@ -1,5 +1,8 @@
package org.gcube.portlet.user.my_vres.server ;
import static org.gcube.resources.discovery.icclient.ICFactory.clientFor ;
import static org.gcube.resources.discovery.icclient.ICFactory.queryFor ;
import java.util.ArrayList ;
import java.util.Collections ;
import java.util.LinkedHashMap ;
@ -7,12 +10,19 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest ;
import org.gcube.common.encryption.StringEncrypter ;
import org.gcube.common.portal.GCubePortalConstants ;
import org.gcube.common.portal.PortalContext ;
import org.gcube.common.resources.gcore.ServiceEndpoint ;
import org.gcube.common.resources.gcore.ServiceEndpoint.AccessPoint ;
import org.gcube.common.resources.gcore.utils.Group ;
import org.gcube.common.scope.api.ScopeProvider ;
import org.gcube.portlet.user.my_vres.client.MyVREsService ;
import org.gcube.portlet.user.my_vres.shared.AuthorizationBean ;
import org.gcube.portlet.user.my_vres.shared.UserBelonging ;
import org.gcube.portlet.user.my_vres.shared.VRE ;
import org.gcube.resources.discovery.client.api.DiscoveryClient ;
import org.gcube.resources.discovery.client.queries.api.SimpleQuery ;
import org.gcube.vomanagement.usermanagement.GroupManager ;
import org.gcube.vomanagement.usermanagement.exception.GroupRetrievalFault ;
import org.gcube.vomanagement.usermanagement.exception.UserManagementSystemException ;
@ -44,7 +54,7 @@ public class MyVREsServiceImpl extends RemoteServiceServlet implements MyVREsSer
public static final String ADD_MORE_CATEGORY = "Add More" ;
public static final String ADD_MORE_IMAGE_PATH = "images/More.png" ;
private static final String SERVICE_ENDPOINT_CATEGORY = "Portal" ;
@Override
public String getSiteLandingPagePath ( ) {
@ -247,7 +257,20 @@ public class MyVREsServiceImpl extends RemoteServiceServlet implements MyVREsSer
}
@Override
public AuthorizationBean getUserToken ( String context , String state ) {
public AuthorizationBean getUserToken ( String context , String state , String clientId , String clientSecret ) {
if ( clientId = = null | | clientId . compareTo ( "" ) = = 0 ) {
return new AuthorizationBean ( null , null , false , "client_id is null, you MUST register your application to allow users connect with their D4Science Credentials" ) ;
}
if ( clientSecret = = null | | clientSecret . compareTo ( "" ) = = 0 ) {
return new AuthorizationBean ( null , null , false , "client_secret is null, you MUST pass the clientSecret related to your client_id registered application to allow users connect with their D4Science Credentials" ) ;
}
String registeredClientSecret = getClientSecretFromIs ( clientId ) ;
if ( registeredClientSecret = = null ) {
return new AuthorizationBean ( null , null , false , "Your client_id (" + clientId + ") is not registered in the infrastructure, you MUST register your client_id to allow users connect with their D4Science Credentials" ) ;
}
if ( registeredClientSecret . compareTo ( clientSecret ) ! = 0 ) {
return new AuthorizationBean ( null , null , false , "The client_secret for clientId (" + clientId + "), does not match" ) ;
}
if ( state = = null | | state . compareTo ( "" ) = = 0 ) {
return new AuthorizationBean ( null , null , false , "State is null, please use a unique string value of your choice that is hard to guess (e.g. state=7d12bf13-111c-4f46-ab06-9e9e08ad377b). Used to prevent CSRF attacks" ) ;
}
@ -288,5 +311,65 @@ public class MyVREsServiceImpl extends RemoteServiceServlet implements MyVREsSer
return new AuthorizationBean ( token , state , true , null ) ;
}
//TODO: check the query, it doesn work
private List < ServiceEndpoint > getPortalConfigurationFromIS ( String infrastructureName , String gatewayName ) throws Exception {
String scope = "/" + infrastructureName ;
String currScope = ScopeProvider . instance . get ( ) ;
ScopeProvider . instance . set ( scope ) ;
SimpleQuery query = queryFor ( ServiceEndpoint . class ) ;
query . addCondition ( "$resource/Profile/Category/text() eq '" + SERVICE_ENDPOINT_CATEGORY + "'" ) ;
query . addCondition ( "$resource/Profile/Name/text() eq '" + gatewayName + "'" ) ;
DiscoveryClient < ServiceEndpoint > client = clientFor ( ServiceEndpoint . class ) ;
List < ServiceEndpoint > toReturn = client . submit ( query ) ;
ScopeProvider . instance . set ( currScope ) ;
return toReturn ;
}
/ * *
* look for the clientId AccessEndpoint passes as parameter
* @param gatewayName
* @param clientId
* @return the client secret related to the id , or null if non existent
* /
private String getClientSecretFromIs ( String clientId ) {
PortalContext pContext = PortalContext . getConfiguration ( ) ;
String gatewayName = pContext . getGatewayName ( getThreadLocalRequest ( ) ) ;
String scope = "/" + pContext . getInfrastructureName ( ) ;
try {
List < ServiceEndpoint > list = getPortalConfigurationFromIS ( pContext . getInfrastructureName ( ) , gatewayName ) ;
if ( list . size ( ) > 1 ) {
_log . error ( "Too many Service Endpoints having name " + gatewayName + " in this scope having Category " + SERVICE_ENDPOINT_CATEGORY ) ;
}
else if ( list . size ( ) = = 0 ) {
_log . warn ( "There is no Service Endpoint having name " + gatewayName + " and Category " + SERVICE_ENDPOINT_CATEGORY + " in this scope: " + scope ) ;
}
else {
for ( ServiceEndpoint res : list ) {
Group < AccessPoint > apGroup = res . profile ( ) . accessPoints ( ) ;
AccessPoint [ ] accessPoints = ( AccessPoint [ ] ) apGroup . toArray ( new AccessPoint [ apGroup . size ( ) ] ) ;
for ( int i = 0 ; i < accessPoints . length ; i + + ) {
if ( accessPoints [ i ] . name ( ) . compareTo ( clientId ) = = 0 ) {
_log . info ( "Found credentials for " + clientId ) ;
AccessPoint found = accessPoints [ i ] ;
//String thumbnailURL = found.address();
String encrPassword = found . password ( ) ;
String clientSecret = "" ;
try {
clientSecret = StringEncrypter . getEncrypter ( ) . decrypt ( encrPassword ) ;
_log . debug ( "clientSecret for " + clientId + " found" ) ;
return clientSecret ;
} catch ( Exception e ) {
_log . error ( "Something went wrong while decrypting password for " + clientId ) ;
e . printStackTrace ( ) ;
}
}
}
}
}
} catch ( Exception e ) {
e . printStackTrace ( ) ;
return null ;
}
return null ;
}
}