ready for release

git-svn-id: http://svn.research-infrastructures.eu/public/d4science/gcube/trunk/portal/portal-auth-library@142112 82a268e6-3cf1-43bd-a215-b396298e98cf
This commit is contained in:
Massimiliano Assante 2017-02-02 17:38:16 +00:00
parent f6d80e163c
commit c50886a022
2 changed files with 111 additions and 55 deletions

View File

@ -1,6 +1,8 @@
package org.gcube.portal.auth;
import static org.gcube.common.authorization.client.Constants.authorizationService;
import static org.gcube.resources.discovery.icclient.ICFactory.clientFor;
import static org.gcube.resources.discovery.icclient.ICFactory.queryFor;
import static org.gcube.resources.discovery.icclient.ICFactory.client;
import java.io.IOException;
import java.io.InputStream;
@ -14,7 +16,9 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
import org.gcube.common.portal.PortalContext;
import org.gcube.common.resources.gcore.GCoreEndpoint;
import org.gcube.common.resources.gcore.Resources;
import org.gcube.common.resources.gcore.ServiceEndpoint;
import org.gcube.common.resources.gcore.ServiceEndpoint.AccessPoint;
@ -44,6 +48,10 @@ public class AuthUtil {
public final static String ENDPOINT_TYPE = "ServiceEndpoint";
public final static String ENDPOINT_CATEGORY = "OnlineService";
public final static String OAUTH_ENDPOINT_CLASS = "Portal";
public final static String OAUTH_ENDPOINT_NAME = "oauth";
private static final String OAUTH_ENDPOINT_ENTRYNAME = "jersey-servlet";
/**
* look for the clientId passes as parameter
* @param clientId
@ -115,13 +123,34 @@ public class AuthUtil {
}
return map;
}
/**
* <p>
* @return a qualifier token for a given user token or <code>null</code> in case of problems
* </p>
* @param userToken
*/
public static String generateAuthorizationQualifierToken(String appName, String userToken) {
String qToken;
String apiQualifier = "AuthorisedApp-"+appName;
try {
String encodedApiQualifier = URLEncoder.encode(apiQualifier, "UTF-8").replaceAll("\\+", "%20");
String currToken = SecurityTokenProvider.instance.get();
SecurityTokenProvider.instance.set(userToken);
qToken = authorizationService().generateApiKey(encodedApiQualifier);
SecurityTokenProvider.instance.set(currToken);
} catch (Exception e) {
e.printStackTrace();
return null;
}
return qToken;
}
/**
* look for the clientId passes as parameter
* @param clientId
* @return a <code>RequestingApp</code> contanining the application name, the description and the application logo URL if any, or <code>null</code> if non existent
*/
public static List<ServiceEndpoint> getAuthorisedApplicationInfoFromIsICClient(String infrastructureName, String clientId) throws Exception {
public static ServiceEndpoint getAuthorisedApplicationInfoFromIsICClient(String infrastructureName, String clientId) throws Exception {
String scope = "/" + infrastructureName;
String currScope = ScopeProvider.instance.get();
ScopeProvider.instance.set(scope);
@ -131,29 +160,21 @@ public class AuthUtil {
DiscoveryClient<ServiceEndpoint> client = clientFor(ServiceEndpoint.class);
List<ServiceEndpoint> toReturn = client.submit(query);
ScopeProvider.instance.set(currScope);
return toReturn;
if (toReturn.size() > 0)
return toReturn.get(0);
else
return null;
}
/**
* look for the clientId AccessEndpoint passes as parameter
* @param gatewayName
* @param clientId
* @return the client secret related to the id, or null if non existent
* <p>
* return the authorised redirect for the service endpoint of type OnlineService
* </p>
* @param toLookFor an instance of <code>ServiceEndpoint</code>
* @return the list of authorised redirectURLs or <code>null
*/
public static List<String> getAuthorisedRedirectURLsFromIs(String clientId) {
PortalContext pContext = PortalContext.getConfiguration();
String scope = "/"+pContext.getInfrastructureName();
public static List<String> getAuthorisedRedirectURLsFromIs(ServiceEndpoint toLookFor) {
List<String> autRedirectURLs = new ArrayList<>();
try {
List<ServiceEndpoint> list = getAuthorisedApplicationInfoFromIsICClient(pContext.getInfrastructureName(), clientId);
if (list.size() > 1) {
_log.error("Too many Service Endpoints having name " + clientId +" in this scope having Category " + SERVICE_ENDPOINT_CATEGORY);
}
else if (list.size() == 0){
_log.warn("There is no Service Endpoint having name " + clientId +" and Category " + SERVICE_ENDPOINT_CATEGORY + " in this scope: " + scope);
}
else {
for (ServiceEndpoint res : list) {
Group<AccessPoint> apGroup = res.profile().accessPoints();
Group<AccessPoint> apGroup = toLookFor.profile().accessPoints();
AccessPoint[] accessPoints = (AccessPoint[]) apGroup.toArray(new AccessPoint[apGroup.size()]);
for (int i = 0; i < accessPoints.length; i++) {
if (accessPoints[i].name().compareTo(REDIRECT_URL) == 0) {
@ -161,12 +182,37 @@ public class AuthUtil {
autRedirectURLs.add(found.address());
}
}
}
}
} catch (Exception e) {
e.printStackTrace();
return null;
}
return autRedirectURLs;
}
/**
* Instantiates a new gcore endpoint reader.
*
* @param scope the scope
* @throws Exception the exception
*/
public static String getOAuthServiceEndPoint(String infrastructureName) throws Exception {
String scope = "/" + infrastructureName;
String currScope = ScopeProvider.instance.get();
ScopeProvider.instance.set(scope);
SimpleQuery query = queryFor(GCoreEndpoint.class);
query.addCondition(String.format("$resource/Profile/ServiceClass/text() eq '%s'",OAUTH_ENDPOINT_CLASS));
query.addCondition("$resource/Profile/DeploymentData/Status/text() eq 'ready'");
query.addCondition(String.format("$resource/Profile/ServiceName/text() eq '%s'",OAUTH_ENDPOINT_NAME));
query.setResult("$resource/Profile/AccessPoint/RunningInstanceInterfaces//Endpoint[@EntryName/string() eq \""+OAUTH_ENDPOINT_ENTRYNAME+"\"]/text()");
DiscoveryClient<String> client = client();
List<String> toReturn = client.submit(query);
if (toReturn == null || toReturn.isEmpty()) throw new Exception("Cannot retrieve the GCoreEndpoint serviceName: "+OAUTH_ENDPOINT_NAME +", serviceClass: " +OAUTH_ENDPOINT_CLASS +", in scope: "+scope);
ScopeProvider.instance.set(currScope);
if (toReturn.size() > 0)
return toReturn.get(0);
else
return null;
}
}

View File

@ -2,8 +2,17 @@ package org.gcube.portal.auth;
import java.util.List;
import org.gcube.portal.auth.AuthUtil;
import org.gcube.portal.auth.RequestingApp;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.ContentType;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.LaxRedirectStrategy;
import org.gcube.common.portal.PortalContext;
import org.gcube.common.resources.gcore.ServiceEndpoint;
import com.liferay.portal.kernel.json.JSONObject;
import junit.framework.Test;
import junit.framework.TestCase;
@ -35,21 +44,22 @@ public class AppTest extends TestCase {
* Rigourous Test :-)
*/
public void testApp() {
// RequestingApp app = AuthUtil.getAuthorisedApplicationInfoFromIs("c96d4477-236c-4f98-ba7d-7897991ef412");
// if (app != null) {
// System.out.println(app.getApplicationId());
// System.out.println(app.getLogoURL());
// }
// assertTrue( app != null );
System.out.println("getAuthorisedRedirectURLsFromIs ... ");
try {
List<String> authreds = AuthUtil.getAuthorisedRedirectURLsFromIs("c96d4477-236c-4f98-ba7d-7897991ef412");
for (String red : authreds) {
ServiceEndpoint authorisedApp = AuthUtil.getAuthorisedApplicationInfoFromIsICClient(PortalContext.getConfiguration().getInfrastructureName(), "c96d4477-236c-4f98-ba7d-7897991ef412");
List<String> authorisedRedirectURLs = AuthUtil.getAuthorisedRedirectURLsFromIs(authorisedApp);
for (String red : authorisedRedirectURLs) {
System.out.println(red);
}
String oauthendPoint = AuthUtil.getOAuthServiceEndPoint(PortalContext.getConfiguration().getInfrastructureName());
System.out.println(oauthendPoint);
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}