gCubeSystem
/
common-smartgears
16
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

policy validation added

This commit is contained in:
Lucio Lelii 2022-03-04 14:23:53 +01:00
parent 125dc5b332
commit 4b1b6471ca
3 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG.md
View File

@ -2,7 +2,7 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
# Changelog for Common Smartgears # Changelog for Common Smartgears
## [v3.1.2-SNAPSHOT] - 2022-01-19 ## [v3.3.0-SNAPSHOT] - 2022-01-19
- enabled policy check on smartgears - enabled policy check on smartgears
- container configuration for test added - container configuration for test added

2
pom.xml
View File

@ -11,7 +11,7 @@
<groupId>org.gcube.core</groupId> <groupId>org.gcube.core</groupId>
<artifactId>common-smartgears</artifactId> <artifactId>common-smartgears</artifactId>
<version>3.1.2-SNAPSHOT</version> <version>3.3.0-SNAPSHOT</version>
<name>SmartGears</name> <name>SmartGears</name>
<dependencyManagement> <dependencyManagement>

4
src/main/java/org/gcube/smartgears/handlers/application/request/RequestValidator.java
View File

@ -123,11 +123,13 @@ public class RequestValidator extends RequestHandler {
Caller caller = AuthorizationProvider.instance.get(); Caller caller = AuthorizationProvider.instance.get();
try { try {
List<Policy> policies = authorizationService().getPolicies(scope); List<Policy> policies = authorizationService().getPolicies(scope);
for (Policy policy: policies) for (Policy policy: policies) {
log.debug("policy: {}", policy.getPolicyAsString() );
if (PolicyUtils.isPolicyValidForClient(policy.getServiceAccess(), serviceIdentifier)){ if (PolicyUtils.isPolicyValidForClient(policy.getServiceAccess(), serviceIdentifier)){
log.error("rejecting call to {} : {} is not allowed to contact the service ",context.name(), caller.getClient().getId()); log.error("rejecting call to {} : {} is not allowed to contact the service ",context.name(), caller.getClient().getId());
invalid_request_error.fire("rejecting call to "+context.name()+": "+caller.getClient().getId()+" is not allowed to contact the service"); invalid_request_error.fire("rejecting call to "+context.name()+": "+caller.getClient().getId()+" is not allowed to contact the service");
} }
}
}catch (Exception e) { }catch (Exception e) {
log.warn("error getting policies from context {}", scope, e); log.warn("error getting policies from context {}", scope, e);
} }