data-resource-management-service/drms-graph-impl/drms-api/src/main/java/org/apache/airavata/drms/api/interceptors/Authenticator.java [28:122]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @Component public class Authenticator implements ServiceInterceptor { private static final Logger LOGGER = LoggerFactory.getLogger(Authenticator.class); @Autowired private CustosClientProvider custosClientProvider; @Value("${custos.authentication.skip}") private boolean skipAuthentication; @Override public ReqT intercept(String method, Metadata headers, ReqT msg) throws IOException { if (skipAuthentication) { return msg; } Optional authenticatorOptional = getAuthenticatedUser(msg, headers); if (authenticatorOptional.isPresent()) { return (ReqT) setAuthenticatedUser(msg, authenticatorOptional.get()); } else { throw new RuntimeException("Unauthenticated user"); } } private Object setAuthenticatedUser(Object msg, AuthenticatedUser user) { Descriptors.FieldDescriptor fieldDescriptor = ((com.google.protobuf.GeneratedMessageV3) msg).getDescriptorForType().findFieldByName("auth_token"); Object value = ((com.google.protobuf.GeneratedMessageV3) msg).getField(fieldDescriptor); DRMSServiceAuthToken drmsServiceAuthToken = (DRMSServiceAuthToken) value; drmsServiceAuthToken = drmsServiceAuthToken.toBuilder().setAuthenticatedUser(user).build(); Message.Builder builder = ((GeneratedMessageV3) msg).toBuilder(); return builder.setField(fieldDescriptor, drmsServiceAuthToken).build(); } public Optional getTokenFromHeader(Metadata headers) { String tokenWithBearer = headers.get(Metadata.Key.of("authorization", Metadata.ASCII_STRING_MARSHALLER)); if (tokenWithBearer == null) { tokenWithBearer = headers.get(Metadata.Key.of("Authorization", Metadata.ASCII_STRING_MARSHALLER)); } if (tokenWithBearer == null) { return Optional.empty(); } String prefix = "Bearer"; String token = tokenWithBearer.substring(prefix.length()); return Optional.ofNullable(token.trim()); } public Optional getAuthenticatedUser(Object msg, Metadata headers) throws IOException { try (IdentityManagementClient identityManagementClient = custosClientProvider.getIdentityManagementClient()) { try (UserManagementClient userManagementClient = custosClientProvider.getUserManagementClient()) { Optional tokenHeaders = getTokenFromHeader(headers); if (tokenHeaders.isEmpty()) { //Assume java client is used Descriptors.FieldDescriptor fieldDescriptor = ((com.google.protobuf.GeneratedMessageV3) msg).getDescriptorForType().findFieldByName("auth_token"); Object value = ((com.google.protobuf.GeneratedMessageV3) msg).getField(fieldDescriptor); DRMSServiceAuthToken drmsServiceAuthToken = (DRMSServiceAuthToken) value; if (drmsServiceAuthToken.getAuthCredentialType().equals(AuthCredentialType.UNKNOWN) || drmsServiceAuthToken.getAuthCredentialType().equals(AuthCredentialType.USER_CREDENTIAL)) { String accessToken = drmsServiceAuthToken.getAccessToken(); Optional optionalAuthenticatedUser = AuthCache.getAuthenticatedUser(accessToken); if (optionalAuthenticatedUser.isPresent()) { return Optional.ofNullable(optionalAuthenticatedUser.get()); } else { User user = identityManagementClient.getUser(accessToken); AuthenticatedUser authUser = AuthenticatedUser.newBuilder() .setUsername(user.getUsername()) .setFirstName(user.getFirstName()) .setLastName(user.getLastName()) .setEmailAddress(user.getEmailAddress()) .setTenantId(user.getClientId()) .build(); CacheEntry cacheEntry = new CacheEntry(accessToken, System.currentTimeMillis(), authUser); AuthCache.cache(cacheEntry); return Optional.ofNullable(authUser); } } else if (drmsServiceAuthToken.getAuthCredentialType() .equals(AuthCredentialType.AGENT_ACCOUNT_CREDENTIAL)) { //Agents use service account to get access token String accessToken = drmsServiceAuthToken.getAccessToken(); String decoded = new String(Base64.getDecoder().decode(accessToken)); String[] array = decoded.split(":"); String agentClientId = array[0]; String agentClientSec = array[1]; String username = drmsServiceAuthToken.getAuthenticatedUser().getUsername(); String tenantId = drmsServiceAuthToken.getAuthenticatedUser().getTenantId(); Struct struct = identityManagementClient .getAgentToken(tenantId, agentClientId, agentClientSec, "client_credentials", ""); - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - data-resource-management-service/drms-rdbms-impl/drms-server/src/main/java/org/apache/airavata/drms/api/interceptors/Authenticator.java [28:122]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @Component public class Authenticator implements ServiceInterceptor { private static final Logger LOGGER = LoggerFactory.getLogger(Authenticator.class); @Autowired private CustosClientProvider custosClientProvider; @Value("${custos.authentication.skip}") private boolean skipAuthentication; @Override public ReqT intercept(String method, Metadata headers, ReqT msg) throws IOException { if (skipAuthentication) { return msg; } Optional authenticatorOptional = getAuthenticatedUser(msg, headers); if (authenticatorOptional.isPresent()) { return (ReqT) setAuthenticatedUser(msg, authenticatorOptional.get()); } else { throw new RuntimeException("Unauthenticated user"); } } private Object setAuthenticatedUser(Object msg, AuthenticatedUser user) { Descriptors.FieldDescriptor fieldDescriptor = ((com.google.protobuf.GeneratedMessageV3) msg).getDescriptorForType().findFieldByName("auth_token"); Object value = ((com.google.protobuf.GeneratedMessageV3) msg).getField(fieldDescriptor); DRMSServiceAuthToken drmsServiceAuthToken = (DRMSServiceAuthToken) value; drmsServiceAuthToken = drmsServiceAuthToken.toBuilder().setAuthenticatedUser(user).build(); Message.Builder builder = ((GeneratedMessageV3) msg).toBuilder(); return builder.setField(fieldDescriptor, drmsServiceAuthToken).build(); } public Optional getTokenFromHeader(Metadata headers) { String tokenWithBearer = headers.get(Metadata.Key.of("authorization", Metadata.ASCII_STRING_MARSHALLER)); if (tokenWithBearer == null) { tokenWithBearer = headers.get(Metadata.Key.of("Authorization", Metadata.ASCII_STRING_MARSHALLER)); } if (tokenWithBearer == null) { return Optional.empty(); } String prefix = "Bearer"; String token = tokenWithBearer.substring(prefix.length()); return Optional.ofNullable(token.trim()); } public Optional getAuthenticatedUser(Object msg, Metadata headers) throws IOException { try (IdentityManagementClient identityManagementClient = custosClientProvider.getIdentityManagementClient()) { try (UserManagementClient userManagementClient = custosClientProvider.getUserManagementClient()) { Optional tokenHeaders = getTokenFromHeader(headers); if (tokenHeaders.isEmpty()) { //Assume java client is used Descriptors.FieldDescriptor fieldDescriptor = ((com.google.protobuf.GeneratedMessageV3) msg).getDescriptorForType().findFieldByName("auth_token"); Object value = ((com.google.protobuf.GeneratedMessageV3) msg).getField(fieldDescriptor); DRMSServiceAuthToken drmsServiceAuthToken = (DRMSServiceAuthToken) value; if (drmsServiceAuthToken.getAuthCredentialType().equals(AuthCredentialType.UNKNOWN) || drmsServiceAuthToken.getAuthCredentialType().equals(AuthCredentialType.USER_CREDENTIAL)) { String accessToken = drmsServiceAuthToken.getAccessToken(); Optional optionalAuthenticatedUser = AuthCache.getAuthenticatedUser(accessToken); if (optionalAuthenticatedUser.isPresent()) { return Optional.ofNullable(optionalAuthenticatedUser.get()); } else { User user = identityManagementClient.getUser(accessToken); AuthenticatedUser authUser = AuthenticatedUser.newBuilder() .setUsername(user.getUsername()) .setFirstName(user.getFirstName()) .setLastName(user.getLastName()) .setEmailAddress(user.getEmailAddress()) .setTenantId(user.getClientId()) .build(); CacheEntry cacheEntry = new CacheEntry(accessToken, System.currentTimeMillis(), authUser); AuthCache.cache(cacheEntry); return Optional.ofNullable(authUser); } } else if (drmsServiceAuthToken.getAuthCredentialType() .equals(AuthCredentialType.AGENT_ACCOUNT_CREDENTIAL)) { //Agents use service account to get access token String accessToken = drmsServiceAuthToken.getAccessToken(); String decoded = new String(Base64.getDecoder().decode(accessToken)); String[] array = decoded.split(":"); String agentClientId = array[0]; String agentClientSec = array[1]; String username = drmsServiceAuthToken.getAuthenticatedUser().getUsername(); String tenantId = drmsServiceAuthToken.getAuthenticatedUser().getTenantId(); Struct struct = identityManagementClient .getAgentToken(tenantId, agentClientId, agentClientSec, "client_credentials", ""); - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -