Now the workspace creation is done with the UMA Token

This commit is contained in:
Massimiliano Assante 2021-02-03 18:19:53 +01:00
parent 44db458e1a
commit f634c525ef
3 changed files with 34 additions and 1 deletions

View File

@ -0,0 +1,7 @@
<root>
<facet id="jst.jaxrs">
<node name="libprov">
<attribute name="provider-id" value="jaxrs-no-op-library-provider"/>
</node>
</facet>
</root>

View File

@ -5,4 +5,5 @@
<installed facet="liferay.hook" version="6.0"/>
<installed facet="wst.jsdt.web" version="1.0"/>
<installed facet="java" version="1.8"/>
<installed facet="jst.jaxrs" version="2.0"/>
</faceted-project>

View File

@ -3,10 +3,14 @@ import java.util.ArrayList;
import java.util.List;
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
import org.gcube.common.authorization.library.provider.UmaJWTProvider;
import static org.gcube.common.authorization.client.Constants.authorizationService;
import org.gcube.common.portal.PortalContext;
import org.gcube.common.scope.api.ScopeProvider;
import org.gcube.common.storagehub.client.dsl.StorageHubClient;
import org.gcube.common.storagehub.model.exceptions.UserNotAuthorizedException;
import org.gcube.portal.oidc.lr62.OIDCUmaUtil;
import org.gcube.vomanagement.usermanagement.RoleManager;
import org.gcube.vomanagement.usermanagement.UserManager;
import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager;
@ -30,7 +34,9 @@ public class WorkspaceCreateAccountThread implements Runnable {
@Override
public void run() {
getWS(newUserUserName, "/"+PortalContext.getConfiguration().getInfrastructureName());
}
public static void getWS(String currentUsername, String context) {
String username = currentUsername;
@ -38,6 +44,7 @@ public class WorkspaceCreateAccountThread implements Runnable {
SecurityTokenProvider.instance.set(authorizationToken);
ScopeProvider.instance.set(context);
String previousToken = authorizationToken;
String previousUMAToken = UmaJWTProvider.instance.get();
try {
//get the super user
String infraContext = "/"+PortalContext.getConfiguration().getInfrastructureName();
@ -52,6 +59,7 @@ public class WorkspaceCreateAccountThread implements Runnable {
}
else {
GCubeUser theAdmin = users.get(0);
_log.debug("Using admin user: " + theAdmin.getUsername() + " to trigger ws creation for new user: " + username);
String theAdminToken = PortalContext.getConfiguration().getCurrentUserToken(infraContext, theAdmin.getUsername());
List<GCubeRole> theAdminRoles = rm.listRolesByUserAndGroup(theAdmin.getUserId(), groupId);
List<String> rolesString = new ArrayList<String>();
@ -59,10 +67,27 @@ public class WorkspaceCreateAccountThread implements Runnable {
rolesString.add(gCubeRole.getRoleName());
}
authorizationService().setTokenRoles(theAdminToken, rolesString);
_log.debug("setTokenRoles performed on context: " + infraContext + " with token" + theAdminToken + " ("+rolesString+")");
SecurityTokenProvider.instance.set(theAdminToken);
OIDCUmaUtil.provideConfiguredPortalClientUMATokenInThreadLocal("/" + PortalContext.getConfiguration().getInfrastructureName());
_log.info("\n\n\n*** new authorizationService PortalClient UMA-Token In ThreadLocal done ****\n\n");
StorageHubClient shc = new StorageHubClient();
shc.createUserAccount(currentUsername);
try {
shc.createUserAccount(currentUsername);
}
catch (UserNotAuthorizedException e) {
_log.error("shub.createUserAccount failed for "+username + " trying with super mega admin ...");
theAdminToken = PortalContext.getConfiguration().getCurrentUserToken(infraContext, "lucio.lelii");
SecurityTokenProvider.instance.set(theAdminToken);
shc = new StorageHubClient();
shc.createUserAccount(currentUsername);
SecurityTokenProvider.instance.set(previousToken);
UmaJWTProvider.instance.set(previousUMAToken);
_log.info("shub.createUserAccount performed for "+username + " with super mega admin (Hopefully)");
}
_log.debug("shub.createUserAccount completed for "+username);
SecurityTokenProvider.instance.set(previousToken);
UmaJWTProvider.instance.set(previousUMAToken);
}
}
catch (Exception e) {