diff --git a/pom.xml b/pom.xml
index fdf7090..b76f163 100644
--- a/pom.xml
+++ b/pom.xml
@@ -29,11 +29,11 @@
mongo-java-driver
3.12.0
-
+
junit
junit
@@ -72,12 +72,28 @@
org.gcube.accounting
accounting-lib
-
-
-
-
-
+
+ org.gcube.common
+ oidc-library
+ [1.3.0-SNAPSHOT,2.0.0-SNAPSHOT)
+
+
+ org.slf4j
+ slf4j-simple
+ 1.7.25
+ test
+
+
+ org.slf4j
+ slf4j-api
+
+
+ com.googlecode.json-simple
+ json-simple
+ 1.1
+ provided
+
diff --git a/src/main/java/org/gcube/contentmanager/storageserver/consumer/UserAccountingConsumer.java b/src/main/java/org/gcube/contentmanager/storageserver/consumer/UserAccountingConsumer.java
index 5de74ba..63fb310 100644
--- a/src/main/java/org/gcube/contentmanager/storageserver/consumer/UserAccountingConsumer.java
+++ b/src/main/java/org/gcube/contentmanager/storageserver/consumer/UserAccountingConsumer.java
@@ -1,9 +1,13 @@
package org.gcube.contentmanager.storageserver.consumer;
+import java.io.IOException;
+import java.net.MalformedURLException;
+import java.net.URL;
import java.util.List;
import org.bson.types.ObjectId;
import org.gcube.accounting.datamodel.usagerecords.StorageUsageRecord;
+import org.gcube.common.authorization.library.provider.UmaJWTProvider;
import org.gcube.common.scope.api.ScopeProvider;
import org.gcube.contentmanager.storageserver.accounting.Report;
import org.gcube.contentmanager.storageserver.accounting.ReportConfig;
@@ -14,6 +18,10 @@ import org.gcube.contentmanager.storageserver.data.OpLogRemoteObject;
import org.gcube.contentmanager.storageserver.parse.utils.ValidationUtils;
import org.gcube.contentmanager.storageserver.store.MongoDB;
import org.gcube.contentmanager.storageserver.store.StorageStatusObject;
+import org.gcube.contentmanager.storageserver.utils.Utils;
+import org.gcube.oidc.rest.JWTToken;
+import org.gcube.oidc.rest.OpenIdConnectRESTHelper;
+import org.gcube.oidc.rest.OpenIdConnectRESTHelperException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -30,15 +38,21 @@ public class UserAccountingConsumer extends Thread{
private String op;
private String user;
private String password;
+ private String clientId;
+ private String secret;
+ private String oidcEndpoint;
String[] server;
List dtsHosts;
// private String id;
- public UserAccountingConsumer(String[] srvs, CubbyHole c, int number,List dtsHosts){
+ public UserAccountingConsumer(String[] srvs, CubbyHole c, int number,List dtsHosts, String clientId, String secret, String authEndpoint){
this.c=c;
this.number=number;
this.server=srvs;
this.dtsHosts=dtsHosts;
+ this.clientId=clientId;
+ this.secret=secret;
+ this.oidcEndpoint=authEndpoint;
// init the accounting report
try {
init();
@@ -47,13 +61,17 @@ public class UserAccountingConsumer extends Thread{
}
}
- public UserAccountingConsumer(String[] srvs, String user, String password, CubbyHole c, int number, List dtsHosts){
+ public UserAccountingConsumer(String[] srvs, String user, String password, CubbyHole c, int number, List dtsHosts, String clientId, String secret, String authEndpoint){
this.c=c;
this.number=number;
this.server=srvs;
this.dtsHosts=dtsHosts;
this.user=user;
this.password=password;
+ this.clientId=clientId;
+ this.secret=secret;
+ this.oidcEndpoint=authEndpoint;
+
// init the accounting report
try {
init();
@@ -225,11 +243,15 @@ public class UserAccountingConsumer extends Thread{
}
- private void report(OpLogRemoteObject record, String scope, String totVolume, String totCount) {
+ private void report(OpLogRemoteObject record, String scope, String totVolume, String totCount) throws MalformedURLException, OpenIdConnectRESTHelperException{
+
// ACCOUNTING CALL TYPE: STORAGE USAGE
StorageUsageRecord sur=report.setGenericProperties(null, "storage-usage", record.getLastUser(), scope, record.getCreationTime(), record.getLastAccess(), record.getOwner(), record.getLastOperation(), record.getLength()+"");
sur=report.setSpecificProperties(sur, record.getFilename(), "STORAGE", record.getCallerIp(), record.getId());
logger.info("[accounting call] type: storage usage ");
+ URL oidcAddress=new URL(oidcEndpoint);
+ Utils.setToken(oidcAddress, clientId, secret);
+ logger.debug("sending record to the accounting");
report.printRecord(sur);
report.send(sur);
}
@@ -257,5 +279,28 @@ public class UserAccountingConsumer extends Thread{
}else logger.error("Scope bad format: scope not retrieved from string: "+filename);
return null;
}
+
+ public JWTToken setToken(String oidcEndpoint, String clientId, String secret) {
+ String context=ScopeProvider.instance.get();
+ logger.info(clientId+" getting the UMAtoken for context "+context);
+ URL oidcAddress = null;
+ JWTToken token =null;
+ try {
+ oidcAddress = new URL(oidcEndpoint);
+ } catch (MalformedURLException e) {
+ logger.error("Malformed URL "+e);
+ e.printStackTrace();
+ }
+ try {
+ logger.debug("from "+oidcEndpoint);
+ token = OpenIdConnectRESTHelper.queryUMAToken(oidcAddress, clientId, secret, context, null);
+ logger.info("UMA token retrieved for context "+context);
+ UmaJWTProvider.instance.set(token.toString());
+ } catch (OpenIdConnectRESTHelperException e) {
+ logger.error( "failed to contacting the OIDC provider!", e );
+ }
+ return token;
+ }
+
}
diff --git a/src/main/java/org/gcube/contentmanager/storageserver/startup/Configuration.java b/src/main/java/org/gcube/contentmanager/storageserver/startup/Configuration.java
index 2a10cec..b5b70dd 100644
--- a/src/main/java/org/gcube/contentmanager/storageserver/startup/Configuration.java
+++ b/src/main/java/org/gcube/contentmanager/storageserver/startup/Configuration.java
@@ -33,10 +33,13 @@ public class Configuration {
private boolean activeDTSFilter;
private static final String STORAGE_SE_CATEGORY="DataStorage";
private static final String STORAGE_SE_NAME="StorageManager";
- private static final String SYSTEM_SE_CATEGORY="DataStorage";
- private static final String SYSTEM_SE_NAME="StorageManager";
+ private static final String SYSTEM_SE_CATEGORY="SystemService";
+ private static final String SYSTEM_SE_NAME="storage-manager-trigger";
private static final String ACCOUNTING_USERNAME="accounting_user";
private static final String ACCOUNTING_PASSWORDNAME="accounting_pwd";
+ private static final String AUTH_SE_CATEGORY="Auth";
+ private static final String AUTH_SE_NAME="IAM";
+ private static final Object AUTH_SE_AP_NAME = "d4science-oidc-token";
protected String clientId;
protected String secret;
@@ -359,6 +362,7 @@ public class Configuration {
}
public void setClientId(String clientId) {
+ logger.debug("clientID "+clientId);
this.clientId = clientId;
}
@@ -370,6 +374,23 @@ public class Configuration {
this.secret = secret;
}
+ String getOidcEndpoint() {
+ logger.debug("query for Auth serviceEndpoint ongoing...");
+ SimpleQuery query = queryFor(ServiceEndpoint.class);
+ query.addCondition("$resource/Profile/Category/text() eq '"+AUTH_SE_CATEGORY+"' and $resource/Profile/Name eq '"+AUTH_SE_NAME+"' ");
+ DiscoveryClient client = clientFor(ServiceEndpoint.class);
+ List resources = client.submit(query);
+ if (resources.size() > 0) {
+ logger.debug("resource found on IS");
+ for (AccessPoint ap:resources.get(0).profile().accessPoints()) {
+ if (ap.name().equals(AUTH_SE_AP_NAME)) {
+ return ap.address();
+ }
+ }
+ }
+ throw new RuntimeException("accessPoint "+AUTH_SE_AP_NAME+" not found on SE "+AUTH_SE_CATEGORY+" - "+AUTH_SE_NAME);
+ }
+
}
diff --git a/src/main/java/org/gcube/contentmanager/storageserver/startup/Startup.java b/src/main/java/org/gcube/contentmanager/storageserver/startup/Startup.java
index eff2e24..131d7aa 100644
--- a/src/main/java/org/gcube/contentmanager/storageserver/startup/Startup.java
+++ b/src/main/java/org/gcube/contentmanager/storageserver/startup/Startup.java
@@ -20,6 +20,7 @@ public class Startup {
private static ServiceEndpoint system_se;
private static String clientId;
private static String secret;
+ private static String oidcEndpoint;
public static void main(String[] args) {
@@ -57,6 +58,7 @@ public class Startup {
}
clientId=cfg.getClientId();
secret=cfg.getSecret();
+ oidcEndpoint=cfg.getOidcEndpoint();
String[] server=retrieveServerConfiguration(cfg);
List dtsHosts=null;//retrieveDTSConfiguration(cfg);
@@ -82,10 +84,10 @@ public class Startup {
String[] server, List dtsHosts, CubbyHole c1) {
UserAccountingConsumer ssConsumer=null;
if(user!=null && password != null)
- ssConsumer=new UserAccountingConsumer(server, user, password, c1, 1, dtsHosts);
+ ssConsumer=new UserAccountingConsumer(server, user, password, c1, 1, dtsHosts, clientId, secret, oidcEndpoint);
else //if(args.length == 4)
- ssConsumer=new UserAccountingConsumer(server, c1, 1, dtsHosts);
+ ssConsumer=new UserAccountingConsumer(server, c1, 1, dtsHosts, clientId, secret, oidcEndpoint);
// else{
// throw new IllegalArgumentException("input parameter are incorrect");
// }
diff --git a/src/main/java/org/gcube/contentmanager/storageserver/utils/Utils.java b/src/main/java/org/gcube/contentmanager/storageserver/utils/Utils.java
new file mode 100644
index 0000000..7df4938
--- /dev/null
+++ b/src/main/java/org/gcube/contentmanager/storageserver/utils/Utils.java
@@ -0,0 +1,29 @@
+package org.gcube.contentmanager.storageserver.utils;
+
+import java.net.MalformedURLException;
+import java.net.URL;
+
+import org.gcube.common.authorization.library.provider.UmaJWTProvider;
+import org.gcube.common.scope.api.ScopeProvider;
+import org.gcube.oidc.rest.JWTToken;
+import org.gcube.oidc.rest.OpenIdConnectRESTHelper;
+import org.gcube.oidc.rest.OpenIdConnectRESTHelperException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class Utils {
+
+ private static final Logger logger = LoggerFactory.getLogger(Utils.class);
+
+ public static JWTToken setToken(URL oidcAddress, String clientId, String secret) throws OpenIdConnectRESTHelperException {
+ String context=ScopeProvider.instance.get();
+ logger.info(clientId+" getting the UMAtoken for context "+context);
+ JWTToken token =null;
+ logger.debug("from "+oidcAddress);
+ token = OpenIdConnectRESTHelper.queryUMAToken(oidcAddress, clientId, secret, context, null);
+ logger.info("UMA token retrieved for context "+context);
+ UmaJWTProvider.instance.set(token.toString());
+ return token;
+ }
+
+}
diff --git a/src/test/java/org/gcube/contentmanager/storageserver/test/TokenTest.java b/src/test/java/org/gcube/contentmanager/storageserver/test/TokenTest.java
new file mode 100644
index 0000000..f22afca
--- /dev/null
+++ b/src/test/java/org/gcube/contentmanager/storageserver/test/TokenTest.java
@@ -0,0 +1,48 @@
+package org.gcube.contentmanager.storageserver.test;
+
+import static org.junit.Assert.assertNotNull;
+
+import java.io.StringReader;
+import java.net.MalformedURLException;
+import java.net.URL;
+
+import org.bson.json.JsonReader;
+import org.gcube.common.scope.api.ScopeProvider;
+import org.gcube.contentmanager.storageserver.utils.Utils;
+import org.gcube.oidc.rest.JWTToken;
+import org.gcube.oidc.rest.OpenIdConnectRESTHelperException;
+import org.junit.Test;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class TokenTest {
+
+ URL oidcEndpoint = null;
+ String clientId="storage-manager-trigger";//"robcomp";//"storage-manager-trigger";//"robcomp";//
+ String secret="e2591a99-b694-4dbe-8f7b-9755a3db80af";//"0fec31cb-23c3-44e2-9359-d6db6784b7d3";//"e2591a99-b694-4dbe-8f7b-9755a3db80af";//"0fec31cb-23c3-44e2-9359-d6db6784b7d3";/
+ String context ="/gcube"; // "/gcube/devNext/NextNext";
+ private static Logger logger= LoggerFactory.getLogger(TokenTest.class);
+
+
+ @Test
+ public void test() {
+ try {
+ oidcEndpoint=new URL("https://accounts.dev.d4science.org/auth/realms/d4science/protocol/openid-connect/token");
+ } catch (MalformedURLException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ ScopeProvider.instance.set(context);
+ JWTToken token=null;
+ try {
+ token = Utils.setToken(oidcEndpoint, clientId, secret);
+ } catch (Exception e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ assertNotNull(token);
+
+ logger.info("token found "+token);
+ }
+
+}