airavata-services/services-security/src/main/java/org/apache/airavata/service/security/Main.java - airavata - Git at Google

 /**
  *
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *   http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 package org.apache.airavata.service.security;

 import org.apache.airavata.common.utils.Constants;
 import org.apache.airavata.model.error.AuthenticationException;
 import org.apache.airavata.model.security.AuthzToken;
 import org.apache.airavata.security.AiravataSecurityException;
 import org.apache.airavata.service.security.oauth.DefaultOAuthClient;
 import org.apache.airavata.service.security.xacml.DefaultXACMLPEP;
 import org.apache.axis2.AxisFault;
 import org.apache.axis2.context.ConfigurationContext;
 import org.apache.axis2.context.ConfigurationContextFactory;
 import org.apache.oltu.oauth2.client.URLConnectionClient;
 import org.apache.oltu.oauth2.client.request.OAuthBearerClientRequest;
 import org.apache.oltu.oauth2.client.request.OAuthClientRequest;
 import org.apache.oltu.oauth2.client.response.OAuthResourceResponse;
 import org.apache.oltu.oauth2.common.OAuth;
 import org.apache.oltu.oauth2.common.message.types.GrantType;
 import org.codehaus.jackson.map.ObjectMapper;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationResponseDTO;

 import java.util.HashMap;
 import java.util.Map;

 public class Main {
     private final static Logger logger = LoggerFactory.getLogger(Main.class);

     private static String username = "scigap_admin";
     private static String password = "sci9067@min";
     private static String hostName = "https://idp.scigap.org:7443";
 //    private static String clientId = "KUu0a74dFbrwvSxD3C_GhwKeNrQa";
     private static String clientId = "O3iUdkkVYyHgzWPiVTQpY_tb96Ma";
 //    private static String clientSecret = "UTKb9nDOPsuWB4lEX39TwhkW8qIa";
     private static String clientSecret = "6Ck1jZoa2oRtrzodSqkUZ2iINkUa";

     public static void main(String[] args) throws AuthenticationException, AiravataSecurityException, AxisFault {
         String accessToken = authenticate("master@master.airavata", "master").getAccess_token();
         ConfigurationContext configContext =
                 ConfigurationContextFactory.createConfigurationContextFromFileSystem(null, null);
         DefaultOAuthClient defaultOAuthClient = new DefaultOAuthClient(hostName+"/services/",username,password, configContext);
         OAuth2TokenValidationResponseDTO tokenValidationRequestDTO = defaultOAuthClient.validateAccessToken(accessToken);
         String authorizedUser = tokenValidationRequestDTO.getAuthorizedUser();
         AuthzToken authzToken = new AuthzToken();
         authzToken.setAccessToken(accessToken);
         Map<String, String> claimsMap = new HashMap<>();
         claimsMap.put(Constants.USER_NAME, "scigap_admin");
         claimsMap.put(Constants.API_METHOD_NAME, "/airavata/getAPIVersion");
         authzToken.setClaimsMap(claimsMap);

         DefaultXACMLPEP defaultXACMLPEP = new DefaultXACMLPEP(hostName+"/services/",username,password,configContext);
         HashMap<String, String> metaDataMap = new HashMap();
         boolean result = defaultXACMLPEP.getAuthorizationDecision(authzToken, metaDataMap);
         System.out.println(result);
     }

     public static AuthResponse authenticate(String username,String password) throws AuthenticationException {
         try {
             OAuthClientRequest request = OAuthClientRequest.tokenLocation(hostName+"/oauth2/token").
                     setClientId(clientId).setClientSecret(clientSecret).
                     setGrantType(GrantType.PASSWORD).
                     setRedirectURI("").
                     setUsername(username).
                     setPassword(password).
                     setScope("openid").
                     buildBodyMessage();


             URLConnectionClient ucc = new URLConnectionClient();

             org.apache.oltu.oauth2.client.OAuthClient oAuthClient = new org.apache.oltu.oauth2.client.OAuthClient(ucc);
             OAuthResourceResponse resp = oAuthClient.resource(request, OAuth.HttpMethod.POST, OAuthResourceResponse.class);

             //converting JSON to object
             ObjectMapper mapper = new ObjectMapper();
             AuthResponse authResponse;
             try{
                 authResponse = mapper.readValue(resp.getBody(), AuthResponse.class);
             }catch (Exception e){
                 return null;
             }

             String accessToken = authResponse.getAccess_token();
             if(accessToken != null && !accessToken.isEmpty()){
                 request = new OAuthBearerClientRequest(hostName + "/oauth2/userinfo?schema=openid").
                         buildQueryMessage();
                 ucc = new URLConnectionClient();
                 request.setHeader("Authorization","Bearer "+accessToken);
                 oAuthClient = new org.apache.oltu.oauth2.client.OAuthClient(ucc);
                 resp = oAuthClient.resource(request, OAuth.HttpMethod.GET,
                         OAuthResourceResponse.class);
                 Map<String,String> profile = mapper.readValue(resp.getBody(), Map.class);
                 return authResponse;
             }
         }catch (Exception ex){
             throw new AuthenticationException(ex.getMessage());
         }
         return null;
     }
 }

 class AuthResponse{

     private String token_type;
     private int expires_in;
     private String refresh_token;
     private String access_token;
     public String id_token;
     private String scope;


     public String getToken_type() {
         return token_type;
     }

     public void setToken_type(String token_type) {
         this.token_type = token_type;
     }

     public int getExpires_in() {
         return expires_in;
     }

     public void setExpires_in(int expires_in) {
         this.expires_in = expires_in;
     }

     public String getRefresh_token() {
         return refresh_token;
     }

     public void setRefresh_token(String refresh_token) {
         this.refresh_token = refresh_token;
     }

     public String getAccess_token() {
         return access_token;
     }

     public void setAccess_token(String access_token) {
         this.access_token = access_token;
     }

     public String getId_token() {
         return id_token;
     }

     public void setId_token(String id_token) {
         this.id_token = id_token;
     }

     public String getScope() {
         return scope;
     }

     public void setScope(String scope) {
         this.scope = scope;
     }
 }
	/**
	*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/
	package org.apache.airavata.service.security;

	import org.apache.airavata.common.utils.Constants;
	import org.apache.airavata.model.error.AuthenticationException;
	import org.apache.airavata.model.security.AuthzToken;
	import org.apache.airavata.security.AiravataSecurityException;
	import org.apache.airavata.service.security.oauth.DefaultOAuthClient;
	import org.apache.airavata.service.security.xacml.DefaultXACMLPEP;
	import org.apache.axis2.AxisFault;
	import org.apache.axis2.context.ConfigurationContext;
	import org.apache.axis2.context.ConfigurationContextFactory;
	import org.apache.oltu.oauth2.client.URLConnectionClient;
	import org.apache.oltu.oauth2.client.request.OAuthBearerClientRequest;
	import org.apache.oltu.oauth2.client.request.OAuthClientRequest;
	import org.apache.oltu.oauth2.client.response.OAuthResourceResponse;
	import org.apache.oltu.oauth2.common.OAuth;
	import org.apache.oltu.oauth2.common.message.types.GrantType;
	import org.codehaus.jackson.map.ObjectMapper;
	import org.slf4j.Logger;
	import org.slf4j.LoggerFactory;
	import org.wso2.carbon.identity.oauth2.stub.dto.OAuth2TokenValidationResponseDTO;

	import java.util.HashMap;
	import java.util.Map;

	public class Main {
	private final static Logger logger = LoggerFactory.getLogger(Main.class);

	private static String username = "scigap_admin";
	private static String password = "sci9067@min";
	private static String hostName = "https://idp.scigap.org:7443";
	// private static String clientId = "KUu0a74dFbrwvSxD3C_GhwKeNrQa";
	private static String clientId = "O3iUdkkVYyHgzWPiVTQpY_tb96Ma";
	// private static String clientSecret = "UTKb9nDOPsuWB4lEX39TwhkW8qIa";
	private static String clientSecret = "6Ck1jZoa2oRtrzodSqkUZ2iINkUa";

	public static void main(String[] args) throws AuthenticationException, AiravataSecurityException, AxisFault {
	String accessToken = authenticate("master@master.airavata", "master").getAccess_token();
	ConfigurationContext configContext =
	ConfigurationContextFactory.createConfigurationContextFromFileSystem(null, null);
	DefaultOAuthClient defaultOAuthClient = new DefaultOAuthClient(hostName+"/services/",username,password, configContext);
	OAuth2TokenValidationResponseDTO tokenValidationRequestDTO = defaultOAuthClient.validateAccessToken(accessToken);
	String authorizedUser = tokenValidationRequestDTO.getAuthorizedUser();
	AuthzToken authzToken = new AuthzToken();
	authzToken.setAccessToken(accessToken);
	Map<String, String> claimsMap = new HashMap<>();
	claimsMap.put(Constants.USER_NAME, "scigap_admin");
	claimsMap.put(Constants.API_METHOD_NAME, "/airavata/getAPIVersion");
	authzToken.setClaimsMap(claimsMap);

	DefaultXACMLPEP defaultXACMLPEP = new DefaultXACMLPEP(hostName+"/services/",username,password,configContext);
	HashMap<String, String> metaDataMap = new HashMap();
	boolean result = defaultXACMLPEP.getAuthorizationDecision(authzToken, metaDataMap);
	System.out.println(result);
	}

	public static AuthResponse authenticate(String username,String password) throws AuthenticationException {
	try {
	OAuthClientRequest request = OAuthClientRequest.tokenLocation(hostName+"/oauth2/token").
	setClientId(clientId).setClientSecret(clientSecret).
	setGrantType(GrantType.PASSWORD).
	setRedirectURI("").
	setUsername(username).
	setPassword(password).
	setScope("openid").
	buildBodyMessage();


	URLConnectionClient ucc = new URLConnectionClient();

	org.apache.oltu.oauth2.client.OAuthClient oAuthClient = new org.apache.oltu.oauth2.client.OAuthClient(ucc);
	OAuthResourceResponse resp = oAuthClient.resource(request, OAuth.HttpMethod.POST, OAuthResourceResponse.class);

	//converting JSON to object
	ObjectMapper mapper = new ObjectMapper();
	AuthResponse authResponse;
	try{
	authResponse = mapper.readValue(resp.getBody(), AuthResponse.class);
	}catch (Exception e){
	return null;
	}

	String accessToken = authResponse.getAccess_token();
	if(accessToken != null && !accessToken.isEmpty()){
	request = new OAuthBearerClientRequest(hostName + "/oauth2/userinfo?schema=openid").
	buildQueryMessage();
	ucc = new URLConnectionClient();
	request.setHeader("Authorization","Bearer "+accessToken);
	oAuthClient = new org.apache.oltu.oauth2.client.OAuthClient(ucc);
	resp = oAuthClient.resource(request, OAuth.HttpMethod.GET,
	OAuthResourceResponse.class);
	Map<String,String> profile = mapper.readValue(resp.getBody(), Map.class);
	return authResponse;
	}
	}catch (Exception ex){
	throw new AuthenticationException(ex.getMessage());
	}
	return null;
	}
	}

	class AuthResponse{

	private String token_type;
	private int expires_in;
	private String refresh_token;
	private String access_token;
	public String id_token;
	private String scope;


	public String getToken_type() {
	return token_type;
	}

	public void setToken_type(String token_type) {
	this.token_type = token_type;
	}

	public int getExpires_in() {
	return expires_in;
	}

	public void setExpires_in(int expires_in) {
	this.expires_in = expires_in;
	}

	public String getRefresh_token() {
	return refresh_token;
	}

	public void setRefresh_token(String refresh_token) {
	this.refresh_token = refresh_token;
	}

	public String getAccess_token() {
	return access_token;
	}

	public void setAccess_token(String access_token) {
	this.access_token = access_token;
	}

	public String getId_token() {
	return id_token;
	}

	public void setId_token(String id_token) {
	this.id_token = id_token;
	}

	public String getScope() {
	return scope;
	}

	public void setScope(String scope) {
	this.scope = scope;
	}
	}