From 855820b2faba34d362d9da0191a533fa823c07fa Mon Sep 17 00:00:00 2001 From: lucio Date: Mon, 28 Oct 2024 13:52:25 +0100 Subject: [PATCH] support ticket #28304 --- CHANGELOG.md | 4 +++- pom.xml | 2 +- .../configuration/container/BaseConfiguration.java | 7 +++++++ .../container/ContainerConfiguration.java | 4 ++++ .../handlers/application/request/RequestValidator.java | 10 ++++------ 5 files changed, 19 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 79a31fb..b68f8c3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,10 +2,12 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm # Changelog for Common Smartgears -## [v4.0.0] +## [v4.0.0-SNAPSHOT] +- support ticket #28304 - porting to keycloak - moved to jakarta and servlet6 +- added token expiration ## [v3.2.0] - 2023-04-12 diff --git a/pom.xml b/pom.xml index 741c24a..074356e 100644 --- a/pom.xml +++ b/pom.xml @@ -10,7 +10,7 @@ org.gcube.core common-smartgears - 4.0.0 + 4.0.0-SNAPSHOT SmartGears diff --git a/src/main/java/org/gcube/smartgears/configuration/container/BaseConfiguration.java b/src/main/java/org/gcube/smartgears/configuration/container/BaseConfiguration.java index 31af311..0367183 100644 --- a/src/main/java/org/gcube/smartgears/configuration/container/BaseConfiguration.java +++ b/src/main/java/org/gcube/smartgears/configuration/container/BaseConfiguration.java @@ -27,6 +27,13 @@ public class BaseConfiguration { long publicationFrequencyInSeconds = default_container_publication_frequency_in_seconds; + @NotNull @NotEmpty + private Boolean checkTokenExpiration = false; + + public boolean checkTokenExpiration() { + return checkTokenExpiration; + } + public Mode getMode() { return mode; } diff --git a/src/main/java/org/gcube/smartgears/configuration/container/ContainerConfiguration.java b/src/main/java/org/gcube/smartgears/configuration/container/ContainerConfiguration.java index a9a76f3..8720f47 100644 --- a/src/main/java/org/gcube/smartgears/configuration/container/ContainerConfiguration.java +++ b/src/main/java/org/gcube/smartgears/configuration/container/ContainerConfiguration.java @@ -92,6 +92,10 @@ public class ContainerConfiguration { public Mode mode() { return baseConfiguration.getMode(); } + + public boolean checkTokenExpiration() { + return baseConfiguration.checkTokenExpiration(); + } /** * Returns the application configurations included in this configuration. diff --git a/src/main/java/org/gcube/smartgears/handlers/application/request/RequestValidator.java b/src/main/java/org/gcube/smartgears/handlers/application/request/RequestValidator.java index 5d22b49..b9e6589 100644 --- a/src/main/java/org/gcube/smartgears/handlers/application/request/RequestValidator.java +++ b/src/main/java/org/gcube/smartgears/handlers/application/request/RequestValidator.java @@ -49,7 +49,6 @@ public class RequestValidator extends RequestHandler { if (appContext.container().configuration().mode()!=Mode.offline) { validateScopeCall(); - validatePolicy(call); } } @@ -113,9 +112,6 @@ public class RequestValidator extends RequestHandler { return getName(); } - private void validatePolicy(RequestEvent call){ - //TODO: must be re-thought - } private Secret getSecret(RequestEvent call){ @@ -136,9 +132,11 @@ public class RequestValidator extends RequestHandler { RequestError.request_not_authorized_error.fire("call not authorized"); if (!secret.isValid()) - RequestError.request_not_authorized_error.fire("authorization with secret "+secret.getClass().getSimpleName()+" is not valid "); - + RequestError.request_not_authorized_error.fire("authorization with secret "+secret.getClass().getSimpleName()+": token not valid "); + if (call.context().container().configuration().checkTokenExpiration() && secret.isExpired()) + RequestError.request_not_authorized_error.fire("authorization with secret "+secret.getClass().getSimpleName()+": token expired "); + return secret; }