Skip to content
GitLab
Explore
Sign in
IA2
GMS
Compare revisions
55432f7179a815ff38f57818ab63c7af6567d881 to 846f98737fd31938ef020c9c360486cc38bb9de6
Commits on Source (2)
Refactoring: RAP token passed as parameter
· 937dd8f4
Sonia Zorba
authored
Nov 28, 2020
937dd8f4
CLI class update
· 846f9873
Sonia Zorba
authored
Nov 28, 2020
846f9873
Hide whitespace changes
Inline
Side-by-side
gms-client/gms-cli/src/main/java/it/inaf/ia2/gms/cli/CLI.java
View file @
846f9873
...
...
@@ -3,6 +3,7 @@ package it.inaf.ia2.gms.cli;
import
it.inaf.ia2.client.ClientException
;
import
it.inaf.ia2.gms.client.GmsClient
;
import
it.inaf.ia2.gms.client.model.Permission
;
import
it.inaf.ia2.rap.client.ClientCredentialsRapClient
;
import
it.inaf.ia2.rap.client.RapClient
;
import
it.inaf.ia2.rap.data.AccessTokenResponse
;
import
java.io.File
;
...
...
@@ -108,7 +109,7 @@ public class CLI {
if
(
token
!=
null
)
{
client
.
setAccessToken
(
token
);
}
else
{
RapClient
rapClient
=
new
RapClient
(
rapBaseUrl
)
RapClient
rapClient
=
new
ClientCredentials
RapClient
(
rapBaseUrl
)
.
setClientId
(
clientId
)
.
setClientSecret
(
clientSecret
);
AccessTokenResponse
accessTokenResponse
=
rapClient
.
getAccessTokenFromClientCredentials
();
...
...
gms/src/main/java/it/inaf/ia2/gms/GmsApplication.java
View file @
846f9873
package
it.inaf.ia2.gms
;
import
it.inaf.ia2.aa.AuthConfig
;
import
it.inaf.ia2.aa.ServiceLocator
;
import
it.inaf.ia2.rap.client.RapClient
;
import
it.inaf.ia2.aa.UserManager
;
import
it.inaf.ia2.gms.authn.ServletRapClient
;
import
org.springframework.boot.SpringApplication
;
import
org.springframework.boot.autoconfigure.SpringBootApplication
;
import
org.springframework.context.annotation.Bean
;
...
...
@@ -18,7 +20,17 @@ public class GmsApplication {
}
@Bean
public
RapClient
rapClient
()
{
return
ServiceLocator
.
getInstance
().
getRapClient
();
public
AuthConfig
authConfig
()
{
return
ServiceLocator
.
getInstance
().
getConfig
();
}
@Bean
public
UserManager
userManager
()
{
return
ServiceLocator
.
getInstance
().
getUserManager
();
}
@Bean
public
ServletRapClient
servletRapClient
()
{
return
(
ServletRapClient
)
ServiceLocator
.
getInstance
().
getRapClient
();
}
}
gms/src/main/java/it/inaf/ia2/gms/authn/JWTFilter.java
View file @
846f9873
package
it.inaf.ia2.gms.authn
;
import
it.inaf.ia2.aa.UserManager
;
import
it.inaf.ia2.aa.data.User
;
import
it.inaf.ia2.gms.persistence.LoggingDAO
;
import
it.inaf.ia2.rap.client.RapClient
;
import
java.io.IOException
;
import
java.security.Principal
;
import
java.util.Map
;
...
...
@@ -19,11 +19,11 @@ import javax.servlet.http.HttpSession;
public
class
JWTFilter
implements
Filter
{
private
final
LoggingDAO
loggingDAO
;
private
final
RapClient
rapClient
;
private
final
UserManager
userManager
;
public
JWTFilter
(
LoggingDAO
loggingDAO
,
RapClient
rapClient
)
{
public
JWTFilter
(
LoggingDAO
loggingDAO
,
UserManager
userManager
)
{
this
.
loggingDAO
=
loggingDAO
;
this
.
rapClient
=
rapClient
;
this
.
userManager
=
userManager
;
}
@Override
...
...
@@ -40,7 +40,6 @@ public class JWTFilter implements Filter {
HttpSession
session
=
request
.
getSession
(
false
);
User
user
=
(
User
)
session
.
getAttribute
(
"user_data"
);
if
(
user
!=
null
)
{
rapClient
.
setAccessToken
(
user
.
getAccessToken
());
ServletRequestWithSessionPrincipal
wrappedRequest
=
new
ServletRequestWithSessionPrincipal
(
request
,
user
);
fc
.
doFilter
(
wrappedRequest
,
res
);
return
;
...
...
@@ -53,8 +52,7 @@ public class JWTFilter implements Filter {
String
token
=
authHeader
.
replace
(
"Bearer"
,
""
).
trim
();
rapClient
.
setAccessToken
(
token
);
Map
<
String
,
Object
>
claims
=
rapClient
.
parseIdTokenClaims
(
token
);
Map
<
String
,
Object
>
claims
=
userManager
.
parseIdTokenClaims
(
token
);
if
(
claims
.
get
(
"sub"
)
==
null
)
{
loggingDAO
.
logAction
(
"Attempt to access WS with invalid token"
,
request
);
...
...
@@ -62,7 +60,7 @@ public class JWTFilter implements Filter {
return
;
}
ServletRequestWithJWTPrincipal
wrappedRequest
=
new
ServletRequestWithJWTPrincipal
(
request
,
claims
);
ServletRequestWithJWTPrincipal
wrappedRequest
=
new
ServletRequestWithJWTPrincipal
(
request
,
token
,
claims
);
loggingDAO
.
logAction
(
"WS access from "
+
wrappedRequest
.
getUserPrincipal
().
getName
(),
request
);
fc
.
doFilter
(
wrappedRequest
,
res
);
...
...
@@ -87,9 +85,9 @@ public class JWTFilter implements Filter {
private
final
RapPrincipal
principal
;
public
ServletRequestWithJWTPrincipal
(
HttpServletRequest
request
,
Map
<
String
,
Object
>
jwtClaims
)
{
public
ServletRequestWithJWTPrincipal
(
HttpServletRequest
request
,
String
token
,
Map
<
String
,
Object
>
jwtClaims
)
{
super
(
request
);
this
.
principal
=
new
RapPrincipal
(
jwtClaims
);
this
.
principal
=
new
RapPrincipal
(
token
,
jwtClaims
);
}
@Override
...
...
gms/src/main/java/it/inaf/ia2/gms/authn/RapClient.java
0 → 100644
View file @
846f9873
package
it.inaf.ia2.gms.authn
;
import
it.inaf.ia2.rap.client.BoundedRapClient
;
import
javax.servlet.http.HttpServletRequest
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.stereotype.Component
;
import
org.springframework.web.context.annotation.RequestScope
;
@Component
@RequestScope
public
class
RapClient
extends
BoundedRapClient
<
HttpServletRequest
>
{
@Autowired
public
RapClient
(
ServletRapClient
servletRapClient
,
HttpServletRequest
request
)
{
super
(
servletRapClient
,
request
);
}
}
gms/src/main/java/it/inaf/ia2/gms/authn/RapPrincipal.java
View file @
846f9873
...
...
@@ -5,10 +5,12 @@ import java.util.Map;
public
class
RapPrincipal
implements
Principal
{
private
final
String
token
;
private
final
String
sub
;
private
final
String
altSub
;
public
RapPrincipal
(
Map
<
String
,
Object
>
jwtClaims
)
{
public
RapPrincipal
(
String
token
,
Map
<
String
,
Object
>
jwtClaims
)
{
this
.
token
=
token
;
sub
=
(
String
)
jwtClaims
.
get
(
"sub"
);
altSub
=
(
String
)
jwtClaims
.
get
(
"alt_sub"
);
}
...
...
@@ -24,4 +26,8 @@ public class RapPrincipal implements Principal {
public
String
getAlternativeName
()
{
return
altSub
;
}
public
String
getToken
()
{
return
token
;
}
}
gms/src/main/java/it/inaf/ia2/gms/authn/SecurityConfig.java
View file @
846f9873
package
it.inaf.ia2.gms.authn
;
import
it.inaf.ia2.aa.UserManager
;
import
it.inaf.ia2.gms.persistence.LoggingDAO
;
import
it.inaf.ia2.rap.client.RapClient
;
import
org.slf4j.Logger
;
import
org.slf4j.LoggerFactory
;
import
org.springframework.beans.factory.annotation.Value
;
...
...
@@ -48,9 +48,9 @@ public class SecurityConfig {
* Checks JWT for web services.
*/
@Bean
public
FilterRegistrationBean
serviceJWTFilter
(
LoggingDAO
loggingDAO
,
RapClient
rapClient
)
{
public
FilterRegistrationBean
serviceJWTFilter
(
LoggingDAO
loggingDAO
,
UserManager
userManager
)
{
FilterRegistrationBean
bean
=
new
FilterRegistrationBean
();
bean
.
setFilter
(
new
JWTFilter
(
loggingDAO
,
rapClient
));
bean
.
setFilter
(
new
JWTFilter
(
loggingDAO
,
userManager
));
bean
.
addUrlPatterns
(
"/*"
);
bean
.
setOrder
(
Ordered
.
HIGHEST_PRECEDENCE
);
return
bean
;
...
...
gms/src/main/java/it/inaf/ia2/gms/authn/ServletRapClient.java
0 → 100644
View file @
846f9873
package
it.inaf.ia2.gms.authn
;
import
it.inaf.ia2.aa.data.User
;
import
it.inaf.ia2.rap.client.RapClient
;
import
java.security.Principal
;
import
javax.servlet.http.HttpServletRequest
;
public
class
ServletRapClient
extends
RapClient
<
HttpServletRequest
>
{
public
ServletRapClient
(
String
baseUrl
)
{
super
(
baseUrl
);
}
@Override
protected
String
getAccessToken
(
HttpServletRequest
request
)
{
Principal
principal
=
request
.
getUserPrincipal
();
if
(
principal
!=
null
)
{
if
(
principal
instanceof
User
)
{
return
((
User
)
principal
).
getAccessToken
();
}
if
(
principal
instanceof
RapPrincipal
)
{
return
((
RapPrincipal
)
principal
).
getToken
();
}
}
return
null
;
}
}
gms/src/main/java/it/inaf/ia2/gms/authn/SessionData.java
View file @
846f9873
package
it.inaf.ia2.gms.authn
;
import
it.inaf.ia2.aa.data.User
;
import
it.inaf.ia2.rap.client.RapClient
;
import
javax.annotation.PostConstruct
;
import
javax.servlet.http.HttpServletRequest
;
import
javax.servlet.http.HttpSession
;
...
...
@@ -20,9 +19,6 @@ public class SessionData {
@Autowired
private
HttpServletRequest
request
;
@Autowired
private
RapClient
rapClient
;
@PostConstruct
public
void
init
()
{
HttpSession
session
=
request
.
getSession
(
false
);
...
...
@@ -33,7 +29,6 @@ public class SessionData {
public
void
setUser
(
User
user
)
{
this
.
user
=
user
;
rapClient
.
setAccessToken
(
user
.
getAccessToken
());
}
public
String
getUserId
()
{
...
...
gms/src/main/java/it/inaf/ia2/gms/controller/UsersController.java
View file @
846f9873
package
it.inaf.ia2.gms.controller
;
import
it.inaf.ia2.
rap.client
.RapClient
;
import
it.inaf.ia2.
gms.authn
.RapClient
;
import
it.inaf.ia2.rap.data.RapUser
;
import
java.util.List
;
import
org.springframework.beans.factory.annotation.Autowired
;
...
...
gms/src/main/java/it/inaf/ia2/gms/manager/GroupStatusManager.java
View file @
846f9873
...
...
@@ -7,13 +7,14 @@ import it.inaf.ia2.gms.persistence.MembershipsDAO;
import
it.inaf.ia2.gms.persistence.model.GroupEntity
;
import
it.inaf.ia2.gms.persistence.model.MembershipEntity
;
import
it.inaf.ia2.gms.service.GroupsService
;
import
it.inaf.ia2.
rap.client
.RapClient
;
import
it.inaf.ia2.
gms.authn
.RapClient
;
import
it.inaf.ia2.rap.data.RapUser
;
import
java.util.ArrayList
;
import
java.util.Collections
;
import
java.util.HashMap
;
import
java.util.List
;
import
java.util.Map
;
import
java.util.Set
;
import
java.util.stream.Collectors
;
import
org.slf4j.Logger
;
import
org.slf4j.LoggerFactory
;
...
...
@@ -72,8 +73,9 @@ public class GroupStatusManager extends UserAwareComponent {
}
Map
<
String
,
String
>
usersMap
=
new
HashMap
<>();
for
(
RapUser
user
:
rapClient
.
getUsers
(
memberships
.
stream
()
.
map
(
u
->
u
.
getUserId
()).
collect
(
Collectors
.
toSet
())))
{
Set
<
String
>
ids
=
memberships
.
stream
().
map
(
u
->
u
.
getUserId
()).
collect
(
Collectors
.
toSet
());
List
<
RapUser
>
usersList
=
rapClient
.
getUsers
(
ids
);
for
(
RapUser
user
:
usersList
)
{
usersMap
.
put
(
user
.
getId
(),
user
.
getPrimaryEmailAddress
());
}
...
...
gms/src/main/java/it/inaf/ia2/gms/manager/InvitedRegistrationManager.java
View file @
846f9873
package
it.inaf.ia2.gms.manager
;
import
it.inaf.ia2.gms.authn.SessionData
;
import
it.inaf.ia2.gms.exception.BadRequestException
;
import
it.inaf.ia2.gms.exception.NotFoundException
;
import
it.inaf.ia2.gms.exception.UnauthorizedException
;
...
...
@@ -14,7 +13,7 @@ import it.inaf.ia2.gms.persistence.model.GroupEntity;
import
it.inaf.ia2.gms.persistence.model.InvitedRegistration
;
import
it.inaf.ia2.gms.persistence.model.MembershipEntity
;
import
it.inaf.ia2.gms.service.PermissionsService
;
import
it.inaf.ia2.
rap.client
.RapClient
;
import
it.inaf.ia2.
gms.authn
.RapClient
;
import
java.nio.charset.StandardCharsets
;
import
java.security.MessageDigest
;
import
java.security.NoSuchAlgorithmException
;
...
...
gms/src/main/java/it/inaf/ia2/gms/manager/MembershipManager.java
View file @
846f9873
...
...
@@ -9,7 +9,7 @@ import it.inaf.ia2.gms.persistence.model.GroupEntity;
import
it.inaf.ia2.gms.persistence.model.MembershipEntity
;
import
it.inaf.ia2.gms.persistence.model.PermissionEntity
;
import
it.inaf.ia2.gms.service.PermissionUtils
;
import
it.inaf.ia2.
rap.client
.RapClient
;
import
it.inaf.ia2.
gms.authn
.RapClient
;
import
it.inaf.ia2.rap.data.RapUser
;
import
java.util.HashSet
;
import
java.util.List
;
...
...
gms/src/main/java/it/inaf/ia2/gms/manager/PermissionsManager.java
View file @
846f9873
...
...
@@ -8,7 +8,7 @@ import it.inaf.ia2.gms.persistence.model.GroupEntity;
import
it.inaf.ia2.gms.persistence.model.PermissionEntity
;
import
it.inaf.ia2.gms.service.PermissionUtils
;
import
it.inaf.ia2.gms.service.PermissionsService
;
import
it.inaf.ia2.
rap.client
.RapClient
;
import
it.inaf.ia2.
gms.authn
.RapClient
;
import
it.inaf.ia2.rap.data.RapUser
;
import
java.util.ArrayList
;
import
java.util.List
;
...
...
@@ -44,13 +44,15 @@ public class PermissionsManager extends UserAwareComponent {
.
map
(
p
->
p
.
getUserId
())
.
collect
(
Collectors
.
toSet
());
Map
<
String
,
RapUser
>
users
=
rapClient
.
getUsers
(
userIdentifiers
).
stream
()
List
<
RapUser
>
users
=
rapClient
.
getUsers
(
userIdentifiers
);
Map
<
String
,
RapUser
>
usersMap
=
users
.
stream
()
.
collect
(
Collectors
.
toMap
(
RapUser:
:
getId
,
Function
.
identity
()));
List
<
RapUserPermission
>
result
=
new
ArrayList
<>();
for
(
PermissionEntity
p
:
permissions
)
{
RapUser
rapUser
=
users
.
get
(
p
.
getUserId
());
RapUser
rapUser
=
users
Map
.
get
(
p
.
getUserId
());
if
(
rapUser
!=
null
)
{
RapUserPermission
permission
=
new
RapUserPermission
();
permission
.
setPermission
(
p
.
getPermission
());
...
...
gms/src/main/java/it/inaf/ia2/gms/service/SearchService.java
View file @
846f9873
...
...
@@ -13,7 +13,7 @@ import it.inaf.ia2.gms.persistence.MembershipsDAO;
import
it.inaf.ia2.gms.persistence.PermissionsDAO
;
import
it.inaf.ia2.gms.persistence.model.GroupEntity
;
import
it.inaf.ia2.gms.persistence.model.PermissionEntity
;
import
it.inaf.ia2.
rap.client
.RapClient
;
import
it.inaf.ia2.
gms.authn
.RapClient
;
import
java.util.ArrayList
;
import
java.util.List
;
import
java.util.Map
;
...
...
gms/src/main/resources/auth.properties
View file @
846f9873
...
...
@@ -3,3 +3,4 @@ client_secret=gms-secret
rap_uri
=
http://localhost/rap-ia2
store_state_on_login_endpoint
=
true
scope
=
openid email profile read:rap
rap_client_class
=
it.inaf.ia2.gms.authn.ServletRapClient
\ No newline at end of file
gms/src/test/java/it/inaf/ia2/gms/authn/SessionDataTest.java
View file @
846f9873
package
it.inaf.ia2.gms.authn
;
import
it.inaf.ia2.aa.data.User
;
import
it.inaf.ia2.
rap.client
.RapClient
;
import
it.inaf.ia2.
gms.authn
.RapClient
;
import
javax.servlet.http.HttpServletRequest
;
import
javax.servlet.http.HttpSession
;
import
static
org
.
junit
.
Assert
.
assertTrue
;
...
...
@@ -19,7 +19,7 @@ public class SessionDataTest {
@Mock
private
HttpServletRequest
request
;
@Mock
private
RapClient
rapClient
;
...
...
@@ -32,12 +32,12 @@ public class SessionDataTest {
HttpSession
session
=
mock
(
HttpSession
.
class
);
when
(
request
.
getSession
(
eq
(
false
))).
thenReturn
(
session
);
User
user
=
new
User
()
.
setUserId
(
"123"
)
.
setUserLabel
(
"Name Surname"
)
.
setAccessToken
(
"<access_token>"
)
.
setRefreshToken
(
"<refresh_token>"
)
.
setExpiresIn
(
3600
);
User
user
=
new
User
()
;
user
.
setUserId
(
"123"
)
;
user
.
setUserLabel
(
"Name Surname"
)
;
user
.
setAccessToken
(
"<access_token>"
)
;
user
.
setRefreshToken
(
"<refresh_token>"
)
;
user
.
setExpiresIn
(
3600
);
when
(
session
.
getAttribute
(
eq
(
"user_data"
))).
thenReturn
(
user
);
...
...
gms/src/test/java/it/inaf/ia2/gms/manager/InvitedRegistrationManagerTest.java
View file @
846f9873
...
...
@@ -9,7 +9,7 @@ import it.inaf.ia2.gms.persistence.MembershipsDAO;
import
it.inaf.ia2.gms.persistence.model.GroupEntity
;
import
it.inaf.ia2.gms.persistence.model.InvitedRegistration
;
import
it.inaf.ia2.gms.service.PermissionsService
;
import
it.inaf.ia2.
rap.client
.RapClient
;
import
it.inaf.ia2.
gms.authn
.RapClient
;
import
it.inaf.ia2.rap.data.Identity
;
import
it.inaf.ia2.rap.data.IdentityType
;
import
it.inaf.ia2.rap.data.RapUser
;
...
...
gms/src/test/java/it/inaf/ia2/gms/manager/PermissionsManagerIntegrationTest.java
View file @
846f9873
...
...
@@ -9,7 +9,7 @@ import it.inaf.ia2.gms.persistence.PermissionsDAO;
import
it.inaf.ia2.gms.persistence.model.GroupEntity
;
import
it.inaf.ia2.gms.persistence.model.PermissionEntity
;
import
it.inaf.ia2.gms.service.PermissionsService
;
import
it.inaf.ia2.
rap.client
.RapClient
;
import
it.inaf.ia2.
gms.authn
.RapClient
;
import
it.inaf.ia2.rap.data.RapUser
;
import
java.util.Collections
;
import
java.util.List
;
...
...
gms/src/test/java/it/inaf/ia2/gms/manager/UserAwareComponentTestUtil.java
View file @
846f9873
...
...
@@ -13,7 +13,7 @@ public class UserAwareComponentTestUtil {
public
static
void
setUser
(
UserAwareComponent
component
,
String
userId
)
{
Map
<
String
,
Object
>
jwtClaims
=
new
HashMap
<>();
jwtClaims
.
put
(
"sub"
,
userId
);
RapPrincipal
principal
=
new
RapPrincipal
(
jwtClaims
);
RapPrincipal
principal
=
new
RapPrincipal
(
"token"
,
jwtClaims
);
HttpServletRequest
request
=
mock
(
HttpServletRequest
.
class
);
when
(
request
.
getUserPrincipal
()).
thenReturn
(
principal
);
ReflectionTestUtils
.
setField
(
component
,
"request"
,
request
);
...
...
gms/src/test/java/it/inaf/ia2/gms/persistence/NestedGroupsIntegrationTest.java
View file @
846f9873
...
...
@@ -12,7 +12,7 @@ import it.inaf.ia2.gms.persistence.model.GroupEntity;
import
it.inaf.ia2.gms.persistence.model.PermissionEntity
;
import
it.inaf.ia2.gms.service.GroupsTreeBuilder
;
import
it.inaf.ia2.gms.service.PermissionsService
;
import
it.inaf.ia2.
rap.client
.RapClient
;
import
it.inaf.ia2.
gms.authn
.RapClient
;
import
java.util.List
;
import
javax.sql.DataSource
;
import
static
org
.
junit
.
Assert
.
assertEquals
;
...
...
Prev
1
2
Next