Rationalized logs
This commit is contained in:
parent
9aafc0d289
commit
a80f07c759
|
@ -15,7 +15,7 @@ public abstract class AbstractOIDCToSitesAndRolesMapper implements OIDCToSitesAn
|
||||||
public AbstractOIDCToSitesAndRolesMapper(Map<String, List<String>> resourceName2AccessRoles) {
|
public AbstractOIDCToSitesAndRolesMapper(Map<String, List<String>> resourceName2AccessRoles) {
|
||||||
super();
|
super();
|
||||||
this.resourceName2AccessRoles = resourceName2AccessRoles;
|
this.resourceName2AccessRoles = resourceName2AccessRoles;
|
||||||
logger.info("Resource name to access roles: " + resourceName2AccessRoles);
|
logger.info("Resource name to access roles: {}", resourceName2AccessRoles);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
|
@ -5,8 +5,13 @@ import java.util.Collections;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
|
||||||
|
import org.slf4j.Logger;
|
||||||
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
public class SlashSeparatedContextMapper extends AbstractOIDCToSitesAndRolesMapper {
|
public class SlashSeparatedContextMapper extends AbstractOIDCToSitesAndRolesMapper {
|
||||||
|
|
||||||
|
protected static final Logger logger = LoggerFactory.getLogger(SlashSeparatedContextMapper.class);
|
||||||
|
|
||||||
private static final Boolean FAULT_TOLERANT = Boolean.TRUE;
|
private static final Boolean FAULT_TOLERANT = Boolean.TRUE;
|
||||||
|
|
||||||
private static final String SPLIT_REGEXP = "/";
|
private static final String SPLIT_REGEXP = "/";
|
||||||
|
@ -34,13 +39,9 @@ public class SlashSeparatedContextMapper extends AbstractOIDCToSitesAndRolesMapp
|
||||||
for (String site : sites) {
|
for (String site : sites) {
|
||||||
logger.info("Checking site: " + site);
|
logger.info("Checking site: " + site);
|
||||||
List<String> roles = resourceName2AccessRoles.get(site);
|
List<String> roles = resourceName2AccessRoles.get(site);
|
||||||
if (logger.isDebugEnabled()) {
|
logger.debug("Roles for site are: {}", roles);
|
||||||
logger.debug("Roles for site are: " + roles);
|
|
||||||
}
|
|
||||||
String[] siteTokens = site.split(SPLIT_REGEXP);
|
String[] siteTokens = site.split(SPLIT_REGEXP);
|
||||||
if (logger.isDebugEnabled()) {
|
logger.debug("Tokens are: {}", siteTokens.length);
|
||||||
logger.debug("Tokens are: " + siteTokens.length);
|
|
||||||
}
|
|
||||||
if (siteTokens.length < MINIMUM_TOKENS) {
|
if (siteTokens.length < MINIMUM_TOKENS) {
|
||||||
String message = "Found " + siteTokens.length + " tokens only. Minimum should be: " + MINIMUM_TOKENS;
|
String message = "Found " + siteTokens.length + " tokens only. Minimum should be: " + MINIMUM_TOKENS;
|
||||||
if (FAULT_TOLERANT) {
|
if (FAULT_TOLERANT) {
|
||||||
|
@ -51,11 +52,9 @@ public class SlashSeparatedContextMapper extends AbstractOIDCToSitesAndRolesMapp
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
String rootVO = siteTokens[ROOT_VO_TOKEN_INDEX];
|
String rootVO = siteTokens[ROOT_VO_TOKEN_INDEX];
|
||||||
if (logger.isDebugEnabled()) {
|
logger.debug("Root VO is: {}", rootVO);
|
||||||
logger.debug("Root VO is: " + rootVO);
|
|
||||||
}
|
|
||||||
if (!rootSite.equals(rootVO)) {
|
if (!rootSite.equals(rootVO)) {
|
||||||
logger.info("Skipping evaluation of site tree not belonging to this Root VO: " + rootVO);
|
logger.info("Skipping evaluation of site tree not belonging to this Root VO: {}", rootVO);
|
||||||
continue;
|
continue;
|
||||||
} else {
|
} else {
|
||||||
logger.info("Site belongs to this Root VO");
|
logger.info("Site belongs to this Root VO");
|
||||||
|
@ -66,27 +65,23 @@ public class SlashSeparatedContextMapper extends AbstractOIDCToSitesAndRolesMapp
|
||||||
gwSitesTree = new Site(rootVO, null);
|
gwSitesTree = new Site(rootVO, null);
|
||||||
}
|
}
|
||||||
String vo = siteTokens[VO_TOKEN_INDEX];
|
String vo = siteTokens[VO_TOKEN_INDEX];
|
||||||
if (logger.isDebugEnabled()) {
|
logger.debug("VO is: {}", vo);
|
||||||
logger.debug("VO is: " + vo);
|
|
||||||
}
|
|
||||||
if (siteTokens.length == VRE_TOKEN_INDEX + 1) {
|
if (siteTokens.length == VRE_TOKEN_INDEX + 1) {
|
||||||
if (!gwSitesTree.getChildren().containsKey(vo)) {
|
if (!gwSitesTree.getChildren().containsKey(vo)) {
|
||||||
logger.warn(vo + " VO's permissions are not set for user");
|
logger.warn(vo + " VO's permissions are not set for user");
|
||||||
gwSitesTree.getChildren().put(vo, new Site(vo, null));
|
gwSitesTree.getChildren().put(vo, new Site(vo, null));
|
||||||
}
|
}
|
||||||
String vre = siteTokens[VRE_TOKEN_INDEX];
|
String vre = siteTokens[VRE_TOKEN_INDEX];
|
||||||
if (logger.isDebugEnabled()) {
|
logger.debug("VRE is: {}", vre);
|
||||||
logger.debug("VRE is: " + vre);
|
logger.info("Adding leaf site: {}", vre);
|
||||||
}
|
|
||||||
logger.info("Adding leaf site: " + vre);
|
|
||||||
gwSitesTree.getChildren().get(vo).getChildren().put(vre, new Site(vre, roles));
|
gwSitesTree.getChildren().get(vo).getChildren().put(vre, new Site(vre, roles));
|
||||||
} else if (!gwSitesTree.getChildren().containsKey(vo)) {
|
} else if (!gwSitesTree.getChildren().containsKey(vo)) {
|
||||||
logger.info("Creating site for VO: " + vo);
|
logger.info("Creating site for VO: {}", vo);
|
||||||
gwSitesTree.getChildren().put(vo, new Site(vo, roles));
|
gwSitesTree.getChildren().put(vo, new Site(vo, roles));
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
if (gwSitesTree == null) {
|
if (gwSitesTree == null) {
|
||||||
logger.info("Creating site for Root VO: " + rootVO);
|
logger.info("Creating site for Root VO: {}", rootVO);
|
||||||
gwSitesTree = new Site(rootVO, roles);
|
gwSitesTree = new Site(rootVO, roles);
|
||||||
} else {
|
} else {
|
||||||
if (gwSitesTree.getRoles() == null) {
|
if (gwSitesTree.getRoles() == null) {
|
||||||
|
|
|
@ -31,9 +31,7 @@ public class JWTToken implements Serializable {
|
||||||
|
|
||||||
public static JWTToken fromString(String tokenString) {
|
public static JWTToken fromString(String tokenString) {
|
||||||
if (tokenString == null) {
|
if (tokenString == null) {
|
||||||
if (logger.isDebugEnabled()) {
|
logger.debug("Token string is null, cannot create token object");
|
||||||
logger.debug("Token string is null, cannot create token object");
|
|
||||||
}
|
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
try {
|
try {
|
||||||
|
@ -50,7 +48,7 @@ public class JWTToken implements Serializable {
|
||||||
}
|
}
|
||||||
|
|
||||||
private void parse() throws ParseException {
|
private void parse() throws ParseException {
|
||||||
token = (JSONObject) new JSONParser().parse(this.raw);
|
token = (JSONObject) new JSONParser().parse(this.raw);
|
||||||
String[] parts = getAccessTokenString().split("\\.");
|
String[] parts = getAccessTokenString().split("\\.");
|
||||||
payload = (JSONObject) new JSONParser().parse(new String(Base64.getDecoder().decode(parts[1])));
|
payload = (JSONObject) new JSONParser().parse(new String(Base64.getDecoder().decode(parts[1])));
|
||||||
}
|
}
|
||||||
|
@ -99,7 +97,7 @@ public class JWTToken implements Serializable {
|
||||||
|
|
||||||
public List<String> getAud() {
|
public List<String> getAud() {
|
||||||
List<String> audienceStrings = new ArrayList<>();
|
List<String> audienceStrings = new ArrayList<>();
|
||||||
Object audience = getPayload().get("aud");
|
Object audience = getPayload().get("aud");
|
||||||
if (audience instanceof String) {
|
if (audience instanceof String) {
|
||||||
audienceStrings.add((String) audience);
|
audienceStrings.add((String) audience);
|
||||||
} else if (audience instanceof JSONArray) {
|
} else if (audience instanceof JSONArray) {
|
||||||
|
@ -134,7 +132,7 @@ public class JWTToken implements Serializable {
|
||||||
public String getDisplayName() {
|
public String getDisplayName() {
|
||||||
return (String) getPayload().get("name");
|
return (String) getPayload().get("name");
|
||||||
}
|
}
|
||||||
|
|
||||||
protected JSONObject getResourceAccess() {
|
protected JSONObject getResourceAccess() {
|
||||||
return (JSONObject) getPayload().get("resource_access");
|
return (JSONObject) getPayload().get("resource_access");
|
||||||
}
|
}
|
||||||
|
@ -182,7 +180,6 @@ public class JWTToken implements Serializable {
|
||||||
return permissionsRSName;
|
return permissionsRSName;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
public List<String> getAuthorizationPermissionRSNameResourceScopes(String rsname) {
|
public List<String> getAuthorizationPermissionRSNameResourceScopes(String rsname) {
|
||||||
List<String> scopes = new ArrayList<>();
|
List<String> scopes = new ArrayList<>();
|
||||||
JSONArray permissions = getAuthorizationPermissions();
|
JSONArray permissions = getAuthorizationPermissions();
|
||||||
|
@ -202,9 +199,9 @@ public class JWTToken implements Serializable {
|
||||||
|
|
||||||
public Map<String, List<String>> getAuthorizationPermissionRSNameToResourceScopesMap() {
|
public Map<String, List<String>> getAuthorizationPermissionRSNameToResourceScopesMap() {
|
||||||
Map<String, List<String>> map = new HashMap<>();
|
Map<String, List<String>> map = new HashMap<>();
|
||||||
for (String aprn : getAuthorizationPermissionRSNames() ) {
|
for (String aprn : getAuthorizationPermissionRSNames()) {
|
||||||
map.put(aprn, getAuthorizationPermissionRSNameResourceScopes(aprn));
|
map.put(aprn, getAuthorizationPermissionRSNameResourceScopes(aprn));
|
||||||
}
|
}
|
||||||
return map;
|
return map;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -40,9 +40,7 @@ public class OpenIdConnectRESTHelper {
|
||||||
String q = params.entrySet().stream().flatMap(p -> p.getValue().stream().map(v -> p.getKey() + "=" + v))
|
String q = params.entrySet().stream().flatMap(p -> p.getValue().stream().map(v -> p.getKey() + "=" + v))
|
||||||
.reduce((p1, p2) -> p1 + "&" + p2).orElse("");
|
.reduce((p1, p2) -> p1 + "&" + p2).orElse("");
|
||||||
|
|
||||||
if (logger.isDebugEnabled()) {
|
logger.debug("Query string is: {}", q);
|
||||||
logger.debug("Query string is: " + q);
|
|
||||||
}
|
|
||||||
return q;
|
return q;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -70,16 +68,12 @@ public class OpenIdConnectRESTHelper {
|
||||||
Map<String, List<String>> params)
|
Map<String, List<String>> params)
|
||||||
throws Exception {
|
throws Exception {
|
||||||
|
|
||||||
if (logger.isDebugEnabled()) {
|
logger.debug("Querying access token from OIDC server with URL: {}", tokenURL);
|
||||||
logger.debug("Querying access token from OIDC server with URL: " + tokenURL);
|
|
||||||
}
|
|
||||||
HttpURLConnection httpURLConnection = performURLEncodedPOSTSendData(tokenURL, params, authorization);
|
HttpURLConnection httpURLConnection = performURLEncodedPOSTSendData(tokenURL, params, authorization);
|
||||||
|
|
||||||
StringBuilder sb = new StringBuilder();
|
StringBuilder sb = new StringBuilder();
|
||||||
int httpResultCode = httpURLConnection.getResponseCode();
|
int httpResultCode = httpURLConnection.getResponseCode();
|
||||||
if (logger.isTraceEnabled()) {
|
logger.trace("HTTP Response code: {}", httpResultCode);
|
||||||
logger.trace("HTTP Response code: " + httpResultCode);
|
|
||||||
}
|
|
||||||
if (httpResultCode != HttpURLConnection.HTTP_OK) {
|
if (httpResultCode != HttpURLConnection.HTTP_OK) {
|
||||||
BufferedReader br = new BufferedReader(new InputStreamReader(httpURLConnection.getErrorStream(), "UTF-8"));
|
BufferedReader br = new BufferedReader(new InputStreamReader(httpURLConnection.getErrorStream(), "UTF-8"));
|
||||||
String line = null;
|
String line = null;
|
||||||
|
@ -109,17 +103,13 @@ public class OpenIdConnectRESTHelper {
|
||||||
con.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
|
con.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
|
||||||
con.setRequestProperty("Accept", "application/json");
|
con.setRequestProperty("Accept", "application/json");
|
||||||
if (authorization != null) {
|
if (authorization != null) {
|
||||||
if (logger.isDebugEnabled()) {
|
logger.debug("Adding authorization header as: {}", authorization);
|
||||||
logger.debug("Adding authorization header as: " + authorization);
|
|
||||||
}
|
|
||||||
con.setRequestProperty("Authorization", authorization);
|
con.setRequestProperty("Authorization", authorization);
|
||||||
}
|
}
|
||||||
OutputStream os = con.getOutputStream();
|
OutputStream os = con.getOutputStream();
|
||||||
|
|
||||||
String queryString = mapToQueryString(params);
|
String queryString = mapToQueryString(params);
|
||||||
if (logger.isDebugEnabled()) {
|
logger.debug("Parameters query string is: {}", queryString);
|
||||||
logger.debug("Parameters query string is: " + queryString);
|
|
||||||
}
|
|
||||||
os.write(queryString.getBytes("UTF-8"));
|
os.write(queryString.getBytes("UTF-8"));
|
||||||
os.close();
|
os.close();
|
||||||
return con;
|
return con;
|
||||||
|
@ -170,14 +160,10 @@ public class OpenIdConnectRESTHelper {
|
||||||
|
|
||||||
protected static String getClientIdFromToken(JWTToken token) {
|
protected static String getClientIdFromToken(JWTToken token) {
|
||||||
String clientId;
|
String clientId;
|
||||||
if (logger.isDebugEnabled()) {
|
logger.debug("Client id not provided, using authorized party field (azp)");
|
||||||
logger.debug("Client id not provided, using authorized party field (azp)");
|
|
||||||
}
|
|
||||||
clientId = token.getAzp();
|
clientId = token.getAzp();
|
||||||
if (clientId == null) {
|
if (clientId == null) {
|
||||||
if (logger.isDebugEnabled()) {
|
logger.debug("Authorized party field (azp) not present, getting one of the audience field (aud)");
|
||||||
logger.debug("Authorized party field (azp) not present, getting one of the audience field (aud)");
|
|
||||||
}
|
|
||||||
clientId = getFirstAudienceNoAccount(token);
|
clientId = getFirstAudienceNoAccount(token);
|
||||||
}
|
}
|
||||||
return clientId;
|
return clientId;
|
||||||
|
@ -213,7 +199,7 @@ public class OpenIdConnectRESTHelper {
|
||||||
logger.info("Logout performed correctly");
|
logger.info("Logout performed correctly");
|
||||||
return true;
|
return true;
|
||||||
} else {
|
} else {
|
||||||
logger.error("Cannot perfrom logout: [" + responseCode + "] " + httpURLConnection.getResponseMessage());
|
logger.error("Cannot perfrom logout: [{}] {}", responseCode, httpURLConnection.getResponseMessage());
|
||||||
}
|
}
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
|
@ -9,8 +9,13 @@ public class RestHelperTest {
|
||||||
|
|
||||||
public static void main(String[] args) throws Exception {
|
public static void main(String[] args) throws Exception {
|
||||||
URL tokenURL = new URL("https://nubis2.int.d4science.net/auth/realms/d4science/protocol/openid-connect/token");
|
URL tokenURL = new URL("https://nubis2.int.d4science.net/auth/realms/d4science/protocol/openid-connect/token");
|
||||||
System.out.println(OpenIdConnectRESTHelper.queryClientToken(
|
JWTToken token = OpenIdConnectRESTHelper.queryClientToken("lr62_portal", "28726d01-9f24-4ef4-a057-3d208d96aaa0",
|
||||||
"lr62_portal", "28726d01-9f24-4ef4-a057-3d208d96aaa0", tokenURL));
|
tokenURL);
|
||||||
|
|
||||||
|
// System.out.println(token.getExpAsDate());
|
||||||
|
System.out.println(token.getAzp());
|
||||||
|
// Thread.sleep((token.getExp() * 1000 - System.currentTimeMillis() + 5000));
|
||||||
|
// System.out.println(token.isExpired());
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue