gCubeSystem
/
common-smartgears
16
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

AuthorizationProvider moved from Configuration to context

This commit is contained in:
Lucio Lelii 2023-01-19 16:16:14 +01:00
parent de2c95f134
commit d12e4a33b2
14 changed files with 105 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
pom.xml
View File

@ -122,7 +122,6 @@
<dependency> <dependency>
<groupId>javax.xml.bind</groupId> <groupId>javax.xml.bind</groupId>
<artifactId>jaxb-api</artifactId> <artifactId>jaxb-api</artifactId>
<scope>provided</scope>
</dependency> </dependency>
<!-- END Added to support Java 11 JDK --> <!-- END Added to support Java 11 JDK -->

37
src/main/java/org/gcube/smartgears/configuration/AuthorizationProviderConfiguration.java Normal file
View File

@ -0,0 +1,37 @@
package org.gcube.smartgears.configuration;
import org.gcube.common.security.credentials.Credentials;
import org.gcube.common.validator.annotations.NotEmpty;
import org.gcube.common.validator.annotations.NotNull;
import org.gcube.smartgears.security.AuthorizationProviderFactory;
public class AuthorizationProviderConfiguration {
@NotNull @NotEmpty
AuthorizationProviderFactory<?> authProviderFactory;
@NotNull @NotEmpty
Credentials credentials;
public AuthorizationProviderConfiguration(AuthorizationProviderFactory<?> authProviderFactory,
Credentials credentials) {
super();
this.authProviderFactory = authProviderFactory;
this.credentials = credentials;
}
public AuthorizationProviderFactory<?> getAuthProviderFactory() {
return authProviderFactory;
}
public Credentials getCredentials() {
return credentials;
}
@Override
public String toString() {
return "AuthorizationProviderConfiguration [authProviderFactory=" + authProviderFactory.getClass() + "]";
}
}

33
src/main/java/org/gcube/smartgears/configuration/container/ContainerConfiguration.java
View File

@ -12,6 +12,7 @@ import org.gcube.common.validator.ValidatorFactory;
import org.gcube.common.validator.annotations.IsValid; import org.gcube.common.validator.annotations.IsValid;
import org.gcube.common.validator.annotations.NotEmpty; import org.gcube.common.validator.annotations.NotEmpty;
import org.gcube.common.validator.annotations.NotNull; import org.gcube.common.validator.annotations.NotNull;
import org.gcube.smartgears.configuration.AuthorizationProviderConfiguration;
import org.gcube.smartgears.configuration.Mode; import org.gcube.smartgears.configuration.Mode;
import org.gcube.smartgears.configuration.ProxyAddress; import org.gcube.smartgears.configuration.ProxyAddress;
import org.gcube.smartgears.configuration.application.ApplicationConfiguration; import org.gcube.smartgears.configuration.application.ApplicationConfiguration;
@ -26,8 +27,6 @@ import org.gcube.smartgears.security.AuthorizationProvider;
*/ */
public class ContainerConfiguration { public class ContainerConfiguration {
@NotNull @IsValid @NotNull @IsValid
private BaseConfiguration baseConfiguration; private BaseConfiguration baseConfiguration;
@ -45,12 +44,13 @@ public class ContainerConfiguration {
private List<ApplicationConfiguration> apps = new ArrayList<ApplicationConfiguration>(); private List<ApplicationConfiguration> apps = new ArrayList<ApplicationConfiguration>();
@NotNull @IsValid @NotNull @IsValid
private PersistenceWriter persistenceManager; private PersistenceWriter persistenceManager;
@NotNull @IsValid @NotNull @IsValid
private AuthorizationProvider authorizationProvider; private AuthorizationProviderConfiguration authorizationConfiguration;
protected void setBaseConfiguration(BaseConfiguration baseConfiguration) { protected void setBaseConfiguration(BaseConfiguration baseConfiguration) {
@ -77,8 +77,13 @@ public class ContainerConfiguration {
this.persistenceManager = persistenceManager; this.persistenceManager = persistenceManager;
} }
protected void setAuthorizationProvider(AuthorizationProvider authorizationProvider) { protected void setAuthorizationProviderConfiguration(
this.authorizationProvider = authorizationProvider; AuthorizationProviderConfiguration authorizationConfiguration) {
this.authorizationConfiguration = authorizationConfiguration;
}
public void setApps(List<ApplicationConfiguration> apps) {
this.apps = apps;
} }
/** /**
@ -178,14 +183,6 @@ public class ContainerConfiguration {
return baseConfiguration.isAuthorizeChildrenContext(); return baseConfiguration.isAuthorizeChildrenContext();
} }
/**
* Returns the credentials.
* @return the credentials
*/
public AuthorizationProvider authorizationProvider() {
return authorizationProvider;
}
/** /**
* Returns the proxy of the container. * Returns the proxy of the container.
* @return the proxy * @return the proxy
@ -211,6 +208,14 @@ public class ContainerConfiguration {
return accountingFallbackLocation; return accountingFallbackLocation;
} }
/**
* Returns the authorization configuration.
* @return AuthorizationProviderConfiguration the configuration
*/
public AuthorizationProviderConfiguration getauthorizationConfiguration() {
return authorizationConfiguration;
}
/** /**
* Returns the configuration properties of the container. * Returns the configuration properties of the container.
* @return the properties * @return the properties
@ -251,7 +256,7 @@ public class ContainerConfiguration {
return "ContainerConfiguration [baseConfiguration=" + baseConfiguration + ", properties=" + properties return "ContainerConfiguration [baseConfiguration=" + baseConfiguration + ", properties=" + properties
+ ", site=" + site + ", proxy=" + proxy + ", accountingFallbackLocation=" + accountingFallbackLocation + ", site=" + site + ", proxy=" + proxy + ", accountingFallbackLocation=" + accountingFallbackLocation
+ ", persistenceManager=" + persistenceManager.getClass().getSimpleName() + ", persistenceManager=" + persistenceManager.getClass().getSimpleName()
+ ", authorizationProvider=" + authorizationProvider.getClass().getSimpleName() + "]"; + ", authorizationProvider=" + authorizationConfiguration + "]";
} }

7
src/main/java/org/gcube/smartgears/configuration/container/ContainerConfigurationBinder.java
View File

@ -9,6 +9,7 @@ import java.util.Map.Entry;
import java.util.stream.Collectors; import java.util.stream.Collectors;
import org.gcube.common.security.credentials.Credentials; import org.gcube.common.security.credentials.Credentials;
import org.gcube.smartgears.configuration.AuthorizationProviderConfiguration;
import org.gcube.smartgears.configuration.ProxyAddress; import org.gcube.smartgears.configuration.ProxyAddress;
import org.gcube.smartgears.handlers.container.ContainerHandler; import org.gcube.smartgears.handlers.container.ContainerHandler;
import org.gcube.smartgears.handlers.container.lifecycle.AccountingManager; import org.gcube.smartgears.handlers.container.lifecycle.AccountingManager;
@ -139,10 +140,8 @@ public class ContainerConfigurationBinder {
throw new Exception("ini file error: invalid credentials type in \"authorization\" section", e); throw new Exception("ini file error: invalid credentials type in \"authorization\" section", e);
} }
authorizationSection.to(credentials, "credentials."); authorizationSection.to(credentials, "credentials.");
AuthorizationProvider authProvider = authProviderFactory.connect(credentials); conf.setAuthorizationProviderConfiguration(new AuthorizationProviderConfiguration(authProviderFactory, credentials));
conf.setAuthorizationProvider(authProvider);
} }
} }

8
src/main/java/org/gcube/smartgears/context/application/ApplicationContext.java
View File

@ -8,6 +8,7 @@ import org.gcube.smartgears.context.Properties;
import org.gcube.smartgears.context.container.ContainerContext; import org.gcube.smartgears.context.container.ContainerContext;
import org.gcube.smartgears.lifecycle.application.ApplicationLifecycle; import org.gcube.smartgears.lifecycle.application.ApplicationLifecycle;
import org.gcube.smartgears.persistence.PersistenceWriter; import org.gcube.smartgears.persistence.PersistenceWriter;
import org.gcube.smartgears.security.AuthorizationProvider;
/** /**
* The management context of an application. * The management context of an application.
@ -75,6 +76,11 @@ public interface ApplicationContext {
* @return the properties * @return the properties
*/ */
Properties properties(); Properties properties();
/**
* Returns the authorization provider.
* @return the AuhtorizationProvider
**/
AuthorizationProvider authorizationProvider();
} }

11
src/main/java/org/gcube/smartgears/context/application/DefaultApplicationContext.java
View File

@ -8,6 +8,7 @@ import org.gcube.smartgears.context.Properties;
import org.gcube.smartgears.context.container.ContainerContext; import org.gcube.smartgears.context.container.ContainerContext;
import org.gcube.smartgears.lifecycle.application.ApplicationLifecycle; import org.gcube.smartgears.lifecycle.application.ApplicationLifecycle;
import org.gcube.smartgears.persistence.PersistenceWriter; import org.gcube.smartgears.persistence.PersistenceWriter;
import org.gcube.smartgears.security.AuthorizationProvider;
/** /**
* Default {@link ApplicationContext} implementation. * Default {@link ApplicationContext} implementation.
@ -87,6 +88,8 @@ public class DefaultApplicationContext implements ApplicationContext {
return configuration.persistence(); return configuration.persistence();
} }
@Override @Override
public Properties properties() { public Properties properties() {
return properties; return properties;
@ -97,4 +100,12 @@ public class DefaultApplicationContext implements ApplicationContext {
return id; return id;
} }
/**
* Returns the authorization provider.
* @return the AuhtorizationProvider
**/
public AuthorizationProvider authorizationProvider() {
return container().authorizationProvider();
}
} }

4
src/main/java/org/gcube/smartgears/context/container/ContainerContext.java
View File

@ -1,11 +1,11 @@
package org.gcube.smartgears.context.container; package org.gcube.smartgears.context.container;
import org.gcube.common.events.Hub; import org.gcube.common.events.Hub;
import org.gcube.common.resources.gcore.HostingNode;
import org.gcube.smartgears.configuration.container.ContainerConfiguration; import org.gcube.smartgears.configuration.container.ContainerConfiguration;
import org.gcube.smartgears.context.Properties; import org.gcube.smartgears.context.Properties;
import org.gcube.smartgears.lifecycle.container.ContainerLifecycle; import org.gcube.smartgears.lifecycle.container.ContainerLifecycle;
import org.gcube.smartgears.persistence.PersistenceWriter; import org.gcube.smartgears.persistence.PersistenceWriter;
import org.gcube.smartgears.security.AuthorizationProvider;
/** /**
* The management context of the container. * The management context of the container.
@ -48,5 +48,7 @@ public interface ContainerContext {
Properties properties(); Properties properties();
String id(); String id();
AuthorizationProvider authorizationProvider();
} }

9
src/main/java/org/gcube/smartgears/context/container/DefaultContainerContext.java
View File

@ -8,6 +8,7 @@ import org.gcube.smartgears.configuration.container.ContainerConfiguration;
import org.gcube.smartgears.context.Properties; import org.gcube.smartgears.context.Properties;
import org.gcube.smartgears.lifecycle.container.ContainerLifecycle; import org.gcube.smartgears.lifecycle.container.ContainerLifecycle;
import org.gcube.smartgears.persistence.PersistenceWriter; import org.gcube.smartgears.persistence.PersistenceWriter;
import org.gcube.smartgears.security.AuthorizationProvider;
/** /**
* Default {@link ContainerContext} implementation. * Default {@link ContainerContext} implementation.
@ -21,6 +22,7 @@ public class DefaultContainerContext implements ContainerContext {
private final ContainerLifecycle lifecycle; private final ContainerLifecycle lifecycle;
private final Properties properties; private final Properties properties;
private final Hub hub; private final Hub hub;
private final AuthorizationProvider authorizationProvider;
private final String id; private final String id;
/** /**
* Creates an instance with mandatory parameters. * Creates an instance with mandatory parameters.
@ -29,13 +31,14 @@ public class DefaultContainerContext implements ContainerContext {
* @param lifecycle the lifecycle * @param lifecycle the lifecycle
* @param properties the properties * @param properties the properties
*/ */
public DefaultContainerContext(String id,ContainerConfiguration configuration, Hub hub, ContainerLifecycle lifecycle, public DefaultContainerContext(String id,ContainerConfiguration configuration, Hub hub, ContainerLifecycle lifecycle, AuthorizationProvider authProvider,
Properties properties) { Properties properties) {
this.id = id; this.id = id;
this.configuration=configuration; this.configuration=configuration;
this.hub=hub; this.hub=hub;
this.lifecycle = lifecycle; this.lifecycle = lifecycle;
this.properties=properties; this.properties=properties;
this.authorizationProvider = authProvider;
} }
public HostingNode profile() { public HostingNode profile() {
@ -72,6 +75,8 @@ public class DefaultContainerContext implements ContainerContext {
return id; return id;
} }
public AuthorizationProvider authorizationProvider() {
return authorizationProvider;
}
} }

2
src/main/java/org/gcube/smartgears/handlers/application/lifecycle/ApplicationProfileManager.java
View File

@ -124,7 +124,7 @@ public class ApplicationProfileManager extends ApplicationLifecycleHandler {
publishers.forEach(p -> { publishers.forEach(p -> {
try { try {
p.create(context, p.create(context,
context.container().configuration().authorizationProvider().getContexts()); context.container().authorizationProvider().getContexts());
}catch (Exception e) { }catch (Exception e) {
log.error("cannot publish {} for first time with publisher type {} (see details)",context.name(), p.getClass().getCanonicalName(), e); log.error("cannot publish {} for first time with publisher type {} (see details)",context.name(), p.getClass().getCanonicalName(), e);
} }

4
src/main/java/org/gcube/smartgears/handlers/application/request/RequestValidator.java
View File

@ -95,7 +95,7 @@ public class RequestValidator extends RequestHandler {
ContextBean bean = new ContextBean(context); ContextBean bean = new ContextBean(context);
ContainerConfiguration conf = appContext.container().configuration(); ContainerConfiguration conf = appContext.container().configuration();
Set<String> allowedContexts =conf.authorizationProvider().getContexts(); Set<String> allowedContexts =appContext.authorizationProvider().getContexts();
if (!allowedContexts.contains(context) && if (!allowedContexts.contains(context) &&
!(conf.authorizeChildrenContext() && bean.is(Type.VRE) !(conf.authorizeChildrenContext() && bean.is(Type.VRE)
&& allowedContexts.contains(bean.enclosingScope().toString()) ) ) { && allowedContexts.contains(bean.enclosingScope().toString()) ) ) {
@ -140,7 +140,7 @@ public class RequestValidator extends RequestHandler {
Secret secret = null; Secret secret = null;
if (accessToken!=null) { if (accessToken!=null) {
secret = new AccessTokenSecret(accessToken); secret = new AccessTokenSecret(accessToken);
SimpleCredentials credentials = (SimpleCredentials)appContext.container().configuration().authorizationProvider().getCredentials(); SimpleCredentials credentials = (SimpleCredentials)appContext.authorizationProvider().getCredentials();
KeycloakClient client = KeycloakClientFactory.newInstance(); KeycloakClient client = KeycloakClientFactory.newInstance();
try { try {
if(!client.isAccessTokenVerified(secret.getContext(), credentials.getClientID(), credentials.getSecret(), accessToken)) if(!client.isAccessTokenVerified(secret.getContext(), credentials.getClientID(), credentials.getSecret(), accessToken))

2
src/main/java/org/gcube/smartgears/handlers/container/lifecycle/ContainerProfileManager.java
View File

@ -111,7 +111,7 @@ public class ContainerProfileManager extends ContainerHandler {
publishers.forEach(p -> { publishers.forEach(p -> {
try { try {
p.create(context, p.create(context,
context.configuration().authorizationProvider().getContexts()); context.authorizationProvider().getContexts());
}catch (Exception e) { }catch (Exception e) {
log.error("cannot publish container for first time with publisher type {} (see details)", p.getClass().getCanonicalName(), e); log.error("cannot publish container for first time with publisher type {} (see details)", p.getClass().getCanonicalName(), e);
} }

2
src/main/java/org/gcube/smartgears/managers/ContainerManager.java
View File

@ -102,7 +102,7 @@ public class ContainerManager {
Set<String> foundContexts; Set<String> foundContexts;
try { try {
foundContexts = context.configuration().authorizationProvider().getContexts(); foundContexts = context.authorizationProvider().getContexts();
} catch (Exception e) { } catch (Exception e) {
log.error("error authorizing container",e); log.error("error authorizing container",e);
throw new RuntimeException("error authorizing container, moving the container to failed",e); throw new RuntimeException("error authorizing container, moving the container to failed",e);

16
src/main/java/org/gcube/smartgears/provider/DefaultProvider.java
View File

@ -25,6 +25,7 @@ import javax.servlet.ServletContext;
import org.gcube.common.events.Hub; import org.gcube.common.events.Hub;
import org.gcube.common.events.impl.DefaultHub; import org.gcube.common.events.impl.DefaultHub;
import org.gcube.common.security.credentials.Credentials;
import org.gcube.smartgears.configuration.application.ApplicationConfiguration; import org.gcube.smartgears.configuration.application.ApplicationConfiguration;
import org.gcube.smartgears.configuration.application.ApplicationConfigurationBinder; import org.gcube.smartgears.configuration.application.ApplicationConfigurationBinder;
import org.gcube.smartgears.configuration.application.ApplicationExtensions; import org.gcube.smartgears.configuration.application.ApplicationExtensions;
@ -45,6 +46,7 @@ import org.gcube.smartgears.lifecycle.container.ContainerLifecycle;
import org.gcube.smartgears.publishing.Publisher; import org.gcube.smartgears.publishing.Publisher;
import org.gcube.smartgears.publishing.SmartgearsProfilePublisher; import org.gcube.smartgears.publishing.SmartgearsProfilePublisher;
import org.gcube.smartgears.security.AuthorizationProvider; import org.gcube.smartgears.security.AuthorizationProvider;
import org.gcube.smartgears.security.AuthorizationProviderFactory;
import org.gcube.smartgears.utils.Utils; import org.gcube.smartgears.utils.Utils;
import org.reflections.Reflections; import org.reflections.Reflections;
import org.reflections.scanners.SubTypesScanner; import org.reflections.scanners.SubTypesScanner;
@ -107,7 +109,12 @@ public class DefaultProvider implements Provider {
} }
containerContext = new DefaultContainerContext(id, configuration, hub, lifecycle, new Properties()); AuthorizationProviderFactory<?> authfactory = configuration.getauthorizationConfiguration().getAuthProviderFactory();
Credentials credentials = configuration.getauthorizationConfiguration().getCredentials();
AuthorizationProvider authProvider = authfactory.connect(credentials);
containerContext = new DefaultContainerContext(id, configuration, hub, lifecycle, authProvider, new Properties());
} }
return containerContext; return containerContext;
} }
@ -373,10 +380,11 @@ public class DefaultProvider implements Provider {
return this.publishers; return this.publishers;
} }
/*
@Override @Override
public AuthorizationProvider authorizationProvider() { public AuthorizationProvider authorizationProvider() {
return containerContext.configuration().authorizationProvider(); return containerContext.authorizationProvider();
} }
*/
} }

7
src/main/java/org/gcube/smartgears/provider/Provider.java
View File

@ -72,11 +72,6 @@ public interface Provider {
* @return the extensions * @return the extensions
*/ */
ApplicationExtensions extensionsFor(ApplicationContext application); ApplicationExtensions extensionsFor(ApplicationContext application);
/**
* Returns the authorization provider for this node
* @return the AuthorizationProvider implementation
*/
AuthorizationProvider authorizationProvider();
} }