Now the workspace creation is done with the UMA Token

2021-02-03 18:19:53 +01:00 · 2021-02-03 18:19:53 +01:00 · f634c525ef
parent 44db458e1a
commit f634c525ef
3 changed files with 34 additions and 1 deletions
--- a/.settings/org.eclipse.wst.common.project.facet.core.prefs.xml
+++ b/.settings/org.eclipse.wst.common.project.facet.core.prefs.xml
@ -0,0 +1,7 @@
+<root>
+  <facet id="jst.jaxrs">
+    <node name="libprov">
+      <attribute name="provider-id" value="jaxrs-no-op-library-provider"/>
+    </node>
+  </facet>
+</root>
--- a/.settings/org.eclipse.wst.common.project.facet.core.xml
+++ b/.settings/org.eclipse.wst.common.project.facet.core.xml
@ -5,4 +5,5 @@
  <installed facet="liferay.hook" version="6.0"/>
  <installed facet="wst.jsdt.web" version="1.0"/>
  <installed facet="java" version="1.8"/>
+  <installed facet="jst.jaxrs" version="2.0"/>
 </faceted-project>
--- a/src/main/java/org/gcube/portal/usersaccount/WorkspaceCreateAccountThread.java
+++ b/src/main/java/org/gcube/portal/usersaccount/WorkspaceCreateAccountThread.java
@ -3,10 +3,14 @@ import java.util.ArrayList;
 import java.util.List;

 import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
+import org.gcube.common.authorization.library.provider.UmaJWTProvider;
+
 import static org.gcube.common.authorization.client.Constants.authorizationService;
 import org.gcube.common.portal.PortalContext;
 import org.gcube.common.scope.api.ScopeProvider;
 import org.gcube.common.storagehub.client.dsl.StorageHubClient;
+import org.gcube.common.storagehub.model.exceptions.UserNotAuthorizedException;
+import org.gcube.portal.oidc.lr62.OIDCUmaUtil;
 import org.gcube.vomanagement.usermanagement.RoleManager;
 import org.gcube.vomanagement.usermanagement.UserManager;
 import org.gcube.vomanagement.usermanagement.impl.LiferayGroupManager;
@ -30,7 +34,9 @@ public class WorkspaceCreateAccountThread implements Runnable {

 	@Override
 	public void run() {
+
 		getWS(newUserUserName, "/"+PortalContext.getConfiguration().getInfrastructureName());
+
 	}
 	public static void getWS(String currentUsername, String context) {
 		String username = currentUsername;
@ -38,6 +44,7 @@ public class WorkspaceCreateAccountThread implements Runnable {
 		SecurityTokenProvider.instance.set(authorizationToken);
 		ScopeProvider.instance.set(context);
 		String previousToken = authorizationToken;
+		String previousUMAToken = UmaJWTProvider.instance.get();
 		try {					
 			//get the super user
 			String infraContext = "/"+PortalContext.getConfiguration().getInfrastructureName();
@ -52,6 +59,7 @@ public class WorkspaceCreateAccountThread implements Runnable {
 			}
 			else {
 				GCubeUser theAdmin = users.get(0);
+				_log.debug("Using admin user: " + theAdmin.getUsername() + " to trigger ws creation for new user: " + username);
 				String theAdminToken = PortalContext.getConfiguration().getCurrentUserToken(infraContext, theAdmin.getUsername());
 				List<GCubeRole> theAdminRoles = rm.listRolesByUserAndGroup(theAdmin.getUserId(), groupId);			
 				List<String> rolesString = new ArrayList<String>();
@ -59,10 +67,27 @@ public class WorkspaceCreateAccountThread implements Runnable {
 					rolesString.add(gCubeRole.getRoleName());
 				}
 				authorizationService().setTokenRoles(theAdminToken, rolesString);
+				_log.debug("setTokenRoles performed on context: " + infraContext + " with token" + theAdminToken + " ("+rolesString+")");
 				SecurityTokenProvider.instance.set(theAdminToken);
+				OIDCUmaUtil.provideConfiguredPortalClientUMATokenInThreadLocal("/" + PortalContext.getConfiguration().getInfrastructureName());
+				_log.info("\n\n\n*** new authorizationService PortalClient UMA-Token In ThreadLocal done  ****\n\n");
 				StorageHubClient shc = new StorageHubClient();
-				shc.createUserAccount(currentUsername);
+				try {
+					shc.createUserAccount(currentUsername);
+				}
+				catch (UserNotAuthorizedException e) {
+					_log.error("shub.createUserAccount failed for "+username + " trying with super mega admin ...");
+					theAdminToken = PortalContext.getConfiguration().getCurrentUserToken(infraContext, "lucio.lelii");
+					SecurityTokenProvider.instance.set(theAdminToken);
+					 shc = new StorageHubClient();
+					 shc.createUserAccount(currentUsername);
+					SecurityTokenProvider.instance.set(previousToken);
+					UmaJWTProvider.instance.set(previousUMAToken);
+					_log.info("shub.createUserAccount performed for "+username + " with super mega admin (Hopefully)");
+				}
+				_log.debug("shub.createUserAccount completed for "+username);
 				SecurityTokenProvider.instance.set(previousToken);
+				UmaJWTProvider.instance.set(previousUMAToken);
 			}
 		}
 		catch (Exception e) {