ready for release
git-svn-id: http://svn.research-infrastructures.eu/public/d4science/gcube/trunk/portal/portal-auth-library@142112 82a268e6-3cf1-43bd-a215-b396298e98cf
This commit is contained in:
parent
f6d80e163c
commit
c50886a022
|
@ -1,6 +1,8 @@
|
||||||
package org.gcube.portal.auth;
|
package org.gcube.portal.auth;
|
||||||
|
import static org.gcube.common.authorization.client.Constants.authorizationService;
|
||||||
import static org.gcube.resources.discovery.icclient.ICFactory.clientFor;
|
import static org.gcube.resources.discovery.icclient.ICFactory.clientFor;
|
||||||
import static org.gcube.resources.discovery.icclient.ICFactory.queryFor;
|
import static org.gcube.resources.discovery.icclient.ICFactory.queryFor;
|
||||||
|
import static org.gcube.resources.discovery.icclient.ICFactory.client;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.InputStream;
|
import java.io.InputStream;
|
||||||
|
@ -14,7 +16,9 @@ import java.util.HashMap;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
|
||||||
|
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
|
||||||
import org.gcube.common.portal.PortalContext;
|
import org.gcube.common.portal.PortalContext;
|
||||||
|
import org.gcube.common.resources.gcore.GCoreEndpoint;
|
||||||
import org.gcube.common.resources.gcore.Resources;
|
import org.gcube.common.resources.gcore.Resources;
|
||||||
import org.gcube.common.resources.gcore.ServiceEndpoint;
|
import org.gcube.common.resources.gcore.ServiceEndpoint;
|
||||||
import org.gcube.common.resources.gcore.ServiceEndpoint.AccessPoint;
|
import org.gcube.common.resources.gcore.ServiceEndpoint.AccessPoint;
|
||||||
|
@ -44,6 +48,10 @@ public class AuthUtil {
|
||||||
public final static String ENDPOINT_TYPE = "ServiceEndpoint";
|
public final static String ENDPOINT_TYPE = "ServiceEndpoint";
|
||||||
public final static String ENDPOINT_CATEGORY = "OnlineService";
|
public final static String ENDPOINT_CATEGORY = "OnlineService";
|
||||||
|
|
||||||
|
public final static String OAUTH_ENDPOINT_CLASS = "Portal";
|
||||||
|
public final static String OAUTH_ENDPOINT_NAME = "oauth";
|
||||||
|
private static final String OAUTH_ENDPOINT_ENTRYNAME = "jersey-servlet";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* look for the clientId passes as parameter
|
* look for the clientId passes as parameter
|
||||||
* @param clientId
|
* @param clientId
|
||||||
|
@ -115,13 +123,34 @@ public class AuthUtil {
|
||||||
}
|
}
|
||||||
return map;
|
return map;
|
||||||
}
|
}
|
||||||
|
/**
|
||||||
|
* <p>
|
||||||
|
* @return a qualifier token for a given user token or <code>null</code> in case of problems
|
||||||
|
* </p>
|
||||||
|
* @param userToken
|
||||||
|
*/
|
||||||
|
public static String generateAuthorizationQualifierToken(String appName, String userToken) {
|
||||||
|
String qToken;
|
||||||
|
String apiQualifier = "AuthorisedApp-"+appName;
|
||||||
|
try {
|
||||||
|
String encodedApiQualifier = URLEncoder.encode(apiQualifier, "UTF-8").replaceAll("\\+", "%20");
|
||||||
|
String currToken = SecurityTokenProvider.instance.get();
|
||||||
|
SecurityTokenProvider.instance.set(userToken);
|
||||||
|
qToken = authorizationService().generateApiKey(encodedApiQualifier);
|
||||||
|
SecurityTokenProvider.instance.set(currToken);
|
||||||
|
} catch (Exception e) {
|
||||||
|
e.printStackTrace();
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
return qToken;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* look for the clientId passes as parameter
|
* look for the clientId passes as parameter
|
||||||
* @param clientId
|
* @param clientId
|
||||||
* @return a <code>RequestingApp</code> contanining the application name, the description and the application logo URL if any, or <code>null</code> if non existent
|
* @return a <code>RequestingApp</code> contanining the application name, the description and the application logo URL if any, or <code>null</code> if non existent
|
||||||
*/
|
*/
|
||||||
public static List<ServiceEndpoint> getAuthorisedApplicationInfoFromIsICClient(String infrastructureName, String clientId) throws Exception {
|
public static ServiceEndpoint getAuthorisedApplicationInfoFromIsICClient(String infrastructureName, String clientId) throws Exception {
|
||||||
String scope = "/" + infrastructureName;
|
String scope = "/" + infrastructureName;
|
||||||
String currScope = ScopeProvider.instance.get();
|
String currScope = ScopeProvider.instance.get();
|
||||||
ScopeProvider.instance.set(scope);
|
ScopeProvider.instance.set(scope);
|
||||||
|
@ -131,29 +160,21 @@ public class AuthUtil {
|
||||||
DiscoveryClient<ServiceEndpoint> client = clientFor(ServiceEndpoint.class);
|
DiscoveryClient<ServiceEndpoint> client = clientFor(ServiceEndpoint.class);
|
||||||
List<ServiceEndpoint> toReturn = client.submit(query);
|
List<ServiceEndpoint> toReturn = client.submit(query);
|
||||||
ScopeProvider.instance.set(currScope);
|
ScopeProvider.instance.set(currScope);
|
||||||
return toReturn;
|
if (toReturn.size() > 0)
|
||||||
|
return toReturn.get(0);
|
||||||
|
else
|
||||||
|
return null;
|
||||||
}
|
}
|
||||||
/**
|
/**
|
||||||
* look for the clientId AccessEndpoint passes as parameter
|
* <p>
|
||||||
* @param gatewayName
|
* return the authorised redirect for the service endpoint of type OnlineService
|
||||||
* @param clientId
|
* </p>
|
||||||
* @return the client secret related to the id, or null if non existent
|
* @param toLookFor an instance of <code>ServiceEndpoint</code>
|
||||||
|
* @return the list of authorised redirectURLs or <code>null
|
||||||
*/
|
*/
|
||||||
public static List<String> getAuthorisedRedirectURLsFromIs(String clientId) {
|
public static List<String> getAuthorisedRedirectURLsFromIs(ServiceEndpoint toLookFor) {
|
||||||
PortalContext pContext = PortalContext.getConfiguration();
|
|
||||||
String scope = "/"+pContext.getInfrastructureName();
|
|
||||||
List<String> autRedirectURLs = new ArrayList<>();
|
List<String> autRedirectURLs = new ArrayList<>();
|
||||||
try {
|
Group<AccessPoint> apGroup = toLookFor.profile().accessPoints();
|
||||||
List<ServiceEndpoint> list = getAuthorisedApplicationInfoFromIsICClient(pContext.getInfrastructureName(), clientId);
|
|
||||||
if (list.size() > 1) {
|
|
||||||
_log.error("Too many Service Endpoints having name " + clientId +" in this scope having Category " + SERVICE_ENDPOINT_CATEGORY);
|
|
||||||
}
|
|
||||||
else if (list.size() == 0){
|
|
||||||
_log.warn("There is no Service Endpoint having name " + clientId +" and Category " + SERVICE_ENDPOINT_CATEGORY + " in this scope: " + scope);
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
for (ServiceEndpoint res : list) {
|
|
||||||
Group<AccessPoint> apGroup = res.profile().accessPoints();
|
|
||||||
AccessPoint[] accessPoints = (AccessPoint[]) apGroup.toArray(new AccessPoint[apGroup.size()]);
|
AccessPoint[] accessPoints = (AccessPoint[]) apGroup.toArray(new AccessPoint[apGroup.size()]);
|
||||||
for (int i = 0; i < accessPoints.length; i++) {
|
for (int i = 0; i < accessPoints.length; i++) {
|
||||||
if (accessPoints[i].name().compareTo(REDIRECT_URL) == 0) {
|
if (accessPoints[i].name().compareTo(REDIRECT_URL) == 0) {
|
||||||
|
@ -161,12 +182,37 @@ public class AuthUtil {
|
||||||
autRedirectURLs.add(found.address());
|
autRedirectURLs.add(found.address());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
}
|
|
||||||
} catch (Exception e) {
|
|
||||||
e.printStackTrace();
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
return autRedirectURLs;
|
return autRedirectURLs;
|
||||||
}
|
}
|
||||||
|
/**
|
||||||
|
* Instantiates a new gcore endpoint reader.
|
||||||
|
*
|
||||||
|
* @param scope the scope
|
||||||
|
* @throws Exception the exception
|
||||||
|
*/
|
||||||
|
public static String getOAuthServiceEndPoint(String infrastructureName) throws Exception {
|
||||||
|
String scope = "/" + infrastructureName;
|
||||||
|
String currScope = ScopeProvider.instance.get();
|
||||||
|
ScopeProvider.instance.set(scope);
|
||||||
|
|
||||||
|
|
||||||
|
SimpleQuery query = queryFor(GCoreEndpoint.class);
|
||||||
|
query.addCondition(String.format("$resource/Profile/ServiceClass/text() eq '%s'",OAUTH_ENDPOINT_CLASS));
|
||||||
|
query.addCondition("$resource/Profile/DeploymentData/Status/text() eq 'ready'");
|
||||||
|
query.addCondition(String.format("$resource/Profile/ServiceName/text() eq '%s'",OAUTH_ENDPOINT_NAME));
|
||||||
|
query.setResult("$resource/Profile/AccessPoint/RunningInstanceInterfaces//Endpoint[@EntryName/string() eq \""+OAUTH_ENDPOINT_ENTRYNAME+"\"]/text()");
|
||||||
|
|
||||||
|
|
||||||
|
DiscoveryClient<String> client = client();
|
||||||
|
List<String> toReturn = client.submit(query);
|
||||||
|
if (toReturn == null || toReturn.isEmpty()) throw new Exception("Cannot retrieve the GCoreEndpoint serviceName: "+OAUTH_ENDPOINT_NAME +", serviceClass: " +OAUTH_ENDPOINT_CLASS +", in scope: "+scope);
|
||||||
|
|
||||||
|
|
||||||
|
ScopeProvider.instance.set(currScope);
|
||||||
|
if (toReturn.size() > 0)
|
||||||
|
return toReturn.get(0);
|
||||||
|
else
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,8 +2,17 @@ package org.gcube.portal.auth;
|
||||||
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
import org.gcube.portal.auth.AuthUtil;
|
import org.apache.http.HttpResponse;
|
||||||
import org.gcube.portal.auth.RequestingApp;
|
import org.apache.http.client.methods.HttpPost;
|
||||||
|
import org.apache.http.entity.ContentType;
|
||||||
|
import org.apache.http.entity.StringEntity;
|
||||||
|
import org.apache.http.impl.client.CloseableHttpClient;
|
||||||
|
import org.apache.http.impl.client.HttpClientBuilder;
|
||||||
|
import org.apache.http.impl.client.LaxRedirectStrategy;
|
||||||
|
import org.gcube.common.portal.PortalContext;
|
||||||
|
import org.gcube.common.resources.gcore.ServiceEndpoint;
|
||||||
|
|
||||||
|
import com.liferay.portal.kernel.json.JSONObject;
|
||||||
|
|
||||||
import junit.framework.Test;
|
import junit.framework.Test;
|
||||||
import junit.framework.TestCase;
|
import junit.framework.TestCase;
|
||||||
|
@ -35,21 +44,22 @@ public class AppTest extends TestCase {
|
||||||
* Rigourous Test :-)
|
* Rigourous Test :-)
|
||||||
*/
|
*/
|
||||||
public void testApp() {
|
public void testApp() {
|
||||||
// RequestingApp app = AuthUtil.getAuthorisedApplicationInfoFromIs("c96d4477-236c-4f98-ba7d-7897991ef412");
|
|
||||||
// if (app != null) {
|
|
||||||
// System.out.println(app.getApplicationId());
|
|
||||||
// System.out.println(app.getLogoURL());
|
|
||||||
// }
|
|
||||||
// assertTrue( app != null );
|
|
||||||
System.out.println("getAuthorisedRedirectURLsFromIs ... ");
|
System.out.println("getAuthorisedRedirectURLsFromIs ... ");
|
||||||
try {
|
try {
|
||||||
List<String> authreds = AuthUtil.getAuthorisedRedirectURLsFromIs("c96d4477-236c-4f98-ba7d-7897991ef412");
|
ServiceEndpoint authorisedApp = AuthUtil.getAuthorisedApplicationInfoFromIsICClient(PortalContext.getConfiguration().getInfrastructureName(), "c96d4477-236c-4f98-ba7d-7897991ef412");
|
||||||
for (String red : authreds) {
|
List<String> authorisedRedirectURLs = AuthUtil.getAuthorisedRedirectURLsFromIs(authorisedApp);
|
||||||
|
|
||||||
|
for (String red : authorisedRedirectURLs) {
|
||||||
System.out.println(red);
|
System.out.println(red);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
String oauthendPoint = AuthUtil.getOAuthServiceEndPoint(PortalContext.getConfiguration().getInfrastructureName());
|
||||||
|
System.out.println(oauthendPoint);
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
// TODO Auto-generated catch block
|
// TODO Auto-generated catch block
|
||||||
e.printStackTrace();
|
e.printStackTrace();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue