name updated
This commit is contained in:
parent
d4a10105c3
commit
335a9454fa
|
|
@ -1,88 +1,84 @@
|
|||
package org.gcube.common.security.secrets;
|
||||
|
||||
import java.util.Base64;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
|
||||
import org.gcube.com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import org.gcube.common.keycloak.model.AccessToken;
|
||||
import org.gcube.common.keycloak.KeycloakClient;
|
||||
import org.gcube.common.keycloak.KeycloakClientFactory;
|
||||
import org.gcube.common.keycloak.model.TokenResponse;
|
||||
import org.gcube.common.security.Owner;
|
||||
|
||||
/**
|
||||
* @author Luca Frosini (ISTI - CNR)
|
||||
*/
|
||||
public class AccessTokenSecret extends Secret {
|
||||
|
||||
private static final String AUTH_HEADER = "Authorization";
|
||||
private static final String USER_HEADER = "d4s-user";
|
||||
//private static final Logger logger = LoggerFactory.getLogger(JWTSecret.class);
|
||||
|
||||
/**
|
||||
* The interval of time expressed in milliseconds used as guard to refresh the token before that it expires .
|
||||
* TimeUnit has been used to in place of just
|
||||
* using the number to have a clearer code
|
||||
*/
|
||||
public static final long TOLERANCE = TimeUnit.MILLISECONDS.toMillis(200);
|
||||
|
||||
private String accessToken;
|
||||
|
||||
private String encodedAccessToken;
|
||||
|
||||
private Owner owner;
|
||||
private String context;
|
||||
private UmaTokenSecret umaTokenSecret;
|
||||
|
||||
private AccessToken accessToken;
|
||||
protected boolean initialised = false;
|
||||
|
||||
private boolean initialised = false;
|
||||
public AccessTokenSecret(String accessToken, String context) {
|
||||
this.accessToken = accessToken;
|
||||
this.context = context;
|
||||
init();
|
||||
}
|
||||
|
||||
public AccessTokenSecret(String encodedAccessToken) {
|
||||
this.encodedAccessToken = encodedAccessToken;
|
||||
private synchronized void init() {
|
||||
try {
|
||||
KeycloakClient client = KeycloakClientFactory.newInstance();
|
||||
TokenResponse tokenResponse = client.queryUMAToken(context, "Bearer "+accessToken, context, null);
|
||||
this.umaTokenSecret = new UmaTokenSecret(tokenResponse.getAccessToken());
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
}
|
||||
|
||||
private synchronized void refreshAccessToken() {
|
||||
try {
|
||||
KeycloakClient client = KeycloakClientFactory.newInstance();
|
||||
TokenResponse tokenResponse = client.queryUMAToken(context, "Bearer "+accessToken, context, null);
|
||||
this.umaTokenSecret = new UmaTokenSecret(tokenResponse.getAccessToken());
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public Owner getOwner() {
|
||||
init();
|
||||
return this.owner;
|
||||
return this.umaTokenSecret.getOwner();
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getContext() {
|
||||
init();
|
||||
return this.context;
|
||||
if (this.umaTokenSecret.isExpired())
|
||||
refreshAccessToken();
|
||||
return this.umaTokenSecret.getContext();
|
||||
}
|
||||
|
||||
@Override
|
||||
public Map<String, String> getHTTPAuthorizationHeaders() {
|
||||
Map<String, String> authorizationHeaders = new HashMap<>();
|
||||
authorizationHeaders.put(AUTH_HEADER, "Bearer " + this.encodedAccessToken);
|
||||
String encodedUser = Base64.getEncoder().encodeToString(this.getOwner().getId().getBytes());
|
||||
authorizationHeaders.put(USER_HEADER, encodedUser);
|
||||
return authorizationHeaders;
|
||||
|
||||
if (this.umaTokenSecret.isExpired())
|
||||
refreshAccessToken();
|
||||
return this.umaTokenSecret.getHTTPAuthorizationHeaders();
|
||||
}
|
||||
|
||||
protected String getEncodedAccessToken() {
|
||||
return encodedAccessToken;
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public boolean isExpired() {
|
||||
init();
|
||||
return accessToken.isExpired();
|
||||
return false;
|
||||
}
|
||||
|
||||
private synchronized void init() {
|
||||
if (!initialised)
|
||||
try {
|
||||
|
||||
String realAccessTokenEncoded = encodedAccessToken.split("\\.")[1];
|
||||
|
||||
String decodedAccessPart = new String(Base64.getDecoder().decode(realAccessTokenEncoded.getBytes()));
|
||||
|
||||
ObjectMapper objectMapper = new ObjectMapper();
|
||||
GCubeJWTObject obj = objectMapper.readValue(decodedAccessPart, GCubeJWTObject.class);
|
||||
owner = new Owner(obj.getUsername(), obj.getRoles(), obj.getEmail(), obj.getFirstName(), obj.getLastName(), obj.isExternalService());
|
||||
owner.setClientName(obj.getClientName());
|
||||
owner.setContactOrganisation(obj.getContactOrganisation());
|
||||
owner.setClientName(obj.getClientName());
|
||||
context = obj.getContext();
|
||||
|
||||
this.accessToken = objectMapper.readValue(decodedAccessPart, AccessToken.class);
|
||||
|
||||
initialised = true;
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
|
@ -14,7 +14,7 @@ public class CredentialSecret extends Secret {
|
|||
private String username;
|
||||
private String password;
|
||||
private String context;
|
||||
private AccessTokenSecret accessTokenSecret;
|
||||
private UmaTokenSecret accessTokenSecret;
|
||||
|
||||
|
||||
public CredentialSecret(String username, String password, String context) {
|
||||
|
|
@ -32,7 +32,7 @@ public class CredentialSecret extends Secret {
|
|||
try {
|
||||
KeycloakClient client = KeycloakClientFactory.newInstance();
|
||||
TokenResponse response = client.queryUMAToken(context, username, password, context, null);
|
||||
this.accessTokenSecret = new AccessTokenSecret(response.getAccessToken());
|
||||
this.accessTokenSecret = new UmaTokenSecret(response.getAccessToken());
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,83 +0,0 @@
|
|||
package org.gcube.common.security.secrets;
|
||||
|
||||
import java.util.Map;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
|
||||
import org.gcube.common.keycloak.KeycloakClient;
|
||||
import org.gcube.common.keycloak.KeycloakClientFactory;
|
||||
import org.gcube.common.keycloak.model.TokenResponse;
|
||||
import org.gcube.common.security.Owner;
|
||||
|
||||
/**
|
||||
* @author Luca Frosini (ISTI - CNR)
|
||||
*/
|
||||
public class JWTSecret extends Secret {
|
||||
|
||||
//private static final Logger logger = LoggerFactory.getLogger(JWTSecret.class);
|
||||
|
||||
/**
|
||||
* The interval of time expressed in milliseconds used as guard to refresh the token before that it expires .
|
||||
* TimeUnit has been used to in place of just
|
||||
* using the number to have a clearer code
|
||||
*/
|
||||
public static final long TOLERANCE = TimeUnit.MILLISECONDS.toMillis(200);
|
||||
|
||||
private String jwtToken;
|
||||
|
||||
|
||||
private String context;
|
||||
private AccessTokenSecret accessTokenSecret;
|
||||
|
||||
protected boolean initialised = false;
|
||||
|
||||
public JWTSecret(String jwtToken) {
|
||||
this.jwtToken = jwtToken;
|
||||
init();
|
||||
}
|
||||
|
||||
private synchronized void init() {
|
||||
try {
|
||||
KeycloakClient client = KeycloakClientFactory.newInstance();
|
||||
TokenResponse tokenResponse = client.queryUMAToken(context, "Bearer "+jwtToken, context, null);
|
||||
this.accessTokenSecret = new AccessTokenSecret(tokenResponse.getAccessToken());
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
}
|
||||
|
||||
private synchronized void refreshAccessToken() {
|
||||
try {
|
||||
KeycloakClient client = KeycloakClientFactory.newInstance();
|
||||
TokenResponse tokenResponse = client.queryUMAToken(context, "Bearer "+jwtToken, context, null);
|
||||
this.accessTokenSecret = new AccessTokenSecret(tokenResponse.getAccessToken());
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public Owner getOwner() {
|
||||
return this.accessTokenSecret.getOwner();
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getContext() {
|
||||
if (this.accessTokenSecret.isExpired())
|
||||
refreshAccessToken();
|
||||
return this.accessTokenSecret.getContext();
|
||||
}
|
||||
|
||||
@Override
|
||||
public Map<String, String> getHTTPAuthorizationHeaders() {
|
||||
if (this.accessTokenSecret.isExpired())
|
||||
refreshAccessToken();
|
||||
return this.accessTokenSecret.getHTTPAuthorizationHeaders();
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isExpired() {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
|
@ -0,0 +1,87 @@
|
|||
package org.gcube.common.security.secrets;
|
||||
|
||||
import java.util.Base64;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
import org.gcube.com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import org.gcube.common.keycloak.model.AccessToken;
|
||||
import org.gcube.common.security.Owner;
|
||||
|
||||
public class UmaTokenSecret extends Secret {
|
||||
|
||||
private static final String AUTH_HEADER = "Authorization";
|
||||
private static final String USER_HEADER = "d4s-user";
|
||||
|
||||
private String encodedUmaToken;
|
||||
|
||||
private Owner owner;
|
||||
private String context;
|
||||
|
||||
private AccessToken accessToken;
|
||||
|
||||
private boolean initialised = false;
|
||||
|
||||
public UmaTokenSecret(String encodedUmaToken) {
|
||||
this.encodedUmaToken = encodedUmaToken;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Owner getOwner() {
|
||||
init();
|
||||
return this.owner;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getContext() {
|
||||
init();
|
||||
return this.context;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Map<String, String> getHTTPAuthorizationHeaders() {
|
||||
Map<String, String> authorizationHeaders = new HashMap<>();
|
||||
authorizationHeaders.put(AUTH_HEADER, "Bearer " + this.encodedUmaToken);
|
||||
String encodedUser = Base64.getEncoder().encodeToString(this.getOwner().getId().getBytes());
|
||||
authorizationHeaders.put(USER_HEADER, encodedUser);
|
||||
return authorizationHeaders;
|
||||
|
||||
}
|
||||
|
||||
protected String getEncodedUmaToken() {
|
||||
return encodedUmaToken;
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public boolean isExpired() {
|
||||
init();
|
||||
return accessToken.isExpired();
|
||||
}
|
||||
|
||||
private synchronized void init() {
|
||||
if (!initialised)
|
||||
try {
|
||||
|
||||
String realAccessTokenEncoded = encodedUmaToken.split("\\.")[1];
|
||||
|
||||
String decodedAccessPart = new String(Base64.getDecoder().decode(realAccessTokenEncoded.getBytes()));
|
||||
|
||||
ObjectMapper objectMapper = new ObjectMapper();
|
||||
GCubeJWTObject obj = objectMapper.readValue(decodedAccessPart, GCubeJWTObject.class);
|
||||
owner = new Owner(obj.getUsername(), obj.getRoles(), obj.getEmail(), obj.getFirstName(), obj.getLastName(), obj.isExternalService());
|
||||
owner.setClientName(obj.getClientName());
|
||||
owner.setContactOrganisation(obj.getContactOrganisation());
|
||||
owner.setClientName(obj.getClientName());
|
||||
context = obj.getContext();
|
||||
|
||||
this.accessToken = objectMapper.readValue(decodedAccessPart, AccessToken.class);
|
||||
|
||||
initialised = true;
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
package org.gcube.common.security.secrets;
|
||||
|
||||
public class TestSecrets {
|
||||
/*
|
||||
public void test(){
|
||||
new JWTSecret(jwtToken):
|
||||
new UmaTokenSecret(encodedAccessToken);
|
||||
new CredentialSecret(username, password, context);
|
||||
new GCubeSecret(gcubeToken);
|
||||
|
||||
SecretManagerProvider.instance.set(secret);
|
||||
}
|
||||
*/
|
||||
}
|
||||
Loading…
Reference in New Issue