rpt-token-portlet/src/main/java/org/gcube/portlets/admin/RPTTokenReader.java

package org.gcube.portlets.admin;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URL;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.List;

import javax.portlet.PortletException;
import javax.portlet.RenderRequest;
import javax.portlet.RenderResponse;
import javax.portlet.ResourceRequest;
import javax.portlet.ResourceResponse;
import javax.servlet.http.HttpServletRequest;

import java.util.Base64;

import org.gcube.common.portal.PortalContext;
import org.gcube.common.scope.impl.ScopeBean;
import org.gcube.common.scope.impl.ScopeBean.Type;
import org.gcube.oidc.rest.JWTToken;
import org.gcube.oidc.rest.OpenIdConnectConfiguration;
import org.gcube.oidc.rest.OpenIdConnectRESTHelper;
//import org.gcube.oidc.rest.OpenIdConnectRESTHelper;
import org.gcube.oidc.rest.OpenIdConnectRESTHelperException;
import org.gcube.portal.oidc.lr62.JWTCacheProxy;
import org.gcube.portal.oidc.lr62.LiferayOpenIdConnectConfiguration;
import org.gcube.vomanagement.usermanagement.GroupManager;
import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager;
import org.gcube.vomanagement.usermanagement.model.GCubeGroup;

import com.liferay.portal.kernel.json.JSONFactoryUtil;
import com.liferay.portal.kernel.json.JSONObject;
import com.liferay.portal.kernel.json.JSONArray;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.util.ParamUtil;
import com.liferay.portal.model.User;
import com.liferay.portal.util.PortalUtil;
import com.liferay.util.bridges.mvc.MVCPortlet;

/**
 * Portlet implementation class RPTTokenReader
 */
public class RPTTokenReader extends MVCPortlet {
	private static com.liferay.portal.kernel.log.Log log = LogFactoryUtil.getLog(RPTTokenReader.class);

	@Override
	public void render(RenderRequest renderRequest, RenderResponse renderResponse)
			throws PortletException, IOException {
		GroupManager gm = new LiferayGroupManager();
		try {
			User theUser = PortalUtil.getUser(renderRequest);
			String currentContext = getCurrentContext(renderRequest);
			ScopeBean bean = new ScopeBean(currentContext);
			List<String> userContexts = new ArrayList<String>();
			List<String> vreContexts = new ArrayList<String>();
			List<GCubeGroup> userGroups = gm.listGroupsByUser(theUser.getUserId());
			if (bean.is(Type.VRE)) {
				userContexts.add(currentContext);
				vreContexts.add(currentContext);
			} else {
				for (GCubeGroup g : userGroups) {
					// skipping these sites
					if (!(g.getFriendlyURL().equals("/guest") || g.getFriendlyURL().equals("/global"))) {
						if (g.getGroupName().equals(PortalContext.getConfiguration().getInfrastructureName())) {
							String context = gm.getInfrastructureScope(g.getGroupId());
							userContexts.add(context);
							if (context.split("/").length == 4){
								vreContexts.add(context);
							}
						}
						if (g.getParentGroupId() > 0) {
							String context = gm.getInfrastructureScope(g.getGroupId());
							userContexts.add(context);
							if (context.split("/").length == 4){
								vreContexts.add(context);
							}
						}
					}
				}
			}
			renderRequest.setAttribute("userGroups", userGroups);
			renderRequest.setAttribute("userContexts", userContexts);
			renderRequest.setAttribute("vreContexts", vreContexts);
		} catch (Exception e) {
			e.printStackTrace();
		}
		super.render(renderRequest, renderResponse);
	}

	public void serveResource(ResourceRequest resourceRequest, ResourceResponse resourceResponse)
			throws IOException, PortletException {
		String context = ParamUtil.getString(resourceRequest, "context", null);
		System.out.println("Selected context=" + context);
		HttpServletRequest httpReq = PortalUtil
				.getOriginalServletRequest(PortalUtil.getHttpServletRequest(resourceRequest));
		JWTToken umaToken = null;
		JWTToken exchangedToken = null;

		GroupManager gm = new LiferayGroupManager();


		resourceResponse.setContentType("application/json");
		JSONObject jsonObject = JSONFactoryUtil.createJSONObject();

		try {
			User theUser = PortalUtil.getUser(resourceRequest);
			OpenIdConnectConfiguration configuration = LiferayOpenIdConnectConfiguration.getConfiguration(httpReq);

			jsonObject.put("token_url", configuration.getTokenURL().toString());
			JWTCacheProxy jwtCacheProxy = JWTCacheProxy.getInstance();
			String sessionId = httpReq.getSession().getId();
			String urlEncodedContext = null;
			try {
				urlEncodedContext = URLEncoder.encode(context, "UTF-8");
			} catch (UnsupportedEncodingException e) {
				// Almost impossible
				log.error("Cannot URL encode context", e);
			}

			JWTToken authToken = jwtCacheProxy.getOIDCToken(theUser, sessionId);
			umaToken = OpenIdConnectRESTHelper.queryUMAToken(configuration.getTokenURL(),
					authToken.getAccessTokenAsBearer(), urlEncodedContext, null);

			// URL auth_url = configuration.getTokenURL();
			// log.info("auth_url " + auth_url);
			// log.info("authToken " + authToken.getAccessTokenString());
			// log.info("umaToken " + umaToken.getAccessTokenString());
			// log.info("context " + context);
			// log.info("encoded_context " + urlEncodedContext);
			// log.info("client_id " + configuration.getPortalClientId());
			// log.info("client_secret " + configuration.getPortalClientSecret());

			exchangedToken = OpenIdConnectRESTHelperExtended.queryExchangeToken(
					configuration.getTokenURL(),
					umaToken.getAccessTokenString(),
					urlEncodedContext,
					configuration.getPortalClientId(),
					configuration.getPortalClientSecret(),
					null);


			// log.info("exchangedToken " + exchangedToken.getAccessTokenString());

			// log.debug("Got a new UMA token " + exchangedToken.getTokenEssentials());
		} catch (OpenIdConnectRESTHelperException e) {
			resourceResponse.setProperty(ResourceResponse.HTTP_STATUS_CODE, "" + e.getStatus());

			e.printStackTrace();
			jsonObject.put("success", false);
			jsonObject.put("comment", e.getMessage());
			resourceResponse.getWriter().println(jsonObject);
			super.serveResource(resourceRequest, resourceResponse);
			return;
		} catch (Exception e) {
			e.printStackTrace();
			jsonObject.put("success", false);
			jsonObject.put("comment", e.getMessage());
			resourceResponse.getWriter().println(jsonObject);
			super.serveResource(resourceRequest, resourceResponse);
			return;
		}

		// } catch (Exception e) {
		// e.printStackTrace();
		// JSONObject jsonObject = JSONFactoryUtil.createJSONObject();
		// jsonObject.put("success", false);
		// jsonObject.put("comment", e.getMessage());
		// resourceResponse.getWriter().println(jsonObject);
		// super.serveResource(resourceRequest, resourceResponse);
		// }

		jsonObject.put("success", true);
		jsonObject.put("access_token", exchangedToken.getAccessTokenString());
		jsonObject.put("refresh_token", exchangedToken.getRefreshTokenString());

		jsonObject.put("raw_token", exchangedToken.getRaw());

		jsonObject.put("access_token_exp", exchangedToken.getExp());
		jsonObject.put("essential", exchangedToken.getTokenEssentials());

		jsonObject.put("client_id", umaToken.getAzp());

		JSONArray audiences = JSONFactoryUtil.createJSONArray();
		List<String> list_audiences = exchangedToken.getAud();
		for (int i = 0; i < list_audiences.size(); i++) {
			audiences.put((String) list_audiences.get(i));
		}
		jsonObject.put("audience", audiences);

		resourceResponse.getWriter().println(jsonObject);
		super.serveResource(resourceRequest, resourceResponse);
	}

	private String getCurrentContext(RenderRequest request) {
		long groupId = -1;
		try {
			groupId = PortalUtil.getScopeGroupId(request);
			return getCurrentContext(groupId);
		} catch (Exception e) {
			e.printStackTrace();
		}
		return null;
	}

	private String getCurrentContext(long groupId) {
		try {
			PortalContext pContext = PortalContext.getConfiguration();
			return pContext.getCurrentScope("" + groupId);
		} catch (Exception e) {
			e.printStackTrace();
		}
		return null;
	}
}
initial commit 2021-04-08 11:05:40 +02:00			`package org.gcube.portlets.admin;`

			`import java.io.IOException;`
- Feature #24755 verified 2023-04-27 16:29:17 +02:00			`import java.io.UnsupportedEncodingException;`
v 1.3.0, token exchange (#27099) 2024-03-25 16:46:58 +01:00			`import java.net.URL;`
- Feature #24755 verified 2023-04-27 16:29:17 +02:00			`import java.net.URLEncoder;`
initial commit 2021-04-08 11:05:40 +02:00			`import java.util.ArrayList;`
			`import java.util.List;`

			`import javax.portlet.PortletException;`
			`import javax.portlet.RenderRequest;`
			`import javax.portlet.RenderResponse;`
			`import javax.portlet.ResourceRequest;`
			`import javax.portlet.ResourceResponse;`
			`import javax.servlet.http.HttpServletRequest;`

curl code, detailed instructions 2024-03-05 18:04:16 +01:00			`import java.util.Base64;`

initial commit 2021-04-08 11:05:40 +02:00			`import org.gcube.common.portal.PortalContext;`
Bug #23411 fix 2022-05-25 18:05:24 +02:00			`import org.gcube.common.scope.impl.ScopeBean;`
			`import org.gcube.common.scope.impl.ScopeBean.Type;`
Feature #24755 asks for a fresh token anytime the button is clicked 2023-03-20 16:59:44 +01:00			`import org.gcube.oidc.rest.JWTToken;`
			`import org.gcube.oidc.rest.OpenIdConnectConfiguration;`
			`import org.gcube.oidc.rest.OpenIdConnectRESTHelper;`
v 1.3.0, token exchange (#27099) 2024-03-25 16:46:58 +01:00			`//import org.gcube.oidc.rest.OpenIdConnectRESTHelper;`
curl code, detailed instructions 2024-03-05 18:04:16 +01:00			`import org.gcube.oidc.rest.OpenIdConnectRESTHelperException;`
- Feature #24755 verified 2023-04-27 16:29:17 +02:00			`import org.gcube.portal.oidc.lr62.JWTCacheProxy;`
Feature #24755 asks for a fresh token anytime the button is clicked 2023-03-20 16:59:44 +01:00			`import org.gcube.portal.oidc.lr62.LiferayOpenIdConnectConfiguration;`
initial commit 2021-04-08 11:05:40 +02:00			`import org.gcube.vomanagement.usermanagement.GroupManager;`
			`import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager;`
			`import org.gcube.vomanagement.usermanagement.model.GCubeGroup;`
Feature #24755 asks for a fresh token anytime the button is clicked 2023-03-20 16:59:44 +01:00
initial commit 2021-04-08 11:05:40 +02:00			`import com.liferay.portal.kernel.json.JSONFactoryUtil;`
			`import com.liferay.portal.kernel.json.JSONObject;`
curl code, detailed instructions 2024-03-05 18:04:16 +01:00			`import com.liferay.portal.kernel.json.JSONArray;`
Feature #24755 asks for a fresh token anytime the button is clicked 2023-03-20 16:59:44 +01:00			`import com.liferay.portal.kernel.log.LogFactoryUtil;`
initial commit 2021-04-08 11:05:40 +02:00			`import com.liferay.portal.kernel.util.ParamUtil;`
			`import com.liferay.portal.model.User;`
			`import com.liferay.portal.util.PortalUtil;`
			`import com.liferay.util.bridges.mvc.MVCPortlet;`

			`/**`
			`* Portlet implementation class RPTTokenReader`
			`*/`
			`public class RPTTokenReader extends MVCPortlet {`
Feature #24755 asks for a fresh token anytime the button is clicked 2023-03-20 16:59:44 +01:00			`private static com.liferay.portal.kernel.log.Log log = LogFactoryUtil.getLog(RPTTokenReader.class);`
initial commit 2021-04-08 11:05:40 +02:00
			`@Override`
v 1.3.0, token exchange (#27099) 2024-03-25 16:46:58 +01:00			`public void render(RenderRequest renderRequest, RenderResponse renderResponse)`
			`throws PortletException, IOException {`
initial commit 2021-04-08 11:05:40 +02:00			`GroupManager gm = new LiferayGroupManager();`
v 1.3.0, token exchange (#27099) 2024-03-25 16:46:58 +01:00			`try {`
initial commit 2021-04-08 11:05:40 +02:00			`User theUser = PortalUtil.getUser(renderRequest);`
Bug #23411 fix 2022-05-25 18:05:24 +02:00			`String currentContext = getCurrentContext(renderRequest);`
			`ScopeBean bean = new ScopeBean(currentContext);`
initial commit 2021-04-08 11:05:40 +02:00			`List<String> userContexts = new ArrayList<String>();`
v 1.3.0, token exchange (#27099) 2024-03-25 16:46:58 +01:00			`List<String> vreContexts = new ArrayList<String>();`
Bug #23411 fix 2022-05-25 18:05:24 +02:00			`List<GCubeGroup> userGroups = gm.listGroupsByUser(theUser.getUserId());`
			`if (bean.is(Type.VRE)) {`
			`userContexts.add(currentContext);`
v 1.3.0, token exchange (#27099) 2024-03-25 16:46:58 +01:00			`vreContexts.add(currentContext);`
			`} else {`
Bug #23411 fix 2022-05-25 18:05:24 +02:00			`for (GCubeGroup g : userGroups) {`
v 1.3.0, token exchange (#27099) 2024-03-25 16:46:58 +01:00			`// skipping these sites`
			`if (!(g.getFriendlyURL().equals("/guest") \|\| g.getFriendlyURL().equals("/global"))) {`
Bug #23411 fix 2022-05-25 18:05:24 +02:00			`if (g.getGroupName().equals(PortalContext.getConfiguration().getInfrastructureName())) {`
			`String context = gm.getInfrastructureScope(g.getGroupId());`
			`userContexts.add(context);`
v 1.3.0, token exchange (#27099) 2024-03-25 16:46:58 +01:00			`if (context.split("/").length == 4){`
			`vreContexts.add(context);`
			`}`
Bug #23411 fix 2022-05-25 18:05:24 +02:00			`}`
			`if (g.getParentGroupId() > 0) {`
			`String context = gm.getInfrastructureScope(g.getGroupId());`
			`userContexts.add(context);`
v 1.3.0, token exchange (#27099) 2024-03-25 16:46:58 +01:00			`if (context.split("/").length == 4){`
			`vreContexts.add(context);`
			`}`
Bug #23411 fix 2022-05-25 18:05:24 +02:00			`}`
			`}`
initial commit 2021-04-08 11:05:40 +02:00			`}`
			`}`
			`renderRequest.setAttribute("userGroups", userGroups);`
			`renderRequest.setAttribute("userContexts", userContexts);`
v 1.3.0, token exchange (#27099) 2024-03-25 16:46:58 +01:00			`renderRequest.setAttribute("vreContexts", vreContexts);`
initial commit 2021-04-08 11:05:40 +02:00			`} catch (Exception e) {`
			`e.printStackTrace();`
			`}`
v 1.3.0, token exchange (#27099) 2024-03-25 16:46:58 +01:00			`super.render(renderRequest, renderResponse);`
initial commit 2021-04-08 11:05:40 +02:00			`}`

v 1.3.0, token exchange (#27099) 2024-03-25 16:46:58 +01:00			`public void serveResource(ResourceRequest resourceRequest, ResourceResponse resourceResponse)`
			`throws IOException, PortletException {`
initial commit 2021-04-08 11:05:40 +02:00			`String context = ParamUtil.getString(resourceRequest, "context", null);`
v 1.3.0, token exchange (#27099) 2024-03-25 16:46:58 +01:00			`System.out.println("Selected context=" + context);`
			`HttpServletRequest httpReq = PortalUtil`
			`.getOriginalServletRequest(PortalUtil.getHttpServletRequest(resourceRequest));`
initial commit 2021-04-08 11:05:40 +02:00			`JWTToken umaToken = null;`
v 1.3.0, token exchange (#27099) 2024-03-25 16:46:58 +01:00			`JWTToken exchangedToken = null;`

			`GroupManager gm = new LiferayGroupManager();`
curl code, detailed instructions 2024-03-05 18:04:16 +01:00

			`resourceResponse.setContentType("application/json");`
			`JSONObject jsonObject = JSONFactoryUtil.createJSONObject();`

initial commit 2021-04-08 11:05:40 +02:00			`try {`
- Feature #24755 verified 2023-04-27 16:29:17 +02:00			`User theUser = PortalUtil.getUser(resourceRequest);`
			`OpenIdConnectConfiguration configuration = LiferayOpenIdConnectConfiguration.getConfiguration(httpReq);`
v 1.3.0, token exchange (#27099) 2024-03-25 16:46:58 +01:00
curl code, detailed instructions 2024-03-05 18:04:16 +01:00			`jsonObject.put("token_url", configuration.getTokenURL().toString());`
- Feature #24755 verified 2023-04-27 16:29:17 +02:00			`JWTCacheProxy jwtCacheProxy = JWTCacheProxy.getInstance();`
v 1.3.0, token exchange (#27099) 2024-03-25 16:46:58 +01:00			`String sessionId = httpReq.getSession().getId();`
- Feature #24755 verified 2023-04-27 16:29:17 +02:00			`String urlEncodedContext = null;`
			`try {`
			`urlEncodedContext = URLEncoder.encode(context, "UTF-8");`
			`} catch (UnsupportedEncodingException e) {`
			`// Almost impossible`
			`log.error("Cannot URL encode context", e);`
			`}`
v 1.3.0, token exchange (#27099) 2024-03-25 16:46:58 +01:00
- Feature #24755 verified 2023-04-27 16:29:17 +02:00			`JWTToken authToken = jwtCacheProxy.getOIDCToken(theUser, sessionId);`
v 1.3.0, token exchange (#27099) 2024-03-25 16:46:58 +01:00			`umaToken = OpenIdConnectRESTHelper.queryUMAToken(configuration.getTokenURL(),`
			`authToken.getAccessTokenAsBearer(), urlEncodedContext, null);`

			`// URL auth_url = configuration.getTokenURL();`
			`// log.info("auth_url " + auth_url);`
			`// log.info("authToken " + authToken.getAccessTokenString());`
			`// log.info("umaToken " + umaToken.getAccessTokenString());`
			`// log.info("context " + context);`
			`// log.info("encoded_context " + urlEncodedContext);`
			`// log.info("client_id " + configuration.getPortalClientId());`
			`// log.info("client_secret " + configuration.getPortalClientSecret());`

			`exchangedToken = OpenIdConnectRESTHelperExtended.queryExchangeToken(`
			`configuration.getTokenURL(),`
			`umaToken.getAccessTokenString(),`
			`urlEncodedContext,`
			`configuration.getPortalClientId(),`
			`configuration.getPortalClientSecret(),`
			`null);`


			`// log.info("exchangedToken " + exchangedToken.getAccessTokenString());`

			`// log.debug("Got a new UMA token " + exchangedToken.getTokenEssentials());`
curl code, detailed instructions 2024-03-05 18:04:16 +01:00			`} catch (OpenIdConnectRESTHelperException e) {`
			`resourceResponse.setProperty(ResourceResponse.HTTP_STATUS_CODE, "" + e.getStatus());`
v 1.3.0, token exchange (#27099) 2024-03-25 16:46:58 +01:00
curl code, detailed instructions 2024-03-05 18:04:16 +01:00			`e.printStackTrace();`
			`jsonObject.put("success", false);`
			`jsonObject.put("comment", e.getMessage());`
v 1.3.0, token exchange (#27099) 2024-03-25 16:46:58 +01:00			`resourceResponse.getWriter().println(jsonObject);`
curl code, detailed instructions 2024-03-05 18:04:16 +01:00			`super.serveResource(resourceRequest, resourceResponse);`
			`return;`
initial commit 2021-04-08 11:05:40 +02:00			`} catch (Exception e) {`
			`e.printStackTrace();`
			`jsonObject.put("success", false);`
			`jsonObject.put("comment", e.getMessage());`
v 1.3.0, token exchange (#27099) 2024-03-25 16:46:58 +01:00			`resourceResponse.getWriter().println(jsonObject);`
initial commit 2021-04-08 11:05:40 +02:00			`super.serveResource(resourceRequest, resourceResponse);`
curl code, detailed instructions 2024-03-05 18:04:16 +01:00			`return;`
initial commit 2021-04-08 11:05:40 +02:00			`}`
curl code, detailed instructions 2024-03-05 18:04:16 +01:00
			`// } catch (Exception e) {`
v 1.3.0, token exchange (#27099) 2024-03-25 16:46:58 +01:00			`// e.printStackTrace();`
			`// JSONObject jsonObject = JSONFactoryUtil.createJSONObject();`
			`// jsonObject.put("success", false);`
			`// jsonObject.put("comment", e.getMessage());`
			`// resourceResponse.getWriter().println(jsonObject);`
			`// super.serveResource(resourceRequest, resourceResponse);`
			`// }`
curl code, detailed instructions 2024-03-05 18:04:16 +01:00
initial commit 2021-04-08 11:05:40 +02:00			`jsonObject.put("success", true);`
v 1.3.0, token exchange (#27099) 2024-03-25 16:46:58 +01:00			`jsonObject.put("access_token", exchangedToken.getAccessTokenString());`
			`jsonObject.put("refresh_token", exchangedToken.getRefreshTokenString());`
curl code, detailed instructions 2024-03-05 18:04:16 +01:00
v 1.3.0, token exchange (#27099) 2024-03-25 16:46:58 +01:00			`jsonObject.put("raw_token", exchangedToken.getRaw());`

			`jsonObject.put("access_token_exp", exchangedToken.getExp());`
			`jsonObject.put("essential", exchangedToken.getTokenEssentials());`
curl code, detailed instructions 2024-03-05 18:04:16 +01:00
			`jsonObject.put("client_id", umaToken.getAzp());`

v 1.3.0, token exchange (#27099) 2024-03-25 16:46:58 +01:00			`JSONArray audiences = JSONFactoryUtil.createJSONArray();`
			`List<String> list_audiences = exchangedToken.getAud();`
curl code, detailed instructions 2024-03-05 18:04:16 +01:00			`for (int i = 0; i < list_audiences.size(); i++) {`
			`audiences.put((String) list_audiences.get(i));`
			`}`
			`jsonObject.put("audience", audiences);`

v 1.3.0, token exchange (#27099) 2024-03-25 16:46:58 +01:00			`resourceResponse.getWriter().println(jsonObject);`
initial commit 2021-04-08 11:05:40 +02:00			`super.serveResource(resourceRequest, resourceResponse);`
			`}`
Bug #23411 fix 2022-05-25 18:05:24 +02:00
			`private String getCurrentContext(RenderRequest request) {`
			`long groupId = -1;`
			`try {`
			`groupId = PortalUtil.getScopeGroupId(request);`
			`return getCurrentContext(groupId);`
			`} catch (Exception e) {`
			`e.printStackTrace();`
			`}`
			`return null;`
			`}`

v 1.3.0, token exchange (#27099) 2024-03-25 16:46:58 +01:00			`private String getCurrentContext(long groupId) {`
Bug #23411 fix 2022-05-25 18:05:24 +02:00			`try {`
v 1.3.0, token exchange (#27099) 2024-03-25 16:46:58 +01:00			`PortalContext pContext = PortalContext.getConfiguration();`
			`return pContext.getCurrentScope("" + groupId);`
Bug #23411 fix 2022-05-25 18:05:24 +02:00			`} catch (Exception e) {`
			`e.printStackTrace();`
			`}`
			`return null;`
			`}`
initial commit 2021-04-08 11:05:40 +02:00			`}`