TokenAuthLookup.java

package io.cattle.platform.iaas.api.auth.integration.internal.rancher;

import io.cattle.platform.core.model.Account;
import io.cattle.platform.iaas.api.auth.AbstractTokenUtil;
import io.cattle.platform.iaas.api.auth.SecurityConstants;
import io.cattle.platform.iaas.api.auth.integration.external.ExternalServiceTokenUtil;
import io.cattle.platform.iaas.api.auth.integration.interfaces.AccountLookup;
import io.cattle.platform.iaas.api.auth.integration.interfaces.TokenUtil;
import io.cattle.platform.util.type.NamedUtils;
import io.cattle.platform.util.type.Priority;
import io.github.ibuildthecloud.gdapi.exception.ClientVisibleException;
import io.github.ibuildthecloud.gdapi.request.ApiRequest;
import io.github.ibuildthecloud.gdapi.util.ResponseCodes;

import java.util.HashMap;
import java.util.List;
import java.util.Map;

import javax.annotation.PostConstruct;
import javax.inject.Inject;

import org.apache.commons.lang3.StringUtils;

public class TokenAuthLookup implements AccountLookup, Priority {

    Map<String, TokenUtil> tokenUtilsMap = new HashMap<String, TokenUtil>();
    @Inject
    List<TokenUtil> tokenUtils;

    @Inject
    ExternalServiceTokenUtil externalTokenUtil;

    @Override
    public int getPriority() {
        return Priority.PRE;
    }

    @PostConstruct
    public void init() {
        for (TokenUtil tu : tokenUtils) {
            tokenUtilsMap.put(NamedUtils.getName(tu), tu);
        }
    }

    @Override
    public Account getAccount(ApiRequest request) {
        if (!StringUtils.equals(AbstractTokenUtil.TOKEN, request.getType()) && isConfigured()) {
            tokenUtils().findAndSetJWT();
            return getAccountAccessInternal();
        }
        return null;
    }

    private Account getAccountAccessInternal() {
        return tokenUtils().getAccountFromJWT();
    }

    public Account getAccountAccess(String token, ApiRequest request) {
        if (!StringUtils.equals(AbstractTokenUtil.TOKEN, request.getType()) && isConfigured()) {
            request.setAttribute(tokenUtils().tokenType(), token);
            return getAccountAccessInternal();
        }
        return null;
    }

    private TokenUtil tokenUtils(){
        if (SecurityConstants.INTERNAL_AUTH_PROVIDERS.contains(SecurityConstants.AUTH_PROVIDER.get())) {
            TokenUtil tokenUtil = tokenUtilsMap.get(SecurityConstants.AUTH_PROVIDER.get());
            if (tokenUtil == null || !tokenUtil.isConfigured()) {
                throw new ClientVisibleException(ResponseCodes.INTERNAL_SERVER_ERROR, "TokenUtilNotConfigured");
            }
            return tokenUtil;
        } else {
            return externalTokenUtil;
        }
    }

    @Override
    public boolean challenge(ApiRequest request) {
        return false;
    }

    @Override
    public String getName() {
        return "TokenAuth";
    }

    @Override
    public boolean isConfigured() {
        return StringUtils.isNotBlank(SecurityConstants.AUTH_PROVIDER.get())
                && !SecurityConstants.NO_PROVIDER.equalsIgnoreCase(SecurityConstants.AUTH_PROVIDER.get());
    }

}