diff --git a/src/main/java/org/gcube/portal/auth/AuthUtil.java b/src/main/java/org/gcube/portal/auth/AuthUtil.java
index cc1800f..3ac78fd 100644
--- a/src/main/java/org/gcube/portal/auth/AuthUtil.java
+++ b/src/main/java/org/gcube/portal/auth/AuthUtil.java
@@ -1,6 +1,8 @@
package org.gcube.portal.auth;
+import static org.gcube.common.authorization.client.Constants.authorizationService;
import static org.gcube.resources.discovery.icclient.ICFactory.clientFor;
import static org.gcube.resources.discovery.icclient.ICFactory.queryFor;
+import static org.gcube.resources.discovery.icclient.ICFactory.client;
import java.io.IOException;
import java.io.InputStream;
@@ -14,7 +16,9 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
import org.gcube.common.portal.PortalContext;
+import org.gcube.common.resources.gcore.GCoreEndpoint;
import org.gcube.common.resources.gcore.Resources;
import org.gcube.common.resources.gcore.ServiceEndpoint;
import org.gcube.common.resources.gcore.ServiceEndpoint.AccessPoint;
@@ -43,6 +47,10 @@ public class AuthUtil {
public final static String TOKEN_ATTR_NAME = "gcube-token";
public final static String ENDPOINT_TYPE = "ServiceEndpoint";
public final static String ENDPOINT_CATEGORY = "OnlineService";
+
+ public final static String OAUTH_ENDPOINT_CLASS = "Portal";
+ public final static String OAUTH_ENDPOINT_NAME = "oauth";
+ private static final String OAUTH_ENDPOINT_ENTRYNAME = "jersey-servlet";
/**
* look for the clientId passes as parameter
@@ -65,7 +73,7 @@ public class AuthUtil {
siteConnection.addRequestProperty(TOKEN_ATTR_NAME, portalToken);
InputStream is = null;
try {
- is = siteConnection.getInputStream();
+ is = siteConnection.getInputStream();
}
catch (IOException e) {
_log.warn("The requested clientId does not exist: " + encodedClientId);
@@ -115,58 +123,96 @@ public class AuthUtil {
}
return map;
}
+ /**
+ *
+ * @return a qualifier token for a given user token or null in case of problems
+ *
+ * @param userToken
+ */
+ public static String generateAuthorizationQualifierToken(String appName, String userToken) {
+ String qToken;
+ String apiQualifier = "AuthorisedApp-"+appName;
+ try {
+ String encodedApiQualifier = URLEncoder.encode(apiQualifier, "UTF-8").replaceAll("\\+", "%20");
+ String currToken = SecurityTokenProvider.instance.get();
+ SecurityTokenProvider.instance.set(userToken);
+ qToken = authorizationService().generateApiKey(encodedApiQualifier);
+ SecurityTokenProvider.instance.set(currToken);
+ } catch (Exception e) {
+ e.printStackTrace();
+ return null;
+ }
+ return qToken;
+ }
/**
* look for the clientId passes as parameter
* @param clientId
* @return a RequestingApp contanining the application name, the description and the application logo URL if any, or null if non existent
*/
- public static List getAuthorisedApplicationInfoFromIsICClient(String infrastructureName, String clientId) throws Exception {
- String scope = "/" + infrastructureName;
- String currScope = ScopeProvider.instance.get();
- ScopeProvider.instance.set(scope);
- String encodedClientId = URLEncoder.encode(clientId, "UTF-8").replaceAll("\\+", "%20");
- SimpleQuery query = queryFor(ServiceEndpoint.class);
- query.addCondition("$resource/ID/text() eq '"+ encodedClientId +"'");
- DiscoveryClient client = clientFor(ServiceEndpoint.class);
- List toReturn = client.submit(query);
- ScopeProvider.instance.set(currScope);
- return toReturn;
- }
- /**
- * look for the clientId AccessEndpoint passes as parameter
- * @param gatewayName
- * @param clientId
- * @return the client secret related to the id, or null if non existent
- */
- public static List getAuthorisedRedirectURLsFromIs(String clientId) {
- PortalContext pContext = PortalContext.getConfiguration();
- String scope = "/"+pContext.getInfrastructureName();
- List autRedirectURLs = new ArrayList<>();
- try {
- List list = getAuthorisedApplicationInfoFromIsICClient(pContext.getInfrastructureName(), clientId);
- if (list.size() > 1) {
- _log.error("Too many Service Endpoints having name " + clientId +" in this scope having Category " + SERVICE_ENDPOINT_CATEGORY);
- }
- else if (list.size() == 0){
- _log.warn("There is no Service Endpoint having name " + clientId +" and Category " + SERVICE_ENDPOINT_CATEGORY + " in this scope: " + scope);
- }
- else {
- for (ServiceEndpoint res : list) {
- Group apGroup = res.profile().accessPoints();
- AccessPoint[] accessPoints = (AccessPoint[]) apGroup.toArray(new AccessPoint[apGroup.size()]);
- for (int i = 0; i < accessPoints.length; i++) {
- if (accessPoints[i].name().compareTo(REDIRECT_URL) == 0) {
- AccessPoint found = accessPoints[i];
- autRedirectURLs.add(found.address());
- }
- }
- }
- }
- } catch (Exception e) {
- e.printStackTrace();
+ public static ServiceEndpoint getAuthorisedApplicationInfoFromIsICClient(String infrastructureName, String clientId) throws Exception {
+ String scope = "/" + infrastructureName;
+ String currScope = ScopeProvider.instance.get();
+ ScopeProvider.instance.set(scope);
+ String encodedClientId = URLEncoder.encode(clientId, "UTF-8").replaceAll("\\+", "%20");
+ SimpleQuery query = queryFor(ServiceEndpoint.class);
+ query.addCondition("$resource/ID/text() eq '"+ encodedClientId +"'");
+ DiscoveryClient client = clientFor(ServiceEndpoint.class);
+ List toReturn = client.submit(query);
+ ScopeProvider.instance.set(currScope);
+ if (toReturn.size() > 0)
+ return toReturn.get(0);
+ else
return null;
+ }
+ /**
+ *
+ * return the authorised redirect for the service endpoint of type OnlineService
+ *
+ * @param toLookFor an instance of ServiceEndpoint
+ * @return the list of authorised redirectURLs or null
+ */
+ public static List getAuthorisedRedirectURLsFromIs(ServiceEndpoint toLookFor) {
+ List autRedirectURLs = new ArrayList<>();
+ Group apGroup = toLookFor.profile().accessPoints();
+ AccessPoint[] accessPoints = (AccessPoint[]) apGroup.toArray(new AccessPoint[apGroup.size()]);
+ for (int i = 0; i < accessPoints.length; i++) {
+ if (accessPoints[i].name().compareTo(REDIRECT_URL) == 0) {
+ AccessPoint found = accessPoints[i];
+ autRedirectURLs.add(found.address());
+ }
}
return autRedirectURLs;
}
+ /**
+ * Instantiates a new gcore endpoint reader.
+ *
+ * @param scope the scope
+ * @throws Exception the exception
+ */
+ public static String getOAuthServiceEndPoint(String infrastructureName) throws Exception {
+ String scope = "/" + infrastructureName;
+ String currScope = ScopeProvider.instance.get();
+ ScopeProvider.instance.set(scope);
+
+
+ SimpleQuery query = queryFor(GCoreEndpoint.class);
+ query.addCondition(String.format("$resource/Profile/ServiceClass/text() eq '%s'",OAUTH_ENDPOINT_CLASS));
+ query.addCondition("$resource/Profile/DeploymentData/Status/text() eq 'ready'");
+ query.addCondition(String.format("$resource/Profile/ServiceName/text() eq '%s'",OAUTH_ENDPOINT_NAME));
+ query.setResult("$resource/Profile/AccessPoint/RunningInstanceInterfaces//Endpoint[@EntryName/string() eq \""+OAUTH_ENDPOINT_ENTRYNAME+"\"]/text()");
+
+
+ DiscoveryClient client = client();
+ List toReturn = client.submit(query);
+ if (toReturn == null || toReturn.isEmpty()) throw new Exception("Cannot retrieve the GCoreEndpoint serviceName: "+OAUTH_ENDPOINT_NAME +", serviceClass: " +OAUTH_ENDPOINT_CLASS +", in scope: "+scope);
+
+
+ ScopeProvider.instance.set(currScope);
+ if (toReturn.size() > 0)
+ return toReturn.get(0);
+ else
+ return null;
+ }
+
}
diff --git a/src/test/java/org/gcube/portal/auth/AppTest.java b/src/test/java/org/gcube/portal/auth/AppTest.java
index 7f66e90..d03a0ec 100644
--- a/src/test/java/org/gcube/portal/auth/AppTest.java
+++ b/src/test/java/org/gcube/portal/auth/AppTest.java
@@ -2,8 +2,17 @@ package org.gcube.portal.auth;
import java.util.List;
-import org.gcube.portal.auth.AuthUtil;
-import org.gcube.portal.auth.RequestingApp;
+import org.apache.http.HttpResponse;
+import org.apache.http.client.methods.HttpPost;
+import org.apache.http.entity.ContentType;
+import org.apache.http.entity.StringEntity;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClientBuilder;
+import org.apache.http.impl.client.LaxRedirectStrategy;
+import org.gcube.common.portal.PortalContext;
+import org.gcube.common.resources.gcore.ServiceEndpoint;
+
+import com.liferay.portal.kernel.json.JSONObject;
import junit.framework.Test;
import junit.framework.TestCase;
@@ -35,21 +44,22 @@ public class AppTest extends TestCase {
* Rigourous Test :-)
*/
public void testApp() {
-// RequestingApp app = AuthUtil.getAuthorisedApplicationInfoFromIs("c96d4477-236c-4f98-ba7d-7897991ef412");
-// if (app != null) {
-// System.out.println(app.getApplicationId());
-// System.out.println(app.getLogoURL());
-// }
-// assertTrue( app != null );
System.out.println("getAuthorisedRedirectURLsFromIs ... ");
try {
- List authreds = AuthUtil.getAuthorisedRedirectURLsFromIs("c96d4477-236c-4f98-ba7d-7897991ef412");
- for (String red : authreds) {
+ ServiceEndpoint authorisedApp = AuthUtil.getAuthorisedApplicationInfoFromIsICClient(PortalContext.getConfiguration().getInfrastructureName(), "c96d4477-236c-4f98-ba7d-7897991ef412");
+ List authorisedRedirectURLs = AuthUtil.getAuthorisedRedirectURLsFromIs(authorisedApp);
+
+ for (String red : authorisedRedirectURLs) {
System.out.println(red);
}
+
+ String oauthendPoint = AuthUtil.getOAuthServiceEndPoint(PortalContext.getConfiguration().getInfrastructureName());
+ System.out.println(oauthendPoint);
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
+
+
}