removed jaxb jaxws as external libraries. it were added only for test. Add keycloak-client dep in order to work with the new authorization framework.

1 year ago · bc420b7050
parent a3cafe2d53
commit bc420b7050
2 changed files with 30 additions and 7 deletions
--- a/pom.xml
+++ b/pom.xml
@ -132,7 +132,7 @@
 			<scope>test</scope>
 		</dependency>
 <!--jaxb jdk11 support-->
-		<dependency>
+		<!--dependency>
 			<groupId>javax.xml.bind</groupId>
 			<artifactId>jaxb-api</artifactId>
 			<version>2.3.1</version>
@ -152,7 +152,7 @@
 			<artifactId>jaxws-ri</artifactId>
 			<version>2.3.2</version>
 			<type>pom</type>
-		</dependency>
+		</dependency-->
 		<dependency>
 			<groupId>org.gcube.common</groupId>
 			<artifactId>keycloak-client</artifactId>
--- a/src/main/java/org/gcube/informationsystem/icproxy/resources/ServiceEndpointResource.java
+++ b/src/main/java/org/gcube/informationsystem/icproxy/resources/ServiceEndpointResource.java
@ -14,12 +14,16 @@ import javax.ws.rs.core.MediaType;

 import lombok.extern.slf4j.Slf4j;

+//import org.gcube.common.authorization.library.provider.AccessTokenProvider;
+//import org.gcube.common.keycloak.model.ModelUtils;
+import org.gcube.common.authorization.library.provider.AccessTokenProvider;
+import org.gcube.common.keycloak.model.ModelUtils;
 import org.gcube.common.resources.gcore.*;
 import org.gcube.common.resources.gcore.utils.Group;
 import org.gcube.common.scope.api.ScopeProvider;
 import org.gcube.resources.discovery.client.api.DiscoveryClient;
 import org.gcube.resources.discovery.client.queries.api.SimpleQuery;
-import org.gcube.resources.discovery.client.queries.impl.XQuery;
+//import org.gcube.resources.discovery.client.queries.impl.XQuery;
 import org.gcube.common.encryption.StringEncrypter;

@Slf4j
@ -64,16 +68,35 @@ public class ServiceEndpointResource {
 		if(Objects.nonNull(endpoints)) {
 			log.debug("retrieved resources are "+endpoints.size());
 			if (isDecrypt) {
-				List<ServiceEndpoint> ses = new ArrayList<>(endpoints.size());
-				for (ServiceEndpoint resource : endpoints) {
-					ses.add(decryptResource(resource));
+				if (isRoleEnabled()){
+					List<ServiceEndpoint> ses = new ArrayList<>(endpoints.size());
+					for (ServiceEndpoint resource : endpoints) {
+						ses.add(decryptResource(resource));
+					}
+					return ses;
+				}else{
+					log.info("user not enabled to see the resource free to air, sorry");
 				}
-				return ses;
 			}
 		}
 		return endpoints;
 	}

+	private boolean isRoleEnabled(){
+		String at= AccessTokenProvider.instance.get();
+		try{
+			if (ModelUtils.getAccessTokenFrom(at).getRealmAccess().getRoles().contains("service-endpoint-key" )) {
+				log.info("The client is authorized to see the resource as 'free-to-air'");
+				return true;
+			}
+		}catch (Exception e){
+			log.error("token not retrieved properly: "+e.getMessage());
+			e.printStackTrace();
+		}
+		log.info("user not authorized, sorry");
+		return false;
+	}
+
 //	@GET
 //	@Path("/{category}/{name}/{ap}")
 //	@Produces(MediaType.TEXT_XML)