Commit 937dd8f4 authored by Sonia Zorba's avatar Sonia Zorba
Browse files

Refactoring: RAP token passed as parameter

parent 55432f71
package it.inaf.ia2.gms;
import it.inaf.ia2.aa.AuthConfig;
import it.inaf.ia2.aa.ServiceLocator;
import it.inaf.ia2.rap.client.RapClient;
import it.inaf.ia2.aa.UserManager;
import it.inaf.ia2.gms.authn.ServletRapClient;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.Bean;
......@@ -18,7 +20,17 @@ public class GmsApplication {
}
@Bean
public RapClient rapClient() {
return ServiceLocator.getInstance().getRapClient();
public AuthConfig authConfig() {
return ServiceLocator.getInstance().getConfig();
}
@Bean
public UserManager userManager() {
return ServiceLocator.getInstance().getUserManager();
}
@Bean
public ServletRapClient servletRapClient() {
return (ServletRapClient) ServiceLocator.getInstance().getRapClient();
}
}
package it.inaf.ia2.gms.authn;
import it.inaf.ia2.aa.UserManager;
import it.inaf.ia2.aa.data.User;
import it.inaf.ia2.gms.persistence.LoggingDAO;
import it.inaf.ia2.rap.client.RapClient;
import java.io.IOException;
import java.security.Principal;
import java.util.Map;
......@@ -19,11 +19,11 @@ import javax.servlet.http.HttpSession;
public class JWTFilter implements Filter {
private final LoggingDAO loggingDAO;
private final RapClient rapClient;
private final UserManager userManager;
public JWTFilter(LoggingDAO loggingDAO, RapClient rapClient) {
public JWTFilter(LoggingDAO loggingDAO, UserManager userManager) {
this.loggingDAO = loggingDAO;
this.rapClient = rapClient;
this.userManager = userManager;
}
@Override
......@@ -40,7 +40,6 @@ public class JWTFilter implements Filter {
HttpSession session = request.getSession(false);
User user = (User) session.getAttribute("user_data");
if (user != null) {
rapClient.setAccessToken(user.getAccessToken());
ServletRequestWithSessionPrincipal wrappedRequest = new ServletRequestWithSessionPrincipal(request, user);
fc.doFilter(wrappedRequest, res);
return;
......@@ -53,8 +52,7 @@ public class JWTFilter implements Filter {
String token = authHeader.replace("Bearer", "").trim();
rapClient.setAccessToken(token);
Map<String, Object> claims = rapClient.parseIdTokenClaims(token);
Map<String, Object> claims = userManager.parseIdTokenClaims(token);
if (claims.get("sub") == null) {
loggingDAO.logAction("Attempt to access WS with invalid token", request);
......@@ -62,7 +60,7 @@ public class JWTFilter implements Filter {
return;
}
ServletRequestWithJWTPrincipal wrappedRequest = new ServletRequestWithJWTPrincipal(request, claims);
ServletRequestWithJWTPrincipal wrappedRequest = new ServletRequestWithJWTPrincipal(request, token, claims);
loggingDAO.logAction("WS access from " + wrappedRequest.getUserPrincipal().getName(), request);
fc.doFilter(wrappedRequest, res);
......@@ -87,9 +85,9 @@ public class JWTFilter implements Filter {
private final RapPrincipal principal;
public ServletRequestWithJWTPrincipal(HttpServletRequest request, Map<String, Object> jwtClaims) {
public ServletRequestWithJWTPrincipal(HttpServletRequest request, String token, Map<String, Object> jwtClaims) {
super(request);
this.principal = new RapPrincipal(jwtClaims);
this.principal = new RapPrincipal(token, jwtClaims);
}
@Override
......
package it.inaf.ia2.gms.authn;
import it.inaf.ia2.rap.client.BoundedRapClient;
import javax.servlet.http.HttpServletRequest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.context.annotation.RequestScope;
@Component
@RequestScope
public class RapClient extends BoundedRapClient<HttpServletRequest> {
@Autowired
public RapClient(ServletRapClient servletRapClient, HttpServletRequest request) {
super(servletRapClient, request);
}
}
......@@ -5,10 +5,12 @@ import java.util.Map;
public class RapPrincipal implements Principal {
private final String token;
private final String sub;
private final String altSub;
public RapPrincipal(Map<String, Object> jwtClaims) {
public RapPrincipal(String token, Map<String, Object> jwtClaims) {
this.token = token;
sub = (String) jwtClaims.get("sub");
altSub = (String) jwtClaims.get("alt_sub");
}
......@@ -24,4 +26,8 @@ public class RapPrincipal implements Principal {
public String getAlternativeName() {
return altSub;
}
public String getToken() {
return token;
}
}
package it.inaf.ia2.gms.authn;
import it.inaf.ia2.aa.UserManager;
import it.inaf.ia2.gms.persistence.LoggingDAO;
import it.inaf.ia2.rap.client.RapClient;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
......@@ -48,9 +48,9 @@ public class SecurityConfig {
* Checks JWT for web services.
*/
@Bean
public FilterRegistrationBean serviceJWTFilter(LoggingDAO loggingDAO, RapClient rapClient) {
public FilterRegistrationBean serviceJWTFilter(LoggingDAO loggingDAO, UserManager userManager) {
FilterRegistrationBean bean = new FilterRegistrationBean();
bean.setFilter(new JWTFilter(loggingDAO, rapClient));
bean.setFilter(new JWTFilter(loggingDAO, userManager));
bean.addUrlPatterns("/*");
bean.setOrder(Ordered.HIGHEST_PRECEDENCE);
return bean;
......
package it.inaf.ia2.gms.authn;
import it.inaf.ia2.aa.data.User;
import it.inaf.ia2.rap.client.RapClient;
import java.security.Principal;
import javax.servlet.http.HttpServletRequest;
public class ServletRapClient extends RapClient<HttpServletRequest> {
public ServletRapClient(String baseUrl) {
super(baseUrl);
}
@Override
protected String getAccessToken(HttpServletRequest request) {
Principal principal = request.getUserPrincipal();
if (principal != null) {
if (principal instanceof User) {
return ((User) principal).getAccessToken();
}
if (principal instanceof RapPrincipal) {
return ((RapPrincipal) principal).getToken();
}
}
return null;
}
}
package it.inaf.ia2.gms.authn;
import it.inaf.ia2.aa.data.User;
import it.inaf.ia2.rap.client.RapClient;
import javax.annotation.PostConstruct;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
......@@ -20,9 +19,6 @@ public class SessionData {
@Autowired
private HttpServletRequest request;
@Autowired
private RapClient rapClient;
@PostConstruct
public void init() {
HttpSession session = request.getSession(false);
......@@ -33,7 +29,6 @@ public class SessionData {
public void setUser(User user) {
this.user = user;
rapClient.setAccessToken(user.getAccessToken());
}
public String getUserId() {
......
package it.inaf.ia2.gms.controller;
import it.inaf.ia2.rap.client.RapClient;
import it.inaf.ia2.gms.authn.RapClient;
import it.inaf.ia2.rap.data.RapUser;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
......
......@@ -7,13 +7,14 @@ import it.inaf.ia2.gms.persistence.MembershipsDAO;
import it.inaf.ia2.gms.persistence.model.GroupEntity;
import it.inaf.ia2.gms.persistence.model.MembershipEntity;
import it.inaf.ia2.gms.service.GroupsService;
import it.inaf.ia2.rap.client.RapClient;
import it.inaf.ia2.gms.authn.RapClient;
import it.inaf.ia2.rap.data.RapUser;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
......@@ -72,8 +73,9 @@ public class GroupStatusManager extends UserAwareComponent {
}
Map<String, String> usersMap = new HashMap<>();
for (RapUser user : rapClient.getUsers(memberships.stream()
.map(u -> u.getUserId()).collect(Collectors.toSet()))) {
Set<String> ids = memberships.stream().map(u -> u.getUserId()).collect(Collectors.toSet());
List<RapUser> usersList = rapClient.getUsers(ids);
for (RapUser user : usersList) {
usersMap.put(user.getId(), user.getPrimaryEmailAddress());
}
......
package it.inaf.ia2.gms.manager;
import it.inaf.ia2.gms.authn.SessionData;
import it.inaf.ia2.gms.exception.BadRequestException;
import it.inaf.ia2.gms.exception.NotFoundException;
import it.inaf.ia2.gms.exception.UnauthorizedException;
......@@ -14,7 +13,7 @@ import it.inaf.ia2.gms.persistence.model.GroupEntity;
import it.inaf.ia2.gms.persistence.model.InvitedRegistration;
import it.inaf.ia2.gms.persistence.model.MembershipEntity;
import it.inaf.ia2.gms.service.PermissionsService;
import it.inaf.ia2.rap.client.RapClient;
import it.inaf.ia2.gms.authn.RapClient;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
......
......@@ -9,7 +9,7 @@ import it.inaf.ia2.gms.persistence.model.GroupEntity;
import it.inaf.ia2.gms.persistence.model.MembershipEntity;
import it.inaf.ia2.gms.persistence.model.PermissionEntity;
import it.inaf.ia2.gms.service.PermissionUtils;
import it.inaf.ia2.rap.client.RapClient;
import it.inaf.ia2.gms.authn.RapClient;
import it.inaf.ia2.rap.data.RapUser;
import java.util.HashSet;
import java.util.List;
......
......@@ -8,7 +8,7 @@ import it.inaf.ia2.gms.persistence.model.GroupEntity;
import it.inaf.ia2.gms.persistence.model.PermissionEntity;
import it.inaf.ia2.gms.service.PermissionUtils;
import it.inaf.ia2.gms.service.PermissionsService;
import it.inaf.ia2.rap.client.RapClient;
import it.inaf.ia2.gms.authn.RapClient;
import it.inaf.ia2.rap.data.RapUser;
import java.util.ArrayList;
import java.util.List;
......@@ -44,13 +44,15 @@ public class PermissionsManager extends UserAwareComponent {
.map(p -> p.getUserId())
.collect(Collectors.toSet());
Map<String, RapUser> users = rapClient.getUsers(userIdentifiers).stream()
List<RapUser> users = rapClient.getUsers(userIdentifiers);
Map<String, RapUser> usersMap = users.stream()
.collect(Collectors.toMap(RapUser::getId, Function.identity()));
List<RapUserPermission> result = new ArrayList<>();
for (PermissionEntity p : permissions) {
RapUser rapUser = users.get(p.getUserId());
RapUser rapUser = usersMap.get(p.getUserId());
if (rapUser != null) {
RapUserPermission permission = new RapUserPermission();
permission.setPermission(p.getPermission());
......
......@@ -13,7 +13,7 @@ import it.inaf.ia2.gms.persistence.MembershipsDAO;
import it.inaf.ia2.gms.persistence.PermissionsDAO;
import it.inaf.ia2.gms.persistence.model.GroupEntity;
import it.inaf.ia2.gms.persistence.model.PermissionEntity;
import it.inaf.ia2.rap.client.RapClient;
import it.inaf.ia2.gms.authn.RapClient;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
......
......@@ -3,3 +3,4 @@ client_secret=gms-secret
rap_uri=http://localhost/rap-ia2
store_state_on_login_endpoint=true
scope=openid email profile read:rap
rap_client_class=it.inaf.ia2.gms.authn.ServletRapClient
\ No newline at end of file
package it.inaf.ia2.gms.authn;
import it.inaf.ia2.aa.data.User;
import it.inaf.ia2.rap.client.RapClient;
import it.inaf.ia2.gms.authn.RapClient;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import static org.junit.Assert.assertTrue;
......@@ -19,7 +19,7 @@ public class SessionDataTest {
@Mock
private HttpServletRequest request;
@Mock
private RapClient rapClient;
......@@ -32,12 +32,12 @@ public class SessionDataTest {
HttpSession session = mock(HttpSession.class);
when(request.getSession(eq(false))).thenReturn(session);
User user = new User()
.setUserId("123")
.setUserLabel("Name Surname")
.setAccessToken("<access_token>")
.setRefreshToken("<refresh_token>")
.setExpiresIn(3600);
User user = new User();
user.setUserId("123");
user.setUserLabel("Name Surname");
user.setAccessToken("<access_token>");
user.setRefreshToken("<refresh_token>");
user.setExpiresIn(3600);
when(session.getAttribute(eq("user_data"))).thenReturn(user);
......
......@@ -9,7 +9,7 @@ import it.inaf.ia2.gms.persistence.MembershipsDAO;
import it.inaf.ia2.gms.persistence.model.GroupEntity;
import it.inaf.ia2.gms.persistence.model.InvitedRegistration;
import it.inaf.ia2.gms.service.PermissionsService;
import it.inaf.ia2.rap.client.RapClient;
import it.inaf.ia2.gms.authn.RapClient;
import it.inaf.ia2.rap.data.Identity;
import it.inaf.ia2.rap.data.IdentityType;
import it.inaf.ia2.rap.data.RapUser;
......
......@@ -9,7 +9,7 @@ import it.inaf.ia2.gms.persistence.PermissionsDAO;
import it.inaf.ia2.gms.persistence.model.GroupEntity;
import it.inaf.ia2.gms.persistence.model.PermissionEntity;
import it.inaf.ia2.gms.service.PermissionsService;
import it.inaf.ia2.rap.client.RapClient;
import it.inaf.ia2.gms.authn.RapClient;
import it.inaf.ia2.rap.data.RapUser;
import java.util.Collections;
import java.util.List;
......
......@@ -13,7 +13,7 @@ public class UserAwareComponentTestUtil {
public static void setUser(UserAwareComponent component, String userId) {
Map<String, Object> jwtClaims = new HashMap<>();
jwtClaims.put("sub", userId);
RapPrincipal principal = new RapPrincipal(jwtClaims);
RapPrincipal principal = new RapPrincipal("token", jwtClaims);
HttpServletRequest request = mock(HttpServletRequest.class);
when(request.getUserPrincipal()).thenReturn(principal);
ReflectionTestUtils.setField(component, "request", request);
......
......@@ -12,7 +12,7 @@ import it.inaf.ia2.gms.persistence.model.GroupEntity;
import it.inaf.ia2.gms.persistence.model.PermissionEntity;
import it.inaf.ia2.gms.service.GroupsTreeBuilder;
import it.inaf.ia2.gms.service.PermissionsService;
import it.inaf.ia2.rap.client.RapClient;
import it.inaf.ia2.gms.authn.RapClient;
import java.util.List;
import javax.sql.DataSource;
import static org.junit.Assert.assertEquals;
......
......@@ -11,7 +11,7 @@ import it.inaf.ia2.gms.persistence.MembershipsDAO;
import it.inaf.ia2.gms.persistence.PermissionsDAO;
import it.inaf.ia2.gms.persistence.model.GroupEntity;
import it.inaf.ia2.gms.persistence.model.PermissionEntity;
import it.inaf.ia2.rap.client.RapClient;
import it.inaf.ia2.gms.authn.RapClient;
import it.inaf.ia2.rap.data.Identity;
import it.inaf.ia2.rap.data.IdentityType;
import it.inaf.ia2.rap.data.RapUser;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment