policy validation added
This commit is contained in:
parent
125dc5b332
commit
4b1b6471ca
|
@ -2,7 +2,7 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
|
||||||
|
|
||||||
# Changelog for Common Smartgears
|
# Changelog for Common Smartgears
|
||||||
|
|
||||||
## [v3.1.2-SNAPSHOT] - 2022-01-19
|
## [v3.3.0-SNAPSHOT] - 2022-01-19
|
||||||
|
|
||||||
- enabled policy check on smartgears
|
- enabled policy check on smartgears
|
||||||
- container configuration for test added
|
- container configuration for test added
|
||||||
|
|
2
pom.xml
2
pom.xml
|
@ -11,7 +11,7 @@
|
||||||
|
|
||||||
<groupId>org.gcube.core</groupId>
|
<groupId>org.gcube.core</groupId>
|
||||||
<artifactId>common-smartgears</artifactId>
|
<artifactId>common-smartgears</artifactId>
|
||||||
<version>3.1.2-SNAPSHOT</version>
|
<version>3.3.0-SNAPSHOT</version>
|
||||||
<name>SmartGears</name>
|
<name>SmartGears</name>
|
||||||
|
|
||||||
<dependencyManagement>
|
<dependencyManagement>
|
||||||
|
|
|
@ -123,11 +123,13 @@ public class RequestValidator extends RequestHandler {
|
||||||
Caller caller = AuthorizationProvider.instance.get();
|
Caller caller = AuthorizationProvider.instance.get();
|
||||||
try {
|
try {
|
||||||
List<Policy> policies = authorizationService().getPolicies(scope);
|
List<Policy> policies = authorizationService().getPolicies(scope);
|
||||||
for (Policy policy: policies)
|
for (Policy policy: policies) {
|
||||||
|
log.debug("policy: {}", policy.getPolicyAsString() );
|
||||||
if (PolicyUtils.isPolicyValidForClient(policy.getServiceAccess(), serviceIdentifier)){
|
if (PolicyUtils.isPolicyValidForClient(policy.getServiceAccess(), serviceIdentifier)){
|
||||||
log.error("rejecting call to {} : {} is not allowed to contact the service ",context.name(), caller.getClient().getId());
|
log.error("rejecting call to {} : {} is not allowed to contact the service ",context.name(), caller.getClient().getId());
|
||||||
invalid_request_error.fire("rejecting call to "+context.name()+": "+caller.getClient().getId()+" is not allowed to contact the service");
|
invalid_request_error.fire("rejecting call to "+context.name()+": "+caller.getClient().getId()+" is not allowed to contact the service");
|
||||||
}
|
}
|
||||||
|
}
|
||||||
}catch (Exception e) {
|
}catch (Exception e) {
|
||||||
log.warn("error getting policies from context {}", scope, e);
|
log.warn("error getting policies from context {}", scope, e);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue