Sonia Zorba · Sonia Zorba · 846f9873 · 846f9873 · 846f9873 · 846f9873
--- a/gms-client/gms-cli/src/main/java/it/inaf/ia2/gms/cli/CLI.java
+++ b/gms-client/gms-cli/src/main/java/it/inaf/ia2/gms/cli/CLI.java
@@ -3,6 +3,7 @@ package it.inaf.ia2.gms.cli;
 import it.inaf.ia2.client.ClientException;
 import it.inaf.ia2.gms.client.GmsClient;
 import it.inaf.ia2.gms.client.model.Permission;
+import it.inaf.ia2.rap.client.ClientCredentialsRapClient;
 import it.inaf.ia2.rap.client.RapClient;
 import it.inaf.ia2.rap.data.AccessTokenResponse;
 import java.io.File;
@@ -108,7 +109,7 @@ public class CLI {
        if (token != null) {
            client.setAccessToken(token);
        } else {
-            RapClient rapClient = new RapClient(rapBaseUrl)
+            RapClient rapClient = new ClientCredentialsRapClient(rapBaseUrl)
                    .setClientId(clientId)
                    .setClientSecret(clientSecret);
            AccessTokenResponse accessTokenResponse = rapClient.getAccessTokenFromClientCredentials();

--- a/gms/src/main/java/it/inaf/ia2/gms/GmsApplication.java
+++ b/gms/src/main/java/it/inaf/ia2/gms/GmsApplication.java
 package it.inaf.ia2.gms;

+import it.inaf.ia2.aa.AuthConfig;
 import it.inaf.ia2.aa.ServiceLocator;
-import it.inaf.ia2.rap.client.RapClient;
+import it.inaf.ia2.aa.UserManager;
+import it.inaf.ia2.gms.authn.ServletRapClient;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.context.annotation.Bean;
@@ -18,7 +20,17 @@ public class GmsApplication {
    }

    @Bean
-    public RapClient rapClient() {
-        return ServiceLocator.getInstance().getRapClient();
+    public AuthConfig authConfig() {
+        return ServiceLocator.getInstance().getConfig();
+    }
+
+    @Bean
+    public UserManager userManager() {
+        return ServiceLocator.getInstance().getUserManager();
+    }
+
+    @Bean
+    public ServletRapClient servletRapClient() {
+        return (ServletRapClient) ServiceLocator.getInstance().getRapClient();
    }
 }
--- a/gms/src/main/java/it/inaf/ia2/gms/authn/JWTFilter.java
+++ b/gms/src/main/java/it/inaf/ia2/gms/authn/JWTFilter.java
 package it.inaf.ia2.gms.authn;

+import it.inaf.ia2.aa.UserManager;
 import it.inaf.ia2.aa.data.User;
 import it.inaf.ia2.gms.persistence.LoggingDAO;
-import it.inaf.ia2.rap.client.RapClient;
 import java.io.IOException;
 import java.security.Principal;
 import java.util.Map;
@@ -19,11 +19,11 @@ import javax.servlet.http.HttpSession;
 public class JWTFilter implements Filter {

    private final LoggingDAO loggingDAO;
-    private final RapClient rapClient;
+    private final UserManager userManager;

-    public JWTFilter(LoggingDAO loggingDAO, RapClient rapClient) {
+    public JWTFilter(LoggingDAO loggingDAO, UserManager userManager) {
        this.loggingDAO = loggingDAO;
-        this.rapClient = rapClient;
+        this.userManager = userManager;
    }

    @Override
@@ -40,7 +40,6 @@ public class JWTFilter implements Filter {
                HttpSession session = request.getSession(false);
                User user = (User) session.getAttribute("user_data");
                if (user != null) {
-                    rapClient.setAccessToken(user.getAccessToken());
                    ServletRequestWithSessionPrincipal wrappedRequest = new ServletRequestWithSessionPrincipal(request, user);
                    fc.doFilter(wrappedRequest, res);
                    return;
@@ -53,8 +52,7 @@ public class JWTFilter implements Filter {

        String token = authHeader.replace("Bearer", "").trim();

-        rapClient.setAccessToken(token);
-        Map<String, Object> claims = rapClient.parseIdTokenClaims(token);
+        Map<String, Object> claims = userManager.parseIdTokenClaims(token);

        if (claims.get("sub") == null) {
            loggingDAO.logAction("Attempt to access WS with invalid token", request);
@@ -62,7 +60,7 @@ public class JWTFilter implements Filter {
            return;
        }

-        ServletRequestWithJWTPrincipal wrappedRequest = new ServletRequestWithJWTPrincipal(request, claims);
+        ServletRequestWithJWTPrincipal wrappedRequest = new ServletRequestWithJWTPrincipal(request, token, claims);
        loggingDAO.logAction("WS access from " + wrappedRequest.getUserPrincipal().getName(), request);

        fc.doFilter(wrappedRequest, res);
@@ -87,9 +85,9 @@ public class JWTFilter implements Filter {

        private final RapPrincipal principal;

-        public ServletRequestWithJWTPrincipal(HttpServletRequest request, Map<String, Object> jwtClaims) {
+        public ServletRequestWithJWTPrincipal(HttpServletRequest request, String token, Map<String, Object> jwtClaims) {
            super(request);
-            this.principal = new RapPrincipal(jwtClaims);
+            this.principal = new RapPrincipal(token, jwtClaims);
        }

        @Override

--- a/gms/src/main/java/it/inaf/ia2/gms/authn/RapClient.java
+++ b/gms/src/main/java/it/inaf/ia2/gms/authn/RapClient.java
+package it.inaf.ia2.gms.authn;
+
+import it.inaf.ia2.rap.client.BoundedRapClient;
+import javax.servlet.http.HttpServletRequest;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+import org.springframework.web.context.annotation.RequestScope;
+
+@Component
+@RequestScope
+public class RapClient extends BoundedRapClient<HttpServletRequest> {
+
+    @Autowired
+    public RapClient(ServletRapClient servletRapClient, HttpServletRequest request) {
+        super(servletRapClient, request);
+    }
+}
--- a/gms/src/main/java/it/inaf/ia2/gms/authn/RapPrincipal.java
+++ b/gms/src/main/java/it/inaf/ia2/gms/authn/RapPrincipal.java
@@ -5,10 +5,12 @@ import java.util.Map;

 public class RapPrincipal implements Principal {

+    private final String token;
    private final String sub;
    private final String altSub;

-    public RapPrincipal(Map<String, Object> jwtClaims) {
+    public RapPrincipal(String token, Map<String, Object> jwtClaims) {
+        this.token = token;
        sub = (String) jwtClaims.get("sub");
        altSub = (String) jwtClaims.get("alt_sub");
    }
@@ -24,4 +26,8 @@ public class RapPrincipal implements Principal {
    public String getAlternativeName() {
        return altSub;
    }
+
+    public String getToken() {
+        return token;
+    }
 }
--- a/gms/src/main/java/it/inaf/ia2/gms/authn/SecurityConfig.java
+++ b/gms/src/main/java/it/inaf/ia2/gms/authn/SecurityConfig.java
 package it.inaf.ia2.gms.authn;

+import it.inaf.ia2.aa.UserManager;
 import it.inaf.ia2.gms.persistence.LoggingDAO;
-import it.inaf.ia2.rap.client.RapClient;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Value;
@@ -48,9 +48,9 @@ public class SecurityConfig {
     * Checks JWT for web services.
     */
    @Bean
-    public FilterRegistrationBean serviceJWTFilter(LoggingDAO loggingDAO, RapClient rapClient) {
+    public FilterRegistrationBean serviceJWTFilter(LoggingDAO loggingDAO, UserManager userManager) {
        FilterRegistrationBean bean = new FilterRegistrationBean();
-        bean.setFilter(new JWTFilter(loggingDAO, rapClient));
+        bean.setFilter(new JWTFilter(loggingDAO, userManager));
        bean.addUrlPatterns("/*");
        bean.setOrder(Ordered.HIGHEST_PRECEDENCE);
        return bean;

--- a/gms/src/main/java/it/inaf/ia2/gms/authn/ServletRapClient.java
+++ b/gms/src/main/java/it/inaf/ia2/gms/authn/ServletRapClient.java
+package it.inaf.ia2.gms.authn;
+
+import it.inaf.ia2.aa.data.User;
+import it.inaf.ia2.rap.client.RapClient;
+import java.security.Principal;
+import javax.servlet.http.HttpServletRequest;
+
+public class ServletRapClient extends RapClient<HttpServletRequest> {
+
+    public ServletRapClient(String baseUrl) {
+        super(baseUrl);
+    }
+
+    @Override
+    protected String getAccessToken(HttpServletRequest request) {
+        Principal principal = request.getUserPrincipal();
+        if (principal != null) {
+            if (principal instanceof User) {
+                return ((User) principal).getAccessToken();
+            }
+            if (principal instanceof RapPrincipal) {
+                return ((RapPrincipal) principal).getToken();
+            }
+        }
+        return null;
+    }
+}
--- a/gms/src/main/java/it/inaf/ia2/gms/authn/SessionData.java
+++ b/gms/src/main/java/it/inaf/ia2/gms/authn/SessionData.java
 package it.inaf.ia2.gms.authn;

 import it.inaf.ia2.aa.data.User;
-import it.inaf.ia2.rap.client.RapClient;
 import javax.annotation.PostConstruct;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpSession;
@@ -20,9 +19,6 @@ public class SessionData {
    @Autowired
    private HttpServletRequest request;

-    @Autowired
-    private RapClient rapClient;
-
    @PostConstruct
    public void init() {
        HttpSession session = request.getSession(false);
@@ -33,7 +29,6 @@ public class SessionData {

    public void setUser(User user) {
        this.user = user;
-        rapClient.setAccessToken(user.getAccessToken());
    }

    public String getUserId() {

--- a/gms/src/main/java/it/inaf/ia2/gms/controller/UsersController.java
+++ b/gms/src/main/java/it/inaf/ia2/gms/controller/UsersController.java
 package it.inaf.ia2.gms.controller;

-import it.inaf.ia2.rap.client.RapClient;
+import it.inaf.ia2.gms.authn.RapClient;
 import it.inaf.ia2.rap.data.RapUser;
 import java.util.List;
 import org.springframework.beans.factory.annotation.Autowired;

--- a/gms/src/main/java/it/inaf/ia2/gms/manager/GroupStatusManager.java
+++ b/gms/src/main/java/it/inaf/ia2/gms/manager/GroupStatusManager.java
@@ -7,13 +7,14 @@ import it.inaf.ia2.gms.persistence.MembershipsDAO;
 import it.inaf.ia2.gms.persistence.model.GroupEntity;
 import it.inaf.ia2.gms.persistence.model.MembershipEntity;
 import it.inaf.ia2.gms.service.GroupsService;
-import it.inaf.ia2.rap.client.RapClient;
+import it.inaf.ia2.gms.authn.RapClient;
 import it.inaf.ia2.rap.data.RapUser;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
 import java.util.stream.Collectors;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -72,8 +73,9 @@ public class GroupStatusManager extends UserAwareComponent {
        }

        Map<String, String> usersMap = new HashMap<>();
-        for (RapUser user : rapClient.getUsers(memberships.stream()
-                .map(u -> u.getUserId()).collect(Collectors.toSet()))) {
+        Set<String> ids = memberships.stream().map(u -> u.getUserId()).collect(Collectors.toSet());
+        List<RapUser> usersList = rapClient.getUsers(ids);
+        for (RapUser user : usersList) {
            usersMap.put(user.getId(), user.getPrimaryEmailAddress());
        }


--- a/gms/src/main/java/it/inaf/ia2/gms/manager/InvitedRegistrationManager.java
+++ b/gms/src/main/java/it/inaf/ia2/gms/manager/InvitedRegistrationManager.java
 package it.inaf.ia2.gms.manager;

-import it.inaf.ia2.gms.authn.SessionData;
 import it.inaf.ia2.gms.exception.BadRequestException;
 import it.inaf.ia2.gms.exception.NotFoundException;
 import it.inaf.ia2.gms.exception.UnauthorizedException;
@@ -14,7 +13,7 @@ import it.inaf.ia2.gms.persistence.model.GroupEntity;
 import it.inaf.ia2.gms.persistence.model.InvitedRegistration;
 import it.inaf.ia2.gms.persistence.model.MembershipEntity;
 import it.inaf.ia2.gms.service.PermissionsService;
-import it.inaf.ia2.rap.client.RapClient;
+import it.inaf.ia2.gms.authn.RapClient;
 import java.nio.charset.StandardCharsets;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;

--- a/gms/src/main/java/it/inaf/ia2/gms/manager/MembershipManager.java
+++ b/gms/src/main/java/it/inaf/ia2/gms/manager/MembershipManager.java
@@ -9,7 +9,7 @@ import it.inaf.ia2.gms.persistence.model.GroupEntity;
 import it.inaf.ia2.gms.persistence.model.MembershipEntity;
 import it.inaf.ia2.gms.persistence.model.PermissionEntity;
 import it.inaf.ia2.gms.service.PermissionUtils;
-import it.inaf.ia2.rap.client.RapClient;
+import it.inaf.ia2.gms.authn.RapClient;
 import it.inaf.ia2.rap.data.RapUser;
 import java.util.HashSet;
 import java.util.List;

--- a/gms/src/main/java/it/inaf/ia2/gms/manager/PermissionsManager.java
+++ b/gms/src/main/java/it/inaf/ia2/gms/manager/PermissionsManager.java
@@ -8,7 +8,7 @@ import it.inaf.ia2.gms.persistence.model.GroupEntity;
 import it.inaf.ia2.gms.persistence.model.PermissionEntity;
 import it.inaf.ia2.gms.service.PermissionUtils;
 import it.inaf.ia2.gms.service.PermissionsService;
-import it.inaf.ia2.rap.client.RapClient;
+import it.inaf.ia2.gms.authn.RapClient;
 import it.inaf.ia2.rap.data.RapUser;
 import java.util.ArrayList;
 import java.util.List;
@@ -44,13 +44,15 @@ public class PermissionsManager extends UserAwareComponent {
                .map(p -> p.getUserId())
                .collect(Collectors.toSet());

-        Map<String, RapUser> users = rapClient.getUsers(userIdentifiers).stream()
+        List<RapUser> users = rapClient.getUsers(userIdentifiers);
+
+        Map<String, RapUser> usersMap = users.stream()
                .collect(Collectors.toMap(RapUser::getId, Function.identity()));

        List<RapUserPermission> result = new ArrayList<>();

        for (PermissionEntity p : permissions) {
-            RapUser rapUser = users.get(p.getUserId());
+            RapUser rapUser = usersMap.get(p.getUserId());
            if (rapUser != null) {
                RapUserPermission permission = new RapUserPermission();
                permission.setPermission(p.getPermission());

--- a/gms/src/main/java/it/inaf/ia2/gms/service/SearchService.java
+++ b/gms/src/main/java/it/inaf/ia2/gms/service/SearchService.java
@@ -13,7 +13,7 @@ import it.inaf.ia2.gms.persistence.MembershipsDAO;
 import it.inaf.ia2.gms.persistence.PermissionsDAO;
 import it.inaf.ia2.gms.persistence.model.GroupEntity;
 import it.inaf.ia2.gms.persistence.model.PermissionEntity;
-import it.inaf.ia2.rap.client.RapClient;
+import it.inaf.ia2.gms.authn.RapClient;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;

--- a/gms/src/main/resources/auth.properties
+++ b/gms/src/main/resources/auth.properties
@@ -3,3 +3,4 @@ client_secret=gms-secret
 rap_uri=http://localhost/rap-ia2
 store_state_on_login_endpoint=true
 scope=openid email profile read:rap
+rap_client_class=it.inaf.ia2.gms.authn.ServletRapClient
\ No newline at end of file
--- a/gms/src/test/java/it/inaf/ia2/gms/authn/SessionDataTest.java
+++ b/gms/src/test/java/it/inaf/ia2/gms/authn/SessionDataTest.java
 package it.inaf.ia2.gms.authn;

 import it.inaf.ia2.aa.data.User;
-import it.inaf.ia2.rap.client.RapClient;
+import it.inaf.ia2.gms.authn.RapClient;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpSession;
 import static org.junit.Assert.assertTrue;
@@ -19,7 +19,7 @@ public class SessionDataTest {

    @Mock
    private HttpServletRequest request;
-    
+
    @Mock
    private RapClient rapClient;

@@ -32,12 +32,12 @@ public class SessionDataTest {
        HttpSession session = mock(HttpSession.class);
        when(request.getSession(eq(false))).thenReturn(session);

-        User user = new User()
-                .setUserId("123")
-                .setUserLabel("Name Surname")
-                .setAccessToken("<access_token>")
-                .setRefreshToken("<refresh_token>")
-                .setExpiresIn(3600);
+        User user = new User();
+        user.setUserId("123");
+        user.setUserLabel("Name Surname");
+        user.setAccessToken("<access_token>");
+        user.setRefreshToken("<refresh_token>");
+        user.setExpiresIn(3600);

        when(session.getAttribute(eq("user_data"))).thenReturn(user);


--- a/gms/src/test/java/it/inaf/ia2/gms/manager/InvitedRegistrationManagerTest.java
+++ b/gms/src/test/java/it/inaf/ia2/gms/manager/InvitedRegistrationManagerTest.java
@@ -9,7 +9,7 @@ import it.inaf.ia2.gms.persistence.MembershipsDAO;
 import it.inaf.ia2.gms.persistence.model.GroupEntity;
 import it.inaf.ia2.gms.persistence.model.InvitedRegistration;
 import it.inaf.ia2.gms.service.PermissionsService;
-import it.inaf.ia2.rap.client.RapClient;
+import it.inaf.ia2.gms.authn.RapClient;
 import it.inaf.ia2.rap.data.Identity;
 import it.inaf.ia2.rap.data.IdentityType;
 import it.inaf.ia2.rap.data.RapUser;

--- a/gms/src/test/java/it/inaf/ia2/gms/manager/PermissionsManagerIntegrationTest.java
+++ b/gms/src/test/java/it/inaf/ia2/gms/manager/PermissionsManagerIntegrationTest.java
@@ -9,7 +9,7 @@ import it.inaf.ia2.gms.persistence.PermissionsDAO;
 import it.inaf.ia2.gms.persistence.model.GroupEntity;
 import it.inaf.ia2.gms.persistence.model.PermissionEntity;
 import it.inaf.ia2.gms.service.PermissionsService;
-import it.inaf.ia2.rap.client.RapClient;
+import it.inaf.ia2.gms.authn.RapClient;
 import it.inaf.ia2.rap.data.RapUser;
 import java.util.Collections;
 import java.util.List;

--- a/gms/src/test/java/it/inaf/ia2/gms/manager/UserAwareComponentTestUtil.java
+++ b/gms/src/test/java/it/inaf/ia2/gms/manager/UserAwareComponentTestUtil.java
@@ -13,7 +13,7 @@ public class UserAwareComponentTestUtil {
    public static void setUser(UserAwareComponent component, String userId) {
        Map<String, Object> jwtClaims = new HashMap<>();
        jwtClaims.put("sub", userId);
-        RapPrincipal principal = new RapPrincipal(jwtClaims);
+        RapPrincipal principal = new RapPrincipal("token", jwtClaims);
        HttpServletRequest request = mock(HttpServletRequest.class);
        when(request.getUserPrincipal()).thenReturn(principal);
        ReflectionTestUtils.setField(component, "request", request);

--- a/gms/src/test/java/it/inaf/ia2/gms/persistence/NestedGroupsIntegrationTest.java
+++ b/gms/src/test/java/it/inaf/ia2/gms/persistence/NestedGroupsIntegrationTest.java
@@ -12,7 +12,7 @@ import it.inaf.ia2.gms.persistence.model.GroupEntity;
 import it.inaf.ia2.gms.persistence.model.PermissionEntity;
 import it.inaf.ia2.gms.service.GroupsTreeBuilder;
 import it.inaf.ia2.gms.service.PermissionsService;
-import it.inaf.ia2.rap.client.RapClient;
+import it.inaf.ia2.gms.authn.RapClient;
 import java.util.List;
 import javax.sql.DataSource;
 import static org.junit.Assert.assertEquals;