Now the workspace creation is done with the UMA Token
This commit is contained in:
parent
44db458e1a
commit
f634c525ef
|
@ -0,0 +1,7 @@
|
||||||
|
<root>
|
||||||
|
<facet id="jst.jaxrs">
|
||||||
|
<node name="libprov">
|
||||||
|
<attribute name="provider-id" value="jaxrs-no-op-library-provider"/>
|
||||||
|
</node>
|
||||||
|
</facet>
|
||||||
|
</root>
|
|
@ -5,4 +5,5 @@
|
||||||
<installed facet="liferay.hook" version="6.0"/>
|
<installed facet="liferay.hook" version="6.0"/>
|
||||||
<installed facet="wst.jsdt.web" version="1.0"/>
|
<installed facet="wst.jsdt.web" version="1.0"/>
|
||||||
<installed facet="java" version="1.8"/>
|
<installed facet="java" version="1.8"/>
|
||||||
|
<installed facet="jst.jaxrs" version="2.0"/>
|
||||||
</faceted-project>
|
</faceted-project>
|
||||||
|
|
|
@ -3,10 +3,14 @@ import java.util.ArrayList;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
|
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
|
||||||
|
import org.gcube.common.authorization.library.provider.UmaJWTProvider;
|
||||||
|
|
||||||
import static org.gcube.common.authorization.client.Constants.authorizationService;
|
import static org.gcube.common.authorization.client.Constants.authorizationService;
|
||||||
import org.gcube.common.portal.PortalContext;
|
import org.gcube.common.portal.PortalContext;
|
||||||
import org.gcube.common.scope.api.ScopeProvider;
|
import org.gcube.common.scope.api.ScopeProvider;
|
||||||
import org.gcube.common.storagehub.client.dsl.StorageHubClient;
|
import org.gcube.common.storagehub.client.dsl.StorageHubClient;
|
||||||
|
import org.gcube.common.storagehub.model.exceptions.UserNotAuthorizedException;
|
||||||
|
import org.gcube.portal.oidc.lr62.OIDCUmaUtil;
|
||||||
import org.gcube.vomanagement.usermanagement.RoleManager;
|
import org.gcube.vomanagement.usermanagement.RoleManager;
|
||||||
import org.gcube.vomanagement.usermanagement.UserManager;
|
import org.gcube.vomanagement.usermanagement.UserManager;
|
||||||
import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager;
|
import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager;
|
||||||
|
@ -30,7 +34,9 @@ public class WorkspaceCreateAccountThread implements Runnable {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void run() {
|
public void run() {
|
||||||
|
|
||||||
getWS(newUserUserName, "/"+PortalContext.getConfiguration().getInfrastructureName());
|
getWS(newUserUserName, "/"+PortalContext.getConfiguration().getInfrastructureName());
|
||||||
|
|
||||||
}
|
}
|
||||||
public static void getWS(String currentUsername, String context) {
|
public static void getWS(String currentUsername, String context) {
|
||||||
String username = currentUsername;
|
String username = currentUsername;
|
||||||
|
@ -38,6 +44,7 @@ public class WorkspaceCreateAccountThread implements Runnable {
|
||||||
SecurityTokenProvider.instance.set(authorizationToken);
|
SecurityTokenProvider.instance.set(authorizationToken);
|
||||||
ScopeProvider.instance.set(context);
|
ScopeProvider.instance.set(context);
|
||||||
String previousToken = authorizationToken;
|
String previousToken = authorizationToken;
|
||||||
|
String previousUMAToken = UmaJWTProvider.instance.get();
|
||||||
try {
|
try {
|
||||||
//get the super user
|
//get the super user
|
||||||
String infraContext = "/"+PortalContext.getConfiguration().getInfrastructureName();
|
String infraContext = "/"+PortalContext.getConfiguration().getInfrastructureName();
|
||||||
|
@ -52,6 +59,7 @@ public class WorkspaceCreateAccountThread implements Runnable {
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
GCubeUser theAdmin = users.get(0);
|
GCubeUser theAdmin = users.get(0);
|
||||||
|
_log.debug("Using admin user: " + theAdmin.getUsername() + " to trigger ws creation for new user: " + username);
|
||||||
String theAdminToken = PortalContext.getConfiguration().getCurrentUserToken(infraContext, theAdmin.getUsername());
|
String theAdminToken = PortalContext.getConfiguration().getCurrentUserToken(infraContext, theAdmin.getUsername());
|
||||||
List<GCubeRole> theAdminRoles = rm.listRolesByUserAndGroup(theAdmin.getUserId(), groupId);
|
List<GCubeRole> theAdminRoles = rm.listRolesByUserAndGroup(theAdmin.getUserId(), groupId);
|
||||||
List<String> rolesString = new ArrayList<String>();
|
List<String> rolesString = new ArrayList<String>();
|
||||||
|
@ -59,10 +67,27 @@ public class WorkspaceCreateAccountThread implements Runnable {
|
||||||
rolesString.add(gCubeRole.getRoleName());
|
rolesString.add(gCubeRole.getRoleName());
|
||||||
}
|
}
|
||||||
authorizationService().setTokenRoles(theAdminToken, rolesString);
|
authorizationService().setTokenRoles(theAdminToken, rolesString);
|
||||||
|
_log.debug("setTokenRoles performed on context: " + infraContext + " with token" + theAdminToken + " ("+rolesString+")");
|
||||||
SecurityTokenProvider.instance.set(theAdminToken);
|
SecurityTokenProvider.instance.set(theAdminToken);
|
||||||
|
OIDCUmaUtil.provideConfiguredPortalClientUMATokenInThreadLocal("/" + PortalContext.getConfiguration().getInfrastructureName());
|
||||||
|
_log.info("\n\n\n*** new authorizationService PortalClient UMA-Token In ThreadLocal done ****\n\n");
|
||||||
StorageHubClient shc = new StorageHubClient();
|
StorageHubClient shc = new StorageHubClient();
|
||||||
|
try {
|
||||||
|
shc.createUserAccount(currentUsername);
|
||||||
|
}
|
||||||
|
catch (UserNotAuthorizedException e) {
|
||||||
|
_log.error("shub.createUserAccount failed for "+username + " trying with super mega admin ...");
|
||||||
|
theAdminToken = PortalContext.getConfiguration().getCurrentUserToken(infraContext, "lucio.lelii");
|
||||||
|
SecurityTokenProvider.instance.set(theAdminToken);
|
||||||
|
shc = new StorageHubClient();
|
||||||
shc.createUserAccount(currentUsername);
|
shc.createUserAccount(currentUsername);
|
||||||
SecurityTokenProvider.instance.set(previousToken);
|
SecurityTokenProvider.instance.set(previousToken);
|
||||||
|
UmaJWTProvider.instance.set(previousUMAToken);
|
||||||
|
_log.info("shub.createUserAccount performed for "+username + " with super mega admin (Hopefully)");
|
||||||
|
}
|
||||||
|
_log.debug("shub.createUserAccount completed for "+username);
|
||||||
|
SecurityTokenProvider.instance.set(previousToken);
|
||||||
|
UmaJWTProvider.instance.set(previousUMAToken);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
catch (Exception e) {
|
catch (Exception e) {
|
||||||
|
|
Loading…
Reference in New Issue