Compare commits
13 Commits
feature/20
...
master
Author | SHA1 | Date |
---|---|---|
Alfredo Oliviero | 9bfa40bc1d | |
Massimiliano Assante | d9c73f679b | |
Massimiliano Assante | 669a8e248a | |
Massimiliano Assante | 40633c6ed9 | |
Massimiliano Assante | e82dfa44d1 | |
Massimiliano Assante | c964fea2b4 | |
Massimiliano Assante | 12a11644aa | |
Massimiliano Assante | bf740de4f6 | |
Massimiliano Assante | f634c525ef | |
Massimiliano Assante | 44db458e1a | |
Massimiliano Assante | 61fff62b8a | |
Massimiliano Assante | f54736ad08 | |
Massimiliano Assante | 37d75491ae |
|
@ -0,0 +1,7 @@
|
|||
<root>
|
||||
<facet id="jst.jaxrs">
|
||||
<node name="libprov">
|
||||
<attribute name="provider-id" value="jaxrs-no-op-library-provider"/>
|
||||
</node>
|
||||
</facet>
|
||||
</root>
|
|
@ -5,4 +5,5 @@
|
|||
<installed facet="liferay.hook" version="6.0"/>
|
||||
<installed facet="wst.jsdt.web" version="1.0"/>
|
||||
<installed facet="java" version="1.8"/>
|
||||
<installed facet="jst.jaxrs" version="2.0"/>
|
||||
</faceted-project>
|
||||
|
|
20
CHANGELOG.md
20
CHANGELOG.md
|
@ -4,13 +4,29 @@
|
|||
All notable changes to this project will be documented in this file.
|
||||
This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
||||
|
||||
## [v2.0.2-SNAPSHOT] - 2020-11-13
|
||||
## [v2.1.0-SNAPSHOT] - 2024-09-20
|
||||
|
||||
maven-parent 1.2.0
|
||||
maven-portal-bom 4.0.0-SNAPSHOT
|
||||
Feature #27999 - [StorageHub] downstream components to upgrade in order to work with storagehub 1.5.0
|
||||
|
||||
## [v2.0.4] - 2021-05-25
|
||||
|
||||
- Feature #21506: Updated to support new UMATokensProvider class
|
||||
|
||||
## [v2.0.3] - 2021-04-12
|
||||
|
||||
Just removed obsolete Home library deps from pom which were forgotten there in 6.8.0 release
|
||||
|
||||
## [v2.0.2] - 2020-11-13
|
||||
|
||||
Feature #20108, remove user deletion from ldap upon remove account (offloaded to keycloak)
|
||||
|
||||
## [v2.0.0] - 2017-11-29
|
||||
|
||||
Ported to git
|
||||
Feature #10483: Provide user workspace drop API
|
||||
|
||||
Feature #10484: Remove user from LDAP upon D4Science user account
|
||||
|
||||
## [v1.1.0] - 2016-07-30
|
||||
|
||||
|
|
|
@ -0,0 +1,26 @@
|
|||
# Acknowledgments
|
||||
|
||||
The projects leading to this software have received funding from a series of European Union programmes including:
|
||||
|
||||
- the Sixth Framework Programme for Research and Technological Development
|
||||
- [DILIGENT](https://cordis.europa.eu/project/id/004260) (grant no. 004260).
|
||||
- the Seventh Framework Programme for research, technological development and demonstration
|
||||
- [D4Science](https://cordis.europa.eu/project/id/212488) (grant no. 212488);
|
||||
- [D4Science-II](https://cordis.europa.eu/project/id/239019) (grant no.239019);
|
||||
- [ENVRI](https://cordis.europa.eu/project/id/283465) (grant no. 283465);
|
||||
- [iMarine](https://cordis.europa.eu/project/id/283644) (grant no. 283644);
|
||||
- [EUBrazilOpenBio](https://cordis.europa.eu/project/id/288754) (grant no. 288754).
|
||||
- the H2020 research and innovation programme
|
||||
- [SoBigData](https://cordis.europa.eu/project/id/654024) (grant no. 654024);
|
||||
- [PARTHENOS](https://cordis.europa.eu/project/id/654119) (grant no. 654119);
|
||||
- [EGI-Engage](https://cordis.europa.eu/project/id/654142) (grant no. 654142);
|
||||
- [ENVRI PLUS](https://cordis.europa.eu/project/id/654182) (grant no. 654182);
|
||||
- [BlueBRIDGE](https://cordis.europa.eu/project/id/675680) (grant no. 675680);
|
||||
- [PerformFISH](https://cordis.europa.eu/project/id/727610) (grant no. 727610);
|
||||
- [AGINFRA PLUS](https://cordis.europa.eu/project/id/731001) (grant no. 731001);
|
||||
- [DESIRA](https://cordis.europa.eu/project/id/818194) (grant no. 818194);
|
||||
- [ARIADNEplus](https://cordis.europa.eu/project/id/823914) (grant no. 823914);
|
||||
- [RISIS 2](https://cordis.europa.eu/project/id/824091) (grant no. 824091);
|
||||
- [EOSC-Pillar](https://cordis.europa.eu/project/id/857650) (grant no. 857650);
|
||||
- [Blue Cloud](https://cordis.europa.eu/project/id/862409) (grant no. 862409);
|
||||
- [SoBigData-PlusPlus](https://cordis.europa.eu/project/id/871042) (grant no. 871042);
|
22
pom.xml
22
pom.xml
|
@ -6,14 +6,14 @@
|
|||
<parent>
|
||||
<artifactId>maven-parent</artifactId>
|
||||
<groupId>org.gcube.tools</groupId>
|
||||
<version>1.1.0</version>
|
||||
<version>1.2.0</version>
|
||||
<relativePath />
|
||||
</parent>
|
||||
<groupId>org.gcube.portal.liferay</groupId>
|
||||
<artifactId>user-registration-hook</artifactId>
|
||||
<packaging>war</packaging>
|
||||
<name>user-registration-hook Hook</name>
|
||||
<version>2.0.2-SNAPSHOT</version>
|
||||
<version>2.1.0-SNAPSHOT</version>
|
||||
<scm>
|
||||
<connection>scm:git:https://code-repo.d4science.org/gCubeSystem/${project.artifactId}.git</connection>
|
||||
<developerConnection>scm:git:https://code-repo.d4science.org/gCubeSystem/${project.artifactId}.git</developerConnection>
|
||||
|
@ -32,7 +32,7 @@
|
|||
<dependency>
|
||||
<groupId>org.gcube.distribution</groupId>
|
||||
<artifactId>maven-portal-bom</artifactId>
|
||||
<version>3.6.0</version>
|
||||
<version>4.0.0-SNAPSHOT</version>
|
||||
<type>pom</type>
|
||||
<scope>import</scope>
|
||||
</dependency>
|
||||
|
@ -40,21 +40,6 @@
|
|||
</dependencyManagement>
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.gcube.common</groupId>
|
||||
<artifactId>home-library</artifactId>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.gcube.common</groupId>
|
||||
<artifactId>home-library-jcr</artifactId>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.gcube.common</groupId>
|
||||
<artifactId>home-library-model</artifactId>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.gcube.core</groupId>
|
||||
<artifactId>common-encryption</artifactId>
|
||||
|
@ -82,7 +67,6 @@
|
|||
<dependency>
|
||||
<groupId>org.gcube.portal</groupId>
|
||||
<artifactId>oidc-library-portal</artifactId>
|
||||
<version>[1.0.0-SNAPSHOT, 2.0.0-SNAPSHOT)</version>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
|
|
|
@ -1,38 +1,102 @@
|
|||
package org.gcube.portal.usersaccount;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
import org.gcube.common.authorization.library.provider.AccessTokenProvider;
|
||||
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
|
||||
|
||||
import static org.gcube.common.authorization.client.Constants.authorizationService;
|
||||
import org.gcube.common.portal.PortalContext;
|
||||
import org.gcube.common.scope.api.ScopeProvider;
|
||||
import org.gcube.common.storagehub.client.dsl.StorageHubClient;
|
||||
import org.gcube.common.storagehub.model.exceptions.UserNotAuthorizedException;
|
||||
import org.gcube.portal.oidc.lr62.OIDCUmaUtil;
|
||||
import org.gcube.vomanagement.usermanagement.RoleManager;
|
||||
import org.gcube.vomanagement.usermanagement.UserManager;
|
||||
import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager;
|
||||
import org.gcube.vomanagement.usermanagement.impl.LiferayRoleManager;
|
||||
import org.gcube.vomanagement.usermanagement.impl.LiferayUserManager;
|
||||
import org.gcube.vomanagement.usermanagement.model.GCubeRole;
|
||||
import org.gcube.vomanagement.usermanagement.model.GCubeUser;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
public class WorkspaceCreateAccountThread implements Runnable {
|
||||
|
||||
private static Logger _log = LoggerFactory.getLogger(WorkspaceCreateAccountThread.class);
|
||||
|
||||
public static final String AUTORISED_INFRA_ROLE = "Infrastructure-Manager";
|
||||
private String newUserUserName;
|
||||
|
||||
public WorkspaceCreateAccountThread(String newUserUserName, String newUserFullName, String newUserEmailAddress) {
|
||||
super();
|
||||
this.newUserUserName = newUserUserName;
|
||||
_log.info("Calling SHUB for Workspace creation to new user: " + newUserUserName + " (" + newUserFullName + ")");
|
||||
_log.info("Calling StorageHub for Workspace creation to new user: " + newUserUserName + " ("+newUserFullName+")");
|
||||
}
|
||||
|
||||
@Override
|
||||
public void run() {
|
||||
String context = "/" + PortalContext.getConfiguration().getInfrastructureName();
|
||||
String authorizationToken = PortalContext.getConfiguration().getCurrentUserToken(context, newUserUserName);
|
||||
|
||||
getWS(newUserUserName, "/"+PortalContext.getConfiguration().getInfrastructureName());
|
||||
|
||||
}
|
||||
public static void getWS(String currentUsername, String context) {
|
||||
String username = currentUsername;
|
||||
String authorizationToken = PortalContext.getConfiguration().getCurrentUserToken(context, username);
|
||||
SecurityTokenProvider.instance.set(authorizationToken);
|
||||
ScopeProvider.instance.set(context);
|
||||
OIDCUmaUtil.provideConfiguredPortalClientUMATokenInThreadLocal(context);
|
||||
String previousToken = authorizationToken;
|
||||
String previousUMAToken = AccessTokenProvider.instance.get();
|
||||
try {
|
||||
//get the super user
|
||||
String infraContext = "/"+PortalContext.getConfiguration().getInfrastructureName();
|
||||
long groupId = new LiferayGroupManager().getGroupIdFromInfrastructureScope(infraContext);
|
||||
RoleManager rm = new LiferayRoleManager();
|
||||
UserManager uMan = new LiferayUserManager();
|
||||
long roleId = rm.getRoleId(AUTORISED_INFRA_ROLE, groupId);
|
||||
List<GCubeUser> users = uMan.listUsersByGroupAndRole(groupId, roleId);
|
||||
if (users.isEmpty()) {
|
||||
_log.error("Cannot create this user account on storageHub there is no user having role {} on context {}", AUTORISED_INFRA_ROLE , infraContext);
|
||||
return;
|
||||
}
|
||||
else {
|
||||
GCubeUser theAdmin = users.get(0);
|
||||
_log.debug("Using admin user: " + theAdmin.getUsername() + " to trigger ws creation for new user: " + username);
|
||||
String theAdminToken = PortalContext.getConfiguration().getCurrentUserToken(infraContext, theAdmin.getUsername());
|
||||
List<GCubeRole> theAdminRoles = rm.listRolesByUserAndGroup(theAdmin.getUserId(), groupId);
|
||||
List<String> rolesString = new ArrayList<String>();
|
||||
for (GCubeRole gCubeRole : theAdminRoles) {
|
||||
rolesString.add(gCubeRole.getRoleName());
|
||||
}
|
||||
authorizationService().setTokenRoles(theAdminToken, rolesString);
|
||||
_log.debug("setTokenRoles performed on context: " + infraContext + " with token" + theAdminToken + " ("+rolesString+")");
|
||||
SecurityTokenProvider.instance.set(theAdminToken);
|
||||
OIDCUmaUtil.provideConfiguredPortalClientUMATokenInThreadLocal("/" + PortalContext.getConfiguration().getInfrastructureName());
|
||||
_log.info("\n\n\n*** new authorizationService PortalClient UMA-Token In ThreadLocal done ****\n\n");
|
||||
StorageHubClient shc = new StorageHubClient();
|
||||
shc.createUserAccount(newUserUserName);
|
||||
_log.info("Done Workspace creation for user: " + newUserUserName);
|
||||
} catch (Exception e) {
|
||||
_log.error("Creating new account on the storage HUB", e);
|
||||
try {
|
||||
shc.createUserAccount(currentUsername);
|
||||
_log.info("\n*** shub.createUserAccount done for " + currentUsername);
|
||||
}
|
||||
catch (UserNotAuthorizedException e) {
|
||||
_log.error("shub.createUserAccount failed for "+username + " trying with super mega admin ...");
|
||||
theAdminToken = PortalContext.getConfiguration().getCurrentUserToken(infraContext, "lucio.lelii");
|
||||
SecurityTokenProvider.instance.set(theAdminToken);
|
||||
shc = new StorageHubClient();
|
||||
shc.createUserAccount(currentUsername);
|
||||
SecurityTokenProvider.instance.set(previousToken);
|
||||
AccessTokenProvider.instance.set(previousUMAToken);
|
||||
_log.info("shub.createUserAccount performed for "+username + " with super mega admin (Hopefully)");
|
||||
}
|
||||
_log.debug("shub.createUserAccount completed for "+username);
|
||||
SecurityTokenProvider.instance.set(previousToken);
|
||||
AccessTokenProvider.instance.set(previousUMAToken);
|
||||
}
|
||||
}
|
||||
catch (Exception e) {
|
||||
e.printStackTrace();
|
||||
SecurityTokenProvider.instance.set(previousToken);
|
||||
return;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue