added isValid to secrets
This commit is contained in:
parent
85637986d6
commit
683699aaa3
7
pom.xml
7
pom.xml
|
@ -47,6 +47,13 @@
|
||||||
<groupId>org.gcube.common</groupId>
|
<groupId>org.gcube.common</groupId>
|
||||||
<artifactId>keycloak-client</artifactId>
|
<artifactId>keycloak-client</artifactId>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
<!-- https://mvnrepository.com/artifact/com.auth0/java-jwt -->
|
||||||
|
<dependency>
|
||||||
|
<groupId>com.auth0</groupId>
|
||||||
|
<artifactId>java-jwt</artifactId>
|
||||||
|
<version>4.4.0</version>
|
||||||
|
</dependency>
|
||||||
|
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.gcube.common</groupId>
|
<groupId>org.gcube.common</groupId>
|
||||||
<artifactId>common-security</artifactId>
|
<artifactId>common-security</artifactId>
|
||||||
|
|
|
@ -76,9 +76,10 @@ public class AccessTokenSecret extends Secret {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean isExpired() {
|
public boolean isValid() {
|
||||||
return false;
|
if (this.umaTokenSecret.isExpired())
|
||||||
|
refreshAccessToken();
|
||||||
|
return this.umaTokenSecret.isValid();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
|
@ -58,7 +58,7 @@ public class CredentialSecret extends Secret {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean isExpired() {
|
public boolean isValid() {
|
||||||
return false;
|
return this.accessTokenSecret.isValid();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -52,6 +52,10 @@ public class GCubeJWTObject {
|
||||||
@JsonProperty("email")
|
@JsonProperty("email")
|
||||||
private String email;
|
private String email;
|
||||||
|
|
||||||
|
@JsonProperty("exp")
|
||||||
|
private long expirationTime;
|
||||||
|
|
||||||
|
|
||||||
public List<String> getRoles(){
|
public List<String> getRoles(){
|
||||||
return contextAccess.get(this.context) == null ? MINIMAL_ROLES : contextAccess.get(this.context).roles;
|
return contextAccess.get(this.context) == null ? MINIMAL_ROLES : contextAccess.get(this.context).roles;
|
||||||
}
|
}
|
||||||
|
@ -84,6 +88,11 @@ public class GCubeJWTObject {
|
||||||
public String getEmail() {
|
public String getEmail() {
|
||||||
return email;
|
return email;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public long getExpirationTime() {
|
||||||
|
return expirationTime;
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public String toString() {
|
public String toString() {
|
||||||
return "GcubeJwt [context=" + getContext() + ", roles=" + getRoles() + ", username=" + username
|
return "GcubeJwt [context=" + getContext() + ", roles=" + getRoles() + ", username=" + username
|
||||||
|
|
|
@ -22,10 +22,6 @@ public class GCubeSecret extends Secret {
|
||||||
private String context;
|
private String context;
|
||||||
|
|
||||||
public GCubeSecret(String gcubeToken) {
|
public GCubeSecret(String gcubeToken) {
|
||||||
if( gcubeToken == null || gcubeToken.isEmpty())
|
|
||||||
throw new IllegalArgumentException("Invalid token: is null or empty");
|
|
||||||
if(!Pattern.matches(GCUBE_TOKEN_REGEX, gcubeToken))
|
|
||||||
throw new IllegalArgumentException("Invalid token: the gCube token must comply with the regex " + GCUBE_TOKEN_REGEX);
|
|
||||||
this.gcubeToken = gcubeToken;
|
this.gcubeToken = gcubeToken;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -38,6 +34,8 @@ public class GCubeSecret extends Secret {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Owner getOwner() {
|
public Owner getOwner() {
|
||||||
if (Objects.isNull(owner))
|
if (Objects.isNull(owner))
|
||||||
|
@ -70,8 +68,8 @@ public class GCubeSecret extends Secret {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean isExpired() {
|
public boolean isValid() {
|
||||||
return false;
|
return gcubeToken != null && !gcubeToken.isEmpty() && Pattern.matches(GCUBE_TOKEN_REGEX, gcubeToken);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,11 +5,19 @@ import java.util.HashMap;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
|
||||||
import org.gcube.com.fasterxml.jackson.databind.ObjectMapper;
|
import org.gcube.com.fasterxml.jackson.databind.ObjectMapper;
|
||||||
|
import org.gcube.common.keycloak.KeycloakClient;
|
||||||
|
import org.gcube.common.keycloak.KeycloakClientFactory;
|
||||||
import org.gcube.common.keycloak.model.AccessToken;
|
import org.gcube.common.keycloak.model.AccessToken;
|
||||||
|
import org.gcube.common.keycloak.model.ModelUtils;
|
||||||
|
import org.gcube.common.keycloak.model.PublishedRealmRepresentation;
|
||||||
import org.gcube.common.security.Owner;
|
import org.gcube.common.security.Owner;
|
||||||
|
import org.slf4j.Logger;
|
||||||
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
public class UmaTokenSecret extends Secret {
|
public class UmaTokenSecret extends Secret {
|
||||||
|
|
||||||
|
private static final Logger log = LoggerFactory.getLogger(UmaTokenSecret.class);
|
||||||
|
|
||||||
private static final String AUTH_HEADER = "Authorization";
|
private static final String AUTH_HEADER = "Authorization";
|
||||||
private static final String USER_HEADER = "d4s-user";
|
private static final String USER_HEADER = "d4s-user";
|
||||||
|
|
||||||
|
@ -52,8 +60,6 @@ public class UmaTokenSecret extends Secret {
|
||||||
return encodedUmaToken;
|
return encodedUmaToken;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public boolean isExpired() {
|
public boolean isExpired() {
|
||||||
init();
|
init();
|
||||||
return accessToken.isExpired();
|
return accessToken.isExpired();
|
||||||
|
@ -71,14 +77,13 @@ public class UmaTokenSecret extends Secret {
|
||||||
|
|
||||||
this.accessToken = objectMapper.readValue(decodedAccessPart, AccessToken.class);
|
this.accessToken = objectMapper.readValue(decodedAccessPart, AccessToken.class);
|
||||||
GCubeJWTObject obj = objectMapper.readValue(decodedAccessPart, GCubeJWTObject.class);
|
GCubeJWTObject obj = objectMapper.readValue(decodedAccessPart, GCubeJWTObject.class);
|
||||||
owner = new Owner(obj.getUsername(), obj.getRoles(), obj.getEmail(), obj.getFirstName(), obj.getLastName(), obj.isExternalService(), obj.isApplication());
|
owner = new Owner(obj.getUsername(), obj.getRoles(), obj.getEmail(), obj.getFirstName(),
|
||||||
|
obj.getLastName(), obj.isExternalService(), obj.isApplication());
|
||||||
owner.setClientName(obj.getClientName());
|
owner.setClientName(obj.getClientName());
|
||||||
owner.setContactOrganisation(obj.getContactOrganisation());
|
owner.setContactOrganisation(obj.getContactOrganisation());
|
||||||
owner.setClientName(obj.getClientName());
|
owner.setClientName(obj.getClientName());
|
||||||
context = obj.getContext();
|
context = obj.getContext();
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
initialised = true;
|
initialised = true;
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
throw new RuntimeException(e);
|
throw new RuntimeException(e);
|
||||||
|
@ -86,4 +91,18 @@ public class UmaTokenSecret extends Secret {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean isValid() {
|
||||||
|
init();
|
||||||
|
try {
|
||||||
|
KeycloakClient client = KeycloakClientFactory.newInstance();
|
||||||
|
PublishedRealmRepresentation realmInfo = client.getRealmInfo(client.getRealmBaseURL(context));
|
||||||
|
return ModelUtils.isValid(encodedUmaToken, realmInfo.getPublicKey());
|
||||||
|
}catch (Exception e) {
|
||||||
|
log.error("Error contacting keycloak, is not possible to check token validity",e);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue