This is an automated email from the ASF dual-hosted git repository.
lahirujayathilake pushed a commit to branch cybershuttle-staging
in repository https://gitbox.apache.org/repos/asf/airavata.git
The following commit(s) were added to refs/heads/cybershuttle-staging by this
push:
new 20745efd0e authz token filtering and extracting username for the hub
20745efd0e is described below
commit 20745efd0ecafa5fcc5ac8c480d9db632b84e915
Author: lahiruj <[email protected]>
AuthorDate: Mon Mar 31 00:59:18 2025 -0400
authz token filtering and extracting username for the hub
---
.../src/main/compose/dbinit/01-init-db.sql | 8 +++
.../src/main/compose/docker-compose.yaml | 49 ++++++++++++++
.../research/service/config/AuthzTokenFilter.java | 79 ++++++++++++++++++++++
.../service/controller/ResearchHubController.java | 16 ++---
.../research/service/model/UserContext.java | 52 ++++++++++++++
.../src/main/resources/application.yml | 4 ++
6 files changed, 199 insertions(+), 9 deletions(-)
diff --git
a/modules/research-framework/research-service/src/main/compose/dbinit/01-init-db.sql
b/modules/research-framework/research-service/src/main/compose/dbinit/01-init-db.sql
new file mode 100644
index 0000000000..14c0516610
--- /dev/null
+++
b/modules/research-framework/research-service/src/main/compose/dbinit/01-init-db.sql
@@ -0,0 +1,8 @@
+CREATE DATABASE IF NOT EXISTS research_catalog;
+
+CREATE USER IF NOT EXISTS 'airavata'@'%' IDENTIFIED BY '123456';
+ALTER USER 'airavata'@'%' IDENTIFIED BY '123456';
+
+GRANT ALL PRIVILEGES ON research_catalog.* TO 'airavata'@'%';
+
+FLUSH PRIVILEGES;
\ No newline at end of file
diff --git
a/modules/research-framework/research-service/src/main/compose/docker-compose.yaml
b/modules/research-framework/research-service/src/main/compose/docker-compose.yaml
new file mode 100644
index 0000000000..dfda438321
--- /dev/null
+++
b/modules/research-framework/research-service/src/main/compose/docker-compose.yaml
@@ -0,0 +1,49 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+version: "3.8"
+services:
+ db:
+ image: mariadb:lts-ubi9
+ restart: always
+ command: --character-set-server=utf8 --collation-server=utf8_general_ci
+ ports:
+ - "13306:3306"
+ environment:
+ MARIADB_ROOT_USER: root
+ MARIADB_ROOT_PASSWORD: 123456
+ MARIADB_USER: airavata
+ MARIADB_PASSWORD: 123456
+ MAX_ALLOWED_PACKET: 1073741824
+ healthcheck:
+ test: ["CMD-SHELL", "mariadb-admin ping --silent -u root
--password=$$MARIADB_ROOT_PASSWORD"]
+ interval: 10s
+ timeout: 5s
+ retries: 5
+ volumes:
+ - ./dbinit:/docker-entrypoint-initdb.d
+ - mysql_data:/var/lib/mysql
+
+ adminer:
+ image: adminer
+ restart: always
+ ports:
+ - 18888:8080
+
+volumes:
+ mysql_data:
\ No newline at end of file
diff --git
a/modules/research-framework/research-service/src/main/java/org/apache/airavata/research/service/config/AuthzTokenFilter.java
b/modules/research-framework/research-service/src/main/java/org/apache/airavata/research/service/config/AuthzTokenFilter.java
new file mode 100644
index 0000000000..30e646a693
--- /dev/null
+++
b/modules/research-framework/research-service/src/main/java/org/apache/airavata/research/service/config/AuthzTokenFilter.java
@@ -0,0 +1,79 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.airavata.research.service.config;
+
+import com.fasterxml.jackson.core.type.TypeReference;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.apache.airavata.model.security.AuthzToken;
+import org.apache.airavata.research.service.model.UserContext;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import java.io.IOException;
+import java.util.Map;
+
+@Component
+public class AuthzTokenFilter extends OncePerRequestFilter {
+
+ private static final Logger LOGGER =
LoggerFactory.getLogger(AuthzTokenFilter.class);
+
+ @Value("${cybershuttle.hub.url}")
+ private String csHubUrl;
+
+ @Override
+ protected void doFilterInternal(HttpServletRequest request,
HttpServletResponse response, FilterChain filterChain) throws ServletException,
IOException {
+
+ String authorizationHeader = request.getHeader("Authorization");
+ String xClaimsHeader = request.getHeader("X-Claims");
+
+ if (authorizationHeader == null ||
!authorizationHeader.startsWith("Bearer ") || xClaimsHeader == null) {
+ LOGGER.error("Missing or invalid Authorization header");
+ response.setStatus(HttpServletResponse.SC_FOUND);
+ response.setHeader("Location", csHubUrl);
+ return;
+ }
+
+ try {
+ String accessToken = authorizationHeader.substring(7); // Remove
"Bearer " prefix
+ ObjectMapper objectMapper = new ObjectMapper();
+ Map<String, String> claimsMap =
objectMapper.readValue(xClaimsHeader, new TypeReference<>() {
+ });
+
+ AuthzToken authzToken = new AuthzToken();
+ authzToken.setAccessToken(accessToken);
+ authzToken.setClaimsMap(claimsMap);
+
+ UserContext.setAuthzToken(authzToken);
+ } catch (Exception e) {
+ LOGGER.error("Invalid authorization data", e);
+ response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Invalid
authorization data");
+ return;
+ }
+
+ filterChain.doFilter(request, response);
+ }
+}
+
diff --git
a/modules/research-framework/research-service/src/main/java/org/apache/airavata/research/service/controller/ResearchHubController.java
b/modules/research-framework/research-service/src/main/java/org/apache/airavata/research/service/controller/ResearchHubController.java
index f4b17e1bc4..d5a348392e 100644
---
a/modules/research-framework/research-service/src/main/java/org/apache/airavata/research/service/controller/ResearchHubController.java
+++
b/modules/research-framework/research-service/src/main/java/org/apache/airavata/research/service/controller/ResearchHubController.java
@@ -18,8 +18,10 @@
*/
package org.apache.airavata.research.service.controller;
+import org.apache.airavata.research.service.model.UserContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.GetMapping;
@@ -36,22 +38,18 @@ public class ResearchHubController {
private static final Logger LOGGER =
LoggerFactory.getLogger(ResearchHubController.class);
+ @Value("${cybershuttle.hub.url}")
+ private String csHubUrl;
+
@GetMapping("/project/{projectId}")
public ResponseEntity<?> resolveResearchHubUrl(@PathVariable("projectId")
String projectId) {
// TODO extract the data using the projectId
String gitUrl = "https://github.com/AllenInstitute/bmtk-workshop.git";;
String dataPath = "bmtk";
- String jupyterUser = "[email protected]";
String randomSessionName = "session-" +
UUID.randomUUID().toString().substring(0, 6);
- System.out.println();
- String spawnUrl = String.format(
-
"https://hub.dev.cybershuttle.org/hub/spawn/%s/%s?git=%s&dataPath=%s";,
- jupyterUser,
- randomSessionName,
- gitUrl,
- dataPath
- );
+ System.out.println("Session: " + randomSessionName);
+ String spawnUrl =
String.format("%s/hub/spawn/%s/%s?git=%s&dataPath=%s", csHubUrl,
UserContext.username(), randomSessionName, gitUrl, dataPath);
LOGGER.info("Redirecting user to spawn URL: {}", spawnUrl);
return
ResponseEntity.status(HttpStatus.FOUND).location(URI.create(spawnUrl)).build();
diff --git
a/modules/research-framework/research-service/src/main/java/org/apache/airavata/research/service/model/UserContext.java
b/modules/research-framework/research-service/src/main/java/org/apache/airavata/research/service/model/UserContext.java
new file mode 100644
index 0000000000..b128cfb331
--- /dev/null
+++
b/modules/research-framework/research-service/src/main/java/org/apache/airavata/research/service/model/UserContext.java
@@ -0,0 +1,52 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.airavata.research.service.model;
+
+import org.apache.airavata.model.security.AuthzToken;
+
+import java.util.Map;
+
+public class UserContext {
+
+ private static final ThreadLocal<AuthzToken> AUTHZ_TOKEN = new
ThreadLocal<>();
+
+ public static AuthzToken authzToken() {
+ return AUTHZ_TOKEN.get();
+ }
+
+ public static void setAuthzToken(AuthzToken token) {
+ AUTHZ_TOKEN.set(token);
+ }
+
+ public static String username() {
+ return getClaim("userName");
+ }
+
+ public static String gatewayId() {
+ return getClaim("gatewayID");
+ }
+
+ private static String getClaim(String claimId) {
+ return AUTHZ_TOKEN.get().getClaimsMap().entrySet().stream()
+ .filter(entry -> entry.getKey().equalsIgnoreCase(claimId))
+ .map(Map.Entry::getValue)
+ .findFirst()
+ .orElseThrow(() -> new IllegalArgumentException("Missing '" +
claimId + "' claim in the authentication token"));
+ }
+}
diff --git
a/modules/research-framework/research-service/src/main/resources/application.yml
b/modules/research-framework/research-service/src/main/resources/application.yml
index 63f612c08f..db0649d2ba 100644
---
a/modules/research-framework/research-service/src/main/resources/application.yml
+++
b/modules/research-framework/research-service/src/main/resources/application.yml
@@ -6,6 +6,10 @@ server:
port: 18889
address: 0.0.0.0
+cybershuttle:
+ hub:
+ url: https://hub.dev.cybershuttle.org
+
spring:
servlet:
multipart:
