diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1186ded..8060787 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,15 @@ All notable changes to this project will be documented in this file.
This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## [v1.5.0-SNAPSHOT] - 2021-07-20
+
+#### Enhancements
+
+[#21346] Moved to AccessTokenProvider for UMA tokens "context switches"
+[#21576] Adding filtering for gateway to get scopes with THREDDS role for users
+Moved to maven-portal-bom 3.6.3
+Just to include new version of ws-thredds
+
## [v1.4.1-SNAPSHOT] - 2021-07-20
Moved to maven-portal-bom 3.6.3
diff --git a/pom.xml b/pom.xml
index 586020d..02a6fac 100644
--- a/pom.xml
+++ b/pom.xml
@@ -12,7 +12,7 @@
org.gcube.portlets.widgets
ws-thredds-sync-widget
jar
- 1.4.1-SNAPSHOT
+ 1.5.0-SNAPSHOT
ws-thredds-sync-widget
gCube ws-thredds-sync-widget is a widget to use and interact with ws-thredds facility in order to syncronize the Workspace folders with Thredds Reporitory folders
diff --git a/src/main/java/org/gcube/portlets/widgets/wsthreddssync/server/SyncronizeWithThredds.java b/src/main/java/org/gcube/portlets/widgets/wsthreddssync/server/SyncronizeWithThredds.java
index 590f738..4339943 100644
--- a/src/main/java/org/gcube/portlets/widgets/wsthreddssync/server/SyncronizeWithThredds.java
+++ b/src/main/java/org/gcube/portlets/widgets/wsthreddssync/server/SyncronizeWithThredds.java
@@ -8,11 +8,12 @@ import java.util.Map;
import javax.servlet.http.HttpServletRequest;
+import org.gcube.common.authorization.library.provider.AccessTokenProvider;
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
-import org.gcube.common.authorization.library.provider.UmaJWTProvider;
import org.gcube.common.portal.PortalContext;
import org.gcube.common.scope.api.ScopeProvider;
import org.gcube.oidc.rest.JWTToken;
+import org.gcube.portal.oidc.lr62.JWTTokenUtil;
import org.gcube.portal.oidc.lr62.OIDCUmaUtil;
import org.gcube.portal.wssynclibrary.shared.ItemNotSynched;
import org.gcube.portal.wssynclibrary.shared.WorkspaceFolderLocked;
@@ -28,12 +29,11 @@ import org.gcube.vomanagement.usermanagement.model.GCubeUser;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-
/**
* The Class SyncronizeWithThredds.
*
* @author Francesco Mangiacrapa francesco.mangiacrapa@isti.cnr.it Feb 7, 2018
- * updated May, 2021
+ * updated May, 2021
*/
public class SyncronizeWithThredds {
@@ -84,40 +84,31 @@ public class SyncronizeWithThredds {
logger.debug("Setting UMA context with target scope: " + targetScope + ", user: " + user.getUsername());
String previousUMAToken = null;
try {
- previousUMAToken = UmaJWTProvider.instance.get();
+ previousUMAToken = AccessTokenProvider.instance.get();
JWTToken umaToken = OIDCUmaUtil.getUMAToken(httpRequest, user.getUsername(), targetScope);
- setContextForUMA(umaToken.getRaw());
+
+ if (umaToken == null) {
+ logger.info("Uma Token is null or empty, skipping operation and returning null");
+ return null;
+ }
+
+ String subAccessToken = umaToken.getAccessTokenString().substring(0, 10);
+ logger.info("Going to set UMA Token: " + subAccessToken + "-MASKED-TOKEN");
+ // UmaJWTProvider.instance.set(umaToken);
+ AccessTokenProvider.instance.set(JWTTokenUtil.getAccessTokenString(umaToken));
+ logger.debug("UmaJWTProvider instance set performed to : " + subAccessToken + "-MASKED-TOKEN");
+
} catch (Exception e) {
logger.warn("Error on set context for UMA: ", e);
if (previousUMAToken != null) {
logger.info("Setting previous UMA Token: " + previousUMAToken.substring(0, 10) + "-MASKED-TOKEN");
- setContextForUMA(previousUMAToken);
+ AccessTokenProvider.instance.set(previousUMAToken);
}
}
return previousUMAToken;
}
- /**
- * Reset context for UMA.
- *
- * @param umaToken the uma token
- * @return the string
- */
- private void setContextForUMA(String umaToken) {
- logger.info("called set context for UMA");
-
- if (umaToken == null || umaToken.isEmpty()) {
- logger.info("Uma Token is null or empty, skipping operation");
- return;
- }
-
- logger.info("Going to set UMA Token: " + umaToken.substring(0, 10) + "-MASKED-TOKEN");
- UmaJWTProvider.instance.set(umaToken);
- logger.debug("UmaJWTProvider instance set performed to : " + umaToken.substring(0, 10) + "-MASKED-TOKEN");
-
- }
-
/**
* Checks if is item synched.
*
@@ -140,19 +131,19 @@ public class SyncronizeWithThredds {
/**
* Gets the configuration.
*
- * @param folderId the folder id
- * @param loadStatus the load status. If true it loads the status by calling the
- * {@link SyncEngine#check(String, boolean)} but it is time
- * consuming. Otherwise it calls the
- * {@link SyncEngine#getConfig(String)} without sync status
+ * @param folderId the folder id
+ * @param loadStatus the load status. If true it loads the status by calling
+ * the {@link SyncEngine#check(String, boolean)} but it is
+ * time consuming. Otherwise it calls the
+ * {@link SyncEngine#getConfig(String)} without sync status
* @param httpRequest the http request
- * @param user the user
+ * @param user the user
* @return the configuration
* @throws ItemNotSynched the item not synched
* @throws Exception the exception
*/
- public ThSyncFolderDescriptor getConfiguration(String folderId, boolean loadStatus, HttpServletRequest httpRequest, GCubeUser user)
- throws ItemNotSynched, Exception {
+ public ThSyncFolderDescriptor getConfiguration(String folderId, boolean loadStatus, HttpServletRequest httpRequest,
+ GCubeUser user) throws ItemNotSynched, Exception {
ThSyncFolderDescriptor config = null;
String wsScope = PortalContext.getConfiguration().getCurrentScope(httpRequest);
@@ -162,11 +153,11 @@ public class SyncronizeWithThredds {
String previousUmaToken = null;
String targetScope = null;
try {
-
+
setContextParameters(wsScope, wsUserToken);
if (loadStatus) {
-
+
config = workspaceThreddsSynchronizeLib.getConfiguration(folderId);
// context switch for UMA token
targetScope = config.getConfiguration().getTargetContext();
@@ -174,10 +165,10 @@ public class SyncronizeWithThredds {
// context switch for gcube-token and scope
// getting token into target scope
- String targetScopeUserToken = PortalContext.getConfiguration().getCurrentUserToken(targetScope,
+ String targetScopeUserToken = PortalContext.getConfiguration().getCurrentUserToken(targetScope,
user.getUsername());
setContextParameters(targetScope, targetScopeUserToken);
-
+
config = workspaceThreddsSynchronizeLib.checkItemSynched(folderId);
} else {
config = workspaceThreddsSynchronizeLib.getConfiguration(folderId);
@@ -187,18 +178,19 @@ public class SyncronizeWithThredds {
logger.debug("WorkspaceNotSynchedException catched. The item with id: " + folderId + " is not synched");
} catch (WorkspaceFolderLocked e1) {
logger.info("The folder with id: " + folderId + " is locked");
- throw new Exception("The folder with id: "+folderId +" is currently locked. Another sync process is in progress");
+ throw new Exception(
+ "The folder with id: " + folderId + " is currently locked. Another sync process is in progress");
} catch (Exception e) {
logger.error("Error on reading the configuration for id: " + folderId, e);
throw e;
} finally {
- if(previousUmaToken!=null) {
+ if (previousUmaToken != null) {
// resetting UMA token in the WS scope
- setContextForUMA(previousUmaToken);
+ AccessTokenProvider.instance.set(previousUmaToken);
}
- if (originalScope != null && targetScope!=null && originalScope.compareTo(targetScope) != 0) {
+ if (originalScope != null && targetScope != null && originalScope.compareTo(targetScope) != 0) {
logger.info("Resetting the scope: " + originalScope + " which was original WS context");
ScopeProvider.instance.set(originalScope);
if (originalToken != null) {
@@ -250,8 +242,10 @@ public class SyncronizeWithThredds {
} finally {
- // resetting UMA token in the WS scope
- setContextForUMA(previousUmaToken);
+ if (previousUmaToken != null) {
+ // resetting UMA token in the WS scope
+ AccessTokenProvider.instance.set(previousUmaToken);
+ }
if (originalScope != null && originalScope.compareTo(targetScope) != 0) {
logger.info("Resetting the scope: " + originalScope + " which was original WS context");
@@ -332,13 +326,15 @@ public class SyncronizeWithThredds {
return workspaceThreddsSynchronizeLib.doSync(folderId);
} catch (Exception e) {
- logger.error("Error on doSyncFolder for folderId: "+folderId, e);
+ logger.error("Error on doSyncFolder for folderId: " + folderId, e);
throw e;
} finally {
- // resetting UMA token in the WS scope
- setContextForUMA(previousUmaToken);
+ if (previousUmaToken != null) {
+ // resetting UMA token in the WS scope
+ AccessTokenProvider.instance.set(previousUmaToken);
+ }
if (originalScope != null && originalScope.compareTo(targetScope) != 0) {
logger.info("Resetting the scope: " + originalScope + " which was original WS context");
@@ -408,8 +404,10 @@ public class SyncronizeWithThredds {
} finally {
- // resetting UMA token in the WS scope
- setContextForUMA(previousUmaToken);
+ if (previousUmaToken != null) {
+ // resetting UMA token in the WS scope
+ AccessTokenProvider.instance.set(previousUmaToken);
+ }
if (originalScope != null && originalScope.compareTo(targetScope) != 0) {
logger.info("Resetting the scope: " + originalScope + " which was original WS context");
diff --git a/src/main/java/org/gcube/portlets/widgets/wsthreddssync/server/ThreddsWorkspaceSyncServiceImpl.java b/src/main/java/org/gcube/portlets/widgets/wsthreddssync/server/ThreddsWorkspaceSyncServiceImpl.java
index 7e3bfb7..f04bcc5 100644
--- a/src/main/java/org/gcube/portlets/widgets/wsthreddssync/server/ThreddsWorkspaceSyncServiceImpl.java
+++ b/src/main/java/org/gcube/portlets/widgets/wsthreddssync/server/ThreddsWorkspaceSyncServiceImpl.java
@@ -37,7 +37,6 @@ import org.slf4j.LoggerFactory;
import com.google.gwt.user.server.rpc.RemoteServiceServlet;
import com.liferay.portal.service.UserLocalServiceUtil;
-
// TODO: Auto-generated Javadoc
/**
* The server side implementation of the RPC service.
@@ -133,23 +132,24 @@ public class ThreddsWorkspaceSyncServiceImpl extends RemoteServiceServlet implem
GCubeUser user = PortalContext.getConfiguration().getCurrentUser(this.getThreadLocalRequest());
return getConfiguration(folderId, loadStatus, this.getThreadLocalRequest(), user);
}
-
/**
* Gets the configuration.
*
- * @param folderId the folder id
- * @param loadStatus the load status
+ * @param folderId the folder id
+ * @param loadStatus the load status
* @param httpRequest the http request
- * @param user the user
+ * @param user the user
* @return the configuration
* @throws Exception the exception
*/
- public WsThreddsSynchFolderDescriptor getConfiguration(String folderId, boolean loadStatus, HttpServletRequest httpRequest, GCubeUser user) throws Exception {
+ public WsThreddsSynchFolderDescriptor getConfiguration(String folderId, boolean loadStatus,
+ HttpServletRequest httpRequest, GCubeUser user) throws Exception {
logger.debug("called internal getConfiguration for folderId: " + folderId);
try {
- ThSyncFolderDescriptor theConfig = getSyncService().getConfiguration(folderId, loadStatus, httpRequest, user);
+ ThSyncFolderDescriptor theConfig = getSyncService().getConfiguration(folderId, loadStatus, httpRequest,
+ user);
if (theConfig != null) {
logger.info("Folder id: " + folderId + " is synched");
@@ -197,10 +197,11 @@ public class ThreddsWorkspaceSyncServiceImpl extends RemoteServiceServlet implem
config = BeanConverter.toThSynchFolderConfiguration(clientConfig, folderId,
clientConfig.getSelectedScope().getScopeName());
logger.debug("Creating server config " + config);
- }else {
+ } else {
logger.info("The config sent from client is null, Loading it from ws-thredds");
- ThSyncFolderDescriptor descr = getSyncService().getConfiguration(folderId, false, this.getThreadLocalRequest(), user);
- logger.info("From ws-thredds loaded the config: "+config);
+ ThSyncFolderDescriptor descr = getSyncService().getConfiguration(folderId, false,
+ this.getThreadLocalRequest(), user);
+ logger.info("From ws-thredds loaded the config: " + config);
config = descr.getConfiguration();
}
@@ -210,7 +211,10 @@ public class ThreddsWorkspaceSyncServiceImpl extends RemoteServiceServlet implem
return status;
} catch (Exception e) {
logger.error("Do sync Folder error: ", e);
- throw new Exception("Sorry, an error occurred during synchonization phase. The server encountered the error: "+e.getMessage(), e);
+ throw new Exception(
+ "Sorry, an error occurred during synchonization phase. The server encountered the error: "
+ + e.getMessage(),
+ e);
}
}
@@ -228,7 +232,8 @@ public class ThreddsWorkspaceSyncServiceImpl extends RemoteServiceServlet implem
try {
GCubeUser user = PortalContext.getConfiguration().getCurrentUser(this.getThreadLocalRequest());
- ThSyncFolderDescriptor foldeDesr = getSyncService().getConfiguration(folderId, false, this.getThreadLocalRequest(), user);
+ ThSyncFolderDescriptor foldeDesr = getSyncService().getConfiguration(folderId, false,
+ this.getThreadLocalRequest(), user);
return getSyncService().doUnSync(folderId, true, foldeDesr.getConfiguration(), this.getThreadLocalRequest(),
user);
} catch (Exception e) {
@@ -249,7 +254,6 @@ public class ThreddsWorkspaceSyncServiceImpl extends RemoteServiceServlet implem
public Map getScopesWithThreddsRolesForLoggedUser() throws Exception {
logger.info("called getScopesWithThreddsRolesForLoggedUser");
- GCubeUser user = null;
Map mapScopesRoles = null;
// DEV MODE
@@ -260,11 +264,13 @@ public class ThreddsWorkspaceSyncServiceImpl extends RemoteServiceServlet implem
// mapScopesRoles.put( "/gcube/devNext/NextNext", GatewayRolesThredds.THREDDS_PUBLISHER);
return mapScopesRoles;
}
-
+
+ GCubeUser user = null;
try {
user = PortalContext.getConfiguration().getCurrentUser(this.getThreadLocalRequest());
- mapScopesRoles = WsUtil.getScopesWithThreddsRolesForUser(user);
+ String gatewayHostname = GenericUtils.getGatewayClientHostname(this.getThreadLocalRequest());
+ mapScopesRoles = WsUtil.getScopesWithThreddsRolesForUser(user, gatewayHostname);
logger.info("returning Map(scopes,roles): " + mapScopesRoles);
return mapScopesRoles;
diff --git a/src/main/java/org/gcube/portlets/widgets/wsthreddssync/server/WsUtil.java b/src/main/java/org/gcube/portlets/widgets/wsthreddssync/server/WsUtil.java
index 51ec50d..ec6c436 100644
--- a/src/main/java/org/gcube/portlets/widgets/wsthreddssync/server/WsUtil.java
+++ b/src/main/java/org/gcube/portlets/widgets/wsthreddssync/server/WsUtil.java
@@ -7,6 +7,7 @@ import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import java.util.Set;
import javax.servlet.http.HttpServletRequest;
@@ -17,6 +18,7 @@ import org.gcube.vomanagement.usermanagement.RoleManager;
import org.gcube.vomanagement.usermanagement.exception.GroupRetrievalFault;
import org.gcube.vomanagement.usermanagement.exception.UserManagementSystemException;
import org.gcube.vomanagement.usermanagement.exception.UserRetrievalFault;
+import org.gcube.vomanagement.usermanagement.exception.VirtualGroupNotExistingException;
import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager;
import org.gcube.vomanagement.usermanagement.impl.LiferayRoleManager;
import org.gcube.vomanagement.usermanagement.model.GCubeGroup;
@@ -70,17 +72,27 @@ public class WsUtil {
* roles that user has in them.
*
* @param user the user
+ * @param gatewayHostname the gateway hostname
* @return the VREs and Thredds roles for a given user
*/
- public static Map getScopesWithThreddsRolesForUser(GCubeUser user) {
- logger.info("called getScopesThreddsRolesForUser user: " + user + ", in all contexts");
+ public static Map getScopesWithThreddsRolesForUser(GCubeUser user, String gatewayHostname) {
+ logger.info("called getScopesThreddsRolesForUser user: " + user + ", in the gateway Contexts/VREs");
GroupManager groupManager = new LiferayGroupManager();
Map mapRoleByGroupSingleVre = new HashMap();
try {
+
+ long userId = user.getUserId();
+ // list of Scopes filtered for gateway
+ Set filteredGroupsForGatw = groupManager.listGroupsByUserAndSite(userId, gatewayHostname);
+ List listOfGroups = new ArrayList(filteredGroupsForGatw);
+ logger.info("list of VREs for user "+user.getUsername()+" in the gateway " + gatewayHostname + " are: " + listOfGroups.size());
+ if(logger.isDebugEnabled()) {
+ for (GCubeGroup gCubeGroup : listOfGroups) {
+ logger.info("the user "+user.getUsername()+" is registered in the VRE "+gCubeGroup.getGroupName());
+ }
+ }
- // Retrieving the list of VOs and VREs
- List listOfGroups = groupManager.listGroupsByUser(user.getUserId());
// adding also the ROOT-VO
listOfGroups.add(groupManager.getRootVO());
for (GCubeGroup gCubeGroup : listOfGroups) {
@@ -96,6 +108,9 @@ public class WsUtil {
} catch (UserManagementSystemException | UserRetrievalFault | GroupRetrievalFault e) {
logger.error("An error occurred during geThreddsVreRolesForUser: " + user, e);
return null;
+ } catch (VirtualGroupNotExistingException e) {
+ logger.error("An error occurred during geThreddsVreRolesForUser: " + user, e);
+ return null;
}
}