💥 splitting internal and external representations of login credentials

Signed-off-by: dseurotech <[email protected]>
eclipse-kapua · Jan 27, 2025 · 785eb8e · 785eb8e
1 parent a37a6f5
commit 785eb8e
Show file tree

Hide file tree

Showing 85 changed files with 630 additions and 1,485 deletions.
diff --git a/...rest/filters/src/main/java/org/eclipse/kapua/commons/rest/filters/CORSResponseFilter.java b/...rest/filters/src/main/java/org/eclipse/kapua/commons/rest/filters/CORSResponseFilter.java
@@ -39,11 +39,9 @@
 import org.eclipse.kapua.locator.KapuaLocator;
 import org.eclipse.kapua.model.id.KapuaId;
 import org.eclipse.kapua.model.query.KapuaQuery;
-import org.eclipse.kapua.service.account.AccountFactory;
 import org.eclipse.kapua.service.account.AccountListResult;
 import org.eclipse.kapua.service.account.AccountService;
 import org.eclipse.kapua.service.endpoint.EndpointInfo;
-import org.eclipse.kapua.service.endpoint.EndpointInfoFactory;
 import org.eclipse.kapua.service.endpoint.EndpointInfoListResult;
 import org.eclipse.kapua.service.endpoint.EndpointInfoQuery;
 import org.eclipse.kapua.service.endpoint.EndpointInfoService;
@@ -68,9 +66,7 @@ public class CORSResponseFilter implements Filter {
 
     private final KapuaLocator locator = KapuaLocator.getInstance();
     private final AccountService accountService = locator.getService(AccountService.class);
-    private final AccountFactory accountFactory = locator.getFactory(AccountFactory.class);
     private final EndpointInfoService endpointInfoService = locator.getService(EndpointInfoService.class);
-    private final EndpointInfoFactory endpointInfoFactory = locator.getFactory(EndpointInfoFactory.class);
     private final KapuaRestFiltersSetting kapuaRestFiltersSetting = locator.getComponent(KapuaRestFiltersSetting.class);
     private final ScheduledExecutorService executorService = Executors.newSingleThreadScheduledExecutor();
     private ScheduledFuture<?> refreshTask;

diff --git a/commons/src/main/java/org/eclipse/kapua/commons/configuration/UsedEntitiesCounterImpl.java b/commons/src/main/java/org/eclipse/kapua/commons/configuration/UsedEntitiesCounterImpl.java
@@ -28,12 +28,10 @@ public class UsedEntitiesCounterImpl<
         F extends KapuaEntityFactory<E>
         > implements UsedEntitiesCounter {
 
-    private final F factory;
     private final KapuaEntityRepository<E, L> entityRepository;
 
-    public UsedEntitiesCounterImpl(F factory,
+    public UsedEntitiesCounterImpl(
             KapuaEntityRepository<E, L> entityRepository) {
-        this.factory = factory;
         this.entityRepository = entityRepository;
     }
 

diff --git a/commons/src/main/java/org/eclipse/kapua/commons/event/ServiceEventModule.java b/commons/src/main/java/org/eclipse/kapua/commons/event/ServiceEventModule.java
@@ -12,11 +12,19 @@
  *******************************************************************************/
 package org.eclipse.kapua.commons.event;
 
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+import java.util.concurrent.Executors;
+import java.util.concurrent.ScheduledExecutorService;
+import java.util.concurrent.ScheduledFuture;
+import java.util.concurrent.TimeUnit;
+
 import org.apache.commons.lang3.StringUtils;
 import org.eclipse.kapua.KapuaException;
 import org.eclipse.kapua.commons.core.ServiceModule;
 import org.eclipse.kapua.commons.jpa.JpaTxContext;
-import org.eclipse.kapua.commons.service.event.store.internal.EventStoreFactoryImpl;
 import org.eclipse.kapua.commons.service.event.store.internal.EventStoreRecordImplJpaRepository;
 import org.eclipse.kapua.commons.service.event.store.internal.EventStoreServiceImpl;
 import org.eclipse.kapua.event.ServiceEventBus;
@@ -27,15 +35,6 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import java.util.ArrayList;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-import java.util.concurrent.Executors;
-import java.util.concurrent.ScheduledExecutorService;
-import java.util.concurrent.ScheduledFuture;
-import java.util.concurrent.TimeUnit;
-
 /**
  * Base {@link ServiceModule} implementation to be used by the modules that listen for events.
  *
@@ -102,8 +101,8 @@ public void start() throws KapuaException {
         houseKeeperJob = new ServiceEventHousekeeper(
                 new EventStoreServiceImpl(locator.getService(AuthorizationService.class),
                         locator.getFactory(PermissionFactory.class),
-                        new TxManagerImpl(() -> new JpaTxContext(serviceEventModuleConfiguration.getEntityManagerFactory().getJpaEntityManagerFactory()), serviceEventModuleConfiguration.maxInsertAttempts),
-                        new EventStoreFactoryImpl(),
+                        new TxManagerImpl(() -> new JpaTxContext(serviceEventModuleConfiguration.getEntityManagerFactory().getJpaEntityManagerFactory()),
+                                serviceEventModuleConfiguration.maxInsertAttempts),
                         new EventStoreRecordImplJpaRepository(serviceEventModuleConfiguration.getKapuaJpaRepositoryConfiguration())
                 ),
                 serviceEventModuleConfiguration.getEntityManagerFactory(),

diff --git a/...in/java/org/eclipse/kapua/commons/service/event/store/internal/EventStoreServiceImpl.java b/...in/java/org/eclipse/kapua/commons/service/event/store/internal/EventStoreServiceImpl.java
@@ -12,9 +12,10 @@
  *******************************************************************************/
 package org.eclipse.kapua.commons.service.event.store.internal;
 
+import javax.inject.Inject;
+
 import org.eclipse.kapua.KapuaException;
 import org.eclipse.kapua.commons.model.domains.Domains;
-import org.eclipse.kapua.commons.service.event.store.api.EventStoreFactory;
 import org.eclipse.kapua.commons.service.event.store.api.EventStoreRecord;
 import org.eclipse.kapua.commons.service.event.store.api.EventStoreRecordCreator;
 import org.eclipse.kapua.commons.service.event.store.api.EventStoreRecordListResult;
@@ -30,8 +31,6 @@
 import org.eclipse.kapua.service.authorization.permission.PermissionFactory;
 import org.eclipse.kapua.storage.TxManager;
 
-import javax.inject.Inject;
-
 /**
  * {@link EventStoreService} implementation.
  *
@@ -43,20 +42,17 @@ public class EventStoreServiceImpl
     private final AuthorizationService authorizationService;
     private final PermissionFactory permissionFactory;
     private final TxManager txManager;
-    private final EventStoreFactory entityFactory;
     private final EventStoreRecordRepository repository;
 
     @Inject
     public EventStoreServiceImpl(
             AuthorizationService authorizationService,
             PermissionFactory permissionFactory,
             TxManager txManager,
-            EventStoreFactory entityFactory,
             EventStoreRecordRepository repository) {
         this.authorizationService = authorizationService;
         this.permissionFactory = permissionFactory;
         this.txManager = txManager;
-        this.entityFactory = entityFactory;
         this.repository = repository;
     }
 

diff --git a/console/core/src/main/java/org/eclipse/kapua/app/console/core/filter/KapuaWebFilter.java b/console/core/src/main/java/org/eclipse/kapua/app/console/core/filter/KapuaWebFilter.java
@@ -12,6 +12,14 @@
  *******************************************************************************/
 package org.eclipse.kapua.app.console.core.filter;
 
+import java.io.IOException;
+import java.util.Date;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+
 import org.apache.shiro.SecurityUtils;
 import org.apache.shiro.authc.AuthenticationException;
 import org.apache.shiro.subject.Subject;
@@ -21,18 +29,11 @@
 import org.eclipse.kapua.commons.security.KapuaSession;
 import org.eclipse.kapua.locator.KapuaLocator;
 import org.eclipse.kapua.service.authentication.AuthenticationService;
-import org.eclipse.kapua.service.authentication.CredentialsFactory;
+import org.eclipse.kapua.service.authentication.shiro.AccessTokenCredentialsImpl;
 import org.eclipse.kapua.service.authentication.token.AccessToken;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import java.io.IOException;
-import java.util.Date;
-
 /**
  * {@link ShiroFilter} override.
  * <p>
@@ -45,7 +46,6 @@ public class KapuaWebFilter extends ShiroFilter {
     private static final Logger LOG = LoggerFactory.getLogger(KapuaWebFilter.class);
 
     private final AuthenticationService authenticationService = KapuaLocator.getInstance().getService(AuthenticationService.class);
-    private final CredentialsFactory credentialsFactory = KapuaLocator.getInstance().getFactory(CredentialsFactory.class);
 
     @Override
     protected void executeChain(ServletRequest request, ServletResponse response, FilterChain origChain)
@@ -85,8 +85,10 @@ protected KapuaSession getSession() {
     /**
      * Check the {@link AccessToken#getExpiresOn()} and refreshes it on behalf of the user.
      *
-     * @param accessToken The {@link AccessToken} to check and refresh if needed.
-     * @throws KapuaException If one of the checks fails or refreshing the token fails.
+     * @param accessToken
+     *         The {@link AccessToken} to check and refresh if needed.
+     * @throws KapuaException
+     *         If one of the checks fails or refreshing the token fails.
      * @since 2.0.0
      */
     protected void checkAndRefreshAccessTokenIfExpired(AccessToken accessToken) throws KapuaException {
@@ -97,7 +99,8 @@ protected void checkAndRefreshAccessTokenIfExpired(AccessToken accessToken) thro
         Date now = new Date();
 
         if (now.after(accessToken.getExpiresOn()) && now.before(accessToken.getRefreshExpiresOn())) {
-            LOG.info("Refreshing AccessToken for user {} of scope {} expired on {} - token: {}", accessToken.getUserId(), accessToken.getScopeId(), accessToken.getExpiresOn(), accessToken.getTokenId());
+            LOG.info("Refreshing AccessToken for user {} of scope {} expired on {} - token: {}", accessToken.getUserId(), accessToken.getScopeId(), accessToken.getExpiresOn(),
+                    accessToken.getTokenId());
 
             // Remove logout the user to perform a new login with the refreshed token.
             SecurityUtils.getSubject().logout();
@@ -106,7 +109,7 @@ protected void checkAndRefreshAccessTokenIfExpired(AccessToken accessToken) thro
             AccessToken refreshAccessToken = authenticationService.refreshAccessToken(accessToken.getTokenId(), accessToken.getRefreshToken());
 
             // Authenticate with the refreshed AccessToken
-            authenticationService.authenticate(credentialsFactory.newAccessTokenCredentials(refreshAccessToken.getTokenId()));
+            authenticationService.authenticate(new AccessTokenCredentialsImpl(refreshAccessToken.getTokenId()));
         } else if (now.after(accessToken.getRefreshExpiresOn())) {
             throw new AuthenticationException("AccessToken.refreshToken is expired!");
         }

diff --git a/.../src/main/java/org/eclipse/kapua/app/console/core/server/GwtAuthorizationServiceImpl.java b/.../src/main/java/org/eclipse/kapua/app/console/core/server/GwtAuthorizationServiceImpl.java
@@ -12,6 +12,11 @@
  *******************************************************************************/
 package org.eclipse.kapua.app.console.core.server;
 
+import java.util.concurrent.Callable;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+
 import org.apache.shiro.SecurityUtils;
 import org.apache.shiro.session.Session;
 import org.apache.shiro.subject.Subject;
@@ -43,7 +48,6 @@
 import org.eclipse.kapua.service.account.Account;
 import org.eclipse.kapua.service.account.AccountService;
 import org.eclipse.kapua.service.authentication.AuthenticationService;
-import org.eclipse.kapua.service.authentication.CredentialsFactory;
 import org.eclipse.kapua.service.authentication.JwtCredentials;
 import org.eclipse.kapua.service.authentication.UsernamePasswordCredentials;
 import org.eclipse.kapua.service.authentication.exception.KapuaAuthenticationErrorCodes;
@@ -70,10 +74,6 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
-import java.util.concurrent.Callable;
-
 public class GwtAuthorizationServiceImpl extends KapuaRemoteServiceServlet implements GwtAuthorizationService {
 
     private static final long serialVersionUID = -3919578632016541047L;
@@ -87,7 +87,6 @@ public class GwtAuthorizationServiceImpl extends KapuaRemoteServiceServlet imple
     private static final AccountService ACCOUNT_SERVICE = LOCATOR.getService(AccountService.class);
 
     private static final AuthenticationService AUTHENTICATION_SERVICE = LOCATOR.getService(AuthenticationService.class);
-    private static final CredentialsFactory CREDENTIALS_FACTORY = LOCATOR.getFactory(CredentialsFactory.class);
 
     private static final AccessInfoService ACCESS_INFO_SERVICE = LOCATOR.getService(AccessInfoService.class);
     private static final AccessPermissionService ACCESS_PERMISSION_SERVICE = LOCATOR.getService(AccessPermissionService.class);
@@ -114,7 +113,7 @@ public GwtSession login(GwtLoginCredential gwtLoginCredentials, boolean trustReq
             ArgumentValidator.notEmptyOrNull(gwtLoginCredentials.getPassword(), "loginCredentials.password");
 
             // Parse Credentials
-            UsernamePasswordCredentials usernamePasswordCredentials = CREDENTIALS_FACTORY.newUsernamePasswordCredentials(gwtLoginCredentials.getUsername(), gwtLoginCredentials.getPassword());
+            UsernamePasswordCredentials usernamePasswordCredentials = new UsernamePasswordCredentials(gwtLoginCredentials.getUsername(), gwtLoginCredentials.getPassword());
             usernamePasswordCredentials.setAuthenticationCode(gwtLoginCredentials.getAuthenticationCode());
             usernamePasswordCredentials.setTrustKey(gwtLoginCredentials.getTrustKey());
             usernamePasswordCredentials.setTrustMe(trustReq);
@@ -145,7 +144,7 @@ public GwtSession login(GwtJwtCredential gwtAccessTokenCredentials, GwtJwtIdToke
             ArgumentValidator.notEmptyOrNull(gwtJwtIdToken.getIdToken(), "jwtIdToken.idToken");
 
             // Parse Credentials
-            JwtCredentials jwtCredentials = CREDENTIALS_FACTORY.newJwtCredentials(gwtAccessTokenCredentials.getAccessToken(), gwtJwtIdToken.getIdToken());
+            JwtCredentials jwtCredentials = new JwtCredentials(gwtAccessTokenCredentials.getAccessToken(), gwtJwtIdToken.getIdToken());
 
             // Cleanup any previous session
             cleanupSession();

diff --git a/.../main/java/org/eclipse/kapua/app/console/core/shared/service/GwtAuthorizationService.java b/.../main/java/org/eclipse/kapua/app/console/core/shared/service/GwtAuthorizationService.java
@@ -12,14 +12,15 @@
  *******************************************************************************/
 package org.eclipse.kapua.app.console.core.shared.service;
 
-import com.google.gwt.user.client.rpc.RemoteService;
-import com.google.gwt.user.client.rpc.RemoteServiceRelativePath;
 import org.eclipse.kapua.app.console.core.shared.model.authentication.GwtJwtCredential;
 import org.eclipse.kapua.app.console.core.shared.model.authentication.GwtJwtIdToken;
 import org.eclipse.kapua.app.console.core.shared.model.authentication.GwtLoginCredential;
 import org.eclipse.kapua.app.console.module.api.client.GwtKapuaException;
 import org.eclipse.kapua.app.console.module.api.shared.model.session.GwtSession;
 
+import com.google.gwt.user.client.rpc.RemoteService;
+import com.google.gwt.user.client.rpc.RemoteServiceRelativePath;
+
 /**
  * The client side stub for the RPC service.
  */
@@ -29,21 +30,25 @@ public interface GwtAuthorizationService extends RemoteService {
     /**
      * Logins a session based on the given credentials. If credentials are correct a session is established and returned
      *
-     * @param gwtLoginCredentials The credentials to authenticate
+     * @param gwtLoginCredentials
+     *         The credentials to authenticate
      * @return The session info established.
-     * @throws GwtKapuaException If credentials are not valid.
+     * @throws GwtKapuaException
+     *         If credentials are not valid.
      * @since 1.0.0
      */
     public GwtSession login(GwtLoginCredential gwtLoginCredentials, boolean trustReq) throws GwtKapuaException;
 
     /**
-     * Logins a session based on the given access token. If the access token is correct a session is established and returned.
-     * An id token is also passed for identity information about the user.
+     * Logins a session based on the given access token. If the access token is correct a session is established and returned. An id token is also passed for identity information about the user.
      *
-     * @param gwtAccessTokenCredentials The access token to authenticate.
-     * @param gwtJwtIdToken The id token which identifies the user.
+     * @param gwtAccessTokenCredentials
+     *         The access token to authenticate.
+     * @param gwtJwtIdToken
+     *         The id token which identifies the user.
      * @return The session info established.
-     * @throws GwtKapuaException If the access token is not valid.
+     * @throws GwtKapuaException
+     *         If the access token is not valid.
      * @since 1.0.0
      */
     public GwtSession login(GwtJwtCredential gwtAccessTokenCredentials, GwtJwtIdToken gwtJwtIdToken) throws GwtKapuaException;
@@ -52,7 +57,8 @@ public interface GwtAuthorizationService extends RemoteService {
      * Return the currently authenticated user or null if no session has been established.
      *
      * @return The current active session or null if no session is active.
-     * @throws GwtKapuaException FIXME: document this
+     * @throws GwtKapuaException
+     *         FIXME: document this
      * @since 1.0.0
      */
     public GwtSession getCurrentSession()
@@ -61,7 +67,8 @@ public GwtSession getCurrentSession()
     /**
      * Destroy the current active session.
      *
-     * @throws GwtKapuaException FIXME: document this
+     * @throws GwtKapuaException
+     *         FIXME: document this
      * @since 1.0.0
      */
     public void logout()

diff --git a/.../main/java/org/eclipse/kapua/app/console/module/account/server/GwtAccountServiceImpl.java b/.../main/java/org/eclipse/kapua/app/console/module/account/server/GwtAccountServiceImpl.java
@@ -70,23 +70,19 @@
 import org.eclipse.kapua.service.KapuaService;
 import org.eclipse.kapua.service.account.Account;
 import org.eclipse.kapua.service.account.AccountCreator;
-import org.eclipse.kapua.service.account.AccountFactory;
 import org.eclipse.kapua.service.account.AccountService;
 import org.eclipse.kapua.service.authorization.AuthorizationService;
 import org.eclipse.kapua.service.authorization.exception.SubjectUnauthorizedException;
 import org.eclipse.kapua.service.authorization.permission.Permission;
 import org.eclipse.kapua.service.authorization.permission.PermissionFactory;
 import org.eclipse.kapua.service.authorization.role.RoleCreator;
-import org.eclipse.kapua.service.authorization.role.RoleFactory;
 import org.eclipse.kapua.service.authorization.role.RoleService;
 import org.eclipse.kapua.service.config.KapuaConfigurableService;
 import org.eclipse.kapua.service.endpoint.EndpointInfo;
-import org.eclipse.kapua.service.endpoint.EndpointInfoFactory;
 import org.eclipse.kapua.service.endpoint.EndpointInfoListResult;
 import org.eclipse.kapua.service.endpoint.EndpointInfoQuery;
 import org.eclipse.kapua.service.endpoint.EndpointInfoService;
 import org.eclipse.kapua.service.user.User;
-import org.eclipse.kapua.service.user.UserFactory;
 import org.eclipse.kapua.service.user.UserListResult;
 import org.eclipse.kapua.service.user.UserQuery;
 import org.eclipse.kapua.service.user.UserService;
@@ -112,19 +108,15 @@ public class GwtAccountServiceImpl extends KapuaRemoteServiceServlet implements
     private static final KapuaLocator LOCATOR = KapuaLocator.getInstance();
 
     private static final AccountService ACCOUNT_SERVICE = LOCATOR.getService(AccountService.class);
-    private static final AccountFactory ACCOUNT_FACTORY = LOCATOR.getFactory(AccountFactory.class);
 
     private static final EndpointInfoService ENDPOINT_INFO_SERVICE = LOCATOR.getService(EndpointInfoService.class);
-    private static final EndpointInfoFactory ENDPOINT_INFO_FACTORY = LOCATOR.getFactory(EndpointInfoFactory.class);
     private static final AuthorizationService AUTHORIZATION_SERVICE = LOCATOR.getService(AuthorizationService.class);
 
     private static final PermissionFactory PERMISSION_FACTORY = LOCATOR.getFactory(PermissionFactory.class);
 
     private static final RoleService ROLE_SERVICE = LOCATOR.getService(RoleService.class);
-    private static final RoleFactory ROLE_FACTORY = LOCATOR.getFactory(RoleFactory.class);
 
     private static final UserService USER_SERVICE = LOCATOR.getService(UserService.class);
-    private static final UserFactory USER_FACTORY = LOCATOR.getFactory(UserFactory.class);
 
     @Override
     public GwtAccount create(GwtXSRFToken xsrfToken, GwtAccountCreator gwtAccountCreator)