feat: add inline provider in gravitee.yaml for Management API

Fixes gravitee-io/issues#3975
gravitee-io · Jun 16, 2021 · 1d3e1e1 · 1d3e1e1
1 parent 0a45ec0
commit 1d3e1e1
Show file tree

Hide file tree

Showing 21 changed files with 674 additions and 35 deletions.
diff --git a/...itee/am/management/handlers/management/api/authentication/controller/LoginController.java b/...itee/am/management/handlers/management/api/authentication/controller/LoginController.java
@@ -43,6 +43,7 @@
 import java.util.stream.Collectors;
 
 import static io.gravitee.am.management.handlers.management.api.authentication.provider.generator.RedirectCookieGenerator.DEFAULT_REDIRECT_COOKIE_NAME;
+import static java.util.Collections.emptyList;
 
 /**
  * @author David BRASSELY (david.brassely at graviteesource.com)
@@ -85,7 +86,9 @@ public ModelAndView login(HttpServletRequest request, @RequestParam(value=ORGANI
         // fetch domain social identity providers
         List<IdentityProvider> socialProviders = null;
         try {
-            socialProviders = organizationService.findById(organizationId).map(Organization::getIdentities).blockingGet()
+            socialProviders = organizationService.findById(organizationId)
+                    .map(org -> Optional.ofNullable(org.getIdentities()).orElse(emptyList()))
+                    .blockingGet()
                     .stream()
                     .map(identity -> identityProviderManager.getIdentityProvider(identity))
                     .filter(Objects::nonNull)

diff --git a/...anagement/handlers/management/api/authentication/manager/idp/IdentityProviderManager.java b/...anagement/handlers/management/api/authentication/manager/idp/IdentityProviderManager.java
@@ -18,6 +18,8 @@
 import io.gravitee.am.identityprovider.api.AuthenticationProvider;
 import io.gravitee.am.model.IdentityProvider;
 
+import java.util.List;
+
 /**
  * @author David BRASSELY (david.brassely at graviteesource.com)
  * @author Titouan COMPIEGNE (titouan.compiegne at graviteesource.com)
@@ -28,4 +30,7 @@ public interface IdentityProviderManager {
     AuthenticationProvider get(String id);
 
     IdentityProvider getIdentityProvider(String id);
+
+    List<String> getAuthenticationProviderFor(String organizationId);
+
 }
diff --git a/.../handlers/management/api/authentication/manager/idp/impl/IdentityProviderManagerImpl.java b/.../handlers/management/api/authentication/manager/idp/impl/IdentityProviderManagerImpl.java
@@ -18,30 +18,36 @@
 import io.gravitee.am.common.event.IdentityProviderEvent;
 import io.gravitee.am.identityprovider.api.AuthenticationProvider;
 import io.gravitee.am.management.handlers.management.api.authentication.manager.idp.IdentityProviderManager;
+import io.gravitee.am.management.service.InMemoryIdentityProviderListener;
 import io.gravitee.am.model.IdentityProvider;
 import io.gravitee.am.model.ReferenceType;
 import io.gravitee.am.model.common.event.Payload;
 import io.gravitee.am.plugins.idp.core.IdentityProviderPluginManager;
 import io.gravitee.am.service.IdentityProviderService;
+import io.gravitee.am.service.RoleService;
 import io.gravitee.common.event.Event;
 import io.gravitee.common.event.EventListener;
 import io.gravitee.common.event.EventManager;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.env.Environment;
 import org.springframework.stereotype.Component;
 
+import java.util.Collections;
+import java.util.List;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ConcurrentMap;
+import java.util.stream.Collectors;
 
 /**
  * @author David BRASSELY (david.brassely at graviteesource.com)
  * @author Titouan COMPIEGNE (titouan.compiegne at graviteesource.com)
  * @author GraviteeSource Team
  */
 @Component("managementIdentityProviderManager")
-public class IdentityProviderManagerImpl implements IdentityProviderManager, InitializingBean, EventListener<IdentityProviderEvent, Payload> {
+public class IdentityProviderManagerImpl implements IdentityProviderManager, InitializingBean, EventListener<IdentityProviderEvent, Payload>, InMemoryIdentityProviderListener {
 
     private final Logger logger = LoggerFactory.getLogger(IdentityProviderManagerImpl.class);
 
@@ -54,6 +60,15 @@ public class IdentityProviderManagerImpl implements IdentityProviderManager, Ini
     @Autowired
     private EventManager eventManager;
 
+    @Autowired
+    private RoleService roleService;
+
+    @Autowired
+    private Environment environment;
+
+    @Autowired
+    private io.gravitee.am.management.service.IdentityProviderManager commonIdentityProviderManager;
+
     private ConcurrentMap<String, AuthenticationProvider> providers = new ConcurrentHashMap<>();
     private ConcurrentMap<String, IdentityProvider> identities = new ConcurrentHashMap<>();
 
@@ -78,8 +93,28 @@ public void afterPropertiesSet() throws Exception {
         } catch (Exception e) {
             logger.error("Unable to initialize identity providers", e);
         }
+
+        this.commonIdentityProviderManager.setListener(this);
     }
 
+    @Override
+    public void registerAuthenticationProvider(IdentityProvider provider) {
+        updateAuthenticationProvider(provider);
+    }
+
+    public List<String> getAuthenticationProviderFor(String organizationId) {
+        if (this.identities == null) {
+            return Collections.emptyList();
+        }
+        return this.identities.values()
+                .stream()
+                .filter(idp -> organizationId.equals(idp.getReferenceId()) && ReferenceType.ORGANIZATION.equals(idp.getReferenceType()))
+                .map(IdentityProvider::getId)
+                .collect(Collectors.toList());
+    }
+
+
+
     @Override
     public void onEvent(Event<IdentityProviderEvent, Payload> event) {
         if (event.content().getReferenceType() == ReferenceType.ORGANIZATION && event.content().getReferenceId() != null) {

diff --git a/...ers/management/api/authentication/provider/security/ManagementAuthenticationProvider.java b/...ers/management/api/authentication/provider/security/ManagementAuthenticationProvider.java
@@ -33,10 +33,7 @@
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.util.StringUtils;
 
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
+import java.util.*;
 
 /**
  * @author Titouan COMPIEGNE (titouan.compiegne at graviteesource.com)
@@ -68,11 +65,14 @@ public Authentication authenticate(Authentication authentication) throws Authent
         }
 
         details.putIfAbsent(Claims.organization, Organization.DEFAULT);
-
         String organizationId = details.get(Claims.organization);
+
+        List<String> identities = identityProviderManager.getAuthenticationProviderFor(organizationId);
         Organization organization = organizationService.findById(organizationId).blockingGet();
+        if (organization.getIdentities() != null) {
+            identities.addAll(organization.getIdentities());
+        }
 
-        List<String> identities = organization.getIdentities();
         Iterator<String> iter = identities.iterator();
         io.gravitee.am.identityprovider.api.User user = null;
         AuthenticationException lastException = null;

diff --git a/...-api-service/src/main/java/io/gravitee/am/management/service/IdentityProviderManager.java b/...-api-service/src/main/java/io/gravitee/am/management/service/IdentityProviderManager.java
@@ -35,4 +35,9 @@ public interface IdentityProviderManager extends Service<IdentityProviderManager
     Single<IdentityProvider> create(String domain);
 
     boolean userProviderExists(String identityProviderId);
+
+    void setListener(InMemoryIdentityProviderListener listener);
+
+    void loadIdentityProviders();
+
 }
diff --git a/...ice/src/main/java/io/gravitee/am/management/service/InMemoryIdentityProviderListener.java b/...ice/src/main/java/io/gravitee/am/management/service/InMemoryIdentityProviderListener.java
@@ -0,0 +1,28 @@
+/**
+ * Copyright (C) 2015 The Gravitee team (http://gravitee.io)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.gravitee.am.management.service;
+
+import io.gravitee.am.model.IdentityProvider;
+
+/**
+ * @author Eric LELEU (eric.leleu at graviteesource.com)
+ * @author GraviteeSource Team
+ */
+public interface InMemoryIdentityProviderListener  {
+
+  void registerAuthenticationProvider(IdentityProvider provider);
+
+}
diff --git a/...ice/src/main/java/io/gravitee/am/management/service/impl/IdentityProviderManagerImpl.java b/...ice/src/main/java/io/gravitee/am/management/service/impl/IdentityProviderManagerImpl.java
@@ -19,11 +19,14 @@
 import io.gravitee.am.common.event.IdentityProviderEvent;
 import io.gravitee.am.identityprovider.api.UserProvider;
 import io.gravitee.am.management.service.IdentityProviderManager;
+import io.gravitee.am.management.service.InMemoryIdentityProviderListener;
+import io.gravitee.am.management.service.impl.utils.InlineOrganizationProviderConfiguration;
 import io.gravitee.am.model.IdentityProvider;
 import io.gravitee.am.model.ReferenceType;
 import io.gravitee.am.model.common.event.Payload;
 import io.gravitee.am.plugins.idp.core.IdentityProviderPluginManager;
 import io.gravitee.am.service.IdentityProviderService;
+import io.gravitee.am.service.RoleService;
 import io.gravitee.am.service.model.NewIdentityProvider;
 import io.gravitee.common.event.Event;
 import io.gravitee.common.event.EventListener;
@@ -35,13 +38,18 @@
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.core.env.Environment;
 import org.springframework.stereotype.Component;
 
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
+import java.util.ArrayList;
+import java.util.List;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ConcurrentMap;
 
+import static io.gravitee.am.management.service.impl.utils.InlineOrganizationProviderConfiguration.MEMORY_TYPE;
+
 /**
  * @author Titouan COMPIEGNE (titouan.compiegne at graviteesource.com)
  * @author GraviteeSource Team
@@ -103,6 +111,18 @@ public class IdentityProviderManagerImpl extends AbstractService<IdentityProvide
     @Autowired
     private EventManager eventManager;
 
+    @Autowired
+    private Environment environment;
+
+    @Autowired
+    private RoleService roleService;
+
+    private InMemoryIdentityProviderListener listener;
+
+    public void setListener(InMemoryIdentityProviderListener listener) {
+        this.listener = listener;
+    }
+
     @Override
     protected void doStart() throws Exception {
         super.doStart();
@@ -116,6 +136,7 @@ protected void doStart() throws Exception {
             logger.info("\tInitializing user provider: {} [{}]", identityProvider.getName(), identityProvider.getType());
             loadUserProvider(identityProvider);
         });
+
     }
 
     @Override
@@ -131,6 +152,39 @@ public void onEvent(Event<IdentityProviderEvent, Payload> event) {
         }
     }
 
+    @Override
+    public void loadIdentityProviders() {
+        if (this.listener != null) {
+            loadProvidersFromConfig().forEach(listener::registerAuthenticationProvider);
+        }
+    }
+
+    private List<IdentityProvider> loadProvidersFromConfig(){
+        List<IdentityProvider> providers = new ArrayList<>();
+        boolean found = true;
+        int idx = 0;
+
+        while (found) {
+            String type = environment.getProperty("security.providers[" + idx + "].type");
+            found = (type != null);
+            if (found) {
+                switch (type) {
+                    case MEMORY_TYPE:
+                        InlineOrganizationProviderConfiguration providerConfig = new InlineOrganizationProviderConfiguration(roleService, environment, idx);
+                        if (providerConfig.isEnabled()) {
+                            providers.add(providerConfig.buildIdentityProvider());
+                        }
+                        break;
+                    default:
+                        logger.warn("Unsupported provider with type '{}'", type);
+                }
+            }
+            idx++;
+        }
+
+        return providers;
+    }
+
     @Override
     public Maybe<UserProvider> getUserProvider(String userProvider) {
         if (userProvider == null) {
@@ -241,4 +295,5 @@ private void loadUserProvider(IdentityProvider identityProvider) {
             userProviders.remove(identityProvider.getId());
         }
     }
+
 }