gCubeSystem
/
oidc-library
17
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Rationalized logs

This commit is contained in:
Mauro Mugnaini 2020-07-03 17:31:19 +02:00
parent 9aafc0d289
commit a80f07c759
5 changed files with 36 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/java/org/gcube/oidc/AbstractOIDCToSitesAndRolesMapper.java
View File

@ -15,7 +15,7 @@ public abstract class AbstractOIDCToSitesAndRolesMapper implements OIDCToSitesAn
public AbstractOIDCToSitesAndRolesMapper(Map<String, List<String>> resourceName2AccessRoles) { public AbstractOIDCToSitesAndRolesMapper(Map<String, List<String>> resourceName2AccessRoles) {
super(); super();
this.resourceName2AccessRoles = resourceName2AccessRoles; this.resourceName2AccessRoles = resourceName2AccessRoles;
logger.info("Resource name to access roles: " + resourceName2AccessRoles); logger.info("Resource name to access roles: {}", resourceName2AccessRoles);
} }
} }

33
src/main/java/org/gcube/oidc/SlashSeparatedContextMapper.java
View File

@ -5,8 +5,13 @@ import java.util.Collections;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class SlashSeparatedContextMapper extends AbstractOIDCToSitesAndRolesMapper { public class SlashSeparatedContextMapper extends AbstractOIDCToSitesAndRolesMapper {
protected static final Logger logger = LoggerFactory.getLogger(SlashSeparatedContextMapper.class);
private static final Boolean FAULT_TOLERANT = Boolean.TRUE; private static final Boolean FAULT_TOLERANT = Boolean.TRUE;
private static final String SPLIT_REGEXP = "/"; private static final String SPLIT_REGEXP = "/";
@ -34,13 +39,9 @@ public class SlashSeparatedContextMapper extends AbstractOIDCToSitesAndRolesMapp
for (String site : sites) { for (String site : sites) {
logger.info("Checking site: " + site); logger.info("Checking site: " + site);
List<String> roles = resourceName2AccessRoles.get(site); List<String> roles = resourceName2AccessRoles.get(site);
if (logger.isDebugEnabled()) { logger.debug("Roles for site are: {}", roles);
logger.debug("Roles for site are: " + roles);
}
String[] siteTokens = site.split(SPLIT_REGEXP); String[] siteTokens = site.split(SPLIT_REGEXP);
if (logger.isDebugEnabled()) { logger.debug("Tokens are: {}", siteTokens.length);
logger.debug("Tokens are: " + siteTokens.length);
}
if (siteTokens.length < MINIMUM_TOKENS) { if (siteTokens.length < MINIMUM_TOKENS) {
String message = "Found " + siteTokens.length + " tokens only. Minimum should be: " + MINIMUM_TOKENS; String message = "Found " + siteTokens.length + " tokens only. Minimum should be: " + MINIMUM_TOKENS;
if (FAULT_TOLERANT) { if (FAULT_TOLERANT) {
@ -51,11 +52,9 @@ public class SlashSeparatedContextMapper extends AbstractOIDCToSitesAndRolesMapp
} }
} }
String rootVO = siteTokens[ROOT_VO_TOKEN_INDEX]; String rootVO = siteTokens[ROOT_VO_TOKEN_INDEX];
if (logger.isDebugEnabled()) { logger.debug("Root VO is: {}", rootVO);
logger.debug("Root VO is: " + rootVO);
}
if (!rootSite.equals(rootVO)) { if (!rootSite.equals(rootVO)) {
logger.info("Skipping evaluation of site tree not belonging to this Root VO: " + rootVO); logger.info("Skipping evaluation of site tree not belonging to this Root VO: {}", rootVO);
continue; continue;
} else { } else {
logger.info("Site belongs to this Root VO"); logger.info("Site belongs to this Root VO");
@ -66,27 +65,23 @@ public class SlashSeparatedContextMapper extends AbstractOIDCToSitesAndRolesMapp
gwSitesTree = new Site(rootVO, null); gwSitesTree = new Site(rootVO, null);
} }
String vo = siteTokens[VO_TOKEN_INDEX]; String vo = siteTokens[VO_TOKEN_INDEX];
if (logger.isDebugEnabled()) { logger.debug("VO is: {}", vo);
logger.debug("VO is: " + vo);
}
if (siteTokens.length == VRE_TOKEN_INDEX + 1) { if (siteTokens.length == VRE_TOKEN_INDEX + 1) {
if (!gwSitesTree.getChildren().containsKey(vo)) { if (!gwSitesTree.getChildren().containsKey(vo)) {
logger.warn(vo + " VO's permissions are not set for user"); logger.warn(vo + " VO's permissions are not set for user");
gwSitesTree.getChildren().put(vo, new Site(vo, null)); gwSitesTree.getChildren().put(vo, new Site(vo, null));
} }
String vre = siteTokens[VRE_TOKEN_INDEX]; String vre = siteTokens[VRE_TOKEN_INDEX];
if (logger.isDebugEnabled()) { logger.debug("VRE is: {}", vre);
logger.debug("VRE is: " + vre); logger.info("Adding leaf site: {}", vre);
}
logger.info("Adding leaf site: " + vre);
gwSitesTree.getChildren().get(vo).getChildren().put(vre, new Site(vre, roles)); gwSitesTree.getChildren().get(vo).getChildren().put(vre, new Site(vre, roles));
} else if (!gwSitesTree.getChildren().containsKey(vo)) { } else if (!gwSitesTree.getChildren().containsKey(vo)) {
logger.info("Creating site for VO: " + vo); logger.info("Creating site for VO: {}", vo);
gwSitesTree.getChildren().put(vo, new Site(vo, roles)); gwSitesTree.getChildren().put(vo, new Site(vo, roles));
} }
} else { } else {
if (gwSitesTree == null) { if (gwSitesTree == null) {
logger.info("Creating site for Root VO: " + rootVO); logger.info("Creating site for Root VO: {}", rootVO);
gwSitesTree = new Site(rootVO, roles); gwSitesTree = new Site(rootVO, roles);
} else { } else {
if (gwSitesTree.getRoles() == null) { if (gwSitesTree.getRoles() == null) {

5
src/main/java/org/gcube/oidc/rest/JWTToken.java
View File

@ -31,9 +31,7 @@ public class JWTToken implements Serializable {
public static JWTToken fromString(String tokenString) { public static JWTToken fromString(String tokenString) {
if (tokenString == null) { if (tokenString == null) {
if (logger.isDebugEnabled()) {
logger.debug("Token string is null, cannot create token object"); logger.debug("Token string is null, cannot create token object");
}
return null; return null;
} }
try { try {
@ -182,7 +180,6 @@ public class JWTToken implements Serializable {
return permissionsRSName; return permissionsRSName;
} }
public List<String> getAuthorizationPermissionRSNameResourceScopes(String rsname) { public List<String> getAuthorizationPermissionRSNameResourceScopes(String rsname) {
List<String> scopes = new ArrayList<>(); List<String> scopes = new ArrayList<>();
JSONArray permissions = getAuthorizationPermissions(); JSONArray permissions = getAuthorizationPermissions();
@ -202,7 +199,7 @@ public class JWTToken implements Serializable {
public Map<String, List<String>> getAuthorizationPermissionRSNameToResourceScopesMap() { public Map<String, List<String>> getAuthorizationPermissionRSNameToResourceScopesMap() {
Map<String, List<String>> map = new HashMap<>(); Map<String, List<String>> map = new HashMap<>();
for (String aprn : getAuthorizationPermissionRSNames() ) { for (String aprn : getAuthorizationPermissionRSNames()) {
map.put(aprn, getAuthorizationPermissionRSNameResourceScopes(aprn)); map.put(aprn, getAuthorizationPermissionRSNameResourceScopes(aprn));
} }
return map; return map;

26
src/main/java/org/gcube/oidc/rest/OpenIdConnectRESTHelper.java
View File

@ -40,9 +40,7 @@ public class OpenIdConnectRESTHelper {
String q = params.entrySet().stream().flatMap(p -> p.getValue().stream().map(v -> p.getKey() + "=" + v)) String q = params.entrySet().stream().flatMap(p -> p.getValue().stream().map(v -> p.getKey() + "=" + v))
.reduce((p1, p2) -> p1 + "&" + p2).orElse(""); .reduce((p1, p2) -> p1 + "&" + p2).orElse("");
if (logger.isDebugEnabled()) { logger.debug("Query string is: {}", q);
logger.debug("Query string is: " + q);
}
return q; return q;
} }
@ -70,16 +68,12 @@ public class OpenIdConnectRESTHelper {
Map<String, List<String>> params) Map<String, List<String>> params)
throws Exception { throws Exception {
if (logger.isDebugEnabled()) { logger.debug("Querying access token from OIDC server with URL: {}", tokenURL);
logger.debug("Querying access token from OIDC server with URL: " + tokenURL);
}
HttpURLConnection httpURLConnection = performURLEncodedPOSTSendData(tokenURL, params, authorization); HttpURLConnection httpURLConnection = performURLEncodedPOSTSendData(tokenURL, params, authorization);
StringBuilder sb = new StringBuilder(); StringBuilder sb = new StringBuilder();
int httpResultCode = httpURLConnection.getResponseCode(); int httpResultCode = httpURLConnection.getResponseCode();
if (logger.isTraceEnabled()) { logger.trace("HTTP Response code: {}", httpResultCode);
logger.trace("HTTP Response code: " + httpResultCode);
}
if (httpResultCode != HttpURLConnection.HTTP_OK) { if (httpResultCode != HttpURLConnection.HTTP_OK) {
BufferedReader br = new BufferedReader(new InputStreamReader(httpURLConnection.getErrorStream(), "UTF-8")); BufferedReader br = new BufferedReader(new InputStreamReader(httpURLConnection.getErrorStream(), "UTF-8"));
String line = null; String line = null;
@ -109,17 +103,13 @@ public class OpenIdConnectRESTHelper {
con.setRequestProperty("Content-Type", "application/x-www-form-urlencoded"); con.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
con.setRequestProperty("Accept", "application/json"); con.setRequestProperty("Accept", "application/json");
if (authorization != null) { if (authorization != null) {
if (logger.isDebugEnabled()) { logger.debug("Adding authorization header as: {}", authorization);
logger.debug("Adding authorization header as: " + authorization);
}
con.setRequestProperty("Authorization", authorization); con.setRequestProperty("Authorization", authorization);
} }
OutputStream os = con.getOutputStream(); OutputStream os = con.getOutputStream();
String queryString = mapToQueryString(params); String queryString = mapToQueryString(params);
if (logger.isDebugEnabled()) { logger.debug("Parameters query string is: {}", queryString);
logger.debug("Parameters query string is: " + queryString);
}
os.write(queryString.getBytes("UTF-8")); os.write(queryString.getBytes("UTF-8"));
os.close(); os.close();
return con; return con;
@ -170,14 +160,10 @@ public class OpenIdConnectRESTHelper {
protected static String getClientIdFromToken(JWTToken token) { protected static String getClientIdFromToken(JWTToken token) {
String clientId; String clientId;
if (logger.isDebugEnabled()) {
logger.debug("Client id not provided, using authorized party field (azp)"); logger.debug("Client id not provided, using authorized party field (azp)");
}
clientId = token.getAzp(); clientId = token.getAzp();
if (clientId == null) { if (clientId == null) {
if (logger.isDebugEnabled()) {
logger.debug("Authorized party field (azp) not present, getting one of the audience field (aud)"); logger.debug("Authorized party field (azp) not present, getting one of the audience field (aud)");
}
clientId = getFirstAudienceNoAccount(token); clientId = getFirstAudienceNoAccount(token);
} }
return clientId; return clientId;
@ -213,7 +199,7 @@ public class OpenIdConnectRESTHelper {
logger.info("Logout performed correctly"); logger.info("Logout performed correctly");
return true; return true;
} else { } else {
logger.error("Cannot perfrom logout: [" + responseCode + "] " + httpURLConnection.getResponseMessage()); logger.error("Cannot perfrom logout: [{}] {}", responseCode, httpURLConnection.getResponseMessage());
} }
return false; return false;
} }

9
src/test/java/org/gcube/oidc/rest/RestHelperTest.java
View File

@ -9,8 +9,13 @@ public class RestHelperTest {
public static void main(String[] args) throws Exception { public static void main(String[] args) throws Exception {
URL tokenURL = new URL("https://nubis2.int.d4science.net/auth/realms/d4science/protocol/openid-connect/token"); URL tokenURL = new URL("https://nubis2.int.d4science.net/auth/realms/d4science/protocol/openid-connect/token");
System.out.println(OpenIdConnectRESTHelper.queryClientToken( JWTToken token = OpenIdConnectRESTHelper.queryClientToken("lr62_portal", "28726d01-9f24-4ef4-a057-3d208d96aaa0",
"lr62_portal", "28726d01-9f24-4ef4-a057-3d208d96aaa0", tokenURL)); tokenURL);
// System.out.println(token.getExpAsDate());
System.out.println(token.getAzp());
// Thread.sleep((token.getExp() * 1000 - System.currentTimeMillis() + 5000));
// System.out.println(token.isExpired());
} }
} }