Beta version
This commit is contained in:
parent
40fdbe773f
commit
ee7a088be2
23
.classpath
23
.classpath
|
@ -1,5 +1,16 @@
|
||||||
<?xml version="1.0" encoding="UTF-8"?>
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
<classpath>
|
<classpath>
|
||||||
|
<classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER">
|
||||||
|
<attributes>
|
||||||
|
<attribute name="maven.pomderived" value="true"/>
|
||||||
|
</attributes>
|
||||||
|
</classpathentry>
|
||||||
|
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.8">
|
||||||
|
<attributes>
|
||||||
|
<attribute name="maven.pomderived" value="true"/>
|
||||||
|
</attributes>
|
||||||
|
</classpathentry>
|
||||||
|
<classpathentry kind="con" path="org.eclipse.jdt.junit.JUNIT_CONTAINER/4"/>
|
||||||
<classpathentry kind="src" output="target/classes" path="src/main/java">
|
<classpathentry kind="src" output="target/classes" path="src/main/java">
|
||||||
<attributes>
|
<attributes>
|
||||||
<attribute name="optional" value="true"/>
|
<attribute name="optional" value="true"/>
|
||||||
|
@ -10,18 +21,8 @@
|
||||||
<attributes>
|
<attributes>
|
||||||
<attribute name="optional" value="true"/>
|
<attribute name="optional" value="true"/>
|
||||||
<attribute name="maven.pomderived" value="true"/>
|
<attribute name="maven.pomderived" value="true"/>
|
||||||
|
<attribute name="test" value="true"/>
|
||||||
</attributes>
|
</attributes>
|
||||||
</classpathentry>
|
</classpathentry>
|
||||||
<classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER">
|
|
||||||
<attributes>
|
|
||||||
<attribute name="maven.pomderived" value="true"/>
|
|
||||||
</attributes>
|
|
||||||
</classpathentry>
|
|
||||||
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER">
|
|
||||||
<attributes>
|
|
||||||
<attribute name="maven.pomderived" value="true"/>
|
|
||||||
</attributes>
|
|
||||||
</classpathentry>
|
|
||||||
<classpathentry kind="con" path="org.eclipse.jdt.junit.JUNIT_CONTAINER/4"/>
|
|
||||||
<classpathentry kind="output" path="target/classes"/>
|
<classpathentry kind="output" path="target/classes"/>
|
||||||
</classpath>
|
</classpath>
|
||||||
|
|
|
@ -1,5 +1,8 @@
|
||||||
eclipse.preferences.version=1
|
eclipse.preferences.version=1
|
||||||
org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.7
|
org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.8
|
||||||
org.eclipse.jdt.core.compiler.compliance=1.7
|
org.eclipse.jdt.core.compiler.compliance=1.8
|
||||||
|
org.eclipse.jdt.core.compiler.problem.enablePreviewFeatures=disabled
|
||||||
org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
|
org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
|
||||||
org.eclipse.jdt.core.compiler.source=1.7
|
org.eclipse.jdt.core.compiler.problem.reportPreviewFeatures=ignore
|
||||||
|
org.eclipse.jdt.core.compiler.release=disabled
|
||||||
|
org.eclipse.jdt.core.compiler.source=1.8
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
activeProfiles=
|
activeProfiles=gcube-developer
|
||||||
eclipse.preferences.version=1
|
eclipse.preferences.version=1
|
||||||
resolveWorkspaceProjects=true
|
resolveWorkspaceProjects=true
|
||||||
version=1
|
version=1
|
||||||
|
|
43
pom.xml
43
pom.xml
|
@ -11,7 +11,7 @@
|
||||||
|
|
||||||
<groupId>org.gcube.portal</groupId>
|
<groupId>org.gcube.portal</groupId>
|
||||||
<artifactId>threadlocal-vars-cleaner</artifactId>
|
<artifactId>threadlocal-vars-cleaner</artifactId>
|
||||||
<version>2.1.1</version>
|
<version>2.2.0</version>
|
||||||
<packaging>jar</packaging>
|
<packaging>jar</packaging>
|
||||||
<name>threadlocal-vars-cleaner</name>
|
<name>threadlocal-vars-cleaner</name>
|
||||||
<description>This component clean the Smartgears ThreadLocal variables each time a new Thread is assigned to a request from tomcat thread pool</description>
|
<description>This component clean the Smartgears ThreadLocal variables each time a new Thread is assigned to a request from tomcat thread pool</description>
|
||||||
|
@ -61,11 +61,22 @@
|
||||||
<artifactId>portal-manager</artifactId>
|
<artifactId>portal-manager</artifactId>
|
||||||
<scope>provided</scope>
|
<scope>provided</scope>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.gcube.portal</groupId>
|
||||||
|
<artifactId>oidc-library-portal</artifactId>
|
||||||
|
<version>[0.1.0,)</version>
|
||||||
|
<scope>provided</scope>
|
||||||
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>com.liferay.portal</groupId>
|
<groupId>com.liferay.portal</groupId>
|
||||||
<artifactId>portal-service</artifactId>
|
<artifactId>portal-service</artifactId>
|
||||||
<scope>provided</scope>
|
<scope>provided</scope>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>javax.portlet</groupId>
|
||||||
|
<artifactId>portlet-api</artifactId>
|
||||||
|
<scope>provided</scope>
|
||||||
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.slf4j</groupId>
|
<groupId>org.slf4j</groupId>
|
||||||
<artifactId>slf4j-api</artifactId>
|
<artifactId>slf4j-api</artifactId>
|
||||||
|
@ -81,21 +92,21 @@
|
||||||
<build>
|
<build>
|
||||||
<finalName>threadlocal-vars-cleaner-${project.version}</finalName>
|
<finalName>threadlocal-vars-cleaner-${project.version}</finalName>
|
||||||
<plugins>
|
<plugins>
|
||||||
<plugin>
|
<!-- <plugin> -->
|
||||||
<groupId>org.apache.maven.plugins</groupId>
|
<!-- <groupId>org.apache.maven.plugins</groupId> -->
|
||||||
<artifactId>maven-war-plugin</artifactId>
|
<!-- <artifactId>maven-war-plugin</artifactId> -->
|
||||||
<executions>
|
<!-- <executions> -->
|
||||||
<execution>
|
<!-- <execution> -->
|
||||||
<phase>compile</phase>
|
<!-- <phase>compile</phase> -->
|
||||||
<goals>
|
<!-- <goals> -->
|
||||||
<goal>exploded</goal>
|
<!-- <goal>exploded</goal> -->
|
||||||
</goals>
|
<!-- </goals> -->
|
||||||
</execution>
|
<!-- </execution> -->
|
||||||
</executions>
|
<!-- </executions> -->
|
||||||
<configuration>
|
<!-- <configuration> -->
|
||||||
<webappDirectory>${webappDirectory}</webappDirectory>
|
<!-- <webappDirectory>${webappDirectory}</webappDirectory> -->
|
||||||
</configuration>
|
<!-- </configuration> -->
|
||||||
</plugin>
|
<!-- </plugin> -->
|
||||||
<plugin>
|
<plugin>
|
||||||
<groupId>org.apache.maven.plugins</groupId>
|
<groupId>org.apache.maven.plugins</groupId>
|
||||||
<artifactId>maven-compiler-plugin</artifactId>
|
<artifactId>maven-compiler-plugin</artifactId>
|
||||||
|
|
|
@ -3,11 +3,14 @@ package org.gcube.portal.threadlocalexec;
|
||||||
import static org.gcube.common.authorization.client.Constants.authorizationService;
|
import static org.gcube.common.authorization.client.Constants.authorizationService;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
import java.io.UnsupportedEncodingException;
|
||||||
|
import java.net.URLEncoder;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
import javax.servlet.ServletException;
|
import javax.servlet.ServletException;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
import javax.servlet.http.HttpSession;
|
||||||
|
|
||||||
import org.apache.catalina.connector.Request;
|
import org.apache.catalina.connector.Request;
|
||||||
import org.apache.catalina.connector.Response;
|
import org.apache.catalina.connector.Response;
|
||||||
|
@ -15,31 +18,41 @@ import org.apache.catalina.valves.ValveBase;
|
||||||
import org.gcube.common.authorization.client.exceptions.ObjectNotFound;
|
import org.gcube.common.authorization.client.exceptions.ObjectNotFound;
|
||||||
import org.gcube.common.authorization.library.provider.AuthorizationProvider;
|
import org.gcube.common.authorization.library.provider.AuthorizationProvider;
|
||||||
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
|
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
|
||||||
|
import org.gcube.common.authorization.library.provider.UmaJWTProvider;
|
||||||
import org.gcube.common.authorization.library.provider.UserInfo;
|
import org.gcube.common.authorization.library.provider.UserInfo;
|
||||||
import org.gcube.common.portal.PortalContext;
|
import org.gcube.common.portal.PortalContext;
|
||||||
import org.gcube.common.scope.api.ScopeProvider;
|
import org.gcube.common.scope.api.ScopeProvider;
|
||||||
import org.gcube.common.scope.impl.ScopeBean;
|
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
|
import com.liferay.portal.model.User;
|
||||||
import com.liferay.portal.service.UserLocalServiceUtil;
|
import com.liferay.portal.service.UserLocalServiceUtil;
|
||||||
|
import com.nubisware.oidc.lr62.JWTTokenUtil;
|
||||||
|
import com.nubisware.oidc.lr62.LiferayOpenIdConnectConfiguration;
|
||||||
|
import com.nubisware.oidc.lr62.OIDCTokenProxy;
|
||||||
|
import com.nubisware.oidc.rest.JWTToken;
|
||||||
|
import com.nubisware.oidc.rest.OpenIdConnectConfiguration;
|
||||||
|
import com.nubisware.oidc.rest.OpenIdConnectRESTHelper;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
*
|
*
|
||||||
* @author Massimiliano Assante, CNR ISTI
|
* @author Massimiliano Assante, CNR ISTI
|
||||||
* @author Lucio Lelii, CNR ISTI
|
* @author Lucio Lelii, CNR ISTI
|
||||||
|
* @author Mauro Mugnaini, Nubisware S.r.l.
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
public class SmartGearsPortalValve extends ValveBase {
|
public class SmartGearsPortalValve extends ValveBase {
|
||||||
|
|
||||||
private static final Logger _log = LoggerFactory.getLogger(SmartGearsPortalValve.class);
|
private static final Logger _log = LoggerFactory.getLogger(SmartGearsPortalValve.class);
|
||||||
private final static String DEFAULT_ROLE = "OrganizationMember";
|
private final static String DEFAULT_ROLE = "OrganizationMember";
|
||||||
private final static String LIFERAY_POLLER_CONTEXT = "poller/receive";
|
private final static String LIFERAY_POLLER_CONTEXT = "poller/receive";
|
||||||
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void invoke(Request req, Response resp) throws IOException, ServletException {
|
public void invoke(Request req, Response resp) throws IOException, ServletException {
|
||||||
SecurityTokenProvider.instance.reset();
|
SecurityTokenProvider.instance.reset();
|
||||||
ScopeProvider.instance.reset();
|
ScopeProvider.instance.reset();
|
||||||
AuthorizationProvider.instance.reset();
|
AuthorizationProvider.instance.reset();
|
||||||
|
UmaJWTProvider.instance.reset();
|
||||||
//_log.trace("SmartGearsPortalValve SecurityTokenProvider and AuthorizationProvider reset OK");
|
//_log.trace("SmartGearsPortalValve SecurityTokenProvider and AuthorizationProvider reset OK");
|
||||||
if (req instanceof HttpServletRequest) {
|
if (req instanceof HttpServletRequest) {
|
||||||
HttpServletRequest request = (HttpServletRequest) req;
|
HttpServletRequest request = (HttpServletRequest) req;
|
||||||
|
@ -53,16 +66,16 @@ public class SmartGearsPortalValve extends ValveBase {
|
||||||
ScopeProvider.instance.set(scope);
|
ScopeProvider.instance.set(scope);
|
||||||
userToken = authorizationService().resolveTokenByUserAndContext(username, scope);
|
userToken = authorizationService().resolveTokenByUserAndContext(username, scope);
|
||||||
SecurityTokenProvider.instance.set(userToken);
|
SecurityTokenProvider.instance.set(userToken);
|
||||||
}
|
} catch (ObjectNotFound ex) {
|
||||||
catch (ObjectNotFound ex) {
|
|
||||||
userToken = generateAuthorizationToken(username, scope);
|
userToken = generateAuthorizationToken(username, scope);
|
||||||
SecurityTokenProvider.instance.set(userToken);
|
SecurityTokenProvider.instance.set(userToken);
|
||||||
_log.debug("generateAuthorizationToken OK for " + username + " in scope " + scope);
|
_log.debug("generateAuthorizationToken OK for " + username + " in scope " + scope);
|
||||||
}
|
} catch (Exception e) {
|
||||||
catch (Exception e) {
|
|
||||||
_log.error("Something went wrong in generating token for " + username + " in scope " + scope);
|
_log.error("Something went wrong in generating token for " + username + " in scope " + scope);
|
||||||
e.printStackTrace();
|
e.printStackTrace();
|
||||||
}
|
}
|
||||||
|
checkUMATicket(request, scope);
|
||||||
|
|
||||||
//_log.trace("Security token set OK for " + username + " in scope " + scope);
|
//_log.trace("Security token set OK for " + username + " in scope " + scope);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -70,6 +83,112 @@ public class SmartGearsPortalValve extends ValveBase {
|
||||||
getNext().invoke(req, resp);
|
getNext().invoke(req, resp);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private void checkUMATicket(HttpServletRequest request, String scope) {
|
||||||
|
HttpSession session = request.getSession(false);
|
||||||
|
if (session == null) {
|
||||||
|
if (_log.isDebugEnabled()) {
|
||||||
|
_log.debug("Session is null");
|
||||||
|
}
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
if (_log.isTraceEnabled()) {
|
||||||
|
_log.trace("Session details: id=" + session.getId() + ", instance=" + session);
|
||||||
|
}
|
||||||
|
String urlEncodedScope = null;
|
||||||
|
try {
|
||||||
|
urlEncodedScope = URLEncoder.encode(scope, "UTF-8");
|
||||||
|
} catch (UnsupportedEncodingException e) {
|
||||||
|
_log.error("Cannot URL encode scope", e);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
if (_log.isDebugEnabled()) {
|
||||||
|
_log.debug("URL encoded scope is: " + urlEncodedScope);
|
||||||
|
_log.debug("Getting UMA token from session");
|
||||||
|
}
|
||||||
|
JWTToken umaToken = JWTTokenUtil.getUMAFromSession(session);
|
||||||
|
if (umaToken == null) {
|
||||||
|
if (_log.isDebugEnabled()) {
|
||||||
|
_log.debug("UMA token not found in session");
|
||||||
|
}
|
||||||
|
if (_log.isDebugEnabled()) {
|
||||||
|
_log.debug("Getting current user");
|
||||||
|
}
|
||||||
|
User user = getCurrentUser(request);
|
||||||
|
if (user == null) {
|
||||||
|
_log.error("Current user not found, cannot continue");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
if (_log.isDebugEnabled()) {
|
||||||
|
_log.debug("Trying to get UMA token from cache proxy");
|
||||||
|
}
|
||||||
|
umaToken = OIDCTokenProxy.getInstance().getUMAToken(user, session);
|
||||||
|
if (umaToken == null || !umaToken.getAud().contains(urlEncodedScope)) {
|
||||||
|
if (umaToken == null) {
|
||||||
|
if (_log.isDebugEnabled()) {
|
||||||
|
_log.debug("UMA token is null. Getting new one...");
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
_log.info("UMA token for another scope (" + umaToken.getAud() + "). Getting new one for scope: "
|
||||||
|
+ urlEncodedScope);
|
||||||
|
}
|
||||||
|
if (_log.isDebugEnabled()) {
|
||||||
|
_log.debug("Getting OIDC token from session");
|
||||||
|
}
|
||||||
|
JWTToken authToken = JWTTokenUtil.getOIDCFromSession(session);
|
||||||
|
if (authToken == null) {
|
||||||
|
if (_log.isDebugEnabled()) {
|
||||||
|
_log.debug("OIDC token not found in session. Trying to get it from cache proxy");
|
||||||
|
}
|
||||||
|
authToken = getOIDCTokeFromProxyAndSetInSession(user, request, session);
|
||||||
|
if (authToken == null) {
|
||||||
|
_log.error("OIDC token is null, cannot continue");
|
||||||
|
return;
|
||||||
|
} else {
|
||||||
|
if (_log.isDebugEnabled()) {
|
||||||
|
_log.debug("OIDC token found in cache proxy");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
_log.info("Getting UMA token from OIDC endpoint for scope: " + urlEncodedScope);
|
||||||
|
OpenIdConnectConfiguration configuration = LiferayOpenIdConnectConfiguration.getConfiguration(request);
|
||||||
|
try {
|
||||||
|
// TODO: handle the token expired case and renew it with refresh token.
|
||||||
|
umaToken = OpenIdConnectRESTHelper.queryUMAToken(configuration.getTokenUrl(),
|
||||||
|
authToken.getAsBearer(),
|
||||||
|
urlEncodedScope, null);
|
||||||
|
} catch (Exception e) {
|
||||||
|
_log.error("Getting UMA token from server", e);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
if (_log.isDebugEnabled()) {
|
||||||
|
_log.debug("Setting UMA token in cache proxy");
|
||||||
|
}
|
||||||
|
OIDCTokenProxy.getInstance().setRPTToken(user, session, umaToken);
|
||||||
|
if (_log.isDebugEnabled()) {
|
||||||
|
_log.debug("Setting UMA token in session");
|
||||||
|
}
|
||||||
|
JWTTokenUtil.putUMAInSession(umaToken, session);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (_log.isDebugEnabled()) {
|
||||||
|
_log.debug("Setting UMA token in UMA JWT provider");
|
||||||
|
}
|
||||||
|
UmaJWTProvider.instance.set(umaToken.getRaw());
|
||||||
|
}
|
||||||
|
|
||||||
|
private JWTToken getOIDCTokeFromProxyAndSetInSession(User user, HttpServletRequest request, HttpSession session) {
|
||||||
|
JWTToken token = OIDCTokenProxy.getInstance().getOIDCToken(user, session);
|
||||||
|
if (token == null) {
|
||||||
|
_log.warn("OIDC token is null also in cache proxy!");
|
||||||
|
} else {
|
||||||
|
if (_log.isDebugEnabled()) {
|
||||||
|
_log.debug("Setting OIDC token took from cache proxy in session");
|
||||||
|
}
|
||||||
|
JWTTokenUtil.putOIDCInSession(token, session);
|
||||||
|
}
|
||||||
|
return token;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
*
|
*
|
||||||
* @param context
|
* @param context
|
||||||
|
@ -79,8 +198,8 @@ public class SmartGearsPortalValve extends ValveBase {
|
||||||
String separator = "/";
|
String separator = "/";
|
||||||
if (!context.matches("\\S+"))
|
if (!context.matches("\\S+"))
|
||||||
return false;
|
return false;
|
||||||
String[] components=context.split(separator);
|
String[] components = context.split(separator);
|
||||||
if (components.length<2 || components.length>4)
|
if (components.length < 2 || components.length > 4)
|
||||||
return false;
|
return false;
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
@ -111,12 +230,17 @@ public class SmartGearsPortalValve extends ValveBase {
|
||||||
* @see GCubeUser
|
* @see GCubeUser
|
||||||
*/
|
*/
|
||||||
public static String getCurrentUsername(HttpServletRequest httpServletRequest) {
|
public static String getCurrentUsername(HttpServletRequest httpServletRequest) {
|
||||||
|
User user = getCurrentUser(httpServletRequest);
|
||||||
|
return user != null ? user.getScreenName() : null;
|
||||||
|
}
|
||||||
|
|
||||||
|
public static User getCurrentUser(HttpServletRequest httpServletRequest) {
|
||||||
String userIdNo = httpServletRequest.getHeader(PortalContext.USER_ID_ATTR_NAME);
|
String userIdNo = httpServletRequest.getHeader(PortalContext.USER_ID_ATTR_NAME);
|
||||||
if (userIdNo != null && userIdNo.compareTo("undefined") != 0) {
|
if (userIdNo != null && userIdNo.compareTo("undefined") != 0) {
|
||||||
long userId = -1;
|
long userId = -1;
|
||||||
try {
|
try {
|
||||||
userId = Long.parseLong(userIdNo);
|
userId = Long.parseLong(userIdNo);
|
||||||
return UserLocalServiceUtil.getUser(userId).getScreenName();
|
return UserLocalServiceUtil.getUser(userId);
|
||||||
} catch (NumberFormatException e) {
|
} catch (NumberFormatException e) {
|
||||||
_log.error("The userId is not a number -> " + userIdNo);
|
_log.error("The userId is not a number -> " + userIdNo);
|
||||||
return null;
|
return null;
|
||||||
|
@ -128,4 +252,3 @@ public class SmartGearsPortalValve extends ValveBase {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue