Rationalized logs
This commit is contained in:
parent
9aafc0d289
commit
a80f07c759
|
@ -15,7 +15,7 @@ public abstract class AbstractOIDCToSitesAndRolesMapper implements OIDCToSitesAn
|
|||
public AbstractOIDCToSitesAndRolesMapper(Map<String, List<String>> resourceName2AccessRoles) {
|
||||
super();
|
||||
this.resourceName2AccessRoles = resourceName2AccessRoles;
|
||||
logger.info("Resource name to access roles: " + resourceName2AccessRoles);
|
||||
logger.info("Resource name to access roles: {}", resourceName2AccessRoles);
|
||||
}
|
||||
|
||||
}
|
|
@ -5,8 +5,13 @@ import java.util.Collections;
|
|||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
public class SlashSeparatedContextMapper extends AbstractOIDCToSitesAndRolesMapper {
|
||||
|
||||
protected static final Logger logger = LoggerFactory.getLogger(SlashSeparatedContextMapper.class);
|
||||
|
||||
private static final Boolean FAULT_TOLERANT = Boolean.TRUE;
|
||||
|
||||
private static final String SPLIT_REGEXP = "/";
|
||||
|
@ -34,13 +39,9 @@ public class SlashSeparatedContextMapper extends AbstractOIDCToSitesAndRolesMapp
|
|||
for (String site : sites) {
|
||||
logger.info("Checking site: " + site);
|
||||
List<String> roles = resourceName2AccessRoles.get(site);
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Roles for site are: " + roles);
|
||||
}
|
||||
logger.debug("Roles for site are: {}", roles);
|
||||
String[] siteTokens = site.split(SPLIT_REGEXP);
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Tokens are: " + siteTokens.length);
|
||||
}
|
||||
logger.debug("Tokens are: {}", siteTokens.length);
|
||||
if (siteTokens.length < MINIMUM_TOKENS) {
|
||||
String message = "Found " + siteTokens.length + " tokens only. Minimum should be: " + MINIMUM_TOKENS;
|
||||
if (FAULT_TOLERANT) {
|
||||
|
@ -51,11 +52,9 @@ public class SlashSeparatedContextMapper extends AbstractOIDCToSitesAndRolesMapp
|
|||
}
|
||||
}
|
||||
String rootVO = siteTokens[ROOT_VO_TOKEN_INDEX];
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Root VO is: " + rootVO);
|
||||
}
|
||||
logger.debug("Root VO is: {}", rootVO);
|
||||
if (!rootSite.equals(rootVO)) {
|
||||
logger.info("Skipping evaluation of site tree not belonging to this Root VO: " + rootVO);
|
||||
logger.info("Skipping evaluation of site tree not belonging to this Root VO: {}", rootVO);
|
||||
continue;
|
||||
} else {
|
||||
logger.info("Site belongs to this Root VO");
|
||||
|
@ -66,27 +65,23 @@ public class SlashSeparatedContextMapper extends AbstractOIDCToSitesAndRolesMapp
|
|||
gwSitesTree = new Site(rootVO, null);
|
||||
}
|
||||
String vo = siteTokens[VO_TOKEN_INDEX];
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("VO is: " + vo);
|
||||
}
|
||||
logger.debug("VO is: {}", vo);
|
||||
if (siteTokens.length == VRE_TOKEN_INDEX + 1) {
|
||||
if (!gwSitesTree.getChildren().containsKey(vo)) {
|
||||
logger.warn(vo + " VO's permissions are not set for user");
|
||||
gwSitesTree.getChildren().put(vo, new Site(vo, null));
|
||||
}
|
||||
String vre = siteTokens[VRE_TOKEN_INDEX];
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("VRE is: " + vre);
|
||||
}
|
||||
logger.info("Adding leaf site: " + vre);
|
||||
logger.debug("VRE is: {}", vre);
|
||||
logger.info("Adding leaf site: {}", vre);
|
||||
gwSitesTree.getChildren().get(vo).getChildren().put(vre, new Site(vre, roles));
|
||||
} else if (!gwSitesTree.getChildren().containsKey(vo)) {
|
||||
logger.info("Creating site for VO: " + vo);
|
||||
logger.info("Creating site for VO: {}", vo);
|
||||
gwSitesTree.getChildren().put(vo, new Site(vo, roles));
|
||||
}
|
||||
} else {
|
||||
if (gwSitesTree == null) {
|
||||
logger.info("Creating site for Root VO: " + rootVO);
|
||||
logger.info("Creating site for Root VO: {}", rootVO);
|
||||
gwSitesTree = new Site(rootVO, roles);
|
||||
} else {
|
||||
if (gwSitesTree.getRoles() == null) {
|
||||
|
|
|
@ -31,9 +31,7 @@ public class JWTToken implements Serializable {
|
|||
|
||||
public static JWTToken fromString(String tokenString) {
|
||||
if (tokenString == null) {
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Token string is null, cannot create token object");
|
||||
}
|
||||
logger.debug("Token string is null, cannot create token object");
|
||||
return null;
|
||||
}
|
||||
try {
|
||||
|
@ -50,7 +48,7 @@ public class JWTToken implements Serializable {
|
|||
}
|
||||
|
||||
private void parse() throws ParseException {
|
||||
token = (JSONObject) new JSONParser().parse(this.raw);
|
||||
token = (JSONObject) new JSONParser().parse(this.raw);
|
||||
String[] parts = getAccessTokenString().split("\\.");
|
||||
payload = (JSONObject) new JSONParser().parse(new String(Base64.getDecoder().decode(parts[1])));
|
||||
}
|
||||
|
@ -99,7 +97,7 @@ public class JWTToken implements Serializable {
|
|||
|
||||
public List<String> getAud() {
|
||||
List<String> audienceStrings = new ArrayList<>();
|
||||
Object audience = getPayload().get("aud");
|
||||
Object audience = getPayload().get("aud");
|
||||
if (audience instanceof String) {
|
||||
audienceStrings.add((String) audience);
|
||||
} else if (audience instanceof JSONArray) {
|
||||
|
@ -182,7 +180,6 @@ public class JWTToken implements Serializable {
|
|||
return permissionsRSName;
|
||||
}
|
||||
|
||||
|
||||
public List<String> getAuthorizationPermissionRSNameResourceScopes(String rsname) {
|
||||
List<String> scopes = new ArrayList<>();
|
||||
JSONArray permissions = getAuthorizationPermissions();
|
||||
|
@ -202,7 +199,7 @@ public class JWTToken implements Serializable {
|
|||
|
||||
public Map<String, List<String>> getAuthorizationPermissionRSNameToResourceScopesMap() {
|
||||
Map<String, List<String>> map = new HashMap<>();
|
||||
for (String aprn : getAuthorizationPermissionRSNames() ) {
|
||||
for (String aprn : getAuthorizationPermissionRSNames()) {
|
||||
map.put(aprn, getAuthorizationPermissionRSNameResourceScopes(aprn));
|
||||
}
|
||||
return map;
|
||||
|
|
|
@ -40,9 +40,7 @@ public class OpenIdConnectRESTHelper {
|
|||
String q = params.entrySet().stream().flatMap(p -> p.getValue().stream().map(v -> p.getKey() + "=" + v))
|
||||
.reduce((p1, p2) -> p1 + "&" + p2).orElse("");
|
||||
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Query string is: " + q);
|
||||
}
|
||||
logger.debug("Query string is: {}", q);
|
||||
return q;
|
||||
}
|
||||
|
||||
|
@ -70,16 +68,12 @@ public class OpenIdConnectRESTHelper {
|
|||
Map<String, List<String>> params)
|
||||
throws Exception {
|
||||
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Querying access token from OIDC server with URL: " + tokenURL);
|
||||
}
|
||||
logger.debug("Querying access token from OIDC server with URL: {}", tokenURL);
|
||||
HttpURLConnection httpURLConnection = performURLEncodedPOSTSendData(tokenURL, params, authorization);
|
||||
|
||||
StringBuilder sb = new StringBuilder();
|
||||
int httpResultCode = httpURLConnection.getResponseCode();
|
||||
if (logger.isTraceEnabled()) {
|
||||
logger.trace("HTTP Response code: " + httpResultCode);
|
||||
}
|
||||
logger.trace("HTTP Response code: {}", httpResultCode);
|
||||
if (httpResultCode != HttpURLConnection.HTTP_OK) {
|
||||
BufferedReader br = new BufferedReader(new InputStreamReader(httpURLConnection.getErrorStream(), "UTF-8"));
|
||||
String line = null;
|
||||
|
@ -109,17 +103,13 @@ public class OpenIdConnectRESTHelper {
|
|||
con.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
|
||||
con.setRequestProperty("Accept", "application/json");
|
||||
if (authorization != null) {
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Adding authorization header as: " + authorization);
|
||||
}
|
||||
logger.debug("Adding authorization header as: {}", authorization);
|
||||
con.setRequestProperty("Authorization", authorization);
|
||||
}
|
||||
OutputStream os = con.getOutputStream();
|
||||
|
||||
String queryString = mapToQueryString(params);
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Parameters query string is: " + queryString);
|
||||
}
|
||||
logger.debug("Parameters query string is: {}", queryString);
|
||||
os.write(queryString.getBytes("UTF-8"));
|
||||
os.close();
|
||||
return con;
|
||||
|
@ -170,14 +160,10 @@ public class OpenIdConnectRESTHelper {
|
|||
|
||||
protected static String getClientIdFromToken(JWTToken token) {
|
||||
String clientId;
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Client id not provided, using authorized party field (azp)");
|
||||
}
|
||||
logger.debug("Client id not provided, using authorized party field (azp)");
|
||||
clientId = token.getAzp();
|
||||
if (clientId == null) {
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Authorized party field (azp) not present, getting one of the audience field (aud)");
|
||||
}
|
||||
logger.debug("Authorized party field (azp) not present, getting one of the audience field (aud)");
|
||||
clientId = getFirstAudienceNoAccount(token);
|
||||
}
|
||||
return clientId;
|
||||
|
@ -213,7 +199,7 @@ public class OpenIdConnectRESTHelper {
|
|||
logger.info("Logout performed correctly");
|
||||
return true;
|
||||
} else {
|
||||
logger.error("Cannot perfrom logout: [" + responseCode + "] " + httpURLConnection.getResponseMessage());
|
||||
logger.error("Cannot perfrom logout: [{}] {}", responseCode, httpURLConnection.getResponseMessage());
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
|
|
@ -9,8 +9,13 @@ public class RestHelperTest {
|
|||
|
||||
public static void main(String[] args) throws Exception {
|
||||
URL tokenURL = new URL("https://nubis2.int.d4science.net/auth/realms/d4science/protocol/openid-connect/token");
|
||||
System.out.println(OpenIdConnectRESTHelper.queryClientToken(
|
||||
"lr62_portal", "28726d01-9f24-4ef4-a057-3d208d96aaa0", tokenURL));
|
||||
JWTToken token = OpenIdConnectRESTHelper.queryClientToken("lr62_portal", "28726d01-9f24-4ef4-a057-3d208d96aaa0",
|
||||
tokenURL);
|
||||
|
||||
// System.out.println(token.getExpAsDate());
|
||||
System.out.println(token.getAzp());
|
||||
// Thread.sleep((token.getExp() * 1000 - System.currentTimeMillis() + 5000));
|
||||
// System.out.println(token.isExpired());
|
||||
}
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue