name updated
This commit is contained in:
parent
d4a10105c3
commit
335a9454fa
|
|
@ -1,88 +1,84 @@
|
||||||
package org.gcube.common.security.secrets;
|
package org.gcube.common.security.secrets;
|
||||||
|
|
||||||
import java.util.Base64;
|
|
||||||
import java.util.HashMap;
|
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
import java.util.concurrent.TimeUnit;
|
||||||
|
|
||||||
import org.gcube.com.fasterxml.jackson.databind.ObjectMapper;
|
import org.gcube.common.keycloak.KeycloakClient;
|
||||||
import org.gcube.common.keycloak.model.AccessToken;
|
import org.gcube.common.keycloak.KeycloakClientFactory;
|
||||||
|
import org.gcube.common.keycloak.model.TokenResponse;
|
||||||
import org.gcube.common.security.Owner;
|
import org.gcube.common.security.Owner;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author Luca Frosini (ISTI - CNR)
|
||||||
|
*/
|
||||||
public class AccessTokenSecret extends Secret {
|
public class AccessTokenSecret extends Secret {
|
||||||
|
|
||||||
private static final String AUTH_HEADER = "Authorization";
|
//private static final Logger logger = LoggerFactory.getLogger(JWTSecret.class);
|
||||||
private static final String USER_HEADER = "d4s-user";
|
|
||||||
|
/**
|
||||||
|
* The interval of time expressed in milliseconds used as guard to refresh the token before that it expires .
|
||||||
|
* TimeUnit has been used to in place of just
|
||||||
|
* using the number to have a clearer code
|
||||||
|
*/
|
||||||
|
public static final long TOLERANCE = TimeUnit.MILLISECONDS.toMillis(200);
|
||||||
|
|
||||||
|
private String accessToken;
|
||||||
|
|
||||||
private String encodedAccessToken;
|
|
||||||
|
|
||||||
private Owner owner;
|
|
||||||
private String context;
|
private String context;
|
||||||
|
private UmaTokenSecret umaTokenSecret;
|
||||||
|
|
||||||
private AccessToken accessToken;
|
protected boolean initialised = false;
|
||||||
|
|
||||||
private boolean initialised = false;
|
public AccessTokenSecret(String accessToken, String context) {
|
||||||
|
this.accessToken = accessToken;
|
||||||
|
this.context = context;
|
||||||
|
init();
|
||||||
|
}
|
||||||
|
|
||||||
public AccessTokenSecret(String encodedAccessToken) {
|
private synchronized void init() {
|
||||||
this.encodedAccessToken = encodedAccessToken;
|
try {
|
||||||
|
KeycloakClient client = KeycloakClientFactory.newInstance();
|
||||||
|
TokenResponse tokenResponse = client.queryUMAToken(context, "Bearer "+accessToken, context, null);
|
||||||
|
this.umaTokenSecret = new UmaTokenSecret(tokenResponse.getAccessToken());
|
||||||
|
} catch (Exception e) {
|
||||||
|
throw new RuntimeException(e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private synchronized void refreshAccessToken() {
|
||||||
|
try {
|
||||||
|
KeycloakClient client = KeycloakClientFactory.newInstance();
|
||||||
|
TokenResponse tokenResponse = client.queryUMAToken(context, "Bearer "+accessToken, context, null);
|
||||||
|
this.umaTokenSecret = new UmaTokenSecret(tokenResponse.getAccessToken());
|
||||||
|
} catch (Exception e) {
|
||||||
|
throw new RuntimeException(e);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Owner getOwner() {
|
public Owner getOwner() {
|
||||||
init();
|
return this.umaTokenSecret.getOwner();
|
||||||
return this.owner;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public String getContext() {
|
public String getContext() {
|
||||||
init();
|
if (this.umaTokenSecret.isExpired())
|
||||||
return this.context;
|
refreshAccessToken();
|
||||||
|
return this.umaTokenSecret.getContext();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Map<String, String> getHTTPAuthorizationHeaders() {
|
public Map<String, String> getHTTPAuthorizationHeaders() {
|
||||||
Map<String, String> authorizationHeaders = new HashMap<>();
|
if (this.umaTokenSecret.isExpired())
|
||||||
authorizationHeaders.put(AUTH_HEADER, "Bearer " + this.encodedAccessToken);
|
refreshAccessToken();
|
||||||
String encodedUser = Base64.getEncoder().encodeToString(this.getOwner().getId().getBytes());
|
return this.umaTokenSecret.getHTTPAuthorizationHeaders();
|
||||||
authorizationHeaders.put(USER_HEADER, encodedUser);
|
|
||||||
return authorizationHeaders;
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
protected String getEncodedAccessToken() {
|
|
||||||
return encodedAccessToken;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean isExpired() {
|
public boolean isExpired() {
|
||||||
init();
|
return false;
|
||||||
return accessToken.isExpired();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private synchronized void init() {
|
|
||||||
if (!initialised)
|
|
||||||
try {
|
|
||||||
|
|
||||||
String realAccessTokenEncoded = encodedAccessToken.split("\\.")[1];
|
}
|
||||||
|
|
||||||
String decodedAccessPart = new String(Base64.getDecoder().decode(realAccessTokenEncoded.getBytes()));
|
|
||||||
|
|
||||||
ObjectMapper objectMapper = new ObjectMapper();
|
|
||||||
GCubeJWTObject obj = objectMapper.readValue(decodedAccessPart, GCubeJWTObject.class);
|
|
||||||
owner = new Owner(obj.getUsername(), obj.getRoles(), obj.getEmail(), obj.getFirstName(), obj.getLastName(), obj.isExternalService());
|
|
||||||
owner.setClientName(obj.getClientName());
|
|
||||||
owner.setContactOrganisation(obj.getContactOrganisation());
|
|
||||||
owner.setClientName(obj.getClientName());
|
|
||||||
context = obj.getContext();
|
|
||||||
|
|
||||||
this.accessToken = objectMapper.readValue(decodedAccessPart, AccessToken.class);
|
|
||||||
|
|
||||||
initialised = true;
|
|
||||||
} catch (Exception e) {
|
|
||||||
throw new RuntimeException(e);
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
@ -14,7 +14,7 @@ public class CredentialSecret extends Secret {
|
||||||
private String username;
|
private String username;
|
||||||
private String password;
|
private String password;
|
||||||
private String context;
|
private String context;
|
||||||
private AccessTokenSecret accessTokenSecret;
|
private UmaTokenSecret accessTokenSecret;
|
||||||
|
|
||||||
|
|
||||||
public CredentialSecret(String username, String password, String context) {
|
public CredentialSecret(String username, String password, String context) {
|
||||||
|
|
@ -32,7 +32,7 @@ public class CredentialSecret extends Secret {
|
||||||
try {
|
try {
|
||||||
KeycloakClient client = KeycloakClientFactory.newInstance();
|
KeycloakClient client = KeycloakClientFactory.newInstance();
|
||||||
TokenResponse response = client.queryUMAToken(context, username, password, context, null);
|
TokenResponse response = client.queryUMAToken(context, username, password, context, null);
|
||||||
this.accessTokenSecret = new AccessTokenSecret(response.getAccessToken());
|
this.accessTokenSecret = new UmaTokenSecret(response.getAccessToken());
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
throw new RuntimeException(e);
|
throw new RuntimeException(e);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,83 +0,0 @@
|
||||||
package org.gcube.common.security.secrets;
|
|
||||||
|
|
||||||
import java.util.Map;
|
|
||||||
import java.util.concurrent.TimeUnit;
|
|
||||||
|
|
||||||
import org.gcube.common.keycloak.KeycloakClient;
|
|
||||||
import org.gcube.common.keycloak.KeycloakClientFactory;
|
|
||||||
import org.gcube.common.keycloak.model.TokenResponse;
|
|
||||||
import org.gcube.common.security.Owner;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @author Luca Frosini (ISTI - CNR)
|
|
||||||
*/
|
|
||||||
public class JWTSecret extends Secret {
|
|
||||||
|
|
||||||
//private static final Logger logger = LoggerFactory.getLogger(JWTSecret.class);
|
|
||||||
|
|
||||||
/**
|
|
||||||
* The interval of time expressed in milliseconds used as guard to refresh the token before that it expires .
|
|
||||||
* TimeUnit has been used to in place of just
|
|
||||||
* using the number to have a clearer code
|
|
||||||
*/
|
|
||||||
public static final long TOLERANCE = TimeUnit.MILLISECONDS.toMillis(200);
|
|
||||||
|
|
||||||
private String jwtToken;
|
|
||||||
|
|
||||||
|
|
||||||
private String context;
|
|
||||||
private AccessTokenSecret accessTokenSecret;
|
|
||||||
|
|
||||||
protected boolean initialised = false;
|
|
||||||
|
|
||||||
public JWTSecret(String jwtToken) {
|
|
||||||
this.jwtToken = jwtToken;
|
|
||||||
init();
|
|
||||||
}
|
|
||||||
|
|
||||||
private synchronized void init() {
|
|
||||||
try {
|
|
||||||
KeycloakClient client = KeycloakClientFactory.newInstance();
|
|
||||||
TokenResponse tokenResponse = client.queryUMAToken(context, "Bearer "+jwtToken, context, null);
|
|
||||||
this.accessTokenSecret = new AccessTokenSecret(tokenResponse.getAccessToken());
|
|
||||||
} catch (Exception e) {
|
|
||||||
throw new RuntimeException(e);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private synchronized void refreshAccessToken() {
|
|
||||||
try {
|
|
||||||
KeycloakClient client = KeycloakClientFactory.newInstance();
|
|
||||||
TokenResponse tokenResponse = client.queryUMAToken(context, "Bearer "+jwtToken, context, null);
|
|
||||||
this.accessTokenSecret = new AccessTokenSecret(tokenResponse.getAccessToken());
|
|
||||||
} catch (Exception e) {
|
|
||||||
throw new RuntimeException(e);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public Owner getOwner() {
|
|
||||||
return this.accessTokenSecret.getOwner();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public String getContext() {
|
|
||||||
if (this.accessTokenSecret.isExpired())
|
|
||||||
refreshAccessToken();
|
|
||||||
return this.accessTokenSecret.getContext();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public Map<String, String> getHTTPAuthorizationHeaders() {
|
|
||||||
if (this.accessTokenSecret.isExpired())
|
|
||||||
refreshAccessToken();
|
|
||||||
return this.accessTokenSecret.getHTTPAuthorizationHeaders();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public boolean isExpired() {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
@ -0,0 +1,87 @@
|
||||||
|
package org.gcube.common.security.secrets;
|
||||||
|
|
||||||
|
import java.util.Base64;
|
||||||
|
import java.util.HashMap;
|
||||||
|
import java.util.Map;
|
||||||
|
|
||||||
|
import org.gcube.com.fasterxml.jackson.databind.ObjectMapper;
|
||||||
|
import org.gcube.common.keycloak.model.AccessToken;
|
||||||
|
import org.gcube.common.security.Owner;
|
||||||
|
|
||||||
|
public class UmaTokenSecret extends Secret {
|
||||||
|
|
||||||
|
private static final String AUTH_HEADER = "Authorization";
|
||||||
|
private static final String USER_HEADER = "d4s-user";
|
||||||
|
|
||||||
|
private String encodedUmaToken;
|
||||||
|
|
||||||
|
private Owner owner;
|
||||||
|
private String context;
|
||||||
|
|
||||||
|
private AccessToken accessToken;
|
||||||
|
|
||||||
|
private boolean initialised = false;
|
||||||
|
|
||||||
|
public UmaTokenSecret(String encodedUmaToken) {
|
||||||
|
this.encodedUmaToken = encodedUmaToken;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Owner getOwner() {
|
||||||
|
init();
|
||||||
|
return this.owner;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String getContext() {
|
||||||
|
init();
|
||||||
|
return this.context;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Map<String, String> getHTTPAuthorizationHeaders() {
|
||||||
|
Map<String, String> authorizationHeaders = new HashMap<>();
|
||||||
|
authorizationHeaders.put(AUTH_HEADER, "Bearer " + this.encodedUmaToken);
|
||||||
|
String encodedUser = Base64.getEncoder().encodeToString(this.getOwner().getId().getBytes());
|
||||||
|
authorizationHeaders.put(USER_HEADER, encodedUser);
|
||||||
|
return authorizationHeaders;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
protected String getEncodedUmaToken() {
|
||||||
|
return encodedUmaToken;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean isExpired() {
|
||||||
|
init();
|
||||||
|
return accessToken.isExpired();
|
||||||
|
}
|
||||||
|
|
||||||
|
private synchronized void init() {
|
||||||
|
if (!initialised)
|
||||||
|
try {
|
||||||
|
|
||||||
|
String realAccessTokenEncoded = encodedUmaToken.split("\\.")[1];
|
||||||
|
|
||||||
|
String decodedAccessPart = new String(Base64.getDecoder().decode(realAccessTokenEncoded.getBytes()));
|
||||||
|
|
||||||
|
ObjectMapper objectMapper = new ObjectMapper();
|
||||||
|
GCubeJWTObject obj = objectMapper.readValue(decodedAccessPart, GCubeJWTObject.class);
|
||||||
|
owner = new Owner(obj.getUsername(), obj.getRoles(), obj.getEmail(), obj.getFirstName(), obj.getLastName(), obj.isExternalService());
|
||||||
|
owner.setClientName(obj.getClientName());
|
||||||
|
owner.setContactOrganisation(obj.getContactOrganisation());
|
||||||
|
owner.setClientName(obj.getClientName());
|
||||||
|
context = obj.getContext();
|
||||||
|
|
||||||
|
this.accessToken = objectMapper.readValue(decodedAccessPart, AccessToken.class);
|
||||||
|
|
||||||
|
initialised = true;
|
||||||
|
} catch (Exception e) {
|
||||||
|
throw new RuntimeException(e);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1,14 @@
|
||||||
|
package org.gcube.common.security.secrets;
|
||||||
|
|
||||||
|
public class TestSecrets {
|
||||||
|
/*
|
||||||
|
public void test(){
|
||||||
|
new JWTSecret(jwtToken):
|
||||||
|
new UmaTokenSecret(encodedAccessToken);
|
||||||
|
new CredentialSecret(username, password, context);
|
||||||
|
new GCubeSecret(gcubeToken);
|
||||||
|
|
||||||
|
SecretManagerProvider.instance.set(secret);
|
||||||
|
}
|
||||||
|
*/
|
||||||
|
}
|
||||||
Loading…
Reference in New Issue