Skip to content
Snippets Groups Projects
Commit 802fe032 authored by Sonia Zorba's avatar Sonia Zorba
Browse files

Changes for using RAP tokens and GMS groups

parent e7fd3b7b
No related branches found
No related tags found
No related merge requests found
Pipeline #1258 passed
...@@ -65,7 +65,7 @@ build_extension: ...@@ -65,7 +65,7 @@ build_extension:
- cd vollt - cd vollt
- gradle jar - gradle jar
- cd ../private-rows-extension - cd ../private-rows-extension
- mvn clean package - JAVA_HOME=/usr/lib/jvm/java-14-openjdk-amd64 mvn clean package
artifacts: artifacts:
paths: paths:
- private-rows-extension/target/private-rows-extension-*.jar - private-rows-extension/target/private-rows-extension-*.jar
......
FROM tomcat:9-jdk8 FROM tomcat:9-jdk14
ADD war/tap.war /usr/local/tomcat/webapps/ ADD war/tap.war /usr/local/tomcat/webapps/
...@@ -11,17 +11,15 @@ If you experience issues with the pull command use this setting in `/etc/docker/ ...@@ -11,17 +11,15 @@ If you experience issues with the pull command use this setting in `/etc/docker/
## Demo ## Demo
./call-tap.sh badtoken Login to [RAP token issuer](https://sso.ia2.inaf.it/rap-ia2) to retrieve a valid JWT (select GMS service from dropdown menu).
Only free records (2 rows) ./call-tap.sh
./call-tap.sh token1 Returns only free records (2 rows)
Free records + records associated with group1 and group2 (6 rows) ./call-tap.sh <JWT>
./call-tap.sh token2 Returns records associated with user groups retrieved from GMS
Free records + records associated with group2 (4 rows)
## Shutdown ## Shutdown
......
#!/bin/bash #!/bin/bash
if [ "$#" -ne 1 ]; then if [ "$#" -eq 1 ]; then
echo "Usage: $0 <token>"
exit 1
fi
curl -s -XPOST \ curl -s -XPOST \
-H "Authorization: Bearer $1" \ -H "Authorization: Bearer $1" \
-F 'REQUEST=doQuery' \ -F 'REQUEST=doQuery' \
...@@ -13,3 +9,12 @@ curl -s -XPOST \ ...@@ -13,3 +9,12 @@ curl -s -XPOST \
-F 'PHASE=RUN' \ -F 'PHASE=RUN' \
-F "QUERY=SELECT * from demo.private_rows;" \ -F "QUERY=SELECT * from demo.private_rows;" \
http://localhost:8080/tap/sync http://localhost:8080/tap/sync
else
curl -s -XPOST \
-F 'REQUEST=doQuery' \
-F 'LANG=ADQL' \
-F 'FORMAT=text/csv' \
-F 'PHASE=RUN' \
-F "QUERY=SELECT * from demo.private_rows;" \
http://localhost:8080/tap/sync
fi
...@@ -8,10 +8,10 @@ CREATE TABLE demo.private_rows ( ...@@ -8,10 +8,10 @@ CREATE TABLE demo.private_rows (
INSERT INTO demo.private_rows (value, policy, "group") VALUES ('value1', 'FREE', ''); INSERT INTO demo.private_rows (value, policy, "group") VALUES ('value1', 'FREE', '');
INSERT INTO demo.private_rows (value, policy, "group") VALUES ('value2', 'FREE', ''); INSERT INTO demo.private_rows (value, policy, "group") VALUES ('value2', 'FREE', '');
INSERT INTO demo.private_rows (value, policy, "group") VALUES ('value3', 'PRIV', 'group1'); INSERT INTO demo.private_rows (value, policy, "group") VALUES ('value3', 'PRIV', 'VLKB.group1');
INSERT INTO demo.private_rows (value, policy, "group") VALUES ('value4', 'PRIV', 'group1'); INSERT INTO demo.private_rows (value, policy, "group") VALUES ('value4', 'PRIV', 'VLKB.group1');
INSERT INTO demo.private_rows (value, policy, "group") VALUES ('value5', 'PRIV', 'group2'); INSERT INTO demo.private_rows (value, policy, "group") VALUES ('value5', 'PRIV', 'VLKB.group2');
INSERT INTO demo.private_rows (value, policy, "group") VALUES ('value6', 'PRIV', 'group2'); INSERT INTO demo.private_rows (value, policy, "group") VALUES ('value6', 'PRIV', 'VLKB.group2');
-- WARNING: always create a new role because Row Level Security doesn't work for table owner -- WARNING: always create a new role because Row Level Security doesn't work for table owner
CREATE ROLE tap WITH LOGIN PASSWORD 'demo'; CREATE ROLE tap WITH LOGIN PASSWORD 'demo';
......
FROM gradle:jdk8 FROM gradle:jdk8
RUN apt-get update && apt install -y maven RUN apt-get update && apt install -y openjdk-14-jdk maven
<?xml version="1.0" encoding="UTF-8"?>
<project-shared-configuration>
<!--
This file contains additional configuration written by modules in the NetBeans IDE.
The configuration is intended to be shared among all the users of project and
therefore it is assumed to be part of version control checkout.
Without this configuration present, some functionality in the IDE may be limited or fail altogether.
-->
<properties xmlns="http://www.netbeans.org/ns/maven-properties-data/1">
<!--
Properties that influence various parts of the IDE, especially code formatting and the like.
You can copy and paste the single properties, into the pom.xml file and the IDE will pick them up.
That way multiple projects can share the same settings (useful for formatting rules for example).
Any value defined here will override the pom.xml file value but is only applicable to the current project.
-->
<netbeans.hint.jdkPlatform>JDK_1.8</netbeans.hint.jdkPlatform>
</properties>
</project-shared-configuration>
...@@ -7,8 +7,8 @@ ...@@ -7,8 +7,8 @@
<packaging>jar</packaging> <packaging>jar</packaging>
<properties> <properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<maven.compiler.source>8</maven.compiler.source> <maven.compiler.source>14</maven.compiler.source>
<maven.compiler.target>8</maven.compiler.target> <maven.compiler.target>14</maven.compiler.target>
</properties> </properties>
<dependencies> <dependencies>
<dependency> <dependency>
...@@ -18,6 +18,11 @@ ...@@ -18,6 +18,11 @@
<scope>system</scope> <scope>system</scope>
<systemPath>${basedir}/../vollt/build/libs/vollt.jar</systemPath> <systemPath>${basedir}/../vollt/build/libs/vollt.jar</systemPath>
</dependency> </dependency>
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>auth-lib</artifactId>
<version>2.0.0-SNAPSHOT</version>
</dependency>
<dependency> <dependency>
<groupId>javax</groupId> <groupId>javax</groupId>
<artifactId>javaee-web-api</artifactId> <artifactId>javaee-web-api</artifactId>
...@@ -55,6 +60,20 @@ ...@@ -55,6 +60,20 @@
<artifactId>maven-surefire-plugin</artifactId> <artifactId>maven-surefire-plugin</artifactId>
<version>2.22.2</version> <version>2.22.2</version>
</plugin> </plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-shade-plugin</artifactId>
<executions>
<execution>
<goals>
<goal>shade</goal>
</goals>
<configuration>
<shadedArtifactAttached>true</shadedArtifactAttached>
</configuration>
</execution>
</executions>
</plugin>
</plugins> </plugins>
</build> </build>
</project> </project>
\ No newline at end of file
package it.inaf.ia2.vollt; package it.inaf.ia2.vollt;
import it.inaf.ia2.aa.ServiceLocator;
import it.inaf.ia2.aa.data.User;
import it.inaf.ia2.aa.jwt.InvalidTokenException;
import java.util.Arrays; import java.util.Arrays;
import java.util.Map; import java.util.Map;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
...@@ -8,7 +11,7 @@ import uws.job.user.JobOwner; ...@@ -8,7 +11,7 @@ import uws.job.user.JobOwner;
import uws.service.UWSUrl; import uws.service.UWSUrl;
import uws.service.UserIdentifier; import uws.service.UserIdentifier;
public class CustomUserIdentifier implements UserIdentifier { public class IA2UserIdentifier implements UserIdentifier {
@Override @Override
public JobOwner extractUserId(UWSUrl urlInterpreter, HttpServletRequest request) throws UWSException { public JobOwner extractUserId(UWSUrl urlInterpreter, HttpServletRequest request) throws UWSException {
...@@ -22,7 +25,7 @@ public class CustomUserIdentifier implements UserIdentifier { ...@@ -22,7 +25,7 @@ public class CustomUserIdentifier implements UserIdentifier {
} }
} }
return getFakeUser(token); return getUser(token);
} }
@Override @Override
...@@ -30,14 +33,14 @@ public class CustomUserIdentifier implements UserIdentifier { ...@@ -30,14 +33,14 @@ public class CustomUserIdentifier implements UserIdentifier {
throw new UnsupportedOperationException("Not supported yet."); throw new UnsupportedOperationException("Not supported yet.");
} }
private CustomJobOwner getFakeUser(String token) { private CustomJobOwner getUser(String token) throws UWSException {
if (token != null) { if (token != null) {
switch (token) { try {
case "token1": User user = ServiceLocator.getInstance().getUserManager().getUserFromAccessToken(token);
return new CustomJobOwner("user1", Arrays.asList("group1", "group2")); return new CustomJobOwner(user.getName(), user.getGroups());
case "token2": } catch (InvalidTokenException ex) {
return new CustomJobOwner("user2", Arrays.asList("group2")); throw new UWSException(401, "Invalid token");
} }
} }
......
rap_uri=https://sso.ia2.inaf.it/rap-ia2
gms_uri=https://sso.ia2.inaf.it/gms
groups_autoload=true
scope=openid read:gms read:rap
\ No newline at end of file
...@@ -6,7 +6,7 @@ rm tap.war ...@@ -6,7 +6,7 @@ rm tap.war
unzip "$base_war" -d vollt unzip "$base_war" -d vollt
cp tap.properties vollt/WEB-INF/classes/tap.properties cp tap.properties vollt/WEB-INF/classes/tap.properties
cp web.xml vollt/WEB-INF/ cp web.xml vollt/WEB-INF/
cp ../private-rows-extension/target/private-rows-extension-*.jar vollt/WEB-INF/lib/ cp ../private-rows-extension/target/private-rows-extension-*-shaded.jar vollt/WEB-INF/lib/
rm vollt/WEB-INF/lib/postgresql-9*.jar rm vollt/WEB-INF/lib/postgresql-9*.jar
cp postgresql-*.jar vollt/WEB-INF/lib/ cp postgresql-*.jar vollt/WEB-INF/lib/
cd vollt cd vollt
......
...@@ -8,5 +8,5 @@ metadata = db ...@@ -8,5 +8,5 @@ metadata = db
file_manager = local file_manager = local
file_root_path = /tmp file_root_path = /tmp
TAP_SCHEMA = TAP_SCHEMA TAP_SCHEMA = TAP_SCHEMA
user_identifier={it.inaf.ia2.vollt.CustomUserIdentifier} user_identifier={it.inaf.ia2.vollt.IA2UserIdentifier}
query_executor={it.inaf.ia2.vollt.PrivateRowsQueryExecutor} query_executor={it.inaf.ia2.vollt.PrivateRowsQueryExecutor}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment