feat: Support z/OSMF scheme in Spring Cloud Gateway

cloud-gateway-service/build.gradle

@@ -96,6 +96,7 @@ dependencies {
     testImplementation libs.rest.assured
     testImplementation libs.reactorTest
     testImplementation libs.mockito.inline
+    testImplementation libs.mockwebserver
 
 }
 

cloud-gateway-service/src/main/java/org/zowe/apiml/cloudgatewayservice/filters/AbstractAuthSchemeFactory.java

@@ -0,0 +1,156 @@
+/*
+ * This program and the accompanying materials are made available under the terms of the
+ * Eclipse Public License v2.0 which accompanies this distribution, and is available at
+ * https://www.eclipse.org/legal/epl-v20.html
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *
+ * Copyright Contributors to the Zowe Project.
+ */
+
+package org.zowe.apiml.cloudgatewayservice.filters;
+
+import lombok.Data;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.cloud.client.ServiceInstance;
+import org.springframework.cloud.gateway.filter.GatewayFilter;
+import org.springframework.cloud.gateway.filter.GatewayFilterChain;
+import org.springframework.cloud.gateway.filter.factory.AbstractGatewayFilterFactory;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.server.reactive.ServerHttpRequest;
+import org.springframework.web.reactive.function.client.WebClient;
+import org.springframework.web.server.ServerWebExchange;
+import org.zowe.apiml.cloudgatewayservice.service.InstanceInfoService;
+import org.zowe.apiml.constants.ApimlConstants;
+import org.zowe.apiml.message.core.MessageService;
+import reactor.core.publisher.Mono;
+
+import java.net.HttpCookie;
+import java.util.Collections;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Optional;
+import java.util.function.Function;
+import java.util.stream.Collectors;
+
+public abstract class AbstractAuthSchemeFactory<T, R, D> extends AbstractGatewayFilterFactory<T> {
+
+    private static final String HEADER_SERVICE_ID = "X-Service-Id";
+
+    private static final RobinRoundIterator<ServiceInstance> robinRound = new RobinRoundIterator<>();
+
+    protected final WebClient webClient;
+    protected final InstanceInfoService instanceInfoService;
+    protected final MessageService messageService;
+
+    protected AbstractAuthSchemeFactory(Class<T> configClazz, WebClient webClient, InstanceInfoService instanceInfoService, MessageService messageService) {
+        super(configClazz);
+        this.webClient = webClient;
+        this.instanceInfoService = instanceInfoService;
+        this.messageService = messageService;
+    }
+
+    protected abstract Class<R> getResponseClass();
+
+    private Mono<List<ServiceInstance>> getZaasInstances() {
+        return instanceInfoService.getServiceInstance("gateway");
+    }
+
+    private Mono<R> requestWithHa(
+        Iterator<ServiceInstance> serviceInstanceIterator,
+        AbstractConfig config,
+        Function<ServiceInstance, WebClient.RequestHeadersSpec<?>> requestCreator
+    ) {
+        return requestCreator.apply(serviceInstanceIterator.next())
+            .retrieve()
+            .onStatus(HttpStatus::isError, clientResponse -> Mono.empty())
+            .bodyToMono(getResponseClass())
+            .switchIfEmpty(serviceInstanceIterator.hasNext() ?
+                requestWithHa(serviceInstanceIterator, config, requestCreator) : Mono.empty()
+            );
+    }
+
+    protected Mono<Void> invoke(
+        List<ServiceInstance> serviceInstances,
+        AbstractConfig config,
+        Function<ServiceInstance, WebClient.RequestHeadersSpec<?>> requestCreator,
+        Function<? super R, ? extends Mono<Void>> responseProcessor
+    ) {
+        Iterator<ServiceInstance> i = robinRound.getIterator(serviceInstances);
+        if (!i.hasNext()) {
+            throw new IllegalArgumentException("No ZAAS is available");
+        }
+
+        return requestWithHa(i, config, requestCreator).flatMap(responseProcessor);
+    }
+
+    @SuppressWarnings("squid:S1452")
+    protected abstract WebClient.RequestHeadersSpec<?> createRequest(ServerWebExchange exchange, ServiceInstance instance, D data);
+    protected abstract Mono<Void> processResponse(ServerWebExchange exchange, GatewayFilterChain chain, R response);
+
+    protected WebClient.RequestHeadersSpec<?> setDefaults(AbstractConfig config, ServerWebExchange exchange, WebClient.RequestHeadersSpec<?> requestHeadersSpec) {
+        return requestHeadersSpec
+            .headers(headers -> headers.addAll(exchange.getRequest().getHeaders()))
+            .header(HEADER_SERVICE_ID, config.serviceId);
+    }
+
+    protected GatewayFilter createGatewayFilter(AbstractConfig config, D data) {
+        return (exchange, chain) -> getZaasInstances().flatMap(
+            instances -> invoke(
+                instances,
+                config,
+                instance -> setDefaults(config, exchange, createRequest(exchange, instance, data)),
+                response -> processResponse(exchange, chain, response)
+            )
+        );
+    }
+    protected ServerHttpRequest addRequestHeader(ServerWebExchange exchange, String key, String value) {
+        return exchange.getRequest().mutate()
+            .headers(headers -> headers.add(key, value))
+            .build();
+    }
+
+    protected ServerHttpRequest setRequestHeader(ServerWebExchange exchange, String headerName, String headerValue) {
+        return exchange.getRequest().mutate()
+            .header(headerName, headerValue)
+            .build();
+    }
+
+    protected ServerHttpRequest updateHeadersForError(ServerWebExchange exchange, String errorMessage) {
+        ServerHttpRequest request = addRequestHeader(exchange, ApimlConstants.AUTH_FAIL_HEADER, messageService.createMessage("org.zowe.apiml.security.ticket.generateFailed", errorMessage).mapToLogMessage());
+        exchange.getResponse().getHeaders().add(ApimlConstants.AUTH_FAIL_HEADER, messageService.createMessage("org.zowe.apiml.security.ticket.generateFailed", errorMessage).mapToLogMessage());
+        return request;
+    }
+
+    protected ServerHttpRequest setCookie(ServerWebExchange exchange, String cookieName, String value) {
+        return exchange.getRequest().mutate()
+            .headers(headers -> {
+                // read all other current cookies
+                List<HttpCookie> cookies = Optional.ofNullable(headers.get(HttpHeaders.COOKIE))
+                    .orElse(Collections.emptyList())
+                    .stream()
+                    .map(HttpCookie::parse)
+                    .flatMap(List::stream)
+                    .filter(c -> !StringUtils.equals(c.getName(), cookieName))
+                    .collect(Collectors.toList());
+
+                // add the new cookie
+                cookies.add(new HttpCookie(cookieName, value));
+
+                // remove old cookie header in the request
+                headers.remove(HttpHeaders.COOKIE);
+
+                // set new cookie header in the request
+                cookies.stream().forEach(c -> headers.add(HttpHeaders.COOKIE, c.toString()));
+            }).build();
+    }
+
+    @Data
+    protected abstract static class AbstractConfig {
+
+        private String serviceId;
+
+    }
+
+}

cloud-gateway-service/src/main/java/org/zowe/apiml/cloudgatewayservice/filters/PassticketFilterFactory.java

@@ -13,18 +13,17 @@
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.ObjectWriter;
+import lombok.Data;
+import lombok.EqualsAndHashCode;
 import org.apache.http.HttpHeaders;
 import org.springframework.cloud.client.ServiceInstance;
 import org.springframework.cloud.gateway.filter.GatewayFilter;
 import org.springframework.cloud.gateway.filter.GatewayFilterChain;
-import org.springframework.cloud.gateway.filter.factory.AbstractGatewayFilterFactory;
-import org.springframework.http.HttpStatus;
 import org.springframework.http.server.reactive.ServerHttpRequest;
 import org.springframework.stereotype.Service;
 import org.springframework.web.reactive.function.client.WebClient;
 import org.springframework.web.server.ServerWebExchange;
 import org.zowe.apiml.cloudgatewayservice.service.InstanceInfoService;
-import org.zowe.apiml.constants.ApimlConstants;
 import org.zowe.apiml.message.core.MessageService;
 import org.zowe.apiml.ticket.TicketRequest;
 import org.zowe.apiml.ticket.TicketResponse;
@@ -34,47 +33,44 @@
 import java.util.Base64;
 
 @Service
-public class PassticketFilterFactory extends AbstractGatewayFilterFactory<PassticketFilterFactory.Config> {
-    private final WebClient webClient;
-    private final InstanceInfoService instanceInfoService;
-    private final MessageService messageService;
-    private final String ticketUrl = "%s://%s:%s/%s/api/v1/auth/ticket";
-    private final ObjectWriter writer = new ObjectMapper().writer();
+public class PassticketFilterFactory extends AbstractAuthSchemeFactory<PassticketFilterFactory.Config, TicketResponse, String> {
+
+    private static final String TICKET_URL = "%s://%s:%s/%s/api/v1/auth/ticket";
+    private static final ObjectWriter WRITER = new ObjectMapper().writer();
 
     public PassticketFilterFactory(WebClient webClient, InstanceInfoService instanceInfoService, MessageService messageService) {
-        super(Config.class);
-        this.webClient = webClient;
-        this.instanceInfoService = instanceInfoService;
-        this.messageService = messageService;
+        super(Config.class, webClient, instanceInfoService, messageService);
+    }
+
+    @Override
+    protected Class<TicketResponse> getResponseClass() {
+        return TicketResponse.class;
+    }
+
+    @Override
+    protected WebClient.RequestHeadersSpec<?> createRequest(ServerWebExchange exchange, ServiceInstance instance, String requestBody) {
+        return webClient.post()
+            .uri(String.format(TICKET_URL, instance.getScheme(), instance.getHost(), instance.getPort(), instance.getServiceId().toLowerCase()))
+            .bodyValue(requestBody);
+    }
+
+    @Override
+    protected Mono<Void> processResponse(ServerWebExchange exchange, GatewayFilterChain chain, TicketResponse response) {
+        if (response.getTicket() == null) {
+            // TODO: consider throwing an exception, ZAAS is not configured properly
+            ServerHttpRequest request = updateHeadersForError(exchange, "Invalid or missing authentication.");
+            return chain.filter(exchange.mutate().request(request).build());
+        }
+        String encodedCredentials = Base64.getEncoder().encodeToString((response.getUserId() + ":" + response.getTicket()).getBytes(StandardCharsets.UTF_8));
+        final String headerValue = "Basic " + encodedCredentials;
+        ServerHttpRequest request = setRequestHeader(exchange, HttpHeaders.AUTHORIZATION, headerValue);
+        return chain.filter(exchange.mutate().request(request).build());
     }
 
     @Override
     public GatewayFilter apply(Config config) {
         try {
-            final String requestBody = writer.writeValueAsString(new TicketRequest(config.getApplicationName()));
-            return (ServerWebExchange exchange, GatewayFilterChain chain) ->
-                instanceInfoService.getServiceInstance("gateway").flatMap(instances -> {
-                    for (ServiceInstance instance : instances) {
-                        return webClient.post()
-                            .uri(String.format(ticketUrl, instance.getScheme(), instance.getHost(), instance.getPort(), instance.getServiceId().toLowerCase()))
-                            .headers(headers -> headers.addAll(exchange.getRequest().getHeaders()))
-                            .bodyValue(requestBody)
-                            .retrieve().onStatus(HttpStatus::is4xxClientError, (response) -> Mono.empty())
-                            .bodyToMono(TicketResponse.class)
-                            .flatMap(response -> {
-                                if (response.getTicket() == null) {
-                                    ServerHttpRequest request = updateHeadersForError(exchange, "Invalid or missing authentication.");
-                                    return chain.filter(exchange.mutate().request(request).build());
-                                }
-                                String encodedCredentials = Base64.getEncoder().encodeToString((response.getUserId() + ":" + response.getTicket()).getBytes(StandardCharsets.UTF_8));
-                                final String headerValue = "Basic " + encodedCredentials;
-                                ServerHttpRequest request = addRequestHeader(exchange, HttpHeaders.AUTHORIZATION, headerValue);
-                                return chain.filter(exchange.mutate().request(request).build());
-                            });
-                    }
-                    ServerHttpRequest request = updateHeadersForError(exchange, "All gateway service instances failed to respond.");
-                    return chain.filter(exchange.mutate().request(request).build());
-                });
+            return createGatewayFilter(config, WRITER.writeValueAsString(new TicketRequest(config.getApplicationName())));
         } catch (JsonProcessingException e) {
             return ((exchange, chain) -> {
                 ServerHttpRequest request = updateHeadersForError(exchange, e.getMessage());
@@ -83,31 +79,11 @@ public GatewayFilter apply(Config config) {
         }
     }
 
-    private ServerHttpRequest updateHeadersForError(ServerWebExchange exchange, String errorMessage) {
-        ServerHttpRequest request = addRequestHeader(exchange, ApimlConstants.AUTH_FAIL_HEADER, messageService.createMessage("org.zowe.apiml.security.ticket.generateFailed", errorMessage).mapToLogMessage());
-        exchange.getResponse().getHeaders().add(ApimlConstants.AUTH_FAIL_HEADER, messageService.createMessage("org.zowe.apiml.security.ticket.generateFailed", errorMessage).mapToLogMessage());
-        return request;
-    }
-
-    private ServerHttpRequest addRequestHeader(ServerWebExchange exchange, String key, String value) {
-        return exchange.getRequest().mutate()
-            .headers(headers -> {
-                    headers.add(key, value);
-                    headers.remove(org.springframework.http.HttpHeaders.COOKIE);
-                }
-            ).build();
-    }
+    @Data
+    @EqualsAndHashCode(callSuper = true)
+    public static class Config extends AbstractAuthSchemeFactory.AbstractConfig {
 
-
-    public static class Config {
         private String applicationName;
 
-        public String getApplicationName() {
-            return applicationName;
-        }
-
-        public void setApplicationName(String applicationName) {
-            this.applicationName = applicationName;
-        }
     }
 }

cloud-gateway-service/src/main/java/org/zowe/apiml/cloudgatewayservice/filters/RobinRoundIterator.java

@@ -0,0 +1,62 @@
+/*
+ * This program and the accompanying materials are made available under the terms of the
+ * Eclipse Public License v2.0 which accompanies this distribution, and is available at
+ * https://www.eclipse.org/legal/epl-v20.html
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *
+ * Copyright Contributors to the Zowe Project.
+ */
+
+package org.zowe.apiml.cloudgatewayservice.filters;
+
+import java.util.Collection;
+import java.util.Iterator;
+import java.util.NoSuchElementException;
+import java.util.concurrent.atomic.AtomicInteger;
+
+public class RobinRoundIterator<T> {
+
+    private final AtomicInteger lastIndex = new AtomicInteger(-1);
+
+    public Iterator<T> getIterator(Collection<T> input) {
+        int offset = lastIndex.updateAndGet(prev -> input.isEmpty() ? 0 : (prev + 1) % input.size());
+
+        return new RoundIterator(input, offset);
+    }
+
+    private class RoundIterator implements Iterator<T> {
+
+        private final Collection<T> collection;
+        private int remaining;
+
+        private Iterator<T> iteratorOriginal;
+
+        private RoundIterator(Collection<T> collection, int offset) {
+            this.collection = collection;
+            this.iteratorOriginal = collection.iterator();
+            this.remaining = collection.size();
+            for (int i = 0; i < offset; i++) {
+                this.iteratorOriginal.next();
+            }
+        }
+
+        @Override
+        public boolean hasNext() {
+            return remaining > 0;
+        }
+
+        @Override
+        public T next() {
+            if (remaining <= 0) throw new NoSuchElementException();
+
+            remaining--;
+            if (!iteratorOriginal.hasNext()) {
+                iteratorOriginal = collection.iterator();
+            }
+
+            return iteratorOriginal.next();
+        }
+    }
+
+}