Intial GIT commit
This commit is contained in:
Mauro Mugnaini
commit
e5ab4acec1
|
|
@ -0,0 +1,39 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<classpath>
|
||||
<classpathentry kind="src" output="target/classes" path="src/main/java">
|
||||
<attributes>
|
||||
<attribute name="optional" value="true"/>
|
||||
<attribute name="maven.pomderived" value="true"/>
|
||||
</attributes>
|
||||
</classpathentry>
|
||||
<classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources">
|
||||
<attributes>
|
||||
<attribute name="maven.pomderived" value="true"/>
|
||||
</attributes>
|
||||
</classpathentry>
|
||||
<classpathentry kind="src" output="target/test-classes" path="src/test/java">
|
||||
<attributes>
|
||||
<attribute name="optional" value="true"/>
|
||||
<attribute name="maven.pomderived" value="true"/>
|
||||
<attribute name="test" value="true"/>
|
||||
</attributes>
|
||||
</classpathentry>
|
||||
<classpathentry excluding="**" kind="src" output="target/test-classes" path="src/test/resources">
|
||||
<attributes>
|
||||
<attribute name="maven.pomderived" value="true"/>
|
||||
<attribute name="test" value="true"/>
|
||||
</attributes>
|
||||
</classpathentry>
|
||||
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.8">
|
||||
<attributes>
|
||||
<attribute name="maven.pomderived" value="true"/>
|
||||
</attributes>
|
||||
</classpathentry>
|
||||
<classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER">
|
||||
<attributes>
|
||||
<attribute name="maven.pomderived" value="true"/>
|
||||
<attribute name="org.eclipse.jst.component.nondependency" value=""/>
|
||||
</attributes>
|
||||
</classpathentry>
|
||||
<classpathentry kind="output" path="target/classes"/>
|
||||
</classpath>
|
||||
|
|
@ -0,0 +1 @@
|
|||
target
|
||||
|
|
@ -0,0 +1,36 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<projectDescription>
|
||||
<name>oidc-library-portal</name>
|
||||
<comment></comment>
|
||||
<projects>
|
||||
</projects>
|
||||
<buildSpec>
|
||||
<buildCommand>
|
||||
<name>org.eclipse.wst.common.project.facet.core.builder</name>
|
||||
<arguments>
|
||||
</arguments>
|
||||
</buildCommand>
|
||||
<buildCommand>
|
||||
<name>org.eclipse.jdt.core.javabuilder</name>
|
||||
<arguments>
|
||||
</arguments>
|
||||
</buildCommand>
|
||||
<buildCommand>
|
||||
<name>org.eclipse.wst.validation.validationbuilder</name>
|
||||
<arguments>
|
||||
</arguments>
|
||||
</buildCommand>
|
||||
<buildCommand>
|
||||
<name>org.eclipse.m2e.core.maven2Builder</name>
|
||||
<arguments>
|
||||
</arguments>
|
||||
</buildCommand>
|
||||
</buildSpec>
|
||||
<natures>
|
||||
<nature>org.eclipse.jem.workbench.JavaEMFNature</nature>
|
||||
<nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature>
|
||||
<nature>org.eclipse.jdt.core.javanature</nature>
|
||||
<nature>org.eclipse.m2e.core.maven2Nature</nature>
|
||||
<nature>org.eclipse.wst.common.project.facet.core.nature</nature>
|
||||
</natures>
|
||||
</projectDescription>
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
eclipse.preferences.version=1
|
||||
encoding//src/main/java=UTF-8
|
||||
encoding//src/main/resources=UTF-8
|
||||
encoding//src/test/java=UTF-8
|
||||
encoding//src/test/resources=UTF-8
|
||||
encoding/<project>=UTF-8
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
eclipse.preferences.version=1
|
||||
org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
|
||||
org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.8
|
||||
org.eclipse.jdt.core.compiler.compliance=1.8
|
||||
org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
|
||||
org.eclipse.jdt.core.compiler.problem.enablePreviewFeatures=disabled
|
||||
org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
|
||||
org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
|
||||
org.eclipse.jdt.core.compiler.problem.reportPreviewFeatures=ignore
|
||||
org.eclipse.jdt.core.compiler.release=disabled
|
||||
org.eclipse.jdt.core.compiler.source=1.8
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
activeProfiles=gcube-developer
|
||||
eclipse.preferences.version=1
|
||||
resolveWorkspaceProjects=true
|
||||
version=1
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?><project-modules id="moduleCoreId" project-version="1.5.0">
|
||||
<wb-module deploy-name="oidc-library-portal">
|
||||
<wb-resource deploy-path="/" source-path="/src/main/java"/>
|
||||
<wb-resource deploy-path="/" source-path="/src/main/resources"/>
|
||||
</wb-module>
|
||||
</project-modules>
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<faceted-project>
|
||||
<installed facet="java" version="1.8"/>
|
||||
<installed facet="jst.utility" version="1.0"/>
|
||||
</faceted-project>
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
disabled=06target
|
||||
eclipse.preferences.version=1
|
||||
|
|
@ -0,0 +1,73 @@
|
|||
<project xmlns="http://maven.apache.org/POM/4.0.0"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
|
||||
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<groupId>org.gcube.portal</groupId>
|
||||
<artifactId>oidc-library-portal</artifactId>
|
||||
<version>0.2.0</version>
|
||||
<parent>
|
||||
<artifactId>maven-parent</artifactId>
|
||||
<groupId>org.gcube.tools</groupId>
|
||||
<version>1.1.0</version>
|
||||
<relativePath />
|
||||
</parent>
|
||||
<properties>
|
||||
<java-version>1.8</java-version>
|
||||
<keycloak-version>9.0.3</keycloak-version>
|
||||
<slf4j-version>1.7.30</slf4j-version>
|
||||
<log4j-version>1.2.17</log4j-version>
|
||||
</properties>
|
||||
<dependencyManagement>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.gcube.distribution</groupId>
|
||||
<artifactId>maven-portal-bom</artifactId>
|
||||
<version>3.6.0</version>
|
||||
<type>pom</type>
|
||||
<scope>import</scope>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
</dependencyManagement>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.gcube.common</groupId>
|
||||
<artifactId>oidc-library</artifactId>
|
||||
<version>[0.1.0,)</version>
|
||||
<scope>compile</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.slf4j</groupId>
|
||||
<artifactId>slf4j-api</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.slf4j</groupId>
|
||||
<artifactId>slf4j-log4j12</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.gcube.dvos</groupId>
|
||||
<artifactId>usermanagement-core</artifactId>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>com.liferay.portal</groupId>
|
||||
<artifactId>portal-service</artifactId>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>com.liferay.portal</groupId>
|
||||
<artifactId>util-java</artifactId>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>javax.portlet</groupId>
|
||||
<artifactId>portlet-api</artifactId>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>javax.servlet</groupId>
|
||||
<artifactId>javax.servlet-api</artifactId>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
</project>
|
||||
|
|
@ -0,0 +1,118 @@
|
|||
package com.nubisware.oidc.lr62;
|
||||
|
||||
import java.util.Collections;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
import com.liferay.portal.kernel.exception.SystemException;
|
||||
import com.liferay.portal.kernel.log.Log;
|
||||
import com.liferay.portal.kernel.log.LogFactoryUtil;
|
||||
import com.liferay.portal.kernel.util.PrefsPropsUtil;
|
||||
import com.liferay.portal.security.auth.CompanyThreadLocal;
|
||||
import com.liferay.portal.util.PortalUtil;
|
||||
import com.nubisware.oidc.rest.OpenIdConnectConfiguration;
|
||||
|
||||
public class LiferayOpenIdConnectConfiguration implements OpenIdConnectConfiguration {
|
||||
|
||||
protected static final Log log = LogFactoryUtil.getLog(LiferayOpenIdConnectConfiguration.class);
|
||||
|
||||
public static Map<Long, LiferayOpenIdConnectConfiguration> companyId2Configuration = Collections
|
||||
.synchronizedMap(new HashMap<Long, LiferayOpenIdConnectConfiguration>());
|
||||
|
||||
private Long companyId;
|
||||
private String authorizationUrl;
|
||||
private String tokenUrl;
|
||||
private String logoutUrl;
|
||||
private String issuerUrl;
|
||||
private String clientId;
|
||||
private String scope;
|
||||
private boolean logoutOnPortalLogout;
|
||||
private boolean createUnexistingUser;
|
||||
|
||||
public static synchronized LiferayOpenIdConnectConfiguration getConfiguration(Long companyId) {
|
||||
log.trace("Getting config from companyId");
|
||||
if (!companyId2Configuration.containsKey(companyId)) {
|
||||
companyId2Configuration.put(companyId, new LiferayOpenIdConnectConfiguration(companyId));
|
||||
}
|
||||
return companyId2Configuration.get(companyId);
|
||||
}
|
||||
|
||||
public static synchronized LiferayOpenIdConnectConfiguration getConfiguration(HttpServletRequest request) {
|
||||
log.trace("Getting config from request");
|
||||
return LiferayOpenIdConnectConfiguration.getConfiguration(PortalUtil.getCompanyId(request));
|
||||
}
|
||||
|
||||
public static synchronized LiferayOpenIdConnectConfiguration getConfiguration() {
|
||||
log.trace("Getting config from thread local");
|
||||
return LiferayOpenIdConnectConfiguration.getConfiguration(CompanyThreadLocal.getCompanyId());
|
||||
}
|
||||
|
||||
private LiferayOpenIdConnectConfiguration(Long companyId) {
|
||||
log.info("Creating config from companyId: " + companyId);
|
||||
this.companyId = companyId;
|
||||
try {
|
||||
this.authorizationUrl = PrefsPropsUtil.getString(companyId, "d4science.oidc-authorization");
|
||||
this.tokenUrl = PrefsPropsUtil.getString(companyId, "d4science.oidc-token");
|
||||
this.logoutUrl = PrefsPropsUtil.getString(companyId, "d4science.oidc-logout");
|
||||
this.issuerUrl = PrefsPropsUtil.getString(companyId, "d4science.oidc-issuer");
|
||||
this.clientId = PrefsPropsUtil.getString(companyId, "d4science.oidc-client-id");
|
||||
this.scope = PrefsPropsUtil.getString(companyId, "d4science.oidc-scope");
|
||||
this.logoutOnPortalLogout = PrefsPropsUtil.getBoolean(companyId, "d4science.oidc-logout-on-portal-logout");
|
||||
this.createUnexistingUser = PrefsPropsUtil.getBoolean(companyId, "d4science.oidc-create-unexisting-user");
|
||||
} catch (SystemException e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
log.info("authorizationUrl=" + getAuthorizationUrl());
|
||||
log.info("tokenUrl=" + getTokenUrl());
|
||||
log.info("logoutUrl=" + getLogoutUrl());
|
||||
log.info("issuerUrl=" + getIssuerUrl());
|
||||
log.info("clientId=" + getClientId());
|
||||
log.info("scope=" + getScope());
|
||||
log.info("logoutOnPortalLogout=" + logoutOnPortalLogout());
|
||||
log.info("createUnexistingUser=" + createUnexistingUser());
|
||||
}
|
||||
|
||||
public Long getCompanyId() {
|
||||
return companyId;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getAuthorizationUrl() {
|
||||
return this.authorizationUrl;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getTokenUrl() {
|
||||
return this.tokenUrl;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getLogoutUrl() {
|
||||
return this.logoutUrl;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getIssuerUrl() {
|
||||
return this.issuerUrl;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getClientId() {
|
||||
return this.clientId;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getScope() {
|
||||
return this.scope;
|
||||
}
|
||||
|
||||
public boolean logoutOnPortalLogout() {
|
||||
return this.logoutOnPortalLogout;
|
||||
}
|
||||
|
||||
public boolean createUnexistingUser() {
|
||||
return this.createUnexistingUser;
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,241 @@
|
|||
package com.nubisware.oidc.lr62;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.TreeMap;
|
||||
|
||||
import org.gcube.vomanagement.usermanagement.GroupManager;
|
||||
import org.gcube.vomanagement.usermanagement.RoleManager;
|
||||
import org.gcube.vomanagement.usermanagement.UserManager;
|
||||
import org.gcube.vomanagement.usermanagement.exception.GroupRetrievalFault;
|
||||
import org.gcube.vomanagement.usermanagement.exception.RoleRetrievalFault;
|
||||
import org.gcube.vomanagement.usermanagement.exception.UserManagementPortalException;
|
||||
import org.gcube.vomanagement.usermanagement.exception.UserManagementSystemException;
|
||||
import org.gcube.vomanagement.usermanagement.exception.UserRetrievalFault;
|
||||
import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager;
|
||||
import org.gcube.vomanagement.usermanagement.impl.LiferayRoleManager;
|
||||
import org.gcube.vomanagement.usermanagement.impl.LiferayUserManager;
|
||||
import org.gcube.vomanagement.usermanagement.model.GCubeGroup;
|
||||
import org.gcube.vomanagement.usermanagement.model.GCubeRole;
|
||||
|
||||
import com.liferay.portal.kernel.log.Log;
|
||||
import com.liferay.portal.kernel.log.LogFactoryUtil;
|
||||
import com.liferay.portal.model.User;
|
||||
import com.liferay.portal.security.auth.PrincipalThreadLocal;
|
||||
import com.liferay.portal.security.permission.PermissionCheckerFactoryUtil;
|
||||
import com.liferay.portal.security.permission.PermissionThreadLocal;
|
||||
import com.liferay.portal.service.UserLocalServiceUtil;
|
||||
import com.nubisware.oidc.gcube.D4ScienceMappings;
|
||||
import com.nubisware.oidc.gcube.OIDCToSitesAndRolesMapper;
|
||||
import com.nubisware.oidc.gcube.Site;
|
||||
import com.nubisware.oidc.gcube.SitesMapperExecption;
|
||||
|
||||
public class UserSitesToGroupsAndRolesMapper {
|
||||
|
||||
protected static final Log log = LogFactoryUtil.getLog(UserSitesToGroupsAndRolesMapper.class);
|
||||
|
||||
protected User user;
|
||||
protected OIDCToSitesAndRolesMapper mapper;
|
||||
protected UserManager userManager;
|
||||
protected GroupManager groupManager;
|
||||
protected RoleManager roleManager;
|
||||
protected GCubeGroup rootVOGCubeGroup;
|
||||
protected Map<GCubeGroup, List<GCubeRole>> actualGroupAndRoles;
|
||||
protected Map<String, GCubeRole> roleNameToRole;
|
||||
|
||||
public UserSitesToGroupsAndRolesMapper(User user, OIDCToSitesAndRolesMapper mapper) {
|
||||
this.user = user;
|
||||
this.mapper = mapper;
|
||||
try {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Creating the permission checker for admin user");
|
||||
}
|
||||
long adminUserId = LiferayUserManager.getAdmin().getUserId();
|
||||
PrincipalThreadLocal.setName(adminUserId);
|
||||
PermissionThreadLocal.setPermissionChecker(
|
||||
PermissionCheckerFactoryUtil.create(UserLocalServiceUtil.getUser(adminUserId)));
|
||||
|
||||
} catch (Exception e) {
|
||||
log.fatal("Cannot create permission checker for admin user", e);
|
||||
return;
|
||||
}
|
||||
userManager = new LiferayUserManager();
|
||||
groupManager = new LiferayGroupManager();
|
||||
roleManager = new LiferayRoleManager();
|
||||
try {
|
||||
this.rootVOGCubeGroup = groupManager.getRootVO();
|
||||
} catch (UserManagementSystemException | GroupRetrievalFault e) {
|
||||
log.error("Cannot get infrastructure's Root VO", e);
|
||||
return;
|
||||
}
|
||||
try {
|
||||
actualGroupAndRoles = groupManager.listGroupsAndRolesByUser(user.getUserId());
|
||||
} catch (UserManagementSystemException e) {
|
||||
log.error("Cannot get sites and roles membership for user", e);
|
||||
return;
|
||||
}
|
||||
roleNameToRole = new TreeMap<>();
|
||||
for (GCubeRole role : roleManager.listAllGroupRoles()) {
|
||||
roleNameToRole.put(role.getRoleName(), role);
|
||||
}
|
||||
}
|
||||
|
||||
public void map() {
|
||||
log.info("Mapping roles to sites for user: " + user.getScreenName());
|
||||
Site gwSitesTree = null;
|
||||
try {
|
||||
gwSitesTree = mapper.map(rootVOGCubeGroup.getGroupName());
|
||||
if (log.isInfoEnabled()) {
|
||||
log.info("Sites tree is: " + gwSitesTree.dump());
|
||||
}
|
||||
} catch (SitesMapperExecption e) {
|
||||
log.error("Computing sites tree in concrete mapper class", e);
|
||||
}
|
||||
if (gwSitesTree != null) {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Check user to sites assignemnts");
|
||||
}
|
||||
rolesToSiteDescendant(gwSitesTree, null);
|
||||
}
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Check user to sites removal");
|
||||
}
|
||||
checkForVRERemoval(gwSitesTree);
|
||||
}
|
||||
|
||||
|
||||
protected void rolesToSiteDescendant(Site actualSite, GCubeGroup parentGroup) {
|
||||
GCubeGroup actualSiteGroup = null;
|
||||
try {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Getting actual site group from group manager, actual site name=" + actualSite.getName());
|
||||
}
|
||||
actualSiteGroup = groupManager.getGroup(groupManager.getGroupId(actualSite.getName()));
|
||||
} catch (UserManagementSystemException | GroupRetrievalFault e) {
|
||||
log.error("Cannot retrieve group for site: " + actualSite.getName(), e);
|
||||
return;
|
||||
}
|
||||
try {
|
||||
if (groupManager.isVRE(actualSiteGroup.getGroupId()) && !actualGroupAndRoles.containsKey(actualSiteGroup)) {
|
||||
log.info("Assigning user to new VRE site: " + actualSiteGroup.getGroupName());
|
||||
userManager.assignUserToGroup(actualSiteGroup.getGroupId(), user.getUserId());
|
||||
if (actualSite.getRoles() != null && !actualSite.getRoles().isEmpty()) {
|
||||
log.info("Assiging roles for the VRE site");
|
||||
for (String roleName : actualSite.getRoles()) {
|
||||
if (D4ScienceMappings.Role.MEMBER.asString().equals(roleName)) {
|
||||
// Member role is only to assure that the user belongs to context
|
||||
continue;
|
||||
}
|
||||
roleManager.assignRoleToUser(user.getUserId(), actualSiteGroup.getGroupId(),
|
||||
roleNameToRole.get(roleName).getRoleId());
|
||||
}
|
||||
// Since it's a VRE we can return
|
||||
return;
|
||||
} else {
|
||||
log.info("User has no roles in the VRE site");
|
||||
}
|
||||
}
|
||||
} catch (UserManagementSystemException | GroupRetrievalFault | UserRetrievalFault
|
||||
| UserManagementPortalException | RoleRetrievalFault | RuntimeException e) {
|
||||
|
||||
log.error("Assigning user to new VRE site: " + actualSiteGroup.getGroupName(), e);
|
||||
}
|
||||
if (actualSite.getRoles() != null) {
|
||||
List<GCubeRole> actualSiteGroupRoles = actualGroupAndRoles.get(actualSiteGroup);
|
||||
List<String> newRoles = new ArrayList<>(actualSite.getRoles());
|
||||
// Removing the Member role that is not a real role in LR
|
||||
newRoles.remove(D4ScienceMappings.Role.MEMBER.asString());
|
||||
if (actualSiteGroupRoles != null && !actualSiteGroupRoles.isEmpty()) {
|
||||
log.info("Checking actual roles in the dite group");
|
||||
for (GCubeRole gcRole : actualSiteGroupRoles) {
|
||||
String actualSiteName = actualSite.getName();
|
||||
String gcRoleName = gcRole.getRoleName();
|
||||
if (!actualSite.getRoles().contains(gcRoleName)) {
|
||||
try {
|
||||
log.info("Removing '" + gcRoleName + "' user's role for site: " + actualSiteName);
|
||||
roleManager.removeRoleFromUser(user.getUserId(), actualSiteGroup.getGroupId(),
|
||||
gcRole.getRoleId());
|
||||
} catch (UserManagementSystemException | UserRetrievalFault | GroupRetrievalFault
|
||||
| RoleRetrievalFault e) {
|
||||
log.error(
|
||||
"Cannot remove user's role '" + gcRoleName + "' for site: " + actualSite.getName(),
|
||||
e);
|
||||
continue;
|
||||
}
|
||||
} else {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Removing site role from the roles list: " + gcRoleName);
|
||||
}
|
||||
newRoles.remove(gcRoleName);
|
||||
}
|
||||
}
|
||||
} else {
|
||||
log.info("User actually has no roles in the site group");
|
||||
}
|
||||
// Adding roles that remaining in newRoles list, if any, for the user in this
|
||||
// site
|
||||
for (String newRole : newRoles) {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Adding new role to user. New role=" + newRole);
|
||||
}
|
||||
GCubeRole newGcRole = roleNameToRole.get(newRole);
|
||||
if (newGcRole != null) {
|
||||
try {
|
||||
log.info("Assinging new role '" + newRole + "' to user");
|
||||
roleManager.assignRoleToUser(user.getUserId(), actualSiteGroup.getGroupId(),
|
||||
newGcRole.getRoleId());
|
||||
} catch (UserManagementSystemException | UserRetrievalFault | GroupRetrievalFault
|
||||
| RoleRetrievalFault e) {
|
||||
log.error("Cannot assign new role '" + newRole + "' for site: " + actualSite.getName(), e);
|
||||
continue;
|
||||
}
|
||||
} else {
|
||||
log.warn("New site's gc role is null (doesn't exist?) after getting it from role manager: "
|
||||
+ newRole);
|
||||
}
|
||||
}
|
||||
} else {
|
||||
log.info("Roles were not set, continuing descending letting them untouched in site: "
|
||||
+ actualSite.getName());
|
||||
}
|
||||
for (String childSite : actualSite.getChildren().keySet()) {
|
||||
log.info("Recursive call to child site: " + childSite);
|
||||
rolesToSiteDescendant(actualSite.getChildren().get(childSite), actualSiteGroup);
|
||||
}
|
||||
}
|
||||
|
||||
protected void checkForVRERemoval(Site gwSitesTree) {
|
||||
List<String> vreNames = new ArrayList<>();
|
||||
if (gwSitesTree != null) {
|
||||
log.debug("Collecting VREs user belongs to");
|
||||
for (String voName : gwSitesTree.getChildren().keySet()) {
|
||||
for (String vreName : gwSitesTree.getChildren().get(voName).getChildren().keySet()) {
|
||||
log.debug("Adding VRE to the list: " + vreName);
|
||||
vreNames.add(vreName);
|
||||
}
|
||||
}
|
||||
} else {
|
||||
log.info("User not belongs to any site");
|
||||
}
|
||||
for (GCubeGroup actualGroup : actualGroupAndRoles.keySet()) {
|
||||
try {
|
||||
if (groupManager.isVRE(actualGroup.getGroupId()) && !vreNames.contains(actualGroup.getGroupName())) {
|
||||
log.info("Removing user from VRE: " + actualGroup.getGroupName());
|
||||
try {
|
||||
userManager.dismissUserFromGroup(actualGroup.getGroupId(), user.getUserId());
|
||||
} catch (UserRetrievalFault e) {
|
||||
log.error("Removing user from VRE: " + actualGroup.getGroupName(), e);
|
||||
}
|
||||
} else {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("User still belong to VRE: " + actualGroup.getGroupName());
|
||||
}
|
||||
}
|
||||
} catch (UserManagementSystemException | GroupRetrievalFault e) {
|
||||
log.error("Checking if site group is a VRE", e);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -0,0 +1,39 @@
|
|||
<?xml version="1.0" encoding="UTF-8" ?>
|
||||
<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
|
||||
<log4j:configuration
|
||||
xmlns="http://jakarta.apache.org/log4j/"
|
||||
xmlns:log4j="http://jakarta.apache.org/log4j/">
|
||||
|
||||
<appender name="console"
|
||||
class="org.apache.log4j.ConsoleAppender">
|
||||
<layout class="org.apache.log4j.PatternLayout">
|
||||
<param name="ConversionPattern"
|
||||
value="%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n" />
|
||||
</layout>
|
||||
</appender>
|
||||
<logger name="org.gcube" additivity="false">
|
||||
<level value="DEBUG" />
|
||||
<appender-ref ref="console" />
|
||||
</logger>
|
||||
<logger name="org.keycloak" additivity="false">
|
||||
<level value="DEBUG" />
|
||||
<appender-ref ref="console" />
|
||||
</logger>
|
||||
<logger name="org.jboss" additivity="false">
|
||||
<level value="INFO" />
|
||||
<appender-ref ref="console" />
|
||||
</logger>
|
||||
<logger name="org.apache.commons.httpclient" additivity="false">
|
||||
<level value="DEBUG" />
|
||||
<appender-ref ref="console" />
|
||||
</logger>
|
||||
<!-- <logger name="httpclient.wire" additivity="false"> -->
|
||||
<!-- <level value="DEBUG" /> -->
|
||||
<!-- <appender-ref ref="console" /> -->
|
||||
<!-- </logger> -->
|
||||
<root>
|
||||
<level value="INFO" />
|
||||
<appender-ref ref="console" />
|
||||
</root>
|
||||
|
||||
</log4j:configuration>
|
||||
Loading…
Reference in New Issue