add token call
This commit is contained in:
parent
702f109cde
commit
922c000518
30
pom.xml
30
pom.xml
|
@ -29,11 +29,11 @@
|
||||||
<artifactId>mongo-java-driver</artifactId>
|
<artifactId>mongo-java-driver</artifactId>
|
||||||
<version>3.12.0</version>
|
<version>3.12.0</version>
|
||||||
</dependency>
|
</dependency>
|
||||||
<dependency>
|
<!--dependency>
|
||||||
<groupId>org.slf4j</groupId>
|
<groupId>org.slf4j</groupId>
|
||||||
<artifactId>slf4j-log4j12</artifactId>
|
<artifactId>slf4j-log4j12</artifactId>
|
||||||
<version>1.6.4</version>
|
<version>1.6.4</version>
|
||||||
</dependency>
|
</dependency-->
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>junit</groupId>
|
<groupId>junit</groupId>
|
||||||
<artifactId>junit</artifactId>
|
<artifactId>junit</artifactId>
|
||||||
|
@ -72,12 +72,28 @@
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.gcube.accounting</groupId>
|
<groupId>org.gcube.accounting</groupId>
|
||||||
<artifactId>accounting-lib</artifactId>
|
<artifactId>accounting-lib</artifactId>
|
||||||
<!-- <version>[2.0.0-SNAPSHOT, 3.0.0-SNAPSHOT)</version> -->
|
|
||||||
</dependency>
|
</dependency>
|
||||||
<!-- <dependency> -->
|
<dependency>
|
||||||
<!-- <groupId>org.gcube.common</groupId> -->
|
<groupId>org.gcube.common</groupId>
|
||||||
<!-- <artifactId>authorization-client</artifactId> -->
|
<artifactId>oidc-library</artifactId>
|
||||||
<!-- </dependency> -->
|
<version>[1.3.0-SNAPSHOT,2.0.0-SNAPSHOT)</version>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.slf4j</groupId>
|
||||||
|
<artifactId>slf4j-simple</artifactId>
|
||||||
|
<version>1.7.25</version>
|
||||||
|
<scope>test</scope>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.slf4j</groupId>
|
||||||
|
<artifactId>slf4j-api</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>com.googlecode.json-simple</groupId>
|
||||||
|
<artifactId>json-simple</artifactId>
|
||||||
|
<version>1.1</version>
|
||||||
|
<scope>provided</scope>
|
||||||
|
</dependency>
|
||||||
</dependencies>
|
</dependencies>
|
||||||
<build>
|
<build>
|
||||||
<plugins>
|
<plugins>
|
||||||
|
|
|
@ -1,9 +1,13 @@
|
||||||
package org.gcube.contentmanager.storageserver.consumer;
|
package org.gcube.contentmanager.storageserver.consumer;
|
||||||
|
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.net.MalformedURLException;
|
||||||
|
import java.net.URL;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
import org.bson.types.ObjectId;
|
import org.bson.types.ObjectId;
|
||||||
import org.gcube.accounting.datamodel.usagerecords.StorageUsageRecord;
|
import org.gcube.accounting.datamodel.usagerecords.StorageUsageRecord;
|
||||||
|
import org.gcube.common.authorization.library.provider.UmaJWTProvider;
|
||||||
import org.gcube.common.scope.api.ScopeProvider;
|
import org.gcube.common.scope.api.ScopeProvider;
|
||||||
import org.gcube.contentmanager.storageserver.accounting.Report;
|
import org.gcube.contentmanager.storageserver.accounting.Report;
|
||||||
import org.gcube.contentmanager.storageserver.accounting.ReportConfig;
|
import org.gcube.contentmanager.storageserver.accounting.ReportConfig;
|
||||||
|
@ -14,6 +18,10 @@ import org.gcube.contentmanager.storageserver.data.OpLogRemoteObject;
|
||||||
import org.gcube.contentmanager.storageserver.parse.utils.ValidationUtils;
|
import org.gcube.contentmanager.storageserver.parse.utils.ValidationUtils;
|
||||||
import org.gcube.contentmanager.storageserver.store.MongoDB;
|
import org.gcube.contentmanager.storageserver.store.MongoDB;
|
||||||
import org.gcube.contentmanager.storageserver.store.StorageStatusObject;
|
import org.gcube.contentmanager.storageserver.store.StorageStatusObject;
|
||||||
|
import org.gcube.contentmanager.storageserver.utils.Utils;
|
||||||
|
import org.gcube.oidc.rest.JWTToken;
|
||||||
|
import org.gcube.oidc.rest.OpenIdConnectRESTHelper;
|
||||||
|
import org.gcube.oidc.rest.OpenIdConnectRESTHelperException;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
|
@ -30,15 +38,21 @@ public class UserAccountingConsumer extends Thread{
|
||||||
private String op;
|
private String op;
|
||||||
private String user;
|
private String user;
|
||||||
private String password;
|
private String password;
|
||||||
|
private String clientId;
|
||||||
|
private String secret;
|
||||||
|
private String oidcEndpoint;
|
||||||
String[] server;
|
String[] server;
|
||||||
List<String> dtsHosts;
|
List<String> dtsHosts;
|
||||||
// private String id;
|
// private String id;
|
||||||
|
|
||||||
public UserAccountingConsumer(String[] srvs, CubbyHole c, int number,List<String> dtsHosts){
|
public UserAccountingConsumer(String[] srvs, CubbyHole c, int number,List<String> dtsHosts, String clientId, String secret, String authEndpoint){
|
||||||
this.c=c;
|
this.c=c;
|
||||||
this.number=number;
|
this.number=number;
|
||||||
this.server=srvs;
|
this.server=srvs;
|
||||||
this.dtsHosts=dtsHosts;
|
this.dtsHosts=dtsHosts;
|
||||||
|
this.clientId=clientId;
|
||||||
|
this.secret=secret;
|
||||||
|
this.oidcEndpoint=authEndpoint;
|
||||||
// init the accounting report
|
// init the accounting report
|
||||||
try {
|
try {
|
||||||
init();
|
init();
|
||||||
|
@ -47,13 +61,17 @@ public class UserAccountingConsumer extends Thread{
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public UserAccountingConsumer(String[] srvs, String user, String password, CubbyHole c, int number, List<String> dtsHosts){
|
public UserAccountingConsumer(String[] srvs, String user, String password, CubbyHole c, int number, List<String> dtsHosts, String clientId, String secret, String authEndpoint){
|
||||||
this.c=c;
|
this.c=c;
|
||||||
this.number=number;
|
this.number=number;
|
||||||
this.server=srvs;
|
this.server=srvs;
|
||||||
this.dtsHosts=dtsHosts;
|
this.dtsHosts=dtsHosts;
|
||||||
this.user=user;
|
this.user=user;
|
||||||
this.password=password;
|
this.password=password;
|
||||||
|
this.clientId=clientId;
|
||||||
|
this.secret=secret;
|
||||||
|
this.oidcEndpoint=authEndpoint;
|
||||||
|
|
||||||
// init the accounting report
|
// init the accounting report
|
||||||
try {
|
try {
|
||||||
init();
|
init();
|
||||||
|
@ -225,11 +243,15 @@ public class UserAccountingConsumer extends Thread{
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private void report(OpLogRemoteObject record, String scope, String totVolume, String totCount) {
|
private void report(OpLogRemoteObject record, String scope, String totVolume, String totCount) throws MalformedURLException, OpenIdConnectRESTHelperException{
|
||||||
|
|
||||||
// ACCOUNTING CALL TYPE: STORAGE USAGE
|
// ACCOUNTING CALL TYPE: STORAGE USAGE
|
||||||
StorageUsageRecord sur=report.setGenericProperties(null, "storage-usage", record.getLastUser(), scope, record.getCreationTime(), record.getLastAccess(), record.getOwner(), record.getLastOperation(), record.getLength()+"");
|
StorageUsageRecord sur=report.setGenericProperties(null, "storage-usage", record.getLastUser(), scope, record.getCreationTime(), record.getLastAccess(), record.getOwner(), record.getLastOperation(), record.getLength()+"");
|
||||||
sur=report.setSpecificProperties(sur, record.getFilename(), "STORAGE", record.getCallerIp(), record.getId());
|
sur=report.setSpecificProperties(sur, record.getFilename(), "STORAGE", record.getCallerIp(), record.getId());
|
||||||
logger.info("[accounting call] type: storage usage ");
|
logger.info("[accounting call] type: storage usage ");
|
||||||
|
URL oidcAddress=new URL(oidcEndpoint);
|
||||||
|
Utils.setToken(oidcAddress, clientId, secret);
|
||||||
|
logger.debug("sending record to the accounting");
|
||||||
report.printRecord(sur);
|
report.printRecord(sur);
|
||||||
report.send(sur);
|
report.send(sur);
|
||||||
}
|
}
|
||||||
|
@ -257,5 +279,28 @@ public class UserAccountingConsumer extends Thread{
|
||||||
}else logger.error("Scope bad format: scope not retrieved from string: "+filename);
|
}else logger.error("Scope bad format: scope not retrieved from string: "+filename);
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public JWTToken setToken(String oidcEndpoint, String clientId, String secret) {
|
||||||
|
String context=ScopeProvider.instance.get();
|
||||||
|
logger.info(clientId+" getting the UMAtoken for context "+context);
|
||||||
|
URL oidcAddress = null;
|
||||||
|
JWTToken token =null;
|
||||||
|
try {
|
||||||
|
oidcAddress = new URL(oidcEndpoint);
|
||||||
|
} catch (MalformedURLException e) {
|
||||||
|
logger.error("Malformed URL "+e);
|
||||||
|
e.printStackTrace();
|
||||||
|
}
|
||||||
|
try {
|
||||||
|
logger.debug("from "+oidcEndpoint);
|
||||||
|
token = OpenIdConnectRESTHelper.queryUMAToken(oidcAddress, clientId, secret, context, null);
|
||||||
|
logger.info("UMA token retrieved for context "+context);
|
||||||
|
UmaJWTProvider.instance.set(token.toString());
|
||||||
|
} catch (OpenIdConnectRESTHelperException e) {
|
||||||
|
logger.error( "failed to contacting the OIDC provider!", e );
|
||||||
|
}
|
||||||
|
return token;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -33,10 +33,13 @@ public class Configuration {
|
||||||
private boolean activeDTSFilter;
|
private boolean activeDTSFilter;
|
||||||
private static final String STORAGE_SE_CATEGORY="DataStorage";
|
private static final String STORAGE_SE_CATEGORY="DataStorage";
|
||||||
private static final String STORAGE_SE_NAME="StorageManager";
|
private static final String STORAGE_SE_NAME="StorageManager";
|
||||||
private static final String SYSTEM_SE_CATEGORY="DataStorage";
|
private static final String SYSTEM_SE_CATEGORY="SystemService";
|
||||||
private static final String SYSTEM_SE_NAME="StorageManager";
|
private static final String SYSTEM_SE_NAME="storage-manager-trigger";
|
||||||
private static final String ACCOUNTING_USERNAME="accounting_user";
|
private static final String ACCOUNTING_USERNAME="accounting_user";
|
||||||
private static final String ACCOUNTING_PASSWORDNAME="accounting_pwd";
|
private static final String ACCOUNTING_PASSWORDNAME="accounting_pwd";
|
||||||
|
private static final String AUTH_SE_CATEGORY="Auth";
|
||||||
|
private static final String AUTH_SE_NAME="IAM";
|
||||||
|
private static final Object AUTH_SE_AP_NAME = "d4science-oidc-token";
|
||||||
protected String clientId;
|
protected String clientId;
|
||||||
protected String secret;
|
protected String secret;
|
||||||
|
|
||||||
|
@ -359,6 +362,7 @@ public class Configuration {
|
||||||
}
|
}
|
||||||
|
|
||||||
public void setClientId(String clientId) {
|
public void setClientId(String clientId) {
|
||||||
|
logger.debug("clientID "+clientId);
|
||||||
this.clientId = clientId;
|
this.clientId = clientId;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -370,6 +374,23 @@ public class Configuration {
|
||||||
this.secret = secret;
|
this.secret = secret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
String getOidcEndpoint() {
|
||||||
|
logger.debug("query for Auth serviceEndpoint ongoing...");
|
||||||
|
SimpleQuery query = queryFor(ServiceEndpoint.class);
|
||||||
|
query.addCondition("$resource/Profile/Category/text() eq '"+AUTH_SE_CATEGORY+"' and $resource/Profile/Name eq '"+AUTH_SE_NAME+"' ");
|
||||||
|
DiscoveryClient<ServiceEndpoint> client = clientFor(ServiceEndpoint.class);
|
||||||
|
List<ServiceEndpoint> resources = client.submit(query);
|
||||||
|
if (resources.size() > 0) {
|
||||||
|
logger.debug("resource found on IS");
|
||||||
|
for (AccessPoint ap:resources.get(0).profile().accessPoints()) {
|
||||||
|
if (ap.name().equals(AUTH_SE_AP_NAME)) {
|
||||||
|
return ap.address();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
throw new RuntimeException("accessPoint "+AUTH_SE_AP_NAME+" not found on SE "+AUTH_SE_CATEGORY+" - "+AUTH_SE_NAME);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -20,6 +20,7 @@ public class Startup {
|
||||||
private static ServiceEndpoint system_se;
|
private static ServiceEndpoint system_se;
|
||||||
private static String clientId;
|
private static String clientId;
|
||||||
private static String secret;
|
private static String secret;
|
||||||
|
private static String oidcEndpoint;
|
||||||
|
|
||||||
public static void main(String[] args) {
|
public static void main(String[] args) {
|
||||||
|
|
||||||
|
@ -57,6 +58,7 @@ public class Startup {
|
||||||
}
|
}
|
||||||
clientId=cfg.getClientId();
|
clientId=cfg.getClientId();
|
||||||
secret=cfg.getSecret();
|
secret=cfg.getSecret();
|
||||||
|
oidcEndpoint=cfg.getOidcEndpoint();
|
||||||
String[] server=retrieveServerConfiguration(cfg);
|
String[] server=retrieveServerConfiguration(cfg);
|
||||||
|
|
||||||
List<String> dtsHosts=null;//retrieveDTSConfiguration(cfg);
|
List<String> dtsHosts=null;//retrieveDTSConfiguration(cfg);
|
||||||
|
@ -82,10 +84,10 @@ public class Startup {
|
||||||
String[] server, List<String> dtsHosts, CubbyHole c1) {
|
String[] server, List<String> dtsHosts, CubbyHole c1) {
|
||||||
UserAccountingConsumer ssConsumer=null;
|
UserAccountingConsumer ssConsumer=null;
|
||||||
if(user!=null && password != null)
|
if(user!=null && password != null)
|
||||||
ssConsumer=new UserAccountingConsumer(server, user, password, c1, 1, dtsHosts);
|
ssConsumer=new UserAccountingConsumer(server, user, password, c1, 1, dtsHosts, clientId, secret, oidcEndpoint);
|
||||||
|
|
||||||
else //if(args.length == 4)
|
else //if(args.length == 4)
|
||||||
ssConsumer=new UserAccountingConsumer(server, c1, 1, dtsHosts);
|
ssConsumer=new UserAccountingConsumer(server, c1, 1, dtsHosts, clientId, secret, oidcEndpoint);
|
||||||
// else{
|
// else{
|
||||||
// throw new IllegalArgumentException("input parameter are incorrect");
|
// throw new IllegalArgumentException("input parameter are incorrect");
|
||||||
// }
|
// }
|
||||||
|
|
|
@ -0,0 +1,29 @@
|
||||||
|
package org.gcube.contentmanager.storageserver.utils;
|
||||||
|
|
||||||
|
import java.net.MalformedURLException;
|
||||||
|
import java.net.URL;
|
||||||
|
|
||||||
|
import org.gcube.common.authorization.library.provider.UmaJWTProvider;
|
||||||
|
import org.gcube.common.scope.api.ScopeProvider;
|
||||||
|
import org.gcube.oidc.rest.JWTToken;
|
||||||
|
import org.gcube.oidc.rest.OpenIdConnectRESTHelper;
|
||||||
|
import org.gcube.oidc.rest.OpenIdConnectRESTHelperException;
|
||||||
|
import org.slf4j.Logger;
|
||||||
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
|
public class Utils {
|
||||||
|
|
||||||
|
private static final Logger logger = LoggerFactory.getLogger(Utils.class);
|
||||||
|
|
||||||
|
public static JWTToken setToken(URL oidcAddress, String clientId, String secret) throws OpenIdConnectRESTHelperException {
|
||||||
|
String context=ScopeProvider.instance.get();
|
||||||
|
logger.info(clientId+" getting the UMAtoken for context "+context);
|
||||||
|
JWTToken token =null;
|
||||||
|
logger.debug("from "+oidcAddress);
|
||||||
|
token = OpenIdConnectRESTHelper.queryUMAToken(oidcAddress, clientId, secret, context, null);
|
||||||
|
logger.info("UMA token retrieved for context "+context);
|
||||||
|
UmaJWTProvider.instance.set(token.toString());
|
||||||
|
return token;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,48 @@
|
||||||
|
package org.gcube.contentmanager.storageserver.test;
|
||||||
|
|
||||||
|
import static org.junit.Assert.assertNotNull;
|
||||||
|
|
||||||
|
import java.io.StringReader;
|
||||||
|
import java.net.MalformedURLException;
|
||||||
|
import java.net.URL;
|
||||||
|
|
||||||
|
import org.bson.json.JsonReader;
|
||||||
|
import org.gcube.common.scope.api.ScopeProvider;
|
||||||
|
import org.gcube.contentmanager.storageserver.utils.Utils;
|
||||||
|
import org.gcube.oidc.rest.JWTToken;
|
||||||
|
import org.gcube.oidc.rest.OpenIdConnectRESTHelperException;
|
||||||
|
import org.junit.Test;
|
||||||
|
import org.slf4j.Logger;
|
||||||
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
|
public class TokenTest {
|
||||||
|
|
||||||
|
URL oidcEndpoint = null;
|
||||||
|
String clientId="storage-manager-trigger";//"robcomp";//"storage-manager-trigger";//"robcomp";//
|
||||||
|
String secret="e2591a99-b694-4dbe-8f7b-9755a3db80af";//"0fec31cb-23c3-44e2-9359-d6db6784b7d3";//"e2591a99-b694-4dbe-8f7b-9755a3db80af";//"0fec31cb-23c3-44e2-9359-d6db6784b7d3";/
|
||||||
|
String context ="/gcube"; // "/gcube/devNext/NextNext";
|
||||||
|
private static Logger logger= LoggerFactory.getLogger(TokenTest.class);
|
||||||
|
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void test() {
|
||||||
|
try {
|
||||||
|
oidcEndpoint=new URL("https://accounts.dev.d4science.org/auth/realms/d4science/protocol/openid-connect/token");
|
||||||
|
} catch (MalformedURLException e) {
|
||||||
|
// TODO Auto-generated catch block
|
||||||
|
e.printStackTrace();
|
||||||
|
}
|
||||||
|
ScopeProvider.instance.set(context);
|
||||||
|
JWTToken token=null;
|
||||||
|
try {
|
||||||
|
token = Utils.setToken(oidcEndpoint, clientId, secret);
|
||||||
|
} catch (Exception e) {
|
||||||
|
// TODO Auto-generated catch block
|
||||||
|
e.printStackTrace();
|
||||||
|
}
|
||||||
|
assertNotNull(token);
|
||||||
|
|
||||||
|
logger.info("token found "+token);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
Loading…
Reference in New Issue