Updated client info API
Replaced user authorization requirement with super client authentication
Change-Id: I7201c2d321267cdaa04359654f431164b45cbd63
diff --git a/full/Changes b/full/Changes
index bd5d6c9..805109e 100644
--- a/full/Changes
+++ b/full/Changes
@@ -1,11 +1,23 @@
# version 0.69.2
+2022-12-05
+- Upgrade version for E2E-simplified Docker images (diewald)
+2023-01-27
+- Updated client info API (replaced user authorization requirement with super
+ client authentication)
+
+
# version 0.69.1
+- Upgrade version for docker including indexer (diewald)
+
+
# version 0.69
- Migrated to Java 11 and Jersey 2
- Updated dependencies
+ - Use LDAP authentication in Kustvakt-full oauth2 example config (kupietz)
+
# version 0.68
diff --git a/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2ClientService.java b/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2ClientService.java
index 4fee392..ee7aa91 100644
--- a/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2ClientService.java
+++ b/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2ClientService.java
@@ -338,17 +338,17 @@
return clientDao.retrieveClientById(clientId);
}
- public OAuth2ClientInfoDto retrieveClientInfo (String username,
- String clientId) throws KustvaktException {
+ public OAuth2ClientInfoDto retrieveClientInfo (String clientId)
+ throws KustvaktException {
OAuth2Client client = clientDao.retrieveClientById(clientId);
- if (adminDao.isAdmin(username)
- || username.equals(client.getRegisteredBy())) {
+// if (adminDao.isAdmin(username)
+// || username.equals(client.getRegisteredBy())) {
return new OAuth2ClientInfoDto(client);
- }
- else {
- throw new KustvaktException(StatusCodes.AUTHORIZATION_FAILED,
- "Unauthorized operation for user: " + username, username);
- }
+// }
+// else {
+// throw new KustvaktException(StatusCodes.AUTHORIZATION_FAILED,
+// "Unauthorized operation for user: " + username, username);
+// }
}
public OAuth2Client retrieveClient (String clientId)
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuthClientController.java b/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuthClientController.java
index 7e4b75e..7ec4758 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuthClientController.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuthClientController.java
@@ -18,10 +18,7 @@
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
-import de.ids_mannheim.korap.web.utils.ResourceFilters;
-
import de.ids_mannheim.korap.constant.OAuth2Scope;
-import de.ids_mannheim.korap.dto.InstalledPluginDto;
import de.ids_mannheim.korap.exceptions.KustvaktException;
import de.ids_mannheim.korap.oauth2.dto.OAuth2ClientDto;
import de.ids_mannheim.korap.oauth2.dto.OAuth2ClientInfoDto;
@@ -33,6 +30,7 @@
import de.ids_mannheim.korap.web.filter.AuthenticationFilter;
import de.ids_mannheim.korap.web.filter.BlockingFilter;
import de.ids_mannheim.korap.web.input.OAuth2ClientJson;
+import de.ids_mannheim.korap.web.utils.ResourceFilters;
/**
* Defines controllers for OAuth2 clients, namely applications
@@ -165,18 +163,18 @@
}
- @GET
+ @POST
@Path("{client_id}")
+ @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
@Produces(MediaType.APPLICATION_JSON + ";charset=utf-8")
+ @ResourceFilters({ APIVersionFilter.class})
public OAuth2ClientInfoDto retrieveClientInfo (
- @Context SecurityContext securityContext,
- @PathParam("client_id") String clientId) {
- TokenContext context =
- (TokenContext) securityContext.getUserPrincipal();
+ @PathParam("client_id") String clientId,
+ @FormParam("super_client_id") String superClientId,
+ @FormParam("super_client_secret") String superClientSecret) {
try {
- scopeService.verifyScope(context, OAuth2Scope.CLIENT_INFO);
- return clientService.retrieveClientInfo(context.getUsername(),
- clientId);
+ clientService.verifySuperClient(superClientId, superClientSecret);
+ return clientService.retrieveClientInfo(clientId);
}
catch (KustvaktException e) {
throw responseHandler.throwit(e);
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2TestBase.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2TestBase.java
index c12a921..6006b74 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2TestBase.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2TestBase.java
@@ -7,26 +7,24 @@
import java.io.IOException;
import java.net.URI;
+import javax.ws.rs.ProcessingException;
+import javax.ws.rs.client.Entity;
+import javax.ws.rs.client.WebTarget;
import javax.ws.rs.core.Form;
-import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.MultivaluedMap;
+import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;
import org.apache.http.entity.ContentType;
import org.apache.oltu.oauth2.common.error.OAuthError;
import org.apache.oltu.oauth2.common.message.types.GrantType;
+import org.glassfish.jersey.uri.UriComponent;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.util.MultiValueMap;
import org.springframework.web.util.UriComponentsBuilder;
import com.fasterxml.jackson.databind.JsonNode;
import com.google.common.net.HttpHeaders;
-import javax.ws.rs.ProcessingException;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.client.Entity;
-import javax.ws.rs.client.WebTarget;
-
-import org.glassfish.jersey.uri.UriComponent;
import de.ids_mannheim.korap.authentication.http.HttpAuthorizationHandler;
import de.ids_mannheim.korap.config.Attributes;
@@ -315,12 +313,18 @@
protected JsonNode retrieveClientInfo (String clientId, String username)
throws ProcessingException,
KustvaktException {
+ Form form = new Form();
+ form.param("super_client_id", superClientId);
+ form.param("super_client_secret", clientSecret);
+
Response response = target().path(API_VERSION).path("oauth2")
.path("client").path(clientId)
.request()
- .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
- .createBasicAuthorizationHeaderValue(username, "pass"))
- .get();
+// .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+// .createBasicAuthorizationHeaderValue(username, "pass"))
+ .header(HttpHeaders.CONTENT_TYPE,
+ ContentType.APPLICATION_FORM_URLENCODED)
+ .post(Entity.form(form));
assertEquals(Status.OK.getStatusCode(), response.getStatus());