This commit is contained in:
Lucio Lelii 2017-03-21 13:42:21 +00:00
parent 800d697b45
commit f7e0d238d3
3 changed files with 72 additions and 19 deletions

View File

@ -10,6 +10,8 @@ import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlElementRef;
@ -59,6 +61,9 @@ public class ContainerConfiguration {
@XmlElement(name ="secure-port")
Integer securePort;
@XmlElement
boolean authorizeChildrenContext = false;
@XmlElement
@NotNull
String infrastructure;
@ -243,6 +248,15 @@ public class ContainerConfiguration {
return this;
}
public boolean authorizeChildrenContext() {
return authorizeChildrenContext;
}
public ContainerConfiguration authorizeChildrenContext(boolean authorizeChildrenContext) {
this.authorizeChildrenContext = authorizeChildrenContext;
return this;
}
/**
* Returns the VOs in which the container initially operates.
* @return the VOs
@ -418,14 +432,32 @@ public class ContainerConfiguration {
public int hashCode() {
final int prime = 31;
int result = 1;
result = prime * result
+ ((allowedContext == null) ? 0 : allowedContext.hashCode());
result = prime * result + ((apps == null) ? 0 : apps.hashCode());
result = prime * result + ((hostname == null) ? 0 : hostname.hashCode());
result = prime * result + ((infrastructure == null) ? 0 : infrastructure.hashCode());
result = prime
* result
+ ((authenticationEnpoint == null) ? 0 : authenticationEnpoint
.hashCode());
result = prime * result + (authorizeChildrenContext ? 1231 : 1237);
result = prime * result
+ ((hostname == null) ? 0 : hostname.hashCode());
result = prime * result
+ ((infrastructure == null) ? 0 : infrastructure.hashCode());
result = prime * result + ((mode == null) ? 0 : mode.hashCode());
result = prime * result + ((persistenceManager == null) ? 0 : persistenceManager.hashCode());
result = prime
* result
+ ((persistenceManager == null) ? 0 : persistenceManager
.hashCode());
result = prime * result + ((port == null) ? 0 : port.hashCode());
result = prime * result + ((properties == null) ? 0 : properties.hashCode());
result = prime * result + (int) (publicationFrequency ^ (publicationFrequency >>> 32));
result = prime * result
+ ((properties == null) ? 0 : properties.hashCode());
result = prime * result
+ ((proxyAddress == null) ? 0 : proxyAddress.hashCode());
result = prime * result
+ (int) (publicationFrequency ^ (publicationFrequency >>> 32));
result = prime * result
+ ((securePort == null) ? 0 : securePort.hashCode());
result = prime * result + ((site == null) ? 0 : site.hashCode());
result = prime * result + ((tokens == null) ? 0 : tokens.hashCode());
return result;
@ -440,11 +472,23 @@ public class ContainerConfiguration {
if (getClass() != obj.getClass())
return false;
ContainerConfiguration other = (ContainerConfiguration) obj;
if (allowedContext == null) {
if (other.allowedContext != null)
return false;
} else if (!allowedContext.equals(other.allowedContext))
return false;
if (apps == null) {
if (other.apps != null)
return false;
} else if (!apps.equals(other.apps))
return false;
if (authenticationEnpoint == null) {
if (other.authenticationEnpoint != null)
return false;
} else if (!authenticationEnpoint.equals(other.authenticationEnpoint))
return false;
if (authorizeChildrenContext != other.authorizeChildrenContext)
return false;
if (hostname == null) {
if (other.hostname != null)
return false;
@ -467,18 +511,23 @@ public class ContainerConfiguration {
return false;
} else if (!port.equals(other.port))
return false;
if (securePort == null) {
if (other.securePort != null)
return false;
} else if (!securePort.equals(other.securePort))
return false;
if (properties == null) {
if (other.properties != null)
return false;
} else if (!properties.equals(other.properties))
return false;
if (proxyAddress == null) {
if (other.proxyAddress != null)
return false;
} else if (!proxyAddress.equals(other.proxyAddress))
return false;
if (publicationFrequency != other.publicationFrequency)
return false;
if (securePort == null) {
if (other.securePort != null)
return false;
} else if (!securePort.equals(other.securePort))
return false;
if (site == null) {
if (other.site != null)
return false;
@ -489,13 +538,10 @@ public class ContainerConfiguration {
return false;
} else if (!tokens.equals(other.tokens))
return false;
return true;
}
}

View File

@ -26,7 +26,10 @@ import org.gcube.common.authorization.library.provider.ServiceIdentifier;
import org.gcube.common.authorization.library.provider.UserInfo;
import org.gcube.common.authorization.library.utils.Caller;
import org.gcube.common.scope.api.ScopeProvider;
import org.gcube.common.scope.impl.ScopeBean;
import org.gcube.common.scope.impl.ScopeBean.Type;
import org.gcube.smartgears.Constants;
import org.gcube.smartgears.configuration.container.ContainerConfiguration;
import org.gcube.smartgears.context.application.ApplicationContext;
import org.gcube.smartgears.handlers.application.RequestEvent;
import org.gcube.smartgears.handlers.application.RequestHandler;
@ -99,7 +102,11 @@ public class RequestValidator extends RequestHandler {
invalid_request_error.fire("call is unscoped");
}
if (!context.container().configuration().allowedContexts().contains(scope)) {
ScopeBean bean = new ScopeBean(scope);
ContainerConfiguration conf = context.container().configuration();
if (!conf.allowedContexts().contains(scope) &&
!(conf.authorizeChildrenContext() && bean.is(Type.VRE) && conf.allowedContexts().contains(bean.enclosingScope().toString()) ) ) {
log.warn("rejecting call to {} in invalid context {}, allowed context are {}",context.name(),scope,context.container().configuration().allowedContexts());
invalid_request_error.fire(context.name()+" cannot be called in scope "+scope);
}

View File

@ -30,8 +30,8 @@ public class ConfigurationTest {
+ "<port>8080</port>"
+ "<secure-port>8484</secure-port>"
+ "<infrastructure>gcube</infrastructure>"
+ // spaces are intentional!
"<token>token1</token>" + "<token>token2</token>" + "<persistence location='target'/>" + appXml + "<site>"
+ "<authorizeChildrenContext>true</authorizeChildrenContext> "
+"<token>token1</token>" + "<token>token2</token>" + "<persistence location='target'/>" + appXml + "<site>"
+ "<country>it</country>" + "<location>rome</location>" + "<latitude>41.9000</latitude>"
+ "<longitude>12.5000</longitude>" + "</site>" + "<property name='prop1' value='val1' />"
+ "<property name='prop2' value='val2' />" + "<publication-frequency>30</publication-frequency>"
@ -58,7 +58,7 @@ public class ConfigurationTest {
.startTokens(Arrays.asList("token1", "token2"))
.site(new Site().country("it").location("rome").latitude("41.9000").longitude("12.5000"))
.property("prop1", "val1").property("prop2", "val2").publicationFrequency(30)
.app(sampleAppConfiguration())
.app(sampleAppConfiguration()).authorizeChildrenContext(true)
.persistence(new DefaultPersistence("target"));
}