2016-06-13 09:48:29 +02:00
|
|
|
package org.gcube.portlets.gcubeckan.gcubeckandatacatalog.server;
|
|
|
|
|
|
|
|
import static org.gcube.common.authorization.client.Constants.authorizationService;
|
|
|
|
|
|
|
|
import java.util.ArrayList;
|
|
|
|
import java.util.List;
|
|
|
|
|
|
|
|
import javax.servlet.http.HttpSession;
|
|
|
|
|
2016-06-20 15:22:21 +02:00
|
|
|
import org.apache.commons.codec.binary.Base64;
|
2016-06-13 09:48:29 +02:00
|
|
|
import org.gcube.application.framework.core.session.ASLSession;
|
|
|
|
import org.gcube.application.framework.core.session.SessionManager;
|
|
|
|
import org.gcube.common.scope.api.ScopeProvider;
|
2016-06-16 18:10:50 +02:00
|
|
|
import org.gcube.datacatalogue.ckanutillibrary.CKanUtilsImpl;
|
2016-06-14 17:42:59 +02:00
|
|
|
import org.gcube.datacatalogue.ckanutillibrary.models.CkanRolesIntoLiferay;
|
|
|
|
import org.gcube.datacatalogue.ckanutillibrary.models.RolesIntoOrganization;
|
2016-06-13 09:48:29 +02:00
|
|
|
import org.gcube.portal.custom.scopemanager.scopehelper.ScopeHelper;
|
|
|
|
import org.gcube.portlets.gcubeckan.gcubeckandatacatalog.client.GcubeCkanDataCatalogService;
|
|
|
|
import org.gcube.portlets.gcubeckan.gcubeckandatacatalog.shared.CkanRole;
|
2016-06-14 17:42:59 +02:00
|
|
|
import org.gcube.vomanagement.usermanagement.GroupManager;
|
|
|
|
import org.gcube.vomanagement.usermanagement.RoleManager;
|
|
|
|
import org.gcube.vomanagement.usermanagement.UserManager;
|
2016-06-21 11:27:57 +02:00
|
|
|
import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager;
|
|
|
|
import org.gcube.vomanagement.usermanagement.impl.LiferayRoleManager;
|
|
|
|
import org.gcube.vomanagement.usermanagement.impl.LiferayUserManager;
|
|
|
|
import org.gcube.vomanagement.usermanagement.model.GCubeRole;
|
2016-06-13 09:48:29 +02:00
|
|
|
import org.slf4j.Logger;
|
|
|
|
import org.slf4j.LoggerFactory;
|
|
|
|
|
|
|
|
import com.google.gwt.user.server.rpc.RemoteServiceServlet;
|
2016-06-21 11:27:57 +02:00
|
|
|
import com.liferay.portal.model.RoleModel;
|
2016-06-13 09:48:29 +02:00
|
|
|
/**
|
|
|
|
* The server side implementation of the RPC service.
|
|
|
|
*
|
|
|
|
* @author Francesco Mangiacrapa francesco.mangiacrapa@isti.cnr.it
|
|
|
|
* Jun 10, 2016
|
|
|
|
*/
|
|
|
|
@SuppressWarnings("serial")
|
|
|
|
public class GcubeCkanDataCatalogServiceImpl extends RemoteServiceServlet implements GcubeCkanDataCatalogService {
|
|
|
|
|
|
|
|
|
|
|
|
private static final String PORT_HTTP = ":80";
|
|
|
|
private static final String PORT_HTTPS = ":443";
|
|
|
|
private static final String GCUBE_TOKEN = "gcube-token";
|
|
|
|
private static final String HTTPS = "https";
|
|
|
|
private static final String HTTP = "http";
|
|
|
|
public static String CKANCONNECTORCONTEXT = "CkanConnectorContext";
|
2016-06-20 12:36:54 +02:00
|
|
|
public static String CKANHIDEHEADER = "CkanHideHeader";
|
2016-06-13 09:48:29 +02:00
|
|
|
public static final String USERNAME_ATTRIBUTE = ScopeHelper.USERNAME_ATTRIBUTE;
|
|
|
|
private static Logger logger = LoggerFactory.getLogger(GcubeCkanDataCatalogServiceImpl.class);
|
|
|
|
private final static String DEFAULT_ROLE = "OrganizationMember";
|
|
|
|
|
|
|
|
private final static String TEST_USER = "francesco.mangiacrapa";
|
|
|
|
private final static String TEST_SCOPE = "/gcube/devsec/devVRE";
|
|
|
|
private final static String TEST_SEC_TOKEN = "4620e6d0-2313-4f48-9d54-eb3efd01a810";
|
2016-06-14 17:42:59 +02:00
|
|
|
// private final static String TEST_SEC_TOKEN = "f539884c-8697-4ac0-9bbf-2f4d595281f5";
|
2016-06-13 09:48:29 +02:00
|
|
|
|
2016-06-18 14:01:58 +02:00
|
|
|
public static final String CKAN_TOKEN_KEY = "ckanToken";
|
|
|
|
|
2016-06-18 10:25:17 +02:00
|
|
|
// ckan utils methods
|
|
|
|
private CKanUtilsImpl instance;
|
|
|
|
|
2016-06-20 15:22:21 +02:00
|
|
|
/* (non-Javadoc)
|
|
|
|
* @see javax.servlet.GenericServlet#init()
|
|
|
|
*/
|
2016-06-18 10:25:17 +02:00
|
|
|
@Override
|
|
|
|
public void init(){
|
|
|
|
|
|
|
|
// retrieve ckan information
|
|
|
|
try{
|
|
|
|
String currentScope = ScopeProvider.instance.get();
|
|
|
|
instance = new CKanUtilsImpl(currentScope);
|
|
|
|
}catch(Exception e){
|
|
|
|
logger.error("Unable to retrieve ckan information");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-06-18 14:01:58 +02:00
|
|
|
|
2016-06-13 09:48:29 +02:00
|
|
|
/* (non-Javadoc)
|
2016-06-20 15:22:21 +02:00
|
|
|
* @see org.gcube.portlets.gcubeckan.gcubeckandatacatalog.client.GcubeCkanDataCatalogService#getCKanConnector(java.lang.String, java.lang.String)
|
2016-06-13 09:48:29 +02:00
|
|
|
*/
|
|
|
|
@Override
|
2016-06-20 15:22:21 +02:00
|
|
|
public String getCKanConnector(String pathInfoParameters, String queryStringParameters) throws Exception {
|
|
|
|
logger.info("getCKanConnector [pathInfo: "+pathInfoParameters + ", query: "+queryStringParameters+"]");
|
2016-06-13 09:48:29 +02:00
|
|
|
try{
|
2016-06-20 16:05:58 +02:00
|
|
|
|
|
|
|
if(queryStringParameters!=null && Base64.isBase64(queryStringParameters.getBytes())){
|
|
|
|
byte[] valueDecoded=Base64.decodeBase64(queryStringParameters.getBytes());
|
|
|
|
queryStringParameters = new String(valueDecoded);
|
|
|
|
logger.info("queryStringParameters detected like Base64 and decoded like: "+queryStringParameters);
|
|
|
|
}
|
|
|
|
|
2016-06-13 09:48:29 +02:00
|
|
|
String ckanContext = getServletContext().getInitParameter(CKANCONNECTORCONTEXT);
|
|
|
|
logger.debug(CKANCONNECTORCONTEXT + " is: "+ckanContext);
|
2016-06-20 12:36:54 +02:00
|
|
|
|
2016-06-13 09:48:29 +02:00
|
|
|
ASLSession session = getASLSession(this.getThreadLocalRequest().getSession());
|
|
|
|
GcoreEndpointReader ckanEndPoint = SessionUtil.getCkanEndPoint(session);
|
|
|
|
String ckanConnectorUri = ckanEndPoint.getCkanResourceEntyName();
|
|
|
|
logger.debug(ckanConnectorUri + "is : "+ckanConnectorUri);
|
|
|
|
ckanConnectorUri = ckanConnectorUri.startsWith(HTTP) && !ckanConnectorUri.startsWith(HTTPS)?ckanConnectorUri.replaceFirst(HTTP, HTTPS):ckanConnectorUri;
|
|
|
|
ckanConnectorUri = ckanConnectorUri.contains(PORT_HTTP)?ckanConnectorUri.replace(PORT_HTTP, PORT_HTTPS):ckanConnectorUri;
|
|
|
|
ckanConnectorUri+=ckanContext;
|
|
|
|
logger.debug("CKanConnector URI + Context: "+ckanConnectorUri);
|
2016-06-20 16:05:58 +02:00
|
|
|
logger.debug("adding parameters...");
|
2016-06-20 15:22:21 +02:00
|
|
|
String fullPath = getCkanConnectorParameters(pathInfoParameters, queryStringParameters);
|
2016-06-20 16:05:58 +02:00
|
|
|
ckanConnectorUri = ckanConnectorUri+fullPath;
|
2016-06-13 09:48:29 +02:00
|
|
|
logger.info("returning ckanConnectorUri: "+ckanConnectorUri);
|
|
|
|
return ckanConnectorUri;
|
2016-06-20 16:05:58 +02:00
|
|
|
// return "http://ckan-d-d4s.d4science.org";
|
2016-06-13 09:48:29 +02:00
|
|
|
}catch(Exception e ){
|
|
|
|
String message = "Sorry an error occurred during contacting gCube Ckan Data Catalogue";
|
|
|
|
logger.error(message, e);
|
|
|
|
throw new Exception(message);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-06-20 15:22:21 +02:00
|
|
|
|
2016-06-20 16:05:58 +02:00
|
|
|
|
|
|
|
|
2016-06-20 15:22:21 +02:00
|
|
|
/**
|
|
|
|
* Gets the ckan connector parameters.
|
|
|
|
*
|
|
|
|
* @param pathInfoParameters the path info parameters
|
|
|
|
* @param queryStringParameters the query string parameters
|
|
|
|
* @return the ckan connector parameters
|
|
|
|
*/
|
|
|
|
private String getCkanConnectorParameters(String pathInfoParameters, String queryStringParameters) {
|
|
|
|
|
|
|
|
String ckanHideHeader = getServletContext().getInitParameter(CKANHIDEHEADER);
|
|
|
|
logger.debug(CKANHIDEHEADER + " is: "+ckanHideHeader);
|
|
|
|
|
|
|
|
String pathInfo = "";
|
|
|
|
if(pathInfoParameters!=null && !pathInfoParameters.isEmpty()){
|
2016-06-20 16:05:58 +02:00
|
|
|
pathInfo=pathInfoParameters.startsWith("/")?pathInfoParameters:"/"+pathInfoParameters;
|
2016-06-20 15:22:21 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
String queryString ="";
|
|
|
|
if(queryStringParameters!=null && !queryStringParameters.isEmpty()){
|
|
|
|
queryString = "?"+queryStringParameters;
|
|
|
|
}
|
|
|
|
|
2016-06-20 16:05:58 +02:00
|
|
|
String gcubeTokenParameter = null;
|
|
|
|
if(SessionUtil.isIntoPortal()){
|
|
|
|
gcubeTokenParameter = GCUBE_TOKEN+"="+getGcubeSecurityToken();
|
|
|
|
}else{
|
|
|
|
logger.warn("******** Using TEST_USER security token!!!");
|
|
|
|
gcubeTokenParameter = GCUBE_TOKEN+"="+TEST_SEC_TOKEN;
|
|
|
|
}
|
|
|
|
|
2016-06-20 15:22:21 +02:00
|
|
|
queryString = queryString.isEmpty()?"?"+ckanHideHeader:"&"+ckanHideHeader;
|
2016-06-20 16:05:58 +02:00
|
|
|
queryString+="&"+gcubeTokenParameter;
|
2016-06-20 15:22:21 +02:00
|
|
|
return pathInfo+queryString;
|
|
|
|
}
|
|
|
|
|
2016-06-13 09:48:29 +02:00
|
|
|
/**
|
|
|
|
* Gets the gcube security token.
|
|
|
|
*
|
|
|
|
* @return the gcube security token
|
|
|
|
*/
|
|
|
|
protected String getGcubeSecurityToken() {
|
|
|
|
HttpSession httpSession = this.getThreadLocalRequest().getSession();
|
|
|
|
ASLSession session = getASLSession(httpSession);
|
|
|
|
logger.debug("Get security token return: "+session.getSecurityToken());
|
|
|
|
|
|
|
|
if(session.getSecurityToken()==null || session.getSecurityToken().isEmpty()){
|
|
|
|
logger.warn("Security token retured from ASL is null or empty, I'm setting security token...");
|
|
|
|
setAuthorizationToken(session);
|
|
|
|
}
|
|
|
|
|
|
|
|
return session.getSecurityToken();
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Temporary method to set the authorization token.
|
|
|
|
*
|
|
|
|
* @param session the new authorization token
|
|
|
|
*/
|
|
|
|
private static void setAuthorizationToken(ASLSession session) {
|
|
|
|
String username = session.getUsername();
|
|
|
|
String scope = session.getScope();
|
|
|
|
ScopeProvider.instance.set(scope);
|
|
|
|
logger.debug("calling service token on scope " + scope);
|
|
|
|
List<String> userRoles = new ArrayList<String>();
|
|
|
|
userRoles.add(DEFAULT_ROLE);
|
|
|
|
session.setSecurityToken(null);
|
|
|
|
String token = authorizationService().build().generate(session.getUsername(), userRoles);
|
|
|
|
logger.debug("received token: "+token);
|
|
|
|
session.setSecurityToken(token);
|
|
|
|
logger.info("Security token set in session for: "+username + " on " + scope);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Gets the ASL session.
|
|
|
|
*
|
|
|
|
* @param httpSession the http session
|
|
|
|
* @return the ASL session
|
|
|
|
*/
|
|
|
|
protected ASLSession getASLSession(HttpSession httpSession)
|
|
|
|
{
|
|
|
|
String sessionID = httpSession.getId();
|
|
|
|
String user = (String) httpSession.getAttribute(USERNAME_ATTRIBUTE);
|
|
|
|
|
|
|
|
if (user == null) {
|
|
|
|
|
|
|
|
logger.warn("****** STARTING IN TEST MODE - NO USER FOUND *******");
|
|
|
|
//for test only
|
|
|
|
user = TEST_USER;
|
|
|
|
httpSession.setAttribute(USERNAME_ATTRIBUTE, user);
|
|
|
|
ASLSession session = SessionManager.getInstance().getASLSession(sessionID, user);
|
|
|
|
session.setScope(TEST_SCOPE);
|
|
|
|
//session.setScope("/gcube/devsec/devVRE");
|
|
|
|
|
|
|
|
return session;
|
|
|
|
} else logger.trace("user found in session "+user);
|
|
|
|
return SessionManager.getInstance().getASLSession(sessionID, user);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* (non-Javadoc)
|
|
|
|
* @see org.gcube.portlets.gcubeckan.gcubeckandatacatalog.client.GcubeCkanDataCatalogService#getMyRole()
|
|
|
|
*/
|
|
|
|
@Override
|
|
|
|
public CkanRole getMyRole() throws Exception{
|
2016-06-14 17:42:59 +02:00
|
|
|
HttpSession httpSession = this.getThreadLocalRequest().getSession();
|
|
|
|
|
|
|
|
// we need to evaluate which roles the user has in this scope
|
|
|
|
String username = getASLSession(httpSession).getUsername();
|
|
|
|
String currentScope = getASLSession(httpSession).getScope();
|
|
|
|
String groupName = getASLSession(httpSession).getGroupName();
|
2016-06-18 10:25:17 +02:00
|
|
|
|
2016-06-14 17:42:59 +02:00
|
|
|
try{
|
|
|
|
|
2016-06-20 15:22:21 +02:00
|
|
|
if(!SessionUtil.isIntoPortal()){
|
|
|
|
logger.warn("OUT FROM PORTAL DETECTED RETURNING ROLE: "+CkanRole.ADMIN);
|
|
|
|
return CkanRole.ADMIN;
|
|
|
|
}
|
2016-06-18 13:58:31 +02:00
|
|
|
// first of all, check if the user is a sysadmin in the catalog (in this case he can do everything)
|
2016-06-18 14:01:58 +02:00
|
|
|
boolean isSysAdmin = instance.isSysAdmin(username, getUserCKanTokenFromSession());
|
2016-06-18 13:58:31 +02:00
|
|
|
|
|
|
|
if(isSysAdmin){
|
2016-06-14 17:42:59 +02:00
|
|
|
|
2016-06-18 13:58:31 +02:00
|
|
|
logger.debug("The user is a sysadmin of the catalog -> he can edit/add");
|
|
|
|
return CkanRole.SYSADMIN;
|
2016-06-18 10:25:17 +02:00
|
|
|
|
2016-06-18 13:58:31 +02:00
|
|
|
}else{
|
2016-06-14 17:42:59 +02:00
|
|
|
|
2016-06-18 13:58:31 +02:00
|
|
|
// retrieve the liferay's roles for the user
|
|
|
|
UserManager userManager = new LiferayUserManager();
|
|
|
|
RoleManager roleManager = new LiferayRoleManager();
|
|
|
|
GroupManager groupManager = new LiferayGroupManager();
|
2016-06-21 11:27:57 +02:00
|
|
|
List<GCubeRole> roles = roleManager.listRolesByUserAndGroup(groupManager.getGroupId(groupName), userManager.getUserId(username));
|
2016-06-18 13:58:31 +02:00
|
|
|
|
|
|
|
// the default one
|
|
|
|
CkanRolesIntoLiferay mainRole = CkanRolesIntoLiferay.CATALOG_MEMBER;
|
|
|
|
RolesIntoOrganization correspondentRoleToCheck = RolesIntoOrganization.MEMBER;
|
|
|
|
|
|
|
|
// NOTE: it is supposed that there is just one role for this person correspondent to the one in the catalog
|
2016-06-21 11:27:57 +02:00
|
|
|
for (GCubeRole role : roles) {
|
2016-06-18 13:58:31 +02:00
|
|
|
|
2016-06-20 12:36:54 +02:00
|
|
|
logger.debug("User " + username + " has role " + role.getRoleName() + " in " + currentScope);
|
2016-06-18 13:58:31 +02:00
|
|
|
if(role.getRoleName().contains(CkanRolesIntoLiferay.CATALOG_ADMIN.toString())){
|
|
|
|
mainRole = CkanRolesIntoLiferay.CATALOG_ADMIN;
|
|
|
|
correspondentRoleToCheck = RolesIntoOrganization.ADMIN;
|
|
|
|
break;
|
|
|
|
}else if(role.getRoleName().contains(CkanRolesIntoLiferay.CATALOG_EDITOR.toString())){
|
|
|
|
mainRole = CkanRolesIntoLiferay.CATALOG_EDITOR;
|
|
|
|
correspondentRoleToCheck = RolesIntoOrganization.EDITOR;
|
|
|
|
break;
|
2016-06-20 12:36:54 +02:00
|
|
|
}
|
2016-06-18 13:58:31 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// with this invocation, we check if the role is present in ckan and if it is not it will be added
|
|
|
|
boolean res = instance.checkRole(username, groupName, correspondentRoleToCheck);
|
|
|
|
|
|
|
|
if(res)
|
|
|
|
return reMapRole(mainRole);
|
|
|
|
}
|
2016-06-14 17:42:59 +02:00
|
|
|
}catch(Exception e){
|
|
|
|
logger.error("Unable to retrieve the role information for this user. Returning member role", e);
|
|
|
|
}
|
2016-06-18 10:25:17 +02:00
|
|
|
|
|
|
|
logger.debug("Unable to check the role into ckan organization, returning MEMBER as role");
|
2016-06-18 13:58:31 +02:00
|
|
|
|
2016-06-14 17:42:59 +02:00
|
|
|
// return the base role
|
2016-06-20 12:36:54 +02:00
|
|
|
return CkanRole.MEMBER;
|
2016-06-14 17:42:59 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2016-06-20 15:22:21 +02:00
|
|
|
* Map between roles.
|
|
|
|
*
|
|
|
|
* @param mainRole the main role
|
|
|
|
* @return the ckan role
|
2016-06-14 17:42:59 +02:00
|
|
|
*/
|
|
|
|
private CkanRole reMapRole(CkanRolesIntoLiferay mainRole) {
|
|
|
|
switch(mainRole){
|
|
|
|
case CATALOG_ADMIN: return CkanRole.ADMIN;
|
|
|
|
case CATALOG_EDITOR: return CkanRole.EDITOR;
|
|
|
|
case CATALOG_MEMBER: ;
|
2016-06-20 12:36:54 +02:00
|
|
|
default : return CkanRole.MEMBER;
|
2016-06-14 17:42:59 +02:00
|
|
|
}
|
2016-06-13 09:48:29 +02:00
|
|
|
}
|
2016-06-13 12:54:15 +02:00
|
|
|
|
2016-06-20 15:22:21 +02:00
|
|
|
/* (non-Javadoc)
|
|
|
|
* @see org.gcube.portlets.gcubeckan.gcubeckandatacatalog.client.GcubeCkanDataCatalogService#getUser()
|
|
|
|
*/
|
2016-06-13 12:54:15 +02:00
|
|
|
@Override
|
|
|
|
public String getUser() {
|
2016-06-14 17:42:59 +02:00
|
|
|
|
2016-06-13 12:54:15 +02:00
|
|
|
HttpSession httpSession = this.getThreadLocalRequest().getSession();
|
2016-06-14 17:42:59 +02:00
|
|
|
|
2016-06-13 12:54:15 +02:00
|
|
|
logger.debug("User in session is " + getASLSession(httpSession).getUsername());
|
|
|
|
return getASLSession(httpSession).getUsername();
|
2016-06-14 17:42:59 +02:00
|
|
|
|
2016-06-13 12:54:15 +02:00
|
|
|
}
|
2016-06-20 15:22:21 +02:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Get current user's token.
|
|
|
|
*
|
|
|
|
* @return String the ckan user's token
|
|
|
|
*/
|
|
|
|
private String getUserCKanTokenFromSession(){
|
|
|
|
|
|
|
|
HttpSession httpSession = this.getThreadLocalRequest().getSession();
|
|
|
|
ASLSession session = getASLSession(httpSession);
|
|
|
|
String username = session.getUsername();
|
|
|
|
logger.debug("User in session is " + username);
|
|
|
|
|
|
|
|
String token = null;
|
|
|
|
if(this.getThreadLocalRequest().getSession().getAttribute(CKAN_TOKEN_KEY) != null)
|
|
|
|
token = (String)this.getThreadLocalRequest().getSession().getAttribute(CKAN_TOKEN_KEY);
|
|
|
|
else{
|
|
|
|
|
|
|
|
token = instance.getApiKeyFromUsername(username);
|
|
|
|
this.getThreadLocalRequest().getSession().setAttribute(CKAN_TOKEN_KEY, token);
|
|
|
|
logger.debug("Ckan token has been set for user " + username);
|
|
|
|
}
|
|
|
|
|
|
|
|
logger.debug("Found ckan token " + token + " for user " + username);
|
|
|
|
return token;
|
|
|
|
|
|
|
|
}
|
2016-06-13 09:48:29 +02:00
|
|
|
}
|