74 lines
2.5 KiB
Java
74 lines
2.5 KiB
Java
package org.gcube.usecases.ws.thredds.engine.impl.security;
|
|
|
|
import org.gcube.common.authorization.client.exceptions.ObjectNotFound;
|
|
import org.gcube.common.authorization.library.provider.AuthorizationProvider;
|
|
import org.gcube.common.authorization.library.provider.ClientInfo;
|
|
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
|
|
import org.gcube.common.authorization.library.provider.UmaJWTProvider;
|
|
import org.gcube.common.scope.api.ScopeProvider;
|
|
import org.gcube.usecases.ws.thredds.model.SynchFolderConfiguration;
|
|
|
|
import lombok.extern.slf4j.Slf4j;
|
|
|
|
@Slf4j
|
|
public class Security {
|
|
|
|
|
|
|
|
public static User getCurrent() throws SecurityException {
|
|
String context=ScopeProvider.instance.get();
|
|
if(context==null) throw new SecurityException("Cannot determine context");
|
|
|
|
log.debug("Context is {}, checking tokens..",context);
|
|
|
|
ClientInfo client = null;
|
|
try{
|
|
AuthorizationProvider.instance.get().getClient();
|
|
}catch(Exception e) {
|
|
log.warn("Unable to get client info ",e);
|
|
}
|
|
User toReturn = new User(client,UmaJWTProvider.instance.get(),SecurityTokenProvider.instance.get(),context);
|
|
|
|
log.info("Current User is {} ",toReturn);
|
|
return toReturn;
|
|
}
|
|
|
|
|
|
public static void set(User toSet) {
|
|
log.debug("Setting User {} ",toSet);
|
|
if(toSet.getUma_token()!=null)UmaJWTProvider.instance.set(toSet.getUma_token());
|
|
if(toSet.getGcube_token()!=null)UmaJWTProvider.instance.set(toSet.getUma_token());
|
|
if(ScopeProvider.instance.get()==null)ScopeProvider.instance.set(toSet.getContext());
|
|
}
|
|
|
|
public static void checkOperator(SynchFolderConfiguration config) throws SecurityException{
|
|
User current=getCurrent();
|
|
log.debug("Checking if current user {} can synch {} ",getCurrent(), config);
|
|
|
|
// check same vre
|
|
String expectedContext=config.getTargetContext();
|
|
String currentContext=current.getContext();
|
|
|
|
if(!expectedContext.equals(currentContext))
|
|
throw new SecurityException("Illegal access to folder [root : "+config.getRootFolderId()+", expected context : "+expectedContext+"] from context "+currentContext);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
public static String getContextFromgcubeToken(String token) throws ObjectNotFound, Exception {
|
|
log.debug("Checking context of gcube-token {}...",token.substring(0,6));
|
|
User caller=getCurrent();
|
|
try {
|
|
SecurityTokenProvider.instance.reset();
|
|
UmaJWTProvider.instance.reset();
|
|
SecurityTokenProvider.instance.set(token);
|
|
return ScopeProvider.instance.get();
|
|
}finally {
|
|
log.debug("Resetting user "+caller);
|
|
set(caller);
|
|
}
|
|
}
|
|
}
|