Merging patch of version 3.1.2
This commit is contained in:
parent
635036bce1
commit
515891e083
|
@ -8,7 +8,7 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
|
||||||
- Added Linux distribution version [#22933]
|
- Added Linux distribution version [#22933]
|
||||||
|
|
||||||
|
|
||||||
## [v3.1.2-SNAPSHOT] - 2022-01-19
|
## [v3.1.2] - 2022-01-19
|
||||||
|
|
||||||
- enabled policy check on smartgears
|
- enabled policy check on smartgears
|
||||||
- container configuration for test added
|
- container configuration for test added
|
||||||
|
|
|
@ -12,10 +12,11 @@ import javax.xml.bind.annotation.XmlRootElement;
|
||||||
|
|
||||||
import org.gcube.common.authorization.library.PolicyUtils;
|
import org.gcube.common.authorization.library.PolicyUtils;
|
||||||
import org.gcube.common.authorization.library.policies.Policy;
|
import org.gcube.common.authorization.library.policies.Policy;
|
||||||
|
import org.gcube.common.authorization.library.policies.User2ServicePolicy;
|
||||||
|
import org.gcube.common.authorization.library.policies.UserEntity;
|
||||||
import org.gcube.common.authorization.library.provider.AuthorizationProvider;
|
import org.gcube.common.authorization.library.provider.AuthorizationProvider;
|
||||||
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
|
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
|
||||||
import org.gcube.common.authorization.library.provider.ServiceIdentifier;
|
import org.gcube.common.authorization.library.provider.ServiceIdentifier;
|
||||||
import org.gcube.common.authorization.library.utils.Caller;
|
|
||||||
import org.gcube.common.scope.api.ScopeProvider;
|
import org.gcube.common.scope.api.ScopeProvider;
|
||||||
import org.gcube.common.scope.impl.ScopeBean;
|
import org.gcube.common.scope.impl.ScopeBean;
|
||||||
import org.gcube.common.scope.impl.ScopeBean.Type;
|
import org.gcube.common.scope.impl.ScopeBean.Type;
|
||||||
|
@ -120,18 +121,36 @@ public class RequestValidator extends RequestHandler {
|
||||||
|
|
||||||
ServiceIdentifier serviceIdentifier = Utils.getServiceInfo(call.context()).getServiceIdentifier();
|
ServiceIdentifier serviceIdentifier = Utils.getServiceInfo(call.context()).getServiceIdentifier();
|
||||||
|
|
||||||
Caller caller = AuthorizationProvider.instance.get();
|
String callerId = AuthorizationProvider.instance.get().getClient().getId();
|
||||||
|
|
||||||
|
List<Policy> policies = null;
|
||||||
try {
|
try {
|
||||||
List<Policy> policies = authorizationService().getPolicies(scope);
|
policies = authorizationService().getPolicies(scope);
|
||||||
for (Policy policy: policies)
|
|
||||||
if (PolicyUtils.isPolicyValidForClient(policy.getServiceAccess(), serviceIdentifier)){
|
|
||||||
log.error("rejecting call to {} : {} is not allowed to contact the service ",context.name(), caller.getClient().getId());
|
|
||||||
invalid_request_error.fire("rejecting call to "+context.name()+": "+caller.getClient().getId()+" is not allowed to contact the service");
|
|
||||||
}
|
|
||||||
}catch (Exception e) {
|
}catch (Exception e) {
|
||||||
log.warn("error getting policies from context {}", scope, e);
|
invalid_request_error.fire("error contating authorization for polices");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
for (Policy policy: policies) {
|
||||||
|
log.debug("policy: {}", policy.getPolicyAsString() );
|
||||||
|
|
||||||
|
if (PolicyUtils.isPolicyValidForClient(policy.getServiceAccess(), serviceIdentifier )) {
|
||||||
|
boolean toReject = false;
|
||||||
|
UserEntity entity = (((User2ServicePolicy) policy).getEntity());
|
||||||
|
if (entity.getIdentifier()!=null)
|
||||||
|
toReject = entity.getIdentifier().equals(callerId);
|
||||||
|
else if (entity.getExcludes().isEmpty())
|
||||||
|
toReject = true;
|
||||||
|
else toReject = !entity.getExcludes().contains(callerId);
|
||||||
|
if (toReject) {
|
||||||
|
log.error("rejecting call to {} : {} is not allowed to contact the service ",context.name(), callerId);
|
||||||
|
RequestError.request_not_authorized_error.fire("rejecting call to "+context.name()+" for polices: "+callerId+" is not allowed to contact the service: "+serviceIdentifier.getServiceName() );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue