Loading auth/src/main/java/AuthPolicy.java +20 −20 Original line number Diff line number Diff line Loading @@ -53,7 +53,7 @@ public class AuthPolicy access = Access.PUBLIC_AND_AUTHORIZED_PRIVATE; LOGGER.info("User [Groups]: " + userName + " [ " + String.join(" ", userGroups) + " ]" ); LOGGER.finer("User [Groups]: " + userName + " [ " + String.join(" ", userGroups) + " ]" ); } Loading @@ -67,7 +67,7 @@ public class AuthPolicy userName = null; userGroups = null; userGroupsValid = false; LOGGER.info("Non authenticated request (UserPrincipal null in HttpServletRequest)"); LOGGER.finer("Non authenticated request (UserPrincipal null in HttpServletRequest)"); } else { Loading @@ -81,12 +81,12 @@ public class AuthPolicy access = Access.PUBLIC_AND_AUTHORIZED_PRIVATE; LOGGER.info("User [Groups]: " + userName + " [ " + String.join(" ", userGroups) + " ]" ); LOGGER.finer("User [Groups]: " + userName + " [ " + String.join(" ", userGroups) + " ]" ); } else { userName = principal.getName(); LOGGER.info("DBG principal not instance of VlkbUser, but has user-name: " + userName); LOGGER.finer("DBG principal not instance of VlkbUser, but has user-name: " + userName); userGroups = new String[]{""};//{"VLKB.groupA", "AllPrivate"}; // was for shiro userGroupsValid = true; access = Access.PUBLIC_AND_AUTHORIZED_PRIVATE; Loading Loading @@ -163,13 +163,13 @@ public class AuthPolicy this.dbUserName = dbUserName; this.dbPassword = dbPassword; LOGGER.info("with String[] trace"); LOGGER.finer("with String[] trace"); return filterAuthorized(new ArrayList<String>(Arrays.asList(pubdidArr)), dbConnUrl); } private String[] filterAuthorized(ArrayList<String> pubdidList, String dbConnUrl) { //LOGGER.info("with List <String> trace"); //LOGGER.fine("with List <String> trace"); switch(access) { case PUBLIC_ONLY : Loading @@ -189,25 +189,25 @@ public class AuthPolicy private void filterNotPublic(ArrayList<String> pubdids, String dbConnUrl) { LOGGER.info("trace"); LOGGER.fine("trace"); assert pubdids != null; //LOGGER.info("PublisherDID list original : " + String.join(" ", pubdids)); //LOGGER.finer("PublisherDID list original : " + String.join(" ", pubdids)); List<AuthPolicyDb.PubdidGroups> privateUniqPubdids = db_queryPrivateUniqPubdidGroups(dbConnUrl, pubdids); List<String> notAuthorizedUniqPubdids = pubdidsNotPublic(privateUniqPubdids, userGroups); LOGGER.info("AuthZ removes: " + String.join(" ", notAuthorizedUniqPubdids)); LOGGER.finest("AuthZ removes: " + String.join(" ", notAuthorizedUniqPubdids)); removeNotAuthorized(pubdids, notAuthorizedUniqPubdids); //LOGGER.info("PublisherDID list filtered : " + (pubdids.isEmpty() ? "" : String.join(" ", pubdids))); //LOGGER.finest("PublisherDID list filtered : " + (pubdids.isEmpty() ? "" : String.join(" ", pubdids))); } private List<String> pubdidsNotPublic(List<AuthPolicyDb.PubdidGroups> pubdidList, String[] userGroups) { LOGGER.info("trace"); //LOGGER.info("userGroups: " + String.join(" ",userGroups)); LOGGER.fine("trace"); //LOGGER.finer("userGroups: " + String.join(" ",userGroups)); List<String> pubdidsNotAuthorizedList = new LinkedList<String>(); ListIterator<AuthPolicyDb.PubdidGroups> it = pubdidList.listIterator(); Loading @@ -216,7 +216,7 @@ public class AuthPolicy { AuthPolicyDb.PubdidGroups pubdidGroups = it.next(); //LOGGER.info(pubdidGroups.pubdid + " : " + String.join(" ",pubdidGroups.groups)); //LOGGER.finest(pubdidGroups.pubdid + " : " + String.join(" ",pubdidGroups.groups)); if( true )// isIntersectionEmpty(pubdidGroups.groups, userGroups) ) { Loading @@ -231,18 +231,18 @@ public class AuthPolicy private void filterNotAuthorized(ArrayList<String> pubdids, String dbConnUrl) { LOGGER.info("trace"); LOGGER.fine("trace"); assert pubdids != null; //LOGGER.info("PublisherDID list original : " + String.join(" ", pubdids)); //LOGGER.finer("PublisherDID list original : " + String.join(" ", pubdids)); List<AuthPolicyDb.PubdidGroups> privateUniqPubdids = db_queryPrivateUniqPubdidGroups(dbConnUrl, pubdids); List<String> notAuthorizedUniqPubdids = pubdidsNotAuthorized(privateUniqPubdids, userGroups); LOGGER.info("AuthZ removes: " + String.join(" ", notAuthorizedUniqPubdids)); LOGGER.finest("AuthZ removes: " + String.join(" ", notAuthorizedUniqPubdids)); removeNotAuthorized(pubdids, notAuthorizedUniqPubdids); //LOGGER.info("PublisherDID list filtered : " + (pubdids.isEmpty() ? "" : String.join(" ", pubdids))); //LOGGER.finest("PublisherDID list filtered : " + (pubdids.isEmpty() ? "" : String.join(" ", pubdids))); } Loading Loading @@ -296,8 +296,8 @@ public class AuthPolicy private List<String> pubdidsNotAuthorized(List<AuthPolicyDb.PubdidGroups> pubdidList, String[] userGroups) { LOGGER.info("trace"); //LOGGER.info("userGroups: " + String.join(" ",userGroups)); LOGGER.fine("trace"); //LOGGER.finer("userGroups: " + String.join(" ",userGroups)); List<String> pubdidsNotAuthorizedList = new LinkedList<String>(); ListIterator<AuthPolicyDb.PubdidGroups> it = pubdidList.listIterator(); Loading @@ -306,7 +306,7 @@ public class AuthPolicy { AuthPolicyDb.PubdidGroups pubdidGroups = it.next(); //LOGGER.info(pubdidGroups.pubdid + " : " + String.join(" ",pubdidGroups.groups)); //LOGGER.finest(pubdidGroups.pubdid + " : " + String.join(" ",pubdidGroups.groups)); if( isIntersectionEmpty(pubdidGroups.groups, userGroups) ) { Loading auth/src/main/java/AuthPolicyDb.java +14 −15 Original line number Diff line number Diff line Loading @@ -104,7 +104,7 @@ public class AuthPolicyDb //String TheQuery = "SELECT obs_publisher_did,groups FROM permissions " // + "WHERE (obs_publisher_did IN (\'"+commaSepObscorePubdids+"\'));"; //LOGGER.info(TheQuery); //LOGGER.finest(TheQuery); List<PubdidGroups> pubdidGroups = new LinkedList<PubdidGroups>(); try Loading Loading @@ -134,7 +134,7 @@ public class AuthPolicyDb } catch (ClassNotFoundException e) { LOGGER.info("DB driver "+ DB_DRIVER +" not found: " + e.getMessage()); LOGGER.severe("DB driver "+ DB_DRIVER +" not found: " + e.getMessage()); e.printStackTrace(); } finally Loading @@ -148,21 +148,21 @@ public class AuthPolicyDb private void closeAll() { if(res != null ) try { res.close(); } catch(Exception e) {LOGGER.info("DB ResultSet::close() failed");} if(st != null ) try { st.close(); } catch(Exception e) {LOGGER.info("DB Statement::close() failed");} if(conn != null ) try { conn.close();} catch(Exception e) {LOGGER.info("DB Connection::close() failed");} if(res != null ) try { res.close(); } catch(Exception e) {LOGGER.severe("DB ResultSet::close() failed");} if(st != null ) try { st.close(); } catch(Exception e) {LOGGER.severe("DB Statement::close() failed");} if(conn != null ) try { conn.close();} catch(Exception e) {LOGGER.severe("DB Connection::close() failed");} } private void logSqlExInfo(SQLException se){ /* dbconn.print_class_vars(); */ System.err.println("SQLState : " + se.getSQLState()); System.err.println("ErrorCode: " + se.getErrorCode()); System.err.println("Message : " + se.getMessage()); LOGGER.severe("SQLState : " + se.getSQLState()); LOGGER.severe("ErrorCode: " + se.getErrorCode()); LOGGER.severe("Message : " + se.getMessage()); Throwable t = se.getCause(); while(t != null) { System.err.println("Cause: " + t); LOGGER.severe("Cause: " + t); t = t.getCause(); } } Loading @@ -184,8 +184,7 @@ public class AuthPolicyDb DriverManager.registerDriver(new org.postgresql.Driver()); */ /*LOGGER.info(getClasspathString());*/ LOGGER.info(getRegisteredDriverList()); LOGGER.finest(getRegisteredDriverList()); // FIXME seems DriverManager expects jdbc:postgresql driver scheme, it does not support postgresql:// scheme // additionally: Loading @@ -195,7 +194,7 @@ public class AuthPolicyDb // by extracting userName and password from the URL-string and prepending 'jdbc:' // /* LOGGER.info("DBMS URL: " + dbConnUrl); /* LOGGER.finest("DBMS URL: " + dbConnUrl); URI dbConnUri = new URI(dbConnUrl); String userInfoString = dbConnUri.getUserInfo(); Loading @@ -210,9 +209,9 @@ public class AuthPolicyDb String password = userInfo[1]; String dbConnJdbcUrl = "jdbc:" + dbConnUrl.replace(userInfoString + "@", ""); */ LOGGER.info("DBMS URL: " + dbConnUrl); LOGGER.info("DBMS userName: " + dbUserName); LOGGER.info("DBMS password: " + dbPassword); */ LOGGER.finest("DBMS URL: " + dbConnUrl); LOGGER.finest("DBMS userName: " + dbUserName); LOGGER.finest("DBMS password: " + dbPassword); conn = DriverManager.getConnection(dbConnUrl, dbUserName, dbPassword); Loading auth/src/main/java/IA2TokenConvFilter.java +5 −5 Original line number Diff line number Diff line Loading @@ -21,25 +21,25 @@ import java.security.Principal; public class IA2TokenConvFilter implements Filter { private static final Logger LOGGER = Logger.getLogger("IA2TokenConvFilter"); private static final Logger LOGGER = Logger.getLogger(IA2TokenConvFilter.class.getName()); @Override public void init(FilterConfig fc) throws ServletException { LOGGER.info("trace"); LOGGER.fine("trace"); } @Override public void destroy() { LOGGER.info("trace"); LOGGER.fine("trace"); } @Override public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { LOGGER.info("trace"); LOGGER.fine("trace"); HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) res; Loading @@ -47,7 +47,7 @@ public class IA2TokenConvFilter implements Filter String authHeader = request.getHeader("Authorization"); if (authHeader != null) { LOGGER.info("Authorization header: " + authHeader.substring(0, 7+60) + " ..."); LOGGER.finer("Authorization header: " + authHeader.substring(0, 7+60) + " ..."); if (authHeader.startsWith("Bearer ")) { Loading auth/src/main/java/IamSigningKeyResolver.java +6 −6 Original line number Diff line number Diff line Loading @@ -59,7 +59,7 @@ public class IamSigningKeyResolver extends SigningKeyResolverAdapter @Override public Key resolveSigningKey(JwsHeader jwsHeader, Claims claims) { LOGGER.info( "IamSigningKeyResolver::resolveSigningKey" ); LOGGER.fine( "trace" ); //inspect the header or claims, lookup and return the signing key Loading @@ -83,7 +83,7 @@ public class IamSigningKeyResolver extends SigningKeyResolverAdapter private Key lookupVerificationKey(String keyId) throws Exception, GeneralSecurityException { LOGGER.info( "IamSigningKeyResolver::lookupVerificationKey" ); LOGGER.fine( "trace" ); String jsonKeys = doHttps(); Loading @@ -95,7 +95,7 @@ public class IamSigningKeyResolver extends SigningKeyResolverAdapter private String doHttps() throws Exception { LOGGER.info("doHttps : " + keysURL); LOGGER.fine("trace keysURL : " + keysURL); URL myUrl = new URL(keysURL); HttpsURLConnection conn = (HttpsURLConnection)myUrl.openConnection(); Loading @@ -118,7 +118,7 @@ public class IamSigningKeyResolver extends SigningKeyResolverAdapter private Key getKeyFromKeys(String jsonKeys, String keyId) throws JsonProcessingException, GeneralSecurityException, IOException { LOGGER.info( "IamSigningKeyResolver::getKeyFromKeys"); LOGGER.fine( "trace" ); Key key = null; Loading @@ -131,13 +131,13 @@ public class IamSigningKeyResolver extends SigningKeyResolverAdapter { String nodeContent = mapper.writeValueAsString(node); LOGGER.info("key: " + nodeContent); LOGGER.finest("key: " + nodeContent); Jwk<?> jwk = Jwks.parser().build().parse(nodeContent); String jwkkid = jwk.getId(); LOGGER.info("kid-token : " + keyId + "kid-store : " + jwkkid + " key-type: " + jwk.getType()); LOGGER.finest("kid-token : " + keyId + "kid-store : " + jwkkid + " key-type: " + jwk.getType()); if(keyId.equals(jwkkid)) { Loading auth/src/main/java/IamTokenFilter.java +21 −19 Original line number Diff line number Diff line Loading @@ -35,7 +35,7 @@ import javax.servlet.ServletOutputStream; public class IamTokenFilter implements Filter { private static final Logger LOGGER = Logger.getLogger("IamTokenFilter"); private static final Logger LOGGER = Logger.getLogger(IamTokenFilter.class.getName()); private static final IamTokenSettings settings = IamTokenSettings.getInstance(); final String RESPONSE_ENCODING = "utf-8"; Loading Loading @@ -64,7 +64,7 @@ public class IamTokenFilter implements Filter if(authHeader==null) { final String AUTH_ERR = "Request without Authorization header. Only authenticated requests allowed."; LOGGER.info(AUTH_ERR); LOGGER.warning(AUTH_ERR); sendAuthenticationError((HttpServletResponse)resp, writer, AUTH_ERR); } else Loading @@ -73,7 +73,7 @@ public class IamTokenFilter implements Filter if (authHeader.startsWith("Bearer ") && (authHeader.length() > "Bearer ".length())) { LOGGER.info("Request with Authorization header and has Bearer entry"); LOGGER.warning("Request with Authorization header and has Bearer entry"); String token = authHeader.substring("Bearer ".length()).trim(); doFilterBearer(req, token, resp, chain); Loading @@ -82,7 +82,7 @@ public class IamTokenFilter implements Filter { final String AUTH_ERR = "Authorization header with Bearer-token expected, but it starts with : " + authHeader.substring(0, "Bearer ".length()) + "..."; LOGGER.info(AUTH_ERR); LOGGER.warning(AUTH_ERR); sendUsageError((HttpServletResponse)resp, writer, AUTH_ERR); } } Loading @@ -94,6 +94,8 @@ public class IamTokenFilter implements Filter private void doFilterBearer(ServletRequest req, String token, ServletResponse resp, FilterChain chain) throws IOException, ServletException { LOGGER.fine("trace"); HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse)resp; Loading @@ -112,42 +114,42 @@ public class IamTokenFilter implements Filter String ivoidPath = ivoid.getLocalPart(); String tokenPath = insResp.getPathFromStorageReadScope(); LOGGER.info("Path from IVOID: " + ivoidPath); LOGGER.info("Path from token: " + tokenPath); LOGGER.finest("Path from IVOID: " + ivoidPath); LOGGER.finest("Path from token: " + tokenPath); if(tokenPath.endsWith(ivoidPath)) { LOGGER.info("Access authorized."); LOGGER.finest("Access authorized."); chain.doFilter(request, response); } else { final String AUTH_ERR = "Bearer token does not authorize access to : " + ivoidPath; LOGGER.info(AUTH_ERR); LOGGER.finer(AUTH_ERR); sendAuthorizationError(response, writer, AUTH_ERR); } } else { final String AUTH_ERR = "Bearer-token is inactive."; LOGGER.info(AUTH_ERR); LOGGER.finer(AUTH_ERR); sendAuthorizationError(response, writer, AUTH_ERR); } } catch(IndexOutOfBoundsException ex) { LOGGER.info("IndexOutOfBoundsException: " + ex.getMessage()); LOGGER.warning("IndexOutOfBoundsException: " + ex.getMessage()); sendUsageError(response, writer, ex.getMessage()); } catch(IllegalArgumentException ex) { LOGGER.info("IllegalArgumentException: " + ex.getMessage()); LOGGER.warning("IllegalArgumentException: " + ex.getMessage()); sendUsageError(response, writer, ex.getMessage()); } catch(Exception ex) { LOGGER.info("Exception: " + ex.getMessage()); LOGGER.severe("Exception: " + ex.getMessage()); ex.printStackTrace(); sendError(response, writer, ex.toString()); } Loading Loading @@ -240,9 +242,9 @@ public class IamTokenFilter implements Filter String qString = request.getQueryString(); if(qString == null) LOGGER.info(request.getRequestURL().toString()); LOGGER.finest(request.getRequestURL().toString()); else LOGGER.info(request.getRequestURL() + " " + qString); LOGGER.finest(request.getRequestURL() + " " + qString); String authHeader = request.getHeader("Authorization"); if (authHeader == null) Loading @@ -255,7 +257,7 @@ public class IamTokenFilter implements Filter } else { LOGGER.info("Request without Authorization header, no Principal added"); LOGGER.finest("Request without Authorization header, no Principal added"); response.sendError(HttpServletResponse.SC_BAD_REQUEST, "No Authorization in HTTP-header. Only authorized requests allowed."); } Loading @@ -266,7 +268,7 @@ public class IamTokenFilter implements Filter if (authHeader.startsWith("Bearer ") && (authHeader.length() > "Bearer ".length())) { LOGGER.info("Request with Authorization header and has Bearer entry"); LOGGER.finest("Request with Authorization header and has Bearer entry"); String jws = authHeader.substring("Bearer ".length()); Loading Loading @@ -345,7 +347,7 @@ public class IamTokenFilter implements Filter Claims claims = jws.getBody(); LOGGER.info("scope: " + (String)claims.get("scope")); LOGGER.finest("scope: " + (String)claims.get("scope")); List<String> scopes = parseScopes(claims); Loading @@ -359,11 +361,11 @@ public class IamTokenFilter implements Filter } } LOGGER.info("storage.read: " + storageReadScope); LOGGER.finest("storage.read: " + storageReadScope); String path = storageReadScope.substring(storageReadScope.lastIndexOf(":") + 1); LOGGER.info("path: " + path); LOGGER.finest("path: " + path); // set User/Principal Loading Loading
auth/src/main/java/AuthPolicy.java +20 −20 Original line number Diff line number Diff line Loading @@ -53,7 +53,7 @@ public class AuthPolicy access = Access.PUBLIC_AND_AUTHORIZED_PRIVATE; LOGGER.info("User [Groups]: " + userName + " [ " + String.join(" ", userGroups) + " ]" ); LOGGER.finer("User [Groups]: " + userName + " [ " + String.join(" ", userGroups) + " ]" ); } Loading @@ -67,7 +67,7 @@ public class AuthPolicy userName = null; userGroups = null; userGroupsValid = false; LOGGER.info("Non authenticated request (UserPrincipal null in HttpServletRequest)"); LOGGER.finer("Non authenticated request (UserPrincipal null in HttpServletRequest)"); } else { Loading @@ -81,12 +81,12 @@ public class AuthPolicy access = Access.PUBLIC_AND_AUTHORIZED_PRIVATE; LOGGER.info("User [Groups]: " + userName + " [ " + String.join(" ", userGroups) + " ]" ); LOGGER.finer("User [Groups]: " + userName + " [ " + String.join(" ", userGroups) + " ]" ); } else { userName = principal.getName(); LOGGER.info("DBG principal not instance of VlkbUser, but has user-name: " + userName); LOGGER.finer("DBG principal not instance of VlkbUser, but has user-name: " + userName); userGroups = new String[]{""};//{"VLKB.groupA", "AllPrivate"}; // was for shiro userGroupsValid = true; access = Access.PUBLIC_AND_AUTHORIZED_PRIVATE; Loading Loading @@ -163,13 +163,13 @@ public class AuthPolicy this.dbUserName = dbUserName; this.dbPassword = dbPassword; LOGGER.info("with String[] trace"); LOGGER.finer("with String[] trace"); return filterAuthorized(new ArrayList<String>(Arrays.asList(pubdidArr)), dbConnUrl); } private String[] filterAuthorized(ArrayList<String> pubdidList, String dbConnUrl) { //LOGGER.info("with List <String> trace"); //LOGGER.fine("with List <String> trace"); switch(access) { case PUBLIC_ONLY : Loading @@ -189,25 +189,25 @@ public class AuthPolicy private void filterNotPublic(ArrayList<String> pubdids, String dbConnUrl) { LOGGER.info("trace"); LOGGER.fine("trace"); assert pubdids != null; //LOGGER.info("PublisherDID list original : " + String.join(" ", pubdids)); //LOGGER.finer("PublisherDID list original : " + String.join(" ", pubdids)); List<AuthPolicyDb.PubdidGroups> privateUniqPubdids = db_queryPrivateUniqPubdidGroups(dbConnUrl, pubdids); List<String> notAuthorizedUniqPubdids = pubdidsNotPublic(privateUniqPubdids, userGroups); LOGGER.info("AuthZ removes: " + String.join(" ", notAuthorizedUniqPubdids)); LOGGER.finest("AuthZ removes: " + String.join(" ", notAuthorizedUniqPubdids)); removeNotAuthorized(pubdids, notAuthorizedUniqPubdids); //LOGGER.info("PublisherDID list filtered : " + (pubdids.isEmpty() ? "" : String.join(" ", pubdids))); //LOGGER.finest("PublisherDID list filtered : " + (pubdids.isEmpty() ? "" : String.join(" ", pubdids))); } private List<String> pubdidsNotPublic(List<AuthPolicyDb.PubdidGroups> pubdidList, String[] userGroups) { LOGGER.info("trace"); //LOGGER.info("userGroups: " + String.join(" ",userGroups)); LOGGER.fine("trace"); //LOGGER.finer("userGroups: " + String.join(" ",userGroups)); List<String> pubdidsNotAuthorizedList = new LinkedList<String>(); ListIterator<AuthPolicyDb.PubdidGroups> it = pubdidList.listIterator(); Loading @@ -216,7 +216,7 @@ public class AuthPolicy { AuthPolicyDb.PubdidGroups pubdidGroups = it.next(); //LOGGER.info(pubdidGroups.pubdid + " : " + String.join(" ",pubdidGroups.groups)); //LOGGER.finest(pubdidGroups.pubdid + " : " + String.join(" ",pubdidGroups.groups)); if( true )// isIntersectionEmpty(pubdidGroups.groups, userGroups) ) { Loading @@ -231,18 +231,18 @@ public class AuthPolicy private void filterNotAuthorized(ArrayList<String> pubdids, String dbConnUrl) { LOGGER.info("trace"); LOGGER.fine("trace"); assert pubdids != null; //LOGGER.info("PublisherDID list original : " + String.join(" ", pubdids)); //LOGGER.finer("PublisherDID list original : " + String.join(" ", pubdids)); List<AuthPolicyDb.PubdidGroups> privateUniqPubdids = db_queryPrivateUniqPubdidGroups(dbConnUrl, pubdids); List<String> notAuthorizedUniqPubdids = pubdidsNotAuthorized(privateUniqPubdids, userGroups); LOGGER.info("AuthZ removes: " + String.join(" ", notAuthorizedUniqPubdids)); LOGGER.finest("AuthZ removes: " + String.join(" ", notAuthorizedUniqPubdids)); removeNotAuthorized(pubdids, notAuthorizedUniqPubdids); //LOGGER.info("PublisherDID list filtered : " + (pubdids.isEmpty() ? "" : String.join(" ", pubdids))); //LOGGER.finest("PublisherDID list filtered : " + (pubdids.isEmpty() ? "" : String.join(" ", pubdids))); } Loading Loading @@ -296,8 +296,8 @@ public class AuthPolicy private List<String> pubdidsNotAuthorized(List<AuthPolicyDb.PubdidGroups> pubdidList, String[] userGroups) { LOGGER.info("trace"); //LOGGER.info("userGroups: " + String.join(" ",userGroups)); LOGGER.fine("trace"); //LOGGER.finer("userGroups: " + String.join(" ",userGroups)); List<String> pubdidsNotAuthorizedList = new LinkedList<String>(); ListIterator<AuthPolicyDb.PubdidGroups> it = pubdidList.listIterator(); Loading @@ -306,7 +306,7 @@ public class AuthPolicy { AuthPolicyDb.PubdidGroups pubdidGroups = it.next(); //LOGGER.info(pubdidGroups.pubdid + " : " + String.join(" ",pubdidGroups.groups)); //LOGGER.finest(pubdidGroups.pubdid + " : " + String.join(" ",pubdidGroups.groups)); if( isIntersectionEmpty(pubdidGroups.groups, userGroups) ) { Loading
auth/src/main/java/AuthPolicyDb.java +14 −15 Original line number Diff line number Diff line Loading @@ -104,7 +104,7 @@ public class AuthPolicyDb //String TheQuery = "SELECT obs_publisher_did,groups FROM permissions " // + "WHERE (obs_publisher_did IN (\'"+commaSepObscorePubdids+"\'));"; //LOGGER.info(TheQuery); //LOGGER.finest(TheQuery); List<PubdidGroups> pubdidGroups = new LinkedList<PubdidGroups>(); try Loading Loading @@ -134,7 +134,7 @@ public class AuthPolicyDb } catch (ClassNotFoundException e) { LOGGER.info("DB driver "+ DB_DRIVER +" not found: " + e.getMessage()); LOGGER.severe("DB driver "+ DB_DRIVER +" not found: " + e.getMessage()); e.printStackTrace(); } finally Loading @@ -148,21 +148,21 @@ public class AuthPolicyDb private void closeAll() { if(res != null ) try { res.close(); } catch(Exception e) {LOGGER.info("DB ResultSet::close() failed");} if(st != null ) try { st.close(); } catch(Exception e) {LOGGER.info("DB Statement::close() failed");} if(conn != null ) try { conn.close();} catch(Exception e) {LOGGER.info("DB Connection::close() failed");} if(res != null ) try { res.close(); } catch(Exception e) {LOGGER.severe("DB ResultSet::close() failed");} if(st != null ) try { st.close(); } catch(Exception e) {LOGGER.severe("DB Statement::close() failed");} if(conn != null ) try { conn.close();} catch(Exception e) {LOGGER.severe("DB Connection::close() failed");} } private void logSqlExInfo(SQLException se){ /* dbconn.print_class_vars(); */ System.err.println("SQLState : " + se.getSQLState()); System.err.println("ErrorCode: " + se.getErrorCode()); System.err.println("Message : " + se.getMessage()); LOGGER.severe("SQLState : " + se.getSQLState()); LOGGER.severe("ErrorCode: " + se.getErrorCode()); LOGGER.severe("Message : " + se.getMessage()); Throwable t = se.getCause(); while(t != null) { System.err.println("Cause: " + t); LOGGER.severe("Cause: " + t); t = t.getCause(); } } Loading @@ -184,8 +184,7 @@ public class AuthPolicyDb DriverManager.registerDriver(new org.postgresql.Driver()); */ /*LOGGER.info(getClasspathString());*/ LOGGER.info(getRegisteredDriverList()); LOGGER.finest(getRegisteredDriverList()); // FIXME seems DriverManager expects jdbc:postgresql driver scheme, it does not support postgresql:// scheme // additionally: Loading @@ -195,7 +194,7 @@ public class AuthPolicyDb // by extracting userName and password from the URL-string and prepending 'jdbc:' // /* LOGGER.info("DBMS URL: " + dbConnUrl); /* LOGGER.finest("DBMS URL: " + dbConnUrl); URI dbConnUri = new URI(dbConnUrl); String userInfoString = dbConnUri.getUserInfo(); Loading @@ -210,9 +209,9 @@ public class AuthPolicyDb String password = userInfo[1]; String dbConnJdbcUrl = "jdbc:" + dbConnUrl.replace(userInfoString + "@", ""); */ LOGGER.info("DBMS URL: " + dbConnUrl); LOGGER.info("DBMS userName: " + dbUserName); LOGGER.info("DBMS password: " + dbPassword); */ LOGGER.finest("DBMS URL: " + dbConnUrl); LOGGER.finest("DBMS userName: " + dbUserName); LOGGER.finest("DBMS password: " + dbPassword); conn = DriverManager.getConnection(dbConnUrl, dbUserName, dbPassword); Loading
auth/src/main/java/IA2TokenConvFilter.java +5 −5 Original line number Diff line number Diff line Loading @@ -21,25 +21,25 @@ import java.security.Principal; public class IA2TokenConvFilter implements Filter { private static final Logger LOGGER = Logger.getLogger("IA2TokenConvFilter"); private static final Logger LOGGER = Logger.getLogger(IA2TokenConvFilter.class.getName()); @Override public void init(FilterConfig fc) throws ServletException { LOGGER.info("trace"); LOGGER.fine("trace"); } @Override public void destroy() { LOGGER.info("trace"); LOGGER.fine("trace"); } @Override public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { LOGGER.info("trace"); LOGGER.fine("trace"); HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) res; Loading @@ -47,7 +47,7 @@ public class IA2TokenConvFilter implements Filter String authHeader = request.getHeader("Authorization"); if (authHeader != null) { LOGGER.info("Authorization header: " + authHeader.substring(0, 7+60) + " ..."); LOGGER.finer("Authorization header: " + authHeader.substring(0, 7+60) + " ..."); if (authHeader.startsWith("Bearer ")) { Loading
auth/src/main/java/IamSigningKeyResolver.java +6 −6 Original line number Diff line number Diff line Loading @@ -59,7 +59,7 @@ public class IamSigningKeyResolver extends SigningKeyResolverAdapter @Override public Key resolveSigningKey(JwsHeader jwsHeader, Claims claims) { LOGGER.info( "IamSigningKeyResolver::resolveSigningKey" ); LOGGER.fine( "trace" ); //inspect the header or claims, lookup and return the signing key Loading @@ -83,7 +83,7 @@ public class IamSigningKeyResolver extends SigningKeyResolverAdapter private Key lookupVerificationKey(String keyId) throws Exception, GeneralSecurityException { LOGGER.info( "IamSigningKeyResolver::lookupVerificationKey" ); LOGGER.fine( "trace" ); String jsonKeys = doHttps(); Loading @@ -95,7 +95,7 @@ public class IamSigningKeyResolver extends SigningKeyResolverAdapter private String doHttps() throws Exception { LOGGER.info("doHttps : " + keysURL); LOGGER.fine("trace keysURL : " + keysURL); URL myUrl = new URL(keysURL); HttpsURLConnection conn = (HttpsURLConnection)myUrl.openConnection(); Loading @@ -118,7 +118,7 @@ public class IamSigningKeyResolver extends SigningKeyResolverAdapter private Key getKeyFromKeys(String jsonKeys, String keyId) throws JsonProcessingException, GeneralSecurityException, IOException { LOGGER.info( "IamSigningKeyResolver::getKeyFromKeys"); LOGGER.fine( "trace" ); Key key = null; Loading @@ -131,13 +131,13 @@ public class IamSigningKeyResolver extends SigningKeyResolverAdapter { String nodeContent = mapper.writeValueAsString(node); LOGGER.info("key: " + nodeContent); LOGGER.finest("key: " + nodeContent); Jwk<?> jwk = Jwks.parser().build().parse(nodeContent); String jwkkid = jwk.getId(); LOGGER.info("kid-token : " + keyId + "kid-store : " + jwkkid + " key-type: " + jwk.getType()); LOGGER.finest("kid-token : " + keyId + "kid-store : " + jwkkid + " key-type: " + jwk.getType()); if(keyId.equals(jwkkid)) { Loading
auth/src/main/java/IamTokenFilter.java +21 −19 Original line number Diff line number Diff line Loading @@ -35,7 +35,7 @@ import javax.servlet.ServletOutputStream; public class IamTokenFilter implements Filter { private static final Logger LOGGER = Logger.getLogger("IamTokenFilter"); private static final Logger LOGGER = Logger.getLogger(IamTokenFilter.class.getName()); private static final IamTokenSettings settings = IamTokenSettings.getInstance(); final String RESPONSE_ENCODING = "utf-8"; Loading Loading @@ -64,7 +64,7 @@ public class IamTokenFilter implements Filter if(authHeader==null) { final String AUTH_ERR = "Request without Authorization header. Only authenticated requests allowed."; LOGGER.info(AUTH_ERR); LOGGER.warning(AUTH_ERR); sendAuthenticationError((HttpServletResponse)resp, writer, AUTH_ERR); } else Loading @@ -73,7 +73,7 @@ public class IamTokenFilter implements Filter if (authHeader.startsWith("Bearer ") && (authHeader.length() > "Bearer ".length())) { LOGGER.info("Request with Authorization header and has Bearer entry"); LOGGER.warning("Request with Authorization header and has Bearer entry"); String token = authHeader.substring("Bearer ".length()).trim(); doFilterBearer(req, token, resp, chain); Loading @@ -82,7 +82,7 @@ public class IamTokenFilter implements Filter { final String AUTH_ERR = "Authorization header with Bearer-token expected, but it starts with : " + authHeader.substring(0, "Bearer ".length()) + "..."; LOGGER.info(AUTH_ERR); LOGGER.warning(AUTH_ERR); sendUsageError((HttpServletResponse)resp, writer, AUTH_ERR); } } Loading @@ -94,6 +94,8 @@ public class IamTokenFilter implements Filter private void doFilterBearer(ServletRequest req, String token, ServletResponse resp, FilterChain chain) throws IOException, ServletException { LOGGER.fine("trace"); HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse)resp; Loading @@ -112,42 +114,42 @@ public class IamTokenFilter implements Filter String ivoidPath = ivoid.getLocalPart(); String tokenPath = insResp.getPathFromStorageReadScope(); LOGGER.info("Path from IVOID: " + ivoidPath); LOGGER.info("Path from token: " + tokenPath); LOGGER.finest("Path from IVOID: " + ivoidPath); LOGGER.finest("Path from token: " + tokenPath); if(tokenPath.endsWith(ivoidPath)) { LOGGER.info("Access authorized."); LOGGER.finest("Access authorized."); chain.doFilter(request, response); } else { final String AUTH_ERR = "Bearer token does not authorize access to : " + ivoidPath; LOGGER.info(AUTH_ERR); LOGGER.finer(AUTH_ERR); sendAuthorizationError(response, writer, AUTH_ERR); } } else { final String AUTH_ERR = "Bearer-token is inactive."; LOGGER.info(AUTH_ERR); LOGGER.finer(AUTH_ERR); sendAuthorizationError(response, writer, AUTH_ERR); } } catch(IndexOutOfBoundsException ex) { LOGGER.info("IndexOutOfBoundsException: " + ex.getMessage()); LOGGER.warning("IndexOutOfBoundsException: " + ex.getMessage()); sendUsageError(response, writer, ex.getMessage()); } catch(IllegalArgumentException ex) { LOGGER.info("IllegalArgumentException: " + ex.getMessage()); LOGGER.warning("IllegalArgumentException: " + ex.getMessage()); sendUsageError(response, writer, ex.getMessage()); } catch(Exception ex) { LOGGER.info("Exception: " + ex.getMessage()); LOGGER.severe("Exception: " + ex.getMessage()); ex.printStackTrace(); sendError(response, writer, ex.toString()); } Loading Loading @@ -240,9 +242,9 @@ public class IamTokenFilter implements Filter String qString = request.getQueryString(); if(qString == null) LOGGER.info(request.getRequestURL().toString()); LOGGER.finest(request.getRequestURL().toString()); else LOGGER.info(request.getRequestURL() + " " + qString); LOGGER.finest(request.getRequestURL() + " " + qString); String authHeader = request.getHeader("Authorization"); if (authHeader == null) Loading @@ -255,7 +257,7 @@ public class IamTokenFilter implements Filter } else { LOGGER.info("Request without Authorization header, no Principal added"); LOGGER.finest("Request without Authorization header, no Principal added"); response.sendError(HttpServletResponse.SC_BAD_REQUEST, "No Authorization in HTTP-header. Only authorized requests allowed."); } Loading @@ -266,7 +268,7 @@ public class IamTokenFilter implements Filter if (authHeader.startsWith("Bearer ") && (authHeader.length() > "Bearer ".length())) { LOGGER.info("Request with Authorization header and has Bearer entry"); LOGGER.finest("Request with Authorization header and has Bearer entry"); String jws = authHeader.substring("Bearer ".length()); Loading Loading @@ -345,7 +347,7 @@ public class IamTokenFilter implements Filter Claims claims = jws.getBody(); LOGGER.info("scope: " + (String)claims.get("scope")); LOGGER.finest("scope: " + (String)claims.get("scope")); List<String> scopes = parseScopes(claims); Loading @@ -359,11 +361,11 @@ public class IamTokenFilter implements Filter } } LOGGER.info("storage.read: " + storageReadScope); LOGGER.finest("storage.read: " + storageReadScope); String path = storageReadScope.substring(storageReadScope.lastIndexOf(":") + 1); LOGGER.info("path: " + path); LOGGER.finest("path: " + path); // set User/Principal Loading
