From f6de43b5ef85a2267727954572771b1a7a8f201c Mon Sep 17 00:00:00 2001
From: Massimiliano Assante <massimiliano.assante@isti.cnr.it>
Date: Mon, 16 Sep 2019 15:58:27 +0200
Subject: [PATCH] Feature #17265, provide oAuth2 service with capability to be
 deployed on a multi instance cluster

---
 .classpath                                    |  11 --
 .settings/org.eclipse.wst.common.component    |   3 -
 pom.xml                                       |  50 ++++++---
 .../my_vres/server/MyVREsServiceImpl.java     | 106 +++++-------------
 4 files changed, 63 insertions(+), 107 deletions(-)

diff --git a/.classpath b/.classpath
index 1969db5..05c831d 100644
--- a/.classpath
+++ b/.classpath
@@ -22,17 +22,6 @@
 			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
 		</attributes>
 	</classpathentry>
-	<classpathentry kind="src" output="target/test-classes" path="src/test/java">
-		<attributes>
-			<attribute name="optional" value="true"/>
-			<attribute name="maven.pomderived" value="true"/>
-		</attributes>
-	</classpathentry>
-	<classpathentry excluding="**" kind="src" output="target/test-classes" path="src/test/resources">
-		<attributes>
-			<attribute name="maven.pomderived" value="true"/>
-		</attributes>
-	</classpathentry>
 	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.8">
 		<attributes>
 			<attribute name="owner.project.facets" value="java"/>
diff --git a/.settings/org.eclipse.wst.common.component b/.settings/org.eclipse.wst.common.component
index 3ff7ea6..a14104e 100644
--- a/.settings/org.eclipse.wst.common.component
+++ b/.settings/org.eclipse.wst.common.component
@@ -5,9 +5,6 @@
     <wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/java"/>
         <wb-resource deploy-path="/WEB-INF/classes" source-path="/target/generated-sources/gwt"/>
         <wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/resources"/>
-        <dependent-module archiveName="gcube-widgets-2.2.0-SNAPSHOT.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/gcube-widgets/gcube-widgets">
-            <dependency-type>uses</dependency-type>
-        </dependent-module>
     <property name="java-output-path" value="/${module}/target/www/WEB-INF/classes"/>
         <property name="context-root" value="my-vres"/>
   </wb-module>
diff --git a/pom.xml b/pom.xml
index 8c53d0a..51c1037 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1,31 +1,33 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
 
 	<modelVersion>4.0.0</modelVersion>
 	<parent>
 		<artifactId>maven-parent</artifactId>
 		<groupId>org.gcube.tools</groupId>
-		<version>1.0.0</version>
+		<version>1.1.0-SNAPSHOT</version>
 		<relativePath />
 	</parent>
 
+
 	<groupId>org.gcube.portlets.user</groupId>
 	<artifactId>my-vres</artifactId>
 	<packaging>war</packaging>
-	<version>2.5.0-SNAPSHOT</version>
+	<version>2.6.0-SNAPSHOT</version>
 	<name>My VREs Portlet</name>
 	<description>
 		gCube My VREs Portlet shows only the VO and VREs a user is member of, divided by category.
 	</description>
 	<scm>
-		<connection>scm:svn:http://svn.d4science.research-infrastructures.eu/gcube/trunk/portlets/user/${project.artifactId}</connection>
-		<developerConnection>scm:https://svn.d4science.research-infrastructures.eu/gcube/trunk/portlets/user/${project.artifactId}</developerConnection>
-		<url>http://svn.d4science.research-infrastructures.eu/gcube/trunk/portlets/user/${project.artifactId}</url>
+		<connection>scm:git:https://code-repo.d4science.org/gCubeSystem/my-vres.git</connection>
+		<developerConnection>scm:git:https://code-repo.d4science.org/gCubeSystem/my-vres.git</developerConnection>
+		<url>https://code-repo.d4science.org/gCubeSystem/my-vres</url>
 	</scm>
 	<properties>
 		<!-- Convenience property to set the GWT version -->
-		<gwtVersion>2.8.1</gwtVersion>
+		<gwtVersion>2.8.2</gwtVersion>
 		<distroDirectory>distro</distroDirectory>
 		<liferay.version>6.2.5</liferay.version>
 		<maven.compiler.source>1.8</maven.compiler.source>
@@ -77,11 +79,6 @@
 			<artifactId>json-simple</artifactId>
 			<scope>compile</scope>
 		</dependency>
-		<dependency>
-			<groupId>org.apache.httpcomponents</groupId>
-			<artifactId>httpclient</artifactId>
-			<version>4.5.3</version>
-		</dependency>
 		<!-- FWS DEPS -->
 		<dependency>
 			<groupId>org.gcube.resources.discovery</groupId>
@@ -91,7 +88,6 @@
 		<dependency>
 			<groupId>org.gcube.portal.auth</groupId>
 			<artifactId>portal-auth-library</artifactId>
-			<version>[1.0.0-SNAPSHOT,)</version>
 			<scope>provided</scope>
 		</dependency>
 		<dependency>
@@ -104,6 +100,16 @@
 			<artifactId>common-encryption</artifactId>
 			<scope>provided</scope>
 		</dependency>
+		<dependency>
+			<groupId>org.gcube.common</groupId>
+			<artifactId>authorization-client</artifactId>
+			<scope>provided</scope>
+		</dependency>
+		<dependency>
+			<groupId>net.spy</groupId>
+			<artifactId>spymemcached</artifactId>
+			<version>2.12.3</version>
+		</dependency>
 		<dependency>
 			<groupId>com.liferay.portal</groupId>
 			<artifactId>portal-service</artifactId>
@@ -221,6 +227,24 @@
 					</execution>
 				</executions>
 			</plugin>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-javadoc-plugin</artifactId>
+				<configuration>
+					<additionalparam>-Xdoclint:none</additionalparam>
+					<additionalJOption>-Xdoclint:none</additionalJOption>
+				</configuration>
+				<version>3.1.0</version>
+				<executions>
+					<execution>
+						<id>generate-doc</id>
+						<phase>install</phase>
+						<goals>
+							<goal>jar</goal>
+						</goals>
+					</execution>
+				</executions>
+			</plugin>
 		</plugins>
 	</build>
 
diff --git a/src/main/java/org/gcube/portlet/user/my_vres/server/MyVREsServiceImpl.java b/src/main/java/org/gcube/portlet/user/my_vres/server/MyVREsServiceImpl.java
index 93345d6..7294c49 100644
--- a/src/main/java/org/gcube/portlet/user/my_vres/server/MyVREsServiceImpl.java
+++ b/src/main/java/org/gcube/portlet/user/my_vres/server/MyVREsServiceImpl.java
@@ -1,8 +1,7 @@
 package org.gcube.portlet.user.my_vres.server;
 
-import java.io.DataOutputStream;
-import java.net.HttpURLConnection;
-import java.net.URL;
+import static org.gcube.common.authorization.client.Constants.authorizationService;
+
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.LinkedHashMap;
@@ -11,13 +10,6 @@ import java.util.UUID;
 
 import javax.servlet.http.HttpServletRequest;
 
-import org.apache.http.HttpResponse;
-import org.apache.http.client.methods.HttpPost;
-import org.apache.http.entity.ContentType;
-import org.apache.http.entity.StringEntity;
-import org.apache.http.impl.client.CloseableHttpClient;
-import org.apache.http.impl.client.HttpClientBuilder;
-import org.apache.http.impl.client.LaxRedirectStrategy;
 import org.gcube.common.portal.GCubePortalConstants;
 import org.gcube.common.portal.PortalContext;
 import org.gcube.common.resources.gcore.ServiceEndpoint;
@@ -43,6 +35,8 @@ import org.slf4j.LoggerFactory;
 import com.google.gwt.user.server.rpc.RemoteServiceServlet;
 import com.liferay.portal.service.UserLocalServiceUtil;
 
+import net.spy.memcached.MemcachedClient;
+
 /**
  * The server side implementation of the RPC service.
  * @author Massimiliano Assante - ISTI CNR
@@ -62,6 +56,11 @@ public class MyVREsServiceImpl extends RemoteServiceServlet implements	MyVREsSer
 
 	public static final String ADD_MORE_CATEGORY = "Add More";
 	public static final String ADD_MORE_IMAGE_PATH= "images/More.png";
+	private static final int CACHE_SECONDS_EXPIRATION = 10;
+	/**
+	 * This map contains couples as <code, {qualifier-token, insert time, scope, redirect uri, client id}>
+	 */
+	private MemcachedClient entries;
 
 	@Override
 	public String getSiteLandingPagePath() {
@@ -86,10 +85,9 @@ public class MyVREsServiceImpl extends RemoteServiceServlet implements	MyVREsSer
 	 * first method called by the UI
 	 */
 	public LinkedHashMap<String, ArrayList<VRE>> getUserVREs() {	
-		//_log.trace("getInfrastructureVOs method called");
+		_log.trace("getInfrastructureVOs method called");
 		if (!isWithinPortal())
 			return getFakeVREs();
-		//return new ArrayList<VO>();
 		else 
 			try {
 				PortalContext context = PortalContext.getConfiguration();
@@ -106,8 +104,6 @@ public class MyVREsServiceImpl extends RemoteServiceServlet implements	MyVREsSer
 					String cat = gName;
 					toReturn.put(cat, toCreate);
 				}
-
-
 				GCubeGroup rootGroupVO = gm.getRootVO();
 				try {
 					_log.debug("root: " + rootGroupVO.getGroupName() );
@@ -344,7 +340,7 @@ public class MyVREsServiceImpl extends RemoteServiceServlet implements	MyVREsSer
 		return new AuthorizationBean(tempCode, state, true, null);
 	}
 	/**
-	 * we post to the auth service a temporary code to be used within seconds from the application
+	 * post to the memcached cluster a temporary code to be used within 10 seconds from the application
 	 * @param qToken the user qualifier token
 	 * @param tempCode the temporary code
 	 * @param clientId tha app id
@@ -353,73 +349,23 @@ public class MyVREsServiceImpl extends RemoteServiceServlet implements	MyVREsSer
 	 */
 	@SuppressWarnings("unchecked")
 	private boolean authorizeApplication(String infrastructureName, String qToken, String tempCode, String clientId, String redirectURL) {
-
-		String fullPath2oAuthService = null;
 		try {
-			fullPath2oAuthService = AuthUtil.getOAuthServiceEndPoint(infrastructureName) + 
-					"/v2/push-authentication-code?gcube-token=" + qToken;
-		} catch (Exception e1) {
-			_log.error("failed to discover oauth service endpoint ");
-			return false;			
-		}
-
-		JSONObject object = new JSONObject();
-		object.put("code", tempCode);
-		object.put("redirect_uri", redirectURL);
-		object.put("client_id", clientId);
-		try {
-			String USER_AGENT = "Mozilla/5.0";  
-			URL obj = new URL(fullPath2oAuthService);  
-			HttpURLConnection con = (HttpURLConnection) obj.openConnection();  
-
-			// Setting basic post request  
-			con.setRequestMethod("POST");  
-			con.setRequestProperty("User-Agent", USER_AGENT);  
-			con.setRequestProperty("Accept-Language", "en-US,en;q=0.5");  
-			con.setRequestProperty("Content-Type","application/json");  
-
-			String postJsonData = object.toJSONString();
-
-			con.setDoOutput(true);  
-			DataOutputStream wr = new DataOutputStream(con.getOutputStream());  
-			wr.writeBytes(postJsonData);  
-			wr.flush();  
-			wr.close();  
-
-			int responseCode = con.getResponseCode();  
-
-			boolean redirect = false;
-			// normally, 3xx is redirect
-			int status = con.getResponseCode();
-			if (status != HttpURLConnection.HTTP_OK) {
-				if (status == HttpURLConnection.HTTP_MOVED_TEMP
-						|| status == HttpURLConnection.HTTP_MOVED_PERM
-						|| status == HttpURLConnection.HTTP_SEE_OTHER)
-					redirect = true;
-			}
-
-			if (redirect) 
-				// get redirect url from "location" header field
-				fullPath2oAuthService = con.getHeaderField("Location");		
-
-			CloseableHttpClient httpClient = HttpClientBuilder.create().setRedirectStrategy(new LaxRedirectStrategy()).build();
-			HttpPost httpPostRequest = new HttpPost(fullPath2oAuthService);
-			httpPostRequest.addHeader("Content-type", "application/json");
-			StringEntity params = new StringEntity(object.toJSONString(), ContentType.APPLICATION_JSON);
-			httpPostRequest.setEntity(params);
-			HttpResponse response = httpClient.execute(httpPostRequest);
-			responseCode = response.getStatusLine().getStatusCode();
-			if (responseCode < 200 || responseCode >= 300) {
-				_log.error("error: response status line from "
-						+ fullPath2oAuthService + " was: " + responseCode);
-				return false;				
-			}
-			//			
-		}catch(Exception e){
-			_log.error("Failed to perform request", e);
+			//instance the client if first time
+			if (entries == null)
+				entries = DistributedCacheClient.getInstance().getMemcachedClient();
+			//retrieve the context of the token owner
+			String context = authorizationService().get(qToken).getContext();
+			JSONObject object = new JSONObject();
+			object.put("token", qToken);
+			object.put("context", context);
+			object.put("redirect_uri", redirectURL);
+			object.put("client_id", clientId);
+			String JSONData = object.toJSONString();
+			entries.set(tempCode, CACHE_SECONDS_EXPIRATION, JSONData);			
+		} catch (Exception e) {
+			e.printStackTrace();
 			return false;
-		}
-
+		} 
 		return true;
 	}