@ public class ControllerTest { try { app.send(request); fail(); - } catch (UniformInterfaceException e) { + } catch (WebApplicationException e) { assertEquals(resource_notfound_error.code(), e.getResponse().getStatus()); } } @@ -91,7 +102,7 @@ public class ControllerTest { try { app.send(request); fail(); - } catch (UniformInterfaceException e) { + } catch (WebApplicationException e) { assertEquals(method_unsupported_error.code(), e.getResponse().getStatus()); assertNotNull(e.getResponse().getHeaders().toString(),e.getResponse().getHeaders().get(allow)); } @@ -109,7 +120,7 @@ public class ControllerTest { try { app.send(request); fail(); - } catch (UniformInterfaceException e) { + } catch (WebApplicationException e) { assertEquals(outgoing_contenttype_unsupported_error.code(), e.getResponse().getStatus()); } @@ -127,7 +138,7 @@ public class ControllerTest { try { app.send(request); fail(); - } catch (UniformInterfaceException e) { + } catch (WebApplicationException e) { assertEquals(outgoing_contenttype_unsupported_error.code(), e.getResponse().getStatus()); } } @@ -189,7 +200,7 @@ public class ControllerTest { try { app.send(request); fail(); - } catch (UniformInterfaceException e) { + } catch (WebApplicationException e) { assertEquals(incoming_contenttype_unsupported_error.code(), e.getResponse().getStatus()); } } diff --git a/src/test/java/test/application/ExtensionsTest.java b/src/test/java/test/application/ExtensionsTest.java index 030fb8a..59b86cd 100644 --- a/src/test/java/test/application/ExtensionsTest.java +++ b/src/test/java/test/application/ExtensionsTest.java @@ -12,6 +12,7 @@ import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; +import javax.ws.rs.WebApplicationException; import javax.xml.bind.annotation.XmlRootElement; import org.gcube.smartgears.Constants; @@ -24,8 +25,6 @@ import org.junit.Test; import app.SomeApp; -import com.sun.jersey.api.client.UniformInterfaceException; - public class ExtensionsTest { String name = "name"; @@ -144,7 +143,7 @@ public class ExtensionsTest { app.send(request().at(Constants.root_mapping+extension_path)); fail(); } - catch(UniformInterfaceException e) { + catch(WebApplicationException e) { assertEquals(error.code(),e.getResponse().getStatus()); } @@ -177,9 +176,9 @@ public class ExtensionsTest { app.send(request().at(Constants.root_mapping+extension_path).inScope(null)); fail(); } - catch(UniformInterfaceException e) { + catch(WebApplicationException e) { - assertEquals(e.getResponse().getEntity(String.class),invalid_request_error.code(),e.getResponse().getStatus()); + assertEquals((String)e.getResponse().getEntity(),invalid_request_error.code(),e.getResponse().getStatus()); } } } diff --git a/src/test/java/test/container/ContainerLifecycleTest.java b/src/test/java/test/container/ContainerLifecycleTest.java index 91a2cf0..87f387b 100644 --- a/src/test/java/test/container/ContainerLifecycleTest.java +++ b/src/test/java/test/container/ContainerLifecycleTest.java @@ -8,6 +8,7 @@ import org.gcube.smartgears.lifecycle.application.ApplicationState; import org.gcube.smartgears.lifecycle.container.ContainerState; import org.gcube.smartgears.managers.ContainerManager; import org.junit.After; +import org.junit.Before; import org.junit.Ignore; import org.junit.Test; @@ -15,7 +16,14 @@ import app.SomeApp; public class ContainerLifecycleTest { - SomeApp app = new SomeApp(); + + SomeApp app; + + + @Before + public void init() { + app = new SomeApp(); + } @After public void teardown() { diff --git a/src/test/java/utils/TestUtils.java b/src/test/java/utils/TestUtils.java index a148ca3..a043481 100644 --- a/src/test/java/utils/TestUtils.java +++ b/src/test/java/utils/TestUtils.java @@ -18,7 +18,7 @@ import org.gcube.smartgears.handlers.application.ApplicationHandler; public class TestUtils { - public static String location = "target/ghn-home"; + public static String location = "/tmp/ghn-home"; public static String context_root = "test-app"; public static String context_root_path = "/" + context_root; public static String servlet_name = "test";