support ticket #28304

This commit is contained in:
lucio 2024-10-28 13:52:25 +01:00
parent a9535591ab
commit 855820b2fa
5 changed files with 19 additions and 8 deletions

View File

@ -2,10 +2,12 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
# Changelog for Common Smartgears
## [v4.0.0]
## [v4.0.0-SNAPSHOT]
- support ticket #28304
- porting to keycloak
- moved to jakarta and servlet6
- added token expiration
## [v3.2.0] - 2023-04-12

View File

@ -10,7 +10,7 @@
</parent>
<groupId>org.gcube.core</groupId>
<artifactId>common-smartgears</artifactId>
<version>4.0.0</version>
<version>4.0.0-SNAPSHOT</version>
<name>SmartGears</name>
<dependencyManagement>
<dependencies>

View File

@ -27,6 +27,13 @@ public class BaseConfiguration {
long publicationFrequencyInSeconds = default_container_publication_frequency_in_seconds;
@NotNull @NotEmpty
private Boolean checkTokenExpiration = false;
public boolean checkTokenExpiration() {
return checkTokenExpiration;
}
public Mode getMode() {
return mode;
}

View File

@ -93,6 +93,10 @@ public class ContainerConfiguration {
return baseConfiguration.getMode();
}
public boolean checkTokenExpiration() {
return baseConfiguration.checkTokenExpiration();
}
/**
* Returns the application configurations included in this configuration.
* @return the application configurations

View File

@ -49,7 +49,6 @@ public class RequestValidator extends RequestHandler {
if (appContext.container().configuration().mode()!=Mode.offline) {
validateScopeCall();
validatePolicy(call);
}
}
@ -113,9 +112,6 @@ public class RequestValidator extends RequestHandler {
return getName();
}
private void validatePolicy(RequestEvent call){
//TODO: must be re-thought
}
private Secret getSecret(RequestEvent call){
@ -136,8 +132,10 @@ public class RequestValidator extends RequestHandler {
RequestError.request_not_authorized_error.fire("call not authorized");
if (!secret.isValid())
RequestError.request_not_authorized_error.fire("authorization with secret "+secret.getClass().getSimpleName()+" is not valid ");
RequestError.request_not_authorized_error.fire("authorization with secret "+secret.getClass().getSimpleName()+": token not valid ");
if (call.context().container().configuration().checkTokenExpiration() && secret.isExpired())
RequestError.request_not_authorized_error.fire("authorization with secret "+secret.getClass().getSimpleName()+": token expired ");
return secret;
}