diff --git a/data-access/servlet/pom.xml b/data-access/servlet/pom.xml
index 58a2466d8ca4f025e9e3f09673fc457677b77c71..e9afeba46b18ed82cb752e395a73ba1f18b50fc7 100644
--- a/data-access/servlet/pom.xml
+++ b/data-access/servlet/pom.xml
@@ -68,11 +68,11 @@
<version>0.9.5</version>
</dependency>
- <dependency>
+ <!-- dependency>
<groupId>auth</groupId>
<artifactId>vlkb-auth</artifactId>
<version>0.1-SNAPSHOT</version>
- </dependency>
+ </dependency -->
<!-- needed in Regrid for merge -->
<dependency>
@@ -81,8 +81,6 @@
<version>1.0</version>
</dependency>
-
-
<dependency>
<groupId>com.googlecode.json-simple</groupId>
<artifactId>json-simple</artifactId>
@@ -96,6 +94,108 @@
<scope>test</scope>
</dependency>
+
+ <!-- auth dependencies (mostly caused by jjwt lib) -->
+
+ <!-- https://mvnrepository.com/artifact/io.jsonwebtoken/jjwt-jackson -->
+ <dependency>
+ <groupId>io.jsonwebtoken</groupId>
+ <artifactId>jjwt-jackson</artifactId>
+ <version>0.12.3</version>
+ <scope>runtime</scope>
+ </dependency>
+ <!-- https://mvnrepository.com/artifact/io.jsonwebtoken/jjwt-api -->
+ <dependency>
+ <groupId>io.jsonwebtoken</groupId>
+ <artifactId>jjwt-api</artifactId>
+ <version>0.12.3</version>
+ </dependency>
+ <!-- https://mvnrepository.com/artifact/io.jsonwebtoken/jjwt-api -->
+ <dependency>
+ <groupId>io.jsonwebtoken</groupId>
+ <artifactId>jjwt-impl</artifactId>
+ <version>0.12.3</version>
+ </dependency>
+
+ <dependency>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-core</artifactId>
+ <version>2.9.10</version>
+ </dependency>
+ <!-- https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-annotations -->
+ <dependency>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-annotations</artifactId>
+ <version>2.9.10</version>
+ </dependency>
+ <!-- https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind -->
+ <dependency>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-databind</artifactId>
+ <version>2.9.10</version>
+ </dependency>
+ <!-- https://mvnrepository.com/artifact/jakarta.xml.bind/jakarta.xml.bind-api -->
+ <dependency>
+ <groupId>jakarta.xml.bind</groupId>
+ <artifactId>jakarta.xml.bind-api</artifactId>
+ <version>2.3.2</version>
+ </dependency>
+
+ <!-- https://mvnrepository.com/artifact/org.slf4j/slf4j-api -->
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-api</artifactId>
+ <version>1.7.36</version>
+ </dependency>
+ <!-- https://mvnrepository.com/artifact/org.slf4j/slf4j-simple -->
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-simple</artifactId>
+ <version>1.7.36</version>
+ <scope>test</scope>
+ </dependency>
+
+ <!-- https://mvnrepository.com/artifact/ch.qos.logback/logback-classic -->
+ <!-- dependency>
+ <groupId>ch.qos.logback</groupId>
+ <artifactId>logback-classic</artifactId>
+ <version>1.4.7</version>
+ <scope>test</scope>
+ </dependency -->
+ <!-- https://mvnrepository.com/artifact/ch.qos.logback/logback-core -->
+ <!-- dependency>
+ <groupId>ch.qos.logback</groupId>
+ <artifactId>logback-core</artifactId>
+ <version>1.4.7</version>
+ </dependency -->
+
+ <!-- https://mvnrepository.com/artifact/org.cache2k/cache2k-api -->
+ <dependency>
+ <groupId>org.cache2k</groupId>
+ <artifactId>cache2k-api</artifactId>
+ <version>1.2.4.Final</version>
+ </dependency>
+ <!-- https://mvnrepository.com/artifact/org.cache2k/cache2k-core -->
+ <dependency>
+ <groupId>org.cache2k</groupId>
+ <artifactId>cache2k-core</artifactId>
+ <version>1.2.4.Final</version>
+ </dependency>
+
+ <!-- IA2 local -->
+ <dependency>
+ <groupId>auth</groupId>
+ <artifactId>auth-lib</artifactId>
+ <version>2.0.0-SNAPSHOT</version>
+ </dependency>
+ <dependency>
+ <groupId>auth</groupId>
+ <artifactId>rap-client</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ </dependency>
+
+
+
</dependencies>
diff --git a/auth/src/main/java/AuthPolicy.java b/data-access/servlet/src/main/java/auth/authz/AuthPolicy.java
similarity index 100%
rename from auth/src/main/java/AuthPolicy.java
rename to data-access/servlet/src/main/java/auth/authz/AuthPolicy.java
diff --git a/auth/src/main/java/AuthPolicyDb.java b/data-access/servlet/src/main/java/auth/authz/AuthPolicyDb.java
similarity index 88%
rename from auth/src/main/java/AuthPolicyDb.java
rename to data-access/servlet/src/main/java/auth/authz/AuthPolicyDb.java
index 7eeb8a5b316e554c8e0201cb73506b03da700630..8c42103732f7bcdf9c25bc49473c89d287859f14 100644
--- a/auth/src/main/java/AuthPolicyDb.java
+++ b/data-access/servlet/src/main/java/auth/authz/AuthPolicyDb.java
@@ -32,8 +32,8 @@ public class AuthPolicyDb
private static final Logger LOGGER = Logger.getLogger(AuthPolicyDb.class.getName());
private static final String DB_DRIVER = "org.postgresql.Driver";
- //private static final Settings settings = Settings.getInstance();
- //static public Settings.DBConn dbconn = settings.dbConn;
+ private static final Settings settings = Settings.getInstance();
+ static public Settings.DBConn dbconn = settings.dbConn;
static public String dbConnUrl;
static public String dbUserName;
static public String dbPassword;
@@ -184,7 +184,7 @@ public class AuthPolicyDb
DriverManager.registerDriver(new org.postgresql.Driver());
*/
- LOGGER.finest(getRegisteredDriverList());
+ //LOGGER.finest(getRegisteredDriverList());
// FIXME seems DriverManager expects jdbc:postgresql driver scheme, it does not support postgresql:// scheme
// additionally:
@@ -209,17 +209,25 @@ public class AuthPolicyDb
String password = userInfo[1];
String dbConnJdbcUrl = "jdbc:" + dbConnUrl.replace(userInfoString + "@", "");
- */ LOGGER.finest("DBMS URL: " + dbConnUrl);
- LOGGER.finest("DBMS userName: " + dbUserName);
- LOGGER.finest("DBMS password: " + dbPassword);
+ // */ LOGGER.finest("DBMS URL: " + dbConnUrl);
+ // LOGGER.finest("DBMS userName: " + dbUserName);
+ // LOGGER.finest("DBMS password: " + dbPassword);
- conn = DriverManager.getConnection(dbConnUrl, dbUserName, dbPassword);
+ // conn = DriverManager.getConnection(dbConnUrl, dbUserName, dbPassword);
- st = conn.createStatement();
+ // st = conn.createStatement();
// } catch (Exception e){ e.printStackTrace();}
- return st.executeQuery(TheQuery);
+ // new
+ LOGGER.finer("Connecting to: " + dbconn.uri() + " with optional user/pwd: " + dbconn.userName() + " / " + dbconn.password() );
+
+ Connection conn = DriverManager.getConnection(dbconn.uri(), dbconn.userName(), dbconn.password());
+ Statement st = conn.createStatement();
+ ResultSet res = st.executeQuery(TheQuery);
+ return res;
+ // new end
+ // return st.executeQuery(TheQuery);
}
diff --git a/auth/src/main/java/webapi/AuthZFilter.java b/data-access/servlet/src/main/java/auth/authz/webapi/AuthZFilter.java
similarity index 100%
rename from auth/src/main/java/webapi/AuthZFilter.java
rename to data-access/servlet/src/main/java/auth/authz/webapi/AuthZFilter.java
diff --git a/auth/src/main/java/webapi/AuthZSettings.java b/data-access/servlet/src/main/java/auth/authz/webapi/AuthZSettings.java
similarity index 100%
rename from auth/src/main/java/webapi/AuthZSettings.java
rename to data-access/servlet/src/main/java/auth/authz/webapi/AuthZSettings.java
diff --git a/auth/src/main/java/IamSigningKeyResolver.java b/data-access/servlet/src/main/java/auth/oidc/IamSigningKeyResolver.java
similarity index 100%
rename from auth/src/main/java/IamSigningKeyResolver.java
rename to data-access/servlet/src/main/java/auth/oidc/IamSigningKeyResolver.java
diff --git a/auth/src/main/java/IntrospectResponse.java b/data-access/servlet/src/main/java/auth/oidc/IntrospectResponse.java
similarity index 100%
rename from auth/src/main/java/IntrospectResponse.java
rename to data-access/servlet/src/main/java/auth/oidc/IntrospectResponse.java
diff --git a/auth/src/main/java/InvalidTokenException.java b/data-access/servlet/src/main/java/auth/oidc/InvalidTokenException.java
similarity index 100%
rename from auth/src/main/java/InvalidTokenException.java
rename to data-access/servlet/src/main/java/auth/oidc/InvalidTokenException.java
diff --git a/auth/src/main/java/Ivoid.java b/data-access/servlet/src/main/java/auth/oidc/Ivoid.java
similarity index 100%
rename from auth/src/main/java/Ivoid.java
rename to data-access/servlet/src/main/java/auth/oidc/Ivoid.java
diff --git a/auth/src/main/java/NeaSigningKeyResolver.java b/data-access/servlet/src/main/java/auth/oidc/NeaSigningKeyResolver.java
similarity index 100%
rename from auth/src/main/java/NeaSigningKeyResolver.java
rename to data-access/servlet/src/main/java/auth/oidc/NeaSigningKeyResolver.java
diff --git a/auth/src/main/java/VlkbUser.java b/data-access/servlet/src/main/java/auth/oidc/VlkbUser.java
similarity index 100%
rename from auth/src/main/java/VlkbUser.java
rename to data-access/servlet/src/main/java/auth/oidc/VlkbUser.java
diff --git a/auth/src/main/java/IA2TokenConvFilter.java b/data-access/servlet/src/main/java/auth/oidc/webapi/IA2TokenConvFilter.java
similarity index 100%
rename from auth/src/main/java/IA2TokenConvFilter.java
rename to data-access/servlet/src/main/java/auth/oidc/webapi/IA2TokenConvFilter.java
diff --git a/auth/src/main/java/IamTokenFilter.java b/data-access/servlet/src/main/java/auth/oidc/webapi/IamTokenFilter.java
similarity index 100%
rename from auth/src/main/java/IamTokenFilter.java
rename to data-access/servlet/src/main/java/auth/oidc/webapi/IamTokenFilter.java
diff --git a/auth/src/main/java/IamTokenSettings.java b/data-access/servlet/src/main/java/auth/oidc/webapi/IamTokenSettings.java
similarity index 100%
rename from auth/src/main/java/IamTokenSettings.java
rename to data-access/servlet/src/main/java/auth/oidc/webapi/IamTokenSettings.java
diff --git a/auth/src/main/java/NeaTokenFilter.java b/data-access/servlet/src/main/java/auth/oidc/webapi/NeaTokenFilter.java
similarity index 100%
rename from auth/src/main/java/NeaTokenFilter.java
rename to data-access/servlet/src/main/java/auth/oidc/webapi/NeaTokenFilter.java
diff --git a/auth/src/main/java/NeaTokenSettings.java b/data-access/servlet/src/main/java/auth/oidc/webapi/NeaTokenSettings.java
similarity index 100%
rename from auth/src/main/java/NeaTokenSettings.java
rename to data-access/servlet/src/main/java/auth/oidc/webapi/NeaTokenSettings.java
diff --git a/data-access/servlet/src/main/java/common/engine/amqp/JsonEncoder.java b/data-access/servlet/src/main/java/common/json/JsonEncoder.java
similarity index 100%
rename from data-access/servlet/src/main/java/common/engine/amqp/JsonEncoder.java
rename to data-access/servlet/src/main/java/common/json/JsonEncoder.java
diff --git a/data-access/servlet/src/main/java/cutout/webapi/Settings.java b/data-access/servlet/src/main/java/common/webapi/Settings.java
similarity index 100%
rename from data-access/servlet/src/main/java/cutout/webapi/Settings.java
rename to data-access/servlet/src/main/java/common/webapi/Settings.java
diff --git a/data-access/servlet/src/main/java/common/Soda.java b/data-access/servlet/src/main/java/cutout/Soda.java
similarity index 100%
rename from data-access/servlet/src/main/java/common/Soda.java
rename to data-access/servlet/src/main/java/cutout/Soda.java
diff --git a/data-access/servlet/src/main/java/common/SodaImpl.java b/data-access/servlet/src/main/java/cutout/SodaImpl.java
similarity index 100%
rename from data-access/servlet/src/main/java/common/SodaImpl.java
rename to data-access/servlet/src/main/java/cutout/SodaImpl.java
diff --git a/data-access/servlet/src/main/java/common/engine/cli/ExecCmd.java b/data-access/servlet/src/main/java/cutout/engine/cli/ExecCmd.java
similarity index 100%
rename from data-access/servlet/src/main/java/common/engine/cli/ExecCmd.java
rename to data-access/servlet/src/main/java/cutout/engine/cli/ExecCmd.java
diff --git a/data-access/servlet/src/main/java/merge/Regrid.java b/data-access/servlet/src/main/java/vlkb/Regrid.java
similarity index 100%
rename from data-access/servlet/src/main/java/merge/Regrid.java
rename to data-access/servlet/src/main/java/vlkb/Regrid.java
diff --git a/data-access/servlet/src/main/java/merge/Reproject.java b/data-access/servlet/src/main/java/vlkb/Reproject.java
similarity index 100%
rename from data-access/servlet/src/main/java/merge/Reproject.java
rename to data-access/servlet/src/main/java/vlkb/Reproject.java
diff --git a/data-access/servlet/src/main/java/Vlkb.java b/data-access/servlet/src/main/java/vlkb/Vlkb.java
similarity index 100%
rename from data-access/servlet/src/main/java/Vlkb.java
rename to data-access/servlet/src/main/java/vlkb/Vlkb.java
diff --git a/data-access/servlet/src/main/java/merge/VlkbAmqp.java b/data-access/servlet/src/main/java/vlkb/VlkbAmqp.java
similarity index 100%
rename from data-access/servlet/src/main/java/merge/VlkbAmqp.java
rename to data-access/servlet/src/main/java/vlkb/VlkbAmqp.java
diff --git a/data-access/servlet/src/main/java/common/engine/amqp/JsonDecoder.java b/data-access/servlet/src/main/java/vlkb/amqp/JsonDecoder.java
similarity index 100%
rename from data-access/servlet/src/main/java/common/engine/amqp/JsonDecoder.java
rename to data-access/servlet/src/main/java/vlkb/amqp/JsonDecoder.java
diff --git a/data-access/servlet/src/main/java/common/engine/amqp/JsonEncoderMerge.java b/data-access/servlet/src/main/java/vlkb/amqp/JsonEncoderMerge.java
similarity index 100%
rename from data-access/servlet/src/main/java/common/engine/amqp/JsonEncoderMerge.java
rename to data-access/servlet/src/main/java/vlkb/amqp/JsonEncoderMerge.java
diff --git a/data-access/servlet/src/main/java/common/engine/amqp/RpcOverAmqp.java b/data-access/servlet/src/main/java/vlkb/amqp/RpcOverAmqp.java
similarity index 100%
rename from data-access/servlet/src/main/java/common/engine/amqp/RpcOverAmqp.java
rename to data-access/servlet/src/main/java/vlkb/amqp/RpcOverAmqp.java
diff --git a/data-access/servlet/src/main/java/merge/webapi/UWSMerge.java b/data-access/servlet/src/main/java/vlkb/webapi/UWSMerge.java
similarity index 100%
rename from data-access/servlet/src/main/java/merge/webapi/UWSMerge.java
rename to data-access/servlet/src/main/java/vlkb/webapi/UWSMerge.java
diff --git a/data-access/servlet/src/main/java/merge/webapi/UWSMergeWork.java b/data-access/servlet/src/main/java/vlkb/webapi/UWSMergeWork.java
similarity index 100%
rename from data-access/servlet/src/main/java/merge/webapi/UWSMergeWork.java
rename to data-access/servlet/src/main/java/vlkb/webapi/UWSMergeWork.java
diff --git a/auth/resources/auth.properties b/data-access/servlet/src/main/resources/auth.properties
similarity index 100%
rename from auth/resources/auth.properties
rename to data-access/servlet/src/main/resources/auth.properties
diff --git a/auth/resources/authpolicy.properties b/data-access/servlet/src/main/resources/authpolicy.properties
similarity index 100%
rename from auth/resources/authpolicy.properties
rename to data-access/servlet/src/main/resources/authpolicy.properties
diff --git a/auth/resources/iamtoken.properties b/data-access/servlet/src/main/resources/iamtoken.properties
similarity index 100%
rename from auth/resources/iamtoken.properties
rename to data-access/servlet/src/main/resources/iamtoken.properties
diff --git a/auth/resources/neatoken.properties b/data-access/servlet/src/main/resources/neatoken.properties
similarity index 100%
rename from auth/resources/neatoken.properties
rename to data-access/servlet/src/main/resources/neatoken.properties
diff --git a/docker/Dockerfile.soda b/docker/Dockerfile.soda
index 5a2bf4ff30a0d09f5cf4e2e2524e442799ce17a4..5dc88fa25e30e57cabc9e3cb838782fda91acd3a 100644
--- a/docker/Dockerfile.soda
+++ b/docker/Dockerfile.soda
@@ -37,6 +37,7 @@ RUN dpkg -i vlkb-${VLKB_VERSION}.deb \
&& rm -f $WEBAPP_DIR/WEB-INF/lib/jjwt-*0.11*.jar
# remove jjwt used by IA2 (IA2 and IAM token filters used different ver of jjwt)
+
# configure instance
ENV INST_DIR=/usr/local
@@ -51,6 +52,11 @@ COPY deps/setenv.sh ${CATALINA_BASE}/bin/
COPY deps/context.xml ${WEBAPP_DIR}/META-INF/context.xml
+# DB used for authorization
+# Tomcat must load DB-driver (postgresql_*.jar), vlkb-soda does not explicitely load DB-drivers
+COPY deps/postgresql-*.jar /var/lib/tomcat9/lib
+
+
# modif permissions to allow run as non-root: need to config TSL and ROOT-CONTEXT
WORKDIR ${CATALINA_BASE}
RUN chmod -R a+rwX conf
diff --git a/docker/start-soda.sh.soda b/docker/start-soda.sh.soda
index 064d75f42a21b46aba540b8b803575abfc189f00..b8f912f5016aa0238b74f675c50cb5292e451e39 100755
--- a/docker/start-soda.sh.soda
+++ b/docker/start-soda.sh.soda
@@ -15,10 +15,10 @@ SKAIAM_INTROSPECT=${SKAIAM_INTROSPECT:-}
SKAIAM_CLIENT=${SKAIAM_CLIENT:-}
SKAIAM_PASSWORD=${SKAIAM_PASSWORD:-}
-AUTH_RAP_URL=${AUTH_RAP_URL:-}
-AUTH_GMS_URL=${AUTH_GMS_URL:-}
-AUTH_CLIENT=${AUTH_CLIENT:-}
-AUTH_SECRET=${AUTH_SECRET:-}
+OIDC_RAP_URL=${OIDC_RAP_URL:-}
+OIDC_GMS_URL=${OIDC_GMS_URL:-}
+OIDC_CLIENT=${OIDC_CLIENT:-}
+OIDC_SECRET=${OIDC_SECRET:-}
# configure CONTEXT_ROOT
@@ -75,20 +75,20 @@ fi
# configure IA2 security
-if [ -z "$AUTH_RAP_URL" ] || [ -z "$AUTH_GMS_URL" ] || [ -z "$AUTH_CLIENT" ] || [ -z "$AUTH_SECRET" ];
+if [ -z "$OIDC_RAP_URL" ] || [ -z "$OIDC_GMS_URL" ] || [ -z "$OIDC_CLIENT" ] || [ -z "$OIDC_SECRET" ];
then
- echo "Some of AUTH_ is not set."
- echo "rap: "$AUTH_RAP_URL
- echo "gms: "$AUTH_GMS_URL
- echo "cli: "$AUTH_CLIENT
- echo "pwd: "$AUTH_SECRET
+ echo "Some of OIDC_ is not set."
+ echo "rap: "$OIDC_RAP_URL
+ echo "gms: "$OIDC_GMS_URL
+ echo "cli: "$OIDC_CLIENT
+ echo "pwd: "$OIDC_SECRET
else
- echo "Config SKA IAM ..."
+ echo "Config IA2 OIDC ..."
{
- echo "rap_uri=$AUTH_RAP_URL"
- echo "gms_uri=$AUTH_GMS_URL"
- echo "client_id=$AUTH_CLIENT"
- echo "client_secret=$AUTH_SECRET"
+ echo "rap_uri=$OIDC_RAP_URL"
+ echo "gms_uri=$OIDC_GMS_URL"
+ echo "client_id=$OIDC_CLIENT"
+ echo "client_secret=$OIDC_SECRET"
echo "groups_autoload=true"
echo "store_state_on_login_endpoint=true"
echo "scope=openid email profile read:rap"
@@ -97,6 +97,24 @@ else
cp $WEBAPP_DIR/WEB-INF/web-cutout-ia2token.xml $WEBAPP_DIR/WEB-INF/web.xml
fi
+# VLKB authorization
+
+if [ -z "$AUTHZ_DB_URL" ] || [ -z "$AUTHZ_DB_SCHEMA" ] || [ -z "$AUTHZ_DB_USER" ] || [ -z "$AUTHZ_DB_PASSWORD" ];
+then
+ echo "Some of AUTHZ_DB_ is not set."
+else
+ echo "Config VLKB authorization ..."
+ {
+ echo "db_uri=$AUTHZ_DB_URL"
+ echo "db_schema=$AUTHZ_DB_SCHEMA"
+ echo "db_user_name=$AUTHZ_DB_USER"
+ echo "db_password=$AUTHZ_DB_PASSWORD"
+ } > $WEBAPP_DIR/WEB-INF/classes/authpolicy.properties
+ # cp $WEBAPP_DIR/WEB-INF/web-cutout-ia2token.xml $WEBAPP_DIR/WEB-INF/web.xml
+fi
+
+
+
# config debug
DBG_LEVEL=${DEBUG_LEVEL:-CONFIG}