Insert a new method to retrieve the token

Now it is possible to retrieve a new token using the user subject.
This is possible only to administrator or users with a special permission.

Fix #16

login-authentication-iam-web/bnd.bnd

@@ -1,5 +1,5 @@
 Bundle-SymbolicName: com.liferay.login.authentication.iam.web
-Bundle-Version: 1.1.1
+Bundle-Version: 1.2.0
 Bundle-Name: Login Authentication IAM Web
 Bundle-Description: Login extension for IAM authentication
 Bundle-Copyright: Copyright 2016, INFN - INDIGO-DataCloud

portal-security-sso-iam/bnd.bnd

@@ -1,5 +1,5 @@
 Bundle-SymbolicName: com.liferay.portal.security.sso.iam
-Bundle-Version: 1.1.1
+Bundle-Version: 1.2.0
 Bundle-Name: Liferay Portal Security SSO IAM
 Bundle-Description: SSO module for INDIGO-DC IAM service. The IAM service is integrated using \
         the OpenID Connect protocol

portal-security-sso-iam/src/main/java/com/liferay/portal/security/sso/iam/IAM.java

@@ -167,4 +167,15 @@ Map<String, String> getTokenUserInfo(long companyId, String token)
      *             User has not subject
      */
     String getTokenSubject(long companyId, long userId) throws Exception;
+
+    /**
+     * Retrieves the user by the subject.
+     *
+     * @param companyId
+     *            Company Id
+     * @param subject User subject
+     * @return The user or null if not available
+     * @throws Exception If users cannot be verified
+     */
+    User getUserBySubject(long companyId, String subject) throws Exception;
 }

portal-security-sso-iam/src/main/java/com/liferay/portal/security/sso/iam/internal/IAMImpl.java

@@ -388,6 +388,37 @@ public final String getTokenSubject(final long companyId, final long userId)
         return subjectToken.getData();
     }
 
+    /**
+     * @see com.liferay.portal.security.sso.iam.IAM#getUserBySubject(String)
+     */
+    @Override
+    public final User getUserBySubject(
+            final long companyId, final String subject) throws Exception {
+        ExpandoColumn column = ExpandoColumnLocalServiceUtil
+                .getDefaultTableColumn(companyId, User.class.getName(),
+                        "iamUserID");
+        DynamicQuery userDynamicQuery = DynamicQueryFactoryUtil.forClass(
+                ExpandoValue.class, PortalClassLoaderUtil.getClassLoader())
+                .add(PropertyFactoryUtil.forName("columnId").eq(GetterUtil
+                        .getLong(column.getColumnId()))).add(
+                                PropertyFactoryUtil.forName("data").eq(subject))
+                .add(PropertyFactoryUtil.forName("classNameId").eq(GetterUtil
+                        .getLong(ClassNameLocalServiceUtil.getClassNameId(
+                                User.class.getName()))));
+        List<ExpandoValue> expandoList = expandoValueLocalService
+                .dynamicQuery(userDynamicQuery);
+
+        if (expandoList.size() == 1) {
+            long userId = expandoList.get(0).getClassPK();
+            return UserLocalServiceUtil.getUserById(userId);
+        }
+        if (expandoList.size() > 1) {
+            log.error("Subject '" + subject + "' associated to multiple users");
+            throw new Exception("Subject associated to multiple users.");
+        }
+        return null;
+    }
+
     /**
      * Retrieves the configuration of the IAM endpoint.
      *

portal-settings-authentication-iam-web/bnd.bnd

@@ -1,5 +1,5 @@
 Bundle-SymbolicName: com.liferay.portal.settings.authentication.iam.web
-Bundle-Version: 1.1.1
+Bundle-Version: 1.2.0
 Bundle-Name: Liferay Portal Settings Authentication IAM Web
 Bundle-Description: Liferay Portal Settings Authentication Web interface for INDIGO-DC IAM service. \
 	This make use of OpenID Connect protocol for the authentication

service-iam-token/service-iam-token-api/bnd.bnd

@@ -1,5 +1,5 @@
 Bundle-SymbolicName: com.liferay.portal.security.sso.iam.api
-Bundle-Version: 1.1.1
+Bundle-Version: 1.2.0
 Bundle-Name: IAM Tokens Manager API
 Bundle-Description: Remote API to manage tokens released by IAM service and allow their use to portlet and other application
 Bundle-Copyright: Copyright 2016, INFN - INDIGO-DataCloud

service-iam-token/service-iam-token-api/src/main/java/com/liferay/portal/security/sso/iam/model/TokenInfo.java

@@ -25,7 +25,6 @@
 import java.util.List;
 
 import com.liferay.portal.kernel.json.JSON;
-
 import aQute.bnd.annotation.ProviderType;
 
 /**
@@ -39,7 +38,7 @@
 public class TokenInfo {
 
     /**
-     * Retrieves the error message is a problem arise for the service.
+     * Retrieves the error message if a problem arise for the service.
      *
      * @return The error
      */
@@ -56,6 +55,24 @@ public final void setError(final String errorMsg) {
         this.error = errorMsg;
     }
 
+    /**
+     * Retrieves the user token.
+     *
+     * @return The token
+     */
+    public final String getToken() {
+        return token;
+    }
+
+    /**
+     * Sets the user token.
+     *
+     * @param aToken The token to set
+     */
+    public final void setToken(final String aToken) {
+        this.token = aToken;
+    }
+
     /**
      * Retrieves the subject.
      *
@@ -103,6 +120,11 @@ public final void setGroups(final List<String> someGroups) {
      */
     private String subject;
 
+    /**
+     * The user token.
+     */
+    private String token;
+
     /**
      * The user groups.
      */

service-iam-token/service-iam-token-api/src/main/java/com/liferay/portal/security/sso/iam/service/TokenService.java

@@ -52,22 +52,60 @@ public interface TokenService extends BaseService {
 	 *
 	 * Never modify or reference this interface directly. Always use {@link TokenServiceUtil} to access the token remote service. Add custom service methods to {@link com.liferay.portal.security.sso.iam.service.impl.TokenServiceImpl} and rerun ServiceBuilder to automatically copy the method declarations to this interface.
 	 */
+
+	/**
+	* Retrieves the token for the calling user.
+	*
+	* @param serviceContext The service context of the call
+	* @return The token info containing the token
+	* @throws PortalException If there are problem to collect the information
+	*/
 	@Transactional(propagation = Propagation.SUPPORTS, readOnly = true)
-	public TokenInfo getTokenInfo(java.lang.String token,
-		ServiceContext serviceContext) throws PortalException;
+	public TokenInfo getToken(ServiceContext serviceContext)
+		throws PortalException;
 
 	/**
-	* Returns the OSGi service identifier.
+	* Retrieves the token for the provided subject.
 	*
-	* @return the OSGi service identifier
+	* @param subject The global user identifier from IAM
+	* @param serviceContext The service context of the call
+	* @return The token info containing the token
+	* @throws PortalException If there are problem to collect the information
 	*/
-	public java.lang.String getOSGiServiceIdentifier();
+	@Transactional(propagation = Propagation.SUPPORTS, readOnly = true)
+	public TokenInfo getToken(java.lang.String subject,
+		ServiceContext serviceContext) throws PortalException;
 
+	/**
+	* Retrieves the token for the user.
+	*
+	* @param userId The user identifier
+	* @param serviceContext The service context of the call
+	* @return The token info containing the token
+	* @throws PortalException If there are problem to collect the information
+	*/
 	@Transactional(propagation = Propagation.SUPPORTS, readOnly = true)
-	public java.lang.String getToken(ServiceContext serviceContext)
+	public TokenInfo getToken(long userId, ServiceContext serviceContext)
 		throws PortalException;
 
+	/**
+	* Retrieves the information associated with a token.
+	* If the token is not valid an error message is included in the token
+	* information and not other values are provided
+	*
+	* @param token The token to analyse
+	* @param serviceContext The service context of the call
+	* @return The token information
+	* @throws PortalException If there are problem to collect the information
+	*/
 	@Transactional(propagation = Propagation.SUPPORTS, readOnly = true)
-	public java.lang.String getToken(long userId, ServiceContext serviceContext)
-		throws PortalException;
+	public TokenInfo getTokenInfo(java.lang.String token,
+		ServiceContext serviceContext) throws PortalException;
+
+	/**
+	* Returns the OSGi service identifier.
+	*
+	* @return the OSGi service identifier
+	*/
+	public java.lang.String getOSGiServiceIdentifier();
 }

service-iam-token/service-iam-token-api/src/main/java/com/liferay/portal/security/sso/iam/service/TokenServiceUtil.java

@@ -41,32 +41,74 @@ public class TokenServiceUtil {
 	 *
 	 * Never modify this class directly. Add custom service methods to {@link com.liferay.portal.security.sso.iam.service.impl.TokenServiceImpl} and rerun ServiceBuilder to regenerate this class.
 	 */
-	public static com.liferay.portal.security.sso.iam.model.TokenInfo getTokenInfo(
-		java.lang.String token,
+
+	/**
+	* Retrieves the token for the calling user.
+	*
+	* @param serviceContext The service context of the call
+	* @return The token info containing the token
+	* @throws PortalException If there are problem to collect the information
+	*/
+	public static com.liferay.portal.security.sso.iam.model.TokenInfo getToken(
 		com.liferay.portal.kernel.service.ServiceContext serviceContext)
 		throws com.liferay.portal.kernel.exception.PortalException {
-		return getService().getTokenInfo(token, serviceContext);
+		return getService().getToken(serviceContext);
 	}
 
 	/**
-	* Returns the OSGi service identifier.
+	* Retrieves the token for the provided subject.
 	*
-	* @return the OSGi service identifier
+	* @param subject The global user identifier from IAM
+	* @param serviceContext The service context of the call
+	* @return The token info containing the token
+	* @throws PortalException If there are problem to collect the information
 	*/
-	public static java.lang.String getOSGiServiceIdentifier() {
-		return getService().getOSGiServiceIdentifier();
+	public static com.liferay.portal.security.sso.iam.model.TokenInfo getToken(
+		java.lang.String subject,
+		com.liferay.portal.kernel.service.ServiceContext serviceContext)
+		throws com.liferay.portal.kernel.exception.PortalException {
+		return getService().getToken(subject, serviceContext);
 	}
 
-	public static java.lang.String getToken(
+	/**
+	* Retrieves the token for the user.
+	*
+	* @param userId The user identifier
+	* @param serviceContext The service context of the call
+	* @return The token info containing the token
+	* @throws PortalException If there are problem to collect the information
+	*/
+	public static com.liferay.portal.security.sso.iam.model.TokenInfo getToken(
+		long userId,
 		com.liferay.portal.kernel.service.ServiceContext serviceContext)
 		throws com.liferay.portal.kernel.exception.PortalException {
-		return getService().getToken(serviceContext);
+		return getService().getToken(userId, serviceContext);
 	}
 
-	public static java.lang.String getToken(long userId,
+	/**
+	* Retrieves the information associated with a token.
+	* If the token is not valid an error message is included in the token
+	* information and not other values are provided
+	*
+	* @param token The token to analyse
+	* @param serviceContext The service context of the call
+	* @return The token information
+	* @throws PortalException If there are problem to collect the information
+	*/
+	public static com.liferay.portal.security.sso.iam.model.TokenInfo getTokenInfo(
+		java.lang.String token,
 		com.liferay.portal.kernel.service.ServiceContext serviceContext)
 		throws com.liferay.portal.kernel.exception.PortalException {
-		return getService().getToken(userId, serviceContext);
+		return getService().getTokenInfo(token, serviceContext);
+	}
+
+	/**
+	* Returns the OSGi service identifier.
+	*
+	* @return the OSGi service identifier
+	*/
+	public static java.lang.String getOSGiServiceIdentifier() {
+		return getService().getOSGiServiceIdentifier();
 	}
 
 	public static TokenService getService() {

service-iam-token/service-iam-token-api/src/main/java/com/liferay/portal/security/sso/iam/service/TokenServiceWrapper.java

@@ -32,36 +32,78 @@ public TokenServiceWrapper(TokenService tokenService) {
 		_tokenService = tokenService;
 	}
 
+	/**
+	* Retrieves the token for the calling user.
+	*
+	* @param serviceContext The service context of the call
+	* @return The token info containing the token
+	* @throws PortalException If there are problem to collect the information
+	*/
 	@Override
-	public com.liferay.portal.security.sso.iam.model.TokenInfo getTokenInfo(
-		java.lang.String token,
+	public com.liferay.portal.security.sso.iam.model.TokenInfo getToken(
 		com.liferay.portal.kernel.service.ServiceContext serviceContext)
 		throws com.liferay.portal.kernel.exception.PortalException {
-		return _tokenService.getTokenInfo(token, serviceContext);
+		return _tokenService.getToken(serviceContext);
 	}
 
 	/**
-	* Returns the OSGi service identifier.
+	* Retrieves the token for the provided subject.
 	*
-	* @return the OSGi service identifier
+	* @param subject The global user identifier from IAM
+	* @param serviceContext The service context of the call
+	* @return The token info containing the token
+	* @throws PortalException If there are problem to collect the information
 	*/
 	@Override
-	public java.lang.String getOSGiServiceIdentifier() {
-		return _tokenService.getOSGiServiceIdentifier();
+	public com.liferay.portal.security.sso.iam.model.TokenInfo getToken(
+		java.lang.String subject,
+		com.liferay.portal.kernel.service.ServiceContext serviceContext)
+		throws com.liferay.portal.kernel.exception.PortalException {
+		return _tokenService.getToken(subject, serviceContext);
 	}
 
+	/**
+	* Retrieves the token for the user.
+	*
+	* @param userId The user identifier
+	* @param serviceContext The service context of the call
+	* @return The token info containing the token
+	* @throws PortalException If there are problem to collect the information
+	*/
 	@Override
-	public java.lang.String getToken(
+	public com.liferay.portal.security.sso.iam.model.TokenInfo getToken(
+		long userId,
 		com.liferay.portal.kernel.service.ServiceContext serviceContext)
 		throws com.liferay.portal.kernel.exception.PortalException {
-		return _tokenService.getToken(serviceContext);
+		return _tokenService.getToken(userId, serviceContext);
 	}
 
+	/**
+	* Retrieves the information associated with a token.
+	* If the token is not valid an error message is included in the token
+	* information and not other values are provided
+	*
+	* @param token The token to analyse
+	* @param serviceContext The service context of the call
+	* @return The token information
+	* @throws PortalException If there are problem to collect the information
+	*/
 	@Override
-	public java.lang.String getToken(long userId,
+	public com.liferay.portal.security.sso.iam.model.TokenInfo getTokenInfo(
+		java.lang.String token,
 		com.liferay.portal.kernel.service.ServiceContext serviceContext)
 		throws com.liferay.portal.kernel.exception.PortalException {
-		return _tokenService.getToken(userId, serviceContext);
+		return _tokenService.getTokenInfo(token, serviceContext);
+	}
+
+	/**
+	* Returns the OSGi service identifier.
+	*
+	* @return the OSGi service identifier
+	*/
+	@Override
+	public java.lang.String getOSGiServiceIdentifier() {
+		return _tokenService.getOSGiServiceIdentifier();
 	}
 
 	@Override

service-iam-token/service-iam-token-service/bnd.bnd

@@ -1,5 +1,5 @@
 Bundle-SymbolicName: com.liferay.portal.security.sso.iam.service
-Bundle-Version: 1.1.1
+Bundle-Version: 1.2.0
 Bundle-Name: IAM Tokens Manager Service
 Bundle-Description: Manages token released by IAM service and allows their use to portlet and other application
 Bundle-Copyright: Copyright 2016, INFN - INDIGO-DataCloud