Commit 170bf543 authored by Rucha Deshpande's avatar Rucha Deshpande
Browse files

Updates to Entitlements to handle OAuth flows

commit 9f2066a6 
Author: Rucha Deshpande <deshruch@amazon.com> 
Date: Wed Nov 11 2020 14:50:29 GMT-0600 (Central Standard Time) 

    Oauth updates


commit 4d27622d 
Author: Rucha Deshpande <deshruch@amazon.com> 
Date: Wed Nov 11 2020 10:15:50 GMT-0600 (Central Standard Time) 

    oauth updates


commit 79a9ce20 
Author: Rucha Deshpande <deshruch@amazon.com> 
Date: Mon Nov 09 2020 11:14:08 GMT-0600 (Central Standard Time) 

    oauth 2.0 changes
parent 7c9ec917
......@@ -61,7 +61,7 @@
<dependency>
<groupId>org.opengroup.osdu.core.aws</groupId>
<artifactId>os-core-lib-aws</artifactId>
<version>0.3.11</version>
<version>0.3.12-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>org.opengroup.osdu</groupId>
......
......@@ -19,6 +19,7 @@ import org.opengroup.osdu.core.aws.entitlements.*;
import org.opengroup.osdu.core.aws.lambda.HttpStatusCodes;
import org.opengroup.osdu.core.common.model.http.AppException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import java.io.IOException;
......@@ -33,6 +34,19 @@ public class EntitlementsHelper {
@Autowired
private GroupsUtil2 groupUtil2;
@Value("${aws.userInfo.url}")
private String userInfoUrl;
@Value("${aws.region}")
private String awsRegion;
@Value("${aws.environment}")
private String awsEnvironment;
@Value("${aws.oauth.custom.scope}")
private String awsOauthCustomScope;
String error_msg="";
private static final String ERROR_REASON_UNAUTHORIZED = "The user is not authorized to perform this function";
private static final String ERROR_REASON_SERVER_ERROR = "Internal Server Error";
......@@ -123,9 +137,9 @@ public class EntitlementsHelper {
public String validateJwt(Map<String, String> headers)
{
int httpStatusCode = HttpStatusCodes.UNASSIGNED;
Authorizer authorizer = new Authorizer();
int httpStatusCode = HttpStatusCodes.UNASSIGNED;
Authorizer authorizer = new Authorizer(awsRegion);
String memberEmail=null;
// check for valid JWT
// authorization header is lowercase in osdu services but standard is uppercase first letter
......@@ -138,14 +152,10 @@ public class EntitlementsHelper {
{
throw AppException.createForbidden("No JWT token. Access is Forbidden");
}
try {
memberEmail = authorizer.validateJWT(authorizationContents);
}catch(IOException e)
{
httpStatusCode = HttpStatusCodes.INTERNAL_SERVER_ERROR;
error_msg="IOException : Unable to validate JWT. ";
throw new AppException(httpStatusCode, error_msg, ERROR_REASON_SERVER_ERROR);
}
memberEmail = authorizer.validateJWT(authorizationContents,awsOauthCustomScope,awsEnvironment);
if(memberEmail == null)
{
......
......@@ -31,3 +31,9 @@ aws.entitlements.admin.email = ${ENTITLEMENTS_ADMIN_EMAIL:service.entitlements.a
aws.entitlements.default.role = ${DEFAULT_ROLE:OWNER}
aws.entitlements.default.limitAmount = ${DEFAULT_LIMIT_AMOUNT:1000000}
aws.userInfo.url=${OAUTH_USERINFO_ENDPOINT}
aws.environment=${ENVIRONMENT}
aws.oauth.custom.scope=${OAUTH_CUSTOM_SCOPE}
\ No newline at end of file
......@@ -43,7 +43,7 @@
<dependency>
<groupId>org.opengroup.osdu.core.aws</groupId>
<artifactId>os-core-lib-aws</artifactId>
<version>0.3.11</version>
<version>0.3.12-SNAPSHOT</version>
</dependency>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment