diff --git a/.classpath b/.classpath
new file mode 100644
index 0000000..002ad57
--- /dev/null
+++ b/.classpath
@@ -0,0 +1,38 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..b83d222
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+/target/
diff --git a/.project b/.project
new file mode 100644
index 0000000..9910cba
--- /dev/null
+++ b/.project
@@ -0,0 +1,23 @@
+
+
+ gcube-secrets
+
+
+
+
+
+ org.eclipse.jdt.core.javabuilder
+
+
+
+
+ org.eclipse.m2e.core.maven2Builder
+
+
+
+
+
+ org.eclipse.jdt.core.javanature
+ org.eclipse.m2e.core.maven2Nature
+
+
diff --git a/.settings/org.eclipse.core.resources.prefs b/.settings/org.eclipse.core.resources.prefs
new file mode 100644
index 0000000..29abf99
--- /dev/null
+++ b/.settings/org.eclipse.core.resources.prefs
@@ -0,0 +1,6 @@
+eclipse.preferences.version=1
+encoding//src/main/java=UTF-8
+encoding//src/main/resources=UTF-8
+encoding//src/test/java=UTF-8
+encoding//src/test/resources=UTF-8
+encoding/=UTF-8
diff --git a/.settings/org.eclipse.jdt.core.prefs b/.settings/org.eclipse.jdt.core.prefs
new file mode 100644
index 0000000..2f5cc74
--- /dev/null
+++ b/.settings/org.eclipse.jdt.core.prefs
@@ -0,0 +1,8 @@
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.8
+org.eclipse.jdt.core.compiler.compliance=1.8
+org.eclipse.jdt.core.compiler.problem.enablePreviewFeatures=disabled
+org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
+org.eclipse.jdt.core.compiler.problem.reportPreviewFeatures=ignore
+org.eclipse.jdt.core.compiler.release=disabled
+org.eclipse.jdt.core.compiler.source=1.8
diff --git a/.settings/org.eclipse.m2e.core.prefs b/.settings/org.eclipse.m2e.core.prefs
new file mode 100644
index 0000000..f897a7f
--- /dev/null
+++ b/.settings/org.eclipse.m2e.core.prefs
@@ -0,0 +1,4 @@
+activeProfiles=
+eclipse.preferences.version=1
+resolveWorkspaceProjects=true
+version=1
diff --git a/pom.xml b/pom.xml
index 56525b9..ec5bc72 100644
--- a/pom.xml
+++ b/pom.xml
@@ -34,10 +34,18 @@
org.gcube.common
keycloak-client
+
+ org.gcube.common
+ keycloak-client-legacy-is
+
org.gcube.common
common-security
+
+ org.gcube.common
+ authorization-client
+
\ No newline at end of file
diff --git a/src/main/java/org/gcube/common/security/secrets/AccessTokenSecret.java b/src/main/java/org/gcube/common/security/secrets/AccessTokenSecret.java
index d8f05e0..a22e0c4 100644
--- a/src/main/java/org/gcube/common/security/secrets/AccessTokenSecret.java
+++ b/src/main/java/org/gcube/common/security/secrets/AccessTokenSecret.java
@@ -5,20 +5,23 @@ import java.util.HashMap;
import java.util.Map;
import org.gcube.com.fasterxml.jackson.databind.ObjectMapper;
+import org.gcube.common.keycloak.model.AccessToken;
import org.gcube.common.security.Owner;
public class AccessTokenSecret extends Secret {
-
+
private String encodedAccessToken;
- protected Owner owner;
- protected String context;
+ private Owner owner;
+ private String context;
+ private AccessToken accessToken;
private boolean initialised = false;
public AccessTokenSecret(String encodedAccessToken) {
this.encodedAccessToken = encodedAccessToken;
+
}
@Override
@@ -36,7 +39,7 @@ public class AccessTokenSecret extends Secret {
@Override
public Map getHTTPAuthorizationHeaders() {
Map authorizationHeaders = new HashMap<>();
- authorizationHeaders.put("Authorization", "Bearer " + this.encodedAccessToken.getBytes());
+ authorizationHeaders.put("Authorization", "Bearer " + this.encodedAccessToken);
return authorizationHeaders;
}
@@ -44,10 +47,12 @@ public class AccessTokenSecret extends Secret {
protected String getEncodedAccessToken() {
return encodedAccessToken;
}
-
+
+
@Override
public boolean isExpired() {
- return false;
+ init();
+ return accessToken.isExpired();
}
@Override
@@ -69,7 +74,10 @@ public class AccessTokenSecret extends Secret {
owner.setClientName(obj.getClientName());
owner.setContactOrganisation(obj.getContactOrganisation());
owner.setClientName(obj.getClientName());
- context = obj.getContext();
+ context = obj.getContext();
+
+ this.accessToken = objectMapper.readValue(decodedAccessPart, AccessToken.class);
+
initialised = true;
} catch (Exception e) {
throw new RuntimeException(e);
diff --git a/src/main/java/org/gcube/common/security/secrets/CredentialSecret.java b/src/main/java/org/gcube/common/security/secrets/CredentialSecret.java
new file mode 100644
index 0000000..09702f8
--- /dev/null
+++ b/src/main/java/org/gcube/common/security/secrets/CredentialSecret.java
@@ -0,0 +1,71 @@
+package org.gcube.common.security.secrets;
+
+import java.util.Map;
+
+import org.gcube.common.keycloak.KeycloakClientLegacyIS;
+import org.gcube.common.keycloak.KeycloakClientLegacyISFactory;
+import org.gcube.common.keycloak.model.TokenResponse;
+import org.gcube.common.security.Owner;
+
+public class CredentialSecret extends Secret {
+
+ protected boolean initialised = false;
+
+ private String username;
+ private String password;
+ private String context;
+ private AccessTokenSecret accessTokenSecret;
+
+
+ public CredentialSecret(String username, String password, String context) {
+ this.username = username;
+ this.password = password;
+ this.context = context;
+ init();
+ }
+
+ private void init() {
+ refreshAccessToken();
+ }
+
+ private void refreshAccessToken() {
+ try {
+ KeycloakClientLegacyIS client = KeycloakClientLegacyISFactory.newInstance();
+ TokenResponse response = client.queryUMAToken(username, password, context, null);
+ this.accessTokenSecret = new AccessTokenSecret(response.getAccessToken());
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ @Override
+ public Owner getOwner() {
+ return this.accessTokenSecret.getOwner();
+ }
+
+ @Override
+ public String getContext() {
+ if (this.accessTokenSecret.isExpired())
+ refreshAccessToken();
+ return this.accessTokenSecret.getContext();
+ }
+
+ @Override
+ public Map getHTTPAuthorizationHeaders() {
+ if (this.accessTokenSecret.isExpired())
+ refreshAccessToken();
+ return this.accessTokenSecret.getHTTPAuthorizationHeaders();
+ }
+
+ @Override
+ public boolean isExpired() {
+ return false;
+ }
+
+
+ @Override
+ public boolean isRefreshable() {
+ return false;
+ }
+
+}