gCubeSystem
/
oidc-library
17
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Rationalized logs

This commit is contained in:
Mauro Mugnaini 2020-07-03 17:31:19 +02:00
parent 9aafc0d289
commit a80f07c759
5 changed files with 36 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/java/org/gcube/oidc/AbstractOIDCToSitesAndRolesMapper.java
View File

@ -15,7 +15,7 @@ public abstract class AbstractOIDCToSitesAndRolesMapper implements OIDCToSitesAn
public AbstractOIDCToSitesAndRolesMapper(Map<String, List<String>> resourceName2AccessRoles) {
super();
this.resourceName2AccessRoles = resourceName2AccessRoles;
logger.info("Resource name to access roles: " + resourceName2AccessRoles);
logger.info("Resource name to access roles: {}", resourceName2AccessRoles);
}
}

33
src/main/java/org/gcube/oidc/SlashSeparatedContextMapper.java
View File

@ -5,8 +5,13 @@ import java.util.Collections;
import java.util.List;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class SlashSeparatedContextMapper extends AbstractOIDCToSitesAndRolesMapper {
protected static final Logger logger = LoggerFactory.getLogger(SlashSeparatedContextMapper.class);
private static final Boolean FAULT_TOLERANT = Boolean.TRUE;
private static final String SPLIT_REGEXP = "/";
@ -34,13 +39,9 @@ public class SlashSeparatedContextMapper extends AbstractOIDCToSitesAndRolesMapp
for (String site : sites) {
logger.info("Checking site: " + site);
List<String> roles = resourceName2AccessRoles.get(site);
if (logger.isDebugEnabled()) {
logger.debug("Roles for site are: " + roles);
}
logger.debug("Roles for site are: {}", roles);
String[] siteTokens = site.split(SPLIT_REGEXP);
if (logger.isDebugEnabled()) {
logger.debug("Tokens are: " + siteTokens.length);
}
logger.debug("Tokens are: {}", siteTokens.length);
if (siteTokens.length < MINIMUM_TOKENS) {
String message = "Found " + siteTokens.length + " tokens only. Minimum should be: " + MINIMUM_TOKENS;
if (FAULT_TOLERANT) {
@ -51,11 +52,9 @@ public class SlashSeparatedContextMapper extends AbstractOIDCToSitesAndRolesMapp
}
}
String rootVO = siteTokens[ROOT_VO_TOKEN_INDEX];
if (logger.isDebugEnabled()) {
logger.debug("Root VO is: " + rootVO);
}
logger.debug("Root VO is: {}", rootVO);
if (!rootSite.equals(rootVO)) {
logger.info("Skipping evaluation of site tree not belonging to this Root VO: " + rootVO);
logger.info("Skipping evaluation of site tree not belonging to this Root VO: {}", rootVO);
continue;
} else {
logger.info("Site belongs to this Root VO");
@ -66,27 +65,23 @@ public class SlashSeparatedContextMapper extends AbstractOIDCToSitesAndRolesMapp
gwSitesTree = new Site(rootVO, null);
}
String vo = siteTokens[VO_TOKEN_INDEX];
if (logger.isDebugEnabled()) {
logger.debug("VO is: " + vo);
}
logger.debug("VO is: {}", vo);
if (siteTokens.length == VRE_TOKEN_INDEX + 1) {
if (!gwSitesTree.getChildren().containsKey(vo)) {
logger.warn(vo + " VO's permissions are not set for user");
gwSitesTree.getChildren().put(vo, new Site(vo, null));
}
String vre = siteTokens[VRE_TOKEN_INDEX];
if (logger.isDebugEnabled()) {
logger.debug("VRE is: " + vre);
}
logger.info("Adding leaf site: " + vre);
logger.debug("VRE is: {}", vre);
logger.info("Adding leaf site: {}", vre);
gwSitesTree.getChildren().get(vo).getChildren().put(vre, new Site(vre, roles));
} else if (!gwSitesTree.getChildren().containsKey(vo)) {
logger.info("Creating site for VO: " + vo);
logger.info("Creating site for VO: {}", vo);
gwSitesTree.getChildren().put(vo, new Site(vo, roles));
}
} else {
if (gwSitesTree == null) {
logger.info("Creating site for Root VO: " + rootVO);
logger.info("Creating site for Root VO: {}", rootVO);
gwSitesTree = new Site(rootVO, roles);
} else {
if (gwSitesTree.getRoles() == null) {

15
src/main/java/org/gcube/oidc/rest/JWTToken.java
View File

@ -31,9 +31,7 @@ public class JWTToken implements Serializable {
public static JWTToken fromString(String tokenString) {
if (tokenString == null) {
if (logger.isDebugEnabled()) {
logger.debug("Token string is null, cannot create token object");
}
logger.debug("Token string is null, cannot create token object");
return null;
}
try {
@ -50,7 +48,7 @@ public class JWTToken implements Serializable {
}
private void parse() throws ParseException {
token = (JSONObject) new JSONParser().parse(this.raw);
token = (JSONObject) new JSONParser().parse(this.raw);
String[] parts = getAccessTokenString().split("\\.");
payload = (JSONObject) new JSONParser().parse(new String(Base64.getDecoder().decode(parts[1])));
}
@ -99,7 +97,7 @@ public class JWTToken implements Serializable {
public List<String> getAud() {
List<String> audienceStrings = new ArrayList<>();
Object audience = getPayload().get("aud");
Object audience = getPayload().get("aud");
if (audience instanceof String) {
audienceStrings.add((String) audience);
} else if (audience instanceof JSONArray) {
@ -134,7 +132,7 @@ public class JWTToken implements Serializable {
public String getDisplayName() {
return (String) getPayload().get("name");
}
protected JSONObject getResourceAccess() {
return (JSONObject) getPayload().get("resource_access");
}
@ -182,7 +180,6 @@ public class JWTToken implements Serializable {
return permissionsRSName;
}
public List<String> getAuthorizationPermissionRSNameResourceScopes(String rsname) {
List<String> scopes = new ArrayList<>();
JSONArray permissions = getAuthorizationPermissions();
@ -202,9 +199,9 @@ public class JWTToken implements Serializable {
public Map<String, List<String>> getAuthorizationPermissionRSNameToResourceScopesMap() {
Map<String, List<String>> map = new HashMap<>();
for (String aprn : getAuthorizationPermissionRSNames() ) {
for (String aprn : getAuthorizationPermissionRSNames()) {
map.put(aprn, getAuthorizationPermissionRSNameResourceScopes(aprn));
}
}
return map;
}

30
src/main/java/org/gcube/oidc/rest/OpenIdConnectRESTHelper.java
View File

@ -40,9 +40,7 @@ public class OpenIdConnectRESTHelper {
String q = params.entrySet().stream().flatMap(p -> p.getValue().stream().map(v -> p.getKey() + "=" + v))
.reduce((p1, p2) -> p1 + "&" + p2).orElse("");
if (logger.isDebugEnabled()) {
logger.debug("Query string is: " + q);
}
logger.debug("Query string is: {}", q);
return q;
}
@ -70,16 +68,12 @@ public class OpenIdConnectRESTHelper {
Map<String, List<String>> params)
throws Exception {
if (logger.isDebugEnabled()) {
logger.debug("Querying access token from OIDC server with URL: " + tokenURL);
}
logger.debug("Querying access token from OIDC server with URL: {}", tokenURL);
HttpURLConnection httpURLConnection = performURLEncodedPOSTSendData(tokenURL, params, authorization);
StringBuilder sb = new StringBuilder();
int httpResultCode = httpURLConnection.getResponseCode();
if (logger.isTraceEnabled()) {
logger.trace("HTTP Response code: " + httpResultCode);
}
logger.trace("HTTP Response code: {}", httpResultCode);
if (httpResultCode != HttpURLConnection.HTTP_OK) {
BufferedReader br = new BufferedReader(new InputStreamReader(httpURLConnection.getErrorStream(), "UTF-8"));
String line = null;
@ -109,17 +103,13 @@ public class OpenIdConnectRESTHelper {
con.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
con.setRequestProperty("Accept", "application/json");
if (authorization != null) {
if (logger.isDebugEnabled()) {
logger.debug("Adding authorization header as: " + authorization);
}
logger.debug("Adding authorization header as: {}", authorization);
con.setRequestProperty("Authorization", authorization);
}
OutputStream os = con.getOutputStream();
String queryString = mapToQueryString(params);
if (logger.isDebugEnabled()) {
logger.debug("Parameters query string is: " + queryString);
}
logger.debug("Parameters query string is: {}", queryString);
os.write(queryString.getBytes("UTF-8"));
os.close();
return con;
@ -170,14 +160,10 @@ public class OpenIdConnectRESTHelper {
protected static String getClientIdFromToken(JWTToken token) {
String clientId;
if (logger.isDebugEnabled()) {
logger.debug("Client id not provided, using authorized party field (azp)");
}
logger.debug("Client id not provided, using authorized party field (azp)");
clientId = token.getAzp();
if (clientId == null) {
if (logger.isDebugEnabled()) {
logger.debug("Authorized party field (azp) not present, getting one of the audience field (aud)");
}
logger.debug("Authorized party field (azp) not present, getting one of the audience field (aud)");
clientId = getFirstAudienceNoAccount(token);
}
return clientId;
@ -213,7 +199,7 @@ public class OpenIdConnectRESTHelper {
logger.info("Logout performed correctly");
return true;
} else {
logger.error("Cannot perfrom logout: [" + responseCode + "] " + httpURLConnection.getResponseMessage());
logger.error("Cannot perfrom logout: [{}] {}", responseCode, httpURLConnection.getResponseMessage());
}
return false;
}

9
src/test/java/org/gcube/oidc/rest/RestHelperTest.java
View File

@ -9,8 +9,13 @@ public class RestHelperTest {
public static void main(String[] args) throws Exception {
URL tokenURL = new URL("https://nubis2.int.d4science.net/auth/realms/d4science/protocol/openid-connect/token");
System.out.println(OpenIdConnectRESTHelper.queryClientToken(
"lr62_portal", "28726d01-9f24-4ef4-a057-3d208d96aaa0", tokenURL));
JWTToken token = OpenIdConnectRESTHelper.queryClientToken("lr62_portal", "28726d01-9f24-4ef4-a057-3d208d96aaa0",
tokenURL);
// System.out.println(token.getExpAsDate());
System.out.println(token.getAzp());
// Thread.sleep((token.getExp() * 1000 - System.currentTimeMillis() + 5000));
// System.out.println(token.isExpired());
}
}