AuthorizationProvider moved from Configuration to context
This commit is contained in:
parent
de2c95f134
commit
d12e4a33b2
1
pom.xml
1
pom.xml
|
|
@ -122,7 +122,6 @@
|
|||
<dependency>
|
||||
<groupId>javax.xml.bind</groupId>
|
||||
<artifactId>jaxb-api</artifactId>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
<!-- END Added to support Java 11 JDK -->
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,37 @@
|
|||
package org.gcube.smartgears.configuration;
|
||||
|
||||
import org.gcube.common.security.credentials.Credentials;
|
||||
import org.gcube.common.validator.annotations.NotEmpty;
|
||||
import org.gcube.common.validator.annotations.NotNull;
|
||||
import org.gcube.smartgears.security.AuthorizationProviderFactory;
|
||||
|
||||
public class AuthorizationProviderConfiguration {
|
||||
|
||||
@NotNull @NotEmpty
|
||||
AuthorizationProviderFactory<?> authProviderFactory;
|
||||
|
||||
@NotNull @NotEmpty
|
||||
Credentials credentials;
|
||||
|
||||
public AuthorizationProviderConfiguration(AuthorizationProviderFactory<?> authProviderFactory,
|
||||
Credentials credentials) {
|
||||
super();
|
||||
this.authProviderFactory = authProviderFactory;
|
||||
this.credentials = credentials;
|
||||
}
|
||||
|
||||
public AuthorizationProviderFactory<?> getAuthProviderFactory() {
|
||||
return authProviderFactory;
|
||||
}
|
||||
|
||||
public Credentials getCredentials() {
|
||||
return credentials;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return "AuthorizationProviderConfiguration [authProviderFactory=" + authProviderFactory.getClass() + "]";
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
|
@ -12,6 +12,7 @@ import org.gcube.common.validator.ValidatorFactory;
|
|||
import org.gcube.common.validator.annotations.IsValid;
|
||||
import org.gcube.common.validator.annotations.NotEmpty;
|
||||
import org.gcube.common.validator.annotations.NotNull;
|
||||
import org.gcube.smartgears.configuration.AuthorizationProviderConfiguration;
|
||||
import org.gcube.smartgears.configuration.Mode;
|
||||
import org.gcube.smartgears.configuration.ProxyAddress;
|
||||
import org.gcube.smartgears.configuration.application.ApplicationConfiguration;
|
||||
|
|
@ -26,8 +27,6 @@ import org.gcube.smartgears.security.AuthorizationProvider;
|
|||
*/
|
||||
public class ContainerConfiguration {
|
||||
|
||||
|
||||
|
||||
@NotNull @IsValid
|
||||
private BaseConfiguration baseConfiguration;
|
||||
|
||||
|
|
@ -45,12 +44,13 @@ public class ContainerConfiguration {
|
|||
|
||||
private List<ApplicationConfiguration> apps = new ArrayList<ApplicationConfiguration>();
|
||||
|
||||
|
||||
|
||||
@NotNull @IsValid
|
||||
private PersistenceWriter persistenceManager;
|
||||
|
||||
@NotNull @IsValid
|
||||
private AuthorizationProvider authorizationProvider;
|
||||
private AuthorizationProviderConfiguration authorizationConfiguration;
|
||||
|
||||
|
||||
protected void setBaseConfiguration(BaseConfiguration baseConfiguration) {
|
||||
|
|
@ -77,8 +77,13 @@ public class ContainerConfiguration {
|
|||
this.persistenceManager = persistenceManager;
|
||||
}
|
||||
|
||||
protected void setAuthorizationProvider(AuthorizationProvider authorizationProvider) {
|
||||
this.authorizationProvider = authorizationProvider;
|
||||
protected void setAuthorizationProviderConfiguration(
|
||||
AuthorizationProviderConfiguration authorizationConfiguration) {
|
||||
this.authorizationConfiguration = authorizationConfiguration;
|
||||
}
|
||||
|
||||
public void setApps(List<ApplicationConfiguration> apps) {
|
||||
this.apps = apps;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -178,14 +183,6 @@ public class ContainerConfiguration {
|
|||
return baseConfiguration.isAuthorizeChildrenContext();
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the credentials.
|
||||
* @return the credentials
|
||||
*/
|
||||
public AuthorizationProvider authorizationProvider() {
|
||||
return authorizationProvider;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the proxy of the container.
|
||||
* @return the proxy
|
||||
|
|
@ -211,6 +208,14 @@ public class ContainerConfiguration {
|
|||
return accountingFallbackLocation;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the authorization configuration.
|
||||
* @return AuthorizationProviderConfiguration the configuration
|
||||
*/
|
||||
public AuthorizationProviderConfiguration getauthorizationConfiguration() {
|
||||
return authorizationConfiguration;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the configuration properties of the container.
|
||||
* @return the properties
|
||||
|
|
@ -251,7 +256,7 @@ public class ContainerConfiguration {
|
|||
return "ContainerConfiguration [baseConfiguration=" + baseConfiguration + ", properties=" + properties
|
||||
+ ", site=" + site + ", proxy=" + proxy + ", accountingFallbackLocation=" + accountingFallbackLocation
|
||||
+ ", persistenceManager=" + persistenceManager.getClass().getSimpleName()
|
||||
+ ", authorizationProvider=" + authorizationProvider.getClass().getSimpleName() + "]";
|
||||
+ ", authorizationProvider=" + authorizationConfiguration + "]";
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ import java.util.Map.Entry;
|
|||
import java.util.stream.Collectors;
|
||||
|
||||
import org.gcube.common.security.credentials.Credentials;
|
||||
import org.gcube.smartgears.configuration.AuthorizationProviderConfiguration;
|
||||
import org.gcube.smartgears.configuration.ProxyAddress;
|
||||
import org.gcube.smartgears.handlers.container.ContainerHandler;
|
||||
import org.gcube.smartgears.handlers.container.lifecycle.AccountingManager;
|
||||
|
|
@ -139,10 +140,8 @@ public class ContainerConfigurationBinder {
|
|||
throw new Exception("ini file error: invalid credentials type in \"authorization\" section", e);
|
||||
}
|
||||
authorizationSection.to(credentials, "credentials.");
|
||||
|
||||
AuthorizationProvider authProvider = authProviderFactory.connect(credentials);
|
||||
|
||||
conf.setAuthorizationProvider(authProvider);
|
||||
|
||||
conf.setAuthorizationProviderConfiguration(new AuthorizationProviderConfiguration(authProviderFactory, credentials));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@ import org.gcube.smartgears.context.Properties;
|
|||
import org.gcube.smartgears.context.container.ContainerContext;
|
||||
import org.gcube.smartgears.lifecycle.application.ApplicationLifecycle;
|
||||
import org.gcube.smartgears.persistence.PersistenceWriter;
|
||||
import org.gcube.smartgears.security.AuthorizationProvider;
|
||||
|
||||
/**
|
||||
* The management context of an application.
|
||||
|
|
@ -75,6 +76,11 @@ public interface ApplicationContext {
|
|||
* @return the properties
|
||||
*/
|
||||
Properties properties();
|
||||
|
||||
|
||||
/**
|
||||
* Returns the authorization provider.
|
||||
* @return the AuhtorizationProvider
|
||||
**/
|
||||
AuthorizationProvider authorizationProvider();
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@ import org.gcube.smartgears.context.Properties;
|
|||
import org.gcube.smartgears.context.container.ContainerContext;
|
||||
import org.gcube.smartgears.lifecycle.application.ApplicationLifecycle;
|
||||
import org.gcube.smartgears.persistence.PersistenceWriter;
|
||||
import org.gcube.smartgears.security.AuthorizationProvider;
|
||||
|
||||
/**
|
||||
* Default {@link ApplicationContext} implementation.
|
||||
|
|
@ -87,6 +88,8 @@ public class DefaultApplicationContext implements ApplicationContext {
|
|||
return configuration.persistence();
|
||||
}
|
||||
|
||||
|
||||
|
||||
@Override
|
||||
public Properties properties() {
|
||||
return properties;
|
||||
|
|
@ -97,4 +100,12 @@ public class DefaultApplicationContext implements ApplicationContext {
|
|||
return id;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the authorization provider.
|
||||
* @return the AuhtorizationProvider
|
||||
**/
|
||||
public AuthorizationProvider authorizationProvider() {
|
||||
return container().authorizationProvider();
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,11 +1,11 @@
|
|||
package org.gcube.smartgears.context.container;
|
||||
|
||||
import org.gcube.common.events.Hub;
|
||||
import org.gcube.common.resources.gcore.HostingNode;
|
||||
import org.gcube.smartgears.configuration.container.ContainerConfiguration;
|
||||
import org.gcube.smartgears.context.Properties;
|
||||
import org.gcube.smartgears.lifecycle.container.ContainerLifecycle;
|
||||
import org.gcube.smartgears.persistence.PersistenceWriter;
|
||||
import org.gcube.smartgears.security.AuthorizationProvider;
|
||||
|
||||
/**
|
||||
* The management context of the container.
|
||||
|
|
@ -48,5 +48,7 @@ public interface ContainerContext {
|
|||
Properties properties();
|
||||
|
||||
String id();
|
||||
|
||||
|
||||
AuthorizationProvider authorizationProvider();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@ import org.gcube.smartgears.configuration.container.ContainerConfiguration;
|
|||
import org.gcube.smartgears.context.Properties;
|
||||
import org.gcube.smartgears.lifecycle.container.ContainerLifecycle;
|
||||
import org.gcube.smartgears.persistence.PersistenceWriter;
|
||||
import org.gcube.smartgears.security.AuthorizationProvider;
|
||||
|
||||
/**
|
||||
* Default {@link ContainerContext} implementation.
|
||||
|
|
@ -21,6 +22,7 @@ public class DefaultContainerContext implements ContainerContext {
|
|||
private final ContainerLifecycle lifecycle;
|
||||
private final Properties properties;
|
||||
private final Hub hub;
|
||||
private final AuthorizationProvider authorizationProvider;
|
||||
private final String id;
|
||||
/**
|
||||
* Creates an instance with mandatory parameters.
|
||||
|
|
@ -29,13 +31,14 @@ public class DefaultContainerContext implements ContainerContext {
|
|||
* @param lifecycle the lifecycle
|
||||
* @param properties the properties
|
||||
*/
|
||||
public DefaultContainerContext(String id,ContainerConfiguration configuration, Hub hub, ContainerLifecycle lifecycle,
|
||||
public DefaultContainerContext(String id,ContainerConfiguration configuration, Hub hub, ContainerLifecycle lifecycle, AuthorizationProvider authProvider,
|
||||
Properties properties) {
|
||||
this.id = id;
|
||||
this.configuration=configuration;
|
||||
this.hub=hub;
|
||||
this.lifecycle = lifecycle;
|
||||
this.properties=properties;
|
||||
this.authorizationProvider = authProvider;
|
||||
}
|
||||
|
||||
public HostingNode profile() {
|
||||
|
|
@ -72,6 +75,8 @@ public class DefaultContainerContext implements ContainerContext {
|
|||
return id;
|
||||
}
|
||||
|
||||
|
||||
public AuthorizationProvider authorizationProvider() {
|
||||
return authorizationProvider;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -124,7 +124,7 @@ public class ApplicationProfileManager extends ApplicationLifecycleHandler {
|
|||
publishers.forEach(p -> {
|
||||
try {
|
||||
p.create(context,
|
||||
context.container().configuration().authorizationProvider().getContexts());
|
||||
context.container().authorizationProvider().getContexts());
|
||||
}catch (Exception e) {
|
||||
log.error("cannot publish {} for first time with publisher type {} (see details)",context.name(), p.getClass().getCanonicalName(), e);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -95,7 +95,7 @@ public class RequestValidator extends RequestHandler {
|
|||
ContextBean bean = new ContextBean(context);
|
||||
|
||||
ContainerConfiguration conf = appContext.container().configuration();
|
||||
Set<String> allowedContexts =conf.authorizationProvider().getContexts();
|
||||
Set<String> allowedContexts =appContext.authorizationProvider().getContexts();
|
||||
if (!allowedContexts.contains(context) &&
|
||||
!(conf.authorizeChildrenContext() && bean.is(Type.VRE)
|
||||
&& allowedContexts.contains(bean.enclosingScope().toString()) ) ) {
|
||||
|
|
@ -140,7 +140,7 @@ public class RequestValidator extends RequestHandler {
|
|||
Secret secret = null;
|
||||
if (accessToken!=null) {
|
||||
secret = new AccessTokenSecret(accessToken);
|
||||
SimpleCredentials credentials = (SimpleCredentials)appContext.container().configuration().authorizationProvider().getCredentials();
|
||||
SimpleCredentials credentials = (SimpleCredentials)appContext.authorizationProvider().getCredentials();
|
||||
KeycloakClient client = KeycloakClientFactory.newInstance();
|
||||
try {
|
||||
if(!client.isAccessTokenVerified(secret.getContext(), credentials.getClientID(), credentials.getSecret(), accessToken))
|
||||
|
|
|
|||
|
|
@ -111,7 +111,7 @@ public class ContainerProfileManager extends ContainerHandler {
|
|||
publishers.forEach(p -> {
|
||||
try {
|
||||
p.create(context,
|
||||
context.configuration().authorizationProvider().getContexts());
|
||||
context.authorizationProvider().getContexts());
|
||||
}catch (Exception e) {
|
||||
log.error("cannot publish container for first time with publisher type {} (see details)", p.getClass().getCanonicalName(), e);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -102,7 +102,7 @@ public class ContainerManager {
|
|||
Set<String> foundContexts;
|
||||
|
||||
try {
|
||||
foundContexts = context.configuration().authorizationProvider().getContexts();
|
||||
foundContexts = context.authorizationProvider().getContexts();
|
||||
} catch (Exception e) {
|
||||
log.error("error authorizing container",e);
|
||||
throw new RuntimeException("error authorizing container, moving the container to failed",e);
|
||||
|
|
|
|||
|
|
@ -25,6 +25,7 @@ import javax.servlet.ServletContext;
|
|||
|
||||
import org.gcube.common.events.Hub;
|
||||
import org.gcube.common.events.impl.DefaultHub;
|
||||
import org.gcube.common.security.credentials.Credentials;
|
||||
import org.gcube.smartgears.configuration.application.ApplicationConfiguration;
|
||||
import org.gcube.smartgears.configuration.application.ApplicationConfigurationBinder;
|
||||
import org.gcube.smartgears.configuration.application.ApplicationExtensions;
|
||||
|
|
@ -45,6 +46,7 @@ import org.gcube.smartgears.lifecycle.container.ContainerLifecycle;
|
|||
import org.gcube.smartgears.publishing.Publisher;
|
||||
import org.gcube.smartgears.publishing.SmartgearsProfilePublisher;
|
||||
import org.gcube.smartgears.security.AuthorizationProvider;
|
||||
import org.gcube.smartgears.security.AuthorizationProviderFactory;
|
||||
import org.gcube.smartgears.utils.Utils;
|
||||
import org.reflections.Reflections;
|
||||
import org.reflections.scanners.SubTypesScanner;
|
||||
|
|
@ -107,7 +109,12 @@ public class DefaultProvider implements Provider {
|
|||
|
||||
}
|
||||
|
||||
containerContext = new DefaultContainerContext(id, configuration, hub, lifecycle, new Properties());
|
||||
AuthorizationProviderFactory<?> authfactory = configuration.getauthorizationConfiguration().getAuthProviderFactory();
|
||||
Credentials credentials = configuration.getauthorizationConfiguration().getCredentials();
|
||||
|
||||
AuthorizationProvider authProvider = authfactory.connect(credentials);
|
||||
|
||||
containerContext = new DefaultContainerContext(id, configuration, hub, lifecycle, authProvider, new Properties());
|
||||
}
|
||||
return containerContext;
|
||||
}
|
||||
|
|
@ -373,10 +380,11 @@ public class DefaultProvider implements Provider {
|
|||
return this.publishers;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
@Override
|
||||
public AuthorizationProvider authorizationProvider() {
|
||||
return containerContext.configuration().authorizationProvider();
|
||||
return containerContext.authorizationProvider();
|
||||
}
|
||||
|
||||
*/
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -72,11 +72,6 @@ public interface Provider {
|
|||
* @return the extensions
|
||||
*/
|
||||
ApplicationExtensions extensionsFor(ApplicationContext application);
|
||||
|
||||
/**
|
||||
* Returns the authorization provider for this node
|
||||
* @return the AuthorizationProvider implementation
|
||||
*/
|
||||
AuthorizationProvider authorizationProvider();
|
||||
|
||||
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue