You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jclouds.apache.org by na...@apache.org on 2016/04/07 10:37:41 UTC
jclouds git commit: Fixed OAuth authentication flow injections
Repository: jclouds
Updated Branches:
refs/heads/master 042074169 -> 819141a60
Fixed OAuth authentication flow injections
Project: http://git-wip-us.apache.org/repos/asf/jclouds/repo
Commit: http://git-wip-us.apache.org/repos/asf/jclouds/commit/819141a6
Tree: http://git-wip-us.apache.org/repos/asf/jclouds/tree/819141a6
Diff: http://git-wip-us.apache.org/repos/asf/jclouds/diff/819141a6
Branch: refs/heads/master
Commit: 819141a608849d807581c424047e211a89fdc47a
Parents: 0420741
Author: Ignasi Barrera <na...@apache.org>
Authored: Thu Apr 7 01:40:52 2016 +0200
Committer: Ignasi Barrera <na...@apache.org>
Committed: Thu Apr 7 10:10:10 2016 +0200
----------------------------------------------------------------------
.../jclouds/oauth/v2/config/OAuthModule.java | 29 ++++++++------
.../jclouds/oauth/v2/config/OAuthScopes.java | 13 ++++++
.../jclouds/oauth/v2/domain/ClientSecret.java | 4 +-
.../v2/filters/ClientCredentialsSecretFlow.java | 16 ++++++--
.../oauth/v2/filters/JWTBearerTokenFlow.java | 20 ++--------
.../v2/filters/TestJWTBearerTokenFlow.java | 42 ++++++++++++++++++++
providers/google-compute-engine/pom.xml | 7 ++++
.../internal/GoogleComputeEngineTestModule.java | 3 +-
8 files changed, 99 insertions(+), 35 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/jclouds/blob/819141a6/apis/oauth/src/main/java/org/jclouds/oauth/v2/config/OAuthModule.java
----------------------------------------------------------------------
diff --git a/apis/oauth/src/main/java/org/jclouds/oauth/v2/config/OAuthModule.java b/apis/oauth/src/main/java/org/jclouds/oauth/v2/config/OAuthModule.java
index dc18c5d..97d58b7 100644
--- a/apis/oauth/src/main/java/org/jclouds/oauth/v2/config/OAuthModule.java
+++ b/apis/oauth/src/main/java/org/jclouds/oauth/v2/config/OAuthModule.java
@@ -16,12 +16,15 @@
*/
package org.jclouds.oauth.v2.config;
+import static org.jclouds.oauth.v2.config.CredentialType.BEARER_TOKEN_CREDENTIALS;
+import static org.jclouds.oauth.v2.config.CredentialType.CLIENT_CREDENTIALS_SECRET;
import static org.jclouds.oauth.v2.config.CredentialType.P12_PRIVATE_KEY_CREDENTIALS;
import static org.jclouds.oauth.v2.config.OAuthProperties.CREDENTIAL_TYPE;
import static org.jclouds.rest.config.BinderUtils.bindHttpApi;
import java.net.URI;
import java.security.PrivateKey;
+import java.util.Map;
import javax.inject.Named;
import javax.inject.Singleton;
@@ -34,8 +37,10 @@ import org.jclouds.oauth.v2.filters.OAuthFilter;
import com.google.common.base.Supplier;
import com.google.common.base.Suppliers;
+import com.google.common.collect.ImmutableMap;
import com.google.inject.AbstractModule;
import com.google.inject.Inject;
+import com.google.inject.Injector;
import com.google.inject.Provider;
import com.google.inject.Provides;
import com.google.inject.TypeLiteral;
@@ -65,23 +70,23 @@ public final class OAuthModule extends AbstractModule {
return CredentialType.fromValue(credentialType);
}
}
+
+ @Provides
+ @Singleton
+ protected Map<CredentialType, Class<? extends OAuthFilter>> authenticationFlowMap() {
+ return ImmutableMap.of(P12_PRIVATE_KEY_CREDENTIALS, JWTBearerTokenFlow.class,
+ BEARER_TOKEN_CREDENTIALS, BearerTokenFromCredentials.class,
+ CLIENT_CREDENTIALS_SECRET, ClientCredentialsSecretFlow.class);
+ }
@Provides
@Singleton
protected OAuthFilter authenticationFilterForCredentialType(CredentialType credentialType,
- JWTBearerTokenFlow serviceAccountAuth,
- BearerTokenFromCredentials bearerTokenAuth,
- ClientCredentialsSecretFlow clientCredentialAuth) {
- switch (credentialType) {
- case P12_PRIVATE_KEY_CREDENTIALS:
- return serviceAccountAuth;
- case BEARER_TOKEN_CREDENTIALS:
- return bearerTokenAuth;
- case CLIENT_CREDENTIALS_SECRET:
- return clientCredentialAuth;
- default:
- throw new IllegalArgumentException("Unsupported credential type: " + credentialType);
+ Map<CredentialType, Class<? extends OAuthFilter>> authenticationFlows, Injector injector) {
+ if (!authenticationFlows.containsKey(credentialType)) {
+ throw new IllegalArgumentException("Unsupported credential type: " + credentialType);
}
+ return injector.getInstance(authenticationFlows.get(credentialType));
}
}
http://git-wip-us.apache.org/repos/asf/jclouds/blob/819141a6/apis/oauth/src/main/java/org/jclouds/oauth/v2/config/OAuthScopes.java
----------------------------------------------------------------------
diff --git a/apis/oauth/src/main/java/org/jclouds/oauth/v2/config/OAuthScopes.java b/apis/oauth/src/main/java/org/jclouds/oauth/v2/config/OAuthScopes.java
index d154839..e2f1528 100644
--- a/apis/oauth/src/main/java/org/jclouds/oauth/v2/config/OAuthScopes.java
+++ b/apis/oauth/src/main/java/org/jclouds/oauth/v2/config/OAuthScopes.java
@@ -46,6 +46,19 @@ public interface OAuthScopes {
SingleScope() {
}
}
+
+ @AutoValue public abstract static class NoScopes implements OAuthScopes {
+ public static NoScopes create() {
+ return new AutoValue_OAuthScopes_NoScopes();
+ }
+
+ @Override public List<String> forRequest(HttpRequest input) {
+ return ImmutableList.of();
+ }
+
+ NoScopes() {
+ }
+ }
@AutoValue public abstract static class ReadOrWriteScopes implements OAuthScopes {
abstract List<String> readScopes();
http://git-wip-us.apache.org/repos/asf/jclouds/blob/819141a6/apis/oauth/src/main/java/org/jclouds/oauth/v2/domain/ClientSecret.java
----------------------------------------------------------------------
diff --git a/apis/oauth/src/main/java/org/jclouds/oauth/v2/domain/ClientSecret.java b/apis/oauth/src/main/java/org/jclouds/oauth/v2/domain/ClientSecret.java
index d664695..c006ca1 100644
--- a/apis/oauth/src/main/java/org/jclouds/oauth/v2/domain/ClientSecret.java
+++ b/apis/oauth/src/main/java/org/jclouds/oauth/v2/domain/ClientSecret.java
@@ -16,7 +16,9 @@
*/
package org.jclouds.oauth.v2.domain;
+import org.jclouds.javax.annotation.Nullable;
import org.jclouds.json.SerializedNames;
+
import com.google.auto.value.AutoValue;
/**
@@ -34,7 +36,7 @@ public abstract class ClientSecret {
public abstract String resource();
/** The scope(s) to authorize against. **/
- public abstract String scope();
+ @Nullable public abstract String scope();
/** When does the token expire. **/
public abstract long expire();
http://git-wip-us.apache.org/repos/asf/jclouds/blob/819141a6/apis/oauth/src/main/java/org/jclouds/oauth/v2/filters/ClientCredentialsSecretFlow.java
----------------------------------------------------------------------
diff --git a/apis/oauth/src/main/java/org/jclouds/oauth/v2/filters/ClientCredentialsSecretFlow.java b/apis/oauth/src/main/java/org/jclouds/oauth/v2/filters/ClientCredentialsSecretFlow.java
index 562e6f0..f6e3534 100644
--- a/apis/oauth/src/main/java/org/jclouds/oauth/v2/filters/ClientCredentialsSecretFlow.java
+++ b/apis/oauth/src/main/java/org/jclouds/oauth/v2/filters/ClientCredentialsSecretFlow.java
@@ -16,11 +16,14 @@
*/
package org.jclouds.oauth.v2.filters;
+import java.util.List;
+
import com.google.common.base.Joiner;
import com.google.common.base.Supplier;
import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
+
import org.jclouds.oauth.v2.AuthorizationApi;
import org.jclouds.oauth.v2.domain.ClientSecret;
import org.jclouds.oauth.v2.config.OAuthScopes;
@@ -31,6 +34,7 @@ import org.jclouds.http.HttpRequest;
import org.jclouds.location.Provider;
import javax.inject.Named;
+
import com.google.inject.Inject;
import static java.util.concurrent.TimeUnit.SECONDS;
@@ -53,13 +57,16 @@ public class ClientCredentialsSecretFlow implements OAuthFilter {
private final Supplier<Credentials> credentialsSupplier;
private final long tokenDuration;
private final LoadingCache<ClientSecret, Token> tokenCache;
- @Inject(optional = true) @Named(RESOURCE) private String resource;
- @Inject(optional = true) private OAuthScopes scopes;
+ private final String resource;
+ private final OAuthScopes scopes;
@Inject
ClientCredentialsSecretFlow(AuthorizeToken loader, @Named(PROPERTY_SESSION_INTERVAL) long tokenDuration,
- @Provider Supplier<Credentials> credentialsSupplier) {
+ @Provider Supplier<Credentials> credentialsSupplier, OAuthScopes scopes,
+ @Named(RESOURCE) String resource) {
this.credentialsSupplier = credentialsSupplier;
+ this.scopes = scopes;
+ this.resource = resource;
this.tokenDuration = tokenDuration;
// since the session interval is also the token expiration time requested to the server make the token expire a
// bit before the deadline to make sure there aren't session expiration exceptions
@@ -81,11 +88,12 @@ public class ClientCredentialsSecretFlow implements OAuthFilter {
@Override public HttpRequest filter(HttpRequest request) throws HttpException {
long now = currentTimeSeconds();
+ List<String> configuredScopes = scopes.forRequest(request);
ClientSecret client = ClientSecret.create(
credentialsSupplier.get().identity,
credentialsSupplier.get().credential,
resource == null ? "" : resource,
- scopes == null ? null : ON_SPACE.join(scopes.forRequest(request)),
+ configuredScopes.isEmpty() ? null : ON_SPACE.join(configuredScopes),
now + tokenDuration
);
Token token = tokenCache.getUnchecked(client);
http://git-wip-us.apache.org/repos/asf/jclouds/blob/819141a6/apis/oauth/src/main/java/org/jclouds/oauth/v2/filters/JWTBearerTokenFlow.java
----------------------------------------------------------------------
diff --git a/apis/oauth/src/main/java/org/jclouds/oauth/v2/filters/JWTBearerTokenFlow.java b/apis/oauth/src/main/java/org/jclouds/oauth/v2/filters/JWTBearerTokenFlow.java
index 05ccf2a..7f2729f 100644
--- a/apis/oauth/src/main/java/org/jclouds/oauth/v2/filters/JWTBearerTokenFlow.java
+++ b/apis/oauth/src/main/java/org/jclouds/oauth/v2/filters/JWTBearerTokenFlow.java
@@ -19,7 +19,6 @@ package org.jclouds.oauth.v2.filters;
import static java.util.concurrent.TimeUnit.SECONDS;
import static org.jclouds.Constants.PROPERTY_SESSION_INTERVAL;
import static org.jclouds.oauth.v2.config.OAuthProperties.AUDIENCE;
-import static com.google.common.base.Preconditions.checkNotNull;
import javax.inject.Inject;
import javax.inject.Named;
@@ -51,29 +50,17 @@ import com.google.common.cache.LoadingCache;
public class JWTBearerTokenFlow implements OAuthFilter {
private static final Joiner ON_COMMA = Joiner.on(",");
- @com.google.inject.Inject(optional = true) @Named(AUDIENCE) private String audience;
+ private final String audience;
private final Supplier<Credentials> credentialsSupplier;
private final OAuthScopes scopes;
private final long tokenDuration;
private final LoadingCache<Claims, Token> tokenCache;
- public static class TestJWTBearerTokenFlow extends JWTBearerTokenFlow {
-
- @Inject TestJWTBearerTokenFlow(AuthorizeToken loader, @Named(PROPERTY_SESSION_INTERVAL) long tokenDuration,
- @Provider Supplier<Credentials> credentialsSupplier, OAuthScopes scopes) {
- super(loader, tokenDuration, credentialsSupplier, scopes);
- }
-
- /** Constant time for testing. */
- long currentTimeSeconds() {
- return 0;
- }
- }
-
@Inject JWTBearerTokenFlow(AuthorizeToken loader, @Named(PROPERTY_SESSION_INTERVAL) long tokenDuration,
- @Provider Supplier<Credentials> credentialsSupplier, OAuthScopes scopes) {
+ @Provider Supplier<Credentials> credentialsSupplier, OAuthScopes scopes, @Named(AUDIENCE) String audience) {
this.credentialsSupplier = credentialsSupplier;
this.scopes = scopes;
+ this.audience = audience;
this.tokenDuration = tokenDuration;
// since the session interval is also the token expiration time requested to the server make the token expire a
// bit before the deadline to make sure there aren't session expiration exceptions
@@ -94,7 +81,6 @@ public class JWTBearerTokenFlow implements OAuthFilter {
}
@Override public HttpRequest filter(HttpRequest request) throws HttpException {
- checkNotNull(audience, AUDIENCE);
long now = currentTimeSeconds();
Claims claims = Claims.create( //
credentialsSupplier.get().identity, // iss
http://git-wip-us.apache.org/repos/asf/jclouds/blob/819141a6/apis/oauth/src/test/java/org/jclouds/oauth/v2/filters/TestJWTBearerTokenFlow.java
----------------------------------------------------------------------
diff --git a/apis/oauth/src/test/java/org/jclouds/oauth/v2/filters/TestJWTBearerTokenFlow.java b/apis/oauth/src/test/java/org/jclouds/oauth/v2/filters/TestJWTBearerTokenFlow.java
new file mode 100644
index 0000000..f28e980
--- /dev/null
+++ b/apis/oauth/src/test/java/org/jclouds/oauth/v2/filters/TestJWTBearerTokenFlow.java
@@ -0,0 +1,42 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.jclouds.oauth.v2.filters;
+
+import static org.jclouds.Constants.PROPERTY_SESSION_INTERVAL;
+import static org.jclouds.oauth.v2.config.OAuthProperties.AUDIENCE;
+
+import javax.inject.Inject;
+import javax.inject.Named;
+
+import org.jclouds.domain.Credentials;
+import org.jclouds.location.Provider;
+import org.jclouds.oauth.v2.config.OAuthScopes;
+
+import com.google.common.base.Supplier;
+
+public class TestJWTBearerTokenFlow extends JWTBearerTokenFlow {
+
+ @Inject TestJWTBearerTokenFlow(AuthorizeToken loader, @Named(PROPERTY_SESSION_INTERVAL) long tokenDuration,
+ @Provider Supplier<Credentials> credentialsSupplier, OAuthScopes scopes, @Named(AUDIENCE) String audience) {
+ super(loader, tokenDuration, credentialsSupplier, scopes, audience);
+ }
+
+ /** Constant time for testing. */
+ long currentTimeSeconds() {
+ return 0;
+ }
+}
http://git-wip-us.apache.org/repos/asf/jclouds/blob/819141a6/providers/google-compute-engine/pom.xml
----------------------------------------------------------------------
diff --git a/providers/google-compute-engine/pom.xml b/providers/google-compute-engine/pom.xml
index e59c748..9c19a4a 100644
--- a/providers/google-compute-engine/pom.xml
+++ b/providers/google-compute-engine/pom.xml
@@ -71,6 +71,13 @@
<scope>test</scope>
</dependency>
<dependency>
+ <groupId>org.apache.jclouds.api</groupId>
+ <artifactId>oauth</artifactId>
+ <version>${project.version}</version>
+ <type>test-jar</type>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
<groupId>org.apache.jclouds</groupId>
<artifactId>jclouds-compute</artifactId>
<version>${project.version}</version>
http://git-wip-us.apache.org/repos/asf/jclouds/blob/819141a6/providers/google-compute-engine/src/test/java/org/jclouds/googlecomputeengine/internal/GoogleComputeEngineTestModule.java
----------------------------------------------------------------------
diff --git a/providers/google-compute-engine/src/test/java/org/jclouds/googlecomputeengine/internal/GoogleComputeEngineTestModule.java b/providers/google-compute-engine/src/test/java/org/jclouds/googlecomputeengine/internal/GoogleComputeEngineTestModule.java
index 8d492ec..b430b8a 100644
--- a/providers/google-compute-engine/src/test/java/org/jclouds/googlecomputeengine/internal/GoogleComputeEngineTestModule.java
+++ b/providers/google-compute-engine/src/test/java/org/jclouds/googlecomputeengine/internal/GoogleComputeEngineTestModule.java
@@ -38,6 +38,7 @@ import java.util.concurrent.atomic.AtomicInteger;
import org.jclouds.crypto.Crypto;
import org.jclouds.oauth.v2.filters.JWTBearerTokenFlow;
+import org.jclouds.oauth.v2.filters.TestJWTBearerTokenFlow;
import org.jclouds.ssh.SshKeys;
import com.google.common.base.Supplier;
@@ -67,7 +68,7 @@ enum GoogleComputeEngineTestModule implements Module {
@Override public void configure(Binder binder) {
// Predictable time
- binder.bind(JWTBearerTokenFlow.class).to(JWTBearerTokenFlow.TestJWTBearerTokenFlow.class);
+ binder.bind(JWTBearerTokenFlow.class).to(TestJWTBearerTokenFlow.class);
// Predictable ssh keys
Crypto crypto = createMock(Crypto.class);