From 0fea0a86700a91cc45683def52e8e6fa8f3005af Mon Sep 17 00:00:00 2001 From: ROBERTO CIRILLO Date: Thu, 28 Mar 2024 17:24:47 +0100 Subject: [PATCH] Update 'src/main/java/org/gcube/data/access/connector/GeoNetworkConnectorRequestHandler.java' change boolean GENERAL value to true --- .../GeoNetworkConnectorRequestHandler.java | 480 +++++++++--------- 1 file changed, 240 insertions(+), 240 deletions(-) diff --git a/src/main/java/org/gcube/data/access/connector/GeoNetworkConnectorRequestHandler.java b/src/main/java/org/gcube/data/access/connector/GeoNetworkConnectorRequestHandler.java index 11e6d19..ddb8b1f 100644 --- a/src/main/java/org/gcube/data/access/connector/GeoNetworkConnectorRequestHandler.java +++ b/src/main/java/org/gcube/data/access/connector/GeoNetworkConnectorRequestHandler.java @@ -1,240 +1,240 @@ -package org.gcube.data.access.connector; - -import java.util.List; - -import javax.servlet.http.HttpServletRequest; -import javax.xml.bind.annotation.XmlRootElement; - -import org.apache.commons.codec.binary.Base64; -import org.gcube.common.authorization.library.AuthorizationEntry; -import org.gcube.common.authorization.library.provider.SecurityTokenProvider; -import org.gcube.common.resources.gcore.GCoreEndpoint; -import org.gcube.common.scope.api.ScopeProvider; -import org.gcube.data.access.connector.rest.GCubeRestClient; -import org.gcube.data.access.connector.rest.entity.AccessibleCredentialsEntity; -import org.gcube.data.access.connector.utils.AuthenticationUtils; -import org.gcube.data.access.connector.utils.GCubeCache; -import org.gcube.resources.discovery.client.api.DiscoveryClient; -import org.gcube.resources.discovery.client.queries.api.SimpleQuery; -import org.gcube.resources.discovery.icclient.ICFactory; -import org.gcube.smartgears.handlers.application.RequestEvent; -import org.gcube.smartgears.handlers.application.RequestHandler; -import org.gcube.smartgears.handlers.application.request.RequestError; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import static org.gcube.common.authorization.client.Constants.authorizationService; - -@XmlRootElement(name = GeoNetworkConnectorRequestHandler.REQUEST_HANDLER_NAME) -public class GeoNetworkConnectorRequestHandler extends RequestHandler { - - protected static final String REQUEST_HANDLER_NAME = "authentication-filter"; - private static final String GEONETWORK_CREDENTIALS = "/GeoNetwork/credentials/"; - private static final String SDI = "/SDI"; - private static final boolean GENERAL = false; //retrieve the general credentials from SDI (without web service) - - private Logger logger; - private GCubeCache gCubeCache; - private GCubeRestClient restClient = new GCubeRestClient(); - - public GeoNetworkConnectorRequestHandler() { - logger = LoggerFactory.getLogger(this.getClass()); - gCubeCache = new GCubeCache<>(AuthenticationUtils.TIME_TO_LIVE, AuthenticationUtils.TIMER_INTERVAL, - AuthenticationUtils.MAX_ITEMS_CACHE); - } - - @Override - public String getName() { - return REQUEST_HANDLER_NAME; - } - - @Override - public void handleRequest(RequestEvent e) { - System.out.println("Handling request"); - HttpServletRequest httpServletRequest = e.request(); - - // get host from ApplicationContext - String host = e.context().container().configuration().hostname(); - - // get token from request - String token = getToken(httpServletRequest); - System.out.println("Retrieve token from request = " + token); - - if (AuthenticationUtils.isNotNullNotEmptyNotWhiteSpace(token)) { - System.out.println("Token found: " + token); - - if (validateToken(token)) { - // retrieve endpoint to get credentials in Geonetwork - String endpoint = getEndpoint(token); - System.out.println("Endpoint found: " + endpoint); - - // TODO - Can be the endpoint stored in the cache object? - if (AuthenticationUtils.isNotNullNotEmptyNotWhiteSpace(endpoint)) { - - String usernameCache = gCubeCache.get(AuthenticationUtils.USERNAME); - String passwordCache = gCubeCache.get(AuthenticationUtils.PASSWORD); - String tokenCache = gCubeCache.get(AuthenticationUtils.TOKEN_CACHE); - - // check current token with tokenCache - if (token.equals(tokenCache)) { - System.out.println("Set credentials attribute retrieved from cache " + usernameCache + " " + passwordCache); - httpServletRequest.setAttribute(AuthenticationUtils.USERNAME, usernameCache); - httpServletRequest.setAttribute(AuthenticationUtils.PASSWORD, passwordCache); - } else { - - //get credentials - System.out.println("RETRIEVE CREDENTIALS IN GENERAL MODE = " + GENERAL); - AccessibleCredentialsEntity accessibleCredentials = getAccessibleCredentials(endpoint, host, token, GENERAL); - System.out.println("Credentials: " + accessibleCredentials.getUsername() + "/" + accessibleCredentials.getPassword()); - - httpServletRequest.setAttribute(AuthenticationUtils.USERNAME, accessibleCredentials.getUsername()); - httpServletRequest.setAttribute(AuthenticationUtils.PASSWORD, accessibleCredentials.getPassword()); - - // set/update data in the cache - System.out.println("Put token in the cache: " + token); - gCubeCache.put(AuthenticationUtils.TOKEN_CACHE, token); - - System.out.println("Put also username and password in the cache"); - gCubeCache.put(AuthenticationUtils.USERNAME, accessibleCredentials.getUsername()); - gCubeCache.put(AuthenticationUtils.PASSWORD, accessibleCredentials.getPassword()); - } - } - } else { - logger.error("Invalid token in the request"); - RequestError.request_not_authorized_error.fire("Invalid token in the request"); - } - } else { - System.out.println("Token not present in the request: NO/OP"); - } - } - - @Override - public String toString() { - return getName(); - } - - // retrieve the Token from request - private String getToken(HttpServletRequest httpServletRequest) { - - // case 1 - get token from gcube-token query-string - String gCubeToken = httpServletRequest.getParameter(AuthenticationUtils.GCUBE_QUERY_STRING); - if (AuthenticationUtils.isNotNullNotEmptyNotWhiteSpace(gCubeToken)) { - System.out.println("Get token from query-string"); - return gCubeToken; - } - - // case 2 - get token from gcube-token header - gCubeToken = httpServletRequest.getHeader(AuthenticationUtils.GCUBE_QUERY_STRING); - if (AuthenticationUtils.isNotNullNotEmptyNotWhiteSpace(gCubeToken)) { - System.out.println("Get token from gcube-token header"); - return gCubeToken; - } - - // case 3 - get token from basic authorization header - String authorization = httpServletRequest.getHeader(AuthenticationUtils.AUTHORIZATION); - if (AuthenticationUtils.isNotNullNotEmptyNotWhiteSpace(authorization) - && authorization.startsWith(AuthenticationUtils.BASIC)) { - System.out.println("Get token from basic authorization header"); - // header = Authorization: Basic base64credentials - String base64Credentials = authorization.replace(AuthenticationUtils.BASIC, ""); - String credentials = new String(Base64.decodeBase64(base64Credentials.trim())); - - // credentials = username:token - final String[] values = credentials.split(":", 2); - return values[1]; - } - - System.out.println("gcube-token not found in query-string, in header and in basic authorization header"); - - // case 4 - get token from HTML form in the password field - gCubeToken = httpServletRequest.getParameter(AuthenticationUtils.PASSWORD); - if (AuthenticationUtils.isNotNullNotEmptyNotWhiteSpace(gCubeToken)) { - System.out.println("Get token from HTML form (in the password field)"); - String user = httpServletRequest.getParameter(AuthenticationUtils.USERNAME); - System.out.println("Get username from HTML form: " + user); - - if (AuthenticationUtils.isNotNullNotEmptyNotWhiteSpace(user) && user.equals(getUser(gCubeToken))) //check username - return gCubeToken; - - System.out.println("Username doesn't match with ClientInfo of gcube"); - - } else - System.out.println("gcube-token also not found in the HTML form in the password field"); - - return null; - } - - private String getEndpoint(String token) { - - try { - AuthorizationEntry authorizationEntry = authorizationService().get(token); - String scope = authorizationEntry.getContext(); - System.out.println("Set scope in to " + scope); - ScopeProvider.instance.set(scope); - - SecurityTokenProvider.instance.set(token); - - String serviceClass = String.format("$resource/Profile/ServiceClass/text() eq '%s'", - AuthenticationUtils.SDI); - String serviceName = String.format("$resource/Profile/ServiceName/text() eq '%s'", - AuthenticationUtils.SDI_SERVICE); - String status = String.format("$resource/Profile/DeploymentData/Status/text() eq '%s'", - AuthenticationUtils.READY); - - SimpleQuery query = ICFactory.queryFor(GCoreEndpoint.class).addCondition(serviceClass) - .addCondition(serviceName).addCondition(status); - DiscoveryClient client = ICFactory.clientFor(GCoreEndpoint.class); - - List gCoreEndpoints = client.submit(query); - int size = gCoreEndpoints.size(); - System.out.println("gCoreEndpoints size = " + size); - - if (size > 0) {//I get only the first. Usually it must be only one - GCoreEndpoint gCoreEndpoint = gCoreEndpoints.get(0); - return gCoreEndpoint.profile().endpointMap().get("org.gcube.spatial.data.sdi.SDIService").uri().toString(); - } - - } catch (Exception ex) { - logger.error("Error in getEndpoint() method: " + ex.getMessage()); - } - - return null; - } - - private String getUser(String token) { - try { - AuthorizationEntry authorizationEntry = authorizationService().get(token); - return authorizationEntry.getClientInfo().getId(); - } catch (Exception ex) { - logger.error("Error in getUser() method: " + ex.getMessage()); - } - return null; - } - - private boolean validateToken(String token) { - // TODO How to implement the validation of the token - System.out.println("Validate token in progress..."); - return true; - } - - private AccessibleCredentialsEntity getAccessibleCredentials(String endpoint, String host, String token, boolean general){ - - if (general){ - String url = endpoint + SDI + "?" + AuthenticationUtils.GCUBE_QUERY_STRING + "=" + token; - //http://sdi-d-d4s.d4science.org/sdi-service/gcube/service/SDI?gcube-token=feda0617-cd9d-4841-b6f0-e047da5d32ed-98187548"; - System.out.println("general url : " + url ); - return restClient.getGeneralAccessibleCredentials(url, host); - - }else{ - /* - String url = endpoint + GEONETWORK_CREDENTIALS + host + "?" + AuthenticationUtils.GCUBE_QUERY_STRING + "=" + token; - //http://sdi-d-d4s.d4science.org:80/sdi-service/gcube/service/GeoNetwork/credentials/geonetwork-sdi.dev.d4science.org?gcube-token=feda0617-cd9d-4841-b6f0-e047da5d32ed-98187548 - System.out.println("url : " + url ); - return restClient.getAccessibleCredentials(url); - */ - String hst = "sdi-d-d4s.d4science.org"; - String get = "/sdi-service/gcube/service/GeoNetwork/credentials/geonetwork-sdi.dev.d4science.org?gcube-token=feda0617-cd9d-4841-b6f0-e047da5d32ed-98187548"; - System.out.println("url : " + hst + get ); - return restClient.getAccessibleCredentialsHttp(hst, get); - } - } -} +package org.gcube.data.access.connector; + +import java.util.List; + +import javax.servlet.http.HttpServletRequest; +import javax.xml.bind.annotation.XmlRootElement; + +import org.apache.commons.codec.binary.Base64; +import org.gcube.common.authorization.library.AuthorizationEntry; +import org.gcube.common.authorization.library.provider.SecurityTokenProvider; +import org.gcube.common.resources.gcore.GCoreEndpoint; +import org.gcube.common.scope.api.ScopeProvider; +import org.gcube.data.access.connector.rest.GCubeRestClient; +import org.gcube.data.access.connector.rest.entity.AccessibleCredentialsEntity; +import org.gcube.data.access.connector.utils.AuthenticationUtils; +import org.gcube.data.access.connector.utils.GCubeCache; +import org.gcube.resources.discovery.client.api.DiscoveryClient; +import org.gcube.resources.discovery.client.queries.api.SimpleQuery; +import org.gcube.resources.discovery.icclient.ICFactory; +import org.gcube.smartgears.handlers.application.RequestEvent; +import org.gcube.smartgears.handlers.application.RequestHandler; +import org.gcube.smartgears.handlers.application.request.RequestError; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import static org.gcube.common.authorization.client.Constants.authorizationService; + +@XmlRootElement(name = GeoNetworkConnectorRequestHandler.REQUEST_HANDLER_NAME) +public class GeoNetworkConnectorRequestHandler extends RequestHandler { + + protected static final String REQUEST_HANDLER_NAME = "authentication-filter"; + private static final String GEONETWORK_CREDENTIALS = "/GeoNetwork/credentials/"; + private static final String SDI = "/SDI"; + private static final boolean GENERAL = true; //retrieve the general credentials from SDI (without web service) + + private Logger logger; + private GCubeCache gCubeCache; + private GCubeRestClient restClient = new GCubeRestClient(); + + public GeoNetworkConnectorRequestHandler() { + logger = LoggerFactory.getLogger(this.getClass()); + gCubeCache = new GCubeCache<>(AuthenticationUtils.TIME_TO_LIVE, AuthenticationUtils.TIMER_INTERVAL, + AuthenticationUtils.MAX_ITEMS_CACHE); + } + + @Override + public String getName() { + return REQUEST_HANDLER_NAME; + } + + @Override + public void handleRequest(RequestEvent e) { + System.out.println("Handling request"); + HttpServletRequest httpServletRequest = e.request(); + + // get host from ApplicationContext + String host = e.context().container().configuration().hostname(); + + // get token from request + String token = getToken(httpServletRequest); + System.out.println("Retrieve token from request = " + token); + + if (AuthenticationUtils.isNotNullNotEmptyNotWhiteSpace(token)) { + System.out.println("Token found: " + token); + + if (validateToken(token)) { + // retrieve endpoint to get credentials in Geonetwork + String endpoint = getEndpoint(token); + System.out.println("Endpoint found: " + endpoint); + + // TODO - Can be the endpoint stored in the cache object? + if (AuthenticationUtils.isNotNullNotEmptyNotWhiteSpace(endpoint)) { + + String usernameCache = gCubeCache.get(AuthenticationUtils.USERNAME); + String passwordCache = gCubeCache.get(AuthenticationUtils.PASSWORD); + String tokenCache = gCubeCache.get(AuthenticationUtils.TOKEN_CACHE); + + // check current token with tokenCache + if (token.equals(tokenCache)) { + System.out.println("Set credentials attribute retrieved from cache " + usernameCache + " " + passwordCache); + httpServletRequest.setAttribute(AuthenticationUtils.USERNAME, usernameCache); + httpServletRequest.setAttribute(AuthenticationUtils.PASSWORD, passwordCache); + } else { + + //get credentials + System.out.println("RETRIEVE CREDENTIALS IN GENERAL MODE = " + GENERAL); + AccessibleCredentialsEntity accessibleCredentials = getAccessibleCredentials(endpoint, host, token, GENERAL); + System.out.println("Credentials: " + accessibleCredentials.getUsername() + "/" + accessibleCredentials.getPassword()); + + httpServletRequest.setAttribute(AuthenticationUtils.USERNAME, accessibleCredentials.getUsername()); + httpServletRequest.setAttribute(AuthenticationUtils.PASSWORD, accessibleCredentials.getPassword()); + + // set/update data in the cache + System.out.println("Put token in the cache: " + token); + gCubeCache.put(AuthenticationUtils.TOKEN_CACHE, token); + + System.out.println("Put also username and password in the cache"); + gCubeCache.put(AuthenticationUtils.USERNAME, accessibleCredentials.getUsername()); + gCubeCache.put(AuthenticationUtils.PASSWORD, accessibleCredentials.getPassword()); + } + } + } else { + logger.error("Invalid token in the request"); + RequestError.request_not_authorized_error.fire("Invalid token in the request"); + } + } else { + System.out.println("Token not present in the request: NO/OP"); + } + } + + @Override + public String toString() { + return getName(); + } + + // retrieve the Token from request + private String getToken(HttpServletRequest httpServletRequest) { + + // case 1 - get token from gcube-token query-string + String gCubeToken = httpServletRequest.getParameter(AuthenticationUtils.GCUBE_QUERY_STRING); + if (AuthenticationUtils.isNotNullNotEmptyNotWhiteSpace(gCubeToken)) { + System.out.println("Get token from query-string"); + return gCubeToken; + } + + // case 2 - get token from gcube-token header + gCubeToken = httpServletRequest.getHeader(AuthenticationUtils.GCUBE_QUERY_STRING); + if (AuthenticationUtils.isNotNullNotEmptyNotWhiteSpace(gCubeToken)) { + System.out.println("Get token from gcube-token header"); + return gCubeToken; + } + + // case 3 - get token from basic authorization header + String authorization = httpServletRequest.getHeader(AuthenticationUtils.AUTHORIZATION); + if (AuthenticationUtils.isNotNullNotEmptyNotWhiteSpace(authorization) + && authorization.startsWith(AuthenticationUtils.BASIC)) { + System.out.println("Get token from basic authorization header"); + // header = Authorization: Basic base64credentials + String base64Credentials = authorization.replace(AuthenticationUtils.BASIC, ""); + String credentials = new String(Base64.decodeBase64(base64Credentials.trim())); + + // credentials = username:token + final String[] values = credentials.split(":", 2); + return values[1]; + } + + System.out.println("gcube-token not found in query-string, in header and in basic authorization header"); + + // case 4 - get token from HTML form in the password field + gCubeToken = httpServletRequest.getParameter(AuthenticationUtils.PASSWORD); + if (AuthenticationUtils.isNotNullNotEmptyNotWhiteSpace(gCubeToken)) { + System.out.println("Get token from HTML form (in the password field)"); + String user = httpServletRequest.getParameter(AuthenticationUtils.USERNAME); + System.out.println("Get username from HTML form: " + user); + + if (AuthenticationUtils.isNotNullNotEmptyNotWhiteSpace(user) && user.equals(getUser(gCubeToken))) //check username + return gCubeToken; + + System.out.println("Username doesn't match with ClientInfo of gcube"); + + } else + System.out.println("gcube-token also not found in the HTML form in the password field"); + + return null; + } + + private String getEndpoint(String token) { + + try { + AuthorizationEntry authorizationEntry = authorizationService().get(token); + String scope = authorizationEntry.getContext(); + System.out.println("Set scope in to " + scope); + ScopeProvider.instance.set(scope); + + SecurityTokenProvider.instance.set(token); + + String serviceClass = String.format("$resource/Profile/ServiceClass/text() eq '%s'", + AuthenticationUtils.SDI); + String serviceName = String.format("$resource/Profile/ServiceName/text() eq '%s'", + AuthenticationUtils.SDI_SERVICE); + String status = String.format("$resource/Profile/DeploymentData/Status/text() eq '%s'", + AuthenticationUtils.READY); + + SimpleQuery query = ICFactory.queryFor(GCoreEndpoint.class).addCondition(serviceClass) + .addCondition(serviceName).addCondition(status); + DiscoveryClient client = ICFactory.clientFor(GCoreEndpoint.class); + + List gCoreEndpoints = client.submit(query); + int size = gCoreEndpoints.size(); + System.out.println("gCoreEndpoints size = " + size); + + if (size > 0) {//I get only the first. Usually it must be only one + GCoreEndpoint gCoreEndpoint = gCoreEndpoints.get(0); + return gCoreEndpoint.profile().endpointMap().get("org.gcube.spatial.data.sdi.SDIService").uri().toString(); + } + + } catch (Exception ex) { + logger.error("Error in getEndpoint() method: " + ex.getMessage()); + } + + return null; + } + + private String getUser(String token) { + try { + AuthorizationEntry authorizationEntry = authorizationService().get(token); + return authorizationEntry.getClientInfo().getId(); + } catch (Exception ex) { + logger.error("Error in getUser() method: " + ex.getMessage()); + } + return null; + } + + private boolean validateToken(String token) { + // TODO How to implement the validation of the token + System.out.println("Validate token in progress..."); + return true; + } + + private AccessibleCredentialsEntity getAccessibleCredentials(String endpoint, String host, String token, boolean general){ + + if (general){ + String url = endpoint + SDI + "?" + AuthenticationUtils.GCUBE_QUERY_STRING + "=" + token; + //http://sdi-d-d4s.d4science.org/sdi-service/gcube/service/SDI?gcube-token=feda0617-cd9d-4841-b6f0-e047da5d32ed-98187548"; + System.out.println("general url : " + url ); + return restClient.getGeneralAccessibleCredentials(url, host); + + }else{ + /* + String url = endpoint + GEONETWORK_CREDENTIALS + host + "?" + AuthenticationUtils.GCUBE_QUERY_STRING + "=" + token; + //http://sdi-d-d4s.d4science.org:80/sdi-service/gcube/service/GeoNetwork/credentials/geonetwork-sdi.dev.d4science.org?gcube-token=feda0617-cd9d-4841-b6f0-e047da5d32ed-98187548 + System.out.println("url : " + url ); + return restClient.getAccessibleCredentials(url); + */ + String hst = "sdi-d-d4s.d4science.org"; + String get = "/sdi-service/gcube/service/GeoNetwork/credentials/geonetwork-sdi.dev.d4science.org?gcube-token=feda0617-cd9d-4841-b6f0-e047da5d32ed-98187548"; + System.out.println("url : " + hst + get ); + return restClient.getAccessibleCredentialsHttp(hst, get); + } + } +}