add token call
This commit is contained in:
parent
702f109cde
commit
922c000518
30
pom.xml
30
pom.xml
|
@ -29,11 +29,11 @@
|
|||
<artifactId>mongo-java-driver</artifactId>
|
||||
<version>3.12.0</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<!--dependency>
|
||||
<groupId>org.slf4j</groupId>
|
||||
<artifactId>slf4j-log4j12</artifactId>
|
||||
<version>1.6.4</version>
|
||||
</dependency>
|
||||
</dependency-->
|
||||
<dependency>
|
||||
<groupId>junit</groupId>
|
||||
<artifactId>junit</artifactId>
|
||||
|
@ -72,12 +72,28 @@
|
|||
<dependency>
|
||||
<groupId>org.gcube.accounting</groupId>
|
||||
<artifactId>accounting-lib</artifactId>
|
||||
<!-- <version>[2.0.0-SNAPSHOT, 3.0.0-SNAPSHOT)</version> -->
|
||||
</dependency>
|
||||
<!-- <dependency> -->
|
||||
<!-- <groupId>org.gcube.common</groupId> -->
|
||||
<!-- <artifactId>authorization-client</artifactId> -->
|
||||
<!-- </dependency> -->
|
||||
<dependency>
|
||||
<groupId>org.gcube.common</groupId>
|
||||
<artifactId>oidc-library</artifactId>
|
||||
<version>[1.3.0-SNAPSHOT,2.0.0-SNAPSHOT)</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.slf4j</groupId>
|
||||
<artifactId>slf4j-simple</artifactId>
|
||||
<version>1.7.25</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.slf4j</groupId>
|
||||
<artifactId>slf4j-api</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>com.googlecode.json-simple</groupId>
|
||||
<artifactId>json-simple</artifactId>
|
||||
<version>1.1</version>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
<build>
|
||||
<plugins>
|
||||
|
|
|
@ -1,9 +1,13 @@
|
|||
package org.gcube.contentmanager.storageserver.consumer;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.net.MalformedURLException;
|
||||
import java.net.URL;
|
||||
import java.util.List;
|
||||
|
||||
import org.bson.types.ObjectId;
|
||||
import org.gcube.accounting.datamodel.usagerecords.StorageUsageRecord;
|
||||
import org.gcube.common.authorization.library.provider.UmaJWTProvider;
|
||||
import org.gcube.common.scope.api.ScopeProvider;
|
||||
import org.gcube.contentmanager.storageserver.accounting.Report;
|
||||
import org.gcube.contentmanager.storageserver.accounting.ReportConfig;
|
||||
|
@ -14,6 +18,10 @@ import org.gcube.contentmanager.storageserver.data.OpLogRemoteObject;
|
|||
import org.gcube.contentmanager.storageserver.parse.utils.ValidationUtils;
|
||||
import org.gcube.contentmanager.storageserver.store.MongoDB;
|
||||
import org.gcube.contentmanager.storageserver.store.StorageStatusObject;
|
||||
import org.gcube.contentmanager.storageserver.utils.Utils;
|
||||
import org.gcube.oidc.rest.JWTToken;
|
||||
import org.gcube.oidc.rest.OpenIdConnectRESTHelper;
|
||||
import org.gcube.oidc.rest.OpenIdConnectRESTHelperException;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
|
@ -30,15 +38,21 @@ public class UserAccountingConsumer extends Thread{
|
|||
private String op;
|
||||
private String user;
|
||||
private String password;
|
||||
private String clientId;
|
||||
private String secret;
|
||||
private String oidcEndpoint;
|
||||
String[] server;
|
||||
List<String> dtsHosts;
|
||||
// private String id;
|
||||
|
||||
public UserAccountingConsumer(String[] srvs, CubbyHole c, int number,List<String> dtsHosts){
|
||||
public UserAccountingConsumer(String[] srvs, CubbyHole c, int number,List<String> dtsHosts, String clientId, String secret, String authEndpoint){
|
||||
this.c=c;
|
||||
this.number=number;
|
||||
this.server=srvs;
|
||||
this.dtsHosts=dtsHosts;
|
||||
this.clientId=clientId;
|
||||
this.secret=secret;
|
||||
this.oidcEndpoint=authEndpoint;
|
||||
// init the accounting report
|
||||
try {
|
||||
init();
|
||||
|
@ -47,13 +61,17 @@ public class UserAccountingConsumer extends Thread{
|
|||
}
|
||||
}
|
||||
|
||||
public UserAccountingConsumer(String[] srvs, String user, String password, CubbyHole c, int number, List<String> dtsHosts){
|
||||
public UserAccountingConsumer(String[] srvs, String user, String password, CubbyHole c, int number, List<String> dtsHosts, String clientId, String secret, String authEndpoint){
|
||||
this.c=c;
|
||||
this.number=number;
|
||||
this.server=srvs;
|
||||
this.dtsHosts=dtsHosts;
|
||||
this.user=user;
|
||||
this.password=password;
|
||||
this.clientId=clientId;
|
||||
this.secret=secret;
|
||||
this.oidcEndpoint=authEndpoint;
|
||||
|
||||
// init the accounting report
|
||||
try {
|
||||
init();
|
||||
|
@ -225,11 +243,15 @@ public class UserAccountingConsumer extends Thread{
|
|||
|
||||
}
|
||||
|
||||
private void report(OpLogRemoteObject record, String scope, String totVolume, String totCount) {
|
||||
private void report(OpLogRemoteObject record, String scope, String totVolume, String totCount) throws MalformedURLException, OpenIdConnectRESTHelperException{
|
||||
|
||||
// ACCOUNTING CALL TYPE: STORAGE USAGE
|
||||
StorageUsageRecord sur=report.setGenericProperties(null, "storage-usage", record.getLastUser(), scope, record.getCreationTime(), record.getLastAccess(), record.getOwner(), record.getLastOperation(), record.getLength()+"");
|
||||
sur=report.setSpecificProperties(sur, record.getFilename(), "STORAGE", record.getCallerIp(), record.getId());
|
||||
logger.info("[accounting call] type: storage usage ");
|
||||
URL oidcAddress=new URL(oidcEndpoint);
|
||||
Utils.setToken(oidcAddress, clientId, secret);
|
||||
logger.debug("sending record to the accounting");
|
||||
report.printRecord(sur);
|
||||
report.send(sur);
|
||||
}
|
||||
|
@ -257,5 +279,28 @@ public class UserAccountingConsumer extends Thread{
|
|||
}else logger.error("Scope bad format: scope not retrieved from string: "+filename);
|
||||
return null;
|
||||
}
|
||||
|
||||
public JWTToken setToken(String oidcEndpoint, String clientId, String secret) {
|
||||
String context=ScopeProvider.instance.get();
|
||||
logger.info(clientId+" getting the UMAtoken for context "+context);
|
||||
URL oidcAddress = null;
|
||||
JWTToken token =null;
|
||||
try {
|
||||
oidcAddress = new URL(oidcEndpoint);
|
||||
} catch (MalformedURLException e) {
|
||||
logger.error("Malformed URL "+e);
|
||||
e.printStackTrace();
|
||||
}
|
||||
try {
|
||||
logger.debug("from "+oidcEndpoint);
|
||||
token = OpenIdConnectRESTHelper.queryUMAToken(oidcAddress, clientId, secret, context, null);
|
||||
logger.info("UMA token retrieved for context "+context);
|
||||
UmaJWTProvider.instance.set(token.toString());
|
||||
} catch (OpenIdConnectRESTHelperException e) {
|
||||
logger.error( "failed to contacting the OIDC provider!", e );
|
||||
}
|
||||
return token;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
|
|
@ -33,10 +33,13 @@ public class Configuration {
|
|||
private boolean activeDTSFilter;
|
||||
private static final String STORAGE_SE_CATEGORY="DataStorage";
|
||||
private static final String STORAGE_SE_NAME="StorageManager";
|
||||
private static final String SYSTEM_SE_CATEGORY="DataStorage";
|
||||
private static final String SYSTEM_SE_NAME="StorageManager";
|
||||
private static final String SYSTEM_SE_CATEGORY="SystemService";
|
||||
private static final String SYSTEM_SE_NAME="storage-manager-trigger";
|
||||
private static final String ACCOUNTING_USERNAME="accounting_user";
|
||||
private static final String ACCOUNTING_PASSWORDNAME="accounting_pwd";
|
||||
private static final String AUTH_SE_CATEGORY="Auth";
|
||||
private static final String AUTH_SE_NAME="IAM";
|
||||
private static final Object AUTH_SE_AP_NAME = "d4science-oidc-token";
|
||||
protected String clientId;
|
||||
protected String secret;
|
||||
|
||||
|
@ -359,6 +362,7 @@ public class Configuration {
|
|||
}
|
||||
|
||||
public void setClientId(String clientId) {
|
||||
logger.debug("clientID "+clientId);
|
||||
this.clientId = clientId;
|
||||
}
|
||||
|
||||
|
@ -370,6 +374,23 @@ public class Configuration {
|
|||
this.secret = secret;
|
||||
}
|
||||
|
||||
String getOidcEndpoint() {
|
||||
logger.debug("query for Auth serviceEndpoint ongoing...");
|
||||
SimpleQuery query = queryFor(ServiceEndpoint.class);
|
||||
query.addCondition("$resource/Profile/Category/text() eq '"+AUTH_SE_CATEGORY+"' and $resource/Profile/Name eq '"+AUTH_SE_NAME+"' ");
|
||||
DiscoveryClient<ServiceEndpoint> client = clientFor(ServiceEndpoint.class);
|
||||
List<ServiceEndpoint> resources = client.submit(query);
|
||||
if (resources.size() > 0) {
|
||||
logger.debug("resource found on IS");
|
||||
for (AccessPoint ap:resources.get(0).profile().accessPoints()) {
|
||||
if (ap.name().equals(AUTH_SE_AP_NAME)) {
|
||||
return ap.address();
|
||||
}
|
||||
}
|
||||
}
|
||||
throw new RuntimeException("accessPoint "+AUTH_SE_AP_NAME+" not found on SE "+AUTH_SE_CATEGORY+" - "+AUTH_SE_NAME);
|
||||
}
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
|
|
@ -20,6 +20,7 @@ public class Startup {
|
|||
private static ServiceEndpoint system_se;
|
||||
private static String clientId;
|
||||
private static String secret;
|
||||
private static String oidcEndpoint;
|
||||
|
||||
public static void main(String[] args) {
|
||||
|
||||
|
@ -57,6 +58,7 @@ public class Startup {
|
|||
}
|
||||
clientId=cfg.getClientId();
|
||||
secret=cfg.getSecret();
|
||||
oidcEndpoint=cfg.getOidcEndpoint();
|
||||
String[] server=retrieveServerConfiguration(cfg);
|
||||
|
||||
List<String> dtsHosts=null;//retrieveDTSConfiguration(cfg);
|
||||
|
@ -82,10 +84,10 @@ public class Startup {
|
|||
String[] server, List<String> dtsHosts, CubbyHole c1) {
|
||||
UserAccountingConsumer ssConsumer=null;
|
||||
if(user!=null && password != null)
|
||||
ssConsumer=new UserAccountingConsumer(server, user, password, c1, 1, dtsHosts);
|
||||
ssConsumer=new UserAccountingConsumer(server, user, password, c1, 1, dtsHosts, clientId, secret, oidcEndpoint);
|
||||
|
||||
else //if(args.length == 4)
|
||||
ssConsumer=new UserAccountingConsumer(server, c1, 1, dtsHosts);
|
||||
ssConsumer=new UserAccountingConsumer(server, c1, 1, dtsHosts, clientId, secret, oidcEndpoint);
|
||||
// else{
|
||||
// throw new IllegalArgumentException("input parameter are incorrect");
|
||||
// }
|
||||
|
|
|
@ -0,0 +1,29 @@
|
|||
package org.gcube.contentmanager.storageserver.utils;
|
||||
|
||||
import java.net.MalformedURLException;
|
||||
import java.net.URL;
|
||||
|
||||
import org.gcube.common.authorization.library.provider.UmaJWTProvider;
|
||||
import org.gcube.common.scope.api.ScopeProvider;
|
||||
import org.gcube.oidc.rest.JWTToken;
|
||||
import org.gcube.oidc.rest.OpenIdConnectRESTHelper;
|
||||
import org.gcube.oidc.rest.OpenIdConnectRESTHelperException;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
public class Utils {
|
||||
|
||||
private static final Logger logger = LoggerFactory.getLogger(Utils.class);
|
||||
|
||||
public static JWTToken setToken(URL oidcAddress, String clientId, String secret) throws OpenIdConnectRESTHelperException {
|
||||
String context=ScopeProvider.instance.get();
|
||||
logger.info(clientId+" getting the UMAtoken for context "+context);
|
||||
JWTToken token =null;
|
||||
logger.debug("from "+oidcAddress);
|
||||
token = OpenIdConnectRESTHelper.queryUMAToken(oidcAddress, clientId, secret, context, null);
|
||||
logger.info("UMA token retrieved for context "+context);
|
||||
UmaJWTProvider.instance.set(token.toString());
|
||||
return token;
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,48 @@
|
|||
package org.gcube.contentmanager.storageserver.test;
|
||||
|
||||
import static org.junit.Assert.assertNotNull;
|
||||
|
||||
import java.io.StringReader;
|
||||
import java.net.MalformedURLException;
|
||||
import java.net.URL;
|
||||
|
||||
import org.bson.json.JsonReader;
|
||||
import org.gcube.common.scope.api.ScopeProvider;
|
||||
import org.gcube.contentmanager.storageserver.utils.Utils;
|
||||
import org.gcube.oidc.rest.JWTToken;
|
||||
import org.gcube.oidc.rest.OpenIdConnectRESTHelperException;
|
||||
import org.junit.Test;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
public class TokenTest {
|
||||
|
||||
URL oidcEndpoint = null;
|
||||
String clientId="storage-manager-trigger";//"robcomp";//"storage-manager-trigger";//"robcomp";//
|
||||
String secret="e2591a99-b694-4dbe-8f7b-9755a3db80af";//"0fec31cb-23c3-44e2-9359-d6db6784b7d3";//"e2591a99-b694-4dbe-8f7b-9755a3db80af";//"0fec31cb-23c3-44e2-9359-d6db6784b7d3";/
|
||||
String context ="/gcube"; // "/gcube/devNext/NextNext";
|
||||
private static Logger logger= LoggerFactory.getLogger(TokenTest.class);
|
||||
|
||||
|
||||
@Test
|
||||
public void test() {
|
||||
try {
|
||||
oidcEndpoint=new URL("https://accounts.dev.d4science.org/auth/realms/d4science/protocol/openid-connect/token");
|
||||
} catch (MalformedURLException e) {
|
||||
// TODO Auto-generated catch block
|
||||
e.printStackTrace();
|
||||
}
|
||||
ScopeProvider.instance.set(context);
|
||||
JWTToken token=null;
|
||||
try {
|
||||
token = Utils.setToken(oidcEndpoint, clientId, secret);
|
||||
} catch (Exception e) {
|
||||
// TODO Auto-generated catch block
|
||||
e.printStackTrace();
|
||||
}
|
||||
assertNotNull(token);
|
||||
|
||||
logger.info("token found "+token);
|
||||
}
|
||||
|
||||
}
|
Loading…
Reference in New Issue