Browse Source

Intial GIT commit

master
Mauro Mugnaini 2 years ago
commit
e5ab4acec1
  1. 39
      .classpath
  2. 1
      .gitignore
  3. 36
      .project
  4. 6
      .settings/org.eclipse.core.resources.prefs
  5. 11
      .settings/org.eclipse.jdt.core.prefs
  6. 4
      .settings/org.eclipse.m2e.core.prefs
  7. 6
      .settings/org.eclipse.wst.common.component
  8. 5
      .settings/org.eclipse.wst.common.project.facet.core.xml
  9. 2
      .settings/org.eclipse.wst.validation.prefs
  10. 73
      pom.xml
  11. 118
      src/main/java/com/nubisware/oidc/lr62/LiferayOpenIdConnectConfiguration.java
  12. 241
      src/main/java/com/nubisware/oidc/lr62/UserSitesToGroupsAndRolesMapper.java
  13. 39
      src/test/resources/log4j.xml

39
.classpath

@ -0,0 +1,39 @@
<?xml version="1.0" encoding="UTF-8"?>
<classpath>
<classpathentry kind="src" output="target/classes" path="src/main/java">
<attributes>
<attribute name="optional" value="true"/>
<attribute name="maven.pomderived" value="true"/>
</attributes>
</classpathentry>
<classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources">
<attributes>
<attribute name="maven.pomderived" value="true"/>
</attributes>
</classpathentry>
<classpathentry kind="src" output="target/test-classes" path="src/test/java">
<attributes>
<attribute name="optional" value="true"/>
<attribute name="maven.pomderived" value="true"/>
<attribute name="test" value="true"/>
</attributes>
</classpathentry>
<classpathentry excluding="**" kind="src" output="target/test-classes" path="src/test/resources">
<attributes>
<attribute name="maven.pomderived" value="true"/>
<attribute name="test" value="true"/>
</attributes>
</classpathentry>
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.8">
<attributes>
<attribute name="maven.pomderived" value="true"/>
</attributes>
</classpathentry>
<classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER">
<attributes>
<attribute name="maven.pomderived" value="true"/>
<attribute name="org.eclipse.jst.component.nondependency" value=""/>
</attributes>
</classpathentry>
<classpathentry kind="output" path="target/classes"/>
</classpath>

1
.gitignore

@ -0,0 +1 @@
target

36
.project

@ -0,0 +1,36 @@
<?xml version="1.0" encoding="UTF-8"?>
<projectDescription>
<name>oidc-library-portal</name>
<comment></comment>
<projects>
</projects>
<buildSpec>
<buildCommand>
<name>org.eclipse.wst.common.project.facet.core.builder</name>
<arguments>
</arguments>
</buildCommand>
<buildCommand>
<name>org.eclipse.jdt.core.javabuilder</name>
<arguments>
</arguments>
</buildCommand>
<buildCommand>
<name>org.eclipse.wst.validation.validationbuilder</name>
<arguments>
</arguments>
</buildCommand>
<buildCommand>
<name>org.eclipse.m2e.core.maven2Builder</name>
<arguments>
</arguments>
</buildCommand>
</buildSpec>
<natures>
<nature>org.eclipse.jem.workbench.JavaEMFNature</nature>
<nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature>
<nature>org.eclipse.jdt.core.javanature</nature>
<nature>org.eclipse.m2e.core.maven2Nature</nature>
<nature>org.eclipse.wst.common.project.facet.core.nature</nature>
</natures>
</projectDescription>

6
.settings/org.eclipse.core.resources.prefs

@ -0,0 +1,6 @@
eclipse.preferences.version=1
encoding//src/main/java=UTF-8
encoding//src/main/resources=UTF-8
encoding//src/test/java=UTF-8
encoding//src/test/resources=UTF-8
encoding/<project>=UTF-8

11
.settings/org.eclipse.jdt.core.prefs

@ -0,0 +1,11 @@
eclipse.preferences.version=1
org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.8
org.eclipse.jdt.core.compiler.compliance=1.8
org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
org.eclipse.jdt.core.compiler.problem.enablePreviewFeatures=disabled
org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
org.eclipse.jdt.core.compiler.problem.reportPreviewFeatures=ignore
org.eclipse.jdt.core.compiler.release=disabled
org.eclipse.jdt.core.compiler.source=1.8

4
.settings/org.eclipse.m2e.core.prefs

@ -0,0 +1,4 @@
activeProfiles=gcube-developer
eclipse.preferences.version=1
resolveWorkspaceProjects=true
version=1

6
.settings/org.eclipse.wst.common.component

@ -0,0 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?><project-modules id="moduleCoreId" project-version="1.5.0">
<wb-module deploy-name="oidc-library-portal">
<wb-resource deploy-path="/" source-path="/src/main/java"/>
<wb-resource deploy-path="/" source-path="/src/main/resources"/>
</wb-module>
</project-modules>

5
.settings/org.eclipse.wst.common.project.facet.core.xml

@ -0,0 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<faceted-project>
<installed facet="java" version="1.8"/>
<installed facet="jst.utility" version="1.0"/>
</faceted-project>

2
.settings/org.eclipse.wst.validation.prefs

@ -0,0 +1,2 @@
disabled=06target
eclipse.preferences.version=1

73
pom.xml

@ -0,0 +1,73 @@
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.gcube.portal</groupId>
<artifactId>oidc-library-portal</artifactId>
<version>0.2.0</version>
<parent>
<artifactId>maven-parent</artifactId>
<groupId>org.gcube.tools</groupId>
<version>1.1.0</version>
<relativePath />
</parent>
<properties>
<java-version>1.8</java-version>
<keycloak-version>9.0.3</keycloak-version>
<slf4j-version>1.7.30</slf4j-version>
<log4j-version>1.2.17</log4j-version>
</properties>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.gcube.distribution</groupId>
<artifactId>maven-portal-bom</artifactId>
<version>3.6.0</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<dependencies>
<dependency>
<groupId>org.gcube.common</groupId>
<artifactId>oidc-library</artifactId>
<version>[0.1.0,)</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
</dependency>
<dependency>
<groupId>org.gcube.dvos</groupId>
<artifactId>usermanagement-core</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>com.liferay.portal</groupId>
<artifactId>portal-service</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>com.liferay.portal</groupId>
<artifactId>util-java</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.portlet</groupId>
<artifactId>portlet-api</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<scope>provided</scope>
</dependency>
</dependencies>
</project>

118
src/main/java/com/nubisware/oidc/lr62/LiferayOpenIdConnectConfiguration.java

@ -0,0 +1,118 @@
package com.nubisware.oidc.lr62;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import com.liferay.portal.kernel.exception.SystemException;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.util.PrefsPropsUtil;
import com.liferay.portal.security.auth.CompanyThreadLocal;
import com.liferay.portal.util.PortalUtil;
import com.nubisware.oidc.rest.OpenIdConnectConfiguration;
public class LiferayOpenIdConnectConfiguration implements OpenIdConnectConfiguration {
protected static final Log log = LogFactoryUtil.getLog(LiferayOpenIdConnectConfiguration.class);
public static Map<Long, LiferayOpenIdConnectConfiguration> companyId2Configuration = Collections
.synchronizedMap(new HashMap<Long, LiferayOpenIdConnectConfiguration>());
private Long companyId;
private String authorizationUrl;
private String tokenUrl;
private String logoutUrl;
private String issuerUrl;
private String clientId;
private String scope;
private boolean logoutOnPortalLogout;
private boolean createUnexistingUser;
public static synchronized LiferayOpenIdConnectConfiguration getConfiguration(Long companyId) {
log.trace("Getting config from companyId");
if (!companyId2Configuration.containsKey(companyId)) {
companyId2Configuration.put(companyId, new LiferayOpenIdConnectConfiguration(companyId));
}
return companyId2Configuration.get(companyId);
}
public static synchronized LiferayOpenIdConnectConfiguration getConfiguration(HttpServletRequest request) {
log.trace("Getting config from request");
return LiferayOpenIdConnectConfiguration.getConfiguration(PortalUtil.getCompanyId(request));
}
public static synchronized LiferayOpenIdConnectConfiguration getConfiguration() {
log.trace("Getting config from thread local");
return LiferayOpenIdConnectConfiguration.getConfiguration(CompanyThreadLocal.getCompanyId());
}
private LiferayOpenIdConnectConfiguration(Long companyId) {
log.info("Creating config from companyId: " + companyId);
this.companyId = companyId;
try {
this.authorizationUrl = PrefsPropsUtil.getString(companyId, "d4science.oidc-authorization");
this.tokenUrl = PrefsPropsUtil.getString(companyId, "d4science.oidc-token");
this.logoutUrl = PrefsPropsUtil.getString(companyId, "d4science.oidc-logout");
this.issuerUrl = PrefsPropsUtil.getString(companyId, "d4science.oidc-issuer");
this.clientId = PrefsPropsUtil.getString(companyId, "d4science.oidc-client-id");
this.scope = PrefsPropsUtil.getString(companyId, "d4science.oidc-scope");
this.logoutOnPortalLogout = PrefsPropsUtil.getBoolean(companyId, "d4science.oidc-logout-on-portal-logout");
this.createUnexistingUser = PrefsPropsUtil.getBoolean(companyId, "d4science.oidc-create-unexisting-user");
} catch (SystemException e) {
throw new RuntimeException(e);
}
log.info("authorizationUrl=" + getAuthorizationUrl());
log.info("tokenUrl=" + getTokenUrl());
log.info("logoutUrl=" + getLogoutUrl());
log.info("issuerUrl=" + getIssuerUrl());
log.info("clientId=" + getClientId());
log.info("scope=" + getScope());
log.info("logoutOnPortalLogout=" + logoutOnPortalLogout());
log.info("createUnexistingUser=" + createUnexistingUser());
}
public Long getCompanyId() {
return companyId;
}
@Override
public String getAuthorizationUrl() {
return this.authorizationUrl;
}
@Override
public String getTokenUrl() {
return this.tokenUrl;
}
@Override
public String getLogoutUrl() {
return this.logoutUrl;
}
@Override
public String getIssuerUrl() {
return this.issuerUrl;
}
@Override
public String getClientId() {
return this.clientId;
}
@Override
public String getScope() {
return this.scope;
}
public boolean logoutOnPortalLogout() {
return this.logoutOnPortalLogout;
}
public boolean createUnexistingUser() {
return this.createUnexistingUser;
}
}

241
src/main/java/com/nubisware/oidc/lr62/UserSitesToGroupsAndRolesMapper.java

@ -0,0 +1,241 @@
package com.nubisware.oidc.lr62;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.TreeMap;
import org.gcube.vomanagement.usermanagement.GroupManager;
import org.gcube.vomanagement.usermanagement.RoleManager;
import org.gcube.vomanagement.usermanagement.UserManager;
import org.gcube.vomanagement.usermanagement.exception.GroupRetrievalFault;
import org.gcube.vomanagement.usermanagement.exception.RoleRetrievalFault;
import org.gcube.vomanagement.usermanagement.exception.UserManagementPortalException;
import org.gcube.vomanagement.usermanagement.exception.UserManagementSystemException;
import org.gcube.vomanagement.usermanagement.exception.UserRetrievalFault;
import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager;
import org.gcube.vomanagement.usermanagement.impl.LiferayRoleManager;
import org.gcube.vomanagement.usermanagement.impl.LiferayUserManager;
import org.gcube.vomanagement.usermanagement.model.GCubeGroup;
import org.gcube.vomanagement.usermanagement.model.GCubeRole;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.model.User;
import com.liferay.portal.security.auth.PrincipalThreadLocal;
import com.liferay.portal.security.permission.PermissionCheckerFactoryUtil;
import com.liferay.portal.security.permission.PermissionThreadLocal;
import com.liferay.portal.service.UserLocalServiceUtil;
import com.nubisware.oidc.gcube.D4ScienceMappings;
import com.nubisware.oidc.gcube.OIDCToSitesAndRolesMapper;
import com.nubisware.oidc.gcube.Site;
import com.nubisware.oidc.gcube.SitesMapperExecption;
public class UserSitesToGroupsAndRolesMapper {
protected static final Log log = LogFactoryUtil.getLog(UserSitesToGroupsAndRolesMapper.class);
protected User user;
protected OIDCToSitesAndRolesMapper mapper;
protected UserManager userManager;
protected GroupManager groupManager;
protected RoleManager roleManager;
protected GCubeGroup rootVOGCubeGroup;
protected Map<GCubeGroup, List<GCubeRole>> actualGroupAndRoles;
protected Map<String, GCubeRole> roleNameToRole;
public UserSitesToGroupsAndRolesMapper(User user, OIDCToSitesAndRolesMapper mapper) {
this.user = user;
this.mapper = mapper;
try {
if (log.isDebugEnabled()) {
log.debug("Creating the permission checker for admin user");
}
long adminUserId = LiferayUserManager.getAdmin().getUserId();
PrincipalThreadLocal.setName(adminUserId);
PermissionThreadLocal.setPermissionChecker(
PermissionCheckerFactoryUtil.create(UserLocalServiceUtil.getUser(adminUserId)));
} catch (Exception e) {
log.fatal("Cannot create permission checker for admin user", e);
return;
}
userManager = new LiferayUserManager();
groupManager = new LiferayGroupManager();
roleManager = new LiferayRoleManager();
try {
this.rootVOGCubeGroup = groupManager.getRootVO();
} catch (UserManagementSystemException | GroupRetrievalFault e) {
log.error("Cannot get infrastructure's Root VO", e);
return;
}
try {
actualGroupAndRoles = groupManager.listGroupsAndRolesByUser(user.getUserId());
} catch (UserManagementSystemException e) {
log.error("Cannot get sites and roles membership for user", e);
return;
}
roleNameToRole = new TreeMap<>();
for (GCubeRole role : roleManager.listAllGroupRoles()) {
roleNameToRole.put(role.getRoleName(), role);
}
}
public void map() {
log.info("Mapping roles to sites for user: " + user.getScreenName());
Site gwSitesTree = null;
try {
gwSitesTree = mapper.map(rootVOGCubeGroup.getGroupName());
if (log.isInfoEnabled()) {
log.info("Sites tree is: " + gwSitesTree.dump());
}
} catch (SitesMapperExecption e) {
log.error("Computing sites tree in concrete mapper class", e);
}
if (gwSitesTree != null) {
if (log.isDebugEnabled()) {
log.debug("Check user to sites assignemnts");
}
rolesToSiteDescendant(gwSitesTree, null);
}
if (log.isDebugEnabled()) {
log.debug("Check user to sites removal");
}
checkForVRERemoval(gwSitesTree);
}
protected void rolesToSiteDescendant(Site actualSite, GCubeGroup parentGroup) {
GCubeGroup actualSiteGroup = null;
try {
if (log.isDebugEnabled()) {
log.debug("Getting actual site group from group manager, actual site name=" + actualSite.getName());
}
actualSiteGroup = groupManager.getGroup(groupManager.getGroupId(actualSite.getName()));
} catch (UserManagementSystemException | GroupRetrievalFault e) {
log.error("Cannot retrieve group for site: " + actualSite.getName(), e);
return;
}
try {
if (groupManager.isVRE(actualSiteGroup.getGroupId()) && !actualGroupAndRoles.containsKey(actualSiteGroup)) {
log.info("Assigning user to new VRE site: " + actualSiteGroup.getGroupName());
userManager.assignUserToGroup(actualSiteGroup.getGroupId(), user.getUserId());
if (actualSite.getRoles() != null && !actualSite.getRoles().isEmpty()) {
log.info("Assiging roles for the VRE site");
for (String roleName : actualSite.getRoles()) {
if (D4ScienceMappings.Role.MEMBER.asString().equals(roleName)) {
// Member role is only to assure that the user belongs to context
continue;
}
roleManager.assignRoleToUser(user.getUserId(), actualSiteGroup.getGroupId(),
roleNameToRole.get(roleName).getRoleId());
}
// Since it's a VRE we can return
return;
} else {
log.info("User has no roles in the VRE site");
}
}
} catch (UserManagementSystemException | GroupRetrievalFault | UserRetrievalFault
| UserManagementPortalException | RoleRetrievalFault | RuntimeException e) {
log.error("Assigning user to new VRE site: " + actualSiteGroup.getGroupName(), e);
}
if (actualSite.getRoles() != null) {
List<GCubeRole> actualSiteGroupRoles = actualGroupAndRoles.get(actualSiteGroup);
List<String> newRoles = new ArrayList<>(actualSite.getRoles());
// Removing the Member role that is not a real role in LR
newRoles.remove(D4ScienceMappings.Role.MEMBER.asString());
if (actualSiteGroupRoles != null && !actualSiteGroupRoles.isEmpty()) {
log.info("Checking actual roles in the dite group");
for (GCubeRole gcRole : actualSiteGroupRoles) {
String actualSiteName = actualSite.getName();
String gcRoleName = gcRole.getRoleName();
if (!actualSite.getRoles().contains(gcRoleName)) {
try {
log.info("Removing '" + gcRoleName + "' user's role for site: " + actualSiteName);
roleManager.removeRoleFromUser(user.getUserId(), actualSiteGroup.getGroupId(),
gcRole.getRoleId());
} catch (UserManagementSystemException | UserRetrievalFault | GroupRetrievalFault
| RoleRetrievalFault e) {
log.error(
"Cannot remove user's role '" + gcRoleName + "' for site: " + actualSite.getName(),
e);
continue;
}
} else {
if (log.isDebugEnabled()) {
log.debug("Removing site role from the roles list: " + gcRoleName);
}
newRoles.remove(gcRoleName);
}
}
} else {
log.info("User actually has no roles in the site group");
}
// Adding roles that remaining in newRoles list, if any, for the user in this
// site
for (String newRole : newRoles) {
if (log.isDebugEnabled()) {
log.debug("Adding new role to user. New role=" + newRole);
}
GCubeRole newGcRole = roleNameToRole.get(newRole);
if (newGcRole != null) {
try {
log.info("Assinging new role '" + newRole + "' to user");
roleManager.assignRoleToUser(user.getUserId(), actualSiteGroup.getGroupId(),
newGcRole.getRoleId());
} catch (UserManagementSystemException | UserRetrievalFault | GroupRetrievalFault
| RoleRetrievalFault e) {
log.error("Cannot assign new role '" + newRole + "' for site: " + actualSite.getName(), e);
continue;
}
} else {
log.warn("New site's gc role is null (doesn't exist?) after getting it from role manager: "
+ newRole);
}
}
} else {
log.info("Roles were not set, continuing descending letting them untouched in site: "
+ actualSite.getName());
}
for (String childSite : actualSite.getChildren().keySet()) {
log.info("Recursive call to child site: " + childSite);
rolesToSiteDescendant(actualSite.getChildren().get(childSite), actualSiteGroup);
}
}
protected void checkForVRERemoval(Site gwSitesTree) {
List<String> vreNames = new ArrayList<>();
if (gwSitesTree != null) {
log.debug("Collecting VREs user belongs to");
for (String voName : gwSitesTree.getChildren().keySet()) {
for (String vreName : gwSitesTree.getChildren().get(voName).getChildren().keySet()) {
log.debug("Adding VRE to the list: " + vreName);
vreNames.add(vreName);
}
}
} else {
log.info("User not belongs to any site");
}
for (GCubeGroup actualGroup : actualGroupAndRoles.keySet()) {
try {
if (groupManager.isVRE(actualGroup.getGroupId()) && !vreNames.contains(actualGroup.getGroupName())) {
log.info("Removing user from VRE: " + actualGroup.getGroupName());
try {
userManager.dismissUserFromGroup(actualGroup.getGroupId(), user.getUserId());
} catch (UserRetrievalFault e) {
log.error("Removing user from VRE: " + actualGroup.getGroupName(), e);
}
} else {
if (log.isDebugEnabled()) {
log.debug("User still belong to VRE: " + actualGroup.getGroupName());
}
}
} catch (UserManagementSystemException | GroupRetrievalFault e) {
log.error("Checking if site group is a VRE", e);
}
}
}
}

39
src/test/resources/log4j.xml

@ -0,0 +1,39 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
<log4j:configuration
xmlns="http://jakarta.apache.org/log4j/"
xmlns:log4j="http://jakarta.apache.org/log4j/">
<appender name="console"
class="org.apache.log4j.ConsoleAppender">
<layout class="org.apache.log4j.PatternLayout">
<param name="ConversionPattern"
value="%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n" />
</layout>
</appender>
<logger name="org.gcube" additivity="false">
<level value="DEBUG" />
<appender-ref ref="console" />
</logger>
<logger name="org.keycloak" additivity="false">
<level value="DEBUG" />
<appender-ref ref="console" />
</logger>
<logger name="org.jboss" additivity="false">
<level value="INFO" />
<appender-ref ref="console" />
</logger>
<logger name="org.apache.commons.httpclient" additivity="false">
<level value="DEBUG" />
<appender-ref ref="console" />
</logger>
<!-- <logger name="httpclient.wire" additivity="false"> -->
<!-- <level value="DEBUG" /> -->
<!-- <appender-ref ref="console" /> -->
<!-- </logger> -->
<root>
<level value="INFO" />
<appender-ref ref="console" />
</root>
</log4j:configuration>
Loading…
Cancel
Save