#22042 Implemented the public access

This commit is contained in:
Francesco Mangiacrapa 2021-09-23 18:18:02 +02:00
parent eba361389e
commit 85230de9bb
21 changed files with 818 additions and 293 deletions

View File

@ -12,6 +12,7 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
[#20595] Porting and using the model view provided by geoportal-common
[#21946] Show layers of a concessione automatically on map according to zoom level
[#21976] Access policies checked on server-side
[#22042] Implemented the public access
## [v1.2.0-SNAPSHOT] - 2021-07-19

View File

@ -179,6 +179,11 @@
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.gcube.common</groupId>
<artifactId>keycloak-client</artifactId>
<version>[1.0.0-SNAPSHOT, 2.0.0-SNAPSHOT)</version>
</dependency>
<dependency>
<groupId>com.liferay.portal</groupId>
<artifactId>portal-service</artifactId>

View File

@ -1,20 +1,20 @@
package org.gcube.portlets.user.geoportaldataviewer.server;
/**
* The Class ApplicationProfileException.
*
* @author Francesco Mangiacrapa francesco.mangiacrapa{@literal @}isti.cnr.it
* Sep 6, 2016
*/
@SuppressWarnings("serial")
public class ApplicationProfileNotFoundException extends Exception {
/**
* Instantiates a new application profile exception.
*
* @param message the message
*/
public ApplicationProfileNotFoundException(String message) {
super(message);
}
}
//package org.gcube.portlets.user.geoportaldataviewer.server;
//
///**
// * The Class ApplicationProfileException.
// *
// * @author Francesco Mangiacrapa francesco.mangiacrapa{@literal @}isti.cnr.it
// * Sep 6, 2016
// */
//@SuppressWarnings("serial")
//public class ApplicationProfileNotFoundException extends Exception {
//
// /**
// * Instantiates a new application profile exception.
// *
// * @param message the message
// */
// public ApplicationProfileNotFoundException(String message) {
// super(message);
// }
//}

View File

@ -1,49 +0,0 @@
package org.gcube.portlets.user.geoportaldataviewer.server;
import static org.gcube.application.geoportal.client.GeoportalAbstractPlugin.statefulMongoConcessioni;
import javax.servlet.http.HttpServletRequest;
import org.gcube.application.geoportal.client.legacy.ConcessioniManagerI;
import org.gcube.application.geoportal.common.model.legacy.Concessione;
import org.gcube.portlets.user.geoportaldataviewer.server.util.SessionUtil;
/**
* The Class ConcessioniMongoService.
*
* @author Francesco Mangiacrapa at ISTI-CNR francesco.mangiacrapa@isti.cnr.it
*
* Sep 9, 2021
*/
public class ConcessioniMongoService {
/**
* Instantiates a new concessioni mongo service, interface for client statefulMongoConcessioni.
*/
public ConcessioniMongoService() {
}
/**
* Gets the item by id.
*
* @param request the request
* @param mongoItemId the mongo item id
* @return the item by id
* @throws Exception the exception
*/
Concessione getItemById(HttpServletRequest request, String mongoItemId) throws Exception{
SessionUtil.getCurrentContext(request, true);
SessionUtil.getCurrentToken(request, true);
//Obtain the client
ConcessioniManagerI concessioniManager = statefulMongoConcessioni().build();
//Returning item by Id
return concessioniManager.getById(mongoItemId);
}
}

View File

@ -0,0 +1,163 @@
//package org.gcube.portlets.user.geoportaldataviewer.server;
//
//import static org.gcube.application.geoportal.client.GeoportalAbstractPlugin.statefulMongoConcessioni;
//
//import javax.servlet.http.HttpServletRequest;
//
//import org.gcube.application.geoportal.client.legacy.ConcessioniManagerI;
//import org.gcube.application.geoportal.common.model.legacy.Concessione;
//import org.gcube.common.authorization.library.provider.AccessTokenProvider;
//import org.gcube.common.keycloak.KeycloakClientFactory;
//import org.gcube.common.keycloak.model.TokenResponse;
//import org.gcube.common.scope.api.ScopeProvider;
//import org.gcube.portlets.user.geoportaldataviewer.server.util.SessionUtil;
//import org.slf4j.Logger;
//import org.slf4j.LoggerFactory;
//
//
///**
// * The Class ConcessioniMongoServiceIdentityProxy.
// *
// * @author Francesco Mangiacrapa at ISTI-CNR francesco.mangiacrapa@isti.cnr.it
// *
// * Sep 23, 2021
// */
//public class ConcessioniMongoService2 {
//
// private static final Logger LOG = LoggerFactory.getLogger(ConcessioniMongoService2.class);
//
// /**
// * Instantiates a new concessioni mongo service, interface for client
// * statefulMongoConcessioni.
// */
// public ConcessioniMongoService2() {
// }
//
// /**
// * Gets the item by id.
// *
// * @param request the request
// * @param mongoItemId the mongo item id
// * @return the item by id
// * @throws Exception the exception
// */
// public Concessione getItemById(HttpServletRequest request, String mongoItemId) throws Exception {
// LOG.info("called getItemById: " + mongoItemId);
// SessionUtil.getCurrentContext(request, true);
// SessionUtil.getCurrentToken(request, true);
// // Obtain the client
// ConcessioniManagerI concessioniManager = statefulMongoConcessioni().build();
// // Returning item by Id
// return concessioniManager.getById(mongoItemId);
// }
//
// /**
// * Gets the item by id.
// *
// * @param request the request
// * @param mongoItemId the mongo item id
// * @return the item by id
// * @throws Exception the exception
// */
// public Concessione getItemById(String mongoItemId) throws Exception {
// LOG.info("called getItemById: " + mongoItemId);
// ConcessioniManagerI concessioniManager = statefulMongoConcessioni().build();
// // Returning item by Id
// return concessioniManager.getById(mongoItemId);
// }
//
// /**
// * Iam client get item by.
// *
// * @param scope the scope
// * @param mongoItemId the mongo item id
// * @param clientId the client id
// * @param clientSecret the secret
// * @return the concessione
// * @throws Exception the exception
// */
// public Concessione iamClientGetItemBy(String scope, String mongoItemId, String clientId, String clientSecret)
// throws Exception {
// LOG.info("called IAM Client getItemById: " + mongoItemId);
//
// ScopeProvider.instance.set(scope);
//
// if (clientId == null) {
// throw new Exception("Invalid parameter 'clientId'");
// }
//
// if (clientSecret == null) {
// throw new Exception("Invalid parameter 'secret'");
// }
//
// String umaAcessToken = null;
// try {
//
// LOG.info("Querying KeycloakClientFactory to get UMA token..");
// TokenResponse tr = KeycloakClientFactory.newInstance().queryUMAToken(clientId, clientSecret, scope, null);
// umaAcessToken = tr.getAccessToken();
// if (umaAcessToken != null && !umaAcessToken.isEmpty()) {
// LOG.info("UMA Access Token read correctly");
// } else {
// LOG.error("UMA Access Token NOT RETRIEVED!!!");
// throw new Exception("UMA Access Token is null or empty");
// }
// } catch (Exception e2) {
// throw new Exception("Error occurred on reading UMA access token:", e2);
// }
//
// String previousUMAToken = null;
// try {
//
// try {
// // Here the previousUMAToken should be null
// previousUMAToken = AccessTokenProvider.instance.get();
// } catch (Exception e) {
// // catching excpetion to be sure
// // silent
// }
//
// LOG.debug("JWT token: " + umaAcessToken.substring(0, 20) + "_MASKED_TOKEN_");
// LOG.info("Setting clientId '" + clientId + "' identity by JWT token in the "
// + AccessTokenProvider.class.getSimpleName());
// AccessTokenProvider.instance.set(umaAcessToken);
// ConcessioniManagerI concessioniManager = statefulMongoConcessioni().build();
// // Returning item by Id
// return concessioniManager.getById(mongoItemId);
//
// } catch (Exception e) {
// LOG.error(e.getMessage(), e);
// throw new Exception(e.getMessage());
// } finally {
// try {
// AccessTokenProvider.instance.set(previousUMAToken);
// LOG.info("Done reset to prevoius UMA token into " + AccessTokenProvider.class.getSimpleName());
// } catch (Exception e) {
// }
// }
// }
//
// /**
// * To concessione.
// *
// * @param jsonString the json string
// * @return the concessione
// */
// public Concessione toConcessione(String jsonString) {
// LOG.info("toConcessione called");
// try {
// return org.gcube.application.geoportal.client.utils.Serialization.read(jsonString, Concessione.class);
// } catch (Exception e) {
// LOG.warn("Error on serializing: ", e);
// return null;
// }
// }
//
// /*
// * For testing public Concessione iamClientGetItemBy(HttpServletRequest request,
// * String mongoItemId, String clientId, String secret) throws Exception { String
// * scope = SessionUtil.getCurrentContext(request, true); return
// * iamClientGetItemBy(scope, mongoItemId, clientId, secret); }
// */
//
//}

View File

@ -26,7 +26,9 @@ import org.gcube.application.geoportalcommon.util.URLParserUtil;
import org.gcube.portlets.user.geoportaldataviewer.client.GeoportalDataViewerService;
import org.gcube.portlets.user.geoportaldataviewer.server.gis.FeatureParser;
import org.gcube.portlets.user.geoportaldataviewer.server.gis.WMSUrlValidator;
import org.gcube.portlets.user.geoportaldataviewer.server.util.CheckAccessPolicyUtil;
import org.gcube.portlets.user.geoportaldataviewer.server.mongoservice.ConcessioneImageUtil;
import org.gcube.portlets.user.geoportaldataviewer.server.mongoservice.ConcessioniMongoServiceIdentityProxy;
import org.gcube.portlets.user.geoportaldataviewer.server.mongoservice.accesspolicy.GeoNACheckAccessPolicy;
import org.gcube.portlets.user.geoportaldataviewer.server.util.SessionUtil;
import org.gcube.portlets.user.geoportaldataviewer.shared.GeoNaSpatialQueryResult;
import org.gcube.portlets.user.geoportaldataviewer.shared.gis.LayerObject;
@ -143,7 +145,7 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme
LOG.debug("For layer name: " + layerObject.getLayerItem().getName() + " got features: " + features);
geoDAO.setFeatures(features);
//Getting the concessioneId from WFS features
// Getting the concessioneId from WFS features
for (FeatureRow fRow : features) {
if (fRow.getMapProperties() != null) {
List<String> concessioneIds = fRow.getMapProperties().get("product_id");
@ -216,15 +218,16 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme
String userName = null;
try {
userName = SessionUtil.getCurrentUser(this.getThreadLocalRequest()).getUsername();
}catch (Exception e) {
} catch (Exception e) {
LOG.info("User not found in session, the userName for cecking policy will be null");
}
if (itemType.equalsIgnoreCase("concessione")) {
LOG.info("Trying to get concessione for id " + itemId);
ConcessioniMongoService cms = new ConcessioniMongoService();
Concessione concessione = cms.getItemById(this.getThreadLocalRequest(), itemId);
ConcessioniMongoServiceIdentityProxy cms = new ConcessioniMongoServiceIdentityProxy(
this.getThreadLocalRequest());
Concessione concessione = cms.getItemById(itemId);
BaseConcessioneDV baseConcessione = ConvertToDataViewModel.toBaseConcessione(concessione);
if (concessione != null) {
@ -233,7 +236,7 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme
if (concessione.getPianteFineScavo() != null) {
for (LayerConcessione lc : concessione.getPianteFineScavo()) {
if (CheckAccessPolicyUtil.isAccessible(lc.getPolicy().name(), userName)) {
if (GeoNACheckAccessPolicy.isAccessible(lc.getPolicy().name(), userName)) {
listLayers.add(ConvertToDataViewModel.toLayerConcessione(lc, baseConcessione));
}
}
@ -242,7 +245,7 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme
if (lcPosizionamento != null) {
if (CheckAccessPolicyUtil.isAccessible(lcPosizionamento.getPolicy().name(), userName)) {
if (GeoNACheckAccessPolicy.isAccessible(lcPosizionamento.getPolicy().name(), userName)) {
LayerConcessioneDV thePosizScavo = ConvertToDataViewModel
.toLayerConcessione(lcPosizionamento, baseConcessione);
@ -286,8 +289,9 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme
try {
LOG.info("Trying to get record for id " + mongoId);
ConcessioniMongoService cms = new ConcessioniMongoService();
Concessione concessione = cms.getItemById(this.getThreadLocalRequest(), mongoId);
ConcessioniMongoServiceIdentityProxy cms = new ConcessioniMongoServiceIdentityProxy(
this.getThreadLocalRequest());
Concessione concessione = cms.getItemById(mongoId);
LOG.info("Got concessione for mongoId: " + mongoId);
if (concessione != null) {
@ -297,11 +301,12 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme
try {
userName = SessionUtil.getCurrentUser(this.getThreadLocalRequest()).getUsername();
}catch (Exception e) {
} catch (Exception e) {
LOG.info("User not found in session, so going to apply the acess policies");
}
// TODO THIS IS A WORKAROUND WAITING FOR ADOPTING OF USER ROLES. AT THE MOMENT, A USER AUTHENTICATED CAN ACCESS EVERYTHING
// TODO THIS IS A WORKAROUND WAITING FOR ADOPTING OF USER ROLES. AT THE MOMENT,
// A USER AUTHENTICATED CAN ACCESS EVERYTHING
// I CAN CHECK THE ACCCESS POLICIES IF AND ONLY IF THE USER IS NOT LOGGED IN.
if (userName == null) {
@ -309,9 +314,9 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme
LOG.info("Applying access policies for concessione " + mongoId + " returned by service");
LayerConcessioneDV layerPosizionamento = concessionDV.getPosizionamentoScavo();
if (layerPosizionamento != null) {
if (!CheckAccessPolicyUtil.isAccessible(layerPosizionamento.getPolicy(), userName)) {
if (!GeoNACheckAccessPolicy.isAccessible(layerPosizionamento.getPolicy(), userName)) {
concessionDV.setPosizionamentoScavo(null);
}else {
} else {
LOG.info("Posizionamento di Scavo is not accessible by current user");
}
}
@ -320,7 +325,7 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme
if (listLayersDV != null) {
List<LayerConcessioneDV> accessibleListLayersDV = new ArrayList<LayerConcessioneDV>();
for (LayerConcessioneDV layerDV : listLayersDV) {
if (CheckAccessPolicyUtil.isAccessible(layerDV.getPolicy(), userName)) {
if (GeoNACheckAccessPolicy.isAccessible(layerDV.getPolicy(), userName)) {
accessibleListLayersDV.add(layerDV);
}
}
@ -329,14 +334,14 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme
AbstractRelazioneScavoDV abstractRS = concessionDV.getAbstractRelazioneScavo();
if (abstractRS != null) {
if (!CheckAccessPolicyUtil.isAccessible(abstractRS.getPolicy(), userName)) {
if (!GeoNACheckAccessPolicy.isAccessible(abstractRS.getPolicy(), userName)) {
concessionDV.setAbstractRelazioneScavo(null);
}
}
RelazioneScavoDV relazioneScavo = concessionDV.getRelazioneScavo();
if (relazioneScavo != null) {
if (!CheckAccessPolicyUtil.isAccessible(relazioneScavo.getPolicy(), userName)) {
if (!GeoNACheckAccessPolicy.isAccessible(relazioneScavo.getPolicy(), userName)) {
concessionDV.setRelazioneScavo(null);
}
}
@ -348,7 +353,7 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme
// SHOWING ACESSIBLE IMAGES
for (UploadedImageDV uploadedImageDV : immagini) {
if (CheckAccessPolicyUtil.isAccessible(uploadedImageDV.getPolicy(), userName)) {
if (GeoNACheckAccessPolicy.isAccessible(uploadedImageDV.getPolicy(), userName)) {
accessibleListImages.add(uploadedImageDV);
}
@ -495,7 +500,7 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme
SessionUtil.getCurrentContext(this.getThreadLocalRequest(), true);
GeoportalCommon gc = new GeoportalCommon();
return gc.getPublicLinksFor(item,true);
return gc.getPublicLinksFor(item, true);
} catch (Exception e) {
LOG.error("Error on getPublicLinksFor for: " + item, e);

View File

@ -1,124 +0,0 @@
//package org.gcube.portlets.user.geoportaldataviewer.server;
//
//import java.time.LocalDateTime;
//import java.util.ArrayList;
//import java.util.Arrays;
//import java.util.List;
//
//import org.gcube.application.geoportal.common.model.legacy.AccessPolicy;
//import org.gcube.application.geoportal.common.model.legacy.BBOX;
//import org.gcube.application.geoportal.common.model.legacy.Concessione;
//import org.gcube.application.geoportal.common.model.legacy.LayerConcessione;
//import org.gcube.application.geoportal.common.model.legacy.PersistedContent;
//import org.gcube.application.geoportal.common.model.legacy.RelazioneScavo;
//import org.gcube.application.geoportal.common.model.legacy.UploadedImage;
//import org.gcube.application.geoportal.common.model.legacy.WorkspaceContent;
//
//
//public class TestModel {
//
// public static Concessione prepareEmptyConcessione() {
// Concessione concessione = new Concessione();
//
// // Generic fields
//
// // Concessione fields
//
// concessione.setNome("Italia, forse");
// concessione.setIntroduzione("This is my project");
// concessione.setDescrizioneContenuto("It contains this and that");
//
// concessione.setAuthors(Arrays.asList(new String[] { "Some one", "Some, oneelse" }));
//
// concessione.setContributore("Contrib 1");
// concessione.setTitolari(Arrays.asList(new String[] { "Some one", "Some, oneelse" }));
// concessione.setResponsabile("Someone");
// concessione.setEditore("Editore");
//
// concessione.setFontiFinanziamento(Arrays.asList(new String[] { "Big pharma", "Pentagon" }));
//
// concessione.setSoggetto(Arrays.asList(new String[] { "Research Excavation", "Archeology" }));
//
// concessione
// .setRisorseCorrelate(Arrays.asList(new String[] { "https://google.com", "https://www.repubblica.it" }));
//
// concessione.setDataInizioProgetto(LocalDateTime.now());
// concessione.setDataFineProgetto(LocalDateTime.now());
//
// concessione.setLicenzaID("CC-BY");
//
// concessione.setTitolareLicenza("Qualcun altro");
// concessione.setTitolareCopyright("Chiedilo in giro");
//
// concessione.setParoleChiaveLibere(Arrays.asList(new String[] { "Robba", "Stuff" }));
// concessione.setParoleChiaveICCD(Arrays.asList(new String[] { "vattelapesca", "somthing something" }));
//
// concessione.setLastUpdateTime(LocalDateTime.now());
// concessione.setCreationTime(LocalDateTime.now());
// concessione.setLastUpdateUser("fake user");
//
// concessione.setCentroidLat(43.0); // N-S
// concessione.setCentroidLong(9.0); // E-W
//
// return concessione;
// }
//
// public static Concessione prepareConcessione() {
//
// Concessione concessione = prepareEmptyConcessione();
//
// // Attachments
//
// // Relazione scavo
// RelazioneScavo relScavo = new RelazioneScavo();
//
// relScavo.setAbstractSection("simple abstract section");
// relScavo.setResponsabili(concessione.getAuthors());
//
// concessione.setRelazioneScavo(relScavo);
// // Immagini rappresentative
// ArrayList<UploadedImage> imgs = new ArrayList<>();
// for (int i = 0; i < 5; i++) {
// UploadedImage img = new UploadedImage();
// img.setTitolo("My image number " + i);
// img.setDidascalia("You can see my image number " + i);
// img.setFormat("TIFF");
// img.setCreationTime(LocalDateTime.now());
// img.setResponsabili(concessione.getAuthors());
// List<PersistedContent> actualContentList = new ArrayList<PersistedContent>(1);
// WorkspaceContent ws = new WorkspaceContent();
// ws.setLink("https://data.dev.d4science.org/shub/E_azRkaVhqTFExMzZvTG9pY0hwSFJNV2tVTHBEMGEycFVsQitvWjZvb29WZjkwRU84b1hXQnp0QjRuSGhrODJqQg==");
// actualContentList.add(ws);
// img.setActualContent(actualContentList);
// imgs.add(img);
// }
// concessione.setImmaginiRappresentative(imgs);
// // Posizionamento
// LayerConcessione posizionamento = new LayerConcessione();
// posizionamento.setValutazioneQualita("Secondo me si");
// posizionamento.setMetodoRaccoltaDati("Fattobbene");
// posizionamento.setScalaAcquisizione("1:10000");
// posizionamento.setAuthors(concessione.getAuthors());
// concessione.setPosizionamentoScavo(posizionamento);
//
// // Piante fine scavo
// ArrayList<LayerConcessione> piante = new ArrayList<LayerConcessione>();
// for (int i = 0; i < 4; i++) {
// LayerConcessione pianta = new LayerConcessione();
// pianta.setValutazioneQualita("Secondo me si");
// pianta.setMetodoRaccoltaDati("Fattobbene");
// pianta.setScalaAcquisizione("1:10000");
// pianta.setAuthors(concessione.getAuthors());
// pianta.setPolicy(AccessPolicy.RESTRICTED);
// pianta.setLayerName("gna_conc_12:pos");
// pianta.setWmsLink(
// "https://geoserver1.dev.d4science.org/geoserver/gna_conc_12/wms?service=WMS&version=1.1.0&request=GetMap&layers=gna_conc_12:pos&styles=&bbox=8.62091913167495,40.62975046683799,8.621178639172953,40.630257904721645&width=392&height=768&srs=EPSG:4326&format=application/openlayers#toggle");
//
// pianta.setBbox(new BBOX(40.630257904721645,8.621178639172953,40.62975046683799,8.62091913167495));
// piante.add(pianta);
// }
// concessione.setPianteFineScavo(piante);
//
// return concessione;
// }
//}

View File

@ -1,4 +1,4 @@
package org.gcube.portlets.user.geoportaldataviewer.server;
package org.gcube.portlets.user.geoportaldataviewer.server.mongoservice;
import java.util.ArrayList;
import java.util.List;
@ -50,8 +50,8 @@ public class ConcessioneImageUtil {
if (itemType.equalsIgnoreCase("concessione")) {
LOG.info("Trying to get concessione for id " + itemId);
ConcessioniMongoService cms = new ConcessioniMongoService();
Concessione concessione = cms.getItemById(httpServletRequest, itemId);
ConcessioniMongoServiceIdentityProxy cms = new ConcessioniMongoServiceIdentityProxy(httpServletRequest);
Concessione concessione = cms.getItemById(itemId);
if (concessione != null) {
LOG.info("For id " + itemId + ", got concessione " + concessione.getNome() + " from service");
List<UploadedImage> images = concessione.getImmaginiRappresentative();

View File

@ -0,0 +1,66 @@
package org.gcube.portlets.user.geoportaldataviewer.server.mongoservice;
import static org.gcube.application.geoportal.client.GeoportalAbstractPlugin.statefulMongoConcessioni;
import org.gcube.application.geoportal.client.legacy.ConcessioniManagerI;
import org.gcube.application.geoportal.common.model.legacy.Concessione;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* The Class ConcessioniMongoService.
*
* @author Francesco Mangiacrapa at ISTI-CNR francesco.mangiacrapa@isti.cnr.it
*
* Sep 23, 2021
*/
public class ConcessioniMongoService {
private static final Logger LOG = LoggerFactory.getLogger(ConcessioniMongoService.class);
/**
* Instantiates a new concessioni mongo service.
*/
protected ConcessioniMongoService() {
}
/**
* Gets the item by id.
*
* @param mongoItemId the mongo item id
* @return the item by id
* @throws Exception the exception
*/
protected Concessione getItemById(String mongoItemId) throws Exception {
LOG.info("called getItemById: " + mongoItemId);
ConcessioniManagerI concessioniManager = statefulMongoConcessioni().build();
// Returning item by Id
return concessioniManager.getById(mongoItemId);
}
/**
* To concessione.
*
* @param jsonString the json string
* @return the concessione
*/
protected Concessione toConcessione(String jsonString) {
LOG.info("toConcessione called");
try {
return org.gcube.application.geoportal.client.utils.Serialization.read(jsonString, Concessione.class);
} catch (Exception e) {
LOG.warn("Error on serializing: ", e);
return null;
}
}
/*
* For testing public Concessione iamClientGetItemBy(HttpServletRequest request,
* String mongoItemId, String clientId, String secret) throws Exception { String
* scope = SessionUtil.getCurrentContext(request, true); return
* iamClientGetItemBy(scope, mongoItemId, clientId, secret); }
*/
}

View File

@ -0,0 +1,77 @@
package org.gcube.portlets.user.geoportaldataviewer.server.mongoservice;
import javax.servlet.http.HttpServletRequest;
import org.gcube.application.geoportal.common.model.legacy.Concessione;
import org.gcube.common.portal.PortalContext;
import org.gcube.portlets.user.geoportaldataviewer.server.mongoservice.accessidentities.GcubeIdentity;
import org.gcube.portlets.user.geoportaldataviewer.server.mongoservice.accessidentities.IAMClientIdentity;
import org.gcube.portlets.user.geoportaldataviewer.server.mongoservice.accessidentities.UserIdentity;
import org.gcube.portlets.user.geoportaldataviewer.server.util.SessionUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* The Class ConcessioniMongoServiceIdentityProxy.
*
* @author Francesco Mangiacrapa at ISTI-CNR francesco.mangiacrapa@isti.cnr.it
*
* Sep 23, 2021
*/
public class ConcessioniMongoServiceIdentityProxy {
private static final Logger LOG = LoggerFactory.getLogger(ConcessioniMongoServiceIdentityProxy.class);
private GcubeIdentity gCubeIdentity;
/**
* Instantiates a new concessioni mongo service proxy.
*
* @param request the request
* @throws Exception the exception
*/
public ConcessioniMongoServiceIdentityProxy(HttpServletRequest request) throws Exception {
SessionUtil.getCurrentContext(request, true);
PortalContext pContext = PortalContext.getConfiguration();
String username = null;
try {
username = pContext.getCurrentUser(request).getUsername();
}catch (Exception e) {
LOG.info("Username not detected in session");
}
if (username != null) {
LOG.info("User detected, using its identity");
gCubeIdentity = new UserIdentity();
} else {
LOG.info("User not detected, using IAM Client identity");
gCubeIdentity = new IAMClientIdentity();
}
gCubeIdentity.setIdentity(request);
}
/**
* Gets the item by id.
*
* @param mongoItemId the mongo item id
* @return the item by id
* @throws Exception the exception
*/
public Concessione getItemById(String mongoItemId) throws Exception {
try {
// Obtain the client
ConcessioniMongoService concessioniManager = new ConcessioniMongoService();
// Returning item by Id
return concessioniManager.getItemById(mongoItemId);
}catch(Exception e) {
LOG.error("Error on reading itemById: "+mongoItemId, e);
throw(e);
}finally {
gCubeIdentity.resetIdentity();
}
}
}

View File

@ -0,0 +1,82 @@
package org.gcube.portlets.user.geoportaldataviewer.server.mongoservice;
import static org.gcube.resources.discovery.icclient.ICFactory.clientFor;
import static org.gcube.resources.discovery.icclient.ICFactory.queryFor;
import java.util.Collection;
import java.util.List;
import org.gcube.common.encryption.StringEncrypter;
import org.gcube.common.resources.gcore.ServiceEndpoint;
import org.gcube.common.resources.gcore.ServiceEndpoint.AccessPoint;
import org.gcube.common.scope.api.ScopeProvider;
import org.gcube.portlets.user.geoportaldataviewer.server.mongoservice.accessidentities.IAMClientCredentials;
import org.gcube.resources.discovery.client.api.DiscoveryClient;
import org.gcube.resources.discovery.client.queries.api.SimpleQuery;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* The Class IAMClientCredentialsReader.
*
* @author Francesco Mangiacrapa at ISTI-CNR francesco.mangiacrapa@isti.cnr.it
*
* Sep 23, 2021
*/
public class IAMClientCredentialsReader {
private static Logger LOG = LoggerFactory.getLogger(IAMClientCredentialsReader.class);
private static final String SE_PROFILE_NAME = "geoportal-data-viewer-app";
private static final String SE_CATEGORY_NAME = "SystemClient";
/**
* Gets the credentials.
*
* @return the credentials
* @throws Exception the exception
*/
public static IAMClientCredentials getCredentials() throws Exception {
LOG.info("Searching SE in the scope: " + ScopeProvider.instance.get() + " with profile name: " + SE_PROFILE_NAME
+ " and category name: " + SE_CATEGORY_NAME);
SimpleQuery query = queryFor(ServiceEndpoint.class);
query.addCondition("$resource/Profile/Name/text() eq '" + SE_PROFILE_NAME + "'");
query.addCondition("$resource/Profile/Category/text() eq '" + SE_CATEGORY_NAME + "'");
DiscoveryClient<ServiceEndpoint> client = clientFor(ServiceEndpoint.class);
List<ServiceEndpoint> resources = client.submit(query);
if (resources.size() > 0)
LOG.info("The query returned " + resources.size() + " ServiceEndpoint/s");
else
throw new RuntimeException("ServiceEndpoint not found. Searching for profile name: " + SE_PROFILE_NAME
+ " and category name: " + SE_CATEGORY_NAME + "in the scope: " + ScopeProvider.instance.get());
ServiceEndpoint se = resources.get(0);
Collection<AccessPoint> theAccessPoints = se.profile().accessPoints().asCollection();
String clientId = null;
String secredPwd = null;
for (AccessPoint accessPoint : theAccessPoints) {
clientId = accessPoint.username();
secredPwd = accessPoint.password();
LOG.debug("Found clientId: " + clientId + " and encrypted secret: " + secredPwd);
// decrypting the pwd
try {
if (secredPwd != null) {
secredPwd = StringEncrypter.getEncrypter().decrypt(secredPwd);
LOG.debug("Secret decrypted is: " + secredPwd.substring(0, secredPwd.length() / 2)
+ "_MASKED_TOKEN_");
}
} catch (Exception e) {
throw new RuntimeException("Error on decrypting the pwd: ", e);
}
}
LOG.info("Returning keycloack credentials read from SE");
return new IAMClientCredentials(clientId, secredPwd);
}
}

View File

@ -0,0 +1,28 @@
package org.gcube.portlets.user.geoportaldataviewer.server.mongoservice.accessidentities;
import javax.servlet.http.HttpServletRequest;
/**
* The Interface GcubeIdentity.
*
* @author Francesco Mangiacrapa at ISTI-CNR francesco.mangiacrapa@isti.cnr.it
*
* Sep 23, 2021
*/
public interface GcubeIdentity {
/**
* Sets the identity.
*
* @param httpRequest the new identity
* @throws Exception the exception
*/
public void setIdentity(HttpServletRequest httpRequest) throws Exception;
/**
* Reset identity.
*/
public void resetIdentity();
}

View File

@ -0,0 +1,91 @@
package org.gcube.portlets.user.geoportaldataviewer.server.mongoservice.accessidentities;
import java.io.Serializable;
/**
* The Class IAMClientCredentials.
*
* @author Francesco Mangiacrapa at ISTI-CNR francesco.mangiacrapa@isti.cnr.it
*
* Sep 23, 2021
*/
public class IAMClientCredentials implements Serializable {
/**
*
*/
private static final long serialVersionUID = 7242909633989611318L;
private String clientId;
private String clientSecret;
/**
* Instantiates a new IAM client credentials.
*/
public IAMClientCredentials() {
}
/**
* Instantiates a new IAM client credentials.
*
* @param clientId the client id
* @param clientSecret the client secret
*/
public IAMClientCredentials(String clientId, String clientSecret) {
this.clientId = clientId;
this.clientSecret = clientSecret;
}
/**
* Gets the client id.
*
* @return the client id
*/
public String getClientId() {
return clientId;
}
/**
* Gets the client secret.
*
* @return the client secret
*/
public String getClientSecret() {
return clientSecret;
}
/**
* Sets the client id.
*
* @param clientId the new client id
*/
public void setClientId(String clientId) {
this.clientId = clientId;
}
/**
* Sets the client secret.
*
* @param clientSecret the new client secret
*/
public void setClientSecret(String clientSecret) {
this.clientSecret = clientSecret;
}
/**
* To string.
*
* @return the string
*/
@Override
public String toString() {
StringBuilder builder = new StringBuilder();
builder.append("IAMClientCredentials [clientId=");
builder.append(clientId);
builder.append(", clientSecret=");
builder.append(clientSecret);
builder.append("]");
return builder.toString();
}
}

View File

@ -0,0 +1,83 @@
package org.gcube.portlets.user.geoportaldataviewer.server.mongoservice.accessidentities;
import javax.servlet.http.HttpServletRequest;
import org.gcube.common.authorization.library.provider.AccessTokenProvider;
import org.gcube.common.keycloak.KeycloakClientFactory;
import org.gcube.common.keycloak.model.TokenResponse;
import org.gcube.portlets.user.geoportaldataviewer.server.mongoservice.IAMClientCredentialsReader;
import org.gcube.portlets.user.geoportaldataviewer.server.util.SessionUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class IAMClientIdentity implements GcubeIdentity {
private static final Logger LOG = LoggerFactory.getLogger(IAMClientIdentity.class);
private String previousUMAToken = null;
@Override
public void setIdentity(HttpServletRequest httpRequest) throws Exception {
LOG.info("setIdentity called");
String currentScope = SessionUtil.getCurrentContext(httpRequest, true);
IAMClientCredentials credentials = SessionUtil.getIAMClientCredentials(httpRequest);
try {
if(credentials==null) {
credentials = IAMClientCredentialsReader.getCredentials();
SessionUtil.setIAMClientCredentials(httpRequest,credentials);
}
} catch (Exception e) {
LOG.error("Error on discovering IAM Client credentials", e);
throw new Exception("IAM Client discovery failed");
}
LOG.trace("Read credentials: " + credentials);
String umaAcessToken = null;
String clientId = credentials.getClientId();
String clientSecret = credentials.getClientSecret();
try {
LOG.info("Querying KeycloakClientFactory to get UMA token..");
TokenResponse tr = KeycloakClientFactory.newInstance().queryUMAToken(clientId, clientSecret, currentScope,
null);
umaAcessToken = tr.getAccessToken();
if (umaAcessToken != null && !umaAcessToken.isEmpty()) {
LOG.info("UMA Access Token read correctly");
} else {
LOG.error("UMA Access Token NOT RETRIEVED!!!");
throw new Exception("UMA Access Token is null or empty");
}
} catch (Exception e2) {
throw new Exception("Error occurred on reading UMA access token:", e2);
}
try {
try {
// Here the previousUMAToken should be null
previousUMAToken = AccessTokenProvider.instance.get();
} catch (Exception e) {
// catching excpetion to be sure
// silent
}
LOG.debug("JWT token: " + umaAcessToken.substring(0, 20) + "_MASKED_TOKEN_");
LOG.info("Setting clientId '" + clientId + "' identity by JWT token in the "
+ AccessTokenProvider.class.getSimpleName());
AccessTokenProvider.instance.set(umaAcessToken);
} catch (Exception e) {
LOG.error(e.getMessage(), e);
throw new Exception(e.getMessage());
}
}
@Override
public void resetIdentity() {
LOG.info("resetIdentity called");
AccessTokenProvider.instance.set(previousUMAToken);
LOG.info("resetIdentity to previous AccessToken");
}
}

View File

@ -0,0 +1,28 @@
package org.gcube.portlets.user.geoportaldataviewer.server.mongoservice.accessidentities;
import javax.servlet.http.HttpServletRequest;
import org.gcube.portlets.user.geoportaldataviewer.server.util.SessionUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class UserIdentity implements GcubeIdentity {
private static final Logger LOG = LoggerFactory.getLogger(UserIdentity.class);
public UserIdentity() {
}
@Override
public void setIdentity(HttpServletRequest httpRequest) throws Exception {
LOG.info("setIdentity called");
SessionUtil.getCurrentToken(httpRequest, true);
}
@Override
public void resetIdentity() {
LOG.info("resetIdentity called, doing nothing");
// doing nothing
}
}

View File

@ -1,18 +1,18 @@
package org.gcube.portlets.user.geoportaldataviewer.server.util;
package org.gcube.portlets.user.geoportaldataviewer.server.mongoservice.accesspolicy;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* The Class CheckAccessPolicyUtil.
* The Class GeoNACheckAccessPolicy.
*
* @author Francesco Mangiacrapa at ISTI-CNR francesco.mangiacrapa@isti.cnr.it
*
* Sep 9, 2021
*/
public class CheckAccessPolicyUtil {
public class GeoNACheckAccessPolicy {
private static final Logger LOG = LoggerFactory.getLogger(CheckAccessPolicyUtil.class);
private static final Logger LOG = LoggerFactory.getLogger(GeoNACheckAccessPolicy.class);
/**
* The Enum ACCESS_POLICY.
*

View File

@ -14,7 +14,8 @@ import org.gcube.application.geoportalcommon.shared.products.model.UploadedImage
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
import org.gcube.common.portal.PortalContext;
import org.gcube.common.scope.api.ScopeProvider;
import org.gcube.portlets.user.geoportaldataviewer.server.ConcessioneImageUtil;
import org.gcube.portlets.user.geoportaldataviewer.server.mongoservice.ConcessioneImageUtil;
import org.gcube.portlets.user.geoportaldataviewer.server.mongoservice.accessidentities.IAMClientCredentials;
import org.gcube.portlets.user.urlshortener.UrlShortener;
import org.gcube.vomanagement.usermanagement.GroupManager;
import org.gcube.vomanagement.usermanagement.exception.GroupRetrievalFault;
@ -39,9 +40,11 @@ public class SessionUtil {
/** The log. */
private static Logger LOG = LoggerFactory.getLogger(SessionUtil.class);
public static final String URL_SHORTENER_SERVICE = "URL_SHORTENER_SERVICE";
private static final String URL_SHORTENER_SERVICE = "URL_SHORTENER_SERVICE";
public static final String CACHE_IMAGE_PREVIEW_FOR_CONCESSIONE = "MAP_IMAGE_PREVIEW_FOR_CONCESSIONE";
private static final String CACHE_IMAGE_PREVIEW_FOR_CONCESSIONE = "MAP_IMAGE_PREVIEW_FOR_CONCESSIONE";
private static final String IAM_CLIENT_CREDENTIALS = "IAM_CLIENT_CREDENTIALS";
/**
* Checks if is into portal.
@ -222,4 +225,35 @@ public class SessionUtil {
return lUI.get(0);
}
/**
* Gets the IAM client credentials.
*
* @param httpRequest the http request
* @return the IAM client credentials
*/
public static IAMClientCredentials getIAMClientCredentials(HttpServletRequest httpRequest) {
HttpSession session = httpRequest.getSession();
try {
return (IAMClientCredentials) session.getAttribute(IAM_CLIENT_CREDENTIALS);
} catch (Exception e) {
LOG.warn("Error occurred when reading " + IAM_CLIENT_CREDENTIALS + " from session");
return null;
}
}
/**
* Sets the IAM client credentials.
*
* @param httpRequest the http request
* @param iamCC the iam CC
*/
public static void setIAMClientCredentials(HttpServletRequest httpRequest, IAMClientCredentials iamCC) {
HttpSession session = httpRequest.getSession();
try {
session.setAttribute(IAM_CLIENT_CREDENTIALS, iamCC);
} catch (Exception e) {
LOG.warn("Error occurred when setting " + IAM_CLIENT_CREDENTIALS + " into session");
}
}
}

View File

@ -0,0 +1,60 @@
package org.gcube.portlets.user.geoportaldataviewer;
import static org.gcube.application.geoportal.client.GeoportalAbstractPlugin.statefulMongoConcessioni;
import org.gcube.application.geoportal.client.legacy.ConcessioniManagerI;
import org.gcube.application.geoportal.common.model.legacy.Concessione;
import org.gcube.application.geoportalcommon.ConvertToDataViewModel;
import org.gcube.application.geoportalcommon.shared.products.ConcessioneDV;
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
import org.gcube.common.scope.api.ScopeProvider;
public class ConcessioneReader {
private static final String YOUR_TOKEN = "";
public static String SCOPE = "/gcube/devsec/devVRE";
public static String mongoConcessioneID = "6102c07002ad3d05b5f81ddc";
//@Before
public void setEnviroment() {
ScopeProvider.instance.set(SCOPE);
SecurityTokenProvider.instance.set(YOUR_TOKEN);
}
//@Test
public void readConcessione() throws Exception {
System.out.println("getConcessioneForId " + mongoConcessioneID + "called");
ConcessioneDV concessionDV = null;
if (mongoConcessioneID == null)
throw new Exception("Invalid parameter. The Id is null");
try {
System.out.println("Trying to get record for id " + mongoConcessioneID);
ConcessioniManagerI concessioniManager = statefulMongoConcessioni().build();
Concessione concessione = concessioniManager.getById(mongoConcessioneID);
System.out.println("For id " + mongoConcessioneID + ", got concessione " + concessione);
System.out.println("Immagini Rappresentative are: " + concessione.getImmaginiRappresentative());
System.out.println("Relazione scavo: " + concessione.getRelazioneScavo());
System.out.println("Pianta Fine scavo: " + concessione.getPianteFineScavo());
System.out.println("Posizionamento scavo: " + concessione.getPosizionamentoScavo());
if (concessione != null) {
concessionDV = ConvertToDataViewModel.toConcessione(concessione);
}
if (concessionDV == null)
throw new Exception("Concessione not retrieved");
System.out.println("Got concessione: " + concessionDV);
} catch (Exception e) {
String erroMsg = Concessione.class.getSimpleName() + " with id " + mongoConcessioneID + " not available";
throw new Exception(erroMsg);
}
}
}

View File

@ -1,67 +0,0 @@
package org.gcube.portlets.user.geoportaldataviewer;
import static org.gcube.application.geoportal.client.GeoportalAbstractPlugin.statefulMongoConcessioni;
import org.gcube.application.geoportal.client.legacy.ConcessioniManagerI;
import org.gcube.application.geoportal.common.model.legacy.Concessione;
import org.gcube.application.geoportalcommon.ConvertToDataViewModel;
import org.gcube.application.geoportalcommon.shared.products.ConcessioneDV;
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
import org.gcube.common.scope.api.ScopeProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class GetConcessione {
private static final Logger LOG = LoggerFactory.getLogger(GetConcessione.class);
private static final String YOUR_TOKEN = "";
public static String SCOPE = "/gcube/devsec/devVRE";
public static String concessioneId = "6102c07002ad3d05b5f81ddc";
public static ConcessioneDV getConcessioneForId(String mongoID) throws Exception{
LOG.info("getConcessioneForId "+mongoID+ "called");
ConcessioneDV concessionDV = null;
if(mongoID==null)
throw new Exception("Invalid parameter. The Id is null");
try {
LOG.info("Trying to get record for id "+mongoID);
ConcessioniManagerI concessioniManager = statefulMongoConcessioni().build();
Concessione concessione = concessioniManager.getById(mongoID);
LOG.info("For id "+mongoID+", got concessione "+concessione);
LOG.info("Immagini Rappresentative are: "+concessione.getImmaginiRappresentative());
LOG.info("Relazione scavo: "+concessione.getRelazioneScavo());
LOG.info("Pianta Fine scavo: "+concessione.getPianteFineScavo());
LOG.info("Posizionamento scavo: "+concessione.getPosizionamentoScavo());
if(concessione !=null) {
concessionDV = ConvertToDataViewModel.toConcessione(concessione);
}
if(concessionDV==null)
throw new Exception("Concessione not retrieved");
return concessionDV;
}catch (Exception e) {
String erroMsg = Concessione.class.getSimpleName() +" with id "+mongoID+" not available";
LOG.error(erroMsg,e);
throw new Exception(erroMsg);
}
}
public static void main(String[] args) throws Exception {
ScopeProvider.instance.set(SCOPE);
SecurityTokenProvider.instance.set(YOUR_TOKEN);
LOG.info("Trying to get record for id "+concessioneId);
ConcessioneDV concessione = getConcessioneForId(concessioneId);
LOG.info("Got record for id "+concessione);
}
}

View File

@ -0,0 +1,40 @@
package org.gcube.portlets.user.geoportaldataviewer;
import java.util.List;
import org.gcube.application.geoportal.common.model.legacy.Concessione;
import org.gcube.common.scope.api.ScopeProvider;
import org.gcube.portlets.user.geoportaldataviewer.server.mongoservice.IAMClientCredentialsReader;
import org.gcube.portlets.user.geoportaldataviewer.server.mongoservice.accessidentities.IAMClientCredentials;
import org.junit.Test;
public class IAMClient {
private static final String SCOPE = "/gcube/devsec/devVRE";
private static final String MONGO_ITEM_ID = "614af6a502ad3d6128abd43f";
@Test
public void readCredentials() {
System.out.println("called readCredentials test");
ScopeProvider.instance.set(SCOPE);
IAMClientCredentials credentials = null;
try {
credentials = IAMClientCredentialsReader.getCredentials();
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
System.out.println("Read credentials: " + credentials);
Concessione concessione;
try {
// concessione = new ConcessioniMongoServiceIdentityProxy();
// System.out.println("Get concessione: " + concessione);
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}

View File

@ -7,9 +7,11 @@ import java.util.Arrays;
import org.gcube.common.scope.api.ScopeProvider;
import org.gcube.portlets.user.urlshortener.UrlShortener;
public class TestShortener {
public class Shortener {
public static void main(String[] args) {
//@Test
public void availableInTheScope() {
System.out.println("called availableInTheScope test");
try {
String toShort = "https://next.d4science.org/group/nextnext/geona-data-viewer";
String[] splitted = toShort.split("\\?");
@ -27,12 +29,12 @@ public class TestShortener {
System.out.println("encodedQuery is: "+encodedQuery);
link = String.format("%s?%s", splitted[0], encodedQuery);
}
ScopeProvider.instance.set("/gcube/devNext/NextNext");
ScopeProvider.instance.set("/gcube/devsec/devVRE");
UrlShortener shortener = new UrlShortener();
System.out.println(shortener.shorten(link));
} catch (Exception e) {
e.printStackTrace();
}
}
}