102 lines
4.2 KiB
Java
102 lines
4.2 KiB
Java
package org.gcube.oidc;
|
|
|
|
import java.util.ArrayList;
|
|
import java.util.Collections;
|
|
import java.util.List;
|
|
import java.util.Map;
|
|
|
|
public class SlashSeparatedContextMapper extends AbstractOIDCToSitesAndRolesMapper {
|
|
|
|
private static final Boolean FAULT_TOLLERANT = Boolean.TRUE;
|
|
|
|
private static final String SPLIT_REGEXP = "/";
|
|
|
|
private static final int MINIMUM_TOKENS = 2;
|
|
|
|
private static final int EMPTY_TOKEN_INDEX = 0;
|
|
|
|
private static final int ROOT_VO_TOKEN_INDEX = EMPTY_TOKEN_INDEX + 1;
|
|
|
|
private static final int VO_TOKEN_INDEX = ROOT_VO_TOKEN_INDEX + 1;
|
|
|
|
private static final int VRE_TOKEN_INDEX = VO_TOKEN_INDEX + 1;
|
|
|
|
public SlashSeparatedContextMapper(Map<String, List<String>> resourceName2AccessRoles) {
|
|
super(resourceName2AccessRoles);
|
|
}
|
|
|
|
@Override
|
|
public Site map(String rootSite) throws SitesMapperExecption {
|
|
List<String> sites = new ArrayList<String>(resourceName2AccessRoles.keySet());
|
|
Collections.sort(sites);
|
|
// Sorting sites, the containers site should come before contained one
|
|
Site gwSitesTree = null;
|
|
for (String site : sites) {
|
|
logger.info("Checking site: " + site);
|
|
List<String> roles = resourceName2AccessRoles.get(site);
|
|
if (logger.isDebugEnabled()) {
|
|
logger.debug("Roles for site are: " + roles);
|
|
}
|
|
String[] siteTokens = site.split(SPLIT_REGEXP);
|
|
if (logger.isDebugEnabled()) {
|
|
logger.debug("Tokens are: " + siteTokens.length);
|
|
}
|
|
if (siteTokens.length < MINIMUM_TOKENS) {
|
|
String message = "Found " + siteTokens.length + " tokens only. Minimum should be: " + MINIMUM_TOKENS;
|
|
if (FAULT_TOLLERANT) {
|
|
logger.warn(message);
|
|
continue;
|
|
} else {
|
|
throw new SitesMapperExecption(message);
|
|
}
|
|
}
|
|
String rootVO = siteTokens[ROOT_VO_TOKEN_INDEX];
|
|
if (logger.isDebugEnabled()) {
|
|
logger.debug("Root VO is: " + rootVO);
|
|
}
|
|
if (!rootSite.equals(rootVO)) {
|
|
logger.info("Skipping evaluation of site tree not belonging to this Root VO: " + rootVO);
|
|
continue;
|
|
} else {
|
|
logger.info("Site belongs to this Root VO");
|
|
}
|
|
if (siteTokens.length >= VO_TOKEN_INDEX + 1) {
|
|
if (gwSitesTree == null) {
|
|
logger.warn(rootVO + " Root VO's permissions are not set for user");
|
|
gwSitesTree = new Site(rootVO, null);
|
|
}
|
|
String vo = siteTokens[VO_TOKEN_INDEX];
|
|
if (logger.isDebugEnabled()) {
|
|
logger.debug("VO is: " + vo);
|
|
}
|
|
if (siteTokens.length == VRE_TOKEN_INDEX + 1) {
|
|
if (!gwSitesTree.getChildren().containsKey(vo)) {
|
|
logger.warn(vo + " VO's permissions are not set for user");
|
|
gwSitesTree.getChildren().put(vo, new Site(vo, null));
|
|
}
|
|
String vre = siteTokens[VRE_TOKEN_INDEX];
|
|
if (logger.isDebugEnabled()) {
|
|
logger.debug("VRE is: " + vre);
|
|
}
|
|
logger.info("Adding leaf site: " + vre);
|
|
gwSitesTree.getChildren().get(vo).getChildren().put(vre, new Site(vre, roles));
|
|
} else if (!gwSitesTree.getChildren().containsKey(vo)) {
|
|
logger.info("Creating site for VO: " + vo);
|
|
gwSitesTree.getChildren().put(vo, new Site(vo, roles));
|
|
}
|
|
} else {
|
|
if (gwSitesTree == null) {
|
|
logger.info("Creating site for Root VO: " + rootVO);
|
|
gwSitesTree = new Site(rootVO, roles);
|
|
} else {
|
|
if (gwSitesTree.getRoles() == null) {
|
|
logger.info("Setting out of order roles for Root VO");
|
|
} else {
|
|
logger.warn("Duplicated roles definition for Root VO");
|
|
}
|
|
}
|
|
}
|
|
}
|
|
return gwSitesTree;
|
|
}
|
|
} |