From 1447facf80353c3a1e866299403d244a35cb0472 Mon Sep 17 00:00:00 2001 From: Abhishek Patil Date: Mon, 23 Aug 2021 15:04:39 +0530 Subject: [PATCH 1/5] Using AzureServicePrincipleTokenService in implementation for IServiceAccountJwtClient --- .../util/ServiceAccountJwtClientImpl.java | 103 ++---------------- 1 file changed, 7 insertions(+), 96 deletions(-) diff --git a/provider/indexer-azure/src/main/java/org/opengroup/osdu/indexer/azure/util/ServiceAccountJwtClientImpl.java b/provider/indexer-azure/src/main/java/org/opengroup/osdu/indexer/azure/util/ServiceAccountJwtClientImpl.java index 202dd483..1ee0482f 100644 --- a/provider/indexer-azure/src/main/java/org/opengroup/osdu/indexer/azure/util/ServiceAccountJwtClientImpl.java +++ b/provider/indexer-azure/src/main/java/org/opengroup/osdu/indexer/azure/util/ServiceAccountJwtClientImpl.java @@ -14,110 +14,21 @@ package org.opengroup.osdu.indexer.azure.util; -import com.auth0.jwt.JWT; -import com.auth0.jwt.exceptions.JWTDecodeException; -import com.microsoft.aad.adal4j.AuthenticationContext; -import com.microsoft.aad.adal4j.AuthenticationResult; -import com.microsoft.aad.adal4j.ClientCredential; -import org.apache.http.HttpStatus; - -import org.opengroup.osdu.core.common.logging.JaxRsDpsLog; -import org.opengroup.osdu.core.common.model.http.AppException; -import org.opengroup.osdu.core.common.model.http.DpsHeaders; -import org.opengroup.osdu.core.common.model.search.IdToken; -import org.opengroup.osdu.core.common.model.tenant.TenantInfo; -import org.opengroup.osdu.core.common.provider.interfaces.IJwtCache; -import org.opengroup.osdu.core.common.provider.interfaces.ITenantFactory; +import org.opengroup.osdu.azure.util.AzureServicePrincipleTokenService; import org.opengroup.osdu.core.common.util.IServiceAccountJwtClient; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import org.springframework.web.context.annotation.RequestScope; -import javax.inject.Inject; -import javax.inject.Named; -import java.util.concurrent.ExecutorService; -import java.util.concurrent.Executors; -import java.util.concurrent.Future; - @Component @RequestScope public class ServiceAccountJwtClientImpl implements IServiceAccountJwtClient { - @Inject - private ITenantFactory tenantInfoServiceProvider; - - @Inject - private DpsHeaders dpsHeaders; - - @Inject - private IJwtCache cacheService; - - @Inject - private JaxRsDpsLog log; - - @Inject - @Named("AAD_OBO_API") - private String authAPI; - - @Inject - @Named("AUTH_CLIENT_ID") - private String authClientID; - - @Inject - @Named("AUTH_CLIENT_SECRET") - private String authClientSecret; - - @Inject - @Named("AUTH_URL") - private String authURL; - - public String getIdToken(String tenantName) { - this.log.info("Tenant name received for auth token is: " + tenantName); - TenantInfo tenant = this.tenantInfoServiceProvider.getTenantInfo(tenantName); - if (tenant == null) { - this.log.error("Invalid tenant name receiving from azure"); - throw new AppException(HttpStatus.SC_BAD_REQUEST, "Invalid tenant Name", "Invalid tenant Name from azure"); - } - String ACCESS_TOKEN = ""; - try { - - IdToken cachedToken = (IdToken) this.cacheService.get(tenant.getServiceAccount()); - this.dpsHeaders.put(DpsHeaders.USER_EMAIL, tenant.getServiceAccount()); - - if (!IdToken.refreshToken(cachedToken)) { - return cachedToken.getTokenValue(); - } - - ExecutorService service = Executors.newFixedThreadPool(1); - AuthenticationContext context = null; - - try { - context = new AuthenticationContext(authURL, false, service); - ClientCredential credential = new ClientCredential(authClientID, authClientSecret); - Future future = context.acquireToken(authAPI, credential, null); - - ACCESS_TOKEN = future.get().getAccessToken(); - - if (future == null) { - log.error(String.format("Azure Authentication: %s", future.get().getAccessToken())); - throw new AppException(HttpStatus.SC_FORBIDDEN, "Access denied", "The user is not authorized to perform this action"); - } - IdToken idToken = IdToken.builder().tokenValue(ACCESS_TOKEN).expirationTimeMillis(JWT.decode(ACCESS_TOKEN).getExpiresAt().getTime()).build(); - - this.cacheService.put(tenant.getServiceAccount(), idToken); - - } catch (InterruptedException e) { - e.printStackTrace(); - } finally { - service.shutdown(); - } - } catch (JWTDecodeException e) { - throw new AppException(HttpStatus.SC_INTERNAL_SERVER_ERROR, "Persistence error", "Invalid token, error decoding", e); - } catch (AppException e) { - throw e; - } catch (Exception e) { - throw new AppException(HttpStatus.SC_INTERNAL_SERVER_ERROR, "Persistence error", "Error generating token", e); - } + @Autowired + private AzureServicePrincipleTokenService tokenService; - return ACCESS_TOKEN; + @Override + public String getIdToken(String partitionId){ + return "Bearer " + this.tokenService.getAuthorizationToken(); } } -- GitLab From 22e89fdb7e45294680453478984ffa055e65121b Mon Sep 17 00:00:00 2001 From: Abhishek Patil Date: Tue, 24 Aug 2021 16:58:48 +0530 Subject: [PATCH 2/5] Addressing review comments --- .../util/ServiceAccountJwtClientImpl.java | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/provider/indexer-azure/src/main/java/org/opengroup/osdu/indexer/azure/util/ServiceAccountJwtClientImpl.java b/provider/indexer-azure/src/main/java/org/opengroup/osdu/indexer/azure/util/ServiceAccountJwtClientImpl.java index 1ee0482f..5512f5f5 100644 --- a/provider/indexer-azure/src/main/java/org/opengroup/osdu/indexer/azure/util/ServiceAccountJwtClientImpl.java +++ b/provider/indexer-azure/src/main/java/org/opengroup/osdu/indexer/azure/util/ServiceAccountJwtClientImpl.java @@ -14,21 +14,47 @@ package org.opengroup.osdu.indexer.azure.util; +import org.apache.http.HttpStatus; import org.opengroup.osdu.azure.util.AzureServicePrincipleTokenService; +import org.opengroup.osdu.core.common.logging.JaxRsDpsLog; +import org.opengroup.osdu.core.common.model.http.AppException; +import org.opengroup.osdu.core.common.model.http.DpsHeaders; +import org.opengroup.osdu.core.common.model.tenant.TenantInfo; +import org.opengroup.osdu.core.common.provider.interfaces.ITenantFactory; import org.opengroup.osdu.core.common.util.IServiceAccountJwtClient; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import org.springframework.web.context.annotation.RequestScope; +import javax.inject.Inject; + @Component @RequestScope public class ServiceAccountJwtClientImpl implements IServiceAccountJwtClient { + @Inject + private ITenantFactory tenantInfoServiceProvider; + + @Inject + private DpsHeaders dpsHeaders; + + @Inject + private JaxRsDpsLog log; + @Autowired private AzureServicePrincipleTokenService tokenService; @Override public String getIdToken(String partitionId){ + + TenantInfo tenant = this.tenantInfoServiceProvider.getTenantInfo(partitionId); + if (tenant == null) { + this.log.error("Invalid tenant name receiving from azure"); + throw new AppException(HttpStatus.SC_BAD_REQUEST, "Invalid tenant Name", "Invalid tenant Name from azure"); + } + + this.dpsHeaders.put(DpsHeaders.USER_EMAIL, tenant.getServiceAccount()); + return "Bearer " + this.tokenService.getAuthorizationToken(); } } -- GitLab From 56a57a47f7ca2ec72d148348045d97d09f7a9fd4 Mon Sep 17 00:00:00 2001 From: Abhishek Patil Date: Fri, 27 Aug 2021 15:31:30 +0530 Subject: [PATCH 3/5] resolving merge conflcts --- provider/indexer-azure/pom.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/provider/indexer-azure/pom.xml b/provider/indexer-azure/pom.xml index 47ae8f89..c2772819 100644 --- a/provider/indexer-azure/pom.xml +++ b/provider/indexer-azure/pom.xml @@ -21,12 +21,12 @@ org.opengroup.osdu.indexer indexer-service - 0.11.0 + 0.12.0-SNAPSHOT ../../pom.xml indexer-azure - 0.11.0 + 0.12.0-SNAPSHOT indexer-azure Indexer Service Azure jar @@ -39,7 +39,7 @@ 2.11.2 8.2 - 0.11.0 + 0.12.0-SNAPSHOT 1.1.1.RELEASE 0.12.0-rc9 0.9.12.RELEASE -- GitLab From e94feb5fc36ee8eb06699ac688b2b7b21bc77557 Mon Sep 17 00:00:00 2001 From: Abhishek Patil Date: Tue, 31 Aug 2021 19:54:39 +0530 Subject: [PATCH 4/5] Bug fix --- .../osdu/indexer/azure/util/ServiceAccountJwtClientImpl.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/provider/indexer-azure/src/main/java/org/opengroup/osdu/indexer/azure/util/ServiceAccountJwtClientImpl.java b/provider/indexer-azure/src/main/java/org/opengroup/osdu/indexer/azure/util/ServiceAccountJwtClientImpl.java index 5512f5f5..12ff2ac7 100644 --- a/provider/indexer-azure/src/main/java/org/opengroup/osdu/indexer/azure/util/ServiceAccountJwtClientImpl.java +++ b/provider/indexer-azure/src/main/java/org/opengroup/osdu/indexer/azure/util/ServiceAccountJwtClientImpl.java @@ -55,6 +55,6 @@ public class ServiceAccountJwtClientImpl implements IServiceAccountJwtClient { this.dpsHeaders.put(DpsHeaders.USER_EMAIL, tenant.getServiceAccount()); - return "Bearer " + this.tokenService.getAuthorizationToken(); + return this.tokenService.getAuthorizationToken(); } } -- GitLab From 61ede3d38f5319fc8480b9c215960332923e1cc0 Mon Sep 17 00:00:00 2001 From: Abhishek Patil Date: Mon, 6 Sep 2021 14:53:48 +0530 Subject: [PATCH 5/5] Updating NOTICE --- NOTICE | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/NOTICE b/NOTICE index 4ac14f27..cf207af2 100644 --- a/NOTICE +++ b/NOTICE @@ -397,6 +397,7 @@ The following software have components provided under the terms of this license: - JSON library from Android SDK (from http://developer.android.com/sdk) - JSON.simple (from http://code.google.com/p/json-simple/) - JSONassert (from https://github.com/skyscreamer/JSONassert) +- JSR107 API and SPI (from https://github.com/jsr107/jsr107spec) - Jackson (from http://jackson.codehaus.org) - Jackson (from http://jackson.codehaus.org) - Jackson 2 extensions to the Google HTTP Client Library for Java. (from https://repo1.maven.org/maven2/com/google/http-client/google-http-client-jackson2) @@ -680,6 +681,12 @@ The following software have components provided under the terms of this license: - proto-google-common-protos (from https://github.com/googleapis/java-iam/proto-google-common-protos) - proto-google-iam-v1 (from https://github.com/googleapis/java-iam/proto-google-iam-v1) - rank-eval (from https://github.com/elastic/elasticsearch) +- resilience4j (from https://github.com/resilience4j/resilience4j) +- resilience4j (from https://resilience4j.readme.io) +- resilience4j (from https://resilience4j.readme.io) +- resilience4j (from https://resilience4j.readme.io) +- resilience4j (from https://resilience4j.readme.io) +- resilience4j (from https://github.com/resilience4j/resilience4j) - resilience4j (from https://resilience4j.readme.io) - resilience4j (from https://resilience4j.readme.io) - rest (from https://github.com/elastic/elasticsearch) @@ -695,6 +702,7 @@ The following software have components provided under the terms of this license: - spring-boot-starter (from https://spring.io/projects/spring-boot) - spring-boot-starter-actuator (from https://spring.io/projects/spring-boot) - spring-boot-starter-amqp (from https://spring.io/projects/spring-boot) +- spring-boot-starter-aop (from https://spring.io/projects/spring-boot) - spring-boot-starter-data-mongodb (from https://spring.io/projects/spring-boot) - spring-boot-starter-jersey (from https://spring.io/projects/spring-boot) - spring-boot-starter-json (from https://spring.io/projects/spring-boot) @@ -908,6 +916,7 @@ EPL-1.0 ======================================================================== The following software have components provided under the terms of this license: +- AspectJ Weaver (from https://www.eclipse.org/aspectj/) - Logback Classic Module (from https://repo1.maven.org/maven2/ch/qos/logback/logback-classic) - Logback Contrib :: JSON :: Classic (from https://repo1.maven.org/maven2/ch/qos/logback/contrib/logback-json-classic) - Logback Contrib :: JSON :: Core (from https://repo1.maven.org/maven2/ch/qos/logback/contrib/logback-json-core) -- GitLab